internet_security_event 2.0.0 → 3.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -2
- data/CHANGELOG.md +13 -0
- data/Rakefile +10 -0
- data/lib/internet_security_event/tls_status.rb +4 -2
- data/lib/internet_security_event/version.rb +1 -1
- data/lib/internet_security_event/x509_certificate_revocation_list_status.rb +37 -0
- data/lib/internet_security_event/x509_certificate_status.rb +39 -0
- data/lib/internet_security_event/x509_status.rb +21 -24
- data/lib/internet_security_event.rb +2 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9618c67bc76530f18f67b1c2634fc8a1638f003216c0870bc7aeea96f72136e6
|
|
4
|
+
data.tar.gz: eb38ae645cc40fee9e92b465bb05178d39769bd77aa3804666b13283fb0192bf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1698abecd6ad8f8f76ee0cea45a3e6de1ce4c483b1f5082be060cda480e2e4bef7bdb261f5ed5baf6bc9d243f1a1e948b85f4b755f0a999376fcd9dbe59d1def
|
|
7
|
+
data.tar.gz: da7e963cadddbe85148b28f8a0f4247e36f51d8f9ed6ccd502d0f69f04657180cc1b6c57642b022e7235cf11ed9abfd4be90f95d264918282d59231ba28e2222
|
data/.github/workflows/ci.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
## [v3.0.0](https://github.com/smortex/internet_security_event/tree/v3.0.0) (2023-04-17)
|
|
9
|
+
|
|
10
|
+
[Full Changelog](https://github.com/smortex/internet_security_event/compare/v2.0.0...v3.0.0)
|
|
11
|
+
|
|
12
|
+
**Breaking changes:**
|
|
13
|
+
|
|
14
|
+
- Add support for verifying CRL [\#4](https://github.com/smortex/internet_security_event/pull/4) ([smortex](https://github.com/smortex))
|
|
15
|
+
|
|
3
16
|
## [v2.0.0](https://github.com/smortex/internet_security_event/tree/v2.0.0) (2022-07-16)
|
|
4
17
|
|
|
5
18
|
[Full Changelog](https://github.com/smortex/internet_security_event/compare/v1.2.1...v2.0.0)
|
data/Rakefile
CHANGED
|
@@ -7,9 +7,19 @@ require 'rspec/core/rake_task'
|
|
|
7
7
|
RSpec::Core::RakeTask.new(:spec)
|
|
8
8
|
|
|
9
9
|
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
|
|
10
|
+
config.header = <<~HEADER.chomp
|
|
11
|
+
# Changelog
|
|
12
|
+
|
|
13
|
+
All notable changes to this project will be documented in this file.
|
|
14
|
+
|
|
15
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|
16
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
17
|
+
HEADER
|
|
18
|
+
config.exclude_labels = %w[duplicate question invalid wontfix wont-fix skip-changelog ignore]
|
|
10
19
|
config.user = 'smortex'
|
|
11
20
|
config.project = 'internet_security_event'
|
|
12
21
|
config.since_tag = 'v1.2.1'
|
|
22
|
+
config.issues = false
|
|
13
23
|
require 'internet_security_event/version'
|
|
14
24
|
config.future_release = "v#{InternetSecurityEvent::VERSION}"
|
|
15
25
|
end
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'internet_security_event/
|
|
3
|
+
require 'internet_security_event/x509_certificate_status'
|
|
4
4
|
|
|
5
5
|
module InternetSecurityEvent
|
|
6
|
-
class TLSStatus <
|
|
6
|
+
class TLSStatus < X509CertificateStatus
|
|
7
|
+
attr_reader :hostname
|
|
8
|
+
|
|
7
9
|
def initialize(hostname, certificate)
|
|
8
10
|
@hostname = hostname
|
|
9
11
|
super(certificate)
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'internet_security_event/x509_status'
|
|
4
|
+
|
|
5
|
+
module InternetSecurityEvent
|
|
6
|
+
class X509CertificateRevocationListStatus < X509Status
|
|
7
|
+
attr_reader :crl
|
|
8
|
+
|
|
9
|
+
def initialize(crl)
|
|
10
|
+
@crl = crl
|
|
11
|
+
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def description
|
|
16
|
+
super('crl')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def to_e
|
|
20
|
+
super.merge({
|
|
21
|
+
issuer: crl.issuer.to_s,
|
|
22
|
+
last_update: crl.last_update.to_s,
|
|
23
|
+
next_update: crl.next_update.to_s,
|
|
24
|
+
})
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def not_before
|
|
30
|
+
crl.last_update
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def not_after
|
|
34
|
+
crl.next_update
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'internet_security_event/x509_status'
|
|
4
|
+
|
|
5
|
+
module InternetSecurityEvent
|
|
6
|
+
class X509CertificateStatus < X509Status
|
|
7
|
+
attr_reader :certificate
|
|
8
|
+
|
|
9
|
+
def initialize(certificate)
|
|
10
|
+
@certificate = certificate
|
|
11
|
+
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def description
|
|
16
|
+
super('certificate')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def to_e
|
|
20
|
+
super.merge({
|
|
21
|
+
subject: certificate.subject.to_s,
|
|
22
|
+
