Edit File by line
/home/barbar84/public_h.../wp-conte.../plugins/sujqvwi/AnonR/anonr.TX.../opt/alt/ruby27/share/ruby/drb
File: ssl.rb
# frozen_string_literal: false
[0] Fix | Delete
require 'socket'
[1] Fix | Delete
require 'openssl'
[2] Fix | Delete
require_relative 'drb'
[3] Fix | Delete
require 'singleton'
[4] Fix | Delete
[5] Fix | Delete
module DRb
[6] Fix | Delete
[7] Fix | Delete
# The protocol for DRb over an SSL socket
[8] Fix | Delete
#
[9] Fix | Delete
# The URI for a DRb socket over SSL is:
[10] Fix | Delete
# <code>drbssl://<host>:<port>?<option></code>. The option is optional
[11] Fix | Delete
class DRbSSLSocket < DRbTCPSocket
[12] Fix | Delete
[13] Fix | Delete
# SSLConfig handles the needed SSL information for establishing a
[14] Fix | Delete
# DRbSSLSocket connection, including generating the X509 / RSA pair.
[15] Fix | Delete
#
[16] Fix | Delete
# An instance of this config can be passed to DRbSSLSocket.new,
[17] Fix | Delete
# DRbSSLSocket.open and DRbSSLSocket.open_server
[18] Fix | Delete
#
[19] Fix | Delete
# See DRb::DRbSSLSocket::SSLConfig.new for more details
[20] Fix | Delete
class SSLConfig
[21] Fix | Delete
[22] Fix | Delete
# Default values for a SSLConfig instance.
[23] Fix | Delete
#
[24] Fix | Delete
# See DRb::DRbSSLSocket::SSLConfig.new for more details
[25] Fix | Delete
DEFAULT = {
[26] Fix | Delete
:SSLCertificate => nil,
[27] Fix | Delete
:SSLPrivateKey => nil,
[28] Fix | Delete
:SSLClientCA => nil,
[29] Fix | Delete
:SSLCACertificatePath => nil,
[30] Fix | Delete
:SSLCACertificateFile => nil,
[31] Fix | Delete
:SSLTmpDhCallback => nil,
[32] Fix | Delete
:SSLVerifyMode => ::OpenSSL::SSL::VERIFY_NONE,
[33] Fix | Delete
:SSLVerifyDepth => nil,
[34] Fix | Delete
:SSLVerifyCallback => nil, # custom verification
[35] Fix | Delete
:SSLCertificateStore => nil,
[36] Fix | Delete
# Must specify if you use auto generated certificate.
[37] Fix | Delete
:SSLCertName => nil, # e.g. [["CN","fqdn.example.com"]]
[38] Fix | Delete
:SSLCertComment => "Generated by Ruby/OpenSSL"
