Class: Gem::PqTlsPolicy::Config

Inherits:

Object

Object
Gem::PqTlsPolicy::Config

show all

Defined in:: lib/rubygems_pq_tls_policy/config.rb

Constant Summary collapse

POLICY_ENV =

"RUBYGEMS_GEM_SERVER_TLS_KEY_EXCHANGE_POLICY"

TRACE_ENV =

"RUBYGEMS_GEM_SERVER_TLS_KEY_EXCHANGE_TRACE"

ALLOWED_GROUPS_ENV =

"RUBYGEMS_GEM_SERVER_TLS_ALLOWED_GROUPS"

CERT_SIGNATURE_POLICY_ENV =

"RUBYGEMS_GEM_SERVER_TLS_CERT_SIGNATURE_POLICY"

CERT_SIGNATURE_SCOPE_ENV =

"RUBYGEMS_GEM_SERVER_TLS_CERT_SIGNATURE_SCOPE"

CERT_SIGNATURE_TRACE_ENV =

"RUBYGEMS_GEM_SERVER_TLS_CERT_SIGNATURE_TRACE"

ALLOWED_CERT_SIGNATURE_ALGORITHMS_ENV =

"RUBYGEMS_GEM_SERVER_TLS_ALLOWED_CERT_SIGNATURE_ALGORITHMS"

VALID_POLICIES =

[nil, "", "default", "off", "disabled", "pq_required"].freeze

VALID_CERT_SIGNATURE_POLICIES =

[nil, "", "default", "off", "disabled", "pq_observe", "pq_required"].freeze

VALID_CERT_SIGNATURE_SCOPES =

["leaf", "chain_any", "chain_all"].freeze

DEFAULT_ALLOWED_GROUPS =

["X25519MLKEM768"].freeze

DEFAULT_ALLOWED_CERT_SIGNATURE_ALGORITHMS =

["ML-DSA-44", "ML-DSA-65", "ML-DSA-87"].freeze

Instance Attribute Summary collapse

#allowed_cert_signature_algorithms ⇒ Object readonly

Returns the value of attribute allowed_cert_signature_algorithms.
#allowed_groups ⇒ Object readonly

Returns the value of attribute allowed_groups.
#cert_signature_policy ⇒ Object readonly

Returns the value of attribute cert_signature_policy.
#cert_signature_scope ⇒ Object readonly

Returns the value of attribute cert_signature_scope.
#cert_signature_trace ⇒ Object readonly

Returns the value of attribute cert_signature_trace.
#policy ⇒ Object readonly

Returns the value of attribute policy.
#trace ⇒ Object readonly

Returns the value of attribute trace.

Instance Method Summary collapse

#cert_signature_enabled? ⇒ Boolean
#cert_signature_pq_observe? ⇒ Boolean
#cert_signature_pq_required? ⇒ Boolean
#cert_signature_trace? ⇒ Boolean
#enabled? ⇒ Boolean
#initialize(env = ENV) ⇒ Config constructor

A new instance of Config.
#key_exchange_enabled? ⇒ Boolean
#pq_required? ⇒ Boolean
#trace? ⇒ Boolean
#validate! ⇒ Object

Constructor Details

#initialize(env = ENV) ⇒ `Config`

Returns a new instance of Config.

# File 'lib/rubygems_pq_tls_policy/config.rb', line 23

def initialize(env = ENV)
  @policy = env[POLICY_ENV]
  @trace = truthy?(env[TRACE_ENV])
  @allowed_groups = parse_groups(env[ALLOWED_GROUPS_ENV])
  @cert_signature_policy = env[CERT_SIGNATURE_POLICY_ENV]
  @cert_signature_scope = parse_cert_signature_scope(env[CERT_SIGNATURE_SCOPE_ENV])
  @cert_signature_trace = truthy?(env[CERT_SIGNATURE_TRACE_ENV])
  @allowed_cert_signature_algorithms =
    parse_cert_signature_algorithms(env[ALLOWED_CERT_SIGNATURE_ALGORITHMS_ENV])
end

Instance Attribute Details

#allowed_cert_signature_algorithms ⇒ `Object` (readonly)

Returns the value of attribute allowed_cert_signature_algorithms.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def allowed_cert_signature_algorithms
  @allowed_cert_signature_algorithms
end

#allowed_groups ⇒ `Object` (readonly)

Returns the value of attribute allowed_groups.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def allowed_groups
  @allowed_groups
end

#cert_signature_policy ⇒ `Object` (readonly)

Returns the value of attribute cert_signature_policy.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def cert_signature_policy
  @cert_signature_policy
end

#cert_signature_scope ⇒ `Object` (readonly)

Returns the value of attribute cert_signature_scope.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def cert_signature_scope
  @cert_signature_scope
end

#cert_signature_trace ⇒ `Object` (readonly)

Returns the value of attribute cert_signature_trace.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def cert_signature_trace
  @cert_signature_trace
end

#policy ⇒ `Object` (readonly)

Returns the value of attribute policy.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def policy
  @policy
end

#trace ⇒ `Object` (readonly)

Returns the value of attribute trace.



