class OpenSSL::Config
See also www.openssl.org/docs/apps/config.html<br><br>the location of the file for your host.
configuration. See the value of OpenSSL::Config::DEFAULT_CONFIG_FILE for
Many system’s installation of openssl library will depend on your system
Configuration for the openssl library.
= OpenSSL::Config
#
def [](section)
#=> {"foo"=>"bar"}
config['default']
You can get a hash of the specific section like so:
# foo=bar
#=> [ default ]
puts config.to_s
#=> #
config = OpenSSL::Config.load('foo.cnf')
Given the following configurating file being loaded:
Get a specific _section_ from the current configuration
#
def [](section) @data[section] || {} end
def []=(section, pairs)
#=> {"foo"=>"changed", "baz"=>"buz"}
config['default']
#=> {"foo"=>"changed"}
config['default'] = {"foo" => "changed"}
#=> {"foo"=>"bar", "baz"=>"buz"}
config['default']
in _pairs_ with the existing _section_. For example:
It's important to note that this will essentially merge any of the keys
# baz=buz
# foo=bar
#=> [ default ]
puts config.to_s
#=> {"foo"=>"bar", "baz"=>"buz"}
config['default'] = {"foo"=>"bar","baz"=>"buz"}
#=> #
config = OpenSSL::Config.new
Given the following configuration being created:
Sets a specific _section_ name with a Hash _pairs_.
*Deprecated in v2.2.0*. This method will be removed in a future release.
#
def []=(section, pairs) check_modify set_section(section, pairs) end
def add_value(section, key, value)
# foo=buzz
#=> [ default ]
puts config.to_s
#=> "buzz"
config.add_value('default', 'foo', 'buzz')
value:
You can set the value of _foo_ under the _default_ section to a new
# foo=bar
#=> [ default ]
puts config.to_s
#=> #
config = OpenSSL::Config.load('foo.cnf')
Given the following configurating file being loaded:
Set the target _key_ with a given _value_ under a specific _section_.
*Deprecated in v2.2.0*. This method will be removed in a future release.
#
def add_value(section, key, value) check_modify (@data[section] ||= {})[key] = value end
def check_modify
def check_modify warn "#{caller(2, 1)[0]}: warning: do not modify OpenSSL::Config; this " \ "method is deprecated and will be removed in a future release." raise TypeError.new("Insecure: can't modify OpenSSL config") if frozen? end
def clear_comments(line)
def clear_comments(line) # FCOMMENT if m = line.match(/\A([\t\n\f ]*);.*\z/) return m[1] end # COMMENT scanned = [] while m = line.match(/[#'"\\]/) scanned << m.pre_match c = m[0] line = m.post_match case c when '#' line = nil break when "'", '"' regexp = (c == "'") ? QUOTE_REGEXP_SQ : QUOTE_REGEXP_DQ scanned << c if m = line.match(regexp) scanned << m[0] line = m.post_match else scanned << line line = nil break end when "\\" scanned << c scanned << line.slice!(0, 1) else raise 'must not reaced' end end scanned << line scanned.join end
def data # :nodoc:
def data # :nodoc: @data end
def each
end
# ...
config.each do |section, key, value|
Receive the section and its pairs for the current configuration.
For a block.
#
def each @data.each do |section, hash| hash.each do |key, value| yield [section, key, value] end end end
def extract_reference(value)
def extract_reference(value) rest = '' if m = value.match(/\(([^)]*)\)|\{([^}]*)\}/) value = m[1] || m[2] rest = m.post_match elsif [?(, ?{].include?(value[0]) raise ConfigError, "no close brace" end if m = value.match(/[a-zA-Z0-9_]*(?:::[a-zA-Z0-9_]*)?/) return m[0], m.post_match + rest else raise end end
def get_definition(io_stack)
def get_definition(io_stack) if line = get_line(io_stack) while /[^\\]\\\z/ =~ line if extra = get_line(io_stack) line += extra else break end end return line.strip end end
def get_key_string(data, section, key) # :nodoc:
def get_key_string(data, section, key) # :nodoc: if v = data[section] && data[section][key] return v elsif section == 'ENV' if v = ENV[key] return v end end if v = data['default'] && data['default'][key] return v end end
def get_key_string(section, key)
def get_key_string(section, key) Config.get_key_string(@data, section, key) end
def get_line(io_stack)
def get_line(io_stack) while io = io_stack.last if line = io.gets return line.gsub(/[\r\n]*/, '') end io_stack.pop end end
def get_value(section, key)
#=> "bar"
config.get_value('default','foo')
and _key_ like so:
You can get a specific value from the config if you know the _section_
# foo=bar
#=> [ default ]
puts config.to_s
#=> #
config = OpenSSL::Config.load('foo.cnf')
Given the following configurating file being loaded:
Gets the value of _key_ from the given _section_
#
def get_value(section, key) if section.nil? raise TypeError.new('nil not allowed') end section = 'default' if section.empty? get_key_string(section, key) end
def initialize(filename = nil)
the data being configured.
file. A ConfigError exception may be raised depending on the validity of
This can raise IO exceptions based on the access, or availability of the
parsed via #parse_config.
