hrbrmstr
/
ssllabs
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

v3 api coverage

master
boB Rudis 4 years ago
parent
bb8b227d47
commit
8f4def3a59
No known key found for this signature in database GPG Key ID: 1D7529BE14E2BBA9
26 changed files with 526 additions and 416 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      .Rbuildignore
  2. 25
      DESCRIPTION
  3. 2
      LICENSE
  4. 21
      LICENSE.md
  5. 5
      NAMESPACE
  6. 6
      NEWS.md
  7. 7
      R/aaa.R
  8. 37
      R/analyze.r
  9. 19
      R/api-info.r
  10. 33
      R/endpoint.r
  11. 41
      R/root.r
  12. 6
      R/ssllabs-package.r
  13. 13
      R/status.r
  14. 11
      R/utils-pipe.R
  15. 72
      README.Rmd
  16. 498
      README.md
  17. 15
      man/analyze_site.Rd
  18. 10
      man/get_endpoint_data.Rd
  19. 24
      man/get_root_certs.Rd
  20. 15
      man/get_root_certs_raw.Rd
  21. 15
      man/get_status_codes.Rd
  22. 12
      man/pipe.Rd
  23. 17
      man/ssllabs.Rd
  24. 6
      man/ssllabs_api_info.Rd
  25. 14
      ssllabs.Rproj
  26. 17
      tests/testthat/test-ssllabs.R

1
.Rbuildignore
View File

@ -1,3 +1,4 @@
^LICENSE\.md$
^.*\.Rproj$
^\.Rproj\.user$
^README\.Rmd$

25
DESCRIPTION
View File

@ -1,17 +1,26 @@
Package: ssllabs
Title: Tools to Work with the `SSL Labs` `API`
Version: 0.1.0.9000
Authors@R: c(person("Bob", "Rudis", email = "bob@rudis.net", role = c("aut", "cre")))
Description: Tools to Work with the `SSL Labs` `API`.
Title: Interrogate SSL Certificate Configuration Efficacy via 'ssllabs' API
Version: 0.2.0
Authors@R: c(
person("Bob", "Rudis", email = "bob@rudis.net", role = c("aut", "cre"))
)
Description: 'Qualys' provides a free online service
(<https://www.ssllabs.com/ssltest/index.html>)
that performs a deep analysis of the configuration of any SSL web server on
the public Internet. Methods are provides to initiate scans and retreive
scan results.
Depends:
R (>= 3.0.0)
License: AGPL + file LICENSE
R (>= 3.2.0)
License: MIT + file LICENSE
Encoding: UTF-8
LazyData: true
URL: https://gitlab.com/hrbrmstr/ssllabs
BugReports: https://gitlab.com/hrbrmstr/ssllabs/issues
Suggests:
testthat
Imports:
httr,
jsonlite,
openssl
RoxygenNote: 5.0.1
openssl,
magrittr
RoxygenNote: 6.1.1

2
LICENSE
View File

@ -1,2 +1,2 @@
YEAR: 2016
YEAR: 2019
COPYRIGHT HOLDER: Bob Rudis

21
LICENSE.md
View File

@ -0,0 +1,21 @@
# MIT License
Copyright (c) 2019 Bob Rudis
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

5
NAMESPACE
View File

@ -1,13 +1,14 @@
# Generated by roxygen2: do not edit by hand
export("%>%")
export(analyze_site)
export(get_endpoint_data)
export(get_root_certs_raw)
export(get_status_codes)
export(get_root_certs)
export(ssllabs_api_info)
importFrom(httr,GET)
importFrom(httr,content)
importFrom(httr,stop_for_status)
importFrom(httr,user_agent)
importFrom(jsonlite,fromJSON)
importFrom(magrittr,"%>%")
importFrom(openssl,read_cert)

6
NEWS.md
View File

@ -0,0 +1,6 @@
# ssllabs 0.2.0
* Added a `NEWS.md` file to track changes to the package.
* Updated pkg to cover v3 API
* Added tests
* Updated README

