x509_sleuth 0.0.3

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a6d6c6b79aa075f55cc50230060d95749d4cc0a6
+  data.tar.gz: 72f5b9d78fb620d03cce1bbbb1a20ba662a18462
+SHA512:
+  metadata.gz: 76eca03d48bdcf7b8f67b3fc4898a8d0af4b85680519222c8cad40c11a9419c7ae05022c48c56b4ffd554675f3a0d012d555c5241799ae57f5425977eeebb585
+  data.tar.gz: 6d2b0f8e992830068534bfbe5a3f822341ab4d0fbccd9bd8086bf453e8f4d71a3a3713de78c7f6b8ad4416908abab053cb8e11b5ae7c681987d060d8774c92aa

data/lib/x509_sleuth/cli.rb

@@ -0,0 +1,29 @@
+require 'thor'
+
+module X509Sleuth
+  class Cli < Thor
+      
+    def self.exit_on_failure?
+      true
+    end
+
+    class_option :target, :type => :array, :required => true
+      
+    desc "scan", "Scan the specified target(s) for certificate details"
+    def scan
+      options[:target].each do |target|
+        my_client.add_target(target)
+      end
+      my_client.run
+      output = X509Sleuth::ScannerPresenter.new(my_client)
+      puts output.to_s
+    end
+
+    no_commands do
+      def my_client
+        @client ||= X509Sleuth::Scanner.new
+        @client
+      end  
+    end
+  end
+end

data/lib/x509_sleuth/client.rb

@@ -0,0 +1,44 @@
+require "socket"
+require "openssl"
+require "timeout"
+
+module X509Sleuth
+  class Client
+    attr_reader :host, :port, :timeout_secs, :connect_error
+
+    def initialize(host, options = {})
+      options = {
+        port:           443,
+        timeout_secs:   15
+      }.merge(options)
+
+      @host         = host
+      @port         = options[:port]
+      @timeout_secs = options[:timeout_secs]
+    end
+
+    def tcp_socket
+      @tcp_socket ||= TCPSocket.new(@host, @port)
+    end
+
+    def ssl_socket
+      @ssl_socket ||= OpenSSL::SSL::SSLSocket.new(tcp_socket)
+      @ssl_socket.hostname = @host
+      @ssl_socket
+    end
+
+    def connect
+      Timeout::timeout(@timeout_secs) { ssl_socket.connect }
+    rescue SystemCallError, SocketError, OpenSSL::SSL::SSLError, Timeout::Error => e
+      @connect_error = e
+    end
+
+    def connect_failed?
+      connect_error ? true : false
+    end
+
+    def peer_certificate
+      @peer_certficate ||= ssl_socket.peer_cert
+    end
+  end
+end

data/lib/x509_sleuth/scanner/target.rb

@@ -0,0 +1,31 @@
+require "netaddr"
+
+module X509Sleuth
+  class Scanner
+    class Target
+      attr_reader :target
+
+      def initialize(target)
+        @target = target
+      end
+
+      def is_a_range?
+        NetAddr::CIDR.create(target).size > 1 ? true : false 
+      rescue NetAddr::ValidationError
+        false
+      end
+
+      def hosts
+        @hosts ||=
+          if is_a_range?
+            cidr = NetAddr::CIDR.create(target)
+            cidr.enumerate.reject do |address|
+              [cidr.network, cidr.broadcast].include?(address)
+            end
+          else
+            [target]
+          end
+      end
+    end
+  end
+end

data/lib/x509_sleuth/scanner.rb

@@ -0,0 +1,37 @@
+require "x509_sleuth/scanner/target"
+require "parallel"
+
+module X509Sleuth
+  class Scanner
+    attr_accessor :concurrency
+    attr_reader   :clients, :targets
+
+    def initialize(options = {})
+      options = {
+        concurrency: 5
+      }.merge(options)
+
+      @concurrency  = options[:concurrency]
+      @targets      = []
+    end
+
+    def add_target(target_string)
+      @targets << X509Sleuth::Scanner::Target.new(target_string)
+    end
+
+    def clients
+      @clients ||=
+        targets.collect do |target|
+          target.hosts.collect do |host|
+            X509Sleuth::Client.new(host)
+          end
+        end.flatten
+    end
+
+    def run
+      Parallel.each(clients, in_threads: concurrency) do |client|
+        client.connect
+      end
+    end
+  end
+end

