RubyGems - ruby-sslyze - Versions diffs - 0.2.1 → 1.0.0 - Mend

ruby-sslyze 0.2.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

checksums.yaml +4 -4
data/.gitignore +6 -4
data/.travis.yml +15 -7
data/ChangeLog.md +29 -12
data/Gemfile +3 -2
data/LICENSE.txt +1 -1
data/README.md +5 -5
data/Rakefile +1 -1
data/lib/sslyze/cipher_suites.rb +176 -0
data/lib/sslyze/program.rb +8 -8
data/lib/sslyze/task.rb +40 -33
data/lib/sslyze/version.rb +1 -1
data/lib/sslyze/{certificate/domain_name.rb → x509/domain.rb} +5 -3
data/lib/sslyze/x509/extension.rb +15 -0
data/lib/sslyze/x509/extension_set.rb +140 -0
data/lib/sslyze/x509/extensions.rb +6 -0
data/lib/sslyze/x509/extensions/basic_constraints.rb +41 -0
data/lib/sslyze/x509/extensions/certificate_policies.rb +108 -0
data/lib/sslyze/x509/extensions/crl_distribution_points.rb +47 -0
data/lib/sslyze/x509/extensions/extended_key_usage.rb +58 -0
data/lib/sslyze/x509/extensions/key_usage.rb +66 -0
data/lib/sslyze/x509/extensions/subject_alt_name.rb +144 -0
data/lib/sslyze/x509/name.rb +194 -0
data/lib/sslyze/x509/public_key.rb +53 -0
data/lib/sslyze/xml.rb +26 -37
data/lib/sslyze/xml/attributes.rb +5 -0
data/lib/sslyze/xml/attributes/error.rb +30 -0
data/lib/sslyze/xml/attributes/exception.rb +30 -0
data/lib/sslyze/xml/attributes/is_supported.rb +29 -0
data/lib/sslyze/xml/attributes/is_vulnerable.rb +29 -0
data/lib/sslyze/xml/attributes/title.rb +31 -0
data/lib/sslyze/xml/certinfo.rb +67 -0
data/lib/sslyze/xml/certinfo/certificate.rb +202 -0
data/lib/sslyze/xml/certinfo/certificate_validation.rb +69 -0
data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb +54 -0
data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb +84 -0
data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb +41 -0
data/lib/sslyze/xml/certinfo/has_certificates.rb +102 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling.rb +45 -0
data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb +87 -0
data/lib/sslyze/xml/certinfo/received_certificate_chain.rb +48 -0
data/lib/sslyze/xml/compression.rb +33 -0
data/lib/sslyze/xml/compression/compression_method.rb +38 -0
data/lib/sslyze/xml/fallback.rb +34 -0
data/lib/sslyze/xml/fallback/tls_fallback_scsv.rb +27 -0
data/lib/sslyze/xml/heartbleed.rb +38 -0
data/lib/sslyze/xml/heartbleed/openssl_heartbleed.rb +29 -0
data/lib/sslyze/xml/http_headers.rb +42 -0
data/lib/sslyze/xml/http_headers/http_public_key_pinning.rb +121 -0
data/lib/sslyze/xml/http_headers/http_strict_transport_security.rb +59 -0
data/lib/sslyze/xml/invalid_target.rb +33 -0
data/lib/sslyze/xml/openssl_ccs.rb +34 -0
data/lib/sslyze/xml/openssl_ccs/openssl_ccs_injection.rb +26 -0
data/lib/sslyze/xml/plugin.rb +27 -0
data/lib/sslyze/xml/protocol.rb +143 -0
data/lib/sslyze/xml/protocol/cipher_suite.rb +93 -0
data/lib/sslyze/xml/protocol/cipher_suite/key_exchange.rb +127 -0
data/lib/sslyze/xml/reneg.rb +28 -0
data/lib/sslyze/xml/reneg/session_renegotiation.rb +51 -0
data/lib/sslyze/xml/resum.rb +42 -0
data/lib/sslyze/xml/resum/session_resumption_with_session_ids.rb +94 -0
data/lib/sslyze/xml/resum/session_resumption_with_tls_tickets.rb +69 -0
data/lib/sslyze/xml/resum_rate.rb +30 -0
data/lib/sslyze/xml/target.rb +371 -0
data/lib/sslyze/xml/types.rb +19 -0
data/ruby-sslyze.gemspec +3 -3
data/spec/spec_helper.rb +2 -4
data/spec/sslyze.xml +2356 -2580
data/spec/x509/domain_spec.rb +125 -0
data/spec/x509/extension_set_spec.rb +208 -0
data/spec/x509/extension_spec.rb +58 -0
data/spec/x509/extensions/basic_constraints_spec.rb +41 -0
data/spec/x509/extensions/certificate_policies_spec.rb +38 -0
data/spec/x509/extensions/crl_distribution_points_spec.rb +38 -0