20
21
22

# File 'lib/rubygems_pq_tls_policy/config.rb', line 20

def trace
  @trace
end

Instance Method Details

#cert_signature_enabled? ⇒ `Boolean`

Returns:

(Boolean)



42
43
44

# File 'lib/rubygems_pq_tls_policy/config.rb', line 42

def cert_signature_enabled?
  !disabled_value?(cert_signature_policy)
end

#cert_signature_pq_observe? ⇒ `Boolean`

Returns:

(Boolean)



50
51
52

# File 'lib/rubygems_pq_tls_policy/config.rb', line 50

def cert_signature_pq_observe?
  cert_signature_policy == "pq_observe"
end

#cert_signature_pq_required? ⇒ `Boolean`

Returns:

(Boolean)



54
55
56

# File 'lib/rubygems_pq_tls_policy/config.rb', line 54

def cert_signature_pq_required?
  cert_signature_policy == "pq_required"
end

#cert_signature_trace? ⇒ `Boolean`

Returns:

(Boolean)



62
63
64

# File 'lib/rubygems_pq_tls_policy/config.rb', line 62

def cert_signature_trace?
  cert_signature_trace || cert_signature_pq_observe?
end

#enabled? ⇒ `Boolean`

Returns:

(Boolean)



34
35
36

# File 'lib/rubygems_pq_tls_policy/config.rb', line 34

def enabled?
  key_exchange_enabled? || cert_signature_enabled?
end

#key_exchange_enabled? ⇒ `Boolean`

Returns:

(Boolean)



38
39
40

# File 'lib/rubygems_pq_tls_policy/config.rb', line 38

def key_exchange_enabled?
  !disabled_value?(policy)
end

#pq_required? ⇒ `Boolean`

Returns:

(Boolean)



46
47
48

# File 'lib/rubygems_pq_tls_policy/config.rb', line 46

def pq_required?
  policy == "pq_required"
end

#trace? ⇒ `Boolean`

Returns:

(Boolean)



58
59
60

# File 'lib/rubygems_pq_tls_policy/config.rb', line 58

def trace?
  trace
end

#validate! ⇒ `Object`

Raises:

(InvalidConfiguration)

# File 'lib/rubygems_pq_tls_policy/config.rb', line 66

def validate!
  unless VALID_POLICIES.include?(policy)
    raise InvalidConfiguration,
      "Unsupported #{POLICY_ENV}=#{policy.inspect}. " \
      "Supported values are: default, off, disabled, pq_required."
  end

  unless VALID_CERT_SIGNATURE_POLICIES.include?(cert_signature_policy)
    raise InvalidConfiguration,
      "Unsupported #{CERT_SIGNATURE_POLICY_ENV}=#{cert_signature_policy.inspect}. " \
      "Supported values are: default, off, disabled, pq_observe, pq_required."
  end

  return true if VALID_CERT_SIGNATURE_SCOPES.include?(cert_signature_scope)

  raise InvalidConfiguration,
    "Unsupported #{CERT_SIGNATURE_SCOPE_ENV}=#{cert_signature_scope.inspect}. " \
    "Supported values are: leaf, chain_any, chain_all."
end

Class: Gem::PqTlsPolicy::Config

Constant Summary collapse

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(env = ENV) ⇒ Config

Instance Attribute Details

#allowed_cert_signature_algorithms ⇒ Object (readonly)

#allowed_groups ⇒ Object (readonly)

#cert_signature_policy ⇒ Object (readonly)

#cert_signature_scope ⇒ Object (readonly)

#cert_signature_trace ⇒ Object (readonly)

#policy ⇒ Object (readonly)

#trace ⇒ Object (readonly)

Instance Method Details

#cert_signature_enabled? ⇒ Boolean

#cert_signature_pq_observe? ⇒ Boolean

#cert_signature_pq_required? ⇒ Boolean

#cert_signature_trace? ⇒ Boolean

#enabled? ⇒ Boolean

#key_exchange_enabled? ⇒ Boolean

#pq_required? ⇒ Boolean

#trace? ⇒ Boolean

#validate! ⇒ Object

#initialize(env = ENV) ⇒ `Config`

#allowed_cert_signature_algorithms ⇒ `Object` (readonly)

#allowed_groups ⇒ `Object` (readonly)

#cert_signature_policy ⇒ `Object` (readonly)

#cert_signature_scope ⇒ `Object` (readonly)

#cert_signature_trace ⇒ `Object` (readonly)

#policy ⇒ `Object` (readonly)

#trace ⇒ `Object` (readonly)

#cert_signature_enabled? ⇒ `Boolean`

#cert_signature_pq_observe? ⇒ `Boolean`

#cert_signature_pq_required? ⇒ `Boolean`

#cert_signature_trace? ⇒ `Boolean`

#enabled? ⇒ `Boolean`

#key_exchange_enabled? ⇒ `Boolean`

#pq_required? ⇒ `Boolean`

#trace? ⇒ `Boolean`

#validate! ⇒ `Object`