Generic TLS checker

v1
Aeris 2015-09-10 00:31:01 +02:00
parent b20c94ff2d
commit 1043ad3e29
25 changed files with 160 additions and 119 deletions

16
.gitignore vendored
View File

@ -1,12 +1,14 @@
/.bundle/
.bundle/
.generators
.rakeTasks
*.iml
Gemfile.lock
/db/*.sqlite3
/db/*.sqlite3-journal
/log/*
!/log/.keep
/tmp
/tmp/
/public/assets/
*.iml
Gemfile.lock
.generators
.rakeTasks
/deploy.sh
/.excluded

View File

@ -0,0 +1,18 @@
$ ->
tls_submit = ->
host = $('#tls_check_host').val()
port = $('#tls_check_port').val()
if port == ''
alert 'Veuillez saisir un port'
return
window.location.href = "<%= Rails.configuration.relative_url_root %>/tls/#{host}:#{port}"
$('#tls_check_host').keypress (e) ->
tls_submit() if e.which == 13
return
$('#tls_check_port').keypress (e) ->
tls_submit() if e.which == 13
return
$('#tls_check_submit').click ->
tls_submit()
return

View File

@ -44,3 +44,9 @@ body {
.progress {
margin: 0;
}
#check,
#ssh_check,
#tls_check {
margin-top: 100px;
}

View File

@ -1,3 +0,0 @@
#check {
margin-top: 100px;
}

View File

@ -1,3 +0,0 @@
// Place all the styles related to the Smtp controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/

View File

@ -1,3 +0,0 @@
// Place all the styles related to the ssh controller here.
// They will automatically be included in application.css.
// You can use Sass (SCSS) here: http://sass-lang.com/

View File

View File

@ -1,16 +1,8 @@
class CheckController < ApplicationController
before_action :check_host
before_action :check_host, except: %i(index)
helper_method :tls_type, :type
def check_host
@host = params[:id]
@idn = SimpleIDN.to_ascii @host
if /[^a-zA-Z0-9.-]/.match @idn
flash[:danger] = "Hôte #{@host} invalide"
redirect_to :root
return false
end
@result = Datastore.host self.type, @idn
def index
end
def show
@ -34,7 +26,19 @@ class CheckController < ApplicationController
protected
def enqueue_host
Datastore.pending self.type, @host
self.worker.perform_async @idn
self.worker.perform_async *(@port ? [@idn, @port] : [@idn])
@result = OpenStruct.new pending: true , date: Time.now
end
def check_host
@host, @port = params[:id].split ':'
@idn = SimpleIDN.to_ascii @host
if /[^a-zA-Z0-9.-]/.match @idn
flash[:danger] = "Hôte #{@host} invalide"
redirect_to action: :index
return false
end
@host = "#{@idn}:#{@port}" if @port
@result = Datastore.host self.type, @host
end
end

View File

@ -1,7 +1,4 @@
class SiteController < ApplicationController
def index
end
def ciphers
end
end

View File

@ -1,43 +1,14 @@
class SshController < ApplicationController
before_action :check_host, except: %i(index)
def check_host
@host, @port = params[:id].split ':'
@idn = SimpleIDN.to_ascii @host
if /[^a-zA-Z0-9.-]/.match @idn
flash[:danger] = "Hôte #{@host} invalide"
redirect_to :index
return false
end
@host = "#{@idn}:#{@port}"
@result = Datastore.host :ssh, @host
end
def index
end
def show
enqueue_host unless @result
return render :processing if @result.pending
return render :no_ssh if @result.no_ssh
end
def refresh
unless @result.pending
refresh_allowed = @result.date + Rails.configuration.refresh_delay
if Time.now < refresh_allowed
flash[:warning] = "Merci dattendre au moins #{l refresh_allowed} pour rafraîchir"
return redirect_to action: :show, id: @host
end
enqueue_host
end
redirect_to action: :show
end
class SshController < CheckController
protected
def enqueue_host
Datastore.pending :ssh, @host
SSHWorker.perform_async @idn, @port
@result = OpenStruct.new pending: true, date: Time.now
def type
:ssh
end
def worker
SSHWorker
end
def tls_type
'SSH'
end
end

View File

@ -0,0 +1,14 @@
class TlsController < CheckController
protected
def type
:tls
end
def worker
TLSWorker
end
def tls_type
'TLS'
end
end

View File

@ -0,0 +1,2 @@
module TlsHelper
end

View File

@ -6,6 +6,7 @@
</div>
<ul class="nav navbar-nav">
<li><%= link_to 'HTTPS / SMTP / XMPP', root_path %></li>
<li><%= link_to 'TLS', tls_path %></li>
<li><%= link_to 'SSH', ssh_path %></li>
</ul>
<ul class="nav navbar-nav navbar-right">

View File

@ -1,12 +0,0 @@
<div id="check" class="container">
<div class="row">
<div class="col-sm-8 col-sm-offset-2">
<h1>
<%= @host %> ne supporte pas SSH
</h1>
<% if Time.now - @result.date >= Rails.configuration.refresh_delay %>
<%= link_to 'Rafraîchir', {action: :refresh}, class: %i(btn btn-default pull-right) %>
<% end %>
</div>
</div>
</div>