data/spec/x509/extensions/extended_key_usage_spec.rb +58 -0
data/spec/x509/extensions/key_usage_spec.rb +84 -0
data/spec/x509/extensions/subject_alt_name_spec.rb +146 -0
data/spec/x509/name_spec.rb +85 -0
data/spec/x509/public_key_spec.rb +113 -0
data/spec/xml/certinfo/certificate_spec.rb +166 -0
data/spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb +23 -0
data/spec/xml/certinfo/certificate_validation/path_validation_spec.rb +107 -0
data/spec/xml/certinfo/certificate_validation/verified_certificate_chain_spec.rb +163 -0
data/spec/xml/certinfo/certificate_validation_spec.rb +40 -0
data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb +61 -0
data/spec/xml/certinfo/ocsp_stapling_spec.rb +31 -0
data/spec/xml/certinfo/received_certificate_chain_spec.rb +165 -0
data/spec/xml/certinfo_spec.rb +45 -0
data/spec/xml/compression/compression_method_spec.rb +23 -0
data/spec/xml/compression_spec.rb +23 -0
data/spec/xml/heartbleed/openssl_heartbleed_spec.rb +17 -0
data/spec/xml/heartbleed_spec.rb +37 -0
data/spec/xml/http_headers/http_public_key_pinning_spec.rb +73 -0
data/spec/xml/http_headers/http_strict_transport_security_spec.rb +107 -0
data/spec/xml/http_headers_spec.rb +63 -0
data/spec/xml/invalid_target_spec.rb +23 -0
data/spec/xml/plugin_examples.rb +14 -0
data/spec/{key_exchange_spec.rb → xml/protocol/cipher_suite/key_exchange_spec.rb} +9 -3
data/spec/xml/protocol/cipher_suite_spec.rb +66 -0
data/spec/xml/protocol_spec.rb +115 -0
data/spec/xml/reneg/session_renegotiation_spec.rb +23 -0
data/spec/xml/reneg_spec.rb +35 -0
data/spec/xml/resum/session_resumption_with_session_ids_spec.rb +103 -0
data/spec/xml/resum/session_resumption_with_tls_tickets_spec.rb +121 -0
data/spec/xml/resum_rate_spec.rb +30 -0
data/spec/xml/resum_spec.rb +47 -0
data/spec/{target_spec.rb → xml/target_spec.rb} +73 -27
data/spec/xml_spec.rb +13 -21
metadata +138 -61
data/lib/sslyze/cert_info.rb +0 -57
data/lib/sslyze/certificate.rb +0 -139
data/lib/sslyze/certificate/extensions.rb +0 -127
data/lib/sslyze/certificate/extensions/authority_information_access.rb +0 -38
data/lib/sslyze/certificate/extensions/extension.rb +0 -26
data/lib/sslyze/certificate/extensions/x509v3_basic_constraints.rb +0 -60
data/lib/sslyze/certificate/extensions/x509v3_certificate_policies.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_crl_distribution_points.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_extended_key_usage.rb +0 -32
data/lib/sslyze/certificate/extensions/x509v3_key_usage.rb +0 -50
data/lib/sslyze/certificate/extensions/x509v3_subject_alternative_name.rb +0 -71
data/lib/sslyze/certificate/issuer.rb +0 -56
data/lib/sslyze/certificate/public_key.rb +0 -9
data/lib/sslyze/certificate/subject.rb +0 -117
data/lib/sslyze/certificate/subject_public_key_info.rb +0 -53
data/lib/sslyze/certificate/validity.rb +0 -9
data/lib/sslyze/certificate_chain.rb +0 -89
data/lib/sslyze/certificate_validation.rb +0 -70
data/lib/sslyze/cipher_suite.rb +0 -237
data/lib/sslyze/invalid_target.rb +0 -35
data/lib/sslyze/key_exchange.rb +0 -106
data/lib/sslyze/ocsp_response.rb +0 -87
data/lib/sslyze/protocol.rb +0 -133
data/lib/sslyze/target.rb +0 -312
data/lib/sslyze/types.rb +0 -17
data/spec/cert_info_spec.rb +0 -29
data/spec/certificate/subject_name_spec.rb +0 -72
data/spec/certificate_chain_spec.rb +0 -61
data/spec/certificate_spec.rb +0 -330
data/spec/certificate_validation_spec.rb +0 -39
data/spec/cipher_suite_spec.rb +0 -50
data/spec/invalid_target_spec.rb +0 -21
data/spec/issuer_spec.rb +0 -33
data/spec/ocsp_response_spec.rb +0 -59
data/spec/protocol_spec.rb +0 -99
data/spec/subject_public_key_info_spec.rb +0 -35
data/spec/subject_spec.rb +0 -69

