Class: Aspera::Cli::Http
- Inherits:
-
Object
- Object
- Aspera::Cli::Http
- Defined in:
- lib/aspera/cli/http.rb
Overview
Encapsulates all HTTP/S and TLS runtime configuration options. Extracted from Plugins::Config so it can be referenced independently via Context#http_config without coupling to the plugin machinery.
Instance Attribute Summary collapse
-
#http_options ⇒ Object
Returns the value of attribute http_options.
-
#ignore_cert_host_port ⇒ Object
Returns the value of attribute ignore_cert_host_port.
-
#insecure ⇒ Object
Returns the value of attribute insecure.
-
#warn_insecure ⇒ Object
Returns the value of attribute warn_insecure.
Instance Method Summary collapse
-
#declare_options(options) ⇒ Object
Declare all HTTP/S CLI options, with handlers pointing to self.
-
#http_proxy ⇒ Object
------------------------------------------------------------------ Proxy ------------------------------------------------------------------.
- #http_proxy=(value) ⇒ Object
-
#ignore_cert?(address, port) ⇒ Boolean
Should the certificate be ignored for this host/port? Also logs a warning the first time (if warn_insecure is set).
-
#initialize ⇒ Http
constructor
A new instance of Http.
-
#trusted_cert_locations ⇒ Object
Return cert file paths (computes OS defaults lazily if never set).
-
#trusted_cert_locations=(path_list) ⇒ Object
Add files, folders or the default OS locations to the cert store.
- #update_session(http_session) ⇒ Object
Constructor Details
#initialize ⇒ Http
Returns a new instance of Http.
22 23 24 25 26 27 28 29 30 |
# File 'lib/aspera/cli/http.rb', line 22 def initialize @insecure = false @warn_insecure = true @ignore_cert_host_port = [] @http_options = {} @ssl_warned_urls = [] @certificate_store = nil @certificate_paths = nil end |
Instance Attribute Details
#http_options ⇒ Object
Returns the value of attribute http_options.
32 33 34 |
# File 'lib/aspera/cli/http.rb', line 32 def @http_options end |
#ignore_cert_host_port ⇒ Object
Returns the value of attribute ignore_cert_host_port.
33 34 35 |
# File 'lib/aspera/cli/http.rb', line 33 def ignore_cert_host_port @ignore_cert_host_port end |
#insecure ⇒ Object
Returns the value of attribute insecure.
32 33 34 |
# File 'lib/aspera/cli/http.rb', line 32 def insecure @insecure end |
#warn_insecure ⇒ Object
Returns the value of attribute warn_insecure.
32 33 34 |
# File 'lib/aspera/cli/http.rb', line 32 def warn_insecure @warn_insecure end |
Instance Method Details
#declare_options(options) ⇒ Object
Declare all HTTP/S CLI options, with handlers pointing to self. Called once from Config#initialize after this object is instantiated.
38 39 40 41 42 43 44 45 |
# File 'lib/aspera/cli/http.rb', line 38 def () .declare(:insecure, 'HTTP/S: Do not validate any certificate', allowed: Allowed::TYPES_BOOLEAN, handler: {o: self, m: :insecure}, default: false) .declare(:ignore_certificate, 'HTTP/S: Do not validate certificate for these URLs', allowed: [Array, NilClass], handler: {o: self, m: :ignore_cert_host_port}) .declare(:warn_insecure, 'HTTP/S: Issue a warning if certificate is ignored', allowed: Allowed::TYPES_BOOLEAN, handler: {o: self, m: :warn_insecure}, default: true) .declare(:cert_stores, 'HTTP/S: List of folder with trusted certificates', allowed: Allowed::TYPES_STRING_ARRAY, handler: {o: self, m: :trusted_cert_locations}) .declare(:http_options, 'HTTP/S: Options for HTTP/S socket', allowed: Hash, handler: {o: self, m: :http_options}, default: {}) .declare(:http_proxy, 'HTTP/S: URL for proxy with optional credentials', handler: {o: self, m: :http_proxy}) end |
#http_proxy ⇒ Object
Proxy
51 52 53 |
# File 'lib/aspera/cli/http.rb', line 51 def http_proxy ENV['http_proxy'] end |
#http_proxy=(value) ⇒ Object
55 56 57 58 |
# File 'lib/aspera/cli/http.rb', line 55 def http_proxy=(value) URI.parse(value) ENV['http_proxy'] = value end |
#ignore_cert?(address, port) ⇒ Boolean
Should the certificate be ignored for this host/port? Also logs a warning the first time (if warn_insecure is set).
