Class: WinRM::HTTP::HttpTransport
- Inherits:
-
Object
- Object
- WinRM::HTTP::HttpTransport
- Defined in:
- lib/winrm/http/transport.rb
Overview
A generic HTTP transport that utilized HTTPClient to send messages back and forth. This backend will maintain state for every WinRMWebService instance that is instantiated so it is possible to use GSSAPI with Keep-Alive.
Direct Known Subclasses
BasicAuthSSL, ClientCertAuthSSL, HttpGSSAPI, HttpNegotiate, HttpPlaintext
Instance Attribute Summary collapse
-
#endpoint ⇒ Object
readonly
Returns the value of attribute endpoint.
Instance Method Summary collapse
-
#basic_auth_only! ⇒ Object
We’ll need this to force basic authentication if desired.
-
#initialize(endpoint, options) ⇒ HttpTransport
constructor
A new instance of HttpTransport.
-
#no_ssl_peer_verification! ⇒ Object
Disable SSL Peer Verification.
-
#no_sspi_auth! ⇒ Object
Disable SSPI Auth.
-
#send_request(message) ⇒ Object
Sends the SOAP payload to the WinRM service and returns the service’s SOAP response.
-
#ssl_peer_fingerprint_verification! ⇒ Object
SSL Peer Fingerprint Verification prior to connecting.
-
#verify_ssl_fingerprint(cert) ⇒ Object
compare @ssl_peer_fingerprint to current ssl context.
-
#with_untrusted_ssl_connection ⇒ Object
Connect without verification to retrieve untrusted ssl context.
Constructor Details
#initialize(endpoint, options) ⇒ HttpTransport
Returns a new instance of HttpTransport.
26 27 28 29 30 31 32 |
# File 'lib/winrm/http/transport.rb', line 26 def initialize(endpoint, ) @endpoint = endpoint.is_a?(String) ? URI.parse(endpoint) : endpoint @httpcli = HTTPClient.new @logger = Logging.logger[self] @httpcli.receive_timeout = [:receive_timeout] @httpcli.default_header = { 'User-Agent': [:user_agent] } end |
Instance Attribute Details
#endpoint ⇒ Object (readonly)
Returns the value of attribute endpoint.
24 25 26 |
# File 'lib/winrm/http/transport.rb', line 24 def endpoint @endpoint end |
Instance Method Details
#basic_auth_only! ⇒ Object
We’ll need this to force basic authentication if desired
57 58 59 60 |
# File 'lib/winrm/http/transport.rb', line 57 def basic_auth_only! auths = @httpcli.www_auth.instance_variable_get('@authenticator') auths.delete_if { |i| i.scheme !~ /basic/i } end |
#no_ssl_peer_verification! ⇒ Object
Disable SSL Peer Verification
69 70 71 |
# File 'lib/winrm/http/transport.rb', line 69 def no_ssl_peer_verification! @httpcli.ssl_config.verify_mode = OpenSSL::SSL::VERIFY_NONE end |
#no_sspi_auth! ⇒ Object
Disable SSPI Auth
63 64 65 66 |
# File 'lib/winrm/http/transport.rb', line 63 def no_sspi_auth! auths = @httpcli.www_auth.instance_variable_get('@authenticator') auths.delete_if { |i| i.is_a? HTTPClient::SSPINegotiateAuth } end |
#send_request(message) ⇒ Object
Sends the SOAP payload to the WinRM service and returns the service’s SOAP response. If an error occurrs an appropriate error is raised.
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
# File 'lib/winrm/http/transport.rb', line 39 def send_request() ssl_peer_fingerprint_verification! () hdr = { 'Content-Type' => 'application/soap+xml;charset=UTF-8', 'Content-Length' => .bytesize } # We need to add this header if using Client Certificate authentication unless @httpcli.ssl_config.client_cert.nil? hdr['Authorization'] = 'http://schemas.dmtf.org/wbem/wsman/1/wsman/secprofile/https/mutual' end resp = @httpcli.post(@endpoint, , hdr) (resp.http_body.content) verify_ssl_fingerprint(resp.peer_cert) handler = WinRM::ResponseHandler.new(resp.http_body.content, resp.status) handler.parse_to_xml end |
#ssl_peer_fingerprint_verification! ⇒ Object
SSL Peer Fingerprint Verification prior to connecting
74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/winrm/http/transport.rb', line 74 def ssl_peer_fingerprint_verification! return unless @ssl_peer_fingerprint && !@ssl_peer_fingerprint_verified with_untrusted_ssl_connection do |connection| connection_cert = connection.peer_cert verify_ssl_fingerprint(connection_cert) end @logger.info("initial ssl fingerprint #{@ssl_peer_fingerprint} verified\n") @ssl_peer_fingerprint_verified = true no_ssl_peer_verification! end |
#verify_ssl_fingerprint(cert) ⇒ Object
compare @ssl_peer_fingerprint to current ssl context
101 102 103 104 105 106 107 108 |
# File 'lib/winrm/http/transport.rb', line 101 def verify_ssl_fingerprint(cert) return unless @ssl_peer_fingerprint conn_fingerprint = OpenSSL::Digest::SHA1.new(cert.to_der).to_s return unless @ssl_peer_fingerprint.casecmp(conn_fingerprint) != 0 raise "ssl fingerprint mismatch!!!!\n" end |
#with_untrusted_ssl_connection ⇒ Object
Connect without verification to retrieve untrusted ssl context
87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/winrm/http/transport.rb', line 87 def with_untrusted_ssl_connection noverify_peer_context = OpenSSL::SSL::SSLContext.new noverify_peer_context.verify_mode = OpenSSL::SSL::VERIFY_NONE tcp_connection = TCPSocket.new(@endpoint.host, @endpoint.port) begin ssl_connection = OpenSSL::SSL::SSLSocket.new(tcp_connection, noverify_peer_context) ssl_connection.connect yield ssl_connection ensure tcp_connection.close end end |