class Prof::Matchers::OnlySupportSslWithCipherSet

Current problems

  1. The OSX openssl library may not support all of the ciphers that need to be tested for a cipher suite

  2. Some of the ciphers are actually expressions (kEDH+AESGCM) these need to be expanded to the ciphers they represent

Attributes

cipher_set[R]
http_enabled[R]
https_url[R]
results[R]

Public Class Methods

new(cipher_set) click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 28
def initialize(cipher_set)
  @cipher_set = cipher_set
end

Public Instance Methods

failure_message() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 44
def failure_message
  [
    ("The server is missing support for#{RSpec::Matchers::EnglishPhrasing.list(server_missing_supported_ciphers)}" if server_missing_supported_ciphers.any?),
    ("The server supports#{RSpec::Matchers::EnglishPhrasing.list(server_extra_ciphers)} when it should not" if server_extra_ciphers.any?),
    ("The server is missing support for#{RSpec::Matchers::EnglishPhrasing.list(server_missing_supported_protocols)}" if server_missing_supported_protocols.any?),
     ("The server supports#{RSpec::Matchers::EnglishPhrasing.list(server_extra_protocols)} when it should not" if server_extra_protocols.any?),
    ("The server supports HTTP when it should not" if http_enabled)
  ].compact.join("\n")
end
matches?(https_url) click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 32
def matches?(https_url)
  @https_url    = https_url
  @results      = ssl_results
  @http_enabled = http_connection_accepted?
  results.supports_cipher_set?(cipher_set) && !@http_enabled
end
with_proxy(proxy) click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 39
def with_proxy(proxy)
  @proxy = proxy
  self
end

Private Instance Methods

http_connection_accepted?() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 78
def http_connection_accepted?
  begin
    response = Net::HTTP.new(http_uri.host, http_uri.port, proxy.http_host, proxy.http_port).get('/')
    !response.instance_of?(Net::HTTPGatewayTimeOut)
  rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT
    false
  end
end
http_uri() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 87
def http_uri
  http_uri = URI(https_url)
  http_uri.scheme = 'http'
  http_uri.port = 80
  http_uri
end
proxy() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 58
def proxy
  @proxy ||= OpenStruct.new(:http_host => nil, :http_address => nil)
end
server_extra_ciphers() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 66
def server_extra_ciphers
  results.supported_ciphers - cipher_set.supported_ciphers
end
server_extra_protocols() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 74
def server_extra_protocols
  results.supported_protocols - cipher_set.supported_protocols
end
server_missing_supported_ciphers() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 62
def server_missing_supported_ciphers
  cipher_set.supported_ciphers - results.supported_ciphers
end
server_missing_supported_protocols() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 70
def server_missing_supported_protocols
  cipher_set.supported_protocols - results.supported_protocols
end
ssl_results() click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 94
def ssl_results
  Prof::SSL::Check.new(https_url, @proxy).results
end