public void HostEntryCreation_Empty()
{
HostEntry he = new HostEntry(null, "https");
he.SetRanking("C");
he.SetFingerPrintCert("SHA1");
he.SetExpirationDate(DateTime.Now.ToLongDateString());
Assert.IsTrue(he.IsEmpty());
}
public void HostEntryCreation_Positive()
{
HostEntry he = new HostEntry("demo.de", "https");
he.SetIP("1.1.1.1");
he.SetRanking("C");
he.SetFingerPrintCert("SHA1");
he.SetExpirationDate(DateTime.Now.ToLongDateString());
Assert.IsNotNull(he);
}
public void HostEntry_AddDifference()
{
HostEntry he = new HostEntry("demo.de", "https");
he.SetIP("1.1.1.1");
he.SetRanking("C");
he.SetFingerPrintCert("SHA1");
he.SetExpirationDate(DateTime.Now.ToLongDateString());
he.AddDifference("a", "b");
Assert.IsTrue(he.Differences.Count > 0);
}
public void HostEntry_Differences()
{
HostEntry a = new HostEntry("demo.de", "https");
a.SetIP("1.1.1.1");
a.SetRanking("C");
a.SetFingerPrintCert("SHA1");
a.SetExpirationDate(DateTime.Now.ToLongDateString());
HostEntry b = new HostEntry("demo.de", "https");
b.SetIP("1.1.1.2");
b.SetRanking("C");
b.SetFingerPrintCert("SHA1");
b.SetExpirationDate(DateTime.Now.ToLongDateString());
a.CheckDifferences(b);
Assert.IsTrue(a.Differences.Count >= 2);
Assert.IsTrue(a.HasDifference("IP"));
Assert.IsTrue(a.HasDifference("URL"));
}
/// <summary>
/// Iterates through the whole list of parsed HostEntries and starts an analysis on each item.
/// The current iteration will be saved into the _current object to make a callable outside this SSLAnalzer.
/// After a single analysis is complete, a fresh HostEntry will be created with the information of the analysis.
/// The differences between _current on the fresh HostEntry will be added to _current.
/// If a stop signal is set from the outside, the analysis will be stopped.
/// </summary>
private void analyze()
{
for (int i=0; i < _entries.Count; i+=1)
{
_current = _entries[i];
string url = string.Format("{0}://{1}",
_current.Protocol.ToString().ToLower(), _current.URL);
Analyze analyzed = _service.AutomaticAnalyze(url,
Settings.Static.AnalyzerSettings.Publish,
SSLLabsApiService.StartNew.On,
Settings.Static.AnalyzerSettings.FromCache,
24,
SSLLabsApiService.All.On,
Settings.Static.AnalyzerSettings.IgnoreMismatch,
200, _waitInterval);
HostEntry fresh = extractInfoFromAnalysis(analyzed, _current);
if (fresh != null)
{
_current.CheckDifferences(fresh);
_current = addMetaNotes(analyzed, _current);
fresh.AddCustomAttribute(_current.CustomAttributes);
_analyzedEntries.Add(fresh);
}
if (_stopSignal)
{
_stopSignal = false;
break;
}
notify();
}
if (OnAnalyzeComplete != null) OnAnalyzeComplete();
}
/// <summary>
/// Reads the first row to determine which column is located on which column-index.
/// After that HostEntries will be created using those indexes and added to the internal
/// list of HostEntries.