data/lib/x509_sleuth/scanner_detailed_presenter.rb

@@ -0,0 +1,72 @@
+require "formatador"
+require "x509_sleuth/scanner_presenter"
+
+module X509Sleuth
+  class ScannerDetailedPresenter < ScannerPresenter
+    def tableize(clients)
+      clients.collect do |client|
+        if client.peer_certificate
+          {
+            host: client.host,
+            subject: client.peer_certificate.subject,
+            common_name: parse_cn(client.peer_certificate),
+            alt_names: parse_san(client.peer_certificate).join(","),
+            issuer: client.peer_certificate.issuer,
+            serial: client.peer_certificate.serial,
+            not_before: client.peer_certificate.not_before, 
+            not_after: client.peer_certificate.not_after
+          }
+        else
+          {
+            host: client.host,
+            subject: "",
+            common_name: "",
+            alt_names: [],
+            issuer: "",
+            serial: "",
+            not_before: "", 
+            not_after: ""
+          }
+        end
+      end
+    end
+
+    def to_s
+      Formatador.display_compact_table(
+        tableize(filter),
+        [
+          :host,
+          :subject,
+          :common_name,
+          :alt_names,
+          :issuer,
+          :serial,
+          :not_before,
+          :not_after
+        ]
+      )
+    end
+
+    def parse_cn(cert)
+      subject_parts = cert.subject.to_s.split("/").collect{ |p| p.split("=") }
+      common_name = ""
+      subject_parts.each do |part|
+        if part[0] && part[0] == "CN"
+          common_name = part[1]
+          break
+        end
+      end
+      common_name
+    end
+
+    def parse_san(cert)
+      subject_alt_names = []
+      cert.extensions.each do |extension|
+        if extension.oid == "subjectAltName"
+          subject_alt_names = extension.value.split(/[:,]|\s/).reject{ |part| part.nil? || part.empty? || part == "DNS" }
+        end
+      end
+      subject_alt_names
+    end
+  end
+end

data/lib/x509_sleuth/scanner_presenter.rb

@@ -0,0 +1,54 @@
+require "formatador"
+
+module X509Sleuth
+  class ScannerPresenter
+    attr_reader :scanner
+
+    def initialize(scanner)
+      @scanner = scanner
+    end
+
+    def filter
+      @scanner.clients.reject do |client|
+        client.connect_failed?
+      end
+    end
+
+    def tableize(clients)
+      clients.collect do |client|
+        if client.peer_certificate
+          {
+            host:       client.host,
+            subject:    client.peer_certificate.subject,
+            issuer:     client.peer_certificate.issuer,
+            serial:     client.peer_certificate.serial,
+            not_before: client.peer_certificate.not_before, 
+            not_after:  client.peer_certificate.not_after
+          }
+        else
+          {
+            host:       client.host,
+            subject:    "",
+            issuer:     "",
+            serial:     "",
+            not_before: "", 
+            not_after:  ""
+          }
+        end
+      end
+    end
+
+    def to_s
+      Formatador.display_compact_table(
+        tableize(filter),
+        [
+          :host,
+          :subject,
+          :serial,
+          :not_before,
+          :not_after
+        ]
+      )
+    end
+  end
+end

data/lib/x509_sleuth/version.rb

@@ -0,0 +1,3 @@
+module X509Sleuth
+  VERSION = "0.0.3"
+end

data/lib/x509_sleuth.rb

@@ -0,0 +1,14 @@
+require "x509_sleuth/cli"
+require "x509_sleuth/client"
+require "x509_sleuth/scanner"
+require "x509_sleuth/scanner_detailed_presenter"
+require "x509_sleuth/scanner_presenter"
+require "x509_sleuth/version"
+
+module X509Sleuth
+  class << self 
+    def version_string
+      "X509 Sleuth version #{VERSION}"
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,10 @@
+require "rspec"
+require "x509_sleuth"
+require "x509_sleuth/scanner_presenter"
+
+require "rspec/collection_matchers"
+
+RSpec.configure do |config|
+  config.color = true
+  config.formatter = "documentation"
+end

