A StoreContext
is used while validating a single certificate and holds the status involved.
The X509
certificate store holds trusted CA certificates used to verify peer certificates.
The easiest way to create a useful certificate store is:
cert_store = OpenSSL::X509::Store.new cert_store.set_default_paths
This will use your system’s built-in certificates.
If your system does not have a default set of certificates you can obtain a set extracted from Mozilla CA certificate store by cURL maintainers here: curl.haxx.se/docs/caextract.html (You may wish to use the firefox-db2pem.sh script to extract the certificates from a local install to avoid man-in-the-middle attacks.)
After downloading or generating a cacert.pem from the above link you can create a certificate store from the pem file like this:
cert_store = OpenSSL::X509::Store.new cert_store.add_file 'cacert.pem'
The certificate store can be used with an SSLSocket like this:
ssl_context = OpenSSL::SSL::SSLContext.new ssl_context.verify_mode = OpenSSL::SSL::VERIFY_PEER ssl_context.cert_store = cert_store tcp_socket = TCPSocket.open 'example.com', 443 ssl_socket = OpenSSL::SSL::SSLSocket.new tcp_socket, ssl_context
Tokens where state should be ignored used for :on_comment, :on_heredoc_end, :on_embexpr_end
Ignored newlines can occasionally have a LABEL state attached to them, so we compare the state differently here.
A repository is a configured collection of fields and a set of entries that knows how to reparse a source and reify the values.
Raised when a bad requirement is encountered
The RequirementList
is used to hold the requirements being considered while resolving a set of gems.
The RequirementList
acts like a queue where the oldest items are removed first.
An absolutely silent progress reporter.
A basic dotted progress reporter.
A progress reporter that prints out messages about the current progress.
A progress reporter that behaves nicely with threaded downloading.
Shows surrounding kw/end pairs
The purpose of showing these extra pairs is due to cases of ambiguity when only one visible line is matched.
For example:
1 class Dog 2 def bark 4 def eat 5 end 6 end
In this case either line 2 could be missing an ‘end` or line 4 was an extra line added by mistake (it happens).
When we detect the above problem it shows the issue as only being on line 2
2 def bark
Showing “neighbor” keyword pairs gives extra context:
2 def bark 4 def eat 5 end
Example:
lines = BeforeAfterKeywordEnds.new( block: block, code_lines: code_lines ).call()
Raised by Encoding
and String
methods when the source encoding is incompatible with the target encoding.
Exception
for invalid date/time
The base exception for JSON
errors.
OpenSSL::Digest
allows you to compute message digests (sometimes interchangeably called “hashes”) of arbitrary data that are cryptographically secure, i.e. a Digest
implements a secure one-way function.
One-way functions offer some useful properties. E.g. given two distinct inputs the probability that both yield the same output is highly unlikely. Combined with the fact that every message digest algorithm has a fixed-length output of just a few bytes, digests are often used to create unique identifiers for arbitrary data. A common example is the creation of a unique id for binary documents that are stored in a database.
Another useful characteristic of one-way functions (and thus the name) is that given a digest there is no indication about the original data that produced it, i.e. the only way to identify the original input is to “brute-force” through every possible combination of inputs.
These characteristics make one-way functions also ideal companions for public key signature algorithms: instead of signing an entire document, first a hash of the document is produced with a considerably faster message digest algorithm and only the few bytes of its output need to be signed using the slower public key algorithm. To validate the integrity of a signed document, it suffices to re-compute the hash and verify that it is equal to that in the signature.
You can get a list of all digest algorithms supported on your system by running this command in your terminal:
openssl list -digest-algorithms
Among the OpenSSL
1.1.1 supported message digest algorithms are:
SHA224, SHA256, SHA384, SHA512, SHA512-224 and SHA512-256
SHA3-224, SHA3-256, SHA3-384 and SHA3-512
BLAKE2s256 and BLAKE2b512
Each of these algorithms can be instantiated using the name:
digest = OpenSSL::Digest.new('SHA256')
“Breaking” a message digest algorithm means defying its one-way function characteristics, i.e. producing a collision or finding a way to get to the original data by means that are more efficient than brute-forcing etc. Most of the supported digest algorithms can be considered broken in this sense, even the very popular MD5 and SHA1 algorithms. Should security be your highest concern, then you should probably rely on SHA224, SHA256, SHA384 or SHA512.
data = File.binread('document') sha256 = OpenSSL::Digest.new('SHA256') digest = sha256.digest(data)
data1 = File.binread('file1') data2 = File.binread('file2') data3 = File.binread('file3') sha256 = OpenSSL::Digest.new('SHA256') sha256 << data1 sha256 << data2 sha256 << data3 digest = sha256.digest
Digest
instance data1 = File.binread('file1') sha256 = OpenSSL::Digest.new('SHA256') digest1 = sha256.digest(data1) data2 = File.binread('file2') sha256.reset digest2 = sha256.digest(data2)
Generic error, common for all classes under OpenSSL
module
Generic Error for all of OpenSSL::BN
(big num)
General error for openssl library configuration files. Including formatting, parsing errors, etc.
Document-class: OpenSSL::HMAC
OpenSSL::HMAC
allows computing Hash-based Message Authentication Code (HMAC
). It is a type of message authentication code (MAC) involving a hash function in combination with a key. HMAC
can be used to verify the integrity of a message as well as the authenticity.
OpenSSL::HMAC
has a similar interface to OpenSSL::Digest
.
key = "key" data = "message-to-be-authenticated" mac = OpenSSL::HMAC.hexdigest("SHA256", key, data) #=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"
data1 = File.binread("file1") data2 = File.binread("file2") key = "key" hmac = OpenSSL::HMAC.new(key, 'SHA256') hmac << data1 hmac << data2 mac = hmac.digest
Subclasses ‘BadAlias` for backwards compatibility
This class works in conjunction with Psych::Parser
to build an in-memory parse tree that represents a YAML
document.
parser = Psych::Parser.new Psych::TreeBuilder.new parser.parse('--- foo') tree = parser.handler.root
See Psych::Handler
for documentation on the event methods used in this class.