Class: WinRM::HTTP::HttpTransport

Inherits:
Object
  • Object
show all
Defined in:
lib/winrm/http/transport.rb

Overview

A generic HTTP transport that utilized HTTPClient to send messages back and forth. This backend will maintain state for every WinRMWebService instance that is instantiated so it is possible to use GSSAPI with Keep-Alive.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(endpoint, options) ⇒ HttpTransport

Returns a new instance of HttpTransport.



26
27
28
29
30
31
32
# File 'lib/winrm/http/transport.rb', line 26

def initialize(endpoint, options)
  @endpoint = endpoint.is_a?(String) ? URI.parse(endpoint) : endpoint
  @httpcli = HTTPClient.new
  @logger = Logging.logger[self]
  @httpcli.receive_timeout = options[:receive_timeout]
  @httpcli.default_header = { 'User-Agent': options[:user_agent] }
end

Instance Attribute Details

#endpointObject (readonly)

Returns the value of attribute endpoint.



24
25
26
# File 'lib/winrm/http/transport.rb', line 24

def endpoint
  @endpoint
end

Instance Method Details

#basic_auth_only!Object

We’ll need this to force basic authentication if desired



57
58
59
60
# File 'lib/winrm/http/transport.rb', line 57

def basic_auth_only!
  auths = @httpcli.www_auth.instance_variable_get('@authenticator')
  auths.delete_if { |i| i.scheme !~ /basic/i }
end

#no_ssl_peer_verification!Object

Disable SSL Peer Verification



69
70
71
# File 'lib/winrm/http/transport.rb', line 69

def no_ssl_peer_verification!
  @httpcli.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE
end

#no_sspi_auth!Object

Disable SSPI Auth



63
64
65
66
# File 'lib/winrm/http/transport.rb', line 63

def no_sspi_auth!
  auths = @httpcli.www_auth.instance_variable_get('@authenticator')
  auths.delete_if { |i| i.is_a? HTTPClient::SSPINegotiateAuth }
end

#send_request(message) ⇒ Object

Sends the SOAP payload to the WinRM service and returns the service’s SOAP response. If an error occurrs an appropriate error is raised.

Parameters:

  • The (String)

    XML SOAP message



39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/winrm/http/transport.rb', line 39

def send_request(message)
  ssl_peer_fingerprint_verification!
  log_soap_message(message)
  hdr = { 'Content-Type' => 'application/soap+xml;charset=UTF-8',
          'Content-Length' => message.bytesize }
  # We need to add this header if using Client Certificate authentication
  unless @httpcli.ssl_config.client_cert.nil?
    hdr['Authorization'] = 'http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual'
  end

  resp = @httpcli.post(@endpoint, message, hdr)
  log_soap_message(resp.http_body.content)
  verify_ssl_fingerprint(resp.peer_cert)
  handler = WinRM::ResponseHandler.new(resp.http_body.content, resp.status)
  handler.parse_to_xml
end

#ssl_peer_fingerprint_verification!Object

SSL Peer Fingerprint Verification prior to connecting



74
75
76
77
78
79
80
81
82
83
84
# File 'lib/winrm/http/transport.rb', line 74

def ssl_peer_fingerprint_verification!
  return unless @ssl_peer_fingerprint && !@ssl_peer_fingerprint_verified

  with_untrusted_ssl_connection do |connection|
    connection_cert = connection.peer_cert
    verify_ssl_fingerprint(connection_cert)
  end
  @logger.info("initial ssl fingerprint #{@ssl_peer_fingerprint} verified\n")
  @ssl_peer_fingerprint_verified = true
  no_ssl_peer_verification!
end

#verify_ssl_fingerprint(cert) ⇒ Object

compare @ssl_peer_fingerprint to current ssl context



101
102
103
104
105
106
107
108
# File 'lib/winrm/http/transport.rb', line 101

def verify_ssl_fingerprint(cert)
  return unless @ssl_peer_fingerprint

  conn_fingerprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s
  return unless @ssl_peer_fingerprint.casecmp(conn_fingerprint) != 0

  raise "ssl fingerprint mismatch!!!!\n"
end

#with_untrusted_ssl_connectionObject

Connect without verification to retrieve untrusted ssl context



87
88
89
90
91
92
93
94
95
96
97
98
# File 'lib/winrm/http/transport.rb', line 87

def with_untrusted_ssl_connection
  noverify_peer_context = OpenSSL::SSL::SSLContext.new
  noverify_peer_context.verify_mode = OpenSSL::SSL::VERIFY_NONE
  tcp_connection = TCPSocket.new(@endpoint.host, @endpoint.port)
  begin
    ssl_connection = OpenSSL::SSL::SSLSocket.new(tcp_connection, noverify_peer_context)
    ssl_connection.connect
    yield ssl_connection
  ensure
    tcp_connection.close
  end
end