ruby-sslyze 1.1.0 → 1.2.0

data/spec/xml/certinfo/certificate/public_key_spec.rb

@@ -0,0 +1,71 @@
+require 'spec_helper'
+require 'xml_examples'
+require 'sslyze/xml/certinfo/certificate/public_key'
+
+describe SSLyze::XML::Certinfo::Certificate::PublicKey do
+  include_examples "XML specs"
+
+  let(:xpath) { '/document/results/target/certinfo/receivedCertificateChain/certificate/publicKey' }
+
+  subject { described_class.new(xml.at(xpath)) }
+
+  describe "#algorithm" do
+    context "when the algorithm attribute is RSA" do
+      let(:xpath) { "#{super()}[@algorithm='RSA']" }
+
+      it { expect(subject.algorithm).to be :RSA }
+    end
+
+    context "when the algorithm attribute is DSA" do
+      let(:xpath) { "#{super()}[@algorithm='DSA']" }
+
+      pending "need to find a target with a DSA public key" do
+        expect(subject.algorithm).to be :DSA
+      end
+    end
+
+    context "when the algorithm attribute is EllipticCurve" do
+      let(:xpath) { "#{super()}[@algorithm='EllipticCurve']" }
+
+      it { expect(subject.algorithm).to be :EC }
+    end
+  end
+
+  describe "#size" do
+    let(:expected_size) { 2048 }
+    let(:xpath) { "#{super()}[@size=#{expected_size}]" }
+
+    it "should parse the size attribute" do
+      expect(subject.size).to be expected_size
+    end
+  end
+
+  describe "#curve" do
+    context "when the curve attribute is present" do
+      let(:expected_curve) { :secp256r1 }
+      let(:xpath) { "#{super()}[@curve='#{expected_curve}']" }
+
+      it { expect(subject.curve).to be(expected_curve) }
+    end
+
+    context "when the curve attribute is missing" do
+      let(:xpath) { "#{super()}[not(@curve)]" }
+
+      it { expect(subject.curve).to be nil }
+    end
+  end
+
+  describe "#exponent" do
+    context "when the exponent attribute is present" do
+      let(:xpath) { "#{super()}[@exponent]" }
+
+      it { expect(subject.exponent).to be 65537 }
+    end
+
+    context "when the exponent attribute is missing" do
+      let(:xpath) { "#{super()}[not(@exponent)]" }
+
+      it { expect(subject.exponent).to be nil }
+    end
+  end
+end

data/spec/xml/certinfo/certificate_spec.rb

@@ -116,7 +116,7 @@ JqbaIVifYwqwNN+4lRxS3F5lNlA/il12IOgbRioLI62o8G0DaEUQgHNf8vSG
 
   describe "#public_key" do
     it do
-      expect(subject.public_key).to be_a(SSLyze::X509::PublicKey)
+      expect(subject.public_key).to be_a(described_class::PublicKey)
     end
   end
 

data/spec/xml/certinfo/ocsp_stapling/ocsp_response_spec.rb

@@ -50,9 +50,7 @@ describe SSLyze::XML::Certinfo::OCSPStapling::OCSPResponse do
   end
 
   describe "#produced_at" do
-    let(:expected_time) { 'Mar 12 12:34:51 2018 GMT' }
-
-    let(:xpath) { "#{super()}[producedAt/text()='#{expected_time}']" }
+    let(:expected_time) { node.at_xpath('producedAt').inner_text }
 
     it "should query producedAt and return a Time object" do
       expect(subject.produced_at).to be == Time.parse(expected_time)

data/spec/xml/certinfo/received_certificate_chain_spec.rb

@@ -13,15 +13,14 @@ describe SSLyze::XML::Certinfo::ReceivedCertificateChain do
 
   describe "#each_certificate" do
     context "when 'certificate' XML children are present" do
-      let(:xpath)       { "#{super()}[certificate]" }
-      let(:xpath_count) { xml.xpath(xpath).count    }
+      let(:xpath) { "#{super()}[certificate]" }
+      let(:count) { node.xpath('./certificate').count    }
 
       it "should yield successive Certificate objects" do
         expect { |b|
           subject.each_certificate(&b)
         }.to yield_successive_args(
-          SSLyze::XML::Certinfo::Certificate,
-          SSLyze::XML::Certinfo::Certificate
+          *[SSLyze::XML::Certinfo::Certificate] * count
         )
       end
     end
@@ -70,8 +69,6 @@ describe SSLyze::XML::Certinfo::ReceivedCertificateChain do
       let(:xpath_count) { xml.at(xpath).xpath('certificate').count - 2 }
 