[39] Fix | Delete
}
[40] Fix | Delete
[41] Fix | Delete
# Create a new DRb::DRbSSLSocket::SSLConfig instance
[42] Fix | Delete
#
[43] Fix | Delete
# The DRb::DRbSSLSocket will take either a +config+ Hash or an instance
[44] Fix | Delete
# of SSLConfig, and will setup the certificate for its session for the
[45] Fix | Delete
# configuration. If want it to generate a generic certificate, the bare
[46] Fix | Delete
# minimum is to provide the :SSLCertName
[47] Fix | Delete
#
[48] Fix | Delete
# === Config options
[49] Fix | Delete
#
[50] Fix | Delete
# From +config+ Hash:
[51] Fix | Delete
#
[52] Fix | Delete
# :SSLCertificate ::
[53] Fix | Delete
# An instance of OpenSSL::X509::Certificate. If this is not provided,
[54] Fix | Delete
# then a generic X509 is generated, with a correspond :SSLPrivateKey
[55] Fix | Delete
#
[56] Fix | Delete
# :SSLPrivateKey ::
[57] Fix | Delete
# A private key instance, like OpenSSL::PKey::RSA. This key must be
[58] Fix | Delete
# the key that signed the :SSLCertificate
[59] Fix | Delete
#
[60] Fix | Delete
# :SSLClientCA ::
[61] Fix | Delete
# An OpenSSL::X509::Certificate, or Array of certificates that will
[62] Fix | Delete
# used as ClientCAs in the SSL Context
[63] Fix | Delete
#
[64] Fix | Delete
# :SSLCACertificatePath ::
[65] Fix | Delete
# A path to the directory of CA certificates. The certificates must
[66] Fix | Delete
# be in PEM format.
[67] Fix | Delete
#
[68] Fix | Delete
# :SSLCACertificateFile ::
[69] Fix | Delete
# A path to a CA certificate file, in PEM format.
[70] Fix | Delete
#
[71] Fix | Delete
# :SSLTmpDhCallback ::
[72] Fix | Delete
# A DH callback. See OpenSSL::SSL::SSLContext.tmp_dh_callback
[73] Fix | Delete
#
[74] Fix | Delete
# :SSLVerifyMode ::
[75] Fix | Delete
# This is the SSL verification mode. See OpenSSL::SSL::VERIFY_* for
[76] Fix | Delete
# available modes. The default is OpenSSL::SSL::VERIFY_NONE
[77] Fix | Delete
#
[78] Fix | Delete
# :SSLVerifyDepth ::
[79] Fix | Delete
# Number of CA certificates to walk, when verifying a certificate
[80] Fix | Delete
# chain.
[81] Fix | Delete
#
[82] Fix | Delete
# :SSLVerifyCallback ::
[83] Fix | Delete
# A callback to be used for additional verification. See
[84] Fix | Delete
# OpenSSL::SSL::SSLContext.verify_callback
[85] Fix | Delete
#
[86] Fix | Delete
# :SSLCertificateStore ::
[87] Fix | Delete
# A OpenSSL::X509::Store used for verification of certificates
[88] Fix | Delete
#
[89] Fix | Delete
# :SSLCertName ::
[90] Fix | Delete
# Issuer name for the certificate. This is required when generating
[91] Fix | Delete
# the certificate (if :SSLCertificate and :SSLPrivateKey were not
[92] Fix | Delete
# given). The value of this is to be an Array of pairs:
[93] Fix | Delete
#
[94] Fix | Delete
# [["C", "Raleigh"], ["ST","North Carolina"],
[95] Fix | Delete
# ["CN","fqdn.example.com"]]
[96] Fix | Delete
#
[97] Fix | Delete
# See also OpenSSL::X509::Name
[98] Fix | Delete
#
[99] Fix | Delete
# :SSLCertComment ::
[100] Fix | Delete
# A comment to be used for generating the certificate. The default is
[101] Fix | Delete
# "Generated by Ruby/OpenSSL"
[102] Fix | Delete
#
[103] Fix | Delete
#
[104] Fix | Delete
# === Example
[105] Fix | Delete
#
[106] Fix | Delete
# These values can be added after the fact, like a Hash.
[107] Fix | Delete
#
[108] Fix | Delete
# require 'drb/ssl'
[109] Fix | Delete
# c = DRb::DRbSSLSocket::SSLConfig.new {}
[110] Fix | Delete
# c[:SSLCertificate] =
[111] Fix | Delete
# OpenSSL::X509::Certificate.new(File.read('mycert.crt'))
[112] Fix | Delete
# c[:SSLPrivateKey] = OpenSSL::PKey::RSA.new(File.read('mycert.key'))
[113] Fix | Delete
# c[:SSLVerifyMode] = OpenSSL::SSL::VERIFY_PEER
[114] Fix | Delete
