httpclient 2.7.2 → 2.9.0

data/lib/httpclient/ssl_config.rb

@@ -36,60 +36,113 @@ class HTTPClient
   # then add_trust_ca for that purpose.
   class SSLConfig
     include HTTPClient::Util
-    include OpenSSL if SSLEnabled
+    if SSLEnabled
+      include OpenSSL
+
+      if defined? JRUBY_VERSION
+        module ::OpenSSL
+          module X509
+            class Store
+              attr_reader :_httpclient_cert_store_items
+
+              # TODO: use prepend instead when we drop JRuby + 1.9.x support
+              wrapped = {}
+
+              wrapped[:initialize] = instance_method(:initialize)
+              define_method(:initialize) do |*args|
+                wrapped[:initialize].bind(self).call(*args)
+                @_httpclient_cert_store_items = [ENV['SSL_CERT_FILE'] || :default]
+              end
+
+              [:add_cert, :add_file, :add_path].each do |m|
+                wrapped[m] = instance_method(m)
+                define_method(m) do |cert|
+                  res = wrapped[m].bind(self).call(cert)
+                  @_httpclient_cert_store_items << cert
+                  res
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+
+    class << self
+    private
+      def attr_config(symbol)
+        name = symbol.to_s
+        ivar_name = "@#{name}"
+        define_method(name) {
+          instance_variable_get(ivar_name)
+        }
+        define_method("#{name}=") { |rhs|
+          if instance_variable_get(ivar_name) != rhs
+            instance_variable_set(ivar_name, rhs)
+            change_notify
+          end
+        }
+        symbol
+      end
+    end
+
 
     CIPHERS_DEFAULT = "ALL:!aNULL:!eNULL:!SSLv2" # OpenSSL >1.0.0 default
 
     # Which TLS protocol version (also called method) will be used. Defaults
-    # to :auto which means that OpenSSL decides (In my tests this resulted 
+    # to :auto which means that OpenSSL decides (In my tests this resulted
     # with always the highest available protocol being used).
     # String name of OpenSSL's SSL version method name: TLSv1_2, TLSv1_1, TLSv1,
     # SSLv2, SSLv23, SSLv3 or :auto (and nil) to allow version negotiation (default).
     # See {OpenSSL::SSL::SSLContext::METHODS} for a list of available versions
     # in your specific Ruby environment.
-    attr_reader :ssl_version
+    attr_config :ssl_version
     # OpenSSL::X509::Certificate:: certificate for SSL client authentication.
     # nil by default. (no client authentication)
-    attr_reader :client_cert
+    attr_config :client_cert
     # OpenSSL::PKey::PKey:: private key for SSL client authentication.
     # nil by default. (no client authentication)
-    attr_reader :client_key
-    attr_reader :client_key_pass
+    attr_config :client_key
+    # OpenSSL::PKey::PKey:: private key pass phrase for client_key.
+    # nil by default. (no pass phrase)
+    attr_config :client_key_pass
 
     # A number which represents OpenSSL's verify mode.  Default value is
     # OpenSSL::SSL::VERIFY_PEER | OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT.
-    attr_reader :verify_mode
+    attr_config :verify_mode
     # A number of verify depth.  Certification path which length is longer than
     # this depth is not allowed.
     # CAUTION: this is OpenSSL specific option and ignored on JRuby.
-    attr_reader :verify_depth
+    attr_config :verify_depth
     # A callback handler for custom certificate verification.  nil by default.
     # If the handler is set, handler.call is invoked just after general
     # OpenSSL's verification.  handler.call is invoked with 2 arguments,
     # ok and ctx; ok is a result of general OpenSSL's verification.  ctx is a
     # OpenSSL::X509::StoreContext.
-    attr_reader :verify_callback
+    attr_config :verify_callback
     # SSL timeout in sec.  nil by default.
-    attr_reader :timeout
+    attr_config :timeout
     # A number of OpenSSL's SSL options.  Default value is
     # OpenSSL::SSL::OP_ALL | OpenSSL::SSL::OP_NO_SSLv2
     # CAUTION: this is OpenSSL specific option and ignored on JRuby.
     # Use ssl_version to specify the TLS version you want to use.
-    attr_reader :options
+    attr_config :options
     # A String of OpenSSL's cipher configuration.  Default value is
     # ALL:!ADH:!LOW:!EXP:!MD5:+SSLv2:@STRENGTH
     # See ciphers(1) man in OpenSSL for more detail.
-    attr_reader :ciphers
+    attr_config :ciphers
 
     # OpenSSL::X509::X509::Store used for verification.  You can reset the
     # store with clear_cert_store and set the new store with cert_store=.
     attr_reader :cert_store # don't use if you don't know what it is.
 
