internet_security_event 2.0.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -2
- data/CHANGELOG.md +13 -0
- data/Rakefile +10 -0
- data/lib/internet_security_event/tls_status.rb +4 -2
- data/lib/internet_security_event/version.rb +1 -1
- data/lib/internet_security_event/x509_certificate_revocation_list_status.rb +37 -0
- data/lib/internet_security_event/x509_certificate_status.rb +39 -0
- data/lib/internet_security_event/x509_status.rb +21 -24
- data/lib/internet_security_event.rb +2 -0
- metadata +5 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9618c67bc76530f18f67b1c2634fc8a1638f003216c0870bc7aeea96f72136e6
|
|
4
|
+
data.tar.gz: eb38ae645cc40fee9e92b465bb05178d39769bd77aa3804666b13283fb0192bf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1698abecd6ad8f8f76ee0cea45a3e6de1ce4c483b1f5082be060cda480e2e4bef7bdb261f5ed5baf6bc9d243f1a1e948b85f4b755f0a999376fcd9dbe59d1def
|
|
7
|
+
data.tar.gz: da7e963cadddbe85148b28f8a0f4247e36f51d8f9ed6ccd502d0f69f04657180cc1b6c57642b022e7235cf11ed9abfd4be90f95d264918282d59231ba28e2222
|
data/.github/workflows/ci.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,18 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
## [v3.0.0](https://github.com/smortex/internet_security_event/tree/v3.0.0) (2023-04-17)
|
|
9
|
+
|
|
10
|
+
[Full Changelog](https://github.com/smortex/internet_security_event/compare/v2.0.0...v3.0.0)
|
|
11
|
+
|
|
12
|
+
**Breaking changes:**
|
|
13
|
+
|
|
14
|
+
- Add support for verifying CRL [\#4](https://github.com/smortex/internet_security_event/pull/4) ([smortex](https://github.com/smortex))
|
|
15
|
+
|
|
3
16
|
## [v2.0.0](https://github.com/smortex/internet_security_event/tree/v2.0.0) (2022-07-16)
|
|
4
17
|
|
|
5
18
|
[Full Changelog](https://github.com/smortex/internet_security_event/compare/v1.2.1...v2.0.0)
|
data/Rakefile
CHANGED
|
@@ -7,9 +7,19 @@ require 'rspec/core/rake_task'
|
|
|
7
7
|
RSpec::Core::RakeTask.new(:spec)
|
|
8
8
|
|
|
9
9
|
GitHubChangelogGenerator::RakeTask.new :changelog do |config|
|
|
10
|
+
config.header = <<~HEADER.chomp
|
|
11
|
+
# Changelog
|
|
12
|
+
|
|
13
|
+
All notable changes to this project will be documented in this file.
|
|
14
|
+
|
|
15
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
|
|
16
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
17
|
+
HEADER
|
|
18
|
+
config.exclude_labels = %w[duplicate question invalid wontfix wont-fix skip-changelog ignore]
|
|
10
19
|
config.user = 'smortex'
|
|
11
20
|
config.project = 'internet_security_event'
|
|
12
21
|
config.since_tag = 'v1.2.1'
|
|
22
|
+
config.issues = false
|
|
13
23
|
require 'internet_security_event/version'
|
|
14
24
|
config.future_release = "v#{InternetSecurityEvent::VERSION}"
|
|
15
25
|
end
|
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'internet_security_event/
|
|
3
|
+
require 'internet_security_event/x509_certificate_status'
|
|
4
4
|
|
|
5
5
|
module InternetSecurityEvent
|
|
6
|
-
class TLSStatus <
|
|
6
|
+
class TLSStatus < X509CertificateStatus
|
|
7
|
+
attr_reader :hostname
|
|
8
|
+
|
|
7
9
|
def initialize(hostname, certificate)
|
|
8
10
|
@hostname = hostname
|
|
9
11
|
super(certificate)
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'internet_security_event/x509_status'
|
|
4
|
+
|
|
5
|
+
module InternetSecurityEvent
|
|
6
|
+
class X509CertificateRevocationListStatus < X509Status
|
|
7
|
+
attr_reader :crl
|
|
8
|
+
|
|
9
|
+
def initialize(crl)
|
|
10
|
+
@crl = crl
|
|
11
|
+
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def description
|
|
16
|
+
super('crl')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def to_e
|
|
20
|
+
super.merge({
|
|
21
|
+
issuer: crl.issuer.to_s,
|
|
22
|
+
last_update: crl.last_update.to_s,
|
|
23
|
+
next_update: crl.next_update.to_s,
|
|
24
|
+
})
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
private
|
|
28
|
+
|
|
29
|
+
def not_before
|
|
30
|
+
crl.last_update
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
def not_after
|
|
34
|
+
crl.next_update
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
require 'internet_security_event/x509_status'
|
|
4
|
+
|
|
5
|
+
module InternetSecurityEvent
|
|
6
|
+
class X509CertificateStatus < X509Status
|
|
7
|
+
attr_reader :certificate
|
|
8
|
+
|
|
9
|
+
def initialize(certificate)
|
|
10
|
+
@certificate = certificate
|
|
11
|
+
|
|
12
|
+
super()
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
def description
|
|
16
|
+
super('certificate')
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
def to_e
|
|
20
|
+
super.merge({
|
|
21
|
+
subject: certificate.subject.to_s,
