oso-cloud 1.8.0 → 1.9.1.pre.vendored.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.gitignore +0 -1
- data/Gemfile +5 -0
- data/Gemfile.lock +31 -12
- data/README.md +1 -1
- data/lib/oso/api.rb +18 -2
- data/lib/oso/oso.rb +10 -7
- data/lib/oso/version.rb +1 -1
- data/vendor/gems/faraday-2.5.2/CHANGELOG.md +574 -0
- data/vendor/gems/faraday-2.5.2/LICENSE.md +20 -0
- data/vendor/gems/faraday-2.5.2/README.md +55 -0
- data/vendor/gems/faraday-2.5.2/Rakefile +7 -0
- data/vendor/gems/faraday-2.5.2/examples/client_spec.rb +119 -0
- data/vendor/gems/faraday-2.5.2/examples/client_test.rb +144 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/adapter/test.rb +298 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/adapter.rb +102 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/adapter_registry.rb +30 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/connection.rb +561 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/encoders/flat_params_encoder.rb +105 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/encoders/nested_params_encoder.rb +183 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/error.rb +147 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/logging/formatter.rb +106 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/methods.rb +6 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/middleware.rb +30 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/middleware_registry.rb +83 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options/connection_options.rb +22 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options/env.rb +199 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options/proxy_options.rb +32 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options/request_options.rb +22 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options/ssl_options.rb +69 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/options.rb +218 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/parameters.rb +5 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/rack_builder.rb +252 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/request/authorization.rb +49 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/request/instrumentation.rb +56 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/request/json.rb +55 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/request/url_encoded.rb +60 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/request.rb +136 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/response/json.rb +54 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/response/logger.rb +33 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/response/raise_error.rb +64 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/response.rb +90 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/utils/headers.rb +139 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/utils/params_hash.rb +61 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/utils.rb +122 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday/version.rb +5 -0
- data/vendor/gems/faraday-2.5.2/lib/faraday.rb +157 -0
- data/vendor/gems/faraday-2.5.2/spec/external_adapters/faraday_specs_setup.rb +14 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/adapter/test_spec.rb +413 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/adapter_registry_spec.rb +28 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/adapter_spec.rb +55 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/connection_spec.rb +793 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/error_spec.rb +60 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/middleware_registry_spec.rb +31 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/middleware_spec.rb +52 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/options/env_spec.rb +76 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/options/options_spec.rb +297 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/options/proxy_options_spec.rb +44 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/options/request_options_spec.rb +19 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/params_encoders/flat_spec.rb +42 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/params_encoders/nested_spec.rb +150 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/rack_builder_spec.rb +317 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/request/authorization_spec.rb +83 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/request/instrumentation_spec.rb +74 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/request/json_spec.rb +111 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/request/url_encoded_spec.rb +93 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/request_spec.rb +110 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/response/json_spec.rb +117 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/response/logger_spec.rb +220 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/response/raise_error_spec.rb +172 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/response_spec.rb +75 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/utils/headers_spec.rb +82 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday/utils_spec.rb +118 -0
- data/vendor/gems/faraday-2.5.2/spec/faraday_spec.rb +37 -0
- data/vendor/gems/faraday-2.5.2/spec/spec_helper.rb +132 -0
- data/vendor/gems/faraday-2.5.2/spec/support/disabling_stub.rb +14 -0
- data/vendor/gems/faraday-2.5.2/spec/support/fake_safe_buffer.rb +15 -0
- data/vendor/gems/faraday-2.5.2/spec/support/helper_methods.rb +96 -0
- data/vendor/gems/faraday-2.5.2/spec/support/shared_examples/adapter.rb +105 -0
- data/vendor/gems/faraday-2.5.2/spec/support/shared_examples/params_encoder.rb +18 -0
- data/vendor/gems/faraday-2.5.2/spec/support/shared_examples/request_method.rb +263 -0
- data/vendor/gems/faraday-2.5.2/spec/support/streaming_response_checker.rb +35 -0
- data/vendor/gems/faraday-net_http-3.0.2/LICENSE.md +21 -0
- data/vendor/gems/faraday-net_http-3.0.2/README.md +57 -0
- data/vendor/gems/faraday-net_http-3.0.2/lib/faraday/adapter/net_http.rb +208 -0
- data/vendor/gems/faraday-net_http-3.0.2/lib/faraday/net_http/version.rb +7 -0
- data/vendor/gems/faraday-net_http-3.0.2/lib/faraday/net_http.rb +10 -0
- data/vendor/gems/faraday-net_http_persistent-2.3.0/LICENSE.md +21 -0
- data/vendor/gems/faraday-net_http_persistent-2.3.0/README.md +66 -0
- data/vendor/gems/faraday-net_http_persistent-2.3.0/lib/faraday/adapter/net_http_persistent.rb +234 -0
- data/vendor/gems/faraday-net_http_persistent-2.3.0/lib/faraday/net_http_persistent/version.rb +7 -0
- data/vendor/gems/faraday-net_http_persistent-2.3.0/lib/faraday/net_http_persistent.rb +18 -0
- data/vendor/gems/faraday-retry-2.0.0/CHANGELOG.md +24 -0
- data/vendor/gems/faraday-retry-2.0.0/LICENSE.md +21 -0
- data/vendor/gems/faraday-retry-2.0.0/README.md +169 -0
- data/vendor/gems/faraday-retry-2.0.0/lib/faraday/retriable_response.rb +8 -0
- data/vendor/gems/faraday-retry-2.0.0/lib/faraday/retry/middleware.rb +254 -0
- data/vendor/gems/faraday-retry-2.0.0/lib/faraday/retry/version.rb +7 -0
- data/vendor/gems/faraday-retry-2.0.0/lib/faraday/retry.rb +13 -0
- data/vendor/gems/net-http-persistent-4.0.5/.autotest +9 -0
- data/vendor/gems/net-http-persistent-4.0.5/.gemtest +0 -0
- data/vendor/gems/net-http-persistent-4.0.5/Gemfile +14 -0
- data/vendor/gems/net-http-persistent-4.0.5/History.txt +460 -0
- data/vendor/gems/net-http-persistent-4.0.5/Manifest.txt +13 -0
- data/vendor/gems/net-http-persistent-4.0.5/README.rdoc +82 -0
- data/vendor/gems/net-http-persistent-4.0.5/Rakefile +25 -0
- data/vendor/gems/net-http-persistent-4.0.5/lib/net/http/persistent/connection.rb +41 -0
- data/vendor/gems/net-http-persistent-4.0.5/lib/net/http/persistent/pool.rb +65 -0
- data/vendor/gems/net-http-persistent-4.0.5/lib/net/http/persistent/timed_stack_multi.rb +79 -0
- data/vendor/gems/net-http-persistent-4.0.5/lib/net/http/persistent.rb +1158 -0
- data/vendor/gems/net-http-persistent-4.0.5/test/test_net_http_persistent.rb +1512 -0
- data/vendor/gems/net-http-persistent-4.0.5/test/test_net_http_persistent_timed_stack_multi.rb +151 -0
- metadata +112 -8
@@ -0,0 +1,1158 @@
|
|
1
|
+
require 'net/http'
|
2
|
+
require 'uri'
|
3
|
+
require 'cgi' # for escaping
|
4
|
+
require 'connection_pool'
|
5
|
+
|
6
|
+
begin
|
7
|
+
require 'net/http/pipeline'
|
8
|
+
rescue LoadError
|
9
|
+
end
|
10
|
+
|
11
|
+
autoload :OpenSSL, 'openssl'