7
R/aaa.R
View File

@ -0,0 +1,7 @@
httr::user_agent(
sprintf(
"ssllabs package v%s: (<%s>)",
utils::packageVersion("ssllabs"),
utils::packageDescription("ssllabs")$URL
)
) -> .SSLLABS_UA

37
R/analyze.r
View File

@ -5,9 +5,10 @@
#' Endpoint object embedded in the Host object will provide partial endpoint results.
#' Please note that assessments of individual endpoints can fail even when the overall
#' assessment is successful (e.g., one server might be down). At this time, you can
#' determine the success of an endpoint assessment by checking the statusMessage field;
#' determine the success of an endpoint assessment by checking the `statusMessage` field;
#' it should contain "Ready".
#'
#' @md
#' @param host hostname; required.
#' @param publish set to "on" if assessment results should be published on the public
#' results boards; optional, defaults to "off".
@ -30,21 +31,33 @@
#' certificate doesn't match the assessment hostname. Set to off
#' by default. Please note that this parameter is ignored if a
#' cached report is returned.
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
#' @references <https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md>
#' @export
#' @examples \dontrun{
#' analyze_site(host = "www.ssllabs.com", from_cache = TRUE)
#' }
analyze_site <- function(host, publish = "off", start_new = NULL,
from_cache = "off", max_age = NULL,
all = "on", ignore_mismatch = "off") {
res <- httr::GET(
url = "https://api.ssllabs.com/api/v3/analyze",
query = list(
host = host,
publish = publish,
startNew = start_new,
fromCache = from_cache,
maxAge = max_age,
all = all,
ignoreMismatch = ignore_mismatch
),
.SSLLABS_UA
)
res <- httr::GET("https://api.ssllabs.com/api/v2/analyze",
query=list(host = host,
publish = publish,
startNew = start_new,
fromCache = from_cache,
maxAge = max_age,
all = all,
ignoreMismatch = ignore_mismatch))
httr::stop_for_status(res)
dat <- httr::content(res, as="text")
return(jsonlite::fromJSON(dat, flatten=TRUE))
out <- httr::content(res, as = "text")
out <- jsonlite::fromJSON(out, flatten = TRUE)
out
}

19
R/api-info.r
View File

@ -4,12 +4,23 @@
#' the engine and criteria version, and initialize the maximum number of concurrent
#' assessments. Returns one Info object on success.
#'
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
#' @md
#' @references <https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md>
#' @export
#' @examples
#' ssllabs_api_info()
ssllabs_api_info <- function() {
res <- httr::GET("https://api.ssllabs.com/api/v2/info")
httr::GET(
url = "https://api.ssllabs.com/api/v3/info",
.SSLLABS_UA
) -> res
httr::stop_for_status(res)
dat <- httr::content(res, as = "text")
return(jsonlite::fromJSON(dat, flatten = TRUE))
out <- httr::content(res, as = "text")
out <- jsonlite::fromJSON(out, flatten = TRUE)
out
}

33
R/endpoint.r
View File

@ -5,21 +5,36 @@
#' This API call does not initiate new assessments, even when a cached report is not
#' found.
#'
#' @md
#' @param host hostname; required.
#' @param ip endpoint IP address
#' @param from_cache always deliver cached assessment reports if available; optional,
#' defaults to "off". This parameter is intended for API consumers that
#' defaults to `FALSE`. This parameter is intended for API consumers that
#' don't want to wait for assessment results. Can't be used at the same
#' time as the start_new parameter.
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
#' @references <https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md>
#' @export
get_endpoint_data <- function(host, ip, from_cache = "off") {
#' @examples
#' get_endpoint_data("www.ssllabs.com", "64.41.200.100", TRUE)
get_endpoint_data <- function(host, ip, from_cache = FALSE) {
from_cache <- if (from_cache[1]) "on" else "off"
res <- httr::GET(
url = "https://api.ssllabs.com/api/v3/getEndpointData",
query = list(
host = host,
s = ip,
fromCache = from_cache
),
.SSLLABS_UA
)
res <- httr::GET("https://api.ssllabs.com/api/v2/getEndpointData",
query = list(host = host,
s = ip,
fromCache = from_cache))
httr::stop_for_status(res)
dat <- httr::content(res, as = "text")
return(jsonlite::fromJSON(dat, flatten = TRUE))
out <- httr::content(res, as = "text")
out <- jsonlite::fromJSON(out, flatten = TRUE)
out
}