|
|
22
|
+
issuer: certificate.issuer.to_s,
|
|
23
|
+
serial: certificate.serial.to_i,
|
|
24
|
+
not_before: certificate.not_before.to_s,
|
|
25
|
+
not_after: certificate.not_after.to_s,
|
|
26
|
+
})
|
|
27
|
+
end
|
|
28
|
+
|
|
29
|
+
private
|
|
30
|
+
|
|
31
|
+
def not_before
|
|
32
|
+
certificate.not_before
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
def not_after
|
|
36
|
+
certificate.not_after
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -4,27 +4,20 @@ require 'active_support/core_ext/numeric/time'
|
|
|
4
4
|
|
|
5
5
|
module InternetSecurityEvent
|
|
6
6
|
class X509Status
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
def self.build(certificate)
|
|
14
|
-
obj = new(certificate)
|
|
7
|
+
def self.build(object)
|
|
8
|
+
obj = if object.is_a?(OpenSSL::X509::Certificate)
|
|
9
|
+
X509CertificateStatus.new(object)
|
|
10
|
+
elsif object.is_a?(OpenSSL::X509::CRL)
|
|
11
|
+
X509CertificateRevocationListStatus.new(object)
|
|
12
|
+
end
|
|
15
13
|
obj.to_e
|
|
16
14
|
end
|
|
17
15
|
|
|
18
|
-
def to_e
|
|
16
|
+
def to_e
|
|
19
17
|
{
|
|
20
18
|
state: state,
|
|
21
19
|
description: description,
|
|
22
20
|
metric: metric,
|
|
23
|
-
subject: certificate.subject.to_s,
|
|
24
|
-
issuer: certificate.issuer.to_s,
|
|
25
|
-
serial: certificate.serial.to_i,
|
|
26
|
-
not_before: certificate.not_before.to_s,
|
|
27
|
-
not_after: certificate.not_after.to_s,
|
|
28
21
|
}
|
|
29
22
|
end
|
|
30
23
|
|
|
@@ -34,11 +27,15 @@ module InternetSecurityEvent
|
|
|
34
27
|
|
|
35
28
|
private
|
|
36
29
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
30
|
+
# Define these method in sub-classes
|
|
31
|
+
# def not_before; end
|
|
32
|
+
# def not_after; end
|
|
33
|
+
|
|
34
|
+
def description(name)
|
|
35
|
+
return "#{name} will become valid in #{distance_of_time_in_words_to_now(not_before)}" if not_valid_yet?
|
|
36
|
+
return "#{name} has expired #{distance_of_time_in_words_to_now(not_after)} ago" if expired?
|
|
40
37
|
|
|
41
|
-
"
|
|
38
|
+
"#{name} will expire in #{distance_of_time_in_words_to_now(not_after)}"
|
|
42
39
|
end
|
|
43
40
|
|
|
44
41
|
def state
|
|
@@ -52,27 +49,27 @@ module InternetSecurityEvent
|
|
|
52
49
|
end
|
|
53
50
|
|
|
54
51
|
def metric
|
|
55
|
-
|
|
52
|
+
not_after - now
|
|
56
53
|
end
|
|
57
54
|
|
|
58
55
|
def not_valid_yet?
|
|
59
|
-
now <
|
|
56
|
+
now < not_before
|
|
60
57
|
end
|
|
61
58
|
|
|
62
59
|
def expired_or_expire_soon?
|
|
63
|
-
now + renewal_duration / 3 >
|
|
60
|
+
now + renewal_duration / 3 > not_after
|
|
64
61
|
end
|
|
65
62
|
|
|
66
63
|
def expired?
|
|
67
|
-
now >
|
|
64
|
+
now > not_after
|
|
68
65
|
end
|
|
69
66
|
|
|
70
67
|
def expire_soonish?
|
|
71
|
-
now + 2 * renewal_duration / 3 >
|
|
68
|
+
now + 2 * renewal_duration / 3 > not_after
|
|
72
69
|
end
|
|
73
70
|
|
|
74
71
|
def validity_duration
|
|
75
|
-
|
|
72
|
+
not_after - not_before
|
|
76
73
|
end
|
|
77
74
|
|
|
78
75
|
def now
|
|
@@ -4,4 +4,6 @@ require 'internet_security_event/now'
|
|
|
4
4
|
require 'internet_security_event/tls_status'
|
|
5
5
|
require 'internet_security_event/tlsa_status'
|
|
6
6
|
require 'internet_security_event/x509_status'
|
|
7
|
+
require 'internet_security_event/x509_certificate_status'
|
|
8
|
+
require 'internet_security_event/x509_certificate_revocation_list_status'
|
|
7
9
|
require 'resolv/dns/resource/in/tlsa'
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: internet_security_event
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Romain Tartière
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-04-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: activesupport
|
|
@@ -162,6 +162,8 @@ files:
|
|
|
162
162
|
- lib/internet_security_event/tls_status.rb
|
|
163
163
|
- lib/internet_security_event/tlsa_status.rb
|
|
164
164
|
- lib/internet_security_event/version.rb
|
|
165
|
+
- lib/internet_security_event/x509_certificate_revocation_list_status.rb
|
|
166
|
+
- lib/internet_security_event/x509_certificate_status.rb
|
|
165
167
|
- lib/internet_security_event/x509_status.rb
|
|
166
168
|
- lib/resolv/dns/resource/in/tlsa.rb
|
|
167
169
|
homepage: https://github.com/smortex/internet_security_event
|
|
@@ -183,7 +185,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
183
185
|
- !ruby/object:Gem::Version
|
|
184
186
|
version: '0'
|
|
185
187
|
requirements: []
|
|
186
|
-
rubygems_version: 3.
|
|
188
|
+
rubygems_version: 3.4.10
|
|
187
189
|
signing_key:
|
|
188
190
|
specification_version: 4
|
|
189
191
|
summary: Build events describing the status of various internet services
|