ruby-sslyze 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c4013d128b21d94004ca8c15715b85531acfe46f
+  data.tar.gz: bfcbc3a8309309dbc5e03986f153fdd1792174a3
+SHA512:
+  metadata.gz: ce2fd295c02224d87157bedfec3cf4d63f4b0d9f9558a12fa00063c104c3eef986bfae25c2ec1378136a17db1fb4ff24589a0ad902df1591e80b95559a134662
+  data.tar.gz: 9d5cf5e4dca31f544e6cae4cdad4a7b09ba4a2c80350bdac8094e793f2626622d30c42489ae6baec63749ab7729ba66b11af36fa079a95b633b117425b21092f

data/.document

@@ -0,0 +1,3 @@
+- 
+ChangeLog.md
+LICENSE.txt

data/.gitignore

@@ -0,0 +1,4 @@
+Gemfile.lock
+doc/
+pkg/
+vendor/cache/*.gem

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.travis.yml

@@ -0,0 +1,19 @@
+language: ruby
+sudo: false
+rvm:
+- 1.9.3
+- 2.0
+- 2.1
+- ruby-head
+- jruby-19mode
+- jruby-head
+- rbx-2
+matrix:
+  allow_failures:
+  - rvm: rbx-2
+addons:
+  code_climate:
+    repo_token: 2a03fa37ce5a5cb21bb117a736be5d83dcf9f1c3ea2b248f7af4c0a7b330d8c8
+notifications:
+  slack:
+    secure: IfKhtia5nM6KA9nK8jiSkNnVOLN96er6gK5jgjYKFNrVyWAKRUJZ0TB9L+igjUWDq7t+tRvj8yGT2k61xVJgF+ZDlQiWvyazTsgQeqbjieCxCrj/BTGZLyD1hhOLg7vqpyeQvp/34hDahx6XNp6XPvkxeofjc0H6STv2UjJkpQk=

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title "ruby-sslyze Documentation" --protected

data/ChangeLog.md

@@ -0,0 +1,8 @@
+### 0.1.0 / 2015-10-13
+
+* Initial release:
+  * Provides a Ruby interface to `sslyze.py`.
+  * Provides a Parser for consuming the sslyze XML output.
+  * [sslyze] >= 0.12
+
+[sslyze]: https://github.com/nabla-c0d3/sslyze#readme

data/Gemfile

@@ -0,0 +1,18 @@
+source 'https://rubygems.org/'
+
+gemspec
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks', '~> 0.2'
+
+  gem 'rspec', '~> 3.0'
+
+  gem 'yard', '~> 0.8'
+  gem 'kramdown'
+end
+
+group :test do
+  gem 'json'
+  gem 'codeclimate-test-reporter', require: nil
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2014-2015 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,70 @@
+# ruby-sslyze
+
+[![Code Climate](https://codeclimate.com/github/trailofbits/ruby-sslyze/badges/gpa.svg)](https://codeclimate.com/github/trailofbits/ruby-sslyze)
+[![Test Coverage](https://codeclimate.com/github/trailofbits/ruby-sslyze/badges/coverage.svg)](https://codeclimate.com/github/trailofbits/ruby-sslyze)
+[![Build Status](https://travis-ci.org/trailofbits/ruby-sslyze.svg)](https://travis-ci.org/trailofbits/ruby-sslyze)
+
+* [Homepage](https://github.com/trailofbits/ruby-sslyze#readme)
+* [Issues](https://github.com/trailofbits/ruby-sslyze/issues)
+* [Documentation](http://rubydoc.info/gems/ruby-sslyze/frames)
+* [Email](mailto:hal at trailofbits.com)
+
+## Description
+
+A Ruby interface to [sslyze] python utility.
+
+## Features
+
+* Provides a Ruby interface to `sslyze.py`.
+* Provides a Parser for consuming the sslyze XML output.
+* [sslyze] >= 0.12
+
+## Examples
+
+Analyze a domain:
+
+    require 'sslyze'
+
+    SSLyze::Program.analyze(targets: 'twitter.com', regular: true, timeout: 5)
+
+Analyze multiple domains:
+
+    SSLyze::Program.analyze(
+      targets: ['twitter.com', 'github.com'],
+      regular: true,
+      timeout: 5
+    )
+
+Output to XML:
+
+    SSLyze::Program.analyze(
+      targets: 'twitter.com',
+      regular: true,
+      timeout: 5,
+      xml_out: 'path/to/xml'
+    )
+
+Parsing sslyze XML output:
+
+    xml = SSLyze::XML.open('path/to/xml')
+
+## Requirements
+
+* [rprogram] ~> 0.3
+* [nokogiri] ~> 1.0
+* [sslyze] >= 0.12
+
+## Install
+
+    $ gem install ruby-sslyze
+
+## Copyright
+
+Copyright (c) 2014 Hal Brodigan
+
+See {file:LICENSE.txt} for details.
+
+[sslyze]: https://github.com/nabla-c0d3/sslyze#readme
+
+[rpgoram]: https://github.com/postmodern/rprogram#readme
+[nokogiri]: http://www.nokogiri.org/

data/Rakefile

@@ -0,0 +1,23 @@
+begin
+  require 'bundler/setup'
+rescue LoadError => e
+  abort e.message
+end
+
+require 'rake'
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new  
+task :doc => :yard
+
+file 'spec/sslyze.xml' do
+  sh 'sslyze.py --xml_out spec/sslyze.xml --regular --timeout 5 twitter.com github.com:443 yahoo.com:443'
+end

data/lib/sslyze.rb

@@ -0,0 +1,3 @@
+require 'sslyze/program'
+require 'sslyze/xml'
+require 'sslyze/version'

data/lib/sslyze/cert_info.rb

@@ -0,0 +1,55 @@
+require 'sslyze/certificate_chain'
+require 'sslyze/certificate_validation'
+require 'sslyze/ocsp_response'
+
+module SSLyze
+  #
+  # Represents the `<certinfo>` element.
+  #
+  class CertInfo
+
+    #
+    # Initializes the cert info.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<certinfo>` element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # Certificate chain.
+    #
+    # @return [CertificateChain, nil]
+    #
+    def chain
+      @chain ||= if (cert_chain = @node.at('certificateChain'))
+                   CertificateChain.new(cert_chain)
+                 end
+    end
+
+    #
+    # Certificate validation information.
+    #
+    # @return [CertificateValidation]
+    #
+    def validation
+      @validation ||= CertificateValidation.new(@node.at('certificateValidation'))
+    end
+
+    #
+    # OCSP response stapling information.
+    #
+    # @return [OCSPResponse, nil]
+    #
+    def ocsp_response
+      @ocsp_response ||= if (ocsp_response = @node.at('ocspStapling/ocspResponse'))
+                           OCSPResponse.new(ocsp_response)
+                         end
+    end
+
+    alias ocsp_stapling ocsp_response
+
+  end
+end

data/lib/sslyze/certificate.rb

@@ -0,0 +1,139 @@
+require 'sslyze/certificate/subject_public_key_info'
+require 'sslyze/certificate/extensions'
+require 'sslyze/certificate/subject'
+require 'sslyze/certificate/validity'
+require 'sslyze/certificate/issuer'
+
+require 'date'
+
+module SSLyze
+  #
+  # Represents the `<certificate>` XML element.
+  #
+  class Certificate
+
+    #
+    # Initializes the certificate.
+    #
+    # @param [Nokogiri::XML::Node] node
+    #   The `<certificate>` XML element.
+    #
+    def initialize(node)
+      @node = node
+    end
+
+    #
+    # The position of the certificate within the cert chain.
+    #
+    # @return [:leaf, :intermediate]
+    #
+    def position
+      @position ||= @node['position'].to_sym
+    end
+
+    #
+    # The SHA1 fingerprint of the cert.
+    #
+    # @return [String]
+    #
+    def sha1_fingerprint
+      @sha1_fingerprint ||= @node['sha1Fingerprint']
+    end
+
+    #
+    # The AS PEM information.
+    #
+    # @return [String]
+    #
+    def as_pem
+      @as_pem ||= @node.at('asPEM').inner_text
+    end
+
+    #
+    # The subject public key information.
+    #
+    # @return [SubjectPublicKeyInfo]
+    #
+    def subject_public_key_info
+      @subject_public_key_info ||= SubjectPublicKeyInfo.new(
+        @node.at('subjectPublicKeyInfo')
+      )
+    end
+
+    #
+    # The certificate SSL version.
+    #
+    # @return [Integer]
+    #
+    def version
+      @version ||= @node.at('version').inner_text.to_i
+    end
+
+    #
+    # The SSL extensions.
+    #
+    # @return [Extensions]
+    #
+    def extensions
+      @extensions ||= Extensions.new(@node.at('extensions'))
+    end
+
+    #
+    # The certificate signature.
+    #
+    # @return [String]
+    #
+    def signature_value
+      @signature_value ||= @node.at('signatureValue').inner_text
+    end
+
+    #
+    # The certificate signature algorithm.
+    #
+    # @return [String]
+    #
+    def signature_algorithm
+      @signature_algorithm ||= @node.at('signatureAlgorithm').inner_text
+    end
+
+    #
+    # The certificate serial number.
+    #
+    # @return [String]
+    #
+    def serial_number
+      @serial_number ||= @node.at('serialNumber').inner_text
+    end
+
+    #
+    # The certificate subject information.
+    #
+    # @return [Subject]
+    #
+    def subject
+      @subject ||= Subject.new(@node.at('subject'))
+    end
+
+    #
+    # The certificate validity.
+    #
+    # @return [Validity]
+    #
+    def validity
+      @validity ||= Validity.new(
+        Date.parse(@node.at('validity/notAfter').inner_text),
+        Date.parse(@node.at('validity/notBefore').inner_text)
+      )
+    end
+
+    #
+    # The certificate issuer.
+    #
+    # @return [Issuer]
+    #
+    def issuer
+      @issuer ||= Issuer.new(@node.at('issuer'))
+    end
+
+  end
+end

data/lib/sslyze/certificate/domain_name.rb

@@ -0,0 +1,77 @@
+module SSLyze
+  class Certificate
+    #
+    # Represents a domain name pattern.
+    #
+    class DomainName
+
+      # The subject name.
+      #
+      # @return [String]
+      attr_reader :name
+
+      # The domain part of the subject name.
+      #
+      # @return [String]
+      attr_reader :domain
+
+      # The literal suffix of the subject name.
+      #
+      # @return [String]
+      attr_reader :suffix
+
+      #
+      # Initializes the subject name.
+      #
+      # @param [String] name
+      #   The subject name.
+      #
+      def initialize(name)
+        @name = name
+
+        if @name.start_with?('*.')
+          @suffix = @name[1..-1]
+          @domain = @name[2..-1]
+        else
+          @domain = @name
+        end
+      end
+
+      #
+      # Compares two subject names.
+      #
+      # @return [Boolean]
+      #
+      def ==(other)
+        @name == other.name
+      end
+
+      #
+      # Tests whether the domain is matched by the subject name.
+      #
+      def include?(domain)
+        if @name.start_with?('*.') # wildcard
+          domain.end_with?(@suffix) || # does the domain share the suffix
+            domain == @domain            # does the domain match the suffix
+        else # exact match
+          domain == @name
+        end
+      end
+
+      alias === include?
+
+      alias to_s name
+      alias to_str name
+
+      #
+      # Inspects the subject name.
+      #
+      # @return [String]
+      #
+      def inspect
+        "#<#{self.class}: #{self}>"
+      end
+
+    end
+  end
+end