data/spec/x509_sleuth/client_spec.rb

@@ -0,0 +1,145 @@
+require_relative "../spec_helper"
+
+describe X509Sleuth::Client do
+  let(:host) { "somehost" }
+  let(:tcp_socket_double) { double(TCPSocket) }
+  let(:ssl_socket_double) { double(OpenSSL::SSL::SSLSocket) }
+  let(:client) { described_class.new(host) }
+
+  before do
+    allow(TCPSocket).to receive(:new).and_return(tcp_socket_double)
+    allow(OpenSSL::SSL::SSLSocket).to receive(:new).and_return(ssl_socket_double)
+    allow(ssl_socket_double).to receive(:hostname=)
+  end
+
+  context "when initialized" do
+    subject { described_class.new(host) }
+
+    it { should respond_to(:host) }
+    it { should respond_to(:port) }
+    it { should respond_to(:timeout_secs) }
+    it { should respond_to(:connect) }
+    it { should respond_to(:connect_failed?) }
+    it { should respond_to(:connect_error) }
+    it { should respond_to(:peer_certificate) }
+    #it { should respond_to(:peer_certificate_subject) }
+    #it { should respond_to(:peer_certificate_issuer) }
+    #it { should respond_to(:peer_certificate_serial) }
+    #it { should respond_to(:peer_certificate_activation_time) }
+    #it { should respond_to(:peer_certificate_expiration_time) }
+
+    context "with no options" do
+      it "returns defaults" do
+        expect(subject.host).to eq(host)
+        expect(subject.port).to eq(443)
+        expect(subject.timeout_secs).to eq(15)
+      end
+    end
+
+    context "with options" do
+      subject { described_class.new(host, port: 40443, timeout_secs: 3) }
+
+      it "returns options" do
+        expect(subject.host).to eq(host)
+        expect(subject.port).to eq(40443)
+        expect(subject.timeout_secs).to eq(3)
+      end
+    end
+  end
+
+  describe "#tcp_socket" do
+    it "creates a TCP socket with the correct host and port" do
+      expect(TCPSocket).to receive(:new).with(host, 443).and_return(tcp_socket_double)
+      
+      client.tcp_socket
+    end
+  end
+
+  describe "#ssl_socket" do
+    it "creates an SSL socket from the tcp_socket" do
+      expect(OpenSSL::SSL::SSLSocket).to receive(:new).with(tcp_socket_double).and_return(ssl_socket_double)
+      
+      client.ssl_socket
+    end
+  end
+
+  describe "#connect" do
+    it "connects to the remote server using OpenSSL" do
+      expect(ssl_socket_double).to receive(:connect).once
+      
+      client.connect
+    end
+
+    context "gracefully handles some exceptions" do
+      [
+        SocketError,
+        OpenSSL::SSL::SSLError,
+        Timeout::Error,
+        Errno::EINTR,
+        Errno::ENETUNREACH,
+        Errno::ENETDOWN,
+        Errno::ENETRESET,
+        Errno::ECONNABORTED,
+        Errno::ECONNRESET,
+        Errno::ETIMEDOUT,
+        Errno::ECONNREFUSED,
+        Errno::EHOSTDOWN,
+        Errno::EHOSTUNREACH
+      ].each do |e|
+        it "handles #{e}" do
+          allow(ssl_socket_double).to receive(:connect).and_raise(e)
+
+          expect { client.connect }.to_not raise_error
+        end
+      end
+    end
+  end
+
+  describe "#peer_certificate" do
+    it "retrieves the remote host's X.509 certificate" do
+      expect(ssl_socket_double).to receive(:peer_cert).once
+    
+      client.peer_certificate
+    end
+  end
+
+  context "when a connection error occurs" do
+    before do
+      allow(ssl_socket_double).to receive(:connect).and_raise(SocketError)
+    end
+
+    describe "#connect_error" do
+      it "returns the exception" do
+        client.connect
+        expect(client.connect_error).to be_instance_of(SocketError)
+      end
+    end
+
+    describe "#connect_failed?" do
+      it "returns true" do
+        client.connect
+        expect(client.connect_failed?).to eq(true)
+      end
+    end
+  end
+
+  context "when a successful connection occurs" do
+    before do
+      allow(ssl_socket_double).to receive(:connect)
+    end
+
+    describe "#connect_error" do
+      it "returns nil" do
+        client.connect
+        expect(client.connect_error).to be_nil
+      end
+    end
+
+    describe "#connect_failed?" do
+      it "returns false" do
+        client.connect
+        expect(client.connect_failed?).to eq(false)
+      end
+    end
+  end
+end

