libopenid-ruby1.8 2.1.8debian-1 / usr / lib / ruby / 1.8 / openid / fetchers.rb

This file is indexed.

/usr/lib/ruby/1.8/openid/fetchers.rb is in libopenid-ruby1.8 2.1.8debian-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
require 'net/http'
require 'openid'
require 'openid/util'

begin
  require 'net/https'
rescue LoadError
  OpenID::Util.log('WARNING: no SSL support found.  Will not be able ' +
                   'to fetch HTTPS URLs!')
  require 'net/http'
end

MAX_RESPONSE_KB = 1024

module Net
  class HTTP
    def post_connection_check(hostname)
      check_common_name = true
      cert = @socket.io.peer_cert
      cert.extensions.each { |ext|
        next if ext.oid != "subjectAltName"
        ext.value.split(/,\s+/).each{ |general_name|
          if /\ADNS:(.*)/ =~ general_name
            check_common_name = false
            reg = Regexp.escape($1).gsub(/\\\*/, "[^.]+")
            return true if /\A#{reg}\z/i =~ hostname
          elsif /\AIP Address:(.*)/ =~ general_name
            check_common_name = false
            return true if $1 == hostname
          end
        }
      }
      if check_common_name
        cert.subject.to_a.each{ |oid, value|
          if oid == "CN"
            reg = Regexp.escape(value).gsub(/\\\*/, "[^.]+")
            return true if /\A#{reg}\z/i =~ hostname
          end
        }
      end
      raise OpenSSL::SSL::SSLError, "hostname does not match"
    end
  end
end

module OpenID
  # Our HTTPResponse class extends Net::HTTPResponse with an additional
  # method, final_url.
  class HTTPResponse
    attr_accessor :final_url

    attr_accessor :_response

    def self._from_net_response(response, final_url, headers=nil)
      me = self.new
      me._response = response
      me.final_url = final_url
      return me
    end

    def method_missing(method, *args)
      @_response.send(method, *args)
    end

    def body=(s)
      @_response.instance_variable_set('@body', s)
      # XXX Hack to work around ruby's HTTP library behavior.  @body
      # is only returned if it has been read from the response
      # object's socket, but since we're not using a socket in this
      # case, we need to set the @read flag to true to avoid a bug in
      # Net::HTTPResponse.stream_check when @socket is nil.
      @_response.instance_variable_set('@read', true)
    end
  end

  class FetchingError < OpenIDError
  end

  class HTTPRedirectLimitReached < FetchingError
  end

  class SSLFetchingError < FetchingError
  end

  @fetcher = nil

  def self.fetch(url, body=nil, headers=nil,
                 redirect_limit=StandardFetcher::REDIRECT_LIMIT)
    return fetcher.fetch(url, body, headers, redirect_limit)
  end

  def self.fetcher
    if @fetcher.nil?
      @fetcher = StandardFetcher.new
    end

    return @fetcher
  end

  def self.fetcher=(fetcher)
    @fetcher = fetcher
  end

  # Set the default fetcher to use the HTTP proxy defined in the environment
  # variable 'http_proxy'.
  def self.fetcher_use_env_http_proxy
    proxy_string = ENV['http_proxy']
    return unless proxy_string

    proxy_uri = URI.parse(proxy_string)
    @fetcher = StandardFetcher.new(proxy_uri.host, proxy_uri.port,
                                   proxy_uri.user, proxy_uri.password)
  end
  
  class StandardFetcher

    USER_AGENT = "ruby-openid/#{OpenID::VERSION} (#{RUBY_PLATFORM})"

    REDIRECT_LIMIT = 5
    TIMEOUT = 60

    attr_accessor :ca_file
    attr_accessor :timeout

    # I can fetch through a HTTP proxy; arguments are as for Net::HTTP::Proxy.
    def initialize(proxy_addr=nil, proxy_port=nil,
                   proxy_user=nil, proxy_pass=nil)
      @ca_file = nil
      @proxy = Net::HTTP::Proxy(proxy_addr, proxy_port, proxy_user, proxy_pass)
      @timeout = TIMEOUT
    end

    def supports_ssl?(conn)
      return conn.respond_to?(:use_ssl=)
    end

    def make_http(uri)
      http = @proxy.new(uri.host, uri.port)
      http.read_timeout = @timeout
      http.open_timeout = @timeout
      return http
    end

    def set_verified(conn, verify)
      if verify
        conn.verify_mode = OpenSSL::SSL::VERIFY_PEER
      else
        conn.verify_mode = OpenSSL::SSL::VERIFY_NONE
      end
    end

    def make_connection(uri)
      conn = make_http(uri)

      if !conn.is_a?(Net::HTTP)
        raise RuntimeError, sprintf("Expected Net::HTTP object from make_http; got %s",
                                    conn.class)
      end

      if uri.scheme == 'https'
        if supports_ssl?(conn)

          conn.use_ssl = true

          if @ca_file
            set_verified(conn, true)
            conn.ca_file = @ca_file
          else
            Util.log("WARNING: making https request to #{uri} without verifying " +
                     "server certificate; no CA path was specified.")
            set_verified(conn, false)
          end
        else
          raise RuntimeError, "SSL support not found; cannot fetch #{uri}"
        end
      end

      return conn
    end

    def fetch(url, body=nil, headers=nil, redirect_limit=REDIRECT_LIMIT)
      unparsed_url = url.dup
      url = URI::parse(url)
      if url.nil?
        raise FetchingError, "Invalid URL: #{unparsed_url}"
      end

      headers ||= {}
      headers['User-agent'] ||= USER_AGENT

      begin
        conn = make_connection(url)
        response = nil

        response = conn.start {
          # Check the certificate against the URL's hostname
          if supports_ssl?(conn) and conn.use_ssl?
            conn.post_connection_check(url.host)
          end

          if body.nil?
            conn.request_get(url.request_uri, headers)
          else
            headers["Content-type"] ||= "application/x-www-form-urlencoded"
            conn.request_post(url.request_uri, body, headers)
          end
        }
      rescue RuntimeError => why
        raise why
      rescue OpenSSL::SSL::SSLError => why
        raise SSLFetchingError, "Error connecting to SSL URL #{url}: #{why}"
      rescue FetchingError => why
        raise why
      rescue Exception => why
        # Things we've caught here include a Timeout::Error, which descends
        # from SignalException.
        raise FetchingError, "Error fetching #{url}: #{why}"
      end

      case response
      when Net::HTTPRedirection
        if redirect_limit <= 0
          raise HTTPRedirectLimitReached.new(
            "Too many redirects, not fetching #{response['location']}")
        end
        begin
          return fetch(response['location'], body, headers, redirect_limit - 1)
        rescue HTTPRedirectLimitReached => e
          raise e
        rescue FetchingError => why
          raise FetchingError, "Error encountered in redirect from #{url}: #{why}"
        end
      else
        return HTTPResponse._from_net_response(response, unparsed_url)
      end
    end
  end
end

APT Browse - Built by Thomas Orozco.