RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/x509/extensions/key_usage.rb ADDED

@@ -0,0 +1,66 @@
+require 'sslyze/x509/extension'
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `keyUsage` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class KeyUsage < Extension
+        include Enumerable
+        #
+        # The various permitted key uses.
+        #
+        # @return [Array<String>]
+        #
+        def uses
+          @uses ||= value.split(', ')
+        end
+        #
+        # @yield [use]
+        #
+        # @yieldparam [String] use
+        #
+        # @return [Enumerator]
+        #
+        def each(&block)
+          uses.each(&block)
+        end
+        #
+        # @return [Boolean]
+        #
+        def key_encipherment?
+          uses.include?('Key Encipherment')
+        end
+        #
+        # @return [Boolean]
+        #
+        def digital_signature?
+          uses.include?('Digital Signature')
+        end
+        #
+        # @return [Boolean]
+        #
+        def crl_sign?
+          uses.include?('CRL Sign')
+        end
+        #
+        # @return [Boolean]
+        #
+        def certificate_sign?
+          uses.include?('Certificate Sign')
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/x509/extensions/subject_alt_name.rb ADDED

@@ -0,0 +1,144 @@
+require 'sslyze/x509/extension'
+require 'sslyze/x509/domain'
+require 'uri'
+require 'ipaddr'
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `subjectAltName` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class SubjectAltName < Extension
+        include Enumerable
+        # Known subject name types.
+        TYPES = {
+          'DNS' => :dns,
+          'IP'  => :ip,
+          'URI' => :uri,
+          'RID' => :rid,
+          'email'     => :email,
+          'dirName'   => :dir_name,
+          'otherName' => :other_name
+        }
+        #
+        # Enumerates over every alternative name within the extension's value.
+        #
+        # @yield [type, name]
+        #   The given block will be passed each
+        #
+        # @yieldparam [:dns, :ip, :uri, :rid, :email, :dir_name, :other_name] type
+        #   The type of the alternative name being yielded.
+        #
+        # @yieldparam [String] name
+        #   An alternative name within the extension's value.
+        #
+        # @return [Enumerator]
+        #   If no block is given, an Enumerator will be returned.
+        #
+        # @raise [NotImplementedError]
+        #   An unknown name type was encountered while parsing the extension's
+        #   value.
+        #
+        def each
+          return enum_for unless block_given?
+          value.split(', ').each do |type_value|
+            type, value = type_value.split(':',2)
+            unless TYPES.has_key?(type)
+              raise(NotImplementedError,"unsupported subjectAltName type: #{type}")
+            end
+            yield TYPES[type], value
+          end
+        end
+        #
+        # All `DNS:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def dns
+          @dns ||= select { |type,value| type == :dns }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `IP:` alternative names within the extension's value.
+        #
+        # @return [Array<IPAddr>]
+        #
+        def ip
+          @ip ||= select { |type,value| type == :ip }.map do |(type,value)|
+            IPAddr.new(value)
+          end
+        end
+        #
+        # All `URI:` alternative names within the extension's value.
+        #
+        # @return [Array<URI::Generic>]
+        #
+        def uri
+          @uri ||= select { |type,value| type == :uri }.map do |(type,value)|
+            URI.parse(value)
+          end
+        end
+        #
+        # All `email:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def email
+          @email ||= select { |type,value| type == :email }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `RID:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def rid
+          @rid ||= select { |type,value| type == :rid }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `dirName:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def dir_name
+          @dir_name ||= select { |type,value| type == :dir_name }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `otherName:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def other_name
+          @other_name ||= select { |type,value| type == :other_name }.map do |(type,value)|
+            value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/x509/name.rb ADDED

