Module: Manticore::Client::TrustStrategies

Defined in:

lib/manticore/client/trust_strategies.rb

Overview

TrustStrategies is a utility module that provides helpers for working with org.apache.http.conn.ssl.TrustStrategy

Class Method Summary

• .coerce(coercible) ⇒ Object

  Coerces to org.apache.http.conn.ssl.TrustStrategy, allowing nil pass-through.

• .combine(lhs, rhs) ⇒ nil, org.apache.http.conn.ssl.TrustStrategy

  Combines two possibly-nil TrustStrategies-coercible objects into a single org.apache.http.conn.ssl.TrustStrategy, or to nil if both are nil.

Class Method Details

.coerce(coercible) ⇒ nil, TrustStrategy .coerce(coercible) ⇒ Object

Coerces to org.apache.http.conn.ssl.TrustStrategy, allowing nil pass-through

Overloads:

• .coerce(coercible) ⇒ nil, TrustStrategy

  Parameters:

  • coercible (nil|TrustStrategy)

  Returns:

  • (nil, TrustStrategy)
• .coerce(coercible) ⇒ Object

  @example: CA Trusted Fingerprint

  ca_trusted_fingerprint = lambda do |cert_chain, type|
    cert_chain.lazy
              .map(&:to_der)
              .map(&::Digest::SHA256.method(:hexdigest))
              .include?("324a87eebb19265ffb675dc345eb0f3b5d9de3f015159227a00fe552291d4cc4")
  end
  TrustStrategies.coerce(ca_trusted_fingerprint)
  

  Parameters:

  • coercible (Proc<(Array<OpenSSL::X509::Certificate>,String)>:Boolean) —

    A proc that accepts two arguments and returns a boolean value, and is effectively a Ruby-native implementation of ‘org.apache.http.conn.ssl.TrustStrategy#isTrusted`.

    @param cert_chain [Enumerable<OpenSSL::X509::Certificate>]: the peer's certificate chain
    @param auth_type [String]: the authentication type based on the client certificate
    @raise [OpenSSL::X509::CertificateError]: thrown if the certificate is not trusted or invalid
    @return [Boolean]: true if the certificate can be trusted without verification by the trust manager,
                       false otherwise.
    

# File 'lib/manticore/client/trust_strategies.rb', line 29

def self.coerce(coercible)
  case coercible
  when org.apache.http.conn.ssl.TrustStrategy, nil then coercible
  when ::Proc                                      then CustomTrustStrategy.new(coercible)
  else fail(ArgumentError, "No implicit conversion of #{coercible} to #{self}")
  end
end

.combine(lhs, rhs) ⇒ nil, org.apache.http.conn.ssl.TrustStrategy

Combines two possibly-nil TrustStrategies-coercible objects into a single org.apache.http.conn.ssl.TrustStrategy, or to nil if both are nil.

Parameters:

• lhs (nil|TrustStrategie#coerce)
• rhs (nil|TrustStrategies#coerce)

Returns:

• (nil, org.apache.http.conn.ssl.TrustStrategy)

# File 'lib/manticore/client/trust_strategies.rb', line 43

def self.combine(lhs, rhs)
  return coerce(rhs) if lhs.nil?
  return coerce(lhs) if rhs.nil?

  CombinedTrustStrategy.new(coerce(lhs), coerce(rhs))
end