require 'uri' require 'net/http' require 'net/https' require 'benchmark' module ActiveMerchant class Connection using NetHttpSslConnection include NetworkConnectionRetries MAX_RETRIES = 3 OPEN_TIMEOUT = 60 READ_TIMEOUT = 60 VERIFY_PEER = true CA_FILE = File.expand_path('../certs/cacert.pem', File.dirname(__FILE__)) CA_PATH = nil MIN_VERSION = :TLS1_1 RETRY_SAFE = false RUBY_184_POST_HEADERS = { 'Content-Type' => 'application/x-www-form-urlencoded' } attr_accessor :endpoint attr_accessor :open_timeout attr_accessor :read_timeout attr_accessor :verify_peer attr_accessor :ssl_version if Net::HTTP.instance_methods.include?(:min_version=) attr_accessor :min_version attr_accessor :max_version end attr_reader :ssl_connection attr_accessor :ca_file attr_accessor :ca_path attr_accessor :pem attr_accessor :pem_password attr_reader :wiredump_device attr_accessor :logger attr_accessor :tag attr_accessor :ignore_http_status attr_accessor :max_retries attr_accessor :proxy_address attr_accessor :proxy_port def initialize(endpoint) @endpoint = endpoint.is_a?(URI) ? endpoint : URI.parse(endpoint) @open_timeout = OPEN_TIMEOUT @read_timeout = READ_TIMEOUT @retry_safe = RETRY_SAFE @verify_peer = VERIFY_PEER @ca_file = CA_FILE @ca_path = CA_PATH @max_retries = MAX_RETRIES @ignore_http_status = false @ssl_version = nil if Net::HTTP.instance_methods.include?(:min_version=) @min_version = MIN_VERSION @max_version = nil end @ssl_connection = {} @proxy_address = :ENV @proxy_port = nil end def wiredump_device=(device) raise ArgumentError, "can't wiredump to frozen #{device.class}" if device&.frozen? @wiredump_device = device end def request(method, body, headers = {}) request_start = Process.clock_gettime(Process::CLOCK_MONOTONIC) headers = headers.dup headers['connection'] ||= 'close' retry_exceptions(:max_retries => max_retries, :logger => logger, :tag => tag) do begin info "connection_http_method=#{method.to_s.upcase} connection_uri=#{endpoint}", tag result = nil realtime = Benchmark.realtime do http.start unless http.started? @ssl_connection = http.ssl_connection info "connection_ssl_version=#{ssl_connection[:version]} connection_ssl_cipher=#{ssl_connection[:cipher]}", tag result = case method when :get raise ArgumentError, 'GET requests do not support a request body' if body http.get(endpoint.request_uri, headers) when :post debug body http.post(endpoint.request_uri, body, RUBY_184_POST_HEADERS.merge(headers)) when :put debug body http.put(endpoint.request_uri, body, headers) when :patch debug body http.patch(endpoint.request_uri, body, headers) when :delete # It's kind of ambiguous whether the RFC allows bodies # for DELETE requests. But Net::HTTP's delete method # very unambiguously does not. if body debug body req = Net::HTTP::Delete.new(endpoint.request_uri, headers) req.body = body http.request(req) else http.delete(endpoint.request_uri, headers) end else raise ArgumentError, "Unsupported request method #{method.to_s.upcase}" end end info '--> %d %s (%d %.4fs)' % [result.code, result.message, result.body ? result.body.length : 0, realtime], tag debug result.body result end end ensure info 'connection_request_total_time=%.4fs' % [Process.clock_gettime(Process::CLOCK_MONOTONIC) - request_start], tag http.finish if http.started? end private def http @http ||= begin http = Net::HTTP.new(endpoint.host, endpoint.port, proxy_address, proxy_port) configure_debugging(http) configure_timeouts(http) configure_ssl(http) configure_cert(http) http end end def configure_debugging(http) http.set_debug_output(wiredump_device) end def configure_timeouts(http) http.open_timeout = open_timeout http.read_timeout = read_timeout end def configure_ssl(http) return unless endpoint.scheme == 'https' http.use_ssl = true http.ssl_version = ssl_version if ssl_version if http.respond_to?(:min_version=) http.min_version = min_version if min_version http.max_version = max_version if max_version end if verify_peer http.verify_mode = OpenSSL::SSL::VERIFY_PEER http.ca_file = ca_file http.ca_path = ca_path else http.verify_mode = OpenSSL::SSL::VERIFY_NONE end end def configure_cert(http) return if pem.blank? http.cert = OpenSSL::X509::Certificate.new(pem) if pem_password http.key = OpenSSL::PKey::RSA.new(pem, pem_password) else http.key = OpenSSL::PKey::RSA.new(pem) end end def debug(message, tag = nil) log(:debug, message, tag) end def info(message, tag = nil) log(:info, message, tag) end def error(message, tag = nil) log(:error, message, tag) end def log(level, message, tag) message = "[#{tag}] #{message}" if tag logger&.send(level, message) end end end