41
R/root.r
View File

@ -1,13 +1,42 @@
#' Retrieve root certificates
#'
#' This call returns the root certificates used for trust validation.
#' This call returns the latest root certificates(Mozilla, Apple MacOS, Android,
#' Java and Windows) used for trust validation
#'
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
#' @md
#' @param trust_store one of "`moz`" (Mozilla), "`apple`", "`android`", "`java`", "`ms`" (Windows)
#' @return `list` of `openssl`-parsed certificates
#' @references <https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md>
#' @export
get_root_certs_raw <- function() {
#' @examples
#' get_root_certs()
get_root_certs <- function(trust_store = c("moz", "apple", "android", "java", "ms")) {
trust_store <- match.arg(trust_store[1], c("moz", "apple", "android", "java", "ms"))
switch(
trust_store,
moz = 1L,
apple = 2L,
android = 3L,
java = 4L,
ms = 5L
) -> trust_store
httr::GET(
url = "https://api.ssllabs.com/api/v3/getRootCertsRaw",
query = list(
trustStore = trust_store
),
.SSLLABS_UA
) -> res
res <- httr::GET("https://api.ssllabs.com/api/v2/getRootCertsRaw")
httr::stop_for_status(res)
dat <- httr::content(res, as = "text")
return(openssl::read_cert(dat))
out <- httr::content(res, as = "text")
out <- openssl::read_cert_bundle(out)
out
}

6
R/ssllabs-package.r
View File

@ -1,4 +1,4 @@
#' @title Tools to Work with the `SSL Labs` `API`
#' Interrogate SSL Certificate Configuration Efficacy via 'ssllabs' API
#'
#' SSL Labs APIs are provided free of charge, subject to our terms and conditions:
#' \url{https://www.ssllabs.com/about/terms.html}. The spirit of the license is that the
@ -44,7 +44,9 @@
#'
#' @name ssllabs
#' @docType package
#' @author Bob Rudis (@@hrbrmstr)
#' @keywords internal
#' @author Bob Rudis (bob@@rud.is)
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
#' @importFrom httr stop_for_status GET user_agent content
#' @importFrom jsonlite fromJSON
#' @importFrom openssl read_cert

13
R/status.r
View File

@ -1,13 +0,0 @@
#' Retrieve known status codes
#'
#' This call will return one StatusCodes instance.
#'
#' @references \url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
#' @export
get_status_codes <- function() {
res <- httr::GET("https://api.ssllabs.com/api/v2/getStatusCodes")
dat <- httr::content(res, as="text")
jsonlite::fromJSON(dat, flatten=TRUE)
}

11
R/utils-pipe.R
View File

@ -0,0 +1,11 @@
#' Pipe operator
#'
#' See \code{magrittr::\link[magrittr]{\%>\%}} for details.
#'
#' @name %>%
#' @rdname pipe
#' @keywords internal
#' @export
#' @importFrom magrittr %>%
#' @usage lhs \%>\% rhs
NULL