data/spec/x509_sleuth/scanner/target_spec.rb

@@ -0,0 +1,87 @@
+require_relative "../../spec_helper"
+
+describe X509Sleuth::Scanner::Target do
+  let(:host_target) { described_class.new("localhost") }
+  let(:ip_target) { described_class.new("127.0.0.1") }
+  let(:cidr_target) { described_class.new("127.0.0.1/30") }
+  let(:ip_subnet_pair_target) { described_class.new("127.0.0.1/255.255.255.248") }
+
+  context "instances" do
+    subject { host_target }
+
+    it { should respond_to(:is_a_range?) }
+    it { should respond_to(:hosts) }
+    it { should respond_to(:target) }
+  end
+
+  context "when target is an IPv4 address and CIDR subnet mask" do
+    describe "#is_a_range?" do
+      it "returns true" do
+        expect(cidr_target.is_a_range?).to be true
+      end
+    end
+
+    describe "#hosts" do
+      it "returns the correct host ip addresses" do
+        expect(cidr_target.hosts).to have(2).items
+        expect(cidr_target.hosts).to include("127.0.0.1", "127.0.0.2")
+      end
+
+      it "omits the network and broadcast addresses" do
+        expect(cidr_target.hosts).to_not include("127.0.0.0", "127.0.0.3")
+      end
+    end
+  end
+
+  context "when target is an IPv4 address and dotted-decimal subnet mask" do
+    describe "#is_a_range?" do
+      it "returns true" do
+        expect(ip_subnet_pair_target.is_a_range?).to be true
+      end
+    end
+
+    describe "#hosts" do
+      it "returns the correct host ip addresses" do
+        expect(ip_subnet_pair_target.hosts).to have(6).items
+        expect(ip_subnet_pair_target.hosts).to include(
+          "127.0.0.1", "127.0.0.2", "127.0.0.3",
+          "127.0.0.4", "127.0.0.5", "127.0.0.6"
+        )
+      end
+
+      it "omits the network and broadcast addresses" do
+        expect(ip_subnet_pair_target.hosts).to_not include("127.0.0.0", "127.0.0.7")
+      end
+    end
+  end
+
+  context "when target is a single IPv4 address" do
+    describe "#is_a_range?" do
+      it "returns false" do
+        expect(ip_target.is_a_range?).to be false
+      end
+    end
+
+    describe "#hosts" do
+      it "returns the lone ip address" do
+        expect(ip_target.hosts).to have(1).item
+        expect(ip_target.hosts).to include("127.0.0.1")
+      end
+    end
+  end
+
+  context "when target is assumed to be a hostname" do
+    describe "#is_a_range?" do
+      it "returns false" do
+        expect(host_target.is_a_range?).to be false
+      end
+    end
+
+    describe "#hosts" do
+      it "returns the lone hostname" do
+        expect(host_target.hosts).to have(1).item
+        expect(host_target.hosts).to include("localhost")
+      end
+    end
+  end
+end

