A Lock source wraps an installed gem’s source and sorts before other sources during dependency resolution. This allows RubyGems to prefer gems from dependency lock files.
An object representation of a stack frame, initialized by Kernel#caller_locations.
For example:
# caller_locations.rb def a(skip) caller_locations(skip) end def b(skip) a(skip) end def c(skip) b(skip) end c(0..2).map do |call| puts call.to_s end
Running ruby caller_locations.rb will produce:
caller_locations.rb:2:in `a' caller_locations.rb:5:in `b' caller_locations.rb:8:in `c'
Here’s another example with a slightly different result:
# foo.rb class Foo attr_accessor :locations def initialize(skip) @locations = caller_locations(skip) end end Foo.new(0..2).locations.map do |call| puts call.to_s end
Now run ruby foo.rb and you should see:
init.rb:4:in `initialize' init.rb:8:in `new' init.rb:8:in `<main>'
A StoreContext is used while validating a single certificate and holds the status involved.
Immutable and read-only representation of a timestamp token info from a Response.
Used to generate a Response from scratch.
Please bear in mind that the implementation will always apply and prefer the policy object identifier given in the request over the default policy id specified in the Factory. As a consequence, default_policy_id will only be applied if no Request#policy_id was given. But this also means that one needs to check the policy identifier in the request manually before creating the Response, e.g. to check whether it complies to a specific set of acceptable policies.
There exists also the possibility to add certificates (instances of OpenSSL::X509::Certificate) besides the timestamping certificate that will be included in the resulting timestamp token if Request#cert_requested? is true. Ideally, one would also include any intermediate certificates (the root certificate can be left out - in order to trust it any verifying party will have to be in its possession anyway). This simplifies validation of the timestamp since these intermediate certificates are “already there” and need not be passed as external parameters to Response#verify anymore, thus minimizing external resources needed for verification.
Assume we received a timestamp request that has set Request#policy_id to nil and Request#cert_requested? to true. The raw request bytes are stored in a variable called req_raw. We’d still like to integrate the necessary intermediate certificates (in inter1.cer and inter2.cer) to simplify validation of the resulting Response. ts.p12 is a PKCS#12-compatible file including the private key and the timestamping certificate.
req = OpenSSL::Timestamp::Request.new(raw_bytes) p12 = OpenSSL::PKCS12.new(File.binread('ts.p12'), 'pwd') inter1 = OpenSSL::X509::Certificate.new(File.binread('inter1.cer')) inter2 = OpenSSL::X509::Certificate.new(File.binread('inter2.cer')) fac = OpenSSL::Timestamp::Factory.new fac.gen_time = Time.now fac.serial_number = 1 fac.allowed_digests = ["sha256", "sha384", "sha512"] #needed because the Request contained no policy identifier fac.default_policy_id = '1.2.3.4.5' fac.additional_certificates = [ inter1, inter2 ] timestamp = fac.create_timestamp(p12.key, p12.certificate, req)
default_policy_id Request#policy_id will always be preferred over this if present in the Request, only if Request#policy_id is nil default_policy will be used. If none of both is present, a TimestampError will be raised when trying to create a Response.
call-seq:
factory.default_policy_id = "string" -> string factory.default_policy_id -> string or nil
serial_number Sets or retrieves the serial number to be used for timestamp creation. Must be present for timestamp creation.
call-seq:
factory.serial_number = number -> number factory.serial_number -> number or nil
gen_time Sets or retrieves the Time value to be used in the Response. Must be present for timestamp creation.
call-seq:
factory.gen_time = Time -> Time factory.gen_time -> Time or nil
additional_certs Sets or retrieves additional certificates apart from the timestamp certificate (e.g. intermediate certificates) to be added to the Response. Must be an Array of OpenSSL::X509::Certificate.
call-seq:
factory.additional_certs = [cert1, cert2] -> [ cert1, cert2 ] factory.additional_certs -> array or nil
allowed_digests Sets or retrieves the digest algorithms that the factory is allowed create timestamps for. Known vulnerable or weak algorithms should not be allowed where possible. Must be an Array of String or OpenSSL::Digest subclass instances.
call-seq:
factory.allowed_digests = ["sha1", OpenSSL::Digest.new('SHA256').new] -> [ "sha1", OpenSSL::Digest) ]
factory.allowed_digests -> array or nil
The X509 certificate store holds trusted CA certificates used to verify peer certificates.
The easiest way to create a useful certificate store is:
cert_store = OpenSSL::X509::Store.new cert_store.set_default_paths
This will use your system’s built-in certificates.
If your system does not have a default set of certificates you can obtain a set extracted from Mozilla CA certificate store by cURL maintainers here: curl.haxx.se/docs/caextract.html (You may wish to use the firefox-db2pem.sh script to extract the certificates from a local install to avoid man-in-the-middle attacks.)
After downloading or generating a cacert.pem from the above link you can create a certificate store from the pem file like this:
cert_store = OpenSSL::X509::Store.new cert_store.add_file 'cacert.pem'
The certificate store can be used with an SSLSocket like this:
ssl_context = OpenSSL::SSL::SSLContext.new ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER ssl_context.cert_store = cert_store tcp_socket = TCPSocket.open 'example.com', 443 ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
File-based session storage class.
Implements session storage as a flat file of ‘key=value’ values. This storage type only works directly with String values; the user is responsible for converting other types to Strings when storing and from Strings when retrieving.
In-memory session storage class.
Implements session storage as a global in-memory hash. Session data will only persist for as long as the Ruby interpreter instance does.
Dummy session storage class.
Implements session storage place holder. No actual storage will be done.
PStore-based session storage class.
This builds upon the top-level PStore class provided by the library file pstore.rb. Session data is marshalled and stored in a file. File locking and transaction services are provided.
When we produce tokens, we produce the same arrays that Ripper does. However, we add a couple of convenience methods onto them to make them a little easier to work with. We delegate all other methods to the array.
Ripper doesn’t include the rest of the token in the event, so we need to trim it down to just the content on the first line when comparing.
Tokens where state should be ignored used for :on_comment, :on_heredoc_end, :on_embexpr_end
Ident tokens for the most part are exactly the same, except sometimes we know an ident is a local when ripper doesn’t (when they are introduced through named captures in regular expressions). In that case we don’t compare the state.
Ignored newlines can occasionally have a LABEL state attached to them, so we compare the state differently here.
If we have an identifier that follows a method name like:
def foo bar
then Ripper will mark bar as END|LABEL if there is a local in a parent scope named bar because it hasn’t pushed the local table yet. We do this more accurately, so we need to allow comparing against both END and END|LABEL.
A field representing the start and end code unit offsets.
A repository is a configured collection of fields and a set of entries that knows how to reparse a source and reify the values.
This is the JSON generator implemented as a C extension. It can be configured to be used by setting
JSON.generator = JSON::Ext::Generator
with the method generator= in JSON.