# c[:SSLCACertificatePath] = "/etc/ssl/certs/"
[115] Fix | Delete
# c.setup_certificate
[116] Fix | Delete
#
[117] Fix | Delete
# or
[118] Fix | Delete
#
[119] Fix | Delete
# require 'drb/ssl'
[120] Fix | Delete
# c = DRb::DRbSSLSocket::SSLConfig.new({
[121] Fix | Delete
# :SSLCertName => [["CN" => DRb::DRbSSLSocket.getservername]]
[122] Fix | Delete
# })
[123] Fix | Delete
# c.setup_certificate
[124] Fix | Delete
#
[125] Fix | Delete
def initialize(config)
[126] Fix | Delete
@config = config
[127] Fix | Delete
@cert = config[:SSLCertificate]
[128] Fix | Delete
@pkey = config[:SSLPrivateKey]
[129] Fix | Delete
@ssl_ctx = nil
[130] Fix | Delete
end
[131] Fix | Delete
[132] Fix | Delete
# A convenience method to access the values like a Hash
[133] Fix | Delete
def [](key);
[134] Fix | Delete
@config[key] || DEFAULT[key]
[135] Fix | Delete
end
[136] Fix | Delete
[137] Fix | Delete
# Connect to IO +tcp+, with context of the current certificate
[138] Fix | Delete
# configuration
[139] Fix | Delete
def connect(tcp)
[140] Fix | Delete
ssl = ::OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx)
[141] Fix | Delete
ssl.sync = true
[142] Fix | Delete
ssl.connect
[143] Fix | Delete
ssl
[144] Fix | Delete
end
[145] Fix | Delete
[146] Fix | Delete
# Accept connection to IO +tcp+, with context of the current certificate
[147] Fix | Delete
# configuration
[148] Fix | Delete
def accept(tcp)
[149] Fix | Delete
ssl = OpenSSL::SSL::SSLSocket.new(tcp, @ssl_ctx)
[150] Fix | Delete
ssl.sync = true
[151] Fix | Delete
ssl.accept
[152] Fix | Delete
ssl
[153] Fix | Delete
end
[154] Fix | Delete
[155] Fix | Delete
# Ensures that :SSLCertificate and :SSLPrivateKey have been provided
[156] Fix | Delete
# or that a new certificate is generated with the other parameters
[157] Fix | Delete
# provided.
[158] Fix | Delete
def setup_certificate
[159] Fix | Delete
if @cert && @pkey
[160] Fix | Delete
return
[161] Fix | Delete
end
[162] Fix | Delete
[163] Fix | Delete
rsa = OpenSSL::PKey::RSA.new(2048){|p, n|
[164] Fix | Delete
next unless self[:verbose]
[165] Fix | Delete
case p
[166] Fix | Delete
when 0; $stderr.putc "." # BN_generate_prime
[167] Fix | Delete
when 1; $stderr.putc "+" # BN_generate_prime
[168] Fix | Delete
when 2; $stderr.putc "*" # searching good prime,
[169] Fix | Delete
# n = #of try,
[170] Fix | Delete
# but also data from BN_generate_prime
[171] Fix | Delete
when 3; $stderr.putc "\n" # found good prime, n==0 - p, n==1 - q,
[172] Fix | Delete
# but also data from BN_generate_prime
[173] Fix | Delete
else; $stderr.putc "*" # BN_generate_prime
[174] Fix | Delete
end
[175] Fix | Delete
}
[176] Fix | Delete
[177] Fix | Delete
cert = OpenSSL::X509::Certificate.new
[178] Fix | Delete
cert.version = 3
[179] Fix | Delete
cert.serial = 0
[180] Fix | Delete
name = OpenSSL::X509::Name.new(self[:SSLCertName])
[181] Fix | Delete
cert.subject = name
[182] Fix | Delete
cert.issuer = name
[183] Fix | Delete
cert.not_before = Time.now
[184] Fix | Delete
cert.not_after = Time.now + (365*24*60*60)
[185] Fix | Delete
cert.public_key = rsa.public_key
[186] Fix | Delete
[187] Fix | Delete
ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
[188] Fix | Delete
cert.extensions = [
[189] Fix | Delete
ef.create_extension("basicConstraints","CA:FALSE"),
[190] Fix | Delete
ef.create_extension("subjectKeyIdentifier", "hash") ]
[191] Fix | Delete
ef.issuer_certificate = cert
[192] Fix | Delete
cert.add_extension(ef.create_extension("authorityKeyIdentifier",
[193] Fix | Delete
"keyid:always,issuer:always"))
[194] Fix | Delete
if comment = self[:SSLCertComment]
[195] Fix | Delete
cert.add_extension(ef.create_extension("nsComment", comment))
[196] Fix | Delete
end
[197] Fix | Delete
cert.sign(rsa, OpenSSL::Digest::SHA256.new)
