rex-socket 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: f089313baf795935488a8dd6afd689ca30581cd7
4
- data.tar.gz: 571a4ebe9c229c3d3e721f400862467352b7a1e1
3
+ metadata.gz: fcf6a6e83dff71b36d8471c74c9cd1ac8d5820d1
4
+ data.tar.gz: cdb5388a417cab22de0f4e4dbdfa9c4ff915da69
5
5
  SHA512:
6
- metadata.gz: e5e550e2585b6c9d37ce381ced3f8bcdad76ff1fe59f71e2e0da49500b057ca85b947a4d914f95284bc984f0fe8c5c9052b85ce21c9d605090540b232a8ac4fa
7
- data.tar.gz: 851c8ffde6dd2bf3642f0c54e87fe5ee10bed0e1ebf1802f63e622c7ae970cc0963fb0fe14aecda4946fff6a16653f74d4da5181bae237fb7fa18e3dc9209dbf
6
+ metadata.gz: 5a78e51b16de669de260f18f8c61436ee6fcc1a5f7a402d69d431f0fd61887369a645f93104bb1a2ee90b9d172f56b1bac9dccd853119f7b5c054a9d8bd2178e
7
+ data.tar.gz: f58e3b79734b84962a8aa36f5d01e8a3477cf60b18490507c67590136412e32e3db1e904586e073e58ab60de79db2210c20d33c50ec737c553ff0b8b1b47ccc1
checksums.yaml.gz.sig CHANGED
Binary file
@@ -0,0 +1,165 @@
1
+ # -*- coding: binary -*-
2
+ require 'rex/socket/x509_certificate'
3
+ require 'timeout'
4
+ require 'openssl'
5
+
6
+ ###
7
+ #
8
+ # This class provides methods for interacting with an SSL wrapped TCP server. It
9
+ # implements the StreamServer IO interface.
10
+ #
11
+ ###
12
+ module Rex::Socket::Ssl
13
+
14
+ module CertProvider
15
+
16
+ def self.ssl_generate_subject
17
+ st = Rex::Text.rand_state
18
+ loc = Rex::Text.rand_name.capitalize
19
+ org = Rex::Text.rand_name.capitalize
20
+ cn = Rex::Text.rand_hostname
21
+ "US/ST=#{st}/L=#{loc}/O=#{org}/CN=#{cn}"
22
+ end
23
+
24
+ def self.ssl_generate_issuer
25
+ org = Rex::Text.rand_name.capitalize
26
+ cn = Rex::Text.rand_name.capitalize + " " + Rex::Text.rand_name.capitalize
27
+ "US/O=#{org}/CN=#{cn}"
28
+ end
29
+
30
+ #
31
+ # Generate a realistic-looking but obstensibly fake SSL
32
+ # certificate. This matches a typical "snakeoil" cert.
33
+ #
34
+ # @return [String, String, Array]
35
+ def self.ssl_generate_certificate
36
+ yr = 24*3600*365
37
+ vf = Time.at(Time.now.to_i - rand(yr * 3) - yr)
38
+ vt = Time.at(vf.to_i + (rand(9)+1) * yr)
39
+ subject = ssl_generate_subject
40
+ issuer = ssl_generate_issuer
41
+ key = OpenSSL::PKey::RSA.new(2048){ }
42
+ cert = OpenSSL::X509::Certificate.new
43
+ cert.version = 2
44
+ cert.serial = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
45
+ cert.subject = OpenSSL::X509::Name.new([["C", subject]])
46
+ cert.issuer = OpenSSL::X509::Name.new([["C", issuer]])
47
+ cert.not_before = vf
48
+ cert.not_after = vt
49
+ cert.public_key = key.public_key
50
+
51
+ ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
52
+ cert.extensions = [
53
+ ef.create_extension("basicConstraints","CA:FALSE")
54
+ ]
55
+ ef.issuer_certificate = cert
56
+
57
+ cert.sign(key, OpenSSL::Digest::SHA256.new)
58
+
59
+ [key, cert, nil]
60
+ end
61
+ end
62
+
63
+ # This defines the global certificate provider for all consumers of the mixin
64
+ # Beware that altering this at runtime in one consumer will affect all others
65
+ # Providers must expose at least the class methods given above accepting the
66
