rex-socket 0.1.9 → 0.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f089313baf795935488a8dd6afd689ca30581cd7
-  data.tar.gz: 571a4ebe9c229c3d3e721f400862467352b7a1e1
+  metadata.gz: fcf6a6e83dff71b36d8471c74c9cd1ac8d5820d1
+  data.tar.gz: cdb5388a417cab22de0f4e4dbdfa9c4ff915da69
 SHA512:
-  metadata.gz: e5e550e2585b6c9d37ce381ced3f8bcdad76ff1fe59f71e2e0da49500b057ca85b947a4d914f95284bc984f0fe8c5c9052b85ce21c9d605090540b232a8ac4fa
-  data.tar.gz: 851c8ffde6dd2bf3642f0c54e87fe5ee10bed0e1ebf1802f63e622c7ae970cc0963fb0fe14aecda4946fff6a16653f74d4da5181bae237fb7fa18e3dc9209dbf
+  metadata.gz: 5a78e51b16de669de260f18f8c61436ee6fcc1a5f7a402d69d431f0fd61887369a645f93104bb1a2ee90b9d172f56b1bac9dccd853119f7b5c054a9d8bd2178e
+  data.tar.gz: f58e3b79734b84962a8aa36f5d01e8a3477cf60b18490507c67590136412e32e3db1e904586e073e58ab60de79db2210c20d33c50ec737c553ff0b8b1b47ccc1

data/lib/rex/socket/ssl.rb

@@ -0,0 +1,165 @@
+# -*- coding: binary -*-
+require 'rex/socket/x509_certificate'
+require 'timeout'
+require 'openssl'
+
+###
+#
+# This class provides methods for interacting with an SSL wrapped TCP server.  It
+# implements the StreamServer IO interface.
+#
+###
+module Rex::Socket::Ssl
+
+  module CertProvider
+
+    def self.ssl_generate_subject
+      st  = Rex::Text.rand_state
+      loc = Rex::Text.rand_name.capitalize
+      org = Rex::Text.rand_name.capitalize
+      cn  = Rex::Text.rand_hostname
+      "US/ST=#{st}/L=#{loc}/O=#{org}/CN=#{cn}"
+    end
+
+    def self.ssl_generate_issuer
+      org = Rex::Text.rand_name.capitalize
+      cn  = Rex::Text.rand_name.capitalize + " " + Rex::Text.rand_name.capitalize
+      "US/O=#{org}/CN=#{cn}"
+    end
+
+    #
+    # Generate a realistic-looking but obstensibly fake SSL
+    # certificate. This matches a typical "snakeoil" cert.
+    #
+    # @return [String, String, Array]
+    def self.ssl_generate_certificate
+      yr      = 24*3600*365
+      vf      = Time.at(Time.now.to_i - rand(yr * 3) - yr)
+      vt      = Time.at(vf.to_i + (rand(9)+1) * yr)
+      subject = ssl_generate_subject
+      issuer  = ssl_generate_issuer
+      key     = OpenSSL::PKey::RSA.new(2048){ }
+      cert    = OpenSSL::X509::Certificate.new
+      cert.version    = 2
+      cert.serial     = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
+      cert.subject    = OpenSSL::X509::Name.new([["C", subject]])
+      cert.issuer     = OpenSSL::X509::Name.new([["C", issuer]])
+      cert.not_before = vf
+      cert.not_after  = vt
+      cert.public_key = key.public_key
+
+      ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+      cert.extensions = [
+        ef.create_extension("basicConstraints","CA:FALSE")
+      ]
+      ef.issuer_certificate = cert
+
+      cert.sign(key, OpenSSL::Digest::SHA256.new)
+
+      [key, cert, nil]
+    end
+  end
+
+  # This defines the global certificate provider for all consumers of the mixin
+  # Beware that altering this at runtime in one consumer will affect all others
+  # Providers must expose at least the class methods given above accepting the
+  # same calling convention.
+  @@cert_provider = Rex::Socket::Ssl::CertProvider
+
+  def self.cert_provider=(val)
+    @@cert_provider = val
+  end
+
+  #
+  # Parse a certificate in unified PEM format that contains a private key and
+  # one or more certificates. The first certificate is the primary, while any
+  # additional certificates are treated as intermediary certificates. This emulates
+  # the behavior of web servers like nginx.
+  #
+  # @param [String] ssl_cert
+  # @return [String, String, Array]
+  def self.ssl_parse_pem(ssl_cert)
+    Rex::Socket::X509Certificate.parse_pem(ssl_cert)
+  end
+
+  def self.ssl_generate_subject
+    @@cert_provider.ssl_generate_subject
+  end
+
+  def self.ssl_generate_issuer
+    @@cert_provider.ssl_generate_issuer
+  end
+
+  def self.ssl_generate_certificate
+    @@cert_provider.ssl_generate_certificate
+  end
+
+  #
+  # Shim for the ssl_parse_pem module method
+  #
+  def ssl_parse_pem(ssl_cert)
+    Rex::Socket::Ssl.ssl_parse_pem(ssl_cert)
+  end
+
+  #
+  # Shim for the ssl_generate_certificate module method
+  #
+  def ssl_generate_certificate
+    Rex::Socket::Ssl.ssl_generate_certificate
+  end
+
+  #
+  # Create a new ssl context.  If +ssl_cert+ is not given, generates a new
+  # key and a leaf certificate with random values.
+  #
+  # @param [Rex::Socket::Parameters] params
+  # @return [::OpenSSL::SSL::SSLContext]
+  def makessl(params)
+
+    if params.ssl_cert
+      key, cert, chain = ssl_parse_pem(params.ssl_cert)
+    else
+      key, cert, chain = ssl_generate_certificate
+    end
+
+    ctx = OpenSSL::SSL::SSLContext.new()
+    ctx.key = key
+    ctx.cert = cert
+    ctx.extra_chain_cert = chain
+    ctx.options = 0
+
+    if params.ssl_cipher
+      ctx.ciphers = params.ssl_cipher
+    end
+
+    # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
+    if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
+      # enable/disable the SSL/TLS-level compression
+      if params.ssl_compression
+        ctx.options &= ~OpenSSL::SSL::OP_NO_COMPRESSION
+      else
+        ctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
+      end
+    end
+
+    ctx.session_id_context = Rex::Text.rand_text(16)
+
+    return ctx
+  end
+
+  #
+  # This flag determines whether to use the non-blocking openssl
+  # API calls when they are available. This is still buggy on
+  # Linux/Mac OS X, but is required on Windows
+  #
+  def allow_nonblock?(sock=self.sock)
+    avail = sock.respond_to?(:accept_nonblock)
+    if avail and Rex::Compat.is_windows
+      return true
+    end
+    false
+  end
+
+  attr_accessor :sslctx
+end
+