     # For server side configuration.  Ignore this.
-    attr_reader :client_ca # :nodoc:
+    attr_config :client_ca # :nodoc:
 
     # These array keeps original files/dirs that was added to @cert_store
-    attr_reader :cert_store_items
+    if defined? JRUBY_VERSION
+      def cert_store_items; @cert_store._httpclient_cert_store_items; end
+    end
     attr_reader :cert_store_crl_items
 
     # Creates a SSLConfig.
@@ -97,9 +150,8 @@ class HTTPClient
       return unless SSLEnabled
       @client = client
       @cert_store = X509::Store.new
-      @cert_store_items = [:default]
       @cert_store_crl_items = []
-      @client_cert = @client_key = @client_ca = nil
+      @client_cert = @client_key = @client_key_pass = @client_ca = nil
       @verify_mode = SSL::VERIFY_PEER | SSL::VERIFY_FAIL_IF_NO_PEER_CERT
       @verify_depth = nil
       @verify_callback = nil
@@ -117,42 +169,18 @@ class HTTPClient
       @cacerts_loaded = false
     end
 
-    # Sets SSL version method String.  Possible values: "SSLv2" for SSL2,
-    # "SSLv3" for SSL3 and TLS1.x, "SSLv23" for SSL3 with fallback to SSL2.
-    def ssl_version=(ssl_version)
-      @ssl_version = ssl_version
-      change_notify
-    end
-
-    # Sets certificate (OpenSSL::X509::Certificate) for SSL client
-    # authentication.
-    # client_key and client_cert must be a pair.
-    #
-    # Calling this method resets all existing sessions.
-    def client_cert=(client_cert)
-      @client_cert = client_cert
-      change_notify
-    end
-
-    # Sets private key (OpenSSL::PKey::PKey) for SSL client authentication.
-    # client_key and client_cert must be a pair.
-    #
-    # Calling this method resets all existing sessions.
-    def client_key=(client_key)
-      @client_key = client_key
-      change_notify
-    end
-
     # Sets certificate and private key for SSL client authentication.
     # cert_file:: must be a filename of PEM/DER formatted file.
     # key_file:: must be a filename of PEM/DER formatted file.  Key must be an
     #            RSA key.  If you want to use other PKey algorithm,
     #            use client_key=.
     #
-    # Calling this method resets all existing sessions.
+    # Calling this method resets all existing sessions if value is changed.
     def set_client_cert_file(cert_file, key_file, pass = nil)
-      @client_cert, @client_key, @client_key_pass = cert_file, key_file, pass
-      change_notify
+      if (@client_cert != cert_file) || (@client_key != key_file) || (@client_key_pass != pass)
+        @client_cert, @client_key, @client_key_pass = cert_file, key_file, pass
+        change_notify
+      end
     end
 
     # Sets OpenSSL's default trusted CA certificates.  Generally, OpenSSL is
@@ -170,7 +198,6 @@ class HTTPClient
       @cacerts_loaded = true # avoid lazy override
       @cert_store = X509::Store.new
       @cert_store.set_default_paths
-      @cert_store_items = [ENV['SSL_CERT_FILE'] || :default]
       change_notify
     end
 
@@ -181,7 +208,9 @@ class HTTPClient
     def clear_cert_store
       @cacerts_loaded = true # avoid lazy override
       @cert_store = X509::Store.new
-      @cert_store_items.clear
+      if defined? JRUBY_VERSION
+        @cert_store._httpclient_cert_store_items.clear
+      end
       change_notify
     end
 
@@ -190,10 +219,12 @@ class HTTPClient
     #
     # Calling this method resets all existing sessions.
     def cert_store=(cert_store)
-      @cacerts_loaded = true # avoid lazy override
-      @cert_store = cert_store
-      @cert_store_items.clear
-      change_notify
+      # This is object equality check, since OpenSSL::X509::Store doesn't overload ==
+      if !@cacerts_loaded || (@cert_store != cert_store)
+        @cacerts_loaded = true # avoid lazy override
+        @cert_store = cert_store
+        change_notify
+      end
     end
 
     # Sets trust anchor certificate(s) for verification.
@@ -209,7 +240,6 @@ class HTTPClient
       end
       @cacerts_loaded = true # avoid lazy override
       add_trust_ca_to_store(@cert_store, trust_ca_file_or_hashed_dir)
-      @cert_store_items << trust_ca_file_or_hashed_dir
       change_notify
     end
     alias set_trust_ca add_trust_ca
@@ -252,60 +282,8 @@ class HTTPClient
     end
     alias set_crl add_crl
 
