cryptcheck/lib/cryptcheck/tls/fixture.rb

require 'openssl'

class ::OpenSSL::PKey::EC
	def type
		:ecc
	end

	def size
		self.group.degree
	end

	def curve
		self.group.curve_name
	end

	def to_s
		"ECC #{self.size} bits"
	end

	protected
	include ::CryptCheck::State

	CHECKS = [
			[:ecc, %i(critical error warning), -> (s) do
				case s.size
					when 0...160
						:critical
					when 160...192
						:error
					when 192...256
						:warning
				end
			end]
	].freeze

	def available_checks
		CHECKS
	end
end

class ::OpenSSL::PKey::RSA
	def type
		:rsa
	end

	def size
		self.n.num_bits
	end

	def to_s
		"RSA #{self.size} bits"
	end

	protected
	include ::CryptCheck::State

	CHECKS = [
			[:rsa, %i(critical error), -> (s) do
				case s.size
					when 0...1024
						:critical
					when 1024...2048
						:error
				end
			end]
	].freeze

	def available_checks
		CHECKS
	end
end

class ::OpenSSL::PKey::DSA
	def type
		:dsa
	end

	def size
		self.p.num_bits
	end

	def to_s
		"DSA #{self.size} bits"
	end

	include ::CryptCheck::State

	CHECKS = [
			[:dsa, :critical, -> (_) { true }]
	].freeze

	protected
	def available_checks
		CHECKS
	end
end

class ::OpenSSL::PKey::DH
	def type
		:dh
	end

	def size
		self.p.num_bits
	end

	def to_s
		"DH #{self.size} bits"
	end

	protected
	include ::CryptCheck::State

	CHECKS = [
			[:dh, %i(critical error), -> (s) do
				case s.size
					when 0...1024
						:critical
					when 1024...2048
						:error
				end
			end]
	].freeze

	protected
	def available_checks
		CHECKS
	end
end

class ::OpenSSL::X509::Store
	def add_chains(chains)
		chains = [chains] unless chains.is_a? Enumerable
		chains.each do |chain|
			case chain
				when ::OpenSSL::X509::Certificate
					self.add_cert chain
				else
					if File.directory?(chain)
						Dir.entries(chain)
								.collect { |e| File.join chain, e }
								.select { |e| File.file? e }
								.each { |f| self.add_file f }
					else
						self.add_file chain
					end
			end
		end
	end
end
Refactoring for usage on RoR application 2015-08-22 21:50:17 +00:00			`require 'openssl'`

Display DH parameter size 2015-08-19 16:04:13 +00:00			`class ::OpenSSL::PKey::EC`
			`def type`
			`:ecc`
			`end`

			`def size`
			`self.group.degree`
			`end`

Refactor TLS server 2017-01-07 00:26:48 +00:00			`def curve`
			`self.group.curve_name`
			`end`

Display DH parameter size 2015-08-19 16:04:13 +00:00			`def to_s`
			`"ECC #{self.size} bits"`
			`end`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00
Refactor checks & states 2017-04-08 20:20:14 +00:00			`protected`
Remove Statused class 2017-02-05 22:41:16 +00:00			`include ::CryptCheck::State`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00
			`CHECKS = [`
Refactor checks & states 2017-04-08 20:20:14 +00:00			`[:ecc, %i(critical error warning), -> (s) do`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`case s.size`
			`when 0...160`
			`:critical`
			`when 160...192`
			`:error`
			`when 192...256`
			`:warning`
			`end`
			`end]`
			`].freeze`

Refactor checks & states 2017-04-08 20:20:14 +00:00			`def available_checks`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`CHECKS`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00			`end`
Display DH parameter size 2015-08-19 16:04:13 +00:00			`end`

			`class ::OpenSSL::PKey::RSA`
			`def type`
			`:rsa`
			`end`

			`def size`
			`self.n.num_bits`
			`end`

			`def to_s`
			`"RSA #{self.size} bits"`
			`end`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00
Refactor checks & states 2017-04-08 20:20:14 +00:00			`protected`
Remove Statused class 2017-02-05 22:41:16 +00:00			`include ::CryptCheck::State`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00
			`CHECKS = [`
Refactor checks & states 2017-04-08 20:20:14 +00:00			`[:rsa, %i(critical error), -> (s) do`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`case s.size`
			`when 0...1024`
			`:critical`
			`when 1024...2048`
			`:error`
			`end`
			`end]`
			`].freeze`

Refactor checks & states 2017-04-08 20:20:14 +00:00			`def available_checks`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`CHECKS`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00			`end`
Display DH parameter size 2015-08-19 16:04:13 +00:00			`end`

			`class ::OpenSSL::PKey::DSA`
			`def type`
			`:dsa`
			`end`

			`def size`
			`self.p.num_bits`
			`end`

			`def to_s`
			`"DSA #{self.size} bits"`
			`end`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00
Remove Statused class 2017-02-05 22:41:16 +00:00			`include ::CryptCheck::State`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00
			`CHECKS = [`
Refactor checks & states 2017-04-08 20:20:14 +00:00			`[:dsa, :critical, -> (_) { true }]`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`].freeze`

Refactor checks & states 2017-04-08 20:20:14 +00:00			`protected`
			`def available_checks`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`CHECKS`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00			`end`
Display DH parameter size 2015-08-19 16:04:13 +00:00			`end`

			`class ::OpenSSL::PKey::DH`
			`def type`
			`:dh`
			`end`

			`def size`
			`self.p.num_bits`
			`end`

			`def to_s`
			`"DH #{self.size} bits"`
			`end`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00
Refactor checks & states 2017-04-08 20:20:14 +00:00			`protected`
Remove Statused class 2017-02-05 22:41:16 +00:00			`include ::CryptCheck::State`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00
			`CHECKS = [`
Refactor checks & states 2017-04-08 20:20:14 +00:00			`[:dh, %i(critical error), -> (s) do`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`case s.size`
			`when 0...1024`
			`:critical`
			`when 1024...2048`
			`:error`
			`end`
			`end]`
			`].freeze`

Refactor checks & states 2017-04-08 20:20:14 +00:00			`protected`
			`def available_checks`
Move checks from grade to server/cert/key/dh 2017-02-05 17:59:46 +00:00			`CHECKS`
Separate ECC from RSA for key status 2016-11-11 15:59:33 +00:00			`end`
Display DH parameter size 2015-08-19 16:04:13 +00:00			`end`
Certificate trust chain check 2017-01-22 19:06:14 +00:00
			`class ::OpenSSL::X509::Store`
			`def add_chains(chains)`
			`chains = [chains] unless chains.is_a? Enumerable`
			`chains.each do \|chain\|`
			`case chain`
			`when ::OpenSSL::X509::Certificate`
			`self.add_cert chain`
			`else`
			`if File.directory?(chain)`
			`Dir.entries(chain)`
			`.collect { \|e\| File.join chain, e }`
			`.select { \|e\| File.file? e }`
			`.each { \|f\| self.add_file f }`
			`else`
			`self.add_file chain`
			`end`
			`end`
			`end`
			`end`
			`end`