class Ritm::Proxy::SSLReverseProxy

SSL Intercept reverse proxy server. Supports interception of https request and responses It does man-in-the-middle with on-the-fly certificate signing using the given CA

Public Class Methods

new(port, ca, forwarder) click to toggle source

Creates a HTTPS server with the given settings @param port [Fixnum]: TCP port to bind the service @param ca [Ritm::CA]: The certificate authority used to sign fake server certificates @param forwarder [Ritm::HTTPForwarder]: Forwards http traffic with interception

# File lib/ritm/proxy/ssl_reverse_proxy.rb, line 15
def initialize(port, ca, forwarder)
  @ca = ca
  default_vhost = 'localhost'
  @server = CertSigningHTTPSServer.new(Port: port,
                                       AccessLog: [],
                                       Logger: WEBrick::Log.new(File.open(File::NULL, 'w')),
                                       ca: ca,
                                       **vhost_settings(default_vhost))
  @server.mount '/', RequestInterceptorServlet, forwarder
end

Public Instance Methods

shutdown() click to toggle source
# File lib/ritm/proxy/ssl_reverse_proxy.rb, line 32
def shutdown
  @server.shutdown
end
start_async() click to toggle source
# File lib/ritm/proxy/ssl_reverse_proxy.rb, line 26
def start_async
  trap(:TERM) { shutdown }
  trap(:INT) { shutdown }
  Thread.new { @server.start }
end

Private Instance Methods

gen_signed_cert(common_name) click to toggle source
# File lib/ritm/proxy/ssl_reverse_proxy.rb, line 38
def gen_signed_cert(common_name)
  cert = Ritm::Certificate.create(common_name)
  @ca.sign(cert)
  cert
end
vhost_settings(hostname) click to toggle source
# File lib/ritm/proxy/ssl_reverse_proxy.rb, line 44
def vhost_settings(hostname)
  cert = gen_signed_cert(hostname)
  {
    ServerName: hostname,
    SSLEnable: true,
    SSLVerifyClient: OpenSSL::SSL::VERIFY_NONE,
    SSLPrivateKey: OpenSSL::PKey::RSA.new(cert.private_key),
    SSLCertificate: OpenSSL::X509::Certificate.new(cert.pem),
    SSLCertName: [['CN', hostname]]
  }
end