@@ -0,0 +1,194 @@
+require 'sslyze/x509/domain'
+require 'openssl'
+module SSLyze
+  module X509
+    #
+    # Wrapper object for [OpenSSL::X509::Name][1].
+    #
+    # [1]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name
+    #
+    # @since 1.0.0
+    #
+    class Name
+      include Enumerable
+      #
+      # The parsed entries of the name.
+      #
+      # @return [Array<(String, String, Integer)>]
+      #
+      attr_reader :entries
+      #
+      # @param [OpenSSL::X509::Name] name
+      #   The OpenSSL X509 name object.
+      #
+      def initialize(name)
+        @name    = name
+        @entries = name.to_a
+      end
+      #
+      # Enumerates over the entries.
+      #
+      # @yield [oid, value, type]
+      #
+      # @yieldparam [String] oid
+      #   The Object IDentifier.
+      #
+      # @yieldparam [String] value
+      #   The entry's value.
+      #
+      # @yieldparam [Integer] type
+      #   The entry type.
+      #
+      def each(&block)
+        @entries.each do |(oid,value,type)|
+          yield oid, value, type
+        end
+      end
+      #
+      # Finds the entry with the matcing OID (Object IDentifier).
+      #
+      # @param [String] key
+      #
+      # @return [String, nil]
+      #
+      def [](key)
+        each do |oid,value,type|
+          return value if oid == key
+        end
+        return nil
+      end
+      #
+      # The Country (`C`) entry.
+      #
+      # @return [String]
+      #
+      def country_name
+        @country_name ||= self['C']
+      end
+      alias country country_name
+      alias c country_name
+      #
+      # The Common Name (`CN`) entry.
+      #
+      # @return [Domain]
+      #
+      def common_name
+        @common_name ||= Domain.new(self['CN'])
+      end
+      alias cn common_name
+      #
+      # The Domain Component (`DC`) entry.
+      #
+      # @return [String, nil]
+      #
+      def domain_component
+        @domain_component ||= self['DC']
+      end
+      alias dc domain_component
+      #
+      # The Organization Name (`O`) entry.
+      #
+      # @return [String]
+      #
+      def organization_name
+        @organization_name ||= self['O']
+      end
+      alias organization organization_name
+      alias o organization_name
+      #
+      # The Organization Unit Name (`OU`) entry.
+      #
+      # @return [String]
+      #
+      def organizational_unit_name
+        @organizational_unit_name ||= self['OU']
+      end
+      alias organizational_unit organizational_unit_name
+      alias ou organizational_unit_name
+      #
+      # The State/Province Name (`ST`) entry.
+      #
+      # @return [String, nil]
+      #
+      def state_name
+        @state_name ||= self['ST']
+      end
+      alias state state_name
+      alias province_name state_name
+      alias province province_name
+      alias st state_name
+      #
+      # The Location (`L`) entry.
+      #
+      # @return [String, nil]
+      #
+      def location_name
+        @location ||= self['L']
+      end
+      alias location location_name
+      alias l location_name
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#cmp-instance_method
+      #
+      def cmp(other)
+        @name.cmp(other.name)
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#eql%3F-instance_method
+      #
+      def eql?(other)
+        @name.eql?(other.name)
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_a-instance_method
+      #
+      def to_a
+        @name.to_a
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_der-instance_method
+      #
+      def to_der
+        @name.to_der
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_s-instance_method
+      #
+      def to_s(*args)
+        @name.to_s(*args)
+      end
+      protected
+      attr_reader :name
+    end
+  end
+end

data/lib/sslyze/x509/public_key.rb ADDED

@@ -0,0 +1,53 @@
+require 'delegate'
+module SSLyze
+  module X509
+    #
+    # Wrapper class around [OpenSSL::PKey] classes that provide {#algorithm} and
+    # {#size} methods.
+    #
+    # [OpenSSL::PKey]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/PKey
+    #
+    # @since 1.0.0
+    #
+    class PublicKey < SimpleDelegator
+      #
+      # The algorithm that generated the public key.
+      #
+      # @return [:rsa, :dsa, :dh, :ec]
+      #
+      def algorithm
+        case __getobj__
+        when OpenSSL::PKey::RSA then :rsa
+        when OpenSSL::PKey::DSA then :dsa
+        when OpenSSL::PKey::DH  then :dh
+        when OpenSSL::PKey::EC  then :ec
+        end
+      end
+      #
+      # The size of the public key.
+      #
+      # @return [Integer]
+      #   The number of bits in the public key.
+      #
+      # @raise [NotImplementedError]
+      #   Determining key size for `OpenSSL::PKey::EC` public keys is currently
+      #   not implemented.
+      #
+      def size
+        pkey = __getobj__
+        case pkey
+        when OpenSSL::PKey::RSA then pkey.n.num_bits
+        when OpenSSL::PKey::DSA then pkey.p.num_bits
+        when OpenSSL::PKey::DH  then pkey.p.num_bits
+        when OpenSSL::PKey::EC
+          raise(NotImplementedError,"key size for #{pkey.inspect} not implemented")
+        end
+      end
+    end
+  end
+end