       it "should yield the intermediate certificates" do
-        pending "<receivedCertificateChain/> always has at most two <certificate/> children"
-
         expect { |b|
           subject.each_intermediate(&b)
         }.to yield_successive_args(
@@ -97,8 +94,6 @@ describe SSLyze::XML::Certinfo::ReceivedCertificateChain do
       let(:xpath_count) { xml.at(xpath).xpath('certificate').count - 2 }
 
       it "should yield the intermediate certificates" do
-        pending "<receivedCertificateChain/> always has at most two <certificate/> children"
-
         expect(subject.intermediates).to be_a(Array).and(all(be_kind_of(SSLyze::XML::Certinfo::Certificate)))
       end
     end

data/spec/xml/http_headers/http_strict_transport_security_spec.rb

@@ -28,8 +28,6 @@ describe SSLyze::XML::HTTPHeaders::HTTPStrictTransportSecurity do
       end
 
       it do
-        pending "need an example with no 'includeSubDomains' attribute"
-
         expect(subject.include_sub_domains?).to be nil
       end
     end
@@ -50,8 +48,6 @@ describe SSLyze::XML::HTTPHeaders::HTTPStrictTransportSecurity do
       end
 
       it do
-        pending "need an example where 'isSupported' is 'False'"
-
         expect(subject.is_supported?).to be false
       end
     end
@@ -74,8 +70,6 @@ describe SSLyze::XML::HTTPHeaders::HTTPStrictTransportSecurity do
       end
 
       it do
-        pending "need an example with no 'maxAge' attribute"
-
         expect(subject.max_age).to be nil
       end
     end
@@ -98,8 +92,6 @@ describe SSLyze::XML::HTTPHeaders::HTTPStrictTransportSecurity do
       end
 
       it do
-        pending "need an example with no 'preload' attribute"
-
         expect(subject.preload?).to be nil
       end
     end

data/spec/xml/protocol/cipher_suite_spec.rb

@@ -5,29 +5,38 @@ require 'sslyze/xml/protocol/cipher_suite'
 describe SSLyze::XML::Protocol::CipherSuite do
   include_examples "XML specs"
 
-  subject { described_class.new(xml.at('/document/results/target/tlsv1_2/preferredCipherSuite/cipherSuite')) }
+  let(:expected_name) { 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256' }
+
+  let(:xpath) { '/document/results/target/tlsv1_2/preferredCipherSuite/cipherSuite' }
 
   describe "#name" do
+    let(:xpath) { "#{super()}[@name='#{expected_name}']"  }
+
     it "should parse the name attribute" do
-      expect(subject.name).to be == 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+      expect(subject.name).to be == expected_name
     end
   end
 
   describe "#rfc_name" do
+    let(:xpath) { "#{super()}[@name='#{expected_name}']"  }
+
     it "should return the RFC cipher suite name" do
-      expect(subject.rfc_name).to be == 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+      expect(subject.rfc_name).to be == expected_name
     end
   end
 
   describe "#openssl_name" do
+    let(:openssl_name) { 'ECDHE-RSA-AES128-GCM-SHA256' }
+    let(:xpath) { "#{super()}[@name='#{expected_name}']"  }
+
     it "should map the RFC name back to the OpenSSL name" do
-      expect(subject.openssl_name).to be == 'ECDHE-RSA-AES128-GCM-SHA256'
+      expect(subject.openssl_name).to be == openssl_name
     end
   end
 
   describe "#connection_status" do
     it "should parse the connectionStatus attribute" do
-      expect(subject.connection_status).to be == 'HTTP 200 OK'
+      expect(subject.connection_status).to be == node['connectionStatus']
     end
   end
 
