From 366a078dee0aa68ff84273c18511789caffba8cd Mon Sep 17 00:00:00 2001 From: aeris Date: Sun, 12 Feb 2017 00:32:42 +0100 Subject: [PATCH] Manage host --- lib/cryptcheck.rb | 13 ++------- lib/cryptcheck/tls/host.rb | 47 ++++++++++++++++++++++++++++++ lib/cryptcheck/tls/https/host.rb | 31 ++++++++++++++++++++ lib/cryptcheck/tls/https/server.rb | 2 +- 4 files changed, 81 insertions(+), 12 deletions(-) create mode 100644 lib/cryptcheck/tls/host.rb create mode 100644 lib/cryptcheck/tls/https/host.rb diff --git a/lib/cryptcheck.rb b/lib/cryptcheck.rb index e0352df..4f615ea 100644 --- a/lib/cryptcheck.rb +++ b/lib/cryptcheck.rb @@ -4,20 +4,9 @@ require 'timeout' require 'yaml' module CryptCheck - MAX_ANALYSIS_DURATION = 600 PARALLEL_ANALYSIS = 10 - class AnalysisFailure - attr_reader :error - def initialize(error) - @error = error - end - - def to_s - @error.to_s - end - end class NoTLSAvailableServer attr_reader :server @@ -43,11 +32,13 @@ module CryptCheck autoload :TcpServer, 'cryptcheck/tls/server' autoload :UdpServer, 'cryptcheck/tls/server' autoload :Grade, 'cryptcheck/tls/grade' + autoload :Host, 'cryptcheck/tls/host' autoload :Https, 'cryptcheck/tls/https' module Https autoload :Server, 'cryptcheck/tls/https/server' autoload :Grade, 'cryptcheck/tls/https/grade' + autoload :Host, 'cryptcheck/tls/https/host' end autoload :Xmpp, 'cryptcheck/tls/xmpp' diff --git a/lib/cryptcheck/tls/host.rb b/lib/cryptcheck/tls/host.rb new file mode 100644 index 0000000..434f1f3 --- /dev/null +++ b/lib/cryptcheck/tls/host.rb @@ -0,0 +1,47 @@ +require 'timeout' + +module CryptCheck + module Tls + class AnalysisFailure + attr_reader :error + + def initialize(error) + @error = error + end + + def to_s + @error.to_s + end + end + + class TooLongAnalysis < AnalysisFailure + def initialize + super "Too long analysis (max #{Host::MAX_ANALYSIS_DURATION.humanize})" + end + end + + class Host + MAX_ANALYSIS_DURATION = 600 + + attr_reader :servers + + def initialize + first = true + @servers = resolve.collect do |args| + first ? (first = false) : Logger.info { '' } + result = begin + server = ::Timeout.timeout MAX_ANALYSIS_DURATION do + server(*args) + end + grade(server) + rescue Engine::TLSException => e + AnalysisFailure.new e + rescue ::Timeout::Error + TooLongAnalysis.new + end + [args, result] + end.to_h + end + end + end +end diff --git a/lib/cryptcheck/tls/https/host.rb b/lib/cryptcheck/tls/https/host.rb new file mode 100644 index 0000000..87508e7 --- /dev/null +++ b/lib/cryptcheck/tls/https/host.rb @@ -0,0 +1,31 @@ +module CryptCheck + module Tls + module Https + class Host < Tls::Host + def initialize(hostname, port=443) + @hostname, @port = hostname, port + super() + end + + private + def resolve + begin + ip = IPAddr.new @hostname + return [[nil, ip.to_s, ip.family]] + rescue IPAddr::InvalidAddressError + end + ::Addrinfo.getaddrinfo(@hostname, nil, nil, :STREAM) + .collect { |a| [@hostname, a.ip_address, a.afamily] } + end + + def server(hostname, ip, family) + Https::Server.new hostname, ip, family, @port + end + + def grade(server) + Https::Grade.new server + end + end + end + end +end diff --git a/lib/cryptcheck/tls/https/server.rb b/lib/cryptcheck/tls/https/server.rb index 56e0f32..96b0446 100644 --- a/lib/cryptcheck/tls/https/server.rb +++ b/lib/cryptcheck/tls/https/server.rb @@ -6,7 +6,7 @@ module CryptCheck class Server < Tls::TcpServer attr_reader :hsts - def initialize(hostname, family, ip, port=443) + def initialize(hostname, ip, family, port=443) super fetch_hsts end