/// </summary>
private void parse(IExcelDataReader reader)
{
int ipIndex = -1;
int urlIndex = -1;
int protocolIndex = -1;
int rankingIndex = -1;
int fingerPrintIndex = -1;
int expirationIndex = -1;
int protocolVersionsIndex = -1;
int RC4Index = -1;
int beastIndex = -1;
int forwardSecrecyIndex = -1;
int heartbleedIndex = -1;
int signatureAlgoIndex = -1;
int poodleIndex = -1;
int extendedValidIndex = -1;
int openSSLCCSIndex = -1;
int HTTPServerSigIndex = -1;
int serverHostnameIndex = -1;
int _3DESCipherIndex = -1;
// Get headers
reader.Read();
int columnIndex = 0;
try
{
while (reader.GetString(columnIndex) != null)
{
string cmp = reader.GetString(columnIndex);
#region Column finding
if (cmp.Equals("IP") && ipIndex == -1) ipIndex = columnIndex;
else if (cmp.Contains("URL") && urlIndex == -1) urlIndex = columnIndex;
else if (cmp.ToLower().Contains("protocol versions") && protocolVersionsIndex == -1)
protocolVersionsIndex = columnIndex;
else if (cmp.Contains("RC4") && RC4Index == -1) RC4Index = columnIndex;
else if (cmp.ToLower().Contains("ranking") && rankingIndex == -1)
rankingIndex = columnIndex;
else if (cmp.ToLower().Equals("protocol") && protocolIndex == -1)
protocolIndex = columnIndex;
else if (cmp.ToLower().Contains("fingerprint") && fingerPrintIndex == -1)
fingerPrintIndex = columnIndex;
else if (cmp.ToLower().Contains("expiration") && expirationIndex == -1)
expirationIndex = columnIndex;
else if (cmp.ToLower().Contains("beast") && beastIndex == -1)
beastIndex = columnIndex;
else if (cmp.ToLower().Contains("forward secrecy") && forwardSecrecyIndex == -1)
forwardSecrecyIndex = columnIndex;
else if (cmp.ToLower().Contains("heartbleed") && heartbleedIndex == -1)
heartbleedIndex = columnIndex;
else if (cmp.ToLower().Contains("signature algorithm") && signatureAlgoIndex == -1)
signatureAlgoIndex = columnIndex;
else if (cmp.ToLower().Contains("poodle") && poodleIndex == -1)
poodleIndex = columnIndex;
else if (cmp.ToLower().Contains("extended validation") && extendedValidIndex == -1)
extendedValidIndex = columnIndex;
else if (cmp.ToLower().Contains("openssl ccs") && openSSLCCSIndex == -1)
openSSLCCSIndex = columnIndex;
else if (cmp.ToLower().Contains("http server sig") && HTTPServerSigIndex == -1)
HTTPServerSigIndex = columnIndex;
else if (cmp.ToLower().Contains("server host name") && serverHostnameIndex == -1)
serverHostnameIndex = columnIndex;
else if (cmp.ToLower().Contains("3des cipher presence") && _3DESCipherIndex == -1)
_3DESCipherIndex = columnIndex;
else
{
_customAttributes[columnIndex] = cmp;
}
#endregion
columnIndex += 1;
}
}
catch (Exception ex)
{
Debug.WriteLine(string.Format("Excel header reading touched outer bounds: {0}", ex.Message));
}
// Get rows and add them as children of each header
while (reader.Read())
{
HostEntry h = new HostEntry(getColumn(reader, urlIndex),
getColumn(reader, protocolIndex));
h.SetIP(getColumn(reader, ipIndex));
h.SetRanking(getColumn(reader, rankingIndex));
h.SetFingerPrintCert(getColumn(reader, fingerPrintIndex));
h.SetExpirationDate(getColumn(reader, expirationIndex));
h.SetProtocolVersions(getColumn(reader, protocolVersionsIndex));
h.SetBeastVulnerarbility(getColumn(reader, beastIndex));
h.SetForwardSecrecy(getColumn(reader, forwardSecrecyIndex));
h.SetHeartbleedVulnerability(getColumn(reader, heartbleedIndex));
h.SetSignatureAlgorithm(getColumn(reader, signatureAlgoIndex));
h.SetPoodleVulnerability(getColumn(reader, poodleIndex));
h.SetExtendedValidation(getColumn(reader, extendedValidIndex));
h.SetOpenSSLCCSVulnerable(getColumn(reader, openSSLCCSIndex));
h.SetHTTPServerSignature(getColumn(reader, HTTPServerSigIndex));
h.SetServerHostName(getColumn(reader, serverHostnameIndex));
h.Set3DESPresence(getColumn(reader, _3DESCipherIndex));
foreach (DictionaryEntry entry in _customAttributes)
{
h.AddCustomAttribute((string) entry.Value,
getColumn(reader, (int) entry.Key));
}
if (!h.IsEmpty()) entries.Add(h);
}
reader.Close();
ParserDelegator.CallOnParseComplete();
}
/// <summary>
/// Before a single analysis starts, this method will check whether
/// the URL is properly written (http is pointless for this cause).
