Module: Ronin::Support::Network::SSL

Included in:: TLS

Defined in:: lib/ronin/support/network/ssl.rb,
lib/ronin/support/network/ssl/mixin.rb,
lib/ronin/support/network/ssl/proxy.rb,
lib/ronin/support/network/ssl/local_key.rb,
lib/ronin/support/network/ssl/local_cert.rb

Overview

Top-level SSL methods.

Defined Under Namespace

Modules: LocalCert, LocalKey, Mixin Classes: Proxy

Constant Summary collapse

VERSIONS = SSL/TLS versions

{
  1   => :TLSv1,
  1.1 => :TLSv1_1,
  1.2 => :TLSv1_2
}

VERIFY = SSL verify modes

{
  none:                 OpenSSL::SSL::VERIFY_NONE,
  peer:                 OpenSSL::SSL::VERIFY_PEER,
  fail_if_no_peer_cert: OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT,
  client_once:          OpenSSL::SSL::VERIFY_CLIENT_ONCE,
  true               => OpenSSL::SSL::VERIFY_PEER,
  false              => OpenSSL::SSL::VERIFY_NONE
}

Class Method Summary collapse

.cert ⇒ Crypto::Cert
The default SSL certificate used for all SSL server sockets.
.cert=(new_cert) ⇒ Crypto::Cert, OpenSSL::X509::Certificate
Overrides the default SSL certificate.
.context(version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ OpenSSL::SSL::SSLContext
Creates a new SSL Context.
.key ⇒ Crypto::Key::RSA
The default RSA key used for all SSL server sockets.
.key=(new_key) ⇒ Crypto::Key::RSA, OpenSSL::PKey::RSA
Overrides the default RSA key.

Class Method Details

.cert ⇒ `Crypto::Cert`

The default SSL certificate used for all SSL server sockets.

Returns:

(Crypto::Cert) —
The default SSL certificate.



78
79
80

# File 'lib/ronin/support/network/ssl.rb', line 78

def self.cert
  @cert ||= LocalCert.fetch
end

.cert=(new_cert) ⇒ `Crypto::Cert`, `OpenSSL::X509::Certificate`

Overrides the default SSL certificate.

Parameters:

new_cert (Crypto::Cert, OpenSSL::X509::Certificate) —
The new SSL certificate.

Returns:

(Crypto::Cert, OpenSSL::X509::Certificate) —
The new default SSL certificate.



91
92
93

# File 'lib/ronin/support/network/ssl.rb', line 91

def self.cert=(new_cert)
  @cert = new_cert
end

.context(version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ `OpenSSL::SSL::SSLContext`

Creates a new SSL Context.

Parameters:

version (1, 1.1, 1.2, String, Symbol, nil) (defaults to: nil) —
The SSL version to use.
verify (Symbol, Boolean) (defaults to: :none) —
Specifies whether to verify the SSL certificate. May be one of the following:
- :none
- :peer
- :fail_if_no_peer_cert
- :client_once
key (Crypto::Key::RSA, OpenSSL::PKey::RSA, nil) (defaults to: nil) —
The RSA key to use for the SSL context.
key_file (String, nil) (defaults to: nil) —
The path to the RSA .key file.
cert (Crypto::Cert, OpenSSL::X509::Certificate, nil) (defaults to: nil) —
The X509 certificate to use for the SSL context.
cert_file (String, nil) (defaults to: nil) —
The path to the SSL .crt or .pem file.
ca_bundle (String, nil) (defaults to: nil) —
Path to the CA bundle file or directory.

Returns:

(OpenSSL::SSL::SSLContext) —
The newly created SSL Context.

Raises:

(ArgumentError) —
cert_file: or cert: keyword arguments also require a key_file: or key: keyword argument.

Since:

1.0.0

# File 'lib/ronin/support/network/ssl.rb', line 136

def self.context(version:   nil,
                 verify:    :none,
                 key:       nil,
                 key_file:  nil,
                 cert:      nil,
                 cert_file: nil,
                 ca_bundle: nil)
  context = OpenSSL::SSL::SSLContext.new

  if version
    context.ssl_version = VERSIONS.fetch(version,version)
  end

  context.verify_mode = VERIFY[verify]

  if (key_file || key) && (cert_file || cert)
    context.key  = if key_file then Crypto::Key.load_file(key_file)
                   else             key
                   end

    context.cert = if cert_file then Crypto::Cert.load_file(cert_file)
                   else              cert
                   end
  elsif (key_file || key) || (cert_file || cert)
    raise(ArgumentError,"cert_file: and cert: keyword arguments also require a key_file: or key: keyword argument")
  end

  if ca_bundle
    if File.file?(ca_bundle)
      context.ca_file = ca_bundle
    elsif File.directory?(ca_bundle)
      context.ca_path = ca_bundle
    end
  end

  return context
end

.key ⇒ `Crypto::Key::RSA`

The default RSA key used for all SSL server sockets.

Returns:

(Crypto::Key::RSA) —
The default RSA key.



55
56
57

# File 'lib/ronin/support/network/ssl.rb', line 55

def self.key
  @key ||= LocalKey.fetch
end

.key=(new_key) ⇒ `Crypto::Key::RSA`, `OpenSSL::PKey::RSA`

Overrides the default RSA key.

Parameters:

new_key (Crypto::Key::RSA, OpenSSL::PKey::RSA) —
The new RSA key.

Returns:

(Crypto::Key::RSA, OpenSSL::PKey::RSA) —
The new default RSA key.



68
69
70

# File 'lib/ronin/support/network/ssl.rb', line 68

def self.key=(new_key)
  @key = new_key
end

Module: Ronin::Support::Network::SSL

Overview

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.cert ⇒ Crypto::Cert

.cert=(new_cert) ⇒ Crypto::Cert, OpenSSL::X509::Certificate

.context(version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ OpenSSL::SSL::SSLContext

.key ⇒ Crypto::Key::RSA

.key=(new_key) ⇒ Crypto::Key::RSA, OpenSSL::PKey::RSA

.cert ⇒ `Crypto::Cert`

.cert=(new_cert) ⇒ `Crypto::Cert`, `OpenSSL::X509::Certificate`

.context(version: nil, verify: :none, key: nil, key_file: nil, cert: nil, cert_file: nil, ca_bundle: nil) ⇒ `OpenSSL::SSL::SSLContext`

.key ⇒ `Crypto::Key::RSA`

.key=(new_key) ⇒ `Crypto::Key::RSA`, `OpenSSL::PKey::RSA`