data/lib/sslyze/xml/certinfo/certificate_validation.rb ADDED

@@ -0,0 +1,69 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/certinfo/certificate_validation/hostname_validation'
+require 'sslyze/xml/certinfo/certificate_validation/path_validation'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # Represents the `<certificateValidation>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class CertificateValidation
+        #
+        # Initializes the {CertificateValidation} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<certificateValidation>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # Hostname based validation information.
+        #
+        # @return [HostnameValidation]
+        #
+        def hostname_validation
+          @hostname_validation ||= HostnameValidation.new(
+            @node.at_xpath('hostnameValidation')
+          )
+        end
+        alias hostname hostname_validation
+        #
+        # Enumerates over the path-based validation information.
+        #
+        # @yield [path_validation]
+        #
+        # @yieldparam [PathValidation] path_validation
+        #
+        # @return [Enumerator]
+        #
+        def each_path_validation
+          return enum_for(__method__) unless block_given?
+          @node.xpath('pathValidation').each do |element|
+            yield PathValidation.new(element)
+          end
+        end
+        #
+        # @return [Array<PathValidation>]
+        #
+        # @see #each_path_validation
+        #
+        def path_validations
+          each_path_validation.to_a
+        end
+        alias path path_validations
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb ADDED

@@ -0,0 +1,54 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      class CertificateValidation
+        #
+        # Represents the `<hostnameValidation>` XML element.
+        #
+        # @since 1.0.0
+        #
+        class HostnameValidation
+          include Types
+          #
+          # Initializes the element.
+          #
+          # @param [Nokogiri::XML::Element] node
+          #   The `<hostnameValidation>` XML element.
+          #
+          def initialize(node)
+            @node = node
+          end
+          #
+          # Determines if the certificate Common Name matches the target domain
+          # name.
+          #
+          # @return [Boolean]
+          #
+          def certificate_matches_server_hostname?
+            Boolean[@node['certificateMatchesServerHostname']]
+          end
+          alias matches_server_hostname? certificate_matches_server_hostname?
+          #
+          # The server's domain name.
+          #
+          # @return [String]
+          #
+          def server_hostname
+            @node['serverHostname']
+          end
+          alias to_s server_hostname
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb ADDED

@@ -0,0 +1,84 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/attributes/error'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      class CertificateValidation
+        #
+        # Represents the `<pathValidation>` XML element.
+        #
+        # @since 1.0.0
+        #
+        class PathValidation
+          include Types
+          include Attributes::Error
+          #
+          # Initializes the element.
+          #
+          # @param [Nokogiri::XML::Element] node
+          #   The `<pathValidation>` XML element.
+          #
+          def initialize(node)
+            @node = node
+          end
+          #
+          # @return [Boolean, nil]
+          #
+          def is_extended_validation_certificate?
+            Boolean[@node['isExtendedValidationCertificate']]
+          end
+          alias is_extended_validation_cert? is_extended_validation_certificate?
+          #
+          # @return [String]
+          #
+          def trust_store_version
+            @trust_store_version ||= @node['trustStoreVersion']
+          end
+          #
+          # @return [String]
+          #
+          def using_trust_store
+            @using_trust_store ||= @node['usingTrustStore']
+          end
+          alias trust_store using_trust_store
+          #
+          # The validation result.
+          #
+          # @return [Symbol, nil]
+          #
+          def validation_result
+            @validation_result ||= if (value = @node['validationResult'])
+                                     value.to_sym
+                                   end
+          end
+          alias result validation_result
+          #
+          # Determines if the {#validation_result} was `:ok`.
+          #
+          # @return [Boolean, nil]
+          #
+          def ok?
+            if validation_result
+              validation_result == :ok
+            end
+          end
+          alias valid? ok?
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/certificate_validation/verified_certificate_chain.rb ADDED

@@ -0,0 +1,41 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/certinfo/has_certificates'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      class CertificateValidation
+        #
+        # Represents the `<verifiedCertificateChain>` XML element.
+        #
+        # @since 1.0.0
+        #
+        class VerifiedCertificateChain
+          include Types
+          include HasCertificates
+          #
+          # Initializes the {VerifiedCertificateChain} object.
+          #
+          # @param [Nokogiri::XML::Element] node
+          #   The `<verifiedCertificateChain>` XML element.
+          #
+          def initialize(node)
+            @node = node
+          end
+          #
+          # Parses the `hasSha1SignedCertificate` XML attribute.
+          #
+          # @return [Boolean]
+          #
+          def has_sha1_signed_certificate?
+            Boolean[@node['hasSha1SignedCertificate']]
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/has_certificates.rb ADDED