/// A single analysis will be treated internally as a mass query with a single entry.
/// </summary>
private void AnalyzeButtonClick(object sender, RoutedEventArgs e)
{
if (URLField.Text.StartsWith("https://") && URLField.Text.Length > 12)
{
_singleQueryStarted = true;
AnalyzeButton.IsEnabled = false;
OpenFileButton.IsEnabled = false;
URLField.IsEnabled = false;
string url = URLField.Text.Replace("https://", "");
startAnimation("CurrentStatGrid_In");
List<HostEntry> hel = new List<HostEntry>();
HostEntry he = new HostEntry(url, "https");
hel.Add(he);
setupSSLAnalyzer(hel);
_dateTimeNow = new DateTime();
setupRunTimer();
}
else
{
MessageBox.Show(Properties.Resources.urlMustBeHttps, "QSSL Tool");
}
}
/// <summary>
/// Checks whether there are differences between the object and the passed object.
/// If there are any, those will be added to the difference list of this object.
/// </summary>
public void CheckDifferences(HostEntry other)
{
try
{
_differences.Add(new AnalyzeDifference("URL", getSummary(_URL, other.URL)));
_differences.Add(new AnalyzeDifference("IP address", getSummary(_IP, other.IP)));
_differences.Add(new AnalyzeDifference("Ranking", getSummary(_ranking, other.Ranking)));
_differences.Add(new AnalyzeDifference("Fingerprint cert.", getSummary(_FingerPrintCert, other.FingerPrintCert)));
_differences.Add(new AnalyzeDifference("Expiration", getSummary(_expiration, other.Expiration)));
_differences.Add(new AnalyzeDifference("Warning expiration", getSummary(_warningExpiration, other.WarningExpiration)));
_differences.Add(new AnalyzeDifference("RC4 support", getSummary(_RC4, other.RC4)));
_differences.Add(new AnalyzeDifference("Protocol versions", getSummary(_protocolVersions, other.ProtocolVersions)));
_differences.Add(new AnalyzeDifference("Beast vulnerability", getSummary(_beast, other.BeastVulnerable)));
_differences.Add(new AnalyzeDifference("Forward secrecy", getSummary(_forwardSecrecy, other.ForwardSecrecy)));
_differences.Add(new AnalyzeDifference("Heartbleed vulnerability", getSummary(_heartbleed, other.Heartbleed)));
_differences.Add(new AnalyzeDifference("Signature algorithm", getSummary(_signatureAlgorithm, other.SignatureAlgorithm)));
_differences.Add(new AnalyzeDifference("Poodle vulnerability", getSummary(_poodleVulnarable, other.PoodleVulnerable)));
_differences.Add(new AnalyzeDifference("Extended validation", getSummary(_extendedValidation, other.ExtendedValidation)));
_differences.Add(new AnalyzeDifference("OpenSSL CCS vulnerability", getSummary(_openSSLCCSVulnerable, other.OpenSSLCCSVulnerable)));
_differences.Add(new AnalyzeDifference("HTTP Server signature", getSummary(_httpServerSignature, other.HTTPServerSignature)));
_differences.Add(new AnalyzeDifference("Server host name", getSummary(_serverHostname, other.ServerHostname)));
_differences.Add(new AnalyzeDifference("3DES cipher presence", getSummary(__3DES, other._3DES)));
}
catch (Exception)
{
_differences.Add(new AnalyzeDifference("Error", "Try analyzing without cache (settings)."));
}
}
/// <summary>
/// Takes the result of the analysis and extracts the information to a new HostEntry.