[198] Fix | Delete
[199] Fix | Delete
@cert = cert
[200] Fix | Delete
@pkey = rsa
[201] Fix | Delete
end
[202] Fix | Delete
[203] Fix | Delete
# Establish the OpenSSL::SSL::SSLContext with the configuration
[204] Fix | Delete
# parameters provided.
[205] Fix | Delete
def setup_ssl_context
[206] Fix | Delete
ctx = ::OpenSSL::SSL::SSLContext.new
[207] Fix | Delete
ctx.cert = @cert
[208] Fix | Delete
ctx.key = @pkey
[209] Fix | Delete
ctx.client_ca = self[:SSLClientCA]
[210] Fix | Delete
ctx.ca_path = self[:SSLCACertificatePath]
[211] Fix | Delete
ctx.ca_file = self[:SSLCACertificateFile]
[212] Fix | Delete
ctx.tmp_dh_callback = self[:SSLTmpDhCallback]
[213] Fix | Delete
ctx.verify_mode = self[:SSLVerifyMode]
[214] Fix | Delete
ctx.verify_depth = self[:SSLVerifyDepth]
[215] Fix | Delete
ctx.verify_callback = self[:SSLVerifyCallback]
[216] Fix | Delete
ctx.cert_store = self[:SSLCertificateStore]
[217] Fix | Delete
@ssl_ctx = ctx
[218] Fix | Delete
end
[219] Fix | Delete
end
[220] Fix | Delete
[221] Fix | Delete
# Parse the dRuby +uri+ for an SSL connection.
[222] Fix | Delete
#
[223] Fix | Delete
# Expects drbssl://...
[224] Fix | Delete
#
[225] Fix | Delete
# Raises DRbBadScheme or DRbBadURI if +uri+ is not matching or malformed
[226] Fix | Delete
def self.parse_uri(uri) # :nodoc:
[227] Fix | Delete
if /\Adrbssl:\/\/(.*?):(\d+)(\?(.*))?\z/ =~ uri
[228] Fix | Delete
host = $1
[229] Fix | Delete
port = $2.to_i
[230] Fix | Delete
option = $4
[231] Fix | Delete
[host, port, option]
[232] Fix | Delete
else
[233] Fix | Delete
raise(DRbBadScheme, uri) unless uri.start_with?('drbssl:')
[234] Fix | Delete
raise(DRbBadURI, 'can\'t parse uri:' + uri)
[235] Fix | Delete
end
[236] Fix | Delete
end
[237] Fix | Delete
[238] Fix | Delete
# Return an DRb::DRbSSLSocket instance as a client-side connection,
[239] Fix | Delete
# with the SSL connected. This is called from DRb::start_service or while
[240] Fix | Delete
# connecting to a remote object:
[241] Fix | Delete
#
[242] Fix | Delete
# DRb.start_service 'drbssl://localhost:0', front, config
[243] Fix | Delete
#
[244] Fix | Delete
# +uri+ is the URI we are connected to,
[245] Fix | Delete
# <code>'drbssl://localhost:0'</code> above, +config+ is our
[246] Fix | Delete
# configuration. Either a Hash or DRb::DRbSSLSocket::SSLConfig
[247] Fix | Delete
def self.open(uri, config)
[248] Fix | Delete
host, port, = parse_uri(uri)
[249] Fix | Delete
soc = TCPSocket.open(host, port)
[250] Fix | Delete
ssl_conf = SSLConfig::new(config)
[251] Fix | Delete
ssl_conf.setup_ssl_context
[252] Fix | Delete
ssl = ssl_conf.connect(soc)
[253] Fix | Delete
self.new(uri, ssl, ssl_conf, true)
[254] Fix | Delete
end
[255] Fix | Delete
[256] Fix | Delete
# Returns a DRb::DRbSSLSocket instance as a server-side connection, with
[257] Fix | Delete
# the SSL connected. This is called from DRb::start_service or while
[258] Fix | Delete
# connecting to a remote object:
[259] Fix | Delete
#
[260] Fix | Delete
# DRb.start_service 'drbssl://localhost:0', front, config
[261] Fix | Delete
#
[262] Fix | Delete
# +uri+ is the URI we are connected to,
[263] Fix | Delete
# <code>'drbssl://localhost:0'</code> above, +config+ is our
[264] Fix | Delete
# configuration. Either a Hash or DRb::DRbSSLSocket::SSLConfig
[265] Fix | Delete
def self.open_server(uri, config)
[266] Fix | Delete
uri = 'drbssl://:0' unless uri
[267] Fix | Delete
host, port, = parse_uri(uri)
[268] Fix | Delete
if host.size == 0
[269] Fix | Delete
host = getservername
[270] Fix | Delete
soc = open_server_inaddr_any(host, port)
[271] Fix | Delete
else
[272] Fix | Delete
soc = TCPServer.open(host, port)
[273] Fix | Delete
end
[274] Fix | Delete
port = soc.addr[1] if port == 0
[275] Fix | Delete
@uri = "drbssl://#{host}:#{port}"
[276] Fix | Delete
[277] Fix | Delete
ssl_conf = SSLConfig.new(config)
[278] Fix | Delete
ssl_conf.setup_certificate
[279] Fix | Delete
ssl_conf.setup_ssl_context
[280] Fix | Delete
self.new(@uri, soc, ssl_conf, false)
