예제 #1
0
    def __init__(
        self, server_info, plugin_command, plugin_options, hsts_header, hpkp_header, hpkp_report_only, certificate_chain
    ):
        super(HttpHeadersResult, self).__init__(server_info, plugin_command, plugin_options)
        self.hsts_header = ParsedHstsHeader(hsts_header) if hsts_header else None
        self.hpkp_header = ParsedHpkpHeader(hpkp_header, hpkp_report_only) if hpkp_header else None

        # Hack: use function in CertificateInfoPlugin to get the verified certificate chain so we can check the pins
        self.verified_certificate_chain = None
        parsed_certificate_chain = [Certificate(x509_cert) for x509_cert in certificate_chain]
        if CertInfoFullResult._is_certificate_chain_order_valid(parsed_certificate_chain):
            self.verified_certificate_chain = CertInfoFullResult._build_verified_certificate_chain(
                parsed_certificate_chain
            )

        # Is the pinning configuration valid?
        self.is_valid_pin_configured = None
        self.is_backup_pin_configured = None
        if self.verified_certificate_chain and self.hpkp_header:
            # Is one of the configured pins in the current server chain?
            self.is_valid_pin_configured = False
            server_pin_list = [cert.hpkp_pin for cert in self.verified_certificate_chain]
            for pin in self.hpkp_header.pin_sha256_list:
                if pin in server_pin_list:
                    self.is_valid_pin_configured = True
                    break

            # Is a backup pin configured?
            self.is_backup_pin_configured = set(self.hpkp_header.pin_sha256_list) != set(server_pin_list)
예제 #2
0
    def __init__(self, server_info, plugin_command, plugin_options,
                 hsts_header, hpkp_header, hpkp_report_only,
                 certificate_chain):
        super(HttpHeadersResult, self).__init__(server_info, plugin_command,
                                                plugin_options)
        self.hsts_header = ParsedHstsHeader(
            hsts_header) if hsts_header else None
        self.hpkp_header = ParsedHpkpHeader(
            hpkp_header, hpkp_report_only) if hpkp_header else None

        # Hack: use function in CertificateInfoPlugin to get the verified certificate chain so we can check the pins
        self.verified_certificate_chain = None
        parsed_certificate_chain = [
            Certificate(x509_cert) for x509_cert in certificate_chain
        ]
        if CertInfoFullResult._is_certificate_chain_order_valid(
                parsed_certificate_chain):
            self.verified_certificate_chain = CertInfoFullResult._build_verified_certificate_chain(
                parsed_certificate_chain)

        # Is the pinning configuration valid?
        self.is_valid_pin_configured = None
        self.is_backup_pin_configured = None
        if self.verified_certificate_chain and self.hpkp_header:
            # Is one of the configured pins in the current server chain?
            self.is_valid_pin_configured = False
            server_pin_list = [
                cert.hpkp_pin for cert in self.verified_certificate_chain
            ]
            for pin in self.hpkp_header.pin_sha256_list:
                if pin in server_pin_list:
                    self.is_valid_pin_configured = True
                    break

            # Is a backup pin configured?
            self.is_backup_pin_configured = set(
                self.hpkp_header.pin_sha256_list) != set(server_pin_list)