1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
# -*- encoding: utf-8 -*-
module Stomp
#
# == Purpose
#
# Parameters for STOMP ssl connections.
#
class SSLParams
# The trust store files. Normally the certificate of the CA that signed
# the server's certificate. One file name, or a CSV list of file names.
attr_accessor :ts_files
# The client certificate file.
attr_accessor :cert_file
# The client private key file.
attr_accessor :key_file
# The client certificate text.
attr_accessor :cert_text
# The client private key text.
attr_accessor :key_text
# The client private key password.
attr_accessor :key_password
# SSL Connect Verify Result. The result of the handshake.
attr_accessor :verify_result
# The certificate of the connection peer (the server), received during
# the handshake.
attr_accessor :peer_cert
# Optional list of SSL ciphers to be used. In the format documented for
# Ruby's OpenSSL.
attr_accessor :ciphers
# Absolute command to use Ruby default ciphers.
attr_reader :use_ruby_ciphers
# Back reference to the OpenSSL::SSL::SSLContext instance, gem sets before connect.
attr_accessor :ctx # Set by the gem during connect, before the callbacks
# Client wants file existance check on initialize. true/value or false/nil.
attr_reader :fsck #
# SSLContext options.
attr_reader :ssl_ctxopts #
# initialize returns a valid instance of SSLParams or raises an error.
def initialize(opts={})
# Server authentication parameters
@ts_files = opts[:ts_files] # A trust store file, normally a CA's cert
# or a CSV list of cert file names
# Client authentication parameters
@cert_file = opts[:cert_file] # Client cert file
@key_file = opts[:key_file] # Client key file
@cert_text = opts[:cert_text] # Client cert text
@key_text = opts[:key_text] # Client key text
@key_password = opts[:key_password] # Client key password
#
raise Stomp::Error::SSLClientParamsError if !@cert_file.nil? && @key_file.nil? && @key_text.nil?
raise Stomp::Error::SSLClientParamsError if !@cert_text.nil? && @key_file.nil? && @key_text.nil?
raise Stomp::Error::SSLClientParamsError if !@cert_text.nil? && !@cert_file.nil?
raise Stomp::Error::SSLClientParamsError if !@key_file.nil? && @cert_file.nil? && @cert_text.nil?
raise Stomp::Error::SSLClientParamsError if !@key_text.nil? && @cert_file.nil? && @cert_text.nil?
raise Stomp::Error::SSLClientParamsError if !@key_text.nil? && !@key_file.nil?
#
@ciphers = opts[:ciphers]
@use_ruby_ciphers = opts[:use_ruby_ciphers] ? opts[:use_ruby_ciphers] : false
#
if opts[:fsck]
if @cert_file
raise Stomp::Error::SSLNoCertFileError if !File::exist?(@cert_file)
raise Stomp::Error::SSLUnreadableCertFileError if !File::readable?(@cert_file)
end
if @key_file
raise Stomp::Error::SSLNoKeyFileError if !File::exist?(@key_file)
raise Stomp::Error::SSLUnreadableKeyFileError if !File::readable?(@key_file)
end
if @ts_files
tsa = @ts_files.split(",")
tsa.each do |fn|
raise Stomp::Error::SSLNoTruststoreFileError if !File::exist?(fn)
raise Stomp::Error::SSLUnreadableTruststoreFileError if !File::readable?(fn)
end
end
end
# SSLContext options. See example: ssl_ctxoptions.rb.
@ssl_ctxopts = opts[:ssl_ctxopts] # nil or options to set
end
end # of class SSLParams
end # of module Stomp
|
