aeris
/
cryptcheck
ウォッチ 1
スター 0
フォーク 0
コード 課題 0 プルリクエスト 0 リリース 0 Wiki アクティビティ
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
138 コミット
2 ブランチ
ツリー: d60d325e04
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'd60d325e04' から
${ noResults }
cryptcheck/bin/tls_server.rb

tls_server.rb 4.1KB
履歴 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129 
  1. #!/usr/bin/env ruby

  2. $:.unshift File.expand_path File.join File.dirname(__FILE__), '../lib'

  3. require 'rubygems'

  4. require 'bundler/setup'

  5. require 'openssl'

  6. require 'socket'

  7. require 'cryptcheck'

  8. 

  9. ::CryptCheck::Logger.level = ENV['LOG'] || :info

  10. 

  11. OpenSSL::PKey::EC.send :alias_method, :private?, :private_key?

  12. 

  13. # [512, 768, 1024, 2048, 3072, 4096].each do |s|

  14. # 	file = "config/rsa-#{s}.pem"

  15. # 	unless File.exists? file

  16. # 		puts :rsa, s

  17. # 		dh = OpenSSL::PKey::RSA.new s

  18. # 		File.write file, dh.to_pem

  19. # 	end

  20. #

  21. # 	file = "config/dh-#{s}.pem"

  22. # 	unless File.exists? file

  23. # 		puts :dh, s

  24. # 		dh = OpenSSL::PKey::DH.new s

  25. # 		File.write file, dh.to_pem

  26. # 	end

  27. # end

  28. # exit

  29. 

  30. def certificate(key)

  31. 	CryptCheck::Logger.info 'Generating certificate'

  32. 	cert            = OpenSSL::X509::Certificate.new

  33. 	cert.version    = 2

  34. 	cert.serial     = rand 2**(20*8-1) .. 2**(20*8)

  35. 	cert.not_before = Time.now

  36. 	cert.not_after  = Time.now + 365*24*60*60

  37. 

  38. 	cert.public_key = case key

  39. 						  when OpenSSL::PKey::EC

  40. 							  curve             = key.group.curve_name

  41. 							  public            = OpenSSL::PKey::EC.new curve

  42. 							  public.public_key = key.public_key

  43. 							  public

  44. 						  else

  45. 							  key.public_key

  46. 					  end

  47. 

  48. 	name         = OpenSSL::X509::Name.parse 'CN=localhost'

  49. 	cert.subject = name

  50. 	cert.issuer  = name

  51. 

  52. 	extension_factory                     = OpenSSL::X509::ExtensionFactory.new nil, cert

  53. 	extension_factory.subject_certificate = cert

  54. 	extension_factory.issuer_certificate  = cert

  55. 

  56. 	cert.add_extension extension_factory.create_extension 'basicConstraints', 'CA:TRUE', true

  57. 	cert.add_extension extension_factory.create_extension 'keyUsage', 'keyEncipherment, dataEncipherment, digitalSignature,nonRepudiation,keyCertSign'

  58. 	cert.add_extension extension_factory.create_extension 'extendedKeyUsage', 'serverAuth, clientAuth'

  59. 	cert.add_extension extension_factory.create_extension 'subjectKeyIdentifier', 'hash'

  60. 	cert.add_extension extension_factory.create_extension 'authorityKeyIdentifier', 'keyid:always'

  61. 	cert.add_extension extension_factory.create_extension 'subjectAltName', 'DNS:localhost'

  62. 

  63. 	cert.add_extension OpenSSL::X509::Extension.new '1.3.6.1.5.5.7.1.24', '0', true

  64. 

  65. 	cert.sign key, OpenSSL::Digest::SHA512.new

  66. 	CryptCheck::Logger.info 'Certificate generated'

  67. 	cert

  68. end

  69. 

  70. key = OpenSSL::PKey::RSA.new File.read 'config/rsa-2048.pem'

  71. # key = OpenSSL::PKey::EC.new('prime256v1').generate_key

  72. cert = certificate key

  73. 

  74. CryptCheck::Logger.info 'Starting server'

  75. 

  76. context = OpenSSL::SSL::SSLContext.new

  77. #context = OpenSSL::SSL::SSLContext.new :SSLv3

  78. #context         = OpenSSL::SSL::SSLContext.new :TLSv1_1

  79. context.cert    = cert

  80. context.key     = key

  81. context.ciphers = ARGV[0] || 'EECDH+AESGCM'

  82. 

  83. #dh                      = OpenSSL::PKey::DH.new File.read 'config/dh-4096.pem'

  84. #context.tmp_dh_callback = proc { dh }

  85. #context.ecdh_curves = CryptCheck::Tls::Server::SUPPORTED_CURVES.join ':'

  86. #context.ecdh_curves = 'secp384r1:secp521r1:sect571r1'

  87. #context.ecdh_curves     = 'prime256v1'

  88. #ecdh = OpenSSL::PKey::EC.new('secp384r1').generate_key

  89. #context.tmp_ecdh_callback = proc { ecdh }

  90. 

  91. host, port = '::', 5000

  92. tcp_server              = TCPServer.new host, port

  93. tls_server              = OpenSSL::SSL::SSLServer.new tcp_server, context

  94. ::CryptCheck::Logger.info "Server started on #{host}:#{port}"

  95. # ::CryptCheck::Logger.info "Supported ciphers:"

  96. # context.ciphers.each { |c| ::CryptCheck::Logger.info c.first }

  97. 

  98. 

  99. loop do

  100. 	begin

  101. 		connection = tls_server.accept

  102. 

  103. 		method = connection.ssl_version

  104. 

  105. 		dh = connection.tmp_key

  106. 		cipher = connection.cipher

  107. 		cipher = CryptCheck::Tls::Cipher.new method, cipher.first

  108. 		states = cipher.states

  109. 		# p states

  110. 		# text   = %i(critical error warning good perfect best).collect do |s|

  111. 		# 	states[s].collect { |t| t.to_s.colorize s }.join ' '

  112. 		# end.reject &:empty?

  113. 		# text = []

  114. 		# text   = text.join ' '

  115. 		# text = ''

  116. 

  117. 		dh     = dh ? " (#{'PFS'.colorize :good} : #{CryptCheck::Tls.key_to_s dh})" : ''

  118. 		CryptCheck::Logger.info { "#{cipher}#{dh}" }

  119. 

  120. 		data       = connection.gets

  121. 		if data

  122. 			CryptCheck::Logger.info data

  123. 		end

  124. 		connection.puts 'HTTP/1.1 200 OK'

  125. 		connection.puts 'Strict-Transport-Security: max-age=31536000'

  126. 		connection.close

  127. 	rescue OpenSSL::SSL::SSLError, SystemCallError

  128. 	end

  129. end