-    # Sets verify mode of OpenSSL.  New value must be a combination of
-    # constants OpenSSL::SSL::VERIFY_*
-    #
-    # Calling this method resets all existing sessions.
-    def verify_mode=(verify_mode)
-      @verify_mode = verify_mode
-      change_notify
-    end
-
-    # Sets verify depth.  New value must be a number.
-    #
-    # Calling this method resets all existing sessions.
-    def verify_depth=(verify_depth)
-      @verify_depth = verify_depth
-      change_notify
-    end
-
-    # Sets callback handler for custom certificate verification.
-    # See verify_callback.
-    #
-    # Calling this method resets all existing sessions.
-    def verify_callback=(verify_callback)
-      @verify_callback = verify_callback
-      change_notify
-    end
-
-    # Sets SSL timeout in sec.
-    #
-    # Calling this method resets all existing sessions.
-    def timeout=(timeout)
-      @timeout = timeout
-      change_notify
-    end
-
-    # Sets SSL options.  New value must be a combination of # constants
-    # OpenSSL::SSL::OP_*
-    #
-    # Calling this method resets all existing sessions.
-    def options=(options)
-      @options = options
-      change_notify
-    end
-
-    # Sets cipher configuration.  New value must be a String.
-    #
-    # Calling this method resets all existing sessions.
-    def ciphers=(ciphers)
-      @ciphers = ciphers
-      change_notify
-    end
-
-    def client_ca=(client_ca) # :nodoc:
-      @client_ca = client_ca
-      change_notify
+    def verify?
+      @verify_mode && (@verify_mode & OpenSSL::SSL::VERIFY_PEER != 0)
     end
 
     # interfaces for SSLSocket.
@@ -431,6 +409,9 @@ class HTTPClient
         return true
       end
 
+      if pathlen > 2
+        warn('pathlen > 2') if $DEBUG
+      end
       return false
     end
 
@@ -441,23 +422,10 @@ class HTTPClient
       nil
     end
 
-    # Use 2014 bit certs trust anchor if possible.
-    # CVE-2015-1793 requires: OpenSSL >= 1.0.2d or OpenSSL >= 1.0.1p
-    # OpenSSL before 1.0.1 does not have CVE-2015-1793 problem
+    # Use 2048 bit certs trust anchor
     def load_cacerts(cert_store)
-      ver = OpenSSL::OPENSSL_VERSION
-      if (ver.start_with?('OpenSSL 1.0.1') && ver >= 'OpenSSL 1.0.1p') ||
-          (ver.start_with?('OpenSSL ') && ver >= 'OpenSSL 1.0.2d') || defined?(JRuby)
-        filename = 'cacert.pem'
-      else
-        filename = 'cacert1024.pem'
-      end
-      file = File.join(File.dirname(__FILE__), filename)
-      unless defined?(JRuby)
-        # JRuby uses @cert_store_items
-        add_trust_ca_to_store(cert_store, file)
-      end
-      @cert_store_items << file
+      file = File.join(File.dirname(__FILE__), 'cacert.pem')
+      add_trust_ca_to_store(cert_store, file)
     end
   end
 

data/lib/httpclient/ssl_socket.rb

@@ -14,43 +14,31 @@ class HTTPClient
   # Wraps up OpenSSL::SSL::SSLSocket and offers debugging features.
   class SSLSocket
     def self.create_socket(session)
+      opts = {
+        :debug_dev => session.debug_dev
+      }
       site = session.proxy || session.dest
       socket = session.create_socket(site.host, site.port)
       begin
         if session.proxy
           session.connect_ssl_proxy(socket, Util.urify(session.dest.to_s))
         end
-        ssl_socket = new(socket, session.ssl_config, session.debug_dev)
-        ssl_socket.ssl_connect(session.dest.host)
-        ssl_socket
+        new(socket, session.dest, session.ssl_config, opts)
       rescue
         socket.close
         raise
       end
     end
 
-    def initialize(socket, context, debug_dev = nil)
+    def initialize(socket, dest, config, opts = {})
       unless SSLEnabled
         raise ConfigurationError.new('Ruby/OpenSSL module is required')
       end
       @socket = socket
-      @context = context
+      @config = config
       @ssl_socket = create_openssl_socket(@socket)
-      @debug_dev = debug_dev
-    end
-
-    def ssl_connect(hostname = nil)
-      if hostname && @ssl_socket.respond_to?(:hostname=)
-        @ssl_socket.hostname = hostname
-      end
-      @ssl_socket.connect
-      if $DEBUG
-        if @ssl_socket.respond_to?(:ssl_version)
-          warn("Protocol version: #{@ssl_socket.ssl_version}")
-        end
-        warn("Cipher: #{@ssl_socket.cipher.inspect}")
-      end
-      post_connection_check(hostname)
+      @debug_dev = opts[:debug_dev]
+      ssl_connect(dest.host)
     end
 
