Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175
  1. module CryptCheck
  2. module Tls
  3. class TlsNotSupportedGrade
  4. attr_reader :server, :score, :grade
  5. def initialize(server)
  6. @server, @score, @grade = server, -1, 'X'
  7. end
  8. end
  9. class Grade
  10. attr_reader :server, :protocol_score, :key_exchange_score, :cipher_strengths_score, :score, :grade, :error, :warning, :success
  11. def initialize(server)
  12. @server = server
  13. calculate_protocol_score
  14. calculate_key_exchange_score
  15. calculate_cipher_strengths_score
  16. @score = @protocol_score*0.3 + @key_exchange_score*0.3 + @cipher_strengths_score*0.4
  17. calculate_error
  18. calculate_warning
  19. calculate_success
  20. calculate_grade
  21. calculate_perfect
  22. end
  23. def display
  24. color = case self.grade
  25. when 'A+'
  26. :blue
  27. when 'A'
  28. :green
  29. when 'B', 'C'
  30. :yellow
  31. when 'E', 'F'
  32. :red
  33. when 'M', 'T'
  34. { color: :white, background: :red }
  35. end
  36. Logger.info { "Grade : #{self.grade.colorize color }" }
  37. Logger.info { '' }
  38. Logger.info { "Protocole : #{self.protocol_score} / 100" }
  39. Logger.info { "Key exchange : #{self.key_exchange_score} / 100" }
  40. Logger.info { "Ciphers strength : #{self.cipher_strengths_score} / 100" }
  41. Logger.info { "Overall score : #{self.score} / 100" }
  42. Logger.info { '' }
  43. Logger.info { "Errors : #{self.error.join(' ').colorize :red }" } unless self.error.empty?
  44. Logger.info { "Warnings : #{self.warning.join(' ').colorize :yellow }" } unless self.warning.empty?
  45. Logger.info { "Best practices : #{self.success.join(' ').colorize :green }" } unless self.success.empty?
  46. end
  47. private
  48. def calculate_grade
  49. @grade = case @score
  50. when 0...20 then
  51. 'F'
  52. when 20...35 then
  53. 'E'
  54. when 35...50 then
  55. 'D'
  56. when 50...65 then
  57. 'C'
  58. when 65...80 then
  59. 'B'
  60. else
  61. 'A'
  62. end
  63. @grade = [@grade, 'B'].max if !@server.tlsv1_2? or @server.key_size < 2048
  64. @grade = [@grade, 'C'].max if @server.des3?
  65. @grade = [@grade, 'F'].max unless @error.empty?
  66. @grade = 'M' unless @server.cert_valid
  67. @grade = 'T' unless @server.cert_trusted
  68. end
  69. def calculate_error
  70. @error = []
  71. @error << :md5_sig if @server.md5_sig?
  72. @error << :md5 if @server.md5?
  73. @error << :anonymous if @server.anonymous?
  74. @error << :dss if @server.dss?
  75. @error << :null if @server.null?
  76. @error << :export if @server.export?
  77. @error << :des if @server.des?
  78. @error << :rc4 if @server.rc4?
  79. end
  80. def calculate_warning
  81. @warning = []
  82. @warning << :sha1_sig if @server.sha1_sig?
  83. #@warning << :sha1 if @server.sha1?
  84. @warning << :des3 if @server.des3?
  85. end
  86. def calculate_success
  87. @success = []
  88. @success << :pfs if @server.pfs_only?
  89. end
  90. ALL_ERROR = %i(md5_sig md5 anonymous dss null export des rc4)
  91. ALL_WARNING = %i(sha1_sig des3)
  92. ALL_SUCCESS = %i(pfs)
  93. def all_error
  94. ALL_ERROR
  95. end
  96. def all_warning
  97. ALL_WARNING
  98. end
  99. def all_success
  100. ALL_SUCCESS
  101. end
  102. def calculate_perfect
  103. @grade = 'A+' if @grade == 'A' and @error.empty? and @warning.empty? and (ALL_SUCCESS & @success) == ALL_SUCCESS
  104. end
  105. METHODS_SCORES = { SSLv2: 0, SSLv3: 80, TLSv1: 90, TLSv1_1: 95, TLSv1_2: 100 }
  106. def calculate_protocol_score
  107. methods = @server.supported_methods
  108. worst, best = methods[:worst], methods[:best]
  109. @protocol_score = (METHODS_SCORES[worst] + METHODS_SCORES[best]) / 2
  110. end
  111. def calculate_key_exchange_score
  112. @key_exchange_score = case @server.key_size
  113. when 0 then
  114. 0
  115. when 0...512 then
  116. 20
  117. when 512...1024 then
  118. 40
  119. when 1024...2048 then
  120. 80
  121. when 2048...4096 then
  122. 90
  123. else
  124. 100
  125. end
  126. end
  127. def calculate_cipher_strength_score(cipher_strength)
  128. case cipher_strength
  129. when 0 then
  130. 0
  131. when 0...128 then
  132. 20
  133. when 128...256 then
  134. 80
  135. else
  136. 100
  137. end
  138. end
  139. def calculate_cipher_strengths_score
  140. strength = @server.cipher_size
  141. worst, best = strength[:min], strength[:max]
  142. @cipher_strengths_score = (calculate_cipher_strength_score(worst) + calculate_cipher_strength_score(best)) / 2
  143. end
  144. end
  145. end
  146. end