123456789_123456789_123456789_123456789_123456789_

Class: Puma::MiniSSL::Context

Relationships & Source Files
Inherits: Object
Defined in: lib/puma/minissl.rb

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.newContext

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 212

def initialize
  @no_tlsv1   = false
  @no_tlsv1_1 = false
  @key = nil
  @cert = nil
  @key_pem = nil
  @cert_pem = nil
  @reuse = nil
  @reuse_cache_size = nil
  @reuse_timeout = nil
end

Instance Attribute Details

#ca (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 288

attr_reader :ca

#ca=(ca) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 311

def ca=(ca)
  check_file ca, 'ca'
  @ca = ca
end

#cert (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 287

attr_reader :cert

#cert=(cert) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 306

def cert=(cert)
  check_file cert, 'Cert'
  @cert = cert
end

#cert_pem (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 289

attr_reader :cert_pem

#cert_pem=(cert_pem) (rw)

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 316

def cert_pem=(cert_pem)
  raise ArgumentError, "'cert_pem' is not a String" unless cert_pem.is_a? String
  @cert_pem = cert_pem
end

#cipher_suites (rw) Also known as: #ssl_cipher_list

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 237

attr_reader :cipher_suites

#cipher_suites=(list) (rw) Also known as: #ssl_cipher_list=

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 264

def cipher_suites=(list)
  list = list.split(',').map(&:strip) if list.is_a?(String)
  @cipher_suites = list
end

#key (rw)

non-jruby Context properties

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 285

attr_reader :key

#key=(key) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 297

def key=(key)
  check_file key, 'Key'
  @key = key
end

#key_password_command (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 286

attr_reader :key_password_command

#key_password_command=(key_password_command) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 302

def key_password_command=(key_password_command)
  @key_password_command = key_password_command
end

#key_pem (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 290

attr_reader :key_pem

#key_pem=(key_pem) (rw)

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 321

def key_pem=(key_pem)
  raise ArgumentError, "'key_pem' is not a String" unless key_pem.is_a? String
  @key_pem = key_pem
end

#keystore (rw)

jruby-specific Context properties: java uses a keystore and password pair rather than a cert/key pair

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 231

attr_reader :keystore

#keystore=(keystore) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 240

def keystore=(keystore)
  check_file keystore, 'Keystore'
  @keystore = keystore
end

#keystore_pass (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 233

attr_accessor :keystore_pass

#keystore_type (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 232

attr_reader :keystore_type

#keystore_type=(type) (rw)

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 254

def keystore_type=(type)
  raise ArgumentError, "Invalid keystore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type)
  @keystore_type = type
end

#no_tlsv1 (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 210

attr_reader :no_tlsv1, :no_tlsv1_1

#no_tlsv1=(tlsv1) (rw)

disables TLSv1

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 374

def no_tlsv1=(tlsv1)
  raise ArgumentError, "Invalid value of no_tlsv1=" unless ['true', 'false', true, false].include?(tlsv1)
  @no_tlsv1 = tlsv1
end

#no_tlsv1_1 (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 210

attr_reader :no_tlsv1, :no_tlsv1_1

#no_tlsv1_1=(tlsv1_1) (rw)

disables TLSv1 and TLSv1.1. Overrides #no_tlsv1=

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 381

def no_tlsv1_1=(tlsv1_1)
  raise ArgumentError, "Invalid value of no_tlsv1_1=" unless ['true', 'false', true, false].include?(tlsv1_1)
  @no_tlsv1_1 = tlsv1_1
end

#protocols (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 238

attr_reader :protocols

#protocols=(list) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 273

def protocols=(list)
  list = list.split(',').map(&:strip) if list.is_a?(String)
  @protocols = list
end

#reuse (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 295

attr_reader :reuse, :reuse_cache_size, :reuse_timeout

#reuse=(reuse_str) (rw)

Controls session reuse. Allowed values are as follows:

  • ‘off’ - matches the behavior of ::Puma 5.6 and earlier. This is included in case reuse ‘on’ is made the default in future Puma versions.

  • ‘dflt’ - sets session reuse on, with OpenSSL default cache size of 20k and default timeout of 300 seconds.

  • ‘s,t’ - where s and t are integer strings, for size and timeout.

  • ‘s’ - where s is an integer strings for size.

  • ‘,t’ - where t is an integer strings for timeout.

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 351

def reuse=(reuse_str)
  case reuse_str
  when 'off'
    @reuse = nil
  when 'dflt'
    @reuse = true
  when /\A\d+\z/
    @reuse = true
    @reuse_cache_size = reuse_str.to_i
  when /\A\d,\d\z/
    @reuse = true
    size, time = reuse_str.split ','
    @reuse_cache_size = size.to_i
    @reuse_timeout = time.to_i
  when /\A,\d+\z/
    @reuse = true
    @reuse_timeout = reuse_str.delete(',').to_i
  end
end

#reuse_cache_size (readonly)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 295

attr_reader :reuse, :reuse_cache_size, :reuse_timeout

#reuse_timeout (readonly)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 295

attr_reader :reuse, :reuse_cache_size, :reuse_timeout

#ssl_cipher_filter (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 291

attr_accessor :ssl_cipher_filter

#ssl_cipher_list (rw)

Alias for #cipher_suites.

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 270

alias_method :ssl_cipher_list, :cipher_suites

#ssl_ciphersuites (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 292

attr_accessor :ssl_ciphersuites

#truststore (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 234

attr_reader :truststore

#truststore=(truststore) (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 245

def truststore=(truststore)
  # NOTE: historically truststore was assumed the same as keystore, this is kept for backwards
  # compatibility, to rely on JVM's trust defaults we allow setting `truststore = :default`
  unless truststore.eql?(:default)
    raise ArgumentError, "No such truststore file '#{truststore}'" unless File.exist?(truststore)
  end
  @truststore = truststore
end

#truststore_pass (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 236

attr_accessor :truststore_pass

#truststore_type (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 235

attr_reader :truststore_type

#truststore_type=(type) (rw)

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 259

def truststore_type=(type)
  raise ArgumentError, "Invalid truststore type: #{type.inspect}" unless ['pkcs12', 'jks', nil].include?(type)
  @truststore_type = type
end

#verification_flags (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 293

attr_accessor :verification_flags

#verify_mode (rw)

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 209

attr_accessor :verify_mode

Instance Method Details

#check

See additional method definition at line 278.

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 326

def check
  raise "Keystore not configured" unless @keystore
  # @truststore defaults to @keystore due backwards compatibility
end

#check_file(file, desc)

Raises:

  • (ArgumentError)
[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 224

def check_file(file, desc)
  raise ArgumentError, "#{desc} file '#{file}' does not exist" unless File.exist? file
  raise ArgumentError, "#{desc} file '#{file}' is not readable" unless File.readable? file
end

#key_password

Executes the command to return the password needed to decrypt the key.

[ GitHub ]

  
# File 'lib/puma/minissl.rb', line 332

def key_password
  raise "Key password command not configured" if @key_password_command.nil?

  stdout_str, stderr_str, status = Open3.capture3(@key_password_command)

  return stdout_str.chomp if status.success?

  raise "Key password failed with code #{status.exitstatus}: #{stderr_str}"
end