View File

@ -1,20 +0,0 @@
<% content_for :head do %>
<meta http-equiv="refresh" content="10">
<% end %>
<div id="check" class="container">
<div class="row">
<div class="col-sm-8 col-sm-offset-2">
<h1>
<i class="fa fa-spinner fa-pulse"></i>
[SSH] Analyse en cours de <%= @host %>
</h1>
<p class="small">
Début de lanalyse : <%= l @result.date %>
</p>
<p class="pull-right">
Merci de patienter…
<span class="small">(Cette page se rafraîchit automatiquement toutes les 10 secondes)</span>
</p>
</div>
</div>
</div>

View File

@ -0,0 +1,18 @@
<div id="tls_check" class="container">
<div class="row">
<div class="col-sm-12">
<h1>Vérifier votre serveur TLS</h1>
<div class="form-group">
<div class="col-sm-8">
<%= text_field_tag :tls_check_host, nil, class: %i(form-control input-lg), placeholder: 'your-site.com' %>
</div>
<div class="col-sm-2">
<%= text_field_tag :tls_check_port, nil, class: %i(form-control input-lg), placeholder: 'port' %>
</div>
<div class="col-sm-2">
<%= submit_tag 'Test-moi !', id: 'tls_check_submit', class: %i(form-control btn btn-primary input-lg pull-right) %>
</div>
</div>
</div>
</div>
</div>

View File

@ -9,11 +9,12 @@ class CheckWorker
key.nil? ? nil : { type: key.type, size: key.size, rsa_size: key.rsa_equivalent_size }
end
def perform(host)
def perform(host, port=nil)
idn = SimpleIDN.to_ascii host
host = "#{host}:#{port}" if port
result = begin
server = self.module::Server.new idn
grade = self.module::Grade.new server
server = self.server.new *(port ? [idn, port] : [idn])
grade = self.grade.new server
result = {
key: key_to_json(server.key),
dh: server.dh.collect { |k| key_to_json k },
@ -34,7 +35,6 @@ class CheckWorker
}
}
self.result server, grade, result
rescue CryptCheck::Tls::Server::TLSNotAvailableException
{ no_tls: true }

View File

@ -2,8 +2,11 @@ class HTTPSWorker < CheckWorker
sidekiq_options retry: false
protected
def module
CryptCheck::Tls::Https
def server
CryptCheck::Tls::Https::Server
end
def grade
CryptCheck::Tls::Https::Grade
end
def type

View File

@ -2,8 +2,11 @@ class SMTPWorker < CheckWorker
sidekiq_options retry: false
protected
def module
CryptCheck::Tls::Smtp
def server
CryptCheck::Tls::Smtp::Server
end
def grade
CryptCheck::Tls::Smtp::Grade
end
def type

View File

@ -5,7 +5,7 @@ class SSHWorker
include Sidekiq::Worker
sidekiq_options retry: false
def perform(host, port)
def perform(host, port=nil)
idn = SimpleIDN.to_ascii host
result = begin
server = CryptCheck::Ssh::Server.new idn, port
@ -17,7 +17,7 @@ class SSHWorker
key: server.key
}
rescue CryptCheck::Ssh::Server::SshNotAvailableException
{ no_ssh: true }
{ no_tls: true }
end
Datastore.post :ssh, "#{host}:#{port}", result
end

View File

@ -0,0 +1,15 @@
class TLSWorker < CheckWorker
sidekiq_options retry: false
protected
def server
CryptCheck::Tls::TcpServer
end
def grade
CryptCheck::Tls::Grade
end
def type
:tls
end
end

View File

@ -2,8 +2,11 @@ class XMPPWorker < CheckWorker
sidekiq_options retry: false
protected
def module
CryptCheck::Tls::Xmpp
def server
CryptCheck::Tls::Xmpp::Server
end
def grade
CryptCheck::Tls::Xmpp::Grade
end
def type

View File

@ -1,25 +1,31 @@
Rails.application.routes.draw do
namespace :https, id: /[^\/]*/ do
namespace :https, id: /[^\/]+/ do
get ':id/', action: :show
get ':id/refresh', action: :refresh, as: :refresh
end
namespace :smtp, id: /[^\/]*/ do
namespace :smtp, id: /[^\/]+/ do
get ':id/', action: :show
get ':id/refresh', action: :refresh, as: :refresh
end
namespace :xmpp, id: /[^\/]*/ do
namespace :xmpp, id: /[^\/]+/ do
get ':id/', action: :show
get ':id/refresh', action: :refresh, as: :refresh
end
namespace :ssh, id: /[^\/]*/ do
namespace :tls, id: /[^\/]+/ do
get '/', action: :index
get ':id/', action: :show
get ':id/refresh', action: :refresh, as: :refresh
end
root 'site#index'
namespace :ssh, id: /[^\/]+/ do
get '/', action: :index
get ':id/', action: :show
get ':id/refresh', action: :refresh, as: :refresh
end
root 'https#index'
get '/ciphers' => 'site#ciphers'
end

View File

@ -0,0 +1,19 @@
require 'test_helper'
class TlsControllerTest < ActionController::TestCase
test "should get index" do
get :index
assert_response :success
end
test "should get show" do
get :show
assert_response :success
end
test "should get refresh" do
get :refresh
assert_response :success
end
end