74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/aspera/cli/http.rb', line 74 def ignore_cert?(address, port) endpoint = [address, port].freeze ignore_cert = @insecure || @ignore_cert_host_port.any?(endpoint) if ignore_cert && @warn_insecure base_url = "https://#{address}:#{port}" unless @ssl_warned_urls.include?(base_url) Log.log.warn{"Ignoring certificate for: #{base_url}. Do not deactivate certificate verification in production."} @ssl_warned_urls.push(base_url) end end Log.log.debug{"ignore cert? #{endpoint} -> #{ignore_cert}"} ignore_cert end |
#trusted_cert_locations ⇒ Object
Return cert file paths (computes OS defaults lazily if never set).
132 133 134 135 136 137 138 139 140 141 |
# File 'lib/aspera/cli/http.rb', line 132 def trusted_cert_locations if @certificate_paths.nil? self.trusted_cert_locations = [SpecialValues::DEF] locations = @certificate_paths # Restore to "lazy" state so next call recomputes if store was reset @certificate_paths = @certificate_store = nil return locations end @certificate_paths end |
#trusted_cert_locations=(path_list) ⇒ Object
Add files, folders or the default OS locations to the cert store.
94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'lib/aspera/cli/http.rb', line 94 def trusted_cert_locations=(path_list) Aspera.assert_type(path_list, Array){'cert locations'} if @certificate_store.nil? Log.log.debug('Creating SSL Cert store') @certificate_store = OpenSSL::X509::Store.new @certificate_paths = [] end path_list.each do |path| Aspera.assert_type(path, String){'Expecting a String for certificate location'} paths_to_add = [path] Log.log.debug{"Adding cert location: #{path}"} if path.eql?(SpecialValues::DEF) @certificate_store.set_default_paths paths_to_add = [OpenSSL::X509::DEFAULT_CERT_DIR] paths_to_add.push(OpenSSL::X509::DEFAULT_CERT_FILE) unless defined?(JRUBY_VERSION) paths_to_add.select!{ |f| File.exist?(f)} elsif File.file?(path) @certificate_store.add_file(path) elsif File.directory?(path) @certificate_store.add_path(path) else raise "No such file or folder: #{path}" end paths_to_add.each do |p| pp = [File.realpath(p)] if File.directory?(p) pp = Dir.entries(p) .map{ |e| File.realpath(File.join(p, e))} .select{ |entry| File.file?(entry)} .select{ |entry| CERT_EXT.any?{ |ext| entry.end_with?(ext)}} end @certificate_paths.concat(pp) end end @certificate_paths.uniq! end |
#update_session(http_session) ⇒ Object
149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 |
# File 'lib/aspera/cli/http.rb', line 149 def update_session(http_session) http_session.set_debug_output(LineLogger.new(:trace2)) if Log.instance.logger.trace2? if http_session.use_ssl? && ignore_cert?(http_session.address, http_session.port) http_session.verify_mode = SELF_SIGNED_CERT end http_session.cert_store = @certificate_store if @certificate_store Log.log.debug{"Using cert store #{http_session.cert_store} (#{@certificate_store})"} unless http_session.cert_store.nil? @http_options.each do |k, v| method = "#{k}=".to_sym if http_session.respond_to?(method) http_session.send(method, v) else Log.log.error{"Unknown HTTP session attribute: #{k}"} end end end |