/// If the extraction fails, the same HostEntry as passed will be returned.
/// Otherwise the fresh HostEntry gets returned.
/// </summary>
private HostEntry extractInfoFromAnalysis(Analyze a, HostEntry he)
{
HostEntry extracted = new HostEntry(he.URL.ToString(), he.Protocol.ToString());
try
{
extracted.SetIP(a.endpoints[0].ipAddress);
extracted.SetRanking(a.endpoints[0].grade);
extracted.SetFingerPrintCert(a.endpoints[0].Details.cert.sigAlg);
extracted.SetExpirationDate(a.endpoints[0].Details.cert.notAfter);
extracted.SetProtocolVersions(a.endpoints[0].Details.protocols);
extracted.SetRC4(a.endpoints[0].Details.supportsRc4.ToString());
extracted.SetBeastVulnerarbility(a.endpoints[0].Details.vulnBeast);
extracted.SetForwardSecrecy(a.endpoints[0].Details.forwardSecrecy);
extracted.SetHeartbleedVulnerability(a.endpoints[0].Details.heartbleed);
extracted.SetSignatureAlgorithm(a.endpoints[0].Details.cert.sigAlg);
extracted.SetPoodleVulnerability(a.endpoints[0].Details.poodle, a.endpoints[0].Details.poodleTls);
extracted.SetExtendedValidation(a.endpoints[0].Details.cert.validationType);
extracted.SetOpenSSLCCSVulnerable(a.endpoints[0].Details.openSslCcs);
extracted.SetHTTPServerSignature(a.endpoints[0].Details.serverSignature);
extracted.SetServerHostName(a.endpoints[0].serverName);
extracted.Set3DESPresence(check3DESCipherPresence(a.endpoints[0].Details.suites));
}
catch (Exception ex)
{
Debug.WriteLine(ex);
}
return extracted;
}
/// <summary>
/// This method adds further notes for the 'Recent outcome' list on the UI.
/// </summary>
private HostEntry addMetaNotes(Analyze a, HostEntry host)
{
try
{
host.AddDifference("General message", a.endpoints[0].statusMessage);
host.AddDifference("Detailed message", a.endpoints[0].statusDetailsMessage);
}
catch (Exception)
{
host.AddDifference("Error", a.Errors[0].message);
host.AddDifference("App", "This entry will be treated as unchanged.");
}
return host;
}
/// <summary>
/// Will determine the coloring of the cell based on the content it holds
/// for its type.
