mirror of
https://github.com/inspec/inspec
synced 2024-11-14 00:47:10 +00:00
c7e87ca3e3
* Create file-check functionality into utility file There are the similar issues as PR #2302. Almost resources return false positives when a file does not exist or is not read. * Replace to file-check functionality * Fix dh_params and x509_certificate resources If a file is empty, OpenSSL::PKey::DH and OpenSSL::X509::Certificate have raised an exception and have skipped the inspection. Thus x509_certificate and dh_params resources are not allowed to read a empty file. * to_s of shadow expects filters is not nil * Remove workaround of sshd_config Removes the workaround of sshd_config since Travis CI fails due to a bug of dev-sec/ssh-baseline and the PR #100 will fix it. * Use init block variable in methods Signed-off-by: ERAMOTO Masaya <eramoto.masaya@jp.fujitsu.com>
61 lines
1.2 KiB
Ruby
61 lines
1.2 KiB
Ruby
# encoding: utf-8
|
|
|
|
require 'openssl'
|
|
require 'hashie/mash'
|
|
require 'utils/file_reader'
|
|
|
|
module Inspec::Resources
|
|
class RsaKey < Inspec.resource(1)
|
|
name 'key_rsa'
|
|
supports platform: 'unix'
|
|
supports platform: 'windows'
|
|
desc 'public/private RSA key pair test'
|
|
example "
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key') do
|
|
its('public_key') { should match /BEGIN RSA PUBLIC KEY/ }
|
|
end
|
|
|
|
describe key_rsa('/etc/pki/www.mywebsite.com.key', 'passphrase') do
|
|
it { should be_private }
|
|
it { should be_public }
|
|
end
|
|
"
|
|
|
|
include FileReader
|
|
|
|
def initialize(keypath, passphrase = nil)
|
|
@key_path = keypath
|
|
@passphrase = passphrase
|
|
@key = OpenSSL::PKey.read(read_file_content(@key_path, allow_empty: true), @passphrase)
|
|
end
|
|
|
|
def public?
|
|
return if @key.nil?
|
|
@key.public?
|
|
end
|
|
|
|
def public_key
|
|
return if @key.nil?
|
|
@key.public_key.to_s
|
|
end
|
|
|
|
def private?
|
|
return if @key.nil?
|
|
@key.private?
|
|
end
|
|
|
|
def private_key
|
|
return if @key.nil?
|
|
@key.to_s
|
|
end
|
|
|
|
def key_length
|
|
return if @key.nil?
|
|
@key.public_key.n.num_bytes * 8
|
|
end
|
|
|
|
def to_s
|
|
"rsa_key #{@key_path}"
|
|
end
|
|
end
|
|
end
|