From f8938f4dedac94bc5f1cb88235ef145f5c4e2df6 Mon Sep 17 00:00:00 2001 From: Daniel Colson Date: Sat, 19 Oct 2019 23:37:57 -0400 Subject: [PATCH] Extract class for building SSL context This commit extracts the `MiniSSL::Context` creation into its own `MiniSSL::ContextBuilder` class along the same lines as in [#1989]. This will allow us to reuse this code for adding SSL support to the control app (issue [#2015]). Since we will need the `MiniSSL` require and check in both places, I moved that into the `ContextBuilder` class as well. [#1989]: https://github.com/puma/puma/pull/1989 [#2015]: https://github.com/puma/puma/pull/2015 --- lib/puma/binder.rb | 60 +---------------------- lib/puma/minissl/context_builder.rb | 76 +++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+), 58 deletions(-) create mode 100644 lib/puma/minissl/context_builder.rb diff --git a/lib/puma/binder.rb b/lib/puma/binder.rb index e1156d6dec..28fcb5e47a 100644 --- a/lib/puma/binder.rb +++ b/lib/puma/binder.rb @@ -5,6 +5,7 @@ require 'puma/const' require 'puma/util' +require 'puma/minissl/context_builder' module Puma class Binder @@ -154,64 +155,7 @@ def parse(binds, logger) @listeners << [str, io] when "ssl" params = Util.parse_query uri.query - require 'puma/minissl' - - MiniSSL.check - - ctx = MiniSSL::Context.new - - if defined?(JRUBY_VERSION) - unless params['keystore'] - @events.error "Please specify the Java keystore via 'keystore='" - end - - ctx.keystore = params['keystore'] - - unless params['keystore-pass'] - @events.error "Please specify the Java keystore password via 'keystore-pass='" - end - - ctx.keystore_pass = params['keystore-pass'] - ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list'] - else - unless params['key'] - @events.error "Please specify the SSL key via 'key='" - end - - ctx.key = params['key'] - - unless params['cert'] - @events.error "Please specify the SSL cert via 'cert='" - end - - ctx.cert = params['cert'] - - if ['peer', 'force_peer'].include?(params['verify_mode']) - unless params['ca'] - @events.error "Please specify the SSL ca via 'ca='" - end - end - - ctx.ca = params['ca'] if params['ca'] - ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter'] - end - - ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true' - ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true' - - if params['verify_mode'] - ctx.verify_mode = case params['verify_mode'] - when "peer" - MiniSSL::VERIFY_PEER - when "force_peer" - MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT - when "none" - MiniSSL::VERIFY_NONE - else - @events.error "Please specify a valid verify_mode=" - MiniSSL::VERIFY_NONE - end - end + ctx = MiniSSL::ContextBuilder.new(params, @events).context if fd = @inherited_fds.delete(str) logger.log "* Inherited #{str}" diff --git a/lib/puma/minissl/context_builder.rb b/lib/puma/minissl/context_builder.rb new file mode 100644 index 0000000000..667b3ae5c4 --- /dev/null +++ b/lib/puma/minissl/context_builder.rb @@ -0,0 +1,76 @@ +module Puma + module MiniSSL + class ContextBuilder + def initialize(params, events) + require 'puma/minissl' + MiniSSL.check + + @params = params + @events = events + end + + def context + ctx = MiniSSL::Context.new + + if defined?(JRUBY_VERSION) + unless params['keystore'] + events.error "Please specify the Java keystore via 'keystore='" + end + + ctx.keystore = params['keystore'] + + unless params['keystore-pass'] + events.error "Please specify the Java keystore password via 'keystore-pass='" + end + + ctx.keystore_pass = params['keystore-pass'] + ctx.ssl_cipher_list = params['ssl_cipher_list'] if params['ssl_cipher_list'] + else + unless params['key'] + events.error "Please specify the SSL key via 'key='" + end + + ctx.key = params['key'] + + unless params['cert'] + events.error "Please specify the SSL cert via 'cert='" + end + + ctx.cert = params['cert'] + + if ['peer', 'force_peer'].include?(params['verify_mode']) + unless params['ca'] + events.error "Please specify the SSL ca via 'ca='" + end + end + + ctx.ca = params['ca'] if params['ca'] + ctx.ssl_cipher_filter = params['ssl_cipher_filter'] if params['ssl_cipher_filter'] + end + + ctx.no_tlsv1 = true if params['no_tlsv1'] == 'true' + ctx.no_tlsv1_1 = true if params['no_tlsv1_1'] == 'true' + + if params['verify_mode'] + ctx.verify_mode = case params['verify_mode'] + when "peer" + MiniSSL::VERIFY_PEER + when "force_peer" + MiniSSL::VERIFY_PEER | MiniSSL::VERIFY_FAIL_IF_NO_PEER_CERT + when "none" + MiniSSL::VERIFY_NONE + else + events.error "Please specify a valid verify_mode=" + MiniSSL::VERIFY_NONE + end + end + + ctx + end + + private + + attr_reader :params, :events + end + end +end