|
12
|
+
|
13
|
+
##
|
14
|
+
# Persistent connections for Net::HTTP
|
15
|
+
#
|
16
|
+
# Net::HTTP::Persistent maintains persistent connections across all the
|
17
|
+
# servers you wish to talk to. For each host:port you communicate with a
|
18
|
+
# single persistent connection is created.
|
19
|
+
#
|
20
|
+
# Connections will be shared across threads through a connection pool to
|
21
|
+
# increase reuse of connections.
|
22
|
+
#
|
23
|
+
# You can shut down any remaining HTTP connections when done by calling
|
24
|
+
# #shutdown.
|
25
|
+
#
|
26
|
+
# Example:
|
27
|
+
#
|
28
|
+
# require 'net/http/persistent'
|
29
|
+
#
|
30
|
+
# uri = URI 'http://example.com/awesome/web/service'
|
31
|
+
#
|
32
|
+
# http = Net::HTTP::Persistent.new
|
33
|
+
#
|
34
|
+
# # perform a GET
|
35
|
+
# response = http.request uri
|
36
|
+
#
|
37
|
+
# # or
|
38
|
+
#
|
39
|
+
# get = Net::HTTP::Get.new uri.request_uri
|
40
|
+
# response = http.request get
|
41
|
+
#
|
42
|
+
# # create a POST
|
43
|
+
# post_uri = uri + 'create'
|
44
|
+
# post = Net::HTTP::Post.new post_uri.path
|
45
|
+
# post.set_form_data 'some' => 'cool data'
|
46
|
+
#
|
47
|
+
# # perform the POST, the URI is always required
|
48
|
+
# response http.request post_uri, post
|
49
|
+
#
|
50
|
+
# Note that for GET, HEAD and other requests that do not have a body you want
|
51
|
+
# to use URI#request_uri not URI#path. The request_uri contains the query
|
52
|
+
# params which are sent in the body for other requests.
|
53
|
+
#
|
54
|
+
# == TLS/SSL
|
55
|
+
#
|
56
|
+
# TLS connections are automatically created depending upon the scheme of the
|
57
|
+
# URI. TLS connections are automatically verified against the default
|
58
|
+
# certificate store for your computer. You can override this by changing
|
59
|
+
# verify_mode or by specifying an alternate cert_store.
|
60
|
+
#
|
61
|
+
# Here are the TLS settings, see the individual methods for documentation:
|
62
|
+
#
|
63
|
+
# #certificate :: This client's certificate
|
64
|
+
# #ca_file :: The certificate-authorities
|
65
|
+
# #ca_path :: Directory with certificate-authorities
|
66
|
+
# #cert_store :: An SSL certificate store
|
67
|
+
# #ciphers :: List of SSl ciphers allowed
|
68
|
+
# #extra_chain_cert :: Extra certificates to be added to the certificate chain
|
69
|
+
# #private_key :: The client's SSL private key
|
70
|
+
# #reuse_ssl_sessions :: Reuse a previously opened SSL session for a new
|
71
|
+
# connection
|
72
|
+
# #ssl_timeout :: Session lifetime
|
73
|
+
# #ssl_version :: Which specific SSL version to use
|
74
|
+
# #verify_callback :: For server certificate verification
|
75
|
+
# #verify_depth :: Depth of certificate verification
|
76
|
+
# #verify_mode :: How connections should be verified
|
77
|
+
# #verify_hostname :: Use hostname verification for server certificate
|
78
|
+
# during the handshake
|
79
|
+
#
|
80
|
+
# == Proxies
|
81
|
+
#
|
82
|
+
# A proxy can be set through #proxy= or at initialization time by providing a
|
83
|
+
# second argument to ::new. The proxy may be the URI of the proxy server or
|
84
|
+
# <code>:ENV</code> which will consult environment variables.
|
85
|
+
#
|
86
|
+
# See #proxy= and #proxy_from_env for details.
|
87
|
+
#
|
88
|
+
# == Headers
|
89
|
+
#
|
90
|
+
# Headers may be specified for use in every request. #headers are appended to
|
91
|
+
# any headers on the request. #override_headers replace existing headers on
|
92
|
+
# the request.
|
93
|
+
#
|
94
|
+
# The difference between the two can be seen in setting the User-Agent. Using
|
95
|
+
# <code>http.headers['User-Agent'] = 'MyUserAgent'</code> will send "Ruby,
|
96
|
+
# MyUserAgent" while <code>http.override_headers['User-Agent'] =
|
97
|
+
# 'MyUserAgent'</code> will send "MyUserAgent".
|
98
|
+
#
|
99
|
+
# == Tuning
|
100
|
+
#
|
101
|
+
# === Segregation
|
102
|
+
#
|
103
|
+
# Each Net::HTTP::Persistent instance has its own pool of connections. There
|
104
|
+
# is no sharing with other instances (as was true in earlier versions).
|
105
|
+
#
|
106
|
+
# === Idle Timeout
|
107
|
+
#
|
108
|
+
# If a connection hasn't been used for this number of seconds it will
|
109
|
+
# automatically be reset upon the next use to avoid attempting to send to a
|
110
|
+
# closed connection. The default value is 5 seconds. nil means no timeout.
|
111
|
+
# Set through #idle_timeout.
|
112
|
+
#
|
113
|
+
# Reducing this value may help avoid the "too many connection resets" error
|
114
|
+
# when sending non-idempotent requests while increasing this value will cause
|
115
|
+
# fewer round-trips.
|
116
|
+
#
|
117
|
+
# === Read Timeout
|
118
|
+
#
|
119
|
+
# The amount of time allowed between reading two chunks from the socket. Set
|
120
|
+
# through #read_timeout
|
121
|
+
#
|
122
|
+
# === Max Requests
|
123
|
+
#
|
124
|
+
# The number of requests that should be made before opening a new connection.
|
125
|
+
# Typically many keep-alive capable servers tune this to 100 or less, so the
|
126
|
+
# 101st request will fail with ECONNRESET. If unset (default), this value has
|
127
|
+
# no effect, if set, connections will be reset on the request after
|
128
|
+
# max_requests.
|
129
|
+
#
|
130
|
+
# === Open Timeout
|
131
|
+
#
|
132
|
+
# The amount of time to wait for a connection to be opened. Set through
|
