Improvements to the SSL TCP Server mixin

git-svn-id: file:///home/svn/framework3/trunk@7409 4d416f70-5f16-0410-b530-b9f4589650da
2024-11-05 14:57:30 +01:00 · 2009-11-09 00:13:25 +00:00 · 2009-11-09 00:13:25 +00:00 · 6885ffa48f
commit 6885ffa48f
parent e92a193f8c
1 changed files with 39 additions and 25 deletions
--- a/lib/rex/socket/ssl_tcp_server.rb
+++ b/lib/rex/socket/ssl_tcp_server.rb
@ -11,22 +11,38 @@ require 'rex/io/stream_server'
 module Rex::Socket::SslTcpServer

 	@@loaded_openssl = false
-	
+
 	begin
 		require 'openssl'
 		@@loaded_openssl = true
 	rescue ::Exception
 	end
-	
-	
+
+
 	include Rex::Socket::TcpServer
-	
+
 	##
 	#
 	# Factory
 	#
 	##

+	def self.create(hash)
+		self.create_param(Rex::Socket::Parameters.from_hash(hash))
+	end
+
+	#
+	# Wrapper around the base class' creation method that automatically sets
+	# the parameter's protocol to TCP and sets the server flag to true.
+	#
+	def self.create_param(param)
+		param.proto  = 'tcp'
+		param.server = true
+		param.ssl    = true
+
+		Rex::Socket.create_param(param)
+	end
+
 	def initsock(params = nil)
 		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
 		self.sslctx  = makessl()
@ -35,19 +51,16 @@ module Rex::Socket::SslTcpServer

 	def accept(opts = {})
 		sock = super()
-		return nil if not sock
-		
-		sock.extend(Rex::Socket::Tcp)
-		sock.context = self.context
-		pn = sock.getpeername
+		return if not sock

 		begin
-			t = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
-			t.extend(Rex::Socket::Tcp)
-			t.peerhost = pn[1]
-			t.peerport = pn[2]		
-			t.accept
-			t
+			ssl = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
+			ssl.accept
+			sock.extend(Rex::Socket::SslTcp)
+			sock.sslsock = ssl
+			sock.sslctx  = self.sslctx
+			return sock
+
 		rescue ::OpenSSL::SSL::SSLError
 			sock.close
 			nil
@ -56,22 +69,22 @@ module Rex::Socket::SslTcpServer


 	def makessl
-		key = OpenSSL::PKey::RSA.new(512){ }
-		
+		key = OpenSSL::PKey::RSA.new(1024){ }
+
 		cert = OpenSSL::X509::Certificate.new
 		cert.version = 2
 		cert.serial = rand(0xFFFFFFFF)
 		# name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
 		subject = OpenSSL::X509::Name.new([
-				["C","US"], 
-				['ST', Rex::Text.rand_state()], 
+				["C","US"],
+				['ST', Rex::Text.rand_state()],
 				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["CN", Rex::Text.rand_hostname],
 			])
 		issuer = OpenSSL::X509::Name.new([
-				["C","US"], 
-				['ST', Rex::Text.rand_state()], 
+				["C","US"],
+				['ST', Rex::Text.rand_state()],
 				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
 				["CN", Rex::Text.rand_hostname],
@ -79,8 +92,8 @@ module Rex::Socket::SslTcpServer

 		cert.subject = subject
 		cert.issuer = issuer
-		cert.not_before = Time.now - 7200
-		cert.not_after = Time.now + 7200
+		cert.not_before = Time.now - (3600 * 365)
+		cert.not_after = Time.now + (3600 * 365)
 		cert.public_key = key.public_key
 		ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
 		cert.extensions = [
@ -92,15 +105,16 @@ module Rex::Socket::SslTcpServer
 		ef.issuer_certificate = cert
 		cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
 		cert.sign(key, OpenSSL::Digest::SHA1.new)
-		
+
 		ctx = OpenSSL::SSL::SSLContext.new()
 		ctx.key = key
 		ctx.cert = cert

-		ctx.session_id_context = OpenSSL::Digest::MD5.hexdigest($0)
+		ctx.session_id_context = Rex::Text.rand_text(16)

 		return ctx
 	end

 	attr_accessor :sslctx
 end
+