123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::Config

Relationships & Source Files
Super Chains via Extension / Inclusion / Inheritance
Instance Chain:
self, Enumerable
Inherits: Object
Defined in: ext/openssl/lib/openssl/config.rb,
ext/openssl/ossl_config.c

Overview

Configuration for the openssl library.

Many system's installation of openssl library will depend on your system configuration. See the value of DEFAULT_CONFIG_FILE for the location of the file for your host.

See also www.openssl.org/docs/apps/config.html

Constant Summary

Class Method Summary

Instance Method Summary

Constructor Details

.new(filename = nil) ⇒ Config

Creates an instance of OpenSSL's configuration class.

This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=

If the optional filename parameter is provided, then it is read in and parsed via #parse_config.

This can raise IO exceptions based on the access, or availability of the file. A ConfigError exception may be raised depending on the validity of the data being configured.

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 245

def initialize(filename = nil)
  @data = {}
  if filename
    File.open(filename.to_s) do |file|
      Config.parse_config(file).each do |section, hash|
        self[section] = hash
      end
    end
  end
end

Class Method Details

.clear_comments(line) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 176

def clear_comments(line)
  # FCOMMENT
  if m = line.match(/\A([\t\n\f ]*);.*\z/)
    return m[1]
  end
  # COMMENT
  scanned = []
  while m = line.match(/[#'"\\]/)
    scanned << m.pre_match
    c = m[0]
    line = m.post_match
    case c
    when '#'
      line = nil
      break
    when "'", '"'
      regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ
      scanned << c
      if m = line.match(regexp)
        scanned << m[0]
        line = m.post_match
      else
        scanned << line
        line = nil
        break
      end
    when "\\"
      scanned << c
      scanned << line.slice!(0, 1)
    else
      raise 'must not reaced'
    end
  end
  scanned << line
  scanned.join
end

.extract_reference(value) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 161

def extract_reference(value)
  rest = ''
  if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/)
    value = m[1] || m[2]
    rest = m.post_match
  elsif [?(, ?{].include?(value[0])
    raise ConfigError, "no close brace"
  end
  if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/)
    return m[0], m.post_match + rest
  else
    raise
  end
end

.get_definition(io) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 213

def get_definition(io)
  if line = get_line(io)
    while /[^\\]\\\z/ =~ line
      if extra = get_line(io)
        line += extra
      else
        break
      end
    end
    return line.strip
  end
end

.get_line(io) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 226

def get_line(io)
  if line = io.gets
    line.gsub(/[\r\n]*/, '')
  end
end

.load

load is an alias to .new

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 45

alias load new

.parse(string)

Parses a given string as a blob that contains configuration for openssl.

If the source of the IO is a file, then consider using #parse_config.

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 35

def parse(string)
  c = new()
  parse_config(StringIO.new(string)).each do |section, hash|
    c[section] = hash
  end
  c
end

.parse_config(io)

Parses the configuration data read from io, see also #parse.

Raises a ConfigError on invalid configuration data.

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 51

def parse_config(io)
  begin
    parse_config_lines(io)
  rescue ConfigError => e
    e.message.replace("error in line #{io.lineno}: " + e.message)
    raise
  end
end

.parse_config_lines(io) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 75

def parse_config_lines(io)
  section = 'default'
  data = {section => {}}
  while definition = get_definition(io)
    definition = clear_comments(definition)
    next if definition.empty?
    if definition[0] == ?[
      if /\[([^\]]*)\]/ =~ definition
        section = $1.strip
        data[section] ||= {}
      else
        raise ConfigError, "missing close square bracket"
      end
    else
      if /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ =~ definition
        if $2
          section = $1
          key = $2
        else
          key = $1
        end
        value = unescape_value(data, section, $3)
        (data[section] ||= {})[key] = value.strip
      else
        raise ConfigError, "missing equal sign"
      end
    end
  end
  data
end

.unescape_value(data, section, value) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 118

def unescape_value(data, section, value)
  scanned = []
  while m = value.match(/['"\\$]/)
    scanned << m.pre_match
    c = m[0]
    value = m.post_match
    case c
    when "'"
      if m = value.match(QUOTE_REGEXP_SQ)
        scanned << m[1].gsub(/\\(.)/, '\\1')
        value = m.post_match
      else
        break
      end
    when '"'
      if m = value.match(QUOTE_REGEXP_DQ)
        scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1')
        value = m.post_match
      else
        break
      end
    when "\\"
      c = value.slice!(0, 1)
      scanned << (ESCAPE_MAP[c] || c)
    when "$"
      ref, value = extract_reference(value)
      refsec = section
      if ref.index('::')
        refsec, ref = ref.split('::', 2)
      end
      if v = get_key_string(data, refsec, ref)
        scanned << v
      else
        raise ConfigError, "variable has no value"
      end
    else
      raise 'must not reaced'
    end
  end
  scanned << value
  scanned.join
end