133
|
+
# #open_timeout.
|
134
|
+
#
|
135
|
+
# === Socket Options
|
136
|
+
#
|
137
|
+
# Socket options may be set on newly-created connections. See #socket_options
|
138
|
+
# for details.
|
139
|
+
#
|
140
|
+
# === Connection Termination
|
141
|
+
#
|
142
|
+
# If you are done using the Net::HTTP::Persistent instance you may shut down
|
143
|
+
# all the connections in the current thread with #shutdown. This is not
|
144
|
+
# recommended for normal use, it should only be used when it will be several
|
145
|
+
# minutes before you make another HTTP request.
|
146
|
+
#
|
147
|
+
# If you are using multiple threads, call #shutdown in each thread when the
|
148
|
+
# thread is done making requests. If you don't call shutdown, that's OK.
|
149
|
+
# Ruby will automatically garbage collect and shutdown your HTTP connections
|
150
|
+
# when the thread terminates.
|
151
|
+
|
152
|
+
class Net::HTTP::Persistent
|
153
|
+
|
154
|
+
##
|
155
|
+
# The beginning of Time
|
156
|
+
|
157
|
+
EPOCH = Time.at 0 # :nodoc:
|
158
|
+
|
159
|
+
##
|
160
|
+
# Is OpenSSL available? This test works with autoload
|
161
|
+
|
162
|
+
HAVE_OPENSSL = defined? OpenSSL::SSL # :nodoc:
|
163
|
+
|
164
|
+
##
|
165
|
+
# The default connection pool size is 1/4 the allowed open files
|
166
|
+
# (<code>ulimit -n</code>) or 256 if your OS does not support file handle
|
167
|
+
# limits (typically windows).
|
168
|
+
|
169
|
+
if Process.const_defined? :RLIMIT_NOFILE
|
170
|
+
open_file_limits = Process.getrlimit(Process::RLIMIT_NOFILE)
|
171
|
+
|
172
|
+
# Under JRuby on Windows Process responds to `getrlimit` but returns something that does not match docs
|
173
|
+
if open_file_limits.respond_to?(:first)
|
174
|
+
DEFAULT_POOL_SIZE = open_file_limits.first / 4
|
175
|
+
else
|
176
|
+
DEFAULT_POOL_SIZE = 256
|
177
|
+
end
|
178
|
+
else
|
179
|
+
DEFAULT_POOL_SIZE = 256
|
180
|
+
end
|
181
|
+
|
182
|
+
##
|
183
|
+
# The version of Net::HTTP::Persistent you are using
|
184
|
+
|
185
|
+
VERSION = '4.0.5'
|
186
|
+
|
187
|
+
##
|
188
|
+
# Error class for errors raised by Net::HTTP::Persistent. Various
|
189
|
+
# SystemCallErrors are re-raised with a human-readable message under this
|
190
|
+
# class.
|
191
|
+
|
192
|
+
class Error < StandardError; end
|
193
|
+
|
194
|
+
##
|
195
|
+
# Use this method to detect the idle timeout of the host at +uri+. The
|
196
|
+
# value returned can be used to configure #idle_timeout. +max+ controls the
|
197
|
+
# maximum idle timeout to detect.
|
198
|
+
#
|
199
|
+
# After
|
200
|
+
#
|
201
|
+
# Idle timeout detection is performed by creating a connection then
|
202
|
+
# performing a HEAD request in a loop until the connection terminates
|
203
|
+
# waiting one additional second per loop.
|
204
|
+
#
|
205
|
+
# NOTE: This may not work on ruby > 1.9.
|
206
|
+
|
207
|
+
def self.detect_idle_timeout uri, max = 10
|
208
|
+
uri = URI uri unless URI::Generic === uri
|
209
|
+
uri += '/'
|
210
|
+
|
211
|
+
req = Net::HTTP::Head.new uri.request_uri
|
212
|
+
|
213
|
+
http = new 'net-http-persistent detect_idle_timeout'
|
214
|
+
|
215
|
+
http.connection_for uri do |connection|
|
216
|
+
sleep_time = 0
|
217
|
+
|
218
|
+
http = connection.http
|
219
|
+
|
220
|
+
loop do
|
221
|
+
response = http.request req
|
222
|
+
|
223
|
+
$stderr.puts "HEAD #{uri} => #{response.code}" if $DEBUG
|
224
|
+
|
225
|
+
unless Net::HTTPOK === response then
|
226
|
+
raise Error, "bad response code #{response.code} detecting idle timeout"
|
227
|
+
end
|
228
|
+
|
229
|
+
break if sleep_time >= max
|
230
|
+
|
231
|
+
sleep_time += 1
|
232
|
+
|
233
|
+
$stderr.puts "sleeping #{sleep_time}" if $DEBUG
|
234
|
+
sleep sleep_time
|
235
|
+
end
|
236
|
+
end
|
237
|
+
rescue
|
238
|
+
# ignore StandardErrors, we've probably found the idle timeout.
|
239
|
+
ensure
|
240
|
+
return sleep_time unless $!
|
241
|
+
end
|
242
|
+
|
243
|
+
##
|
244
|
+
# This client's OpenSSL::X509::Certificate
|
245
|
+
|
246
|
+
attr_reader :certificate
|
247
|
+
|
248
|
+
##
|
249
|
+
# For Net::HTTP parity
|
250
|
+
|
251
|
+
alias cert certificate
|
252
|
+
|
253
|
+
##
|
254
|
+
# An SSL certificate authority. Setting this will set verify_mode to
|
255
|
+
# VERIFY_PEER.
|
256
|
+
|
257
|
+
attr_reader :ca_file
|
258
|
+
|
259
|
+
##
|
260
|
+
# A directory of SSL certificates to be used as certificate authorities.
|
261
|
+
# Setting this will set verify_mode to VERIFY_PEER.
|
262
|
+
|
263
|
+
attr_reader :ca_path
|
264
|
+
|
265
|
+
##
|
266
|
+
# An SSL certificate store. Setting this will override the default
|
267
|
+
# certificate store. See verify_mode for more information.
|
268
|
+
|
269
|
+
attr_reader :cert_store
|
270
|
+
|
271
|
+
##
|
272
|
+
# The ciphers allowed for SSL connections
|
273
|
+
|
274
|
+
attr_reader :ciphers
|
275
|
+
|
276
|
+
##
|
277
|
+
# Extra certificates to be added to the certificate chain
|
278
|
+
|
279
|
+
attr_reader :extra_chain_cert
|
280
|
+
|
281
|
+
##
|
282
|
+
# Sends debug_output to this IO via Net::HTTP#set_debug_output.
|
283
|
+
#
|
284
|
+
# Never use this method in production code, it causes a serious security
|
285
|
+
# hole.
|
286
|
+
|
287
|
+
attr_accessor :debug_output
|
288
|
+
|
289
|
+
##
|
290
|
+
# Current connection generation
|
291
|
+
|
292
|
+
attr_reader :generation # :nodoc:
