зеркало из https://github.com/github/ruby.git
153 строки
3.1 KiB
Ruby
153 строки
3.1 KiB
Ruby
# frozen_string_literal: false
|
|
#
|
|
# https.rb -- SSL/TLS enhancement for HTTPServer
|
|
#
|
|
# Author: IPR -- Internet Programming with Ruby -- writers
|
|
# Copyright (c) 2001 GOTOU Yuuzou
|
|
# Copyright (c) 2002 Internet Programming with Ruby writers. All rights
|
|
# reserved.
|
|
#
|
|
# $IPR: https.rb,v 1.15 2003/07/22 19:20:42 gotoyuzo Exp $
|
|
|
|
require_relative 'ssl'
|
|
require_relative 'httpserver'
|
|
|
|
module WEBrick
|
|
module Config
|
|
HTTP.update(SSL)
|
|
end
|
|
|
|
##
|
|
#--
|
|
# Adds SSL functionality to WEBrick::HTTPRequest
|
|
|
|
class HTTPRequest
|
|
|
|
##
|
|
# HTTP request SSL cipher
|
|
|
|
attr_reader :cipher
|
|
|
|
##
|
|
# HTTP request server certificate
|
|
|
|
attr_reader :server_cert
|
|
|
|
##
|
|
# HTTP request client certificate
|
|
|
|
attr_reader :client_cert
|
|
|
|
# :stopdoc:
|
|
|
|
alias orig_parse parse
|
|
|
|
def parse(socket=nil)
|
|
if socket.respond_to?(:cert)
|
|
@server_cert = socket.cert || @config[:SSLCertificate]
|
|
@client_cert = socket.peer_cert
|
|
@client_cert_chain = socket.peer_cert_chain
|
|
@cipher = socket.cipher
|
|
end
|
|
orig_parse(socket)
|
|
end
|
|
|
|
alias orig_parse_uri parse_uri
|
|
|
|
def parse_uri(str, scheme="https")
|
|
if server_cert
|
|
return orig_parse_uri(str, scheme)
|
|
end
|
|
return orig_parse_uri(str)
|
|
end
|
|
private :parse_uri
|
|
|
|
alias orig_meta_vars meta_vars
|
|
|
|
def meta_vars
|
|
meta = orig_meta_vars
|
|
if server_cert
|
|
meta["HTTPS"] = "on"
|
|
meta["SSL_SERVER_CERT"] = @server_cert.to_pem
|
|
meta["SSL_CLIENT_CERT"] = @client_cert ? @client_cert.to_pem : ""
|
|
if @client_cert_chain
|
|
@client_cert_chain.each_with_index{|cert, i|
|
|
meta["SSL_CLIENT_CERT_CHAIN_#{i}"] = cert.to_pem
|
|
}
|
|
end
|
|
meta["SSL_CIPHER"] = @cipher[0]
|
|
meta["SSL_PROTOCOL"] = @cipher[1]
|
|
meta["SSL_CIPHER_USEKEYSIZE"] = @cipher[2].to_s
|
|
meta["SSL_CIPHER_ALGKEYSIZE"] = @cipher[3].to_s
|
|
end
|
|
meta
|
|
end
|
|
|
|
# :startdoc:
|
|
end
|
|
|
|
##
|
|
#--
|
|
# Fake WEBrick::HTTPRequest for lookup_server
|
|
|
|
class SNIRequest
|
|
|
|
##
|
|
# The SNI hostname
|
|
|
|
attr_reader :host
|
|
|
|
##
|
|
# The socket address of the server
|
|
|
|
attr_reader :addr
|
|
|
|
##
|
|
# The port this request is for
|
|
|
|
attr_reader :port
|
|
|
|
##
|
|
# Creates a new SNIRequest.
|
|
|
|
def initialize(sslsocket, hostname)
|
|
@host = hostname
|
|
@addr = sslsocket.addr
|
|
@port = @addr[1]
|
|
end
|
|
end
|
|
|
|
|
|
##
|
|
#--
|
|
# Adds SSL functionality to WEBrick::HTTPServer
|
|
|
|
class HTTPServer < ::WEBrick::GenericServer
|
|
##
|
|
# ServerNameIndication callback
|
|
|
|
def ssl_servername_callback(sslsocket, hostname = nil)
|
|
req = SNIRequest.new(sslsocket, hostname)
|
|
server = lookup_server(req)
|
|
server ? server.ssl_context : nil
|
|
end
|
|
|
|
# :stopdoc:
|
|
|
|
##
|
|
# Check whether +server+ is also SSL server.
|
|
# Also +server+'s SSL context will be created.
|
|
|
|
alias orig_virtual_host virtual_host
|
|
|
|
def virtual_host(server)
|
|
if @config[:SSLEnable] && !server.ssl_context
|
|
raise ArgumentError, "virtual host must set SSLEnable to true"
|
|
end
|
|
orig_virtual_host(server)
|
|
end
|
|
|
|
# :startdoc:
|
|
end
|
|
end
|