Module: SSLTest

Extended by:
CRL, OCSP
Defined in:
lib/ssl-test.rb,
lib/ssl-test/crl.rb,
lib/ssl-test/ocsp.rb

Defined Under Namespace

Modules: CRL, OCSP

Constant Summary collapse

VERSION = 
-"1.5.0"

Constants included from OCSP

OCSP::ERROR_CACHE_DURATION

Constants included from CRL

CRL::CRL_CACHE_DURATION

Class Method Summary collapse

Class Method Details

.cache_sizeObject 



82
83
84
85
86
87
88
89
90
91
92
93
94
 
# File 'lib/ssl-test.rb', line 82

def cache_size
  {
    crl: {
      lists: @crl_response_cache&.size || 0,
      bytes: ObjectSize.size(@crl_response_cache)
    },
    ocsp: {
      responses: @ocsp_response_cache&.size || 0,
      errors: @ocsp_request_error_cache&.size || 0,
      bytes: ObjectSize.size(@ocsp_response_cache) + ObjectSize.size(@ocsp_request_error_cache)
    }
  }
end

.flush_cacheObject 



96
97
98
99
100
 
# File 'lib/ssl-test.rb', line 96

def flush_cache
  @crl_response_cache = {}
  @ocsp_response_cache = {}
  @ocsp_request_error_cache = {}
end

.logger=(logger) ⇒ Object 



102
103
104
 
# File 'lib/ssl-test.rb', line 102

def logger= logger
  @logger = logger
end

.test_cert(client_cert, ca_certs, open_timeout: 5, read_timeout: 5, proxy_host: nil, proxy_port: nil, redirection_limit: 5) ⇒ Object 



53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
# File 'lib/ssl-test.rb', line 53

def test_cert client_cert, ca_certs, open_timeout: 5, read_timeout: 5, proxy_host:nil, proxy_port: nil, redirection_limit: 5
  cert = failed_cert_reason = chain = store = nil

  store = OpenSSL::X509::Store.new
  ca_certs.each { store.add_cert(_1) }
  store.verify_callback = -> (verify_ok, store_context) {
    cert = store_context.current_cert
    chain = store_context.chain
    failed_cert_reason = [store_context.error, store_context.error_string] if store_context.error != 0
    verify_ok
  }

  begin
    store.verify(client_cert)

    if failed_cert_reason
      error_message = "error code #{failed_cert_reason[0]}: #{failed_cert_reason[1]}"
      @logger&.info { "SSLTest #{cert.subject.to_s} finished: #{error_message}" }
      return [false, error_message, cert]
    else
      revoked, message, revocation_date = test_chain_revocation(chain, open_timeout: open_timeout, read_timeout: read_timeout, proxy_host: proxy_host, proxy_port: proxy_port, redirection_limit: redirection_limit)
      return [!revoked, revocation_message(revoked, revocation_date, message), cert]
    end
  rescue => error
    @logger&.error { "SSLTest #{cert.subject.to_s} failed: #{error.message}" }
    return [nil, "SSL certificate test failed: #{error.message}", cert]
  end
end

.test_url(url, open_timeout: 5, read_timeout: 5, proxy_host: nil, proxy_port: nil, redirection_limit: 5) ⇒ Object Also known as: test 



16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/ssl-test.rb', line 16

def test_url url, open_timeout: 5, read_timeout: 5, proxy_host: nil, proxy_port: nil, redirection_limit: 5
  cert = failed_cert_reason = chain = nil

  uri = URI.parse(url)
  return if uri.scheme != 'https' and uri.scheme != 'tcps'

  @logger&.info { "SSLTest #{url} started" }
  http = Net::HTTP.new(uri.host, uri.port, proxy_host, proxy_port)
  http.open_timeout = open_timeout
  http.read_timeout = read_timeout
  http.use_ssl = true
  http.verify_mode = OpenSSL::SSL::VERIFY_PEER
  http.verify_callback = -> (verify_ok, store_context) {
    cert = store_context.current_cert
    chain = store_context.chain
    failed_cert_reason = [store_context.error, store_context.error_string] if store_context.error != 0
    verify_ok
  }

  begin
    http.start { }

    revoked, message, revocation_date = test_chain_revocation(chain, open_timeout: open_timeout, read_timeout: read_timeout, proxy_host: proxy_host, proxy_port: proxy_port, redirection_limit: redirection_limit)
    @logger&.info { "SSLTest #{url} finished: revoked=#{revoked} #{message}" }
    return [!revoked, revocation_message(revoked, revocation_date, message), cert]
  rescue OpenSSL::SSL::SSLError => error
    error_message = parse_ssl_error(error, cert, failed_cert_reason, uri:)
    @logger&.info { "SSLTest #{url} finished: #{error_message}" }
    return [false, error_message, cert]
  rescue => error
    @logger&.error { "SSLTest #{url} failed: #{error.message}" }
    return [nil, "SSL certificate test failed: #{error.message}", cert]
  end
end