+ # same calling convention.
67
+ @@cert_provider = Rex::Socket::Ssl::CertProvider
68
+
69
+ def self.cert_provider=(val)
70
+ @@cert_provider = val
71
+ end
72
+
73
+ #
74
+ # Parse a certificate in unified PEM format that contains a private key and
75
+ # one or more certificates. The first certificate is the primary, while any
76
+ # additional certificates are treated as intermediary certificates. This emulates
77
+ # the behavior of web servers like nginx.
78
+ #
79
+ # @param [String] ssl_cert
80
+ # @return [String, String, Array]
81
+ def self.ssl_parse_pem(ssl_cert)
82
+ Rex::Socket::X509Certificate.parse_pem(ssl_cert)
83
+ end
84
+
85
+ def self.ssl_generate_subject
86
+ @@cert_provider.ssl_generate_subject
87
+ end
88
+
89
+ def self.ssl_generate_issuer
90
+ @@cert_provider.ssl_generate_issuer
91
+ end
92
+
93
+ def self.ssl_generate_certificate
94
+ @@cert_provider.ssl_generate_certificate
95
+ end
96
+
97
+ #
98
+ # Shim for the ssl_parse_pem module method
99
+ #
100
+ def ssl_parse_pem(ssl_cert)
101
+ Rex::Socket::Ssl.ssl_parse_pem(ssl_cert)
102
+ end
103
+
104
+ #
105
+ # Shim for the ssl_generate_certificate module method
106
+ #
107
+ def ssl_generate_certificate
108
+ Rex::Socket::Ssl.ssl_generate_certificate
109
+ end
110
+
111
+ #
112
+ # Create a new ssl context. If +ssl_cert+ is not given, generates a new
113
+ # key and a leaf certificate with random values.
114
+ #
115
+ # @param [Rex::Socket::Parameters] params
116
+ # @return [::OpenSSL::SSL::SSLContext]
117
+ def makessl(params)
118
+
119
+ if params.ssl_cert
120
+ key, cert, chain = ssl_parse_pem(params.ssl_cert)
121
+ else
122
+ key, cert, chain = ssl_generate_certificate
123
+ end
124
+
125
+ ctx = OpenSSL::SSL::SSLContext.new()
126
+ ctx.key = key
127
+ ctx.cert = cert
128
+ ctx.extra_chain_cert = chain
129
+ ctx.options = 0
130
+
131
+ if params.ssl_cipher
132
+ ctx.ciphers = params.ssl_cipher
133
+ end
134
+
135
+ # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
136
+ if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
137
+ # enable/disable the SSL/TLS-level compression
138
+ if params.ssl_compression
139
+ ctx.options &= ~OpenSSL::SSL::OP_NO_COMPRESSION
140
+ else
141
+ ctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
142
+ end
143
+ end
144
+
145
+ ctx.session_id_context = Rex::Text.rand_text(16)
146
+
147
+ return ctx
148
+ end
149
+
150
+ #
151
+ # This flag determines whether to use the non-blocking openssl
152
+ # API calls when they are available. This is still buggy on
153
+ # Linux/Mac OS X, but is required on Windows
154
+ #
155
+ def allow_nonblock?(sock=self.sock)
156
+ avail = sock.respond_to?(:accept_nonblock)
157
+ if avail and Rex::Compat.is_windows
158
+ return true
159
+ end
160
+ false
161
+ end
162
+
163
+ attr_accessor :sslctx
164
+ end
165
+
@@ -1,5 +1,6 @@
1
1
  # -*- coding: binary -*-
2
2
  require 'rex/socket'
3
+ require 'openssl'
3
4
  ###
4
5
  #
5
6
  # This class provides methods for interacting with an SSL TCP client
@@ -9,15 +10,6 @@ require 'rex/socket'
9
10
  module Rex::Socket::SslTcp
10
11
 