/// </summary>
private coloring detemineCellColoring(HostEntryAttribute s, HostEntry he = null)
{
if (s.Attribute == HostEntryAttribute.Type.Protocol)
{
if (s.ToString().ToLower().Equals("http")) return coloring.negative;
return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.Ranking)
{
if (s.ToString().ToLower().StartsWith("a")) return coloring.positive;
else if (s.ToString().ToLower().StartsWith("b")) return coloring.neutral;
else return coloring.negative;
}
else if (s.Attribute == HostEntryAttribute.Type.Fingerprint)
{
if (s.ToString().Contains("256")) return coloring.positive;
else return coloring.neutral;
}
else if (s.Attribute == HostEntryAttribute.Type.Expiration)
{
DateTime dt = DateTime.Parse(s.ToString());
if (dt > DateTime.Today.AddDays(10)) return coloring.positive;
else if (dt < DateTime.Today) return coloring.negative;
}
else if (s.Attribute == HostEntryAttribute.Type.WarningExpiration)
{
if (he.WarningExpired) return coloring.negative;
else return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.RC4)
{
if (s.ToString().Contains("True")) return coloring.negative;
else if (s.ToString().Contains("False")) return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.MD5)
{
if (s.ToString().Contains("Yes")) return coloring.negative;
else if (s.ToString().Contains("No")) return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.BeastVulnerability)
{
if (s.ToString().Contains("Yes")) return coloring.negative;
else if (s.ToString().Contains("No")) return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.ForwardSecrecy)
{
if (s.ToString().Contains("Yes")) return coloring.positive;
else if (s.ToString().Contains("No")) return coloring.negative;
}
else if (s.Attribute == HostEntryAttribute.Type.Heartbleed)
{
if (s.ToString().Contains("Yes")) return coloring.negative;
else if (s.ToString().Contains("No")) return coloring.positive;
}
else if (s.Attribute == HostEntryAttribute.Type.OpenSSLCCSVulnerable)
{
if (s.ToString().Contains("Not")) return coloring.positive;
else return coloring.negative;
}
else if (s.Attribute == HostEntryAttribute.Type.OpenSSLCCSVulnerable)
{
if (s.ToString().Contains("Not")) return coloring.positive;
else return coloring.neutral;
}
else if (s.Attribute == HostEntryAttribute.Type._3DES)
{
if (s.ToString().Contains("True")) return coloring.negative;
else return coloring.positive;
}
return coloring.none;
}
/// <summary>
/// Will add a row to the excel sheet with the data which held by the HostEntry.
/// </summary>
/// <param name="entry"></param>
private void addRow(HostEntry entry)
{
string address = string.Format("A{0}:{1}{2}", _cursor, ExcelColumnAdresser.Static.Latest, _cursor);
_sheet.Cells[string.Format(address, _cursor)].Style.Font.Name = "Arial";
_sheet.Cells[string.Format(address, _cursor)].Style.Font.Size = 8;
ExcelColumnAdresser.Static.Reset();
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.URL.ToString(), detemineCellColoring(entry.URL));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.Ranking.ToString(), detemineCellColoring(entry.Ranking));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.IP.ToString(), detemineCellColoring(entry.IP));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.Protocol.ToString(), detemineCellColoring(entry.Protocol));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.FingerPrintCert.ToString(), detemineCellColoring(entry.FingerPrintCert));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.RC4.ToString(), detemineCellColoring(entry.RC4));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.Expiration.ToString(), detemineCellColoring(entry.Expiration));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.WarningExpiration.ToString(), detemineCellColoring(entry.WarningExpiration, entry));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.ProtocolVersions.ToString(), detemineCellColoring(entry.ProtocolVersions));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.BeastVulnerable.ToString(), detemineCellColoring(entry.BeastVulnerable));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.ForwardSecrecy.ToString(), detemineCellColoring(entry.ForwardSecrecy));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.Heartbleed.ToString(), detemineCellColoring(entry.Heartbleed));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.SignatureAlgorithm.ToString(), detemineCellColoring(entry.SignatureAlgorithm));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.PoodleVulnerable.ToString(), detemineCellColoring(entry.PoodleVulnerable));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.ExtendedValidation.ToString(), detemineCellColoring(entry.ExtendedValidation));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.OpenSSLCCSVulnerable.ToString(), detemineCellColoring(entry.OpenSSLCCSVulnerable));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.HTTPServerSignature.ToString(), detemineCellColoring(entry.HTTPServerSignature));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry.ServerHostname.ToString(), detemineCellColoring(entry.ServerHostname));
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
entry._3DES.ToString(), detemineCellColoring(entry._3DES));
foreach (HostEntryAttribute hea in entry.CustomAttributes)
{
addCell(ExcelColumnAdresser.Static.NextIndexed(_cursor),
hea.ToString(), detemineCellColoring(entry.CustomAttributes[0]));
}
_cursor += 1;
}