@@ -44,10 +53,10 @@ describe SSLyze::XML::Protocol::CipherSuite do
   end
 
   describe "#key_exchange" do
+    let(:xpath) { '/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite' }
+
     context "when the keyExchange child is present" do
-      subject do
-        described_class.new(xml.at('/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite[keyExchange]'))
-      end
+      let(:xpath) { "#{super()}[keyExchange]" }
 
       it do
         expect(subject.key_exchange).to be_kind_of(described_class::KeyExchange)
@@ -55,9 +64,7 @@ describe SSLyze::XML::Protocol::CipherSuite do
     end
 
     context "when the keyExchange object is missing" do
-      subject do
-        described_class.new(xml.at('/document/results/target/tlsv1_2/acceptedCipherSuites/cipherSuite[not(./keyExchange)]'))
-      end
+      let(:xpath) { "#{super()}[not(./keyExchange)]" }
 
       it { expect(subject.key_exchange).to be nil }
     end

data/spec/xml/target_spec.rb

@@ -6,7 +6,7 @@ describe SSLyze::XML::Target do
   include_examples "XML specs"
 
   let(:xpath) { '/document/results/target' }
-  let(:expected_ip) { '192.30.255.112' }
+  let(:expected_ip) { node['ip'] }
 
   subject { described_class.new(xml.at(xpath)) }
 
@@ -29,8 +29,6 @@ describe SSLyze::XML::Target do
   end
 
   describe "#ipaddr" do
-    let(:xpath) { "#{super()}[@ip='#{expected_ip}']" }
-
     it "must parse the ip attribute" do
       expect(subject.ipaddr).to be == IPAddr.new(expected_ip)
     end

data/spec/xml_examples.rb

@@ -5,5 +5,8 @@ shared_examples_for "XML specs" do
   let(:path) { File.expand_path('spec/sslyze.xml') }
   let(:xml)  { Nokogiri::XML(open(path)) }
 
-  subject { SSLyze::XML.new(xml) }
+  let(:xpath) { '/' }
+  let(:node)  { xml.at_xpath(xpath) }
+
+  subject { described_class.new(node) }
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: ruby-sslyze
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Hal Brodigan
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-12 00:00:00.000000000 Z
+date: 2018-04-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rprogram
@@ -84,7 +84,6 @@ files:
 - lib/sslyze/x509/extensions/key_usage.rb
 - lib/sslyze/x509/extensions/subject_alt_name.rb
 - lib/sslyze/x509/name.rb
-- lib/sslyze/x509/public_key.rb
 - lib/sslyze/xml.rb
 - lib/sslyze/xml/attributes.rb
 - lib/sslyze/xml/attributes/error.rb
@@ -94,6 +93,7 @@ files:
 - lib/sslyze/xml/attributes/title.rb
 - lib/sslyze/xml/certinfo.rb
 - lib/sslyze/xml/certinfo/certificate.rb
+- lib/sslyze/xml/certinfo/certificate/public_key.rb
 - lib/sslyze/xml/certinfo/certificate_validation.rb
 - lib/sslyze/xml/certinfo/certificate_validation/hostname_validation.rb
 - lib/sslyze/xml/certinfo/certificate_validation/path_validation.rb
@@ -140,7 +140,7 @@ files:
 - spec/x509/extensions/key_usage_spec.rb
 - spec/x509/extensions/subject_alt_name_spec.rb
 - spec/x509/name_spec.rb
-- spec/x509/public_key_spec.rb
+- spec/xml/certinfo/certificate/public_key_spec.rb
 - spec/xml/certinfo/certificate_spec.rb
 - spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb
 - spec/xml/certinfo/certificate_validation/path_validation_spec.rb
@@ -210,7 +210,7 @@ test_files:
 - spec/x509/extensions/key_usage_spec.rb
 - spec/x509/extensions/subject_alt_name_spec.rb
 - spec/x509/name_spec.rb
-- spec/x509/public_key_spec.rb
+- spec/xml/certinfo/certificate/public_key_spec.rb
 - spec/xml/certinfo/certificate_spec.rb
 - spec/xml/certinfo/certificate_validation/hostname_validation_spec.rb
 - spec/xml/certinfo/certificate_validation/path_validation_spec.rb