11
12
  begin
12
- @@loaded_openssl = false
13
-
14
- begin
15
- require 'openssl'
16
- @@loaded_openssl = true
17
- require 'openssl/nonblock'
18
- rescue ::Exception
19
- end
20
-
21
13
 
22
14
  include Rex::Socket::Tcp
23
15
 
@@ -31,7 +23,6 @@ begin
31
23
  # Creates an SSL TCP instance.
32
24
  #
33
25
  def self.create(hash = {})
34
- raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
35
26
  hash['SSL'] = true
36
27
  self.create_param(Rex::Socket::Parameters.from_hash(hash))
37
28
  end
@@ -1,9 +1,8 @@
1
1
  # -*- coding: binary -*-
2
2
  require 'rex/socket'
3
+ require 'rex/socket/ssl'
3
4
  require 'rex/socket/tcp_server'
4
5
  require 'rex/io/stream_server'
5
- require 'rex/socket/x509_certificate'
6
- require 'timeout'
7
6
 
8
7
  ###
9
8
  #
@@ -13,15 +12,7 @@ require 'timeout'
13
12
  ###
14
13
  module Rex::Socket::SslTcpServer
15
14
 
16
- @@loaded_openssl = false
17
-
18
- begin
19
- require 'openssl'
20
- @@loaded_openssl = true
21
- require 'openssl/nonblock'
22
- rescue ::Exception
23
- end
24
-
15
+ include Rex::Socket::Ssl
25
16
  include Rex::Socket::TcpServer
26
17
 
27
18
  ##
@@ -49,7 +40,6 @@ module Rex::Socket::SslTcpServer
49
40
  end
50
41
 
51
42
  def initsock(params = nil)
52
- raise RuntimeError, 'No OpenSSL support' unless @@loaded_openssl
53
43
 
54
44
  if params && params.sslctx && params.sslctx.kind_of?(OpenSSL::SSL::SSLContext)
55
45
  self.sslctx = params.sslctx
@@ -114,130 +104,5 @@ module Rex::Socket::SslTcpServer
114
104
  end
115
105
  end
116
106
 
117
- #
118
- # Parse a certificate in unified PEM format that contains a private key and
119
- # one or more certificates. The first certificate is the primary, while any
120
- # additional certificates are treated as intermediary certificates. This emulates
121
- # the behavior of web servers like nginx.
122
- #
123
- # @param [String] ssl_cert
124
- # @return [String, String, Array]
125
- def self.ssl_parse_pem(ssl_cert)
126
- Rex::Socket::X509Certificate.parse_pem(ssl_cert)
127
- end
128
-
129
- #
130
- # Shim for the ssl_parse_pem module method
131
- #
132
- def ssl_parse_pem(ssl_cert)
133
- Rex::Socket::SslTcpServer.ssl_parse_pem(ssl_cert)
134
- end
135
-
136
- def self.ssl_generate_subject
137
- st = Rex::Text.rand_state
138
- loc = Rex::Text.rand_name.capitalize
139
- org = Rex::Text.rand_name.capitalize
140
- cn = Rex::Text.rand_hostname
141
- "US/ST=#{st}/L=#{loc}/O=#{org}/CN=#{cn}"
142
- end
143
-
144
- def self.ssl_generate_issuer
145
- org = Rex::Text.rand_name.capitalize
146
- cn = Rex::Text.rand_name.capitalize + " " + Rex::Text.rand_name.capitalize
147
- "US/O=#{org}/CN=#{cn}"
148
- end
149
-
150
- #
151
- # Generate a realistic-looking but obstensibly fake SSL
152
- # certificate. This matches a typical "snakeoil" cert.
153
- #
154
- # @return [String, String, Array]
155
- def self.ssl_generate_certificate
156
- yr = 24*3600*365
157
- vf = Time.at(Time.now.to_i - rand(yr * 3) - yr)
158
- vt = Time.at(vf.to_i + (rand(9)+1) * yr)
159
- subject = ssl_generate_subject
160
- issuer = ssl_generate_issuer
161
- key = OpenSSL::PKey::RSA.new(2048){ }
162
- cert = OpenSSL::X509::Certificate.new
163
- cert.version = 2
164
- cert.serial = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
165
- cert.subject = OpenSSL::X509::Name.new([["C", subject]])
166
- cert.issuer = OpenSSL::X509::Name.new([["C", issuer]])
167
- cert.not_before = vf
168
- cert.not_after = vt
169
- cert.public_key = key.public_key
170
-
171
- ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
172
- cert.extensions = [
173
- ef.create_extension("basicConstraints","CA:FALSE")
174
- ]
175
- ef.issuer_certificate = cert
176
-
177
- cert.sign(key, OpenSSL::Digest::SHA256.new)
178
-
179
- [key, cert, nil]
180
- end
181
-
182
- #
183
- # Shim for the ssl_generate_certificate module method
184
- #
185
- def ssl_generate_certificate
186
- Rex::Socket::SslTcpServer.ssl_generate_certificate
187
- end
188
-
189
- #
190
- # Create a new ssl context. If +ssl_cert+ is not given, generates a new
191
- # key and a leaf certificate with random values.
192
- #
193
- # @param [Rex::Socket::Parameters] params
194
- # @return [::OpenSSL::SSL::SSLContext]
195
- def makessl(params)
196
-
197
- if params.ssl_cert
198
- key, cert, chain = ssl_parse_pem(params.ssl_cert)
199
- else
200
- key, cert, chain = ssl_generate_certificate
201
- end
202
-
203
- ctx = OpenSSL::SSL::SSLContext.new()
204
- ctx.key = key
205
- ctx.cert = cert
206
- ctx.extra_chain_cert = chain
207
- ctx.options = 0
208
-
209
- if params.ssl_cipher
210
- ctx.ciphers = params.ssl_cipher
211
- end
212
-
213
- # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
214
- if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
215
- # enable/disable the SSL/TLS-level compression
216
- if params.ssl_compression
217
- ctx.options &= ~OpenSSL::SSL::OP_NO_COMPRESSION
218
- else
219
- ctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
220
- end
221
- end
222
-
223
- ctx.session_id_context = Rex::Text.rand_text(16)
224
-
225
- return ctx
226
- end
227
-
228
- #
229
- # This flag determines whether to use the non-blocking openssl
230
- # API calls when they are available. This is still buggy on
231
- # Linux/Mac OS X, but is required on Windows
232
- #
233
- def allow_nonblock?(sock=self.sock)
234
- avail = sock.respond_to?(:accept_nonblock)
235
- if avail and Rex::Compat.is_windows
236
- return true
237
- end
238
- false
239
- end
240
-
241
- attr_accessor :sslctx
242
107
  end
243
108
 