     def peer_cert
@@ -108,8 +96,22 @@ class HTTPClient
 
   private
 
+    def ssl_connect(hostname = nil)
+      if hostname && @ssl_socket.respond_to?(:hostname=)
+        @ssl_socket.hostname = hostname
+      end
+      @ssl_socket.connect
+      if $DEBUG
+        if @ssl_socket.respond_to?(:ssl_version)
+          warn("Protocol version: #{@ssl_socket.ssl_version}")
+        end
+        warn("Cipher: #{@ssl_socket.cipher.inspect}")
+      end
+      post_connection_check(hostname)
+    end
+
     def post_connection_check(hostname)
-      verify_mode = @context.verify_mode || OpenSSL::SSL::VERIFY_NONE
+      verify_mode = @config.verify_mode || OpenSSL::SSL::VERIFY_NONE
       if verify_mode == OpenSSL::SSL::VERIFY_NONE
         return
       elsif @ssl_socket.peer_cert.nil? and
@@ -119,7 +121,7 @@ class HTTPClient
       if @ssl_socket.respond_to?(:post_connection_check) and RUBY_VERSION > "1.8.4"
         @ssl_socket.post_connection_check(hostname)
       else
-        @context.post_connection_check(@ssl_socket.peer_cert, hostname)
+        @config.post_connection_check(@ssl_socket.peer_cert, hostname)
       end
     end
 
@@ -131,11 +133,11 @@ class HTTPClient
       ssl_socket = nil
       if OpenSSL::SSL.const_defined?("SSLContext")
         ctx = OpenSSL::SSL::SSLContext.new
-        @context.set_context(ctx)
+        @config.set_context(ctx)
         ssl_socket = OpenSSL::SSL::SSLSocket.new(socket, ctx)
       else
         ssl_socket = OpenSSL::SSL::SSLSocket.new(socket)
-        @context.set_context(ssl_socket)
+        @config.set_context(ssl_socket)
       end
       ssl_socket
     end

data/lib/httpclient/util.rb

@@ -64,7 +64,7 @@ class HTTPClient
         # Overwrites the original definition just for one line...
         def authority
           self.host && @authority ||= (begin
-            authority = ""
+            authority = "".dup
             if self.userinfo != nil
               authority << "#{self.userinfo}@"
             end

data/lib/httpclient/version.rb

@@ -1,3 +1,3 @@
 class HTTPClient
-  VERSION = '2.7.2'
+  VERSION = '2.9.0'
 end

data/lib/httpclient/webagent-cookie.rb

@@ -342,7 +342,7 @@ class WebAgent
       cookie.domain_orig = given.domain
       cookie.path_orig = given.path
 
-      if cookie.discard? || cookie.expires == nil
+      if cookie.discard? || cookie.expires.nil?
         cookie.discard = true
       else
         cookie.discard = false

data/lib/httpclient.rb

@@ -309,7 +309,6 @@ class HTTPClient
       if assignable
         aname = name + '='
         define_method(aname) { |rhs|
-          reset_all
           @session_manager.__send__(aname, rhs)
         }
       end
@@ -356,6 +355,8 @@ class HTTPClient
   # if your ruby is older than 2005-09-06, do not set socket_sync = false to
   # avoid an SSL socket blocking bug in openssl/buffering.rb.
   attr_proxy(:socket_sync, true)
+  # Enables TCP keepalive; no timing settings exist at present
+  attr_proxy(:tcp_keepalive, true)
   # User-Agent header in HTTP request.
   attr_proxy(:agent_name, true)
   # From header in HTTP request.
@@ -365,6 +366,9 @@ class HTTPClient
   attr_proxy(:test_loopback_http_response)
   # Decompress a compressed (with gzip or deflate) content body transparently. false by default.
   attr_proxy(:transparent_gzip_decompression, true)
+  # Raise BadResponseError if response size does not match with Content-Length header in response. false by default.
+  # TODO: enable by default
+  attr_proxy(:strict_response_size_check, true)
   # Local socket address. Set HTTPClient#socket_local.host and HTTPClient#socket_local.port to specify local binding hostname and port of TCP socket.
   attr_proxy(:socket_local, true)
 
@@ -749,6 +753,10 @@ class HTTPClient
     request(:patch, uri, new_args, &block)
   end
 
