Class: InstanceAgent::Plugins::CodeDeployPlugin::CodeDeployControlCertVerifier

Inherits:
Object
  • Object
show all
Defined in:
lib/instance_agent/plugins/codedeploy/codedeploy_control.rb

Instance Method Summary collapse

Constructor Details

#initialize(endpoint) ⇒ CodeDeployControlCertVerifier

Returns a new instance of CodeDeployControlCertVerifier.



62
63
64
65
 
# File 'lib/instance_agent/plugins/codedeploy/codedeploy_control.rb', line 62

def initialize(endpoint)
  @endpoint = endpoint
  @region = ENV['AWS_REGION'] || InstanceMetadata.region
end

Instance Method Details

#verify_certObject 



67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
# File 'lib/instance_agent/plugins/codedeploy/codedeploy_control.rb', line 67

def verify_cert
  uri = URI(@endpoint)
  client = Net::HTTP.new(uri.host, uri.port)
  client.use_ssl = true
  client.verify_mode = OpenSSL::SSL::VERIFY_PEER
  client.ca_file = ENV['SSL_CERT_FILE']

  if InstanceAgent::Config.config[:proxy_uri]
    proxy_uri = URI(InstanceAgent::Config.config[:proxy_uri])
    client.proxy_from_env = false # make sure proxy settings can be overridden
    client.proxy_address = proxy_uri.host
    client.proxy_port = proxy_uri.port
    client.proxy_user = proxy_uri.user if proxy_uri.user
    client.proxy_pass = proxy_uri.password if proxy_uri.password 
  end

  client.verify_callback = lambda do |preverify_ok, cert_store|
    return false unless preverify_ok
    @cert = cert_store.chain[0]
    verify_subject
  end

  response = client.get '/'
end

#verify_subjectObject

Do minimal cert pinning



93
94
95
96
 
# File 'lib/instance_agent/plugins/codedeploy/codedeploy_control.rb', line 93

def verify_subject
  InstanceAgent::Log.debug("#{self.class.to_s}: Actual certificate subject is '#{@cert.subject.to_s}'")
  @cert.subject.to_s == "/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=codedeploy-commands."+@region+".amazonaws.com"
end