|
293
|
+
|
294
|
+
##
|
295
|
+
# Headers that are added to every request using Net::HTTP#add_field
|
296
|
+
|
297
|
+
attr_reader :headers
|
298
|
+
|
299
|
+
##
|
300
|
+
# Maps host:port to an HTTP version. This allows us to enable version
|
301
|
+
# specific features.
|
302
|
+
|
303
|
+
attr_reader :http_versions
|
304
|
+
|
305
|
+
##
|
306
|
+
# Maximum time an unused connection can remain idle before being
|
307
|
+
# automatically closed.
|
308
|
+
|
309
|
+
attr_accessor :idle_timeout
|
310
|
+
|
311
|
+
##
|
312
|
+
# Maximum number of requests on a connection before it is considered expired
|
313
|
+
# and automatically closed.
|
314
|
+
|
315
|
+
attr_accessor :max_requests
|
316
|
+
|
317
|
+
##
|
318
|
+
# Number of retries to perform if a request fails.
|
319
|
+
#
|
320
|
+
# See also #max_retries=, Net::HTTP#max_retries=.
|
321
|
+
|
322
|
+
attr_reader :max_retries
|
323
|
+
|
324
|
+
##
|
325
|
+
# The value sent in the Keep-Alive header. Defaults to 30. Not needed for
|
326
|
+
# HTTP/1.1 servers.
|
327
|
+
#
|
328
|
+
# This may not work correctly for HTTP/1.0 servers
|
329
|
+
#
|
330
|
+
# This method may be removed in a future version as RFC 2616 does not
|
331
|
+
# require this header.
|
332
|
+
|
333
|
+
attr_accessor :keep_alive
|
334
|
+
|
335
|
+
##
|
336
|
+
# The name for this collection of persistent connections.
|
337
|
+
|
338
|
+
attr_reader :name
|
339
|
+
|
340
|
+
##
|
341
|
+
# Seconds to wait until a connection is opened. See Net::HTTP#open_timeout
|
342
|
+
|
343
|
+
attr_accessor :open_timeout
|
344
|
+
|
345
|
+
##
|
346
|
+
# Headers that are added to every request using Net::HTTP#[]=
|
347
|
+
|
348
|
+
attr_reader :override_headers
|
349
|
+
|
350
|
+
##
|
351
|
+
# This client's SSL private key
|
352
|
+
|
353
|
+
attr_reader :private_key
|
354
|
+
|
355
|
+
##
|
356
|
+
# For Net::HTTP parity
|
357
|
+
|
358
|
+
alias key private_key
|
359
|
+
|
360
|
+
##
|
361
|
+
# The URL through which requests will be proxied
|
362
|
+
|
363
|
+
attr_reader :proxy_uri
|
364
|
+
|
365
|
+
##
|
366
|
+
# List of host suffixes which will not be proxied
|
367
|
+
|
368
|
+
attr_reader :no_proxy
|
369
|
+
|
370
|
+
##
|
371
|
+
# Test-only accessor for the connection pool
|
372
|
+
|
373
|
+
attr_reader :pool # :nodoc:
|
374
|
+
|
375
|
+
##
|
376
|
+
# Seconds to wait until reading one block. See Net::HTTP#read_timeout
|
377
|
+
|
378
|
+
attr_accessor :read_timeout
|
379
|
+
|
380
|
+
##
|
381
|
+
# Seconds to wait until writing one block. See Net::HTTP#write_timeout
|
382
|
+
|
383
|
+
attr_accessor :write_timeout
|
384
|
+
|
385
|
+
##
|
386
|
+
# By default SSL sessions are reused to avoid extra SSL handshakes. Set
|
387
|
+
# this to false if you have problems communicating with an HTTPS server
|
388
|
+
# like:
|
389
|
+
#
|
390
|
+
# SSL_connect [...] read finished A: unexpected message (OpenSSL::SSL::SSLError)
|
391
|
+
|
392
|
+
attr_accessor :reuse_ssl_sessions
|
393
|
+
|
394
|
+
##
|
395
|
+
# An array of options for Socket#setsockopt.
|
396
|
+
#
|
397
|
+
# By default the TCP_NODELAY option is set on sockets.
|
398
|
+
#
|
399
|
+
# To set additional options append them to this array:
|
400
|
+
#
|
401
|
+
# http.socket_options << [Socket::SOL_SOCKET, Socket::SO_KEEPALIVE, 1]
|
402
|
+
|
403
|
+
attr_reader :socket_options
|
404
|
+
|
405
|
+
##
|
406
|
+
# Current SSL connection generation
|
407
|
+
|
408
|
+
attr_reader :ssl_generation # :nodoc:
|
409
|
+
|
410
|
+
##
|
411
|
+
# SSL session lifetime
|
412
|
+
|
413
|
+
attr_reader :ssl_timeout
|
414
|
+
|
415
|
+
##
|
416
|
+
# SSL version to use.
|
417
|
+
#
|
418
|
+
# By default, the version will be negotiated automatically between client
|
419
|
+
# and server. Ruby 1.9 and newer only. Deprecated since Ruby 2.5.
|
420
|
+
|
421
|
+
attr_reader :ssl_version
|
422
|
+
|
423
|
+
##
|
424
|
+
# Minimum SSL version to use, e.g. :TLS1_1
|
425
|
+
#
|
426
|
+
# By default, the version will be negotiated automatically between client
|
427
|
+
# and server. Ruby 2.5 and newer only.
|
428
|
+
|
429
|
+
attr_reader :min_version
|
430
|
+
|
431
|
+
##
|
432
|
+
# Maximum SSL version to use, e.g. :TLS1_2
|
433
|
+
#
|
434
|
+
# By default, the version will be negotiated automatically between client
|
435
|
+
# and server. Ruby 2.5 and newer only.
|
436
|
+
|
437
|
+
attr_reader :max_version
|
438
|
+
|
439
|
+
##
|
440
|
+
# Where this instance's last-use times live in the thread local variables
|
441
|
+
|
442
|
+
attr_reader :timeout_key # :nodoc:
