line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Perlbal::Plugin::ExpandSSL; |
2
|
|
|
|
|
|
|
|
3
|
4
|
|
|
4
|
|
922779
|
use strict; |
|
4
|
|
|
|
|
8
|
|
|
4
|
|
|
|
|
160
|
|
4
|
4
|
|
|
4
|
|
23
|
use warnings; |
|
4
|
|
|
|
|
7
|
|
|
4
|
|
|
|
|
106
|
|
5
|
4
|
|
|
4
|
|
4197
|
use Perlbal; |
|
4
|
|
|
|
|
1930888
|
|
|
4
|
|
|
|
|
144
|
|
6
|
4
|
|
|
4
|
|
6247
|
use Crypt::X509; |
|
4
|
|
|
|
|
288068
|
|
|
4
|
|
|
|
|
296
|
|
7
|
4
|
|
|
4
|
|
7837
|
use MIME::Base64; |
|
4
|
|
|
|
|
6199
|
|
|
4
|
|
|
|
|
369
|
|
8
|
4
|
|
|
4
|
|
5344
|
use File::Slurp; |
|
4
|
|
|
|
|
33602
|
|
|
4
|
|
|
|
|
13321
|
|
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
our $VERSION = '0.02'; |
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
my %registry = (); |
13
|
|
|
|
|
|
|
my %headers = ( |
14
|
|
|
|
|
|
|
X_FORWARDED_SSL_S_DN_CN => 'subject_cn', |
15
|
|
|
|
|
|
|
); |
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
|
18
|
1
|
|
|
1
|
1
|
42
|
sub load {1} |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
sub register { |
21
|
1
|
|
|
1
|
1
|
67
|
my ( $self, $svc ) = @_; |
22
|
|
|
|
|
|
|
$svc->register_hook( |
23
|
|
|
|
|
|
|
'ExpandSSL', |
24
|
|
|
|
|
|
|
'start_proxy_request', |
25
|
1
|
|
|
1
|
|
3158
|
sub { expand_ssl(@_) }, |
26
|
1
|
|
|
|
|
13
|
); |
27
|
|
|
|
|
|
|
|
28
|
1
|
|
|
|
|
1719
|
build_registry( $svc->{'ssl_cert_file'} ); |
29
|
|
|
|
|
|
|
|
30
|
1
|
|
|
|
|
682
|
return 1; |
31
|
|
|
|
|
|
|
} |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
sub build_registry { |
34
|
2
|
|
|
2
|
1
|
806
|
my $file = shift; |
35
|
2
|
|
|
|
|
7
|
my @pem = read_file($file); |
36
|
2
|
|
|
|
|
2797
|
my $pem = serialize_pem(@pem); |
37
|
2
|
|
|
|
|
2332
|
my $der = decode_base64($pem); |
38
|
2
|
|
|
|
|
1834
|
my $cert = Crypt::X509->new( cert => $der ); |
39
|
|
|
|
|
|
|
|
40
|
2
|
100
|
|
|
|
3971
|
if ( $cert->error ) { |
41
|
1
|
|
|
|
|
10
|
my $error = $cert->error; |
42
|
1
|
|
|
|
|
16
|
warn "ERROR: $error\n"; |
43
|
1
|
|
|
|
|
93
|
return 1; |
44
|
|
|
|
|
|
|
} |
45
|
|
|
|
|
|
|
|
46
|
1
|
|
|
|
|
12
|
foreach my $header ( keys %headers ) { |
47
|
1
|
|
|
|
|
2
|
my $method = $headers{$header}; |
48
|
1
|
|
|
|
|
6
|
$registry{$header} = $cert->$method; |
49
|
|
|
|
|
|
|
} |
50
|
|
|
|
|
|
|
|
51
|
1
|
|
|
|
|
20
|
return 0; |
52
|
|
|
|
|
|
|
} |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
sub serialize_pem { |
55
|
1
|
|
|
1
|
1
|
25
|
my @pem = @_; |
56
|
1
|
|
|
|
|
3
|
my $PEM_BEGIN = '-----BEGIN CERTIFICATE-----'; |
57
|
1
|
|
|
|
|
3
|
my $PEM_END = '-----END CERTIFICATE-----'; |
58
|
1
|
|
|
|
|
2
|
my $pem; |
59
|
|
|
|
|
|
|
|
60
|
1
|
|
|
|
|
3
|
foreach my $line (@pem) { |
61
|
7
|
|
|
|
|
16
|
$line =~ s/^\s+//; |
62
|
7
|
|
|
|
|
14
|
$line =~ s/\s+$//; |
63
|
7
|
|
|
|
|
11
|
chomp $line; |
64
|
7
|
100
|
|
|
|
12
|
$line or next; |
65
|
|
|
|
|
|
|
|
66
|
6
|
100
|
100
|
|
|
29
|
if ( $line eq $PEM_BEGIN or $line eq $PEM_END ) { |
67
|
2
|
|
|
|
|
4
|
next; |
68
|
|
|
|
|
|
|
} |
69
|
|
|
|
|
|
|
|
70
|
4
|
|
|
|
|
8
|
$pem .= "$line\n"; |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
1
|
|
|
|
|
6
|
return $pem; |
74
|
|
|
|
|
|
|
} |
75
|
|
|
|
|
|
|
|
76
|
|
|
|
|
|
|
sub expand_ssl { |
77
|
1
|
|
|
1
|
1
|
2192
|
my $svc = shift; |
78
|
1
|
|
|
|
|
5
|
my $req_headers = $svc->{'req_headers'}; |
79
|
|
|
|
|
|
|
|
80
|
1
|
|
|
|
|
5
|
foreach my $header ( keys %registry ) { |
81
|
1
|
|
|
|
|
6
|
$req_headers->header( $header, $registry{$header} ); |
82
|
|
|
|
|
|
|
} |
83
|
|
|
|
|
|
|
|
84
|
1
|
|
|
|
|
33798
|
return 0; |
85
|
|
|
|
|
|
|
} |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
sub unregister { |
88
|
|
|
|
|
|
|
# clearing registry |
89
|
1
|
|
|
1
|
1
|
6
|
%registry = (); |
90
|
|
|
|
|
|
|
|
91
|
1
|
|
|
|
|
6
|
return 1; |
92
|
|
|
|
|
|
|
} |
93
|
|
|
|
|
|
|
|
94
|
1
|
|
|
1
|
1
|
6
|
sub unload {1} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
1; |
97
|
|
|
|
|
|
|
|
98
|
|
|
|
|
|
|
__END__ |