data/lib/rex/socket/ssl_tcp.rb

@@ -1,5 +1,6 @@
 # -*- coding: binary -*-
 require 'rex/socket'
+require 'openssl'
 ###
 #
 # This class provides methods for interacting with an SSL TCP client
@@ -9,15 +10,6 @@ require 'rex/socket'
 module Rex::Socket::SslTcp
 
 begin
-  @@loaded_openssl = false
-
-  begin
-    require 'openssl'
-    @@loaded_openssl = true
-    require 'openssl/nonblock'
-  rescue ::Exception
-  end
-
 
   include Rex::Socket::Tcp
 
@@ -31,7 +23,6 @@ begin
   # Creates an SSL TCP instance.
   #
   def self.create(hash = {})
-    raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
     hash['SSL'] = true
     self.create_param(Rex::Socket::Parameters.from_hash(hash))
   end

data/lib/rex/socket/ssl_tcp_server.rb

@@ -1,9 +1,8 @@
 # -*- coding: binary -*-
 require 'rex/socket'
+require 'rex/socket/ssl'
 require 'rex/socket/tcp_server'
 require 'rex/io/stream_server'
-require 'rex/socket/x509_certificate'
-require 'timeout'
 
 ###
 #
@@ -13,15 +12,7 @@ require 'timeout'
 ###
 module Rex::Socket::SslTcpServer
 
-  @@loaded_openssl = false
-
-  begin
-    require 'openssl'
-    @@loaded_openssl = true
-    require 'openssl/nonblock'
-  rescue ::Exception
-  end
-
+  include Rex::Socket::Ssl
   include Rex::Socket::TcpServer
 
   ##
@@ -49,7 +40,6 @@ module Rex::Socket::SslTcpServer
   end
 
   def initsock(params = nil)
-    raise RuntimeError, 'No OpenSSL support' unless @@loaded_openssl
 
     if params && params.sslctx && params.sslctx.kind_of?(OpenSSL::SSL::SSLContext)
       self.sslctx = params.sslctx
@@ -114,130 +104,5 @@ module Rex::Socket::SslTcpServer
     end
   end
 