|
443
|
+
|
444
|
+
##
|
445
|
+
# SSL verification callback. Used when ca_file or ca_path is set.
|
446
|
+
|
447
|
+
attr_reader :verify_callback
|
448
|
+
|
449
|
+
##
|
450
|
+
# Sets the depth of SSL certificate verification
|
451
|
+
|
452
|
+
attr_reader :verify_depth
|
453
|
+
|
454
|
+
##
|
455
|
+
# HTTPS verify mode. Defaults to OpenSSL::SSL::VERIFY_PEER which verifies
|
456
|
+
# the server certificate.
|
457
|
+
#
|
458
|
+
# If no ca_file, ca_path or cert_store is set the default system certificate
|
459
|
+
# store is used.
|
460
|
+
#
|
461
|
+
# You can use +verify_mode+ to override any default values.
|
462
|
+
|
463
|
+
attr_reader :verify_mode
|
464
|
+
|
465
|
+
##
|
466
|
+
# HTTPS verify_hostname.
|
467
|
+
#
|
468
|
+
# If a client sets this to true and enables SNI with SSLSocket#hostname=,
|
469
|
+
# the hostname verification on the server certificate is performed
|
470
|
+
# automatically during the handshake using
|
471
|
+
# OpenSSL::SSL.verify_certificate_identity().
|
472
|
+
#
|
473
|
+
# You can set +verify_hostname+ as true to use hostname verification
|
474
|
+
# during the handshake.
|
475
|
+
#
|
476
|
+
# NOTE: This works with Ruby > 3.0.
|
477
|
+
|
478
|
+
attr_reader :verify_hostname
|
479
|
+
|
480
|
+
##
|
481
|
+
# Creates a new Net::HTTP::Persistent.
|
482
|
+
#
|
483
|
+
# Set a +name+ for fun. Your library name should be good enough, but this
|
484
|
+
# otherwise has no purpose.
|
485
|
+
#
|
486
|
+
# +proxy+ may be set to a URI::HTTP or :ENV to pick up proxy options from
|
487
|
+
# the environment. See proxy_from_env for details.
|
488
|
+
#
|
489
|
+
# In order to use a URI for the proxy you may need to do some extra work
|
490
|
+
# beyond URI parsing if the proxy requires a password:
|
491
|
+
#
|
492
|
+
# proxy = URI 'http://proxy.example'
|
493
|
+
# proxy.user = 'AzureDiamond'
|
494
|
+
# proxy.password = 'hunter2'
|
495
|
+
#
|
496
|
+
# Set +pool_size+ to limit the maximum number of connections allowed.
|
497
|
+
# Defaults to 1/4 the number of allowed file handles or 256 if your OS does
|
498
|
+
# not support a limit on allowed file handles. You can have no more than
|
499
|
+
# this many threads with active HTTP transactions.
|
500
|
+
|
501
|
+
def initialize name: nil, proxy: nil, pool_size: DEFAULT_POOL_SIZE
|
502
|
+
@name = name
|
503
|
+
|
504
|
+
@debug_output = nil
|
505
|
+
@proxy_uri = nil
|
506
|
+
@no_proxy = []
|
507
|
+
@headers = {}
|
508
|
+
@override_headers = {}
|
509
|
+
@http_versions = {}
|
510
|
+
@keep_alive = 30
|
511
|
+
@open_timeout = nil
|
512
|
+
@read_timeout = nil
|
513
|
+
@write_timeout = nil
|
514
|
+
@idle_timeout = 5
|
515
|
+
@max_requests = nil
|
516
|
+
@max_retries = 1
|
517
|
+
@socket_options = []
|
518
|
+
@ssl_generation = 0 # incremented when SSL session variables change
|
519
|
+
|
520
|
+
@socket_options << [Socket::IPPROTO_TCP, Socket::TCP_NODELAY, 1] if
|
521
|
+
Socket.const_defined? :TCP_NODELAY
|
522
|
+
|
523
|
+
@pool = Net::HTTP::Persistent::Pool.new size: pool_size do |http_args|
|
524
|
+
Net::HTTP::Persistent::Connection.new Net::HTTP, http_args, @ssl_generation
|
525
|
+
end
|
526
|
+
|
527
|
+
@certificate = nil
|
528
|
+
@ca_file = nil
|
529
|
+
@ca_path = nil
|
530
|
+
@ciphers = nil
|
531
|
+
@private_key = nil
|
532
|
+
@ssl_timeout = nil
|
533
|
+
@ssl_version = nil
|
534
|
+
@min_version = nil
|
535
|
+
@max_version = nil
|
536
|
+
@verify_callback = nil
|
537
|
+
@verify_depth = nil
|
538
|
+
@verify_mode = nil
|
539
|
+
@verify_hostname = nil
|
540
|
+
@cert_store = nil
|
541
|
+
|
542
|
+
@generation = 0 # incremented when proxy URI changes
|
543
|
+
|
544
|
+
if HAVE_OPENSSL then
|
545
|
+
@verify_mode = OpenSSL::SSL::VERIFY_PEER
|
546
|
+
@reuse_ssl_sessions = OpenSSL::SSL.const_defined? :Session
|
547
|
+
end
|
548
|
+
|
549
|
+
self.proxy = proxy if proxy
|
550
|
+
end
|
551
|
+
|
552
|
+
##
|
553
|
+
# Sets this client's OpenSSL::X509::Certificate
|
554
|
+
|
555
|
+
def certificate= certificate
|
556
|
+
@certificate = certificate
|
557
|
+
|
558
|
+
reconnect_ssl
|
559
|
+
end
|
560
|
+
|
561
|
+
# For Net::HTTP parity
|
562
|
+
alias cert= certificate=
|
563
|
+
|
564
|
+
##
|
565
|
+
# Sets the SSL certificate authority file.
|
566
|
+
|
567
|
+
def ca_file= file
|
568
|
+
@ca_file = file
|
569
|
+
|
570
|
+
reconnect_ssl
|
571
|
+
end
|
572
|
+
|
573
|
+
##
|
574
|
+
# Sets the SSL certificate authority path.
|
575
|
+
|
576
|
+
def ca_path= path
|
577
|
+
@ca_path = path
|
578
|
+
|
579
|
+
reconnect_ssl
|
580
|
+
end
|
581
|
+
|
582
|
+
##
|
583
|
+
# Overrides the default SSL certificate store used for verifying
|
584
|
+
# connections.
|
585
|
+
|
586
|
+
def cert_store= store
|
587
|
+
@cert_store = store
|
588
|
+
|
589
|
+
reconnect_ssl
|
590
|
+
end
|
591
|
+
|
592
|
+
##
|
593
|
+
# The ciphers allowed for SSL connections
|
594
|
+
|
595
|
+
def ciphers= ciphers
|
596
|
+
@ciphers = ciphers
|
597
|
+
|
598
|
+
reconnect_ssl
|
599
|
+
end
|
600
|
+
|
601
|
+
if Net::HTTP.method_defined?(:extra_chain_cert=)
|
602
|
+
##
|
603
|
+
# Extra certificates to be added to the certificate chain.
|
604
|
+
# It is only supported starting from Net::HTTP version 0.1.1
|
605
|
+
def extra_chain_cert= extra_chain_cert
|
606
|
+
@extra_chain_cert = extra_chain_cert
|
607
|
+
|
608
|
+
reconnect_ssl
|
609
|
+
end
|
610
|
+
else
|
611
|
+
def extra_chain_cert= _extra_chain_cert
|
612
|
+
raise "extra_chain_cert= is not supported by this version of Net::HTTP"
|
613
|
+
end
|
614
|
+
end
|
615
|
+
|
616
|
+
##
|
617
|
+
# Creates a new connection for +uri+
|
618
|
+
|
619
|
+
def connection_for uri
|
620
|
+
use_ssl = uri.scheme.downcase == 'https'
|
621
|
+
|
622
|
+
net_http_args = [uri.hostname, uri.port]
|
623
|
+
|
624
|
+
# I'm unsure if uri.host or uri.hostname should be checked against
|
625
|
+
# the proxy bypass list.
|
626
|
+
if @proxy_uri and not proxy_bypass? uri.host, uri.port then
|
627
|
+
net_http_args.concat @proxy_args
|
628
|
+
else
|
629
|
+
net_http_args.concat [nil, nil, nil, nil]
|
630
|
+
end
|
631
|
+
|
632
|
+
connection = @pool.checkout net_http_args
|
633
|
+
|
634
|
+
http = connection.http
|
635
|
+
|
636
|
+
connection.ressl @ssl_generation if
|
637
|
+
connection.ssl_generation != @ssl_generation
|
638
|
+
|
639
|
+
if not http.started? then
|
640
|
+
ssl http if use_ssl
|
641
|
+
start http
|
642
|
+
elsif expired? connection then
|
643
|
+
reset connection
|
644
|
+
end
|
645
|
+
|
646
|
+
http.keep_alive_timeout = @idle_timeout if @idle_timeout
|
647
|
+
http.max_retries = @max_retries if http.respond_to?(:max_retries=)
|
648
|
+
http.read_timeout = @read_timeout if @read_timeout
|
649
|
+
http.write_timeout = @write_timeout if
|
650
|
+
@write_timeout && http.respond_to?(:write_timeout=)
|
651
|
+
|
652
|
+
return yield connection
|
653
|
+
rescue Errno::ECONNREFUSED
|
654
|
+
if http.proxy?
