forked from puma/puma
/
context_builder.rb
81 lines (65 loc) · 2.67 KB
/
context_builder.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
module Puma
module MiniSSL
class ContextBuilder
def initialize(params, log_writer)
@params = params
@log_writer = log_writer
end
def context
ctx = MiniSSL::Context.new
if defined?(JRUBY_VERSION)
unless params['keystore']
log_writer.error "Please specify the Java keystore via 'keystore='"
end
ctx.keystore = params['keystore']
unless params['keystore-pass']
log_writer.error "Please specify the Java keystore password via 'keystore-pass='"
end
ctx.keystore_pass = params['keystore-pass']
ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list']
else
if params['key'].nil? && params['key_pem'].nil?
log_writer.error "Please specify the SSL key via 'key=' or 'key_pem='"
end
ctx.key = params['key'] if params['key']
ctx.key_pem = params['key_pem'] if params['key_pem']
if params['cert'].nil? && params['cert_pem'].nil?
log_writer.error "Please specify the SSL cert via 'cert=' or 'cert_pem='"
end
ctx.cert = params['cert'] if params['cert']
ctx.cert_pem = params['cert_pem'] if params['cert_pem']
if ['peer', 'force_peer'].include?(params['verify_mode'])
unless params['ca']
log_writer.error "Please specify the SSL ca via 'ca='"
end
end
ctx.ca = params['ca'] if params['ca']
ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter']
end
ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true'
ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true'
if params['verify_mode']
ctx.verify_mode = case params['verify_mode']
when "peer"
MiniSSL::VERIFY_PEER
when "force_peer"
MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT
when "none"
MiniSSL::VERIFY_NONE
else
log_writer.error "Please specify a valid verify_mode="
MiniSSL::VERIFY_NONE
end
end
if params['verification_flags']
ctx.verification_flags = params['verification_flags'].split(',').
map { |flag| MiniSSL::VERIFICATION_FLAGS.fetch(flag) }.
inject { |sum, flag| sum ? sum | flag : flag }
end
ctx
end
private
attr_reader :params, :log_writer
end
end
end