30 changed files with 895 additions and 506 deletions
@ -1,4 +1,114 @@ |
|||
#!/bin/bash |
|||
: ${RBENV_ROOT:=$HOME/.rbenv} |
|||
DIR="$(readlink -m "$(dirname "$0")")" |
|||
LD_LIBRARY_PATH="${DIR}/../lib" "${RBENV_ROOT}/shims/bundle" $* |
|||
#!/usr/bin/env ruby |
|||
# frozen_string_literal: true |
|||
|
|||
# |
|||
# This file was generated by Bundler. |
|||
# |
|||
# The application 'bundle' is installed as part of a gem, and |
|||
# this file is here to facilitate running it. |
|||
# |
|||
|
|||
require "rubygems" |
|||
|
|||
m = Module.new do |
|||
module_function |
|||
|
|||
def invoked_as_script? |
|||
File.expand_path($0) == File.expand_path(__FILE__) |
|||
end |
|||
|
|||
def env_var_version |
|||
ENV["BUNDLER_VERSION"] |
|||
end |
|||
|
|||
def cli_arg_version |
|||
return unless invoked_as_script? # don't want to hijack other binstubs |
|||
return unless "update".start_with?(ARGV.first || " ") # must be running `bundle update` |
|||
bundler_version = nil |
|||
update_index = nil |
|||
ARGV.each_with_index do |a, i| |
|||
if update_index && update_index.succ == i && a =~ Gem::Version::ANCHORED_VERSION_PATTERN |
|||
bundler_version = a |
|||
end |
|||
next unless a =~ /\A--bundler(?:[= ](#{Gem::Version::VERSION_PATTERN}))?\z/ |
|||
bundler_version = $1 |
|||
update_index = i |
|||
end |
|||
bundler_version |
|||
end |
|||
|
|||
def gemfile |
|||
gemfile = ENV["BUNDLE_GEMFILE"] |
|||
return gemfile if gemfile && !gemfile.empty? |
|||
|
|||
File.expand_path("../../Gemfile", __FILE__) |
|||
end |
|||
|
|||
def lockfile |
|||
lockfile = |
|||
case File.basename(gemfile) |
|||
when "gems.rb" then gemfile.sub(/\.rb$/, gemfile) |
|||
else "#{gemfile}.lock" |
|||
end |
|||
File.expand_path(lockfile) |
|||
end |
|||
|
|||
def lockfile_version |
|||
return unless File.file?(lockfile) |
|||
lockfile_contents = File.read(lockfile) |
|||
return unless lockfile_contents =~ /\n\nBUNDLED WITH\n\s{2,}(#{Gem::Version::VERSION_PATTERN})\n/ |
|||
Regexp.last_match(1) |
|||
end |
|||
|
|||
def bundler_version |
|||
@bundler_version ||= |
|||
env_var_version || cli_arg_version || |
|||
lockfile_version |
|||
end |
|||
|
|||
def bundler_requirement |
|||
return "#{Gem::Requirement.default}.a" unless bundler_version |
|||
|
|||
bundler_gem_version = Gem::Version.new(bundler_version) |
|||
|
|||
requirement = bundler_gem_version.approximate_recommendation |
|||
|
|||
return requirement unless Gem::Version.new(Gem::VERSION) < Gem::Version.new("2.7.0") |
|||
|
|||
requirement += ".a" if bundler_gem_version.prerelease? |
|||
|
|||
requirement |
|||
end |
|||
|
|||
def load_bundler! |
|||
ENV["BUNDLE_GEMFILE"] ||= gemfile |
|||
|
|||
activate_bundler |
|||
end |
|||
|
|||
def activate_bundler |
|||
gem_error = activation_error_handling do |
|||
gem "bundler", bundler_requirement |
|||
end |
|||
return if gem_error.nil? |
|||
require_error = activation_error_handling do |
|||
require "bundler/version" |
|||
end |
|||
return if require_error.nil? && Gem::Requirement.new(bundler_requirement).satisfied_by?(Gem::Version.new(Bundler::VERSION)) |
|||
warn "Activating bundler (#{bundler_requirement}) failed:\n#{gem_error.message}\n\nTo install the version of bundler this project requires, run `gem install bundler -v '#{bundler_requirement}'`" |
|||
exit 42 |
|||
end |
|||
|
|||
def activation_error_handling |
|||
yield |
|||
nil |
|||
rescue StandardError, LoadError => e |
|||
e |
|||
end |
|||
end |
|||
|
|||
m.load_bundler! |
|||
|
|||
if m.invoked_as_script? |
|||
load Gem.bin_path("bundler", "bundle") |
|||
end |
|||
|
@ -0,0 +1,7 @@ |
|||
#!/usr/bin/env ruby |
|||
require 'rubygems' |
|||
require 'bundler/setup' |
|||
require 'pry' |
|||
require 'cryptcheck' |
|||
|
|||
Pry.start |
@ -1,2 +1,29 @@ |
|||
#!/bin/bash |
|||
LD_PRELOAD=${PWD}/lib/libfaketime.so LD_LIBRARY_PATH=${PWD}/lib bundle exec rspec $@ |
|||
#!/usr/bin/env ruby |
|||
# frozen_string_literal: true |
|||
|
|||
# |
|||
# This file was generated by Bundler. |
|||
# |
|||
# The application 'rspec' is installed as part of a gem, and |
|||
# this file is here to facilitate running it. |
|||
# |
|||
|
|||
require "pathname" |
|||
ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile", |
|||
Pathname.new(__FILE__).realpath) |
|||
|
|||
bundle_binstub = File.expand_path("../bundle", __FILE__) |
|||
|
|||
if File.file?(bundle_binstub) |
|||
if File.read(bundle_binstub, 300) =~ /This file was generated by Bundler/ |
|||
load(bundle_binstub) |
|||
else |
|||
abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run. |
|||
Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.") |
|||
end |
|||
end |
|||
|
|||
require "rubygems" |
|||
require "bundler/setup" |
|||
|
|||
load Gem.bin_path("rspec-core", "rspec") |
|||
|
@ -1 +0,0 @@ |
|||
runner |
@ -0,0 +1,5 @@ |
|||
#!/usr/bin/env ruby |
|||
require 'bundler/setup' |
|||
require 'cryptcheck' |
|||
require 'pry-byebug' |
|||
CryptCheck::Tls::Https.analyze 'localhost', 443 |
@ -1,52 +0,0 @@ |
|||
class String |
|||
alias :colorize_old :colorize |
|||
|
|||
COLORS = { |
|||
critical: { color: :white, background: :red }, |
|||
error: :red, |
|||
warning: :light_red, |
|||
good: :green, |
|||
great: :blue, |
|||
best: :magenta, |
|||
unknown: { background: :black } |
|||
} |
|||
|
|||
def colorize(state) |
|||
color = COLORS[state] || state |
|||
self.colorize_old color |
|||
end |
|||
end |
|||
|
|||
class Exception |
|||
BACKTRACE_REGEXP = /^(.*):(\d+):in `(.*)'$/ |
|||
|
|||
def colorize |
|||
$stderr.puts self.message.colorize(:red) |
|||
self.backtrace.each do |line| |
|||
line = BACKTRACE_REGEXP.match line |
|||
line = '%s:%s:in `%s\'' % [ |
|||
line[1].colorize(:yellow), |
|||
line[2].colorize(:blue), |
|||
line[3].colorize(:magenta) |
|||
] |
|||
$stderr.puts line |
|||
end |
|||
end |
|||
end |
|||
|
|||
class Integer |
|||
def humanize |
|||
secs = self |
|||
[[60, :second], |
|||
[60, :minute], |
|||
[24, :hour], |
|||
[30, :day], |
|||
[12, :month]].map do |count, name| |
|||
if secs > 0 |
|||
secs, n = secs.divmod count |
|||
n = n.to_i |
|||
n > 0 ? "#{n} #{name}#{n > 1 ? 's' : ''}" : nil |
|||
end |
|||
end.compact.reverse.join ' ' |
|||
end |
|||
end |
@ -1,185 +0,0 @@ |
|||
require 'openssl' |
|||
|
|||
class ::OpenSSL::PKey::PKey |
|||
def fingerprint |
|||
::OpenSSL::Digest::SHA256.hexdigest self.to_der |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::PKey::EC |
|||
def type |
|||
:ecc |
|||
end |
|||
|
|||
def size |
|||
self.group.degree |
|||
end |
|||
|
|||
def curve |
|||
self.group.curve_name |
|||
end |
|||
|
|||
def to_s |
|||
"ECC #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
protected |
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:ecc, %i(critical error warning), -> (s) do |
|||
case s.size |
|||
when 0...160 |
|||
:critical |
|||
when 160...192 |
|||
:error |
|||
when 192...256 |
|||
:warning |
|||
else |
|||
false |
|||
end |
|||
end] |
|||
].freeze |
|||
|
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::PKey::RSA |
|||
def type |
|||
:rsa |
|||
end |
|||
|
|||
def size |
|||
self.n.num_bits |
|||
end |
|||
|
|||
def to_s |
|||
"RSA #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ type: :rsa, size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
protected |
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:rsa, %i(critical error), ->(s) do |
|||
case s.size |
|||
when 0...1024 |
|||
:critical |
|||
when 1024...2048 |
|||
:error |
|||
else |
|||
false |
|||
end |
|||
end] |
|||
].freeze |
|||
|
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::PKey::DSA |
|||
def type |
|||
:dsa |
|||
end |
|||
|
|||
def size |
|||
self.p.num_bits |
|||
end |
|||
|
|||
def to_s |
|||
"DSA #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:dsa, :critical, -> (_) { true }] |
|||
].freeze |
|||
|
|||
protected |
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::PKey::DH |
|||
def type |
|||
:dh |
|||
end |
|||
|
|||
def size |
|||
self.p.num_bits |
|||
end |
|||
|
|||
def to_s |
|||
"DH #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
protected |
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:dh, %i(critical error), -> (s) do |
|||
case s.size |
|||
when 0...1024 |
|||
:critical |
|||
when 1024...2048 |
|||
:error |
|||
else |
|||
false |
|||
end |
|||
end] |
|||
].freeze |
|||
|
|||
protected |
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::X509::Certificate |
|||
def fingerprint |
|||
::OpenSSL::Digest::SHA256.hexdigest self.to_der |
|||
end |
|||
end |
|||
|
|||
class ::OpenSSL::X509::Store |
|||
def add_chains(chains) |
|||
chains = [chains] unless chains.is_a? Enumerable |
|||
chains.each do |chain| |
|||
case chain |
|||
when ::OpenSSL::X509::Certificate |
|||
self.add_cert chain |
|||
else |
|||
next unless File.exists? chain |
|||
if File.directory?(chain) |
|||
Dir.entries(chain) |
|||
.collect { |e| File.join chain, e } |
|||
.select { |e| File.file? e } |
|||
.each { |f| self.add_file f } |
|||
else |
|||
self.add_file chain |
|||
end |
|||
end |
|||
end |
|||
end |
|||
end |
@ -0,0 +1,23 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
module ClassMethods |
|||
def version |
|||
Gem::Version.new ::OpenSSL::VERSION |
|||
end |
|||
|
|||
def ge?(version) |
|||
self.version >= Gem::Version.new(version) |
|||
end |
|||
|
|||
def ge_2_1_2? |
|||
self.ge? '2.1.2' |
|||
end |
|||
end |
|||
|
|||
def self.included(base) |
|||
base.extend ClassMethods |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL.include Fixture::OpenSSL |
@ -0,0 +1,11 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
module Certificate |
|||
def fingerprint |
|||
::OpenSSL::Digest::SHA256.hexdigest self.to_der |
|||
end |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL::X509::Certificate.include Fixture::OpenSSL::Certificate |
@ -0,0 +1,71 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
if ::OpenSSL.ge_2_1_2? |
|||
module Context |
|||
METHODS = { |
|||
TLSv1_3: ::OpenSSL::SSL::TLS1_3_VERSION, |
|||
TLSv1_2: ::OpenSSL::SSL::TLS1_2_VERSION, |
|||
TLSv1_1: ::OpenSSL::SSL::TLS1_1_VERSION, |
|||
TLSv1: ::OpenSSL::SSL::TLS1_VERSION, |
|||
SSL_3: ::OpenSSL::SSL::SSL3_VERSION, |
|||
SSL_2: ::OpenSSL::SSL::SSL2_VERSION |
|||
}.freeze |
|||
EXCLUDES = { |
|||
TLSv1_3: ::OpenSSL::SSL::OP_NO_TLSv1_3, |
|||
TLSv1_2: ::OpenSSL::SSL::OP_NO_TLSv1_2, |
|||
TLSv1_1: ::OpenSSL::SSL::OP_NO_TLSv1_1, |
|||
TLSv1: ::OpenSSL::SSL::OP_NO_TLSv1, |
|||
SSL_3: ::OpenSSL::SSL::OP_NO_SSLv3, |
|||
SSL_2: ::OpenSSL::SSL::OP_NO_SSLv2 |
|||
}.yield_self do |e| |
|||
all = e.values |
|||
e.collect do |m, o| |
|||
excludes = all - [o] |
|||
options = excludes.reduce :| |
|||
[m, options] |
|||
end.to_h |
|||
end.freeze |
|||
|
|||
module Prepend |
|||
def initialize(method = nil) |
|||
super() |
|||
if method |
|||
self.options = EXCLUDES[method] |
|||
self.min_version = self.max_version = METHODS[method] |
|||
end |
|||
end |
|||
end |
|||
|
|||
module ClassMethods |
|||
def supported?(method) |
|||
return false if %i[SSLv2 SSLv3].include? method |
|||
self.new method |
|||
true |
|||
rescue => e |
|||
ap e |
|||
false |
|||
end |
|||
end |
|||
|
|||
def self.included(base) |
|||
base.extend ClassMethods |
|||
base.prepend Prepend |
|||
end |
|||
end |
|||
else |
|||
module Context |
|||
module ClassMethods |
|||
def supported?(method) |
|||
::OpenSSL::SSL::SSLContext::METHODS.include? method |
|||
end |
|||
end |
|||
|
|||
def self.included(base) |
|||
base.extend ClassMethods |
|||
end |
|||
end |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL::SSL::SSLContext.include Fixture::OpenSSL::Context |
@ -0,0 +1,46 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
module DH |
|||
def type |
|||
:dh |
|||
end |
|||
|
|||
def size |
|||
self.p.num_bits |
|||
end |
|||
|
|||
def to_s |
|||
"DH #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
protected |
|||
|
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:dh, %i(critical error), -> (s) do |
|||
case s.size |
|||
when 0...1024 |
|||
:critical |
|||
when 1024...2048 |
|||
:error |
|||
else |
|||
false |
|||
end |
|||
end] |
|||
].freeze |
|||
|
|||
protected |
|||
|
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL::PKey::DH.prepend Fixture::OpenSSL::DH |
@ -0,0 +1,35 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
module DSA |
|||
def type |
|||
:dsa |
|||
end |
|||
|
|||
def size |
|||
self.p.num_bits |
|||
end |
|||
|
|||
def to_s |
|||
"DSA #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:dsa, :critical, -> (_) { true }] |
|||
].freeze |
|||
|
|||
protected |
|||
|
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL::PKey::DSA.include Fixture::OpenSSL::DSA |
@ -0,0 +1,50 @@ |
|||
module Fixture |
|||
module OpenSSL |
|||
module EC |
|||
def type |
|||
:ecc |
|||
end |
|||
|
|||
def size |
|||
self.group.degree |
|||
end |
|||
|
|||
def curve |
|||
self.group.curve_name |
|||
end |
|||
|
|||
def to_s |
|||
"ECC #{self.size} bits" |
|||
end |
|||
|
|||
def to_h |
|||
{ type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states } |
|||
end |
|||
|
|||
protected |
|||
|
|||
include ::CryptCheck::State |
|||
|
|||
CHECKS = [ |
|||
[:ecc, %i(critical error warning), -> (s) do |
|||
case s.size |
|||
when 0...160 |
|||
:critical |
|||
when 160...192 |
|||
:error |
|||
when 192...256 |
|||
:warning |
|||
else |
|||
false |
|||
end |
|||
end] |
|||
].freeze |
|||
|
|||
def available_checks |
|||
CHECKS |
|||
end |
|||
end |
|||
end |
|||
end |
|||
|
|||
::OpenSSL::PKey::EC.include Fixture::OpenSSL::EC |
@ -0,0 +1,47 @@ |
|||
require 'ostruct' |
|||
|
|||
module Fixture |
|||
module OpenSSL |
|||
module PKey |
|||