Sha256: 9af70f89736d3a2bf5a12f704d29cb0fe28bbf7954e7ebe6d479149ecb14bd5c

Contents?: true

Size: 1.43 KB

Versions: 25

Compression:

Stored size: 1.43 KB

Contents

# Contains helper methods to generate TLS related configuration for web servers
module TLSHelper
  CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze

  def validate_tls_config(config)
    %i[tls_cert_path tls_key_path].each do |key|
      fail "TLS enabled, but #{key} not specified in config" unless config.key?(key)

      fail "File specified via #{key} not found: #{config[key]}" unless File.exist?(config[key])
    end
  end

  def webrick_tls_config(config)
    # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
    require "webrick/ssl"

    certs = load_ca_certs_bundle(File.binread(config[:tls_cert_path]))

    {
      SSLEnable: true,
      SSLCertificate: certs.shift,
      SSLPrivateKey: OpenSSL::PKey.read(File.binread(config[:tls_key_path])),
      # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
      # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
      SSLStartImmediately: true,
      SSLExtraChainCert: certs
    }
  end

  # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
  # https://github.com/ruby/openssl/issues/254
  def load_ca_certs_bundle(ca_certs_string)
    return [] unless ca_certs_string

    ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
      OpenSSL::X509::Certificate.new(ca_cert_string)
    end
  end
end

Version data entries

25 entries across 25 versions & 1 rubygems

Version Path
gitlab-exporter-15.0.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.5.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.4.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.3.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.2.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.1.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-14.0.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.5.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.4.1 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.4.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.3.1 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.3.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.2.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.1.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.0.3 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-13.0.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-12.1.1 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-12.1.0 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-12.0.1 lib/gitlab_exporter/tls_helper.rb
gitlab-exporter-12.0.0 lib/gitlab_exporter/tls_helper.rb