data/spec/x509_sleuth/scanner_detailed_presenter_spec.rb

@@ -0,0 +1,116 @@
+require_relative "../spec_helper"
+
+describe X509Sleuth::ScannerDetailedPresenter do
+  let(:simple_x509_cert_double) do
+    double(
+      OpenSSL::X509::Certificate,
+      subject:    "/OU=Domain Control Validated"\
+                  "/CN=*.mydomain.tld",
+      issuer:     "/C=US"\
+                  "/ST=Arizona"\
+                  "/L=Scottsdale"\
+                  "/O=GoDaddy.com, Inc."\
+                  "/OU=http://certs.godaddy.com/repository/"\
+                  "/CN=Go Daddy Secure Certificate Authority - G2",
+      extensions: [],
+      serial:     12227668858515977,
+      not_before: Time.utc(2014, 4,  10, 20, 19, 9),
+      not_after:  Time.utc(2014, 10, 3,  23, 22, 57)
+    ) 
+  end
+
+  let(:san_x509_cert_double) do
+    double(
+      OpenSSL::X509::Certificate,
+      subject:    "/C=US"\
+                  "/postalCode=19103"\
+                  "/ST=PA"\
+                  "/L=Philadelphia"\
+                  "/street=123 Fake Street"\
+                  "/O=Fake Corp"\
+                  "/OU=Fake Department"\
+                  "/CN=fake.example.com",
+      issuer:     "/C=GB"\
+                  "/ST=Greater Manchester"\
+                  "/L=Salford"\
+                  "/O=COMODO CA Limited"\
+                  "/CN=COMODO High-Assurance Secure Server CA",
+      extensions: [
+        OpenSSL::X509::Extension.new("authorityKeyIdentifier", "keyid:3F:D5:B5:D0:D6:44:79:50:4A:17:A3:9B:8C:4A:DC:B8:B0:23:64:6F"),
+        OpenSSL::X509::Extension.new("subjectKeyIdentifier", "A3:F1:44:92:8F:53:2D:69:66:56:0A:69:20:8B:F4:6B:5F:18:88:1D"),
+        OpenSSL::X509::Extension.new("keyUsage", "Digital Signature, Key Encipherment", true),
+        OpenSSL::X509::Extension.new("basicConstraints", "CA:FALSE", true),
+        OpenSSL::X509::Extension.new("extendedKeyUsage", "TLS Web Server Authentication, TLS Web Client Authentication"),
+        OpenSSL::X509::Extension.new("certificatePolicies", "Policy: 1.3.6.1.4.1.6449.1.2.1.3.4\nCPS: https://secure.comodo.com/CPS\nPolicy: 2.23.140.1.2.2"),
+        OpenSSL::X509::Extension.new("crlDistributionPoints", "URI:http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl"),
+        OpenSSL::X509::Extension.new("authorityInfoAccess", "CA Issuers - URI:http://crt.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crt\nOCSP - URI:http://ocsp.comodoca.com"),
+        OpenSSL::X509::Extension.new("subjectAltName", "DNS:foo.example.com, DNS:bar.example.com")
+
+      ],
+      serial:     12227668858515977,
+      not_before: Time.utc(2014, 4,  10, 20, 19, 9),
+      not_after:  Time.utc(2014, 10, 3,  23, 22, 57)
+    ) 
+  end
+
+  let(:simple_client_double) do
+    double(
+      X509Sleuth::Client,
+      host:             "www.mydomain.tld",
+      connect_failed?:  false,
+      peer_certificate: simple_x509_cert_double
+    )
+  end
+
+  let(:san_client_double) do
+    double(
+      X509Sleuth::Client,
+      host:             "fake.example.com",
+      connect_failed?:  false,
+      peer_certificate: san_x509_cert_double
+    )
+  end
+
+  let(:scanner_double) do
+    double(
+      X509Sleuth::Scanner,
+      clients: [simple_client_double, san_client_double]
+    )
+  end
+
+  let(:scanner_presenter) { described_class.new(scanner_double) }
+
+
+  describe "#tableize" do
+    let(:ok_client_tableized_results) do
+      [
+        {
+          host:       simple_client_double.host,
+          subject:    simple_x509_cert_double.subject,
+          common_name: "*.mydomain.tld",
+          alt_names:  "",
+          issuer:     simple_x509_cert_double.issuer,
+          serial:     simple_x509_cert_double.serial,
+          not_before: simple_x509_cert_double.not_before,
+          not_after:  simple_x509_cert_double.not_after
+        },
+        {
+          host:       san_client_double.host,
+          subject:    san_x509_cert_double.subject,
+          common_name: "fake.example.com",
+          alt_names:  "foo.example.com,bar.example.com",
+          issuer:     san_x509_cert_double.issuer,
+          serial:     san_x509_cert_double.serial,
+          not_before: san_x509_cert_double.not_before,
+          not_after:  san_x509_cert_double.not_after
+        }
+      ]
+    end
+
+    it "returns the expected Formatador table" do
+      ok_client_tableized_results.each do |cert_details|
+        expect(scanner_presenter.tableize(scanner_double.clients)).to include(cert_details)
+      end
+    end
+  end
+end