+  # :call-seq:
+  #   post(uri, {query: query, body: body, header: header, follow_redirect: follow_redirect}) -> HTTP::Message
+  #   post(uri, body, header, follow_redirect) -> HTTP::Message
+  #
   # Sends POST request to the specified URL.  See request for arguments.
   # You should not depend on :follow_redirect => true for POST method.  It
   # sends the same POST method to the new location which is prohibited in HTTP spec.
@@ -844,13 +852,7 @@ class HTTPClient
     end
     uri = to_resource_url(uri)
     if block
-      if block.arity == 1
-        filtered_block = proc { |res, str|
-          block.call(str)
-        }
-      else
-        filtered_block = block
-      end
+      filtered_block = adapt_block(&block)
     end
     if follow_redirect
       follow_redirect(method, uri, query, body, header, &block)
@@ -1082,11 +1084,17 @@ private
     ENV[name.downcase] || ENV[name.upcase]
   end
 
+  def adapt_block(&block)
+    return block if block.arity == 2
+    proc { |r, str| block.call(str) }
+  end
+
   def follow_redirect(method, uri, query, body, header, &block)
     uri = to_resource_url(uri)
     if block
+      b = adapt_block(&block)
       filtered_block = proc { |r, str|
-        block.call(str) if r.ok?
+        b.call(r, str) if r.ok?
       }
     end
     if HTTP::Message.file?(body)
@@ -1232,7 +1240,7 @@ private
       conn.push(res)
       return res
     end
-    content = block ? nil : ''
+    content = block ? nil : ''.dup
     res = HTTP::Message.new_response(content, req.header)
     @debug_dev << "= Request\n\n" if @debug_dev
     sess = @session_manager.query(req, proxy)
@@ -1270,6 +1278,7 @@ private
       return
     end
     piper, pipew = IO.pipe
+    pipew.binmode
     res = HTTP::Message.new_response(piper, req.header)
     @debug_dev << "= Request\n\n" if @debug_dev
     sess = @session_manager.query(req, proxy)

data/lib/jsonclient.rb

@@ -2,7 +2,7 @@ require 'httpclient'
 require 'json'
  
 # JSONClient auto-converts Hash <-> JSON in request and response.
-# * For POST or PUT request, convert Hash body to JSON String with 'application/json; charset=utf-8' header.
+# * For PATCH, POST or PUT request, convert Hash body to JSON String with 'application/json; charset=utf-8' header.
 # * For response, convert JSON String to Hash when content-type is '(application|text)/(x-)?json'
 class JSONClient < HTTPClient
   CONTENT_TYPE_JSON_REGEX = /(application|text)\/(x-)?json/i
@@ -17,6 +17,10 @@ class JSONClient < HTTPClient
     @content_type_json_response_regex = CONTENT_TYPE_JSON_REGEX
   end
  
+  def patch(uri, *args, &block)
+    request(:patch, uri, argument_to_hash_for_json(args), &block)
+  end
+ 
   def post(uri, *args, &block)
     request(:post, uri, argument_to_hash_for_json(args), &block)
   end
@@ -37,7 +41,7 @@ private
 
   def argument_to_hash_for_json(args)
     hash = argument_to_hash(args, :body, :header, :follow_redirect)
-    if hash[:body].is_a?(Hash)
+    if hash[:body].is_a?(Hash) || hash[:body].is_a?(Array)
       hash[:header] = json_header(hash[:header])
       hash[:body] = JSON.generate(hash[:body])
     end
@@ -47,11 +51,10 @@ private
   def json_header(header)
     header ||= {}
     if header.is_a?(Hash)
-      header['Content-Type'] = @content_type_json_request
+      header.merge('Content-Type' => @content_type_json_request)
     else
-      header << ['Content-Type', @content_type_json_request]
+      header + [['Content-Type', @content_type_json_request]]
     end
-    header
   end
 
   def wrap_json_response(original)

data/lib/oauthclient.rb

@@ -33,6 +33,7 @@ class OAuthClient < HTTPClient
     @oauth_config = HTTPClient::OAuth::Config.new
     self.www_auth.oauth.set_config(nil, @oauth_config)
     self.www_auth.oauth.challenge(nil)
+    self.strict_response_size_check = true
   end
 
   # Get request token.

data/sample/auth.rb

@@ -7,5 +7,5 @@ c.debug_dev = STDOUT
 #c.set_proxy_auth("admin", "admin")
 
 # for WWW authentication: supports Basic, Digest and Negotiate.
-c.set_auth("http://dev.ctor.org/http-access2/", "user", "user")
+c.set_auth("http://dev.ctor.org/http-access2/", "username", "password")
 p c.get("http://dev.ctor.org/http-access2/login")