Instance Method Details

#[](section)

Get a specific #section from the current configuration

Given the following configurating file being loaded:

config = OpenSSL::Config.load('foo.cnf')
  #=> #<OpenSSL::Config sections=["default"]>
puts config.to_s
  #=> [ default ]
  #   foo=bar

You can get a hash of the specific section like so:

config['default']
  #=> {"foo"=>"bar"}
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 339

def [](section)
  @data[section] || {}
end

#[]=(section, pairs)

Sets a specific #section name with a Hash pairs

Given the following configuration being created:

config = OpenSSL::Config.new
  #=> #<OpenSSL::Config sections=[]>
config['default'] = {"foo"=>"bar","baz"=>"buz"}
  #=> {"foo"=>"bar", "baz"=>"buz"}
puts config.to_s
  #=> [ default ]
  #   foo=bar
  #   baz=buz

It's important to note that this will essentially merge any of the keys in pairs with the existing #section. For example:

config['default']
  #=> {"foo"=>"bar", "baz"=>"buz"}
config['default'] = {"foo" => "changed"}
  #=> {"foo"=>"changed"}
config['default']
  #=> {"foo"=>"changed", "baz"=>"buz"}
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 376

def []=(section, pairs)
  check_modify
  @data[section] ||= {}
  pairs.each do |key, value|
    self.add_value(section, key, value)
  end
end

#add_value(section, key, value)

Set the target key with a given #value under a specific #section.

Given the following configurating file being loaded:

config = OpenSSL::Config.load('foo.cnf')
  #=> #<OpenSSL::Config sections=["default"]>
puts config.to_s
  #=> [ default ]
  #   foo=bar

You can set the value of foo under the default section to a new value:

config.add_value('default', 'foo', 'buzz')
  #=> "buzz"
puts config.to_s
  #=> [ default ]
  #   foo=buzz
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 318

def add_value(section, key, value)
  check_modify
  (@data[section] ||= {})[key] = value
end

#check_modify (private)

Raises:

  • (TypeError)
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 464

def check_modify
  raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen?
end

#each

For a block.

Receive the section and its pairs for the current configuration.

config.each do |section, key, value|
  # ...
end
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 437

def each
  @data.each do |section, hash|
    hash.each do |key, value|
      yield [section, key, value]
    end
  end
end

#get_key_string(section, key) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 468

def get_key_string(section, key)
  Config.get_key_string(@data, section, key)
end

#get_value(section, key)

Gets the value of key from the given #section

Given the following configurating file being loaded:

config = OpenSSL::Config.load('foo.cnf')
  #=> #<OpenSSL::Config sections=["default"]>
puts config.to_s
  #=> [ default ]
  #   foo=bar

You can get a specific value from the config if you know the #section and key like so:

config.get_value('default','foo')
  #=> "bar"
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 273

def get_value(section, key)
  if section.nil?
    raise TypeError.new('nil not allowed')
  end
  section = 'default' if section.empty?
  get_key_string(section, key)
end

#initialize_copy(other) (private)

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 460

def initialize_copy(other)
  @data = other.data.dup
end

#inspect

String representation of this configuration object, including the class name and its sections.

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 448

def inspect
  "#<#{self.class.name} sections=#{sections.inspect}>"
end

#sections

Get the names of all sections in the current configuration

[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 386

def sections
  @data.keys
end

#to_s

Get the parsable form of the current configuration

Given the following configuration being created:

config = OpenSSL::Config.new
  #=> #<OpenSSL::Config sections=[]>
config['default'] = {"foo"=>"bar","baz"=>"buz"}
  #=> {"foo"=>"bar", "baz"=>"buz"}
puts config.to_s
  #=> [ default ]
  #   foo=bar
  #   baz=buz

You can parse get the serialized configuration using #to_s and then parse it later:

serialized_config = config.to_s
# much later...
new_config = OpenSSL::Config.parse(serialized_config)
  #=> #<OpenSSL::Config sections=["default"]>
puts new_config
  #=> [ default ]
      foo=bar
      baz=buz
[ GitHub ]

  
# File 'ext/openssl/lib/openssl/config.rb', line 416

def to_s
  ary = []
  @data.keys.sort.each do |section|
    ary << "[ #{section} ]\n"
    @data[section].keys.each do |key|
      ary << "#{key}=#{@data[section][key]}\n"
    end
    ary << "\n"
  end
  ary.join
end