data/spec/x509_sleuth/scanner_presenter_spec.rb

@@ -0,0 +1,94 @@
+require_relative "../spec_helper"
+
+describe X509Sleuth::ScannerPresenter do
+  let(:x509_cert_double) do
+    double(
+      OpenSSL::X509::Certificate,
+      subject:    "/OU=Domain Control Validated"\
+                  "/CN=*.mydomain.tld",
+      issuer:     "/C=US"\
+                  "/ST=Arizona"\
+                  "/L=Scottsdale"\
+                  "/O=GoDaddy.com, Inc."\
+                  "/OU=http://certs.godaddy.com/repository/"\
+                  "/CN=Go Daddy Secure Certificate Authority - G2",
+      serial:     12227668858515977,
+      not_before: Time.utc(2014, 4,  10, 20, 19, 9),
+      not_after:  Time.utc(2014, 10, 3,  23, 22, 57)
+    ) 
+  end
+
+  let(:ok_client_double) do
+    instance_double(
+      X509Sleuth::Client,
+      host:             "ok.client.tld",
+      connect_failed?:  false,
+      peer_certificate: x509_cert_double
+    )
+  end
+
+  let(:failed_client_double) do
+    instance_double(
+      X509Sleuth::Client,
+      host:             "failed.client.tld",
+      connect_failed?:  true,
+      connect_error:    TimeoutError.new,
+      peer_certificate: nil
+    )
+  end
+
+  let(:scanner_double) do
+    double(
+      X509Sleuth::Scanner,
+      clients: [ok_client_double, failed_client_double]
+    )
+  end
+
+  let(:scanner_presenter) { described_class.new(scanner_double) }
+
+  context "instances" do
+    subject { scanner_presenter }
+
+    it { should respond_to(:scanner).with(0).arguments }
+    it { should respond_to(:tableize).with(1).argument }
+    it { should respond_to(:filter).with(0).arguments }
+    it { should respond_to(:to_s).with(0).arguments }
+  end
+
+  describe "#filter" do 
+    it "removes failed clients" do
+      filtered = scanner_presenter.filter()
+      expect(filtered).to include(ok_client_double)
+      expect(filtered).to_not include(failed_client_double)
+    end
+  end
+
+  describe "#tableize" do
+    let(:ok_client_tableized_result) do
+      {
+        host:       ok_client_double.host,
+        subject:    x509_cert_double.subject,
+        issuer:     x509_cert_double.issuer,
+        serial:     x509_cert_double.serial,
+        not_before: x509_cert_double.not_before,
+        not_after:  x509_cert_double.not_after
+      }
+    end
+
+    let(:failed_client_tableized_result) do
+      {
+        host:             "failed.client.tld",
+        connect_failed?:  true,
+        connect_error:    TimeoutError.new
+      }
+    end
+
+    it "returns the expected Formatador table" do
+      expect(scanner_presenter.tableize(scanner_double.clients())).to include(ok_client_tableized_result)
+    end
+
+    it "excludes clients with failed connections" do
+      expect(scanner_presenter.tableize(scanner_presenter.filter())).to_not include(failed_client_tableized_result)
+    end
+  end
+end