@@ -0,0 +1,102 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'sslyze/xml/certinfo/certificate'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # @since 1.0.0
+      #
+      module HasCertificates
+        include Enumerable
+        #
+        # Enumerates over each certificate in the chain.
+        #
+        # @yield [cert]
+        #   The given block will be passed each certificate.
+        #
+        # @yieldparam [Certificate] cert
+        #   A certificate in the chain.
+        #
+        # @return [Enumerator]
+        #   If no block was given, an Enumerator will be returned.
+        #
+        def each_certificate
+          return enum_for(__method__) unless block_given?
+          @node.xpath('certificate').each do |element|
+            yield Certificate.new(element)
+          end
+        end
+        alias each_cert each_certificate
+        alias each each_certificate
+        #
+        # Returns all certificates in the chain.
+        #
+        # @return [Array<Certificate>]
+        #
+        def certificates
+          each_certificate.to_a
+        end
+        alias certs certificates
+        #
+        # The leaf certificate.
+        #
+        # @return [Certificate, nil]
+        #
+        def leaf
+          if (element = @node.at_xpath('certificate[1]'))
+            Certificate.new(element)
+          end
+        end
+        #
+        # Enumerates over any intermediate certificates in the chain.
+        #
+        # @yield [cert]
+        #   The given block will be passed each intermediate certificate.
+        #
+        # @yieldparam [Certificate] cert
+        #   An intermediate certificate in the chain.
+        #
+        # @return [Enumerator]
+        #   If no block was given, an Enumerator will be returned.
+        #
+        def each_intermediate
+          return enum_for(__method__) unless block_given?
+          @node.xpath('certificate[position() > 1 and position() < last()]').each do |element|
+            yield Certificate.new(element)
+          end
+        end
+        #
+        # Returns all intermediate certificates in the chain.
+        #
+        # @return [Array<Certificate>]
+        #
+        def intermediates
+          each_intermediate.to_a
+        end
+        #
+        # The root certificate.
+        #
+        # @return [Certificate, nil]
+        #
+        def root
+          if (element = @node.at_xpath('certificate[last()]'))
+            Certificate.new(element)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/ocsp_stapling.rb ADDED

@@ -0,0 +1,45 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/attributes/is_supported'
+require 'sslyze/xml/certinfo/ocsp_stapling/ocsp_response'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      #
+      # Represents the `<ocspStapling>` XML element.
+      #
+      # @since 1.0.0
+      #
+      class OCSPStapling
+        include Attributes::IsSupported
+        #
+        # Initializes the {OCSPStapling} object.
+        #
+        # @param [Nokogiri::XML::Element] node
+        #   The `<ocspStapling>` XML element.
+        #
+        def initialize(node)
+          @node = node
+        end
+        #
+        # The OCSP Response.
+        #
+        # @return [OCSPResponse, nil]
+        #
+        # @note Parses the `<ocspResponse>` XML element.
+        #
+        def ocsp_response
+          @ocsp_response ||= if (element = @node.at_xpath('ocspResponse'))
+                               OCSPResponse.new(element)
+                             end
+        end
+        alias response ocsp_response
+      end
+    end
+  end
+end

data/lib/sslyze/xml/certinfo/ocsp_stapling/ocsp_response.rb ADDED

@@ -0,0 +1,87 @@
+require 'sslyze/xml/plugin'
+require 'sslyze/xml/types'
+require 'time'
+module SSLyze
+  class XML
+    class Certinfo < Plugin
+      class OCSPStapling
+        #
+        # Represents the `<ocspResponse>` XML element.
+        #
+        # @since 1.0.0
+        #
+        class OCSPResponse
+          include Types
+          #
+          # Initializes the {OCSPResponse} object.
+          #
+          # @param [Nokogiri::XML::Element] node
+          #   The `<ocspResponse>` XML element.
+          #
+          def initialize(node)
+            @node = node
+          end
+          #
+          # The responder's ID.
+          #
+          # @return [String]
+          #
+          # @note Parses the `responderID` attribute.
+          #
+          def responder_id
+            @responder_id ||= @node.at_xpath('responderID').inner_text
+          end
+          alias id responder_id
+          #
+          # When the response was produced at.
+          #
+          # @return [Time]
+          #
+          def produced_at
+            @produced_at ||= Time.parse(@node.at_xpath('producedAt').inner_text)
+          end
+          alias to_time produced_at
+          #
+          # The status.
+          #
+          # @return [:successful]
+          #
+          def status
+            @status ||= @node['status'].downcase.to_sym
+          end
+          #
+          # Determines if the response status was successful.
+          #
+          # @return [Boolean]
+          #
+          def successful?
+            status == :successful
+          end
+          #
+          # Specifies whether the OCSP Response is trusted by Mozilla's CA
+          # Store.
+          #
+          # @return [Boolean]
+          #
+          def is_trusted_by_mozilla_ca_store?
+            Boolean[@node['isTrustedByMozillaCAStore']]
+          end
+          alias trusted? is_trusted_by_mozilla_ca_store?
+        end
+      end
+    end
+  end
+end