|
655
|
+
address = http.proxy_address
|
656
|
+
port = http.proxy_port
|
657
|
+
else
|
658
|
+
address = http.address
|
659
|
+
port = http.port
|
660
|
+
end
|
661
|
+
|
662
|
+
raise Error, "connection refused: #{address}:#{port}"
|
663
|
+
rescue Errno::EHOSTDOWN
|
664
|
+
if http.proxy?
|
665
|
+
address = http.proxy_address
|
666
|
+
port = http.proxy_port
|
667
|
+
else
|
668
|
+
address = http.address
|
669
|
+
port = http.port
|
670
|
+
end
|
671
|
+
|
672
|
+
raise Error, "host down: #{address}:#{port}"
|
673
|
+
ensure
|
674
|
+
@pool.checkin net_http_args
|
675
|
+
end
|
676
|
+
|
677
|
+
##
|
678
|
+
# CGI::escape wrapper
|
679
|
+
|
680
|
+
def escape str
|
681
|
+
CGI.escape str if str
|
682
|
+
end
|
683
|
+
|
684
|
+
##
|
685
|
+
# CGI::unescape wrapper
|
686
|
+
|
687
|
+
def unescape str
|
688
|
+
CGI.unescape str if str
|
689
|
+
end
|
690
|
+
|
691
|
+
|
692
|
+
##
|
693
|
+
# Returns true if the connection should be reset due to an idle timeout, or
|
694
|
+
# maximum request count, false otherwise.
|
695
|
+
|
696
|
+
def expired? connection
|
697
|
+
return true if @max_requests && connection.requests >= @max_requests
|
698
|
+
return false unless @idle_timeout
|
699
|
+
return true if @idle_timeout.zero?
|
700
|
+
|
701
|
+
Time.now - connection.last_use > @idle_timeout
|
702
|
+
end
|
703
|
+
|
704
|
+
##
|
705
|
+
# Starts the Net::HTTP +connection+
|
706
|
+
|
707
|
+
def start http
|
708
|
+
http.set_debug_output @debug_output if @debug_output
|
709
|
+
http.open_timeout = @open_timeout if @open_timeout
|
710
|
+
|
711
|
+
http.start
|
712
|
+
|
713
|
+
socket = http.instance_variable_get :@socket
|
714
|
+
|
715
|
+
if socket then # for fakeweb
|
716
|
+
@socket_options.each do |option|
|
717
|
+
socket.io.setsockopt(*option)
|
718
|
+
end
|
719
|
+
end
|
720
|
+
end
|
721
|
+
|
722
|
+
##
|
723
|
+
# Finishes the Net::HTTP +connection+
|
724
|
+
|
725
|
+
def finish connection
|
726
|
+
connection.finish
|
727
|
+
|
728
|
+
connection.http.instance_variable_set :@last_communicated, nil
|
729
|
+
connection.http.instance_variable_set :@ssl_session, nil unless
|
730
|
+
@reuse_ssl_sessions
|
731
|
+
end
|
732
|
+
|
733
|
+
##
|
734
|
+
# Returns the HTTP protocol version for +uri+
|
735
|
+
|
736
|
+
def http_version uri
|
737
|
+
@http_versions["#{uri.hostname}:#{uri.port}"]
|
738
|
+
end
|
739
|
+
|
740
|
+
##
|
741
|
+
# Adds "http://" to the String +uri+ if it is missing.
|
742
|
+
|
743
|
+
def normalize_uri uri
|
744
|
+
(uri =~ /^https?:/) ? uri : "http://#{uri}"
|
745
|
+
end
|
746
|
+
|
747
|
+
##
|
748
|
+
# Set the maximum number of retries for a request.
|
749
|
+
#
|
750
|
+
# Defaults to one retry.
|
751
|
+
#
|
752
|
+
# Set this to 0 to disable retries.
|
753
|
+
|
754
|
+
def max_retries= retries
|
755
|
+
retries = retries.to_int
|
756
|
+
|
757
|
+
raise ArgumentError, "max_retries must be positive" if retries < 0
|
758
|
+
|
759
|
+
@max_retries = retries
|
760
|
+
|
761
|
+
reconnect
|
762
|
+
end
|
763
|
+
|
764
|
+
##
|
765
|
+
# Pipelines +requests+ to the HTTP server at +uri+ yielding responses if a
|
766
|
+
# block is given. Returns all responses received.
|
767
|
+
#
|
768
|
+
# See
|
769
|
+
# Net::HTTP::Pipeline[https://rdoc.info/gems/net-http-pipeline/Net/HTTP/Pipeline]
|
770
|
+
# for further details.
|
771
|
+
#
|
772
|
+
# Only if <tt>net-http-pipeline</tt> was required before
|
773
|
+
# <tt>net-http-persistent</tt> #pipeline will be present.
|
774
|
+
|
775
|
+
def pipeline uri, requests, &block # :yields: responses
|
776
|
+
connection_for uri do |connection|
|
777
|
+
connection.http.pipeline requests, &block
|
778
|
+
end
|
779
|
+
end
|
780
|
+
|
781
|
+
##
|
782
|
+
# Sets this client's SSL private key
|
783
|
+
|
784
|
+
def private_key= key
|
785
|
+
@private_key = key
|
786
|
+
|
787
|
+
reconnect_ssl
|
788
|
+
end
|
789
|
+
|
790
|
+
# For Net::HTTP parity
|
791
|
+
alias key= private_key=
|
792
|
+
|
793
|
+
##
|
794
|
+
# Sets the proxy server. The +proxy+ may be the URI of the proxy server,
|
795
|
+
# the symbol +:ENV+ which will read the proxy from the environment or nil to
|
796
|
+
# disable use of a proxy. See #proxy_from_env for details on setting the
|
797
|
+
# proxy from the environment.
|
798
|
+
#
|
799
|
+
# If the proxy URI is set after requests have been made, the next request
|
800
|
+
# will shut-down and re-open all connections.
|
801
|
+
#
|
802
|
+
# The +no_proxy+ query parameter can be used to specify hosts which shouldn't
|
803
|
+
# be reached via proxy; if set it should be a comma separated list of
|
804
|
+
# hostname suffixes, optionally with +:port+ appended, for example
|
805
|
+
# <tt>example.com,some.host:8080</tt>.
|
806
|
+
|
807
|
+
def proxy= proxy
|
808
|
+
@proxy_uri = case proxy
|
809
|
+
when :ENV then proxy_from_env
|
810
|
+
when URI::HTTP then proxy
|
811
|
+
when nil then # ignore
|
812
|
+
else raise ArgumentError, 'proxy must be :ENV or a URI::HTTP'
|
813
|
+
end
|
814
|
+
|
815
|
+
@no_proxy.clear
|
816
|
+
|
817
|
+
if @proxy_uri then
|
818
|
+
@proxy_args = [
|
819
|
+
@proxy_uri.hostname,
|
820
|
+
@proxy_uri.port,
|
821
|
+
unescape(@proxy_uri.user),
|
822
|
+
unescape(@proxy_uri.password),
|
823
|
+
]
|
824
|
+
|
825
|
+
@proxy_connection_id = [nil, *@proxy_args].join ':'
|
826
|
+
|
827
|
+
if @proxy_uri.query then
|
828
|
+
@no_proxy = CGI.parse(@proxy_uri.query)['no_proxy'].join(',').downcase.split(',').map { |x| x.strip }.reject { |x| x.empty? }
