You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
184 lines
2.6 KiB
184 lines
2.6 KiB
require 'openssl'
|
|
|
|
class ::OpenSSL::PKey::PKey
|
|
def fingerprint
|
|
::OpenSSL::Digest::SHA256.hexdigest self.to_der
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::PKey::EC
|
|
def type
|
|
:ecc
|
|
end
|
|
|
|
def size
|
|
self.group.degree
|
|
end
|
|
|
|
def curve
|
|
self.group.curve_name
|
|
end
|
|
|
|
def to_s
|
|
"ECC #{self.size} bits"
|
|
end
|
|
|
|
def to_h
|
|
{ type: :ecc, curve: self.curve, size: self.size, fingerprint: self.fingerprint, states: self.states }
|
|
end
|
|
|
|
protected
|
|
include ::CryptCheck::State
|
|
|
|
CHECKS = [
|
|
[:ecc, %i(critical error warning), -> (s) do
|
|
case s.size
|
|
when 0...160
|
|
:critical
|
|
when 160...192
|
|
:error
|
|
when 192...256
|
|
:warning
|
|
else
|
|
false
|
|
end
|
|
end]
|
|
].freeze
|
|
|
|
def available_checks
|
|
CHECKS
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::PKey::RSA
|
|
def type
|
|
:rsa
|
|
end
|
|
|
|
def size
|
|
self.n.num_bits
|
|
end
|
|
|
|
def to_s
|
|
"RSA #{self.size} bits"
|
|
end
|
|
|
|
def to_h
|
|
{ type: :rsa, size: self.size, fingerprint: self.fingerprint, states: self.states }
|
|
end
|
|
|
|
protected
|
|
include ::CryptCheck::State
|
|
|
|
CHECKS = [
|
|
[:rsa, %i(critical error), ->(s) do
|
|
case s.size
|
|
when 0...1024
|
|
:critical
|
|
when 1024...2048
|
|
:error
|
|
else
|
|
false
|
|
end
|
|
end]
|
|
].freeze
|
|
|
|
def available_checks
|
|
CHECKS
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::PKey::DSA
|
|
def type
|
|
:dsa
|
|
end
|
|
|
|
def size
|
|
self.p.num_bits
|
|
end
|
|
|
|
def to_s
|
|
"DSA #{self.size} bits"
|
|
end
|
|
|
|
def to_h
|
|
{ type: :dsa, size: self.size, fingerprint: self.fingerprint, states: self.states }
|
|
end
|
|
|
|
include ::CryptCheck::State
|
|
|
|
CHECKS = [
|
|
[:dsa, :critical, -> (_) { true }]
|
|
].freeze
|
|
|
|
protected
|
|
def available_checks
|
|
CHECKS
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::PKey::DH
|
|
def type
|
|
:dh
|
|
end
|
|
|
|
def size
|
|
self.p.num_bits
|
|
end
|
|
|
|
def to_s
|
|
"DH #{self.size} bits"
|
|
end
|
|
|
|
def to_h
|
|
{ size: self.size, fingerprint: self.fingerprint, states: self.states }
|
|
end
|
|
|
|
protected
|
|
include ::CryptCheck::State
|
|
|
|
CHECKS = [
|
|
[:dh, %i(critical error), -> (s) do
|
|
case s.size
|
|
when 0...1024
|
|
:critical
|
|
when 1024...2048
|
|
:error
|
|
else
|
|
false
|
|
end
|
|
end]
|
|
].freeze
|
|
|
|
protected
|
|
def available_checks
|
|
CHECKS
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::X509::Certificate
|
|
def fingerprint
|
|
::OpenSSL::Digest::SHA256.hexdigest self.to_der
|
|
end
|
|
end
|
|
|
|
class ::OpenSSL::X509::Store
|
|
def add_chains(chains)
|
|
chains = [chains] unless chains.is_a? Enumerable
|
|
chains.each do |chain|
|
|
case chain
|
|
when ::OpenSSL::X509::Certificate
|
|
self.add_cert chain
|
|
else
|
|
if File.directory?(chain)
|
|
Dir.entries(chain)
|
|
.collect { |e| File.join chain, e }
|
|
.select { |e| File.file? e }
|
|
.each { |f| self.add_file f }
|
|
else
|
|
self.add_file chain
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
|