# Copyright (c) 2023 Contrast Security, Inc. See https://www.contrastsecurity.com/enduser-terms-0317a for more details. # frozen_string_literal: true require 'contrast/components/base' require 'contrast/components/config' require 'contrast/config/api_proxy_configuration' require 'contrast/config/request_audit_configuration' require 'contrast/config/certification_configuration' module Contrast module Components module Api # A wrapper build around the Common Agent Configuration project to allow # for Api keys to be mapped with their values contained in their # parent_configuration_spec.yaml. class Interface include Contrast::Components::ComponentBase include Contrast::Config::BaseConfiguration CANON_NAME = 'api' PROXY_NAME = "#{ CANON_NAME }.proxy".cs__freeze CONFIG_VALUES = %w[api_key user_name service_key url].cs__freeze # @return [String] attr_accessor :api_key # @return [String] attr_accessor :user_name # @return [String] attr_accessor :service_key attr_writer :url DEFAULT_URL = 'https://app.contrastsecurity.com/Contrast' def initialize hsh = {} return unless hsh @api_key = hsh[:api_key] @url = hsh[:url] @user_name = hsh[:user_name] @service_key = hsh[:service_key] @_proxy = Contrast::Config::ApiProxyConfiguration.new(hsh[:proxy]) @_request_audit = Contrast::Config::RequestAuditConfiguration.new(hsh[:request_audit]) @_certificate = Contrast::Config::CertificationConfiguration.new(hsh[:certificate]) end def url @url.nil? ? DEFAULT_URL : @url end # @return [Contrast::Config::ApiProxyConfiguration] def proxy return @_proxy unless @_proxy.nil? @_proxy = Contrast::Config::ApiProxyConfiguration.new end # @return [Contrast::Config::RequestAuditConfiguration] def request_audit return @_request_audit unless @_request_audit.nil? @_request_audit = Contrast::Config::RequestAuditConfiguration.new end # @return [Contrast::Config::CertificationConfiguration] def certificate return @_certificate unless @_certificate.nil? @_certificate = Contrast::Config::CertificationConfiguration.new end def api_url @_api_url ||= begin tmp = Contrast::CONFIG.api.url tmp += '/Contrast' unless tmp.end_with?('/Contrast') tmp end end def proxy_enable return @_proxy_enable unless @_proxy_enable.nil? @_proxy_enable = true?(::Contrast::CONFIG.api.proxy.enable) end def proxy_url proxy.url end def request_audit_enable return @_request_audit_enable unless @_request_audit_enable.nil? @_request_audit_enable = true?(::Contrast::CONFIG.api.request_audit.enable) end def request_audit_requests return @_request_audit_requests unless @_request_audit_requests.nil? @_request_audit_requests = true?(::Contrast::CONFIG.api.request_audit.requests) end def request_audit_responses return @_request_audit_responses unless @_request_audit_responses.nil? @_request_audit_responses = true?(::Contrast::CONFIG.api.request_audit.responses) end def request_audit_path @_request_audit_path ||= ::Contrast::CONFIG.api.request_audit.path.to_s end def certification_enable @_certification_enable ||= certification_truly_enabled?(::Contrast::CONFIG.api.certificate) end def certification_ca_file @_certification_ca_file ||= ::Contrast::CONFIG.api.certificate.ca_file end def certification_cert_file @_certification_cert_file ||= ::Contrast::CONFIG.api.certificate.cert_file end def certification_key_file @_certification_key_file ||= ::Contrast::CONFIG.api.certificate.key_file end # Converts current configuration to effective config values class and appends them to # EffectiveConfig class. # # @param effective_config [Contrast::Config::Diagnostics::EffectiveConfig] def to_effective_config effective_config add_effective_config_values(effective_config, CONFIG_VALUES, CANON_NAME, CANON_NAME) effective_proxy(effective_config) request_audit&.to_effective_config(effective_config) certificate&.to_effective_config(effective_config) end private # @param effective_config [Contrast::Config::Diagnostics::EffectiveConfig] def effective_proxy effective_config add_single_effective_value(effective_config, ENABLE, proxy_enable.to_s, PROXY_NAME) return unless proxy_url && proxy_enable add_single_effective_value(effective_config, 'url', proxy_url, PROXY_NAME) end def certification_truly_enabled? config_path return false unless true?(config_path.enable) return true if file_exists?(certification_ca_file) && valid_cert?(certification_ca_file) return true if file_exists?(certification_cert_file) && valid_cert?(certification_cert_file) return true if file_exists?(certification_key_file) && valid_cert?(certification_key_file) false end end end end end