-  #
-  # Parse a certificate in unified PEM format that contains a private key and
-  # one or more certificates. The first certificate is the primary, while any
-  # additional certificates are treated as intermediary certificates. This emulates
-  # the behavior of web servers like nginx.
-  #
-  # @param [String] ssl_cert
-  # @return [String, String, Array]
-  def self.ssl_parse_pem(ssl_cert)
-    Rex::Socket::X509Certificate.parse_pem(ssl_cert)
-  end
-
-  #
-  # Shim for the ssl_parse_pem module method
-  #
-  def ssl_parse_pem(ssl_cert)
-    Rex::Socket::SslTcpServer.ssl_parse_pem(ssl_cert)
-  end
-
-  def self.ssl_generate_subject
-    st  = Rex::Text.rand_state
-    loc = Rex::Text.rand_name.capitalize
-    org = Rex::Text.rand_name.capitalize
-    cn  = Rex::Text.rand_hostname
-    "US/ST=#{st}/L=#{loc}/O=#{org}/CN=#{cn}"
-  end
-
-  def self.ssl_generate_issuer
-    org = Rex::Text.rand_name.capitalize
-    cn  = Rex::Text.rand_name.capitalize + " " + Rex::Text.rand_name.capitalize
-    "US/O=#{org}/CN=#{cn}"
-  end
-
-  #
-  # Generate a realistic-looking but obstensibly fake SSL
-  # certificate. This matches a typical "snakeoil" cert.
-  #
-  # @return [String, String, Array]
-  def self.ssl_generate_certificate
-    yr      = 24*3600*365
-    vf      = Time.at(Time.now.to_i - rand(yr * 3) - yr)
-    vt      = Time.at(vf.to_i + (rand(9)+1) * yr)
-    subject = ssl_generate_subject
-    issuer  = ssl_generate_issuer
-    key     = OpenSSL::PKey::RSA.new(2048){ }
-    cert    = OpenSSL::X509::Certificate.new
-    cert.version    = 2
-    cert.serial     = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
-    cert.subject    = OpenSSL::X509::Name.new([["C", subject]])
-    cert.issuer     = OpenSSL::X509::Name.new([["C", issuer]])
-    cert.not_before = vf
-    cert.not_after  = vt
-    cert.public_key = key.public_key
-
-    ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
-    cert.extensions = [
-      ef.create_extension("basicConstraints","CA:FALSE")
-    ]
-    ef.issuer_certificate = cert
-
-    cert.sign(key, OpenSSL::Digest::SHA256.new)
-
-    [key, cert, nil]
-  end
-
-  #
-  # Shim for the ssl_generate_certificate module method
-  #
-  def ssl_generate_certificate
-    Rex::Socket::SslTcpServer.ssl_generate_certificate
-  end
-
-  #
-  # Create a new ssl context.  If +ssl_cert+ is not given, generates a new
-  # key and a leaf certificate with random values.
-  #
-  # @param [Rex::Socket::Parameters] params
-  # @return [::OpenSSL::SSL::SSLContext]
-  def makessl(params)
-
-    if params.ssl_cert
-      key, cert, chain = ssl_parse_pem(params.ssl_cert)
-    else
-      key, cert, chain = ssl_generate_certificate
-    end
-
-    ctx = OpenSSL::SSL::SSLContext.new()
-    ctx.key = key
-    ctx.cert = cert
-    ctx.extra_chain_cert = chain
-    ctx.options = 0
-
-    if params.ssl_cipher
-      ctx.ciphers = params.ssl_cipher
-    end
-
-    # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
-    if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
-      # enable/disable the SSL/TLS-level compression
-      if params.ssl_compression
-        ctx.options &= ~OpenSSL::SSL::OP_NO_COMPRESSION
-      else
-        ctx.options |= OpenSSL::SSL::OP_NO_COMPRESSION
-      end
-    end
-
-    ctx.session_id_context = Rex::Text.rand_text(16)
-
-    return ctx
-  end
-
-  #
-  # This flag determines whether to use the non-blocking openssl
-  # API calls when they are available. This is still buggy on
-  # Linux/Mac OS X, but is required on Windows
-  #
-  def allow_nonblock?(sock=self.sock)
-    avail = sock.respond_to?(:accept_nonblock)
-    if avail and Rex::Compat.is_windows
-      return true
-    end
-    false
-  end
-
-  attr_accessor :sslctx
 end
 

data/lib/rex/socket/version.rb

@@ -1,5 +1,5 @@
 module Rex
   module Socket
-    VERSION = "0.1.9"
+    VERSION = "0.1.10"
   end
 end

data.tar.gz.sig

@@ -1,2 +1 @@
-,����f��fه����R
-p��("r*�r�����������7*�=�i�'ƹJs�	I�eJ�y�������w�!4���
+v�\n�¯O�S0�[]E%�%>͎��EOsV@F,��|us�*U�=gFv��H���1���|݌���Cr�I�����ٴ�8�Ӗ����T�mcn�cD�P���@QŐM{/�*���2��+D��w��h��2p4ff./3�����7��<�Y��S3b<������ҿ@�T&�{!���蠕n>$!3��.aѓQ˩�v]t�c�-��Ek-X[�Z,��鸝qx�M�S��ߋN~X�=L���lW��zb#r4

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex-socket
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.1.10
 platform: ruby
 authors:
 - David Maloney
@@ -88,7 +88,7 @@ cert_chain:
   G+Hmcg1v810agasPdoydE0RTVZgEOOMoQ07qu7JFXVWZ9ZQpHT7qJATWL/b2csFG
   8mVuTXnyJOKRJA==
   -----END CERTIFICATE-----
-date: 2017-10-24 00:00:00.000000000 Z
+date: 2017-12-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -173,6 +173,7 @@ files:
 - lib/rex/socket/parameters.rb
 - lib/rex/socket/range_walker.rb
 - lib/rex/socket/ssh_factory.rb
+- lib/rex/socket/ssl.rb
 - lib/rex/socket/ssl_tcp.rb
 - lib/rex/socket/ssl_tcp_server.rb
 - lib/rex/socket/subnet_walker.rb