@@ -107,6 +107,30 @@ module CryptCheck | |||
@cert.issuer | |||
end | |||
def lifetime | |||
{ not_before: @cert.not_before, not_after: @cert.not_after } | |||
end | |||
def to_h | |||
{ | |||
subject: self.subject.to_s, | |||
serial: self.serial.to_s, | |||
issuer: self.issuer.to_s, | |||
lifetime: self.lifetime, | |||
fingerprint: self.fingerprint, | |||
chain: @chain.collect do |cert| | |||
{ | |||
subject: cert.subject.to_s, | |||
serial: cert.serial.to_s, | |||
issuer: cert.issuer.to_s, | |||
lifetime: { not_before: cert.not_before, not_after: cert.not_after } | |||
} | |||
end, | |||
key: self.key.to_h, | |||
states: self.states | |||
} | |||
end | |||
protected | |||
include State | |||
@@ -111,6 +111,15 @@ module CryptCheck | |||
end | |||
end | |||
def to_h | |||
hmac = self.hmac | |||
{ | |||
protocol: @method, name: self.name, key_exchange: self.kex, authentication: self.auth, | |||
encryption: { name: self.encryption, mode: self.mode, block_size: self.block_size }, | |||
hmac: { name: hmac.first, size: hmac.last }, states: self.states | |||
} | |||
end | |||
def <=>(other) | |||
compare = State.compare self, other | |||
return compare unless compare == 0 |
@@ -29,6 +29,10 @@ module CryptCheck | |||
@name | |||
end | |||
def to_h | |||
{ name: @name, states: self.states } | |||
end | |||
def ==(other) | |||
case other | |||
when String |
@@ -139,7 +139,7 @@ module CryptCheck | |||
def fetch_dh | |||
@dh = @supported_ciphers.collect do |_, ciphers| | |||
ciphers.values.collect(&:tmp_key).select { |d| d.is_a? OpenSSL::PKey::DH } | |||
end.flatten | |||
end.flatten.uniq &:fingerprint | |||
end | |||
def fetch_ecdsa_certs | |||
@@ -455,21 +455,9 @@ module CryptCheck | |||
@keys = @certs.collect &:key | |||
end | |||
def uniq_dh | |||
dh, find = [], [] | |||
@dh.each do |k| | |||
f = [k.type, k.size] | |||
unless find.include? f | |||
dh << k | |||
find << f | |||
end | |||
end | |||
@dh = dh | |||
end | |||
private | |||
def uniq_supported_ciphers | |||
@supported_ciphers.values.collect(&:keys).flatten.uniq | |||
@uniq_supported_ciphers ||= @supported_ciphers.values.collect(&:keys).flatten.uniq | |||
end | |||
end | |||
end |
@@ -1,5 +1,11 @@ | |||
require 'openssl' | |||
class ::OpenSSL::PKey::PKey | |||
def fingerprint | |||
::OpenSSL::Digest::SHA256.hexdigest self.to_der | |||
end | |||
end | |||
class ::OpenSSL::PKey::EC | |||
def type | |||
:ecc | |||
@@ -17,6 +23,10 @@ class ::OpenSSL::PKey::EC | |||
"ECC #{self.size} bits" | |||
end | |||
def to_h | |||
{ type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
end | |||
protected | |||
include ::CryptCheck::State | |||
@@ -51,6 +61,10 @@ class ::OpenSSL::PKey::RSA | |||
"RSA #{self.size} bits" | |||
end | |||
def to_h | |||
{ type: :rsa, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
end | |||
protected | |||
include ::CryptCheck::State | |||
@@ -83,6 +97,10 @@ class ::OpenSSL::PKey::DSA | |||
"DSA #{self.size} bits" | |||
end | |||
def to_h | |||
{ type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
end | |||
include ::CryptCheck::State | |||
CHECKS = [ | |||
@@ -108,6 +126,10 @@ class ::OpenSSL::PKey::DH | |||
"DH #{self.size} bits" | |||
end | |||
def to_h | |||
{ size: self.size, fingerprint: self.fingerprint, states: self.states } | |||
end | |||
protected | |||
include ::CryptCheck::State | |||
@@ -48,6 +48,10 @@ module CryptCheck | |||
hsts? and @hsts >= LONG_HSTS | |||
end | |||
def to_h | |||
super.merge({ hsts: @hsts }) | |||
end | |||
protected | |||
def available_checks | |||
super + [ |
@@ -27,6 +27,10 @@ module CryptCheck | |||
super.colorize colors | |||
end | |||
def to_h | |||
{ protocol: self.to_sym, states: self.states } | |||
end | |||
alias :to_sym :__getobj__ | |||
def <=>(other) |
@@ -62,7 +62,16 @@ module CryptCheck | |||
end | |||
def to_h | |||
{ | |||
certs: @certs.collect(&:to_h), | |||
dh: @dh.collect(&:to_h), | |||
protocols: @supported_methods.collect(&:to_h), | |||
ciphers: uniq_supported_ciphers.collect(&:to_h), | |||
cipher_suites: @preferences.collect { |p, cs| { protocol: p, cipher_suite: cs.collect(&:name) } }, | |||
curves: @supported_curves.collect(&:to_h), | |||
curve_preference: @curves_preference.collect(&:name), | |||
fallback_scsv: @fallback_scsv | |||
} | |||
end | |||
protected |