|
829
|
+
end
|
830
|
+
end
|
831
|
+
|
832
|
+
reconnect
|
833
|
+
reconnect_ssl
|
834
|
+
end
|
835
|
+
|
836
|
+
##
|
837
|
+
# Creates a URI for an HTTP proxy server from ENV variables.
|
838
|
+
#
|
839
|
+
# If +HTTP_PROXY+ is set a proxy will be returned.
|
840
|
+
#
|
841
|
+
# If +HTTP_PROXY_USER+ or +HTTP_PROXY_PASS+ are set the URI is given the
|
842
|
+
# indicated user and password unless HTTP_PROXY contains either of these in
|
843
|
+
# the URI.
|
844
|
+
#
|
845
|
+
# The +NO_PROXY+ ENV variable can be used to specify hosts which shouldn't
|
846
|
+
# be reached via proxy; if set it should be a comma separated list of
|
847
|
+
# hostname suffixes, optionally with +:port+ appended, for example
|
848
|
+
# <tt>example.com,some.host:8080</tt>. When set to <tt>*</tt> no proxy will
|
849
|
+
# be returned.
|
850
|
+
#
|
851
|
+
# For Windows users, lowercase ENV variables are preferred over uppercase ENV
|
852
|
+
# variables.
|
853
|
+
|
854
|
+
def proxy_from_env
|
855
|
+
env_proxy = ENV['http_proxy'] || ENV['HTTP_PROXY']
|
856
|
+
|
857
|
+
return nil if env_proxy.nil? or env_proxy.empty?
|
858
|
+
|
859
|
+
uri = URI normalize_uri env_proxy
|
860
|
+
|
861
|
+
env_no_proxy = ENV['no_proxy'] || ENV['NO_PROXY']
|
862
|
+
|
863
|
+
# '*' is special case for always bypass
|
864
|
+
return nil if env_no_proxy == '*'
|
865
|
+
|
866
|
+
if env_no_proxy then
|
867
|
+
uri.query = "no_proxy=#{escape(env_no_proxy)}"
|
868
|
+
end
|
869
|
+
|
870
|
+
unless uri.user or uri.password then
|
871
|
+
uri.user = escape ENV['http_proxy_user'] || ENV['HTTP_PROXY_USER']
|
872
|
+
uri.password = escape ENV['http_proxy_pass'] || ENV['HTTP_PROXY_PASS']
|
873
|
+
end
|
874
|
+
|
875
|
+
uri
|
876
|
+
end
|
877
|
+
|
878
|
+
##
|
879
|
+
# Returns true when proxy should by bypassed for host.
|
880
|
+
|
881
|
+
def proxy_bypass? host, port
|
882
|
+
host = host.downcase
|
883
|
+
host_port = [host, port].join ':'
|
884
|
+
|
885
|
+
@no_proxy.each do |name|
|
886
|
+
return true if host[-name.length, name.length] == name or
|
887
|
+
host_port[-name.length, name.length] == name
|
888
|
+
end
|
889
|
+
|
890
|
+
false
|
891
|
+
end
|
892
|
+
|
893
|
+
##
|
894
|
+
# Forces reconnection of all HTTP connections, including TLS/SSL
|
895
|
+
# connections.
|
896
|
+
|
897
|
+
def reconnect
|
898
|
+
@generation += 1
|
899
|
+
end
|
900
|
+
|
901
|
+
##
|
902
|
+
# Forces reconnection of only TLS/SSL connections.
|
903
|
+
|
904
|
+
def reconnect_ssl
|
905
|
+
@ssl_generation += 1
|
906
|
+
end
|
907
|
+
|
908
|
+
##
|
909
|
+
# Finishes then restarts the Net::HTTP +connection+
|
910
|
+
|
911
|
+
def reset connection
|
912
|
+
http = connection.http
|
913
|
+
|
914
|
+
finish connection
|
915
|
+
|
916
|
+
start http
|
917
|
+
rescue Errno::ECONNREFUSED
|
918
|
+
e = Error.new "connection refused: #{http.address}:#{http.port}"
|
919
|
+
e.set_backtrace $@
|
920
|
+
raise e
|
921
|
+
rescue Errno::EHOSTDOWN
|
922
|
+
e = Error.new "host down: #{http.address}:#{http.port}"
|
923
|
+
e.set_backtrace $@
|
924
|
+
raise e
|
925
|
+
end
|
926
|
+
|
927
|
+
##
|
928
|
+
# Makes a request on +uri+. If +req+ is nil a Net::HTTP::Get is performed
|
929
|
+
# against +uri+.
|
930
|
+
#
|
931
|
+
# If a block is passed #request behaves like Net::HTTP#request (the body of
|
932
|
+
# the response will not have been read).
|
933
|
+
#
|
934
|
+
# +req+ must be a Net::HTTPGenericRequest subclass (see Net::HTTP for a list).
|
935
|
+
|
936
|
+
def request uri, req = nil, &block
|
937
|
+
uri = URI uri
|
938
|
+
req = request_setup req || uri
|
939
|
+
response = nil
|
940
|
+
|
941
|
+
connection_for uri do |connection|
|
942
|
+
http = connection.http
|
943
|
+
|
944
|
+
begin
|
945
|
+
connection.requests += 1
|
946
|
+
|
947
|
+
response = http.request req, &block
|
948
|
+
|
949
|
+
if req.connection_close? or
|
950
|
+
(response.http_version <= '1.0' and
|
951
|
+
not response.connection_keep_alive?) or
|
952
|
+
response.connection_close? then
|
953
|
+
finish connection
|
954
|
+
end
|
955
|
+
rescue Exception # make sure to close the connection when it was interrupted
|
956
|
+
finish connection
|
957
|
+
|
958
|
+
raise
|
959
|
+
ensure
|
960
|
+
connection.last_use = Time.now
|
961
|
+
end
|
962
|
+
end
|
963
|
+
|
964
|
+
@http_versions["#{uri.hostname}:#{uri.port}"] ||= response.http_version
|
965
|
+
|
966
|
+
response
|
967
|
+
end
|
968
|
+
|
969
|
+
##
|
970
|
+
# Creates a GET request if +req_or_uri+ is a URI and adds headers to the
|
971
|
+
# request.
|
972
|
+
#
|
973
|
+
# Returns the request.
|
974
|
+
|
975
|
+
def request_setup req_or_uri # :nodoc:
|
976
|
+
req = if req_or_uri.respond_to? 'request_uri' then
|
977
|
+
Net::HTTP::Get.new req_or_uri.request_uri
|
978
|
+
else
|
979
|
+
req_or_uri
|
980
|
+
end
|
981
|
+
|
982
|
+
@headers.each do |pair|
|
983
|
+
req.add_field(*pair)
|
984
|
+
end
|
985
|
+
|
986
|
+
@override_headers.each do |name, value|
|
987
|
+
req[name] = value
|
988
|
+
end
|
989
|
+
|
990
|
+
unless req['Connection'] then
|
991
|
+
req.add_field 'Connection', 'keep-alive'
