RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/x509/extensions/key_usage.rb ADDED

@@ -0,0 +1,66 @@
+require 'sslyze/x509/extension'
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `keyUsage` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class KeyUsage < Extension
+        include Enumerable
+        #
+        # The various permitted key uses.
+        #
+        # @return [Array<String>]
+        #
+        def uses
+          @uses ||= value.split(', ')
+        end
+        #
+        # @yield [use]
+        #
+        # @yieldparam [String] use
+        #
+        # @return [Enumerator]
+        #
+        def each(&block)
+          uses.each(&block)
+        end
+        #
+        # @return [Boolean]
+        #
+        def key_encipherment?
+          uses.include?('Key Encipherment')
+        end
+        #
+        # @return [Boolean]
+        #
+        def digital_signature?
+          uses.include?('Digital Signature')
+        end
+        #
+        # @return [Boolean]
+        #
+        def crl_sign?
+          uses.include?('CRL Sign')
+        end
+        #
+        # @return [Boolean]
+        #
+        def certificate_sign?
+          uses.include?('Certificate Sign')
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/x509/extensions/subject_alt_name.rb ADDED

@@ -0,0 +1,144 @@
+require 'sslyze/x509/extension'
+require 'sslyze/x509/domain'
+require 'uri'
+require 'ipaddr'
+module SSLyze
+  module X509
+    module Extensions
+      #
+      # Represents the `subjectAltName` X509v3 extension.
+      #
+      # @since 1.0.0
+      #
+      class SubjectAltName < Extension
+        include Enumerable
+        # Known subject name types.
+        TYPES = {
+          'DNS' => :dns,
+          'IP'  => :ip,
+          'URI' => :uri,
+          'RID' => :rid,
+          'email'     => :email,
+          'dirName'   => :dir_name,
+          'otherName' => :other_name
+        }
+        #
+        # Enumerates over every alternative name within the extension's value.
+        #
+        # @yield [type, name]
+        #   The given block will be passed each
+        #
+        # @yieldparam [:dns, :ip, :uri, :rid, :email, :dir_name, :other_name] type
+        #   The type of the alternative name being yielded.
+        #
+        # @yieldparam [String] name
+        #   An alternative name within the extension's value.
+        #
+        # @return [Enumerator]
+        #   If no block is given, an Enumerator will be returned.
+        #
+        # @raise [NotImplementedError]
+        #   An unknown name type was encountered while parsing the extension's
+        #   value.
+        #
+        def each
+          return enum_for unless block_given?
+          value.split(', ').each do |type_value|
+            type, value = type_value.split(':',2)
+            unless TYPES.has_key?(type)
+              raise(NotImplementedError,"unsupported subjectAltName type: #{type}")
+            end
+            yield TYPES[type], value
+          end
+        end
+        #
+        # All `DNS:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def dns
+          @dns ||= select { |type,value| type == :dns }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `IP:` alternative names within the extension's value.
+        #
+        # @return [Array<IPAddr>]
+        #
+        def ip
+          @ip ||= select { |type,value| type == :ip }.map do |(type,value)|
+            IPAddr.new(value)
+          end
+        end
+        #
+        # All `URI:` alternative names within the extension's value.
+        #
+        # @return [Array<URI::Generic>]
+        #
+        def uri
+          @uri ||= select { |type,value| type == :uri }.map do |(type,value)|
+            URI.parse(value)
+          end
+        end
+        #
+        # All `email:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def email
+          @email ||= select { |type,value| type == :email }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `RID:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def rid
+          @rid ||= select { |type,value| type == :rid }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `dirName:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def dir_name
+          @dir_name ||= select { |type,value| type == :dir_name }.map do |(type,value)|
+            value
+          end
+        end
+        #
+        # All `otherName:` alternative names within the extension's value.
+        #
+        # @return [Array<String>]
+        #
+        def other_name
+          @other_name ||= select { |type,value| type == :other_name }.map do |(type,value)|
+            value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/x509/name.rb ADDED

