Class: SecureHeaders::ExpectCertificateTransparency

Inherits:
Object
  • Object
show all
Defined in:
lib/secure_headers/headers/expect_certificate_transparency.rb

Constant Summary collapse

HEADER_NAME =
"expect-ct".freeze
INVALID_CONFIGURATION_ERROR =
"config must be a hash.".freeze
INVALID_ENFORCE_VALUE_ERROR =
"enforce must be a boolean".freeze
REQUIRED_MAX_AGE_ERROR =
"max-age is a required directive.".freeze
INVALID_MAX_AGE_ERROR =
"max-age must be a number.".freeze

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(config) ⇒ ExpectCertificateTransparency

Returns a new instance of ExpectCertificateTransparency.



40
41
42
43
44
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 40

def initialize(config)
  @enforced   = config.fetch(:enforce, nil)
  @max_age    = config.fetch(:max_age, nil)
  @report_uri = config.fetch(:report_uri, nil)
end

Class Method Details

.make_header(config, use_agent = nil) ⇒ Object

Public: Generate a expect-ct header.

Returns nil if not configured, returns header name and value if configured.



17
18
19
20
21
22
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 17

def make_header(config, use_agent = nil)
  return if config.nil? || config == OPT_OUT

  header = new(config)
  [HEADER_NAME, header.value]
end

.validate_config!(config) ⇒ Object



24
25
26
27
28
29
30
31
32
33
34
35
36
37
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 24

def validate_config!(config)
  return if config.nil? || config == OPT_OUT
  raise ExpectCertificateTransparencyConfigError.new(INVALID_CONFIGURATION_ERROR) unless config.is_a? Hash

  unless [true, false, nil].include?(config[:enforce])
    raise ExpectCertificateTransparencyConfigError.new(INVALID_ENFORCE_VALUE_ERROR)
  end

  if !config[:max_age]
    raise ExpectCertificateTransparencyConfigError.new(REQUIRED_MAX_AGE_ERROR)
  elsif config[:max_age].to_s !~ /\A\d+\z/
    raise ExpectCertificateTransparencyConfigError.new(INVALID_MAX_AGE_ERROR)
  end
end

Instance Method Details

#enforced_directiveObject



54
55
56
57
58
59
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 54

def enforced_directive
  # Unfortunately `if @enforced` isn't enough here in case someone
  # passes in a random string so let's be specific with it to prevent
  # accidental enforcement.
  "enforce" if @enforced == true
end

#max_age_directiveObject



61
62
63
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 61

def max_age_directive
  "max-age=#{@max_age}" if @max_age
end

#report_uri_directiveObject



65
66
67
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 65

def report_uri_directive
  "report-uri=\"#{@report_uri}\"" if @report_uri
end

#valueObject



46
47
48
49
50
51
52
# File 'lib/secure_headers/headers/expect_certificate_transparency.rb', line 46

def value
  [
    enforced_directive,
    max_age_directive,
    report_uri_directive
  ].compact.join(", ").strip
end