diff --git a/lib/cryptcheck/tls/cert.rb b/lib/cryptcheck/tls/cert.rb index af85491..83e92f2 100644 --- a/lib/cryptcheck/tls/cert.rb +++ b/lib/cryptcheck/tls/cert.rb @@ -107,6 +107,30 @@ module CryptCheck @cert.issuer end + def lifetime + { not_before: @cert.not_before, not_after: @cert.not_after } + end + + def to_h + { + subject: self.subject.to_s, + serial: self.serial.to_s, + issuer: self.issuer.to_s, + lifetime: self.lifetime, + fingerprint: self.fingerprint, + chain: @chain.collect do |cert| + { + subject: cert.subject.to_s, + serial: cert.serial.to_s, + issuer: cert.issuer.to_s, + lifetime: { not_before: cert.not_before, not_after: cert.not_after } + } + end, + key: self.key.to_h, + states: self.states + } + end + protected include State diff --git a/lib/cryptcheck/tls/cipher.rb b/lib/cryptcheck/tls/cipher.rb index 6d1182a..9e53bab 100644 --- a/lib/cryptcheck/tls/cipher.rb +++ b/lib/cryptcheck/tls/cipher.rb @@ -111,6 +111,15 @@ module CryptCheck end end + def to_h + hmac = self.hmac + { + protocol: @method, name: self.name, key_exchange: self.kex, authentication: self.auth, + encryption: { name: self.encryption, mode: self.mode, block_size: self.block_size }, + hmac: { name: hmac.first, size: hmac.last }, states: self.states + } + end + def <=>(other) compare = State.compare self, other return compare unless compare == 0 diff --git a/lib/cryptcheck/tls/curve.rb b/lib/cryptcheck/tls/curve.rb index 3b6a678..b72cd09 100644 --- a/lib/cryptcheck/tls/curve.rb +++ b/lib/cryptcheck/tls/curve.rb @@ -29,6 +29,10 @@ module CryptCheck @name end + def to_h + { name: @name, states: self.states } + end + def ==(other) case other when String diff --git a/lib/cryptcheck/tls/engine.rb b/lib/cryptcheck/tls/engine.rb index 7681885..c07f660 100644 --- a/lib/cryptcheck/tls/engine.rb +++ b/lib/cryptcheck/tls/engine.rb @@ -139,7 +139,7 @@ module CryptCheck def fetch_dh @dh = @supported_ciphers.collect do |_, ciphers| ciphers.values.collect(&:tmp_key).select { |d| d.is_a? OpenSSL::PKey::DH } - end.flatten + end.flatten.uniq &:fingerprint end def fetch_ecdsa_certs @@ -455,21 +455,9 @@ module CryptCheck @keys = @certs.collect &:key end - def uniq_dh - dh, find = [], [] - @dh.each do |k| - f = [k.type, k.size] - unless find.include? f - dh << k - find << f - end - end - @dh = dh - end - private def uniq_supported_ciphers - @supported_ciphers.values.collect(&:keys).flatten.uniq + @uniq_supported_ciphers ||= @supported_ciphers.values.collect(&:keys).flatten.uniq end end end diff --git a/lib/cryptcheck/tls/fixture.rb b/lib/cryptcheck/tls/fixture.rb index b14a27d..1b02923 100644 --- a/lib/cryptcheck/tls/fixture.rb +++ b/lib/cryptcheck/tls/fixture.rb @@ -1,5 +1,11 @@ require 'openssl' +class ::OpenSSL::PKey::PKey + def fingerprint + ::OpenSSL::Digest::SHA256.hexdigest self.to_der + end +end + class ::OpenSSL::PKey::EC def type :ecc @@ -17,6 +23,10 @@ class ::OpenSSL::PKey::EC "ECC #{self.size} bits" end + def to_h + { type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states } + end + protected include ::CryptCheck::State @@ -51,6 +61,10 @@ class ::OpenSSL::PKey::RSA "RSA #{self.size} bits" end + def to_h + { type: :rsa, size: self.size, fingerprint: self.fingerprint, states: self.states } + end + protected include ::CryptCheck::State @@ -83,6 +97,10 @@ class ::OpenSSL::PKey::DSA "DSA #{self.size} bits" end + def to_h + { type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states } + end + include ::CryptCheck::State CHECKS = [ @@ -108,6 +126,10 @@ class ::OpenSSL::PKey::DH "DH #{self.size} bits" end + def to_h + { size: self.size, fingerprint: self.fingerprint, states: self.states } + end + protected include ::CryptCheck::State diff --git a/lib/cryptcheck/tls/https/server.rb b/lib/cryptcheck/tls/https/server.rb index 6b5005d..32568ff 100644 --- a/lib/cryptcheck/tls/https/server.rb +++ b/lib/cryptcheck/tls/https/server.rb @@ -48,6 +48,10 @@ module CryptCheck hsts? and @hsts >= LONG_HSTS end + def to_h + super.merge({ hsts: @hsts }) + end + protected def available_checks super + [ diff --git a/lib/cryptcheck/tls/method.rb b/lib/cryptcheck/tls/method.rb index 02c0c4e..79e2dea 100644 --- a/lib/cryptcheck/tls/method.rb +++ b/lib/cryptcheck/tls/method.rb @@ -27,6 +27,10 @@ module CryptCheck super.colorize colors end + def to_h + { protocol: self.to_sym, states: self.states } + end + alias :to_sym :__getobj__ def <=>(other) diff --git a/lib/cryptcheck/tls/server.rb b/lib/cryptcheck/tls/server.rb index b534d7e..a911e8b 100644 --- a/lib/cryptcheck/tls/server.rb +++ b/lib/cryptcheck/tls/server.rb @@ -62,7 +62,16 @@ module CryptCheck end def to_h - + { + certs: @certs.collect(&:to_h), + dh: @dh.collect(&:to_h), + protocols: @supported_methods.collect(&:to_h), + ciphers: uniq_supported_ciphers.collect(&:to_h), + cipher_suites: @preferences.collect { |p, cs| { protocol: p, cipher_suite: cs.collect(&:name) } }, + curves: @supported_curves.collect(&:to_h), + curve_preference: @curves_preference.collect(&:name), + fallback_scsv: @fallback_scsv + } end protected