@@ -0,0 +1,194 @@
+require 'sslyze/x509/domain'
+require 'openssl'
+module SSLyze
+  module X509
+    #
+    # Wrapper object for [OpenSSL::X509::Name][1].
+    #
+    # [1]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name
+    #
+    # @since 1.0.0
+    #
+    class Name
+      include Enumerable
+      #
+      # The parsed entries of the name.
+      #
+      # @return [Array<(String, String, Integer)>]
+      #
+      attr_reader :entries
+      #
+      # @param [OpenSSL::X509::Name] name
+      #   The OpenSSL X509 name object.
+      #
+      def initialize(name)
+        @name    = name
+        @entries = name.to_a
+      end
+      #
+      # Enumerates over the entries.
+      #
+      # @yield [oid, value, type]
+      #
+      # @yieldparam [String] oid
+      #   The Object IDentifier.
+      #
+      # @yieldparam [String] value
+      #   The entry's value.
+      #
+      # @yieldparam [Integer] type
+      #   The entry type.
+      #
+      def each(&block)
+        @entries.each do |(oid,value,type)|
+          yield oid, value, type
+        end
+      end
+      #
+      # Finds the entry with the matcing OID (Object IDentifier).
+      #
+      # @param [String] key
+      #
+      # @return [String, nil]
+      #
+      def [](key)
+        each do |oid,value,type|
+          return value if oid == key
+        end
+        return nil
+      end
+      #
+      # The Country (`C`) entry.
+      #
+      # @return [String]
+      #
+      def country_name
+        @country_name ||= self['C']
+      end
+      alias country country_name
+      alias c country_name
+      #
+      # The Common Name (`CN`) entry.
+      #
+      # @return [Domain]
+      #
+      def common_name
+        @common_name ||= Domain.new(self['CN'])
+      end
+      alias cn common_name
+      #
+      # The Domain Component (`DC`) entry.
+      #
+      # @return [String, nil]
+      #
+      def domain_component
+        @domain_component ||= self['DC']
+      end
+      alias dc domain_component
+      #
+      # The Organization Name (`O`) entry.
+      #
+      # @return [String]
+      #
+      def organization_name
+        @organization_name ||= self['O']
+      end
+      alias organization organization_name
+      alias o organization_name
+      #
+      # The Organization Unit Name (`OU`) entry.
+      #
+      # @return [String]
+      #
+      def organizational_unit_name
+        @organizational_unit_name ||= self['OU']
+      end
+      alias organizational_unit organizational_unit_name
+      alias ou organizational_unit_name
+      #
+      # The State/Province Name (`ST`) entry.
+      #
+      # @return [String, nil]
+      #
+      def state_name
+        @state_name ||= self['ST']
+      end
+      alias state state_name
+      alias province_name state_name
+      alias province province_name
+      alias st state_name
+      #
+      # The Location (`L`) entry.
+      #
+      # @return [String, nil]
+      #
+      def location_name
+        @location ||= self['L']
+      end
+      alias location location_name
+      alias l location_name
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#cmp-instance_method
+      #
+      def cmp(other)
+        @name.cmp(other.name)
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#eql%3F-instance_method
+      #
+      def eql?(other)
+        @name.eql?(other.name)
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_a-instance_method
+      #
+      def to_a
+        @name.to_a
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_der-instance_method
+      #
+      def to_der
+        @name.to_der
+      end
+      #
+      # @see http://www.rubydoc.info/stdlib/openssl/OpenSSL/X509/Name#to_s-instance_method
+      #
+      def to_s(*args)
+        @name.to_s(*args)
+      end
+      protected
+      attr_reader :name
+    end
+  end
+end

data/lib/sslyze/x509/public_key.rb ADDED

@@ -0,0 +1,53 @@
+require 'delegate'
+module SSLyze
+  module X509
+    #
+    # Wrapper class around [OpenSSL::PKey] classes that provide {#algorithm} and
+    # {#size} methods.
+    #
+    # [OpenSSL::PKey]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/PKey
+    #
+    # @since 1.0.0
+    #
+    class PublicKey < SimpleDelegator
+      #
+      # The algorithm that generated the public key.
+      #
+      # @return [:rsa, :dsa, :dh, :ec]
+      #
+      def algorithm
+        case __getobj__
+        when OpenSSL::PKey::RSA then :rsa
+        when OpenSSL::PKey::DSA then :dsa
+        when OpenSSL::PKey::DH  then :dh
+        when OpenSSL::PKey::EC  then :ec
+        end
+      end
+      #
+      # The size of the public key.
+      #
+      # @return [Integer]
+      #   The number of bits in the public key.
+      #
+      # @raise [NotImplementedError]
+      #   Determining key size for `OpenSSL::PKey::EC` public keys is currently
+      #   not implemented.
+      #
+      def size
+        pkey = __getobj__
+        case pkey
+        when OpenSSL::PKey::RSA then pkey.n.num_bits
+        when OpenSSL::PKey::DSA then pkey.p.num_bits
+        when OpenSSL::PKey::DH  then pkey.p.num_bits
+        when OpenSSL::PKey::EC
+          raise(NotImplementedError,"key size for #{pkey.inspect} not implemented")
+        end
+      end
+    end
+  end
+end