|
992
|
+
req.add_field 'Keep-Alive', @keep_alive
|
993
|
+
end
|
994
|
+
|
995
|
+
req
|
996
|
+
end
|
997
|
+
|
998
|
+
##
|
999
|
+
# Shuts down all connections
|
1000
|
+
#
|
1001
|
+
# *NOTE*: Calling shutdown for can be dangerous!
|
1002
|
+
#
|
1003
|
+
# If any thread is still using a connection it may cause an error! Call
|
1004
|
+
# #shutdown when you are completely done making requests!
|
1005
|
+
|
1006
|
+
def shutdown
|
1007
|
+
@pool.shutdown { |http| http.finish }
|
1008
|
+
end
|
1009
|
+
|
1010
|
+
##
|
1011
|
+
# Enables SSL on +connection+
|
1012
|
+
|
1013
|
+
def ssl connection
|
1014
|
+
connection.use_ssl = true
|
1015
|
+
|
1016
|
+
connection.ciphers = @ciphers if @ciphers
|
1017
|
+
connection.ssl_timeout = @ssl_timeout if @ssl_timeout
|
1018
|
+
connection.ssl_version = @ssl_version if @ssl_version
|
1019
|
+
connection.min_version = @min_version if @min_version
|
1020
|
+
connection.max_version = @max_version if @max_version
|
1021
|
+
|
1022
|
+
connection.verify_depth = @verify_depth
|
1023
|
+
connection.verify_mode = @verify_mode
|
1024
|
+
connection.verify_hostname = @verify_hostname if
|
1025
|
+
@verify_hostname != nil && connection.respond_to?(:verify_hostname=)
|
1026
|
+
|
1027
|
+
if OpenSSL::SSL::VERIFY_PEER == OpenSSL::SSL::VERIFY_NONE and
|
1028
|
+
not Object.const_defined?(:I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG) then
|
1029
|
+
warn <<-WARNING
|
1030
|
+
!!!SECURITY WARNING!!!
|
1031
|
+
|
1032
|
+
The SSL HTTP connection to:
|
1033
|
+
|
1034
|
+
#{connection.address}:#{connection.port}
|
1035
|
+
|
1036
|
+
!!!MAY NOT BE VERIFIED!!!
|
1037
|
+
|
1038
|
+
On your platform your OpenSSL implementation is broken.
|
1039
|
+
|
1040
|
+
There is no difference between the values of VERIFY_NONE and VERIFY_PEER.
|
1041
|
+
|
1042
|
+
This means that attempting to verify the security of SSL connections may not
|
1043
|
+
work. This exposes you to man-in-the-middle exploits, snooping on the
|
1044
|
+
contents of your connection and other dangers to the security of your data.
|
1045
|
+
|
1046
|
+
To disable this warning define the following constant at top-level in your
|
1047
|
+
application:
|
1048
|
+
|
1049
|
+
I_KNOW_THAT_OPENSSL_VERIFY_PEER_EQUALS_VERIFY_NONE_IS_WRONG = nil
|
1050
|
+
|
1051
|
+
WARNING
|
1052
|
+
end
|
1053
|
+
|
1054
|
+
connection.ca_file = @ca_file if @ca_file
|
1055
|
+
connection.ca_path = @ca_path if @ca_path
|
1056
|
+
|
1057
|
+
if @ca_file or @ca_path then
|
1058
|
+
connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
1059
|
+
connection.verify_callback = @verify_callback if @verify_callback
|
1060
|
+
end
|
1061
|
+
|
1062
|
+
if @certificate and @private_key then
|
1063
|
+
connection.cert = @certificate
|
1064
|
+
connection.key = @private_key
|
1065
|
+
end
|
1066
|
+
|
1067
|
+
if defined?(@extra_chain_cert) and @extra_chain_cert
|
1068
|
+
connection.extra_chain_cert = @extra_chain_cert
|
1069
|
+
end
|
1070
|
+
|
1071
|
+
connection.cert_store = if @cert_store then
|
1072
|
+
@cert_store
|
1073
|
+
else
|
1074
|
+
store = OpenSSL::X509::Store.new
|
1075
|
+
store.set_default_paths
|
1076
|
+
store
|
1077
|
+
end
|
1078
|
+
end
|
1079
|
+
|
1080
|
+
##
|
1081
|
+
# SSL session lifetime
|
1082
|
+
|
1083
|
+
def ssl_timeout= ssl_timeout
|
1084
|
+
@ssl_timeout = ssl_timeout
|
1085
|
+
|
1086
|
+
reconnect_ssl
|
1087
|
+
end
|
1088
|
+
|
1089
|
+
##
|
1090
|
+
# SSL version to use
|
1091
|
+
|
1092
|
+
def ssl_version= ssl_version
|
1093
|
+
@ssl_version = ssl_version
|
1094
|
+
|
1095
|
+
reconnect_ssl
|
1096
|
+
end
|
1097
|
+
|
1098
|
+
##
|
1099
|
+
# Minimum SSL version to use
|
1100
|
+
|
1101
|
+
def min_version= min_version
|
1102
|
+
@min_version = min_version
|
1103
|
+
|
1104
|
+
reconnect_ssl
|
1105
|
+
end
|
1106
|
+
|
1107
|
+
##
|
1108
|
+
# maximum SSL version to use
|
1109
|
+
|
1110
|
+
def max_version= max_version
|
1111
|
+
@max_version = max_version
|
1112
|
+
|
1113
|
+
reconnect_ssl
|
1114
|
+
end
|
1115
|
+
|
1116
|
+
##
|
1117
|
+
# Sets the depth of SSL certificate verification
|
1118
|
+
|
1119
|
+
def verify_depth= verify_depth
|
1120
|
+
@verify_depth = verify_depth
|
1121
|
+
|
1122
|
+
reconnect_ssl
|
1123
|
+
end
|
1124
|
+
|
1125
|
+
##
|
1126
|
+
# Sets the HTTPS verify mode. Defaults to OpenSSL::SSL::VERIFY_PEER.
|
1127
|
+
#
|
1128
|
+
# Setting this to VERIFY_NONE is a VERY BAD IDEA and should NEVER be used.
|
1129
|
+
# Securely transfer the correct certificate and update the default
|
1130
|
+
# certificate store or set the ca file instead.
|
1131
|
+
|
1132
|
+
def verify_mode= verify_mode
|
1133
|
+
@verify_mode = verify_mode
|
1134
|
+
|
1135
|
+
reconnect_ssl
|
1136
|
+
end
|
1137
|
+
|
1138
|
+
##
|
1139
|
+
# Sets the HTTPS verify_hostname.
|
1140
|
+
|
1141
|
+
def verify_hostname= verify_hostname
|
1142
|
+
@verify_hostname = verify_hostname
|
1143
|
+
|
1144
|
+
reconnect_ssl
|
1145
|
+
end
|
1146
|
+
|
1147
|
+
##
|
1148
|
+
# SSL verification callback.
|
1149
|
+
|
1150
|
+
def verify_callback= callback
|
1151
|
+
@verify_callback = callback
|
1152
|
+
|
1153
|
+
reconnect_ssl
|
1154
|
+
end
|
1155
|
+
end
|
1156
|
+
|
1157
|
+
require_relative 'persistent/connection'
|
1158
|
+
require_relative 'persistent/pool'
|