If the optional _filename_ parameter is provided, then it is read in and
This can be used in contexts like OpenSSL::X509::ExtensionFactory.config=
Creates an instance of OpenSSL's configuration class.
#
def initialize(filename = nil) @data = {} if filename File.open(filename.to_s) do |file| Config.parse_config(file).each do |section, hash| set_section(section, hash) end end end end
def initialize_copy(other)
def initialize_copy(other) @data = other.data.dup end
def inspect
String representation of this configuration object, including the class
#
def inspect "#<#{self.class.name} sections=#{sections.inspect}>" end
def parse(string)
OpenSSL.
Parses a given _string_ as a blob that contains configuration for
#
def parse(string) c = new() parse_config(StringIO.new(string)).each do |section, hash| c.set_section(section, hash) end c end
def parse_config(io)
Parses the configuration data read from _io_, see also #parse.
#
def parse_config(io) begin parse_config_lines(io) rescue => error raise ConfigError, "error in line #{io.lineno}: " + error.message end end
def parse_config_lines(io)
def parse_config_lines(io) section = 'default' data = {section => {}} io_stack = [io] while definition = get_definition(io_stack) definition = clear_comments(definition) next if definition.empty? case definition when /\A\[/ if /\[([^\]]*)\]/ =~ definition section = $1.strip data[section] ||= {} else raise ConfigError, "missing close square bracket" end when /\A\.include (\s*=\s*)?(.+)\z/ path = $2 if File.directory?(path) files = Dir.glob(File.join(path, "*.{cnf,conf}"), File::FNM_EXTGLOB) else files = [path] end files.each do |filename| begin io_stack << StringIO.new(File.read(filename)) rescue raise ConfigError, "could not include file '%s'" % filename end end when /\A([^:\s]*)(?:::([^:\s]*))?\s*=(.*)\z/ if $2 section = $1 key = $2 else key = $1 end value = unescape_value(data, section, $3) (data[section] ||= {})[key] = value.strip else raise ConfigError, "missing equal sign" end end data end
def section(name) # :nodoc:
Use #[] instead
Deprecated
#
def section(name) # :nodoc: warn('Config#section is deprecated; use Config#[]') @data[name] || {} end
def sections
#
def sections @data.keys end
def set_section(section, pairs) # :nodoc:
def set_section(section, pairs) # :nodoc: hash = @data[section] ||= {} pairs.each do |key, value| hash[key] = value end end
def to_s
baz=buz
foo=bar
#=> [ default ]
puts new_config
#=> #
new_config = OpenSSL::Config.parse(serialized_config)
# much later...
serialized_config = config.to_s
it later:
You can parse get the serialized configuration using #to_s and then parse
# baz=buz
# foo=bar
#=> [ default ]
puts config.to_s
#=> {"foo"=>"bar", "baz"=>"buz"}
config['default'] = {"foo"=>"bar","baz"=>"buz"}
#=> #
config = OpenSSL::Config.new
Given the following configuration being created:
Get the parsable form of the current configuration
#
def to_s ary = [] @data.keys.sort.each do |section| ary << "[ #{section} ]\n" @data[section].keys.each do |key| ary << "#{key}=#{@data[section][key]}\n" end ary << "\n" end ary.join end
def unescape_value(data, section, value)
def unescape_value(data, section, value) scanned = [] while m = value.match(/['"\\$]/) scanned << m.pre_match c = m[0] value = m.post_match case c when "'" if m = value.match(QUOTE_REGEXP_SQ) scanned << m[1].gsub(/\\(.)/, '\\1') value = m.post_match else break end when '"' if m = value.match(QUOTE_REGEXP_DQ) scanned << m[1].gsub(/""/, '').gsub(/\\(.)/, '\\1') value = m.post_match else break end when "\\" c = value.slice!(0, 1) scanned << (ESCAPE_MAP[c] || c) when "$" ref, value = extract_reference(value) refsec = section if ref.index('::') refsec, ref = ref.split('::', 2) end if v = get_key_string(data, refsec, ref) scanned << v else raise ConfigError, "variable has no value" end else raise 'must not reaced' end end scanned << value scanned.join end
def value(arg1, arg2 = nil) # :nodoc:
Use #get_value instead
*Deprecated*
#
def value(arg1, arg2 = nil) # :nodoc: warn('Config#value is deprecated; use Config#get_value') if arg2.nil? section, key = 'default', arg1 else section, key = arg1, arg2 end section ||= 'default' section = 'default' if section.empty? get_key_string(section, key) end