[281] Fix | Delete
end
[282] Fix | Delete
[283] Fix | Delete
# This is a convenience method to parse +uri+ and separate out any
[284] Fix | Delete
# additional options appended in the +uri+.
[285] Fix | Delete
#
[286] Fix | Delete
# Returns an option-less uri and the option => [uri,option]
[287] Fix | Delete
#
[288] Fix | Delete
# The +config+ is completely unused, so passing nil is sufficient.
[289] Fix | Delete
def self.uri_option(uri, config) # :nodoc:
[290] Fix | Delete
host, port, option = parse_uri(uri)
[291] Fix | Delete
return "drbssl://#{host}:#{port}", option
[292] Fix | Delete
end
[293] Fix | Delete
[294] Fix | Delete
# Create a DRb::DRbSSLSocket instance.
[295] Fix | Delete
#
[296] Fix | Delete
# +uri+ is the URI we are connected to.
[297] Fix | Delete
# +soc+ is the tcp socket we are bound to.
[298] Fix | Delete
# +config+ is our configuration. Either a Hash or SSLConfig
[299] Fix | Delete
# +is_established+ is a boolean of whether +soc+ is currently established
[300] Fix | Delete
#
[301] Fix | Delete
# This is called automatically based on the DRb protocol.
[302] Fix | Delete
def initialize(uri, soc, config, is_established)
[303] Fix | Delete
@ssl = is_established ? soc : nil
[304] Fix | Delete
super(uri, soc.to_io, config)
[305] Fix | Delete
end
[306] Fix | Delete
[307] Fix | Delete
# Returns the SSL stream
[308] Fix | Delete
def stream; @ssl; end # :nodoc:
[309] Fix | Delete
[310] Fix | Delete
# Closes the SSL stream before closing the dRuby connection.
[311] Fix | Delete
def close # :nodoc:
[312] Fix | Delete
if @ssl
[313] Fix | Delete
@ssl.close
[314] Fix | Delete
@ssl = nil
[315] Fix | Delete
end
[316] Fix | Delete
super
[317] Fix | Delete
end
[318] Fix | Delete
[319] Fix | Delete
def accept # :nodoc:
[320] Fix | Delete
begin
[321] Fix | Delete
while true
[322] Fix | Delete
soc = accept_or_shutdown
[323] Fix | Delete
return nil unless soc
[324] Fix | Delete
break if (@acl ? @acl.allow_socket?(soc) : true)
[325] Fix | Delete
soc.close
[326] Fix | Delete
end
[327] Fix | Delete
begin
[328] Fix | Delete
ssl = @config.accept(soc)
[329] Fix | Delete
rescue Exception
[330] Fix | Delete
soc.close
[331] Fix | Delete
raise
[332] Fix | Delete
end
[333] Fix | Delete
self.class.new(uri, ssl, @config, true)
[334] Fix | Delete
rescue OpenSSL::SSL::SSLError
[335] Fix | Delete
warn("#{$!.message} (#{$!.class})", uplevel: 0) if @config[:verbose]
[336] Fix | Delete
retry
[337] Fix | Delete
end
[338] Fix | Delete
end
[339] Fix | Delete
end
[340] Fix | Delete
[341] Fix | Delete
DRbProtocol.add_protocol(DRbSSLSocket)
[342] Fix | Delete
end
[343] Fix | Delete
[344] Fix | Delete
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function