issuer: certificate.issuer.to_s,
|
|
23
|
+
serial: certificate.serial.to_i,
|
|
24
|
+
not_before: certificate.not_before.to_s,
|
|
25
|
+
not_after: certificate.not_after.to_s,
|
|
26
|
+
})
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def not_before
|
|
32
|
+
certificate.not_before
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def not_after
|
|
36
|
+
certificate.not_after
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -4,27 +4,20 @@ require 'active_support/core_ext/numeric/time'
|
|
|
4
4
|
|
|
5
5
|
module InternetSecurityEvent
|
|
6
6
|
class X509Status
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
def self.build(certificate)
|
|
14
|
-
obj = new(certificate)
|
|
7
|
+
def self.build(object)
|
|
8
|
+
obj = if object.is_a?(OpenSSL::X509::Certificate)
|
|
9
|
+
X509CertificateStatus.new(object)
|
|
10
|
+
elsif object.is_a?(OpenSSL::X509::CRL)
|
|
11
|
+
X509CertificateRevocationListStatus.new(object)
|
|
12
|
+
end
|
|
15
13
|
obj.to_e
|
|
16
14
|
end
|
|
17
15
|
|
|
18
|
-
def to_e
|
|
16
|
+
def to_e
|
|
19
17
|
{
|
|
20
18
|
state: state,
|
|
21
19
|
description: description,
|
|
22
20
|
metric: metric,
|
|
23
|
-
subject: certificate.subject.to_s,
|
|
24
|
-
issuer: certificate.issuer.to_s,
|
|
25
|
-
serial: certificate.serial.to_i,
|
|
26
|
-
not_before: certificate.not_before.to_s,
|
|
27
|
-
not_after: certificate.not_after.to_s,
|
|
28
21
|
}
|
|
29
22
|
end
|
|
30
23
|
|
|
@@ -34,11 +27,15 @@ module InternetSecurityEvent
|
|
|
34
27
|
|
|
35
28
|
private
|
|
36
29
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
30
|
+
# Define these method in sub-classes
|
|
31
|
+
# def not_before; end
|
|
32
|
+
# def not_after; end
|
|
33
|
+
|
|
34
|
+
def description(name)
|
|
35
|
+
return "#{name} will become valid in #{distance_of_time_in_words_to_now(not_before)}" if not_valid_yet?
|
|
36
|
+
return "#{name} has expired #{distance_of_time_in_words_to_now(not_after)} ago" if expired?
|
|
40
37
|
|
|
41
|
-
"
|
|
38
|
+
"#{name} will expire in #{distance_of_time_in_words_to_now(not_after)}"
|
|
42
39
|
end
|
|
43
40
|
|
|
44
41
|
def state
|
|
@@ -52,27 +49,27 @@ module InternetSecurityEvent
|
|
|
52
49
|
end
|
|
53
50
|
|
|
54
51
|
def metric
|
|
55
|
-
|
|
52
|
+
not_after - now
|
|
56
53
|
end
|
|
57
54
|
|
|
58
55
|
def not_valid_yet?
|
|
59
|
-
now <
|
|
56
|
+
now < not_before
|
|
60
57
|
end
|
|
61
58
|
|
|
62
59
|
def expired_or_expire_soon?
|
|
63
|
-
now + renewal_duration / 3 >
|
|
60
|
+
now + renewal_duration / 3 > not_after
|
|
64
61
|
end
|
|
65
62
|
|
|
66
63
|
def expired?
|
|
67
|
-
now >
|
|
64
|
+
now > not_after
|
|
68
65
|
end
|
|
69
66
|
|
|
70
67
|
def expire_soonish?
|
|
71
|
-
now + 2 * renewal_duration / 3 >
|
|
68
|
+
now + 2 * renewal_duration / 3 > not_after
|
|
72
69
|
end
|
|
73
70
|
|
|
74
71
|
def validity_duration
|
|
75
|
-
|
|
72
|
+
not_after - not_before
|
|
76
73
|
end
|
|
77
74
|
|
|
78
75
|
def now
|
|
@@ -4,4 +4,6 @@ require 'internet_security_event/now'
|
|
|
4
4
|
require 'internet_security_event/tls_status'
|
|
5
5
|
require 'internet_security_event/tlsa_status'
|
|
6
6
|
require 'internet_security_event/x509_status'
|
|
7
|
+
require 'internet_security_event/x509_certificate_status'
|
|
8
|
+
require 'internet_security_event/x509_certificate_revocation_list_status'
|
|
7
9
|
require 'resolv/dns/resource/in/tlsa'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: internet_security_event
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Romain Tartière
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -162,6 +162,8 @@ files:
|
|
|
162
162
|
- lib/internet_security_event/tls_status.rb
|
|
163
163
|
- lib/internet_security_event/tlsa_status.rb
|
|
164
164
|
- lib/internet_security_event/version.rb
|
|
165
|
+
- lib/internet_security_event/x509_certificate_revocation_list_status.rb
|
|
166
|
+
- lib/internet_security_event/x509_certificate_status.rb
|
|
165
167
|
- lib/internet_security_event/x509_status.rb
|
|
166
168
|
- lib/resolv/dns/resource/in/tlsa.rb
|
|
167
169
|
homepage: https://github.com/smortex/internet_security_event
|
|
@@ -183,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
183
185
|
- !ruby/object:Gem::Version
|
|
184
186
|
version: '0'
|
|
185
187
|
requirements: []
|
|
186
|
-
rubygems_version: 3.
|
|
188
|
+
rubygems_version: 3.4.10
|
|
187
189
|
signing_key:
|
|
188
190
|
specification_version: 4
|
|
189
191
|
summary: Build events describing the status of various internet services
|