data/spec/x509_sleuth/scanner_spec.rb

@@ -0,0 +1,86 @@
+require_relative "../spec_helper"
+
+describe X509Sleuth::Scanner do
+  let(:scanner) { described_class.new }
+  let(:scanner_with_overrides) { described_class.new(concurrency: 127) }
+  let(:cidr_target_string) { "127.0.0.1/30" }
+  let(:host_target_string) { "bigserver.domain.local" }
+  let(:scanner_targets) do
+    [
+      X509Sleuth::Scanner::Target.new(cidr_target_string),
+      X509Sleuth::Scanner::Target.new(host_target_string)
+    ]
+  end
+
+  context "instances" do
+    subject { scanner }
+
+    it { should respond_to(:add_target).with(1).arguments }
+    it { should_not respond_to(:add_target).with(0).arguments }
+    it { should respond_to(:targets).with(0).arguments }
+    it { should respond_to(:clients).with(0).arguments }
+    it { should respond_to(:concurrency) }
+    it { should respond_to(:clients).with(0).arguments }
+    it { should respond_to(:run).with(0).arguments }
+
+    context "with option overrides" do
+      subject { scanner_with_overrides }
+      it "returns overrides" do
+        expect(subject.concurrency).to eq(127)
+      end
+    end
+  end
+
+  describe "#add_target" do
+    it "adds the target to the targets list" do
+      scanner.add_target(cidr_target_string)
+
+      expect(scanner.targets).to have(1).item
+      expect(scanner.targets).to be_all { |item| item.is_a?(X509Sleuth::Scanner::Target) }
+    end
+
+    it "appends to an existing targets list" do
+      scanner.add_target(cidr_target_string)
+      scanner.add_target(host_target_string)
+
+      expect(scanner.targets).to have(2).items
+    end
+  end
+
+  describe "#clients" do
+    before do
+      allow(scanner).to receive(:targets).and_return(scanner_targets)
+    end
+
+    it "contains a collection of clients from the loaded targets" do
+      scanner.add_target(cidr_target_string)
+      scanner.add_target(host_target_string)
+
+      expect(scanner.clients).to have(3).items
+      expect(scanner.clients).to be_all { |item| item.is_a?(X509Sleuth::Client) }
+    end
+  end
+
+  describe "#run" do
+    let(:client_double) { double(X509Sleuth::Client) }
+    let(:scanner_clients) { [client_double, client_double] }
+
+    before do
+      allow(scanner).to receive(:clients).and_return(scanner_clients)
+    end
+
+    it "connects to all the hosts" do
+      expect(client_double).to receive(:connect).exactly(2).times
+      scanner.run
+    end
+
+    it "scans the expected number of hosts in parallel" do
+      expect(Parallel).to receive(:each) do |arg1, arg2|
+        expect(arg1).to eq(scanner_clients)
+        expect(arg2).to include(in_threads: 5)
+      end
+
+      scanner.run
+    end
+  end
+end

data/spec/x509_sleuth_spec.rb

@@ -0,0 +1,7 @@
+require "spec_helper"
+
+describe X509Sleuth do
+  it "returns the correct version string" do
+    expect(described_class.version_string).to eq("X509 Sleuth version #{X509Sleuth::VERSION}")
+  end
+end

metadata

@@ -0,0 +1,178 @@
+--- !ruby/object:Gem::Specification
+name: x509_sleuth
+version: !ruby/object:Gem::Version
+  version: 0.0.3
+platform: ruby
+authors:
+- Richard Henning
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-04-11 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: formatador
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: netaddr
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: parallel
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: thor
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.1.0
+- !ruby/object:Gem::Dependency
+  name: rspec-collection_matchers
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.1.2
+- !ruby/object:Gem::Dependency
+  name: travis-lint
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: 
+email: rich@tonaleclipse.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/x509_sleuth/cli.rb
+- lib/x509_sleuth/client.rb
+- lib/x509_sleuth/scanner/target.rb
+- lib/x509_sleuth/scanner.rb
+- lib/x509_sleuth/scanner_detailed_presenter.rb
+- lib/x509_sleuth/scanner_presenter.rb
+- lib/x509_sleuth/version.rb
+- lib/x509_sleuth.rb
+- spec/spec_helper.rb
+- spec/x509_sleuth/client_spec.rb
+- spec/x509_sleuth/scanner/target_spec.rb
+- spec/x509_sleuth/scanner_detailed_presenter_spec.rb
+- spec/x509_sleuth/scanner_presenter_spec.rb
+- spec/x509_sleuth/scanner_spec.rb
+- spec/x509_sleuth_spec.rb
+homepage: https://github.com/rhenning/x509_sleuth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: A tool to remotely scan for and investigate X.509 certificates used in SSL/TLS
+test_files:
+- spec/spec_helper.rb
+- spec/x509_sleuth/client_spec.rb
+- spec/x509_sleuth/scanner/target_spec.rb
+- spec/x509_sleuth/scanner_detailed_presenter_spec.rb
+- spec/x509_sleuth/scanner_presenter_spec.rb
+- spec/x509_sleuth/scanner_spec.rb
+- spec/x509_sleuth_spec.rb
+has_rdoc: