ruby-sslyze 0.1.0

data/lib/sslyze/certificate/extensions.rb

@@ -0,0 +1,127 @@
+require 'sslyze/certificate/extensions/authority_information_access'
+require 'sslyze/certificate/extensions/x509v3_crl_distribution_points'
+require 'sslyze/certificate/extensions/x509v3_key_usage'
+require 'sslyze/certificate/extensions/x509v3_extended_key_usage'
+require 'sslyze/certificate/extensions/x509v3_subject_alternative_name'
+require 'sslyze/certificate/extensions/x509v3_basic_constraints'
+require 'sslyze/certificate/extensions/x509v3_certificate_policies'
+
+module SSLyze
+  class Certificate
+    #
+    # Represents the `<extensions>` XML element.
+    #
+    class Extensions
+
+      #
+      # Initializes the extensions.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The `<extensions>` XML element.
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The x509v3 subject key identifier information.
+      #
+      # @return [String, nil]
+      #
+      def x509v3_subject_key_identifier
+        @x509v3_subject_key_identifier ||= if (node = @node.at('X509v3SubjectKeyIdentifier'))
+                                             node.inner_text
+                                           end
+      end
+
+      #
+      # The authority information access.
+      #
+      # @return [AuthorityInformationAccess, nil]
+      #
+      def authority_information_access
+        @authority_information_access ||= if (node = @node.at('AuthorityInformationAccess'))
+                                            AuthorityInformationAccess.new(node)
+                                          end
+      end
+
+      #
+      # The x509v3 CRL Distribution Points.
+      #
+      # @return [X509v3CRLDistributionPoints, nil]
+      #
+      def x509v3_crl_distribution_points
+        @x509v3_crl_distribution_points ||= if (node = @node.at('X509v3CRLDistributionPoints'))
+                                              X509v3CRLDistributionPoints.new(node)
+                                            end
+      end
+
+      #
+      # The x509v3 basic constraints.
+      #
+      # @return [X509v3BasicConstraints, nil]
+      #
+      def x509v3_basic_constraints
+        @x509v3_basic_constraints ||= if (constraints = @node.at('X509v3BasicConstraints'))
+                                        X509v3BasicConstraints.new(constraints)
+                                      end
+      end
+
+      #
+      # x509v3 key usage.
+      #
+      # @return [X509v3KeyUsage, nil]
+      #
+      def x509v3_key_usage
+        @x509v3_key_usage ||= if (node = @node.at('X509v3KeyUsage'))
+                                X509v3KeyUsage.new(node)
+                              end
+      end
+
+      #
+      # x509v3 extended key usage.
+      #
+      # @return [X509v3ExtendedKeyUsage, nil]
+      #
+      def x509v3_extended_key_usage
+        @x509v3_extended_key_usage ||= if (node = @node.at('X509v3ExtendedKeyUsage'))
+                                         X509v3ExtendedKeyUsage.new(node)
+                                       end
+      end
+
+      #
+      # x509v3 subject alternative name.
+      #
+      # @return [X509v3SubjectAlternativeName, nil]
+      #
+      def x509v3_subject_alternative_name
+        @x509v3_subject_alternative_name ||= if (node = @node.search('X509v3SubjectAlternativeName'))
+                                               X509v3SubjectAlternativeName.new(node)
+                                             end
+      end
+
+      #
+      # x509v3 authority key identifier.
+      #
+      # @return [String, nil]
+      #
+      def x509v3_authority_key_identifier
+        @x509v3_authority_key_identifier ||= if (node = @node.at('X509v3AuthorityKeyIdentifier'))
+                                               node.inner_text
+                                             end
+      end
+
+      #
+      # x509v3 certificate policies.
+      #
+      # @return [X509v3CertificatePolicies, nil]
+      #
+      def x509v3_certificate_policies
+        @x509v3_certificate_policies ||= if (node = @node.at('X509v3CertificatePolicies'))
+                                           X509v3CertificatePolicies.new(node)
+                                         end
+      end
+
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/authority_information_access.rb

@@ -0,0 +1,38 @@
+require 'sslyze/certificate/extensions/extension'
+
+require 'uri'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<AuthorityInformationAccess>` XML element.
+      #
+      class AuthorityInformationAccess < Extension
+
+        #
+        # The CA issuers.
+        #
+        # @return [Array<URI>]
+        #
+        def ca_issuers
+          @ca_issuers ||= @node.search('CAIssuers/URI/listEntry').map do |uri|
+            URI(uri.inner_text)
+          end
+        end
+
+        #
+        # The OCSP URIs.
+        #
+        # @return [Array<URI>]
+        #
+        def ocsp
+          @ocsp ||= @node.search('OCSP/URI/listEntry').map do |uri|
+            URI(uri.inner_text)
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/extension.rb

@@ -0,0 +1,26 @@
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents a SSL extension XML element.
+      #
+      class Extension
+
+        #
+        # Initializes the extension.
+        #
+        # @param [Nokogiri::XML::Node] node
+        #   The extension node.
+        #
+        def initialize(node)
+          @node = node
+        end
+
+        def present?
+          !@node.nil?
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb

@@ -0,0 +1,60 @@
+require 'sslyze/certificate/extensions/extension'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<X509v3BasicConstraints>` XML element.
+      #
+      class X509v3BasicConstraints < Extension
+
+        #
+        # Specifies whether the `critical` constraint was specified.
+        #
+        # @return [Boolean]
+        #
+        def critical?
+          @node.inner_text.include?('critical')
+        end
+
+        #
+        # The value of the `CA` constraint.
+        #
+        # @return [Boolean, nil]
+        #
+        def ca?
+          if    @node.inner_text.include?('CA:TRUE')  then true
+          elsif @node.inner_text.include?('CA:FALSE') then false
+          end
+        end
+
+        #
+        # The value of the `pathlen` constraint.
+        #
+        # @return [Integer, nil]
+        #
+        def path_length
+          @path_length ||= if (match = @node.inner_text.match(/pathlen:(\d+)/))
+                             match[1].to_i
+                           end
+        end
+
+        alias path_len path_length
+
+        #
+        # The raw basic constraint String.
+        #
+        # @return [String]
+        #
+        def to_s
+          if @node then @node.inner_text
+          else          ''
+          end
+        end
+
+        alias to_str to_s
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb

@@ -0,0 +1,50 @@
+require 'sslyze/certificate/extensions/extension'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<X509v3CertificatePolicies>` XML element.
+      #
+      class X509v3CertificatePolicies < Extension
+
+        #
+        # The certificate policy.
+        #
+        # @return [Array<String>]
+        #
+        def policy
+          @policy ||= @node.search('Policy/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The explicit text.
+        #
+        # @return [Array<String>]
+        #
+        def explicit_text
+          @explicit_text ||= @node.search('ExplicitText/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The CPS.
+        #
+        # @return [Array<String>]
+        #
+        def cps
+          @cps ||= @node.search('CPS/listEntry').map(&:inner_text)
+        end
+
+        #
+        # User notice.
+        #
+        # @return [String, nil]
+        #
+        def user_notice
+          @user_notice ||= @node.search('userNotice/listEntry').map(&:inner_text)
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb

@@ -0,0 +1,32 @@
+require 'sslyze/certificate/extensions/extension'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<X509v3CRLDistributionPoints>` XML element.
+      #
+      class X509v3CRLDistributionPoints < Extension
+
+        #
+        # @return [Array<String>]
+        #
+        def full_name
+          @full_name ||= @node.search('FullName/listEntry').map do |full_name|
+            full_name.inner_text
+          end
+        end
+
+        #
+        # @return [Array<URI>]
+        #
+        def uri
+          @uri ||= @node.search('URI/listEntry').map do |uri|
+            URI(uri.inner_text)
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb

@@ -0,0 +1,32 @@
+require 'sslyze/certificate/extensions/extension'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represetns the `<X509v3ExtendedKeyUsage>` XML element.
+      #
+      class X509v3ExtendedKeyUsage < Extension
+
+        #
+        # TLS web client authentication.
+        #
+        # @return [String]
+        #
+        def tls_web_client_authentication
+          @tls_web_client_authentication ||= @node.at('TLSWebClientAuthentication').inner_text
+        end
+
+        #
+        # TLS web server authentication.
+        #
+        # @return [String]
+        #
+        def tls_web_server_authentication
+          @tls_web_server_authentication ||= @node.at('TLSWebServerAuthentication').inner_text
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb

@@ -0,0 +1,50 @@
+require 'sslyze/certificate/extensions/extension'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<X509v3KeyUsage>` XML element.
+      #
+      class X509v3KeyUsage < Extension
+
+        #
+        # Key encipherment.
+        #
+        # @return [String]
+        #
+        def key_encipherment
+          @key_encipherment ||= @node.at('KeyEncipherment').inner_text
+        end
+
+        #
+        # Digital signature.
+        #
+        # @return [String]
+        #
+        def digital_signature
+          @digital_signature ||= @node.at('DigitalSignature').inner_text
+        end
+
+        #
+        # CRL Sign.
+        #
+        # @return [String]
+        #
+        def crl_sign
+          @crl_sign ||= @node.at('CRLSign').inner_text
+        end
+
+        #
+        # Certificate sign.
+        #
+        # @return [String]
+        #
+        def certificate_sign
+          @certificate_sign ||= @node.at('CertificateSign').inner_text
+        end
+
+      end
+    end
+  end
+end

data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb

@@ -0,0 +1,71 @@
+require 'sslyze/certificate/extensions/x509v3_subject_alternative_name'
+require 'sslyze/certificate/domain_name'
+
+module SSLyze
+  class Certificate
+    class Extensions
+      #
+      # Represents the `<X509v3SubjectAlternativeName>` XML element.
+      #
+      class X509v3SubjectAlternativeName < Extension
+
+        #
+        # The alternative email names.
+        #
+        # @return [Array<String>]
+        #
+        def email
+          @email ||= @node.search('email/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The alternative URI names.
+        #
+        # @return [Array<String>]
+        #
+        def uri
+          @rui ||= @node.search('URI/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The alternative DNS names.
+        #
+        # @return [Array<DomainName>]
+        #
+        def dns
+          @dns ||= @node.search('DNS/listEntry').map do |entry|
+            DomainName.new(entry.inner_text)
+          end
+        end
+
+        #
+        # The alternative RID names.
+        #
+        # @return [Array<String>]
+        #
+        def rid
+          @rid ||= @node.search('RID/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The alternative IP names.
+        #
+        # @return [Array<String>]
+        #
+        def ip
+          @ip ||= @node.search('IP/listEntry').map(&:inner_text)
+        end
+
+        #
+        # The alternative dirName names.
+        #
+        # @return [Array<String>]
+        #
+        def dir_name
+          @dir_name ||= @node.search('dirName/listEntry').map(&:inner_text)
+        end
+
+      end
+    end
+  end
+end