72
README.Rmd
View File

@ -1,5 +1,7 @@
---
output: github_document
editor_options:
chunk_output_type: console
---
<!-- README.md is generated from README.Rmd. Please edit that file -->
@ -7,40 +9,43 @@ output: github_document
```{r, echo = FALSE}
knitr::opts_chunk$set(
collapse = TRUE,
comment = "#>",
fig.path = "README-"
comment = "##",
fig.path = "README-",
message = FALSE,
warning = FALSE,
fig.retina = 2
)
options(width = 120)
```
<!--
[![Build Status](https://travis-ci.org/hrbrmstr/ssllabs.svg)](https://travis-ci.org/hrbrmstr/ssllabs)
![Project Status: Concept - Minimal or no implementation has been done yet.](http://www.repostatus.org/badges/0.1.0/concept.svg)](http://www.repostatus.org/#concept)
[![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/ssllabs)](http://cran.r-project.org/web/packages/ssllabs)
![downloads](http://cranlogs.r-pkg.org/badges/grand-total/ssllabs)
-->
`ssllabs` : Tools to Work with the `SSL Labs` `API`
# ssllabs
Interrogate SSL Certificate Configuration Efficacy via 'ssllabs' API
## Description
'Qualys' provides a free online service (<https://www.ssllabs.com/ssltest/index.html>)
that performs a deep analysis of the configuration of any SSL web server on
the public Internet. Methods are provides to initiate scans and retreive
scan results.
## What's Inside the Tin?
The following functions are implemented:
- `analyze_site`: Invoke assessment and check progress
- `get_endpoint_data`: Retrieve detailed endpoint information
- `get_root_certs_raw`: Retrieve root certificates
- `get_status_codes`: Retrieve known status codes
- `ssllabs`: Tools to Work with the 'SSL Labs' 'API'
- `ssllabs_api_info`: Check SSL Labs availability
### Installation
## Installation
```{r eval=FALSE}
devtools::install_github("hrbrmstr/ssllabs")
```
```{r echo=FALSE, message=FALSE, warning=FALSE, error=FALSE}
options(width=120)
install.packages("ssllabs", repos = "https://cinc.rud.is/")
```
### Usage
## Usage
```{r}
library(ssllabs)
@ -48,27 +53,32 @@ library(ssllabs)
# current verison
packageVersion("ssllabs")
ssllabs_api_info()
ssllabs_api_info() %>%
str(1)
get_status_codes()
get_root_certs() %>%
str(1)
get_root_certs_raw()
get_endpoint_data(
host = "www.ssllabs.com",
ip = "64.41.200.100",
from_cache = TRUE
)
analyze_site("rud.is")
analyze_site(
host = "www.ssllabs.com",
from_cache = TRUE
) %>%
str(2)
```
### Test Results
```{r}
library(ssllabs)
library(testthat)
date()
## `ssllabs` Metrics
test_dir("tests/")
```{r cloc, echo=FALSE}
cloc::cloc_pkg_md()
```
### Code of Conduct
## Code of Conduct
Please note that this project is released with a [Contributor Code of Conduct](CONDUCT.md).
By participating in this project you agree to abide by its terms.

498
README.md
View File

@ -1,290 +1,250 @@
<!-- README.md is generated from README.Rmd. Please edit that file -->
<!--
[![Build Status](https://travis-ci.org/hrbrmstr/ssllabs.svg)](https://travis-ci.org/hrbrmstr/ssllabs)
![Project Status: Concept - Minimal or no implementation has been done yet.](http://www.repostatus.org/badges/0.1.0/concept.svg)](http://www.repostatus.org/#concept)
[![CRAN_Status_Badge](http://www.r-pkg.org/badges/version/ssllabs)](http://cran.r-project.org/web/packages/ssllabs)
![downloads](http://cranlogs.r-pkg.org/badges/grand-total/ssllabs)
-->
`ssllabs` : Tools to Work with the `SSL Labs` `API`
# ssllabs
Interrogate SSL Certificate Configuration Efficacy via ‘ssllabs’ API
## Description
‘Qualys’ provides a free online service
(<https://www.ssllabs.com/ssltest/index.html>) