8 changed files with 79 additions and 15 deletions
+ 24
- 0
lib/cryptcheck/tls/cert.rb
View File
| @@ -107,6 +107,30 @@ module CryptCheck | |||
| @cert.issuer | |||
| end | |||
| def lifetime | |||
| { not_before: @cert.not_before, not_after: @cert.not_after } | |||
| end | |||
| def to_h | |||
| { | |||
| subject: self.subject.to_s, | |||
| serial: self.serial.to_s, | |||
| issuer: self.issuer.to_s, | |||
| lifetime: self.lifetime, | |||
| fingerprint: self.fingerprint, | |||
| chain: @chain.collect do |cert| | |||
| { | |||
| subject: cert.subject.to_s, | |||
| serial: cert.serial.to_s, | |||
| issuer: cert.issuer.to_s, | |||
| lifetime: { not_before: cert.not_before, not_after: cert.not_after } | |||
| } | |||
| end, | |||
| key: self.key.to_h, | |||
| states: self.states | |||
| } | |||
| end | |||
| protected | |||
| include State | |||
+ 9
- 0
lib/cryptcheck/tls/cipher.rb
View File
| @@ -111,6 +111,15 @@ module CryptCheck | |||
| end | |||
| end | |||
| def to_h | |||
| hmac = self.hmac | |||
| { | |||
| protocol: @method, name: self.name, key_exchange: self.kex, authentication: self.auth, | |||
| encryption: { name: self.encryption, mode: self.mode, block_size: self.block_size }, | |||
| hmac: { name: hmac.first, size: hmac.last }, states: self.states | |||
| } | |||
| end | |||
| def <=>(other) | |||
| compare = State.compare self, other | |||
| return compare unless compare == 0 | |||
+ 4
- 0
lib/cryptcheck/tls/curve.rb
View File
| @@ -29,6 +29,10 @@ module CryptCheck | |||
| @name | |||
| end | |||
| def to_h | |||
| { name: @name, states: self.states } | |||
| end | |||
| def ==(other) | |||
| case other | |||
| when String | |||
+ 2
- 14
lib/cryptcheck/tls/engine.rb
View File
| @@ -139,7 +139,7 @@ module CryptCheck | |||
| def fetch_dh | |||
| @dh = @supported_ciphers.collect do |_, ciphers| | |||
| ciphers.values.collect(&:tmp_key).select { |d| d.is_a? OpenSSL::PKey::DH } | |||
| end.flatten | |||
| end.flatten.uniq &:fingerprint | |||
| end | |||
| def fetch_ecdsa_certs | |||
| @@ -455,21 +455,9 @@ module CryptCheck | |||
| @keys = @certs.collect &:key | |||
| end | |||
| def uniq_dh | |||
| dh, find = [], [] | |||
| @dh.each do |k| | |||
| f = [k.type, k.size] | |||
| unless find.include? f | |||
| dh << k | |||
| find << f | |||
| end | |||
| end | |||
| @dh = dh | |||
| end | |||
| private | |||
| def uniq_supported_ciphers | |||
| @supported_ciphers.values.collect(&:keys).flatten.uniq | |||
| @uniq_supported_ciphers ||= @supported_ciphers.values.collect(&:keys).flatten.uniq | |||
| end | |||
| end | |||
| end | |||
+ 22
- 0
lib/cryptcheck/tls/fixture.rb
View File
| @@ -1,5 +1,11 @@ | |||
| require 'openssl' | |||
| class ::OpenSSL::PKey::PKey | |||
| def fingerprint | |||
| ::OpenSSL::Digest::SHA256.hexdigest self.to_der | |||
| end | |||
| end | |||
| class ::OpenSSL::PKey::EC | |||
| def type | |||
| :ecc | |||
| @@ -17,6 +23,10 @@ class ::OpenSSL::PKey::EC | |||
| "ECC #{self.size} bits" | |||
| end | |||
| def to_h | |||
| { type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
| end | |||
| protected | |||
| include ::CryptCheck::State | |||
| @@ -51,6 +61,10 @@ class ::OpenSSL::PKey::RSA | |||
| "RSA #{self.size} bits" | |||
| end | |||
| def to_h | |||
| { type: :rsa, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
| end | |||
| protected | |||
| include ::CryptCheck::State | |||
| @@ -83,6 +97,10 @@ class ::OpenSSL::PKey::DSA | |||
| "DSA #{self.size} bits" | |||
| end | |||
| def to_h | |||
| { type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
| end | |||
| include ::CryptCheck::State | |||
| CHECKS = [ | |||
| @@ -108,6 +126,10 @@ class ::OpenSSL::PKey::DH | |||
| "DH #{self.size} bits" | |||
| end | |||
| def to_h | |||
| { size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
| end | |||
| protected | |||
| include ::CryptCheck::State | |||
+ 4
- 0
lib/cryptcheck/tls/https/server.rb
View File
| @@ -48,6 +48,10 @@ module CryptCheck | |||
| hsts? and @hsts >= LONG_HSTS | |||
| end | |||
| def to_h | |||
| super.merge({ hsts: @hsts }) | |||
| end | |||
| protected | |||
| def available_checks | |||
| super + [ | |||
+ 4
- 0
lib/cryptcheck/tls/method.rb
View File
| @@ -27,6 +27,10 @@ module CryptCheck | |||
| super.colorize colors | |||
| end | |||
| def to_h | |||
| { protocol: self.to_sym, states: self.states } | |||
| end | |||
| alias :to_sym :__getobj__ | |||
| def <=>(other) | |||
+ 10
- 1
lib/cryptcheck/tls/server.rb
View File
| @@ -62,7 +62,16 @@ module CryptCheck | |||
| end | |||
| def to_h | |||
| { | |||
| certs: @certs.collect(&:to_h), | |||
| dh: @dh.collect(&:to_h), | |||
| protocols: @supported_methods.collect(&:to_h), | |||
| ciphers: uniq_supported_ciphers.collect(&:to_h), | |||
| cipher_suites: @preferences.collect { |p, cs| { protocol: p, cipher_suite: cs.collect(&:name) } }, | |||
| curves: @supported_curves.collect(&:to_h), | |||
| curve_preference: @curves_preference.collect(&:name), | |||
| fallback_scsv: @fallback_scsv | |||
| } | |||
| end | |||
| protected | |||
Loading…