@@ -1,5 +1,5 @@
1
1
  module Rex
2
2
  module Socket
3
- VERSION = "0.1.9"
3
+ VERSION = "0.1.10"
4
4
  end
5
5
  end
data.tar.gz.sig CHANGED
@@ -1,2 +1 @@
1
- ,����f��fه����R
2
- p��("r*�r�����������7*�=�i�'ƹJs� I�eJ�y�������w�!4���
1
+ v�\n�¯O�S0�[]E%�%>͎��EOsV@F,�� |us�*U�=gFv��H���1���|݌���Cr�I�����ٴ�8�Ӗ��� �T�mcn�cD�P���@QŐM{/�*���2��+D��w��h��2p4ff./3�����7��<�Y��S3b<������ҿ@�T&�{!���蠕n>$!3��.aѓQ˩�v]t�c�-��Ek-X[�Z,��鸝qx�M�S��ߋN~X�=L���lW��zb#r4
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rex-socket
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - David Maloney
@@ -88,7 +88,7 @@ cert_chain:
88
88
  G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
89
89
  8mVuTXnyJOKRJA==
90
90
  -----END CERTIFICATE-----
91
- date: 2017-10-24 00:00:00.000000000 Z
91
+ date: 2017-12-29 00:00:00.000000000 Z
92
92
  dependencies:
93
93
  - !ruby/object:Gem::Dependency
94
94
  name: bundler
@@ -173,6 +173,7 @@ files:
173
173
  - lib/rex/socket/parameters.rb
174
174
  - lib/rex/socket/range_walker.rb
175
175
  - lib/rex/socket/ssh_factory.rb
176
+ - lib/rex/socket/ssl.rb
176
177
  - lib/rex/socket/ssl_tcp.rb
177
178
  - lib/rex/socket/ssl_tcp_server.rb
178
179
  - lib/rex/socket/subnet_walker.rb
metadata.gz.sig CHANGED
Binary file