7 changed files with 73 additions and 14 deletions
+ 4
- 0
bin/bundle
View File
| @@ -0,0 +1,4 @@ | |||
| #!/bin/bash | |||
| : ${RBENV_ROOT:=$HOME/.rbenv} | |||
| DIR="$(readlink -m "$(dirname "$0")")" | |||
| LD_LIBRARY_PATH="${DIR}/../lib" "${RBENV_ROOT}/shims/bundle" $* | |||
+ 4
- 1
bin/check_https.rb
View File
| @@ -3,4 +3,7 @@ $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib' | |||
| require 'rubygems' | |||
| require 'bundler/setup' | |||
| require 'cryptcheck' | |||
| ::CryptCheck::Tls::Https::Host.new ARGV[0], ARGV.fetch(1, 443) | |||
| args, port = ARGV | |||
| args = [args, port] if port | |||
| hosts = ::CryptCheck::Tls::Https.analyze *args | |||
+ 5
- 1
bin/check_smtp.rb
View File
| @@ -3,4 +3,8 @@ $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib' | |||
| require 'rubygems' | |||
| require 'bundler/setup' | |||
| require 'cryptcheck' | |||
| ::CryptCheck::Tls::Smtp.analyze_domain ARGV[0] | |||
| args, port = ARGV | |||
| args = [args, port] if port | |||
| hosts = ::CryptCheck::Tls::Smtp.analyze *args | |||
| ap hosts | |||
+ 4
- 1
bin/check_xmpp.rb
View File
| @@ -3,4 +3,7 @@ $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib' | |||
| require 'rubygems' | |||
| require 'bundler/setup' | |||
| require 'cryptcheck' | |||
| ::CryptCheck::Tls::Xmpp.analyze_domain ARGV[0], type: ARGV.fetch(1, :s2s).to_sym | |||
| args, type = ARGV | |||
| args = [args, type] if type | |||
| ::CryptCheck::Tls::Xmpp.analyze *args | |||
+ 1
- 0
bin/test
View File
| @@ -0,0 +1 @@ | |||
| runner | |||
+ 38
- 0
bin/test.rb
View File
| @@ -0,0 +1,38 @@ | |||
| #!/usr/bin/env ruby | |||
| $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib' | |||
| require 'rubygems' | |||
| require 'bundler/setup' | |||
| Bundler.require :default, :development | |||
| require 'cryptcheck' | |||
| class CryptCheck::Tls::Cert | |||
| def valid?(*_) | |||
| true | |||
| end | |||
| def trusted? | |||
| :trusted | |||
| end | |||
| end | |||
| # obj = Class.new do | |||
| # include ::CryptCheck::State | |||
| # | |||
| # def available_checks | |||
| # [[:foo, %i(critical warning good best), -> (_) { :best }]] | |||
| # end | |||
| # end.new | |||
| # ap obj.states | |||
| # ap obj.status | |||
| # cipher = ::CryptCheck::Tls::Cipher[::CryptCheck::Tls::Method[:TLSv1_2]].first | |||
| # ap cipher.states | |||
| # ap cipher.status | |||
| # ap cipher.name | |||
| # puts cipher.to_s | |||
| # key = OpenSSL::PKey.read File.read 'spec/resources/rsa-1024.pem' | |||
| # ap key.states | |||
| # ap key.status | |||
| host = CryptCheck::Tls::Https::Host.new 'localhost', 443 | |||
+ 17
- 11
bin/tls_server.rb
View File
| @@ -68,7 +68,7 @@ def certificate(key) | |||
| end | |||
| key = OpenSSL::PKey::RSA.new File.read 'config/rsa-2048.pem' | |||
| #key = OpenSSL::PKey::EC.new('secp521r1').generate_key | |||
| # key = OpenSSL::PKey::EC.new('prime256v1').generate_key | |||
| cert = certificate key | |||
| CryptCheck::Logger.info 'Starting server' | |||
| @@ -78,13 +78,13 @@ context = OpenSSL::SSL::SSLContext.new | |||
| #context = OpenSSL::SSL::SSLContext.new :TLSv1_1 | |||
| context.cert = cert | |||
| context.key = key | |||
| context.ciphers = ARGV[0] || 'ECDHE+AESGCM' | |||
| context.ciphers = ARGV[0] || 'EECDH+AESGCM' | |||
| dh = OpenSSL::PKey::DH.new File.read 'config/dh-4096.pem' | |||
| context.tmp_dh_callback = proc { dh } | |||
| #dh = OpenSSL::PKey::DH.new File.read 'config/dh-4096.pem' | |||
| #context.tmp_dh_callback = proc { dh } | |||
| #context.ecdh_curves = CryptCheck::Tls::Server::SUPPORTED_CURVES.join ':' | |||
| #context.ecdh_curves = 'secp384r1:secp521r1:sect571r1' | |||
| context.ecdh_curves = 'secp384r1' | |||
| #context.ecdh_curves = 'prime256v1' | |||
| #ecdh = OpenSSL::PKey::EC.new('secp384r1').generate_key | |||
| #context.tmp_ecdh_callback = proc { ecdh } | |||
| @@ -92,6 +92,9 @@ host, port = '::', 5000 | |||
| tcp_server = TCPServer.new host, port | |||
| tls_server = OpenSSL::SSL::SSLServer.new tcp_server, context | |||
| ::CryptCheck::Logger.info "Server started on #{host}:#{port}" | |||
| # ::CryptCheck::Logger.info "Supported ciphers:" | |||
| # context.ciphers.each { |c| ::CryptCheck::Logger.info c.first } | |||
| loop do | |||
| begin | |||
| @@ -101,15 +104,18 @@ loop do | |||
| dh = connection.tmp_key | |||
| cipher = connection.cipher | |||
| cipher = CryptCheck::Tls::Cipher.new method, cipher, dh | |||
| cipher = CryptCheck::Tls::Cipher.new method, cipher.first | |||
| states = cipher.states | |||
| text = %i(critical error warning good perfect best).collect do |s| | |||
| states[s].collect { |t| t.to_s.colorize s }.join ' ' | |||
| end.reject &:empty? | |||
| text = text.join ' ' | |||
| # p states | |||
| # text = %i(critical error warning good perfect best).collect do |s| | |||
| # states[s].collect { |t| t.to_s.colorize s }.join ' ' | |||
| # end.reject &:empty? | |||
| # text = [] | |||
| # text = text.join ' ' | |||
| # text = '' | |||
| dh = dh ? " (#{'PFS'.colorize :good} : #{CryptCheck::Tls.key_to_s dh})" : '' | |||
| CryptCheck::Logger.info { "#{CryptCheck::Tls.colorize method} / #{cipher.colorize}#{dh} [#{text}]" } | |||
| CryptCheck::Logger.info { "#{cipher}#{dh}" } | |||
| data = connection.gets | |||
| if data | |||
Loading…