data/lib/sslyze/x509/public_key.rb

@@ -1,53 +0,0 @@
-require 'delegate'
-
-module SSLyze
-  module X509
-    #
-    # Wrapper class around [OpenSSL::PKey] classes that provide {#algorithm} and
-    # {#size} methods.
-    #
-    # [OpenSSL::PKey]: http://www.rubydoc.info/stdlib/openssl/OpenSSL/PKey
-    #
-    # @since 1.0.0
-    #
-    class PublicKey < SimpleDelegator
-
-      #
-      # The algorithm that generated the public key.
-      #
-      # @return [:rsa, :dsa, :dh, :ec]
-      #
-      def algorithm
-        case __getobj__
-        when OpenSSL::PKey::RSA then :rsa
-        when OpenSSL::PKey::DSA then :dsa
-        when OpenSSL::PKey::DH  then :dh
-        when OpenSSL::PKey::EC  then :ec
-        end
-      end
-
-      #
-      # The size of the public key.
-      #
-      # @return [Integer]
-      #   The number of bits in the public key.
-      #
-      # @raise [NotImplementedError]
-      #   Determining key size for `OpenSSL::PKey::EC` public keys is currently
-      #   not implemented.
-      #
-      def size
-        pkey = __getobj__
-
-        case pkey
-        when OpenSSL::PKey::RSA then pkey.n.num_bits
-        when OpenSSL::PKey::DSA then pkey.p.num_bits
-        when OpenSSL::PKey::DH  then pkey.p.num_bits
-        when OpenSSL::PKey::EC
-          raise(NotImplementedError,"key size for #{pkey.inspect} not implemented")
-        end
-      end
-
-    end
-  end
-end

data/spec/x509/public_key_spec.rb

@@ -1,113 +0,0 @@
-require 'spec_helper'
-require 'openssl'
-
-require 'sslyze/x509/public_key'
-
-describe SSLyze::X509::PublicKey do
-  let(:key_size) { 1024 }
-
-  let(:rsa_key) { OpenSSL::PKey::RSA.new(key_size) }
-  let(:dsa_key) { OpenSSL::PKey::DSA.new(key_size) }
-  let(:dh_key)  { OpenSSL::PKey::DH.new(key_size)  }
-  let(:ec_key)  { OpenSSL::PKey::EC.new }
-
-  describe "#algorithm" do
-    context "when the pkey is an OpenSSL::PKey::RSA key" do
-      let(:pkey) { rsa_key }
-
-      subject { described_class.new(pkey) }
-
-      it { expect(subject.algorithm).to be :rsa }
-    end
-
-    context "when the pkey is an OpenSSL::PKey::DSA key" do
-      let(:pkey) { dsa_key }
-
-      subject { described_class.new(pkey) }
-
-      it { expect(subject.algorithm).to be :dsa }
-    end
-
-    context "when the pkey is an OpenSSL::PKey::DH key" do
-      let(:pkey) { dh_key }
-
-      subject { described_class.new(pkey) }
-
-      it { expect(subject.algorithm).to be :dh }
-    end
-
-    context "when the pkey is an OpenSSL::PKey::EC key" do
-      let(:pkey) { ec_key }
-
-      subject { described_class.new(pkey) }
-
-      it { expect(subject.algorithm).to be :ec }
-    end
-  end
-
-  describe "#size" do
-    context "when the pkey is an OpenSSL::PKey::RSA key" do
-      let(:pkey) { rsa_key }
-
-      subject { described_class.new(pkey) }
-
-      it "to infer the key size from pkey.n.num_bits" do
-        expect(subject.size).to (be == pkey.n.num_bits).and(be == key_size)
-      end
-    end
-
-    context "when the pkey is an OpenSSL::PKey::DSA key" do
-      let(:pkey) { dsa_key }
-
-      subject { described_class.new(pkey) }
-
-      it "to infer the key size from pkey.p.num_bits" do
-        expect(subject.size).to (be == pkey.p.num_bits).and(be == key_size)
-      end
-    end
-
-    context "when the pkey is an OpenSSL::PKey::DH key" do
-      let(:pkey) { dh_key }
-
-      subject { described_class.new(pkey) }
-
-      it "to infer the key size from pkey.p.num_bits" do
-        expect(subject.size).to (be == pkey.p.num_bits).and(be == key_size)
-      end
-    end
-
-    context "when the pkey is an OpenSSL::PKey::EC key" do
-      let(:pkey) { ec_key }
-
-      subject { described_class.new(pkey) }
-
-      it do
-        expect { subject.size }.to raise_error(NotImplementedError)
-      end
-    end
-  end
-
-  describe "#to_der" do
-    let(:pkey) { rsa_key }
-
-    subject { described_class.new(pkey) }
-
-    it "should call the public key's #to_der method" do
-      expect(pkey).to receive(:to_der)
-
-      subject.to_der
-    end
-  end
-
-  describe "#to_text" do
-    let(:pkey) { rsa_key }
-
-    subject { described_class.new(pkey) }
-
-    it "should call the public key's #to_text method" do
-      expect(pkey).to receive(:to_text)
-
-      subject.to_text
-    end
-  end
-end