class Prof::Matchers::OnlySupportSslWithCipherSet
Current problems
-
The OSX openssl library may not support all of the ciphers that need to be tested for a cipher suite
-
Some of the ciphers are actually expressions (kEDH+AESGCM) these need to be expanded to the ciphers they represent
Attributes
cipher_set[R]
http_enabled[R]
https_url[R]
results[R]
Public Class Methods
new(cipher_set)
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 28 def initialize(cipher_set) @cipher_set = cipher_set end
Public Instance Methods
failure_message()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 44 def failure_message [ ("The server is missing support for#{RSpec::Matchers::EnglishPhrasing.list(server_missing_supported_ciphers)}" if server_missing_supported_ciphers.any?), ("The server supports#{RSpec::Matchers::EnglishPhrasing.list(server_extra_ciphers)} when it should not" if server_extra_ciphers.any?), ("The server is missing support for#{RSpec::Matchers::EnglishPhrasing.list(server_missing_supported_protocols)}" if server_missing_supported_protocols.any?), ("The server supports#{RSpec::Matchers::EnglishPhrasing.list(server_extra_protocols)} when it should not" if server_extra_protocols.any?), ("The server supports HTTP when it should not" if http_enabled) ].compact.join("\n") end
matches?(https_url)
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 32 def matches?(https_url) @https_url = https_url @results = ssl_results @http_enabled = http_connection_accepted? results.supports_cipher_set?(cipher_set) && !@http_enabled end
with_proxy(proxy)
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 39 def with_proxy(proxy) @proxy = proxy self end
Private Instance Methods
http_connection_accepted?()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 78 def http_connection_accepted? begin response = Net::HTTP.new(http_uri.host, http_uri.port, proxy.http_host, proxy.http_port).get('/') !response.instance_of?(Net::HTTPGatewayTimeOut) rescue Errno::ECONNREFUSED, Errno::ETIMEDOUT false end end
http_uri()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 87 def http_uri http_uri = URI(https_url) http_uri.scheme = 'http' http_uri.port = 80 http_uri end
proxy()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 58 def proxy @proxy ||= OpenStruct.new(:http_host => nil, :http_address => nil) end
server_extra_ciphers()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 66 def server_extra_ciphers results.supported_ciphers - cipher_set.supported_ciphers end
server_extra_protocols()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 74 def server_extra_protocols results.supported_protocols - cipher_set.supported_protocols end
server_missing_supported_ciphers()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 62 def server_missing_supported_ciphers cipher_set.supported_ciphers - results.supported_ciphers end
server_missing_supported_protocols()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 70 def server_missing_supported_protocols cipher_set.supported_protocols - results.supported_protocols end
ssl_results()
click to toggle source
# File lib/prof/matchers/only_support_ssl_with_cipher_set.rb, line 94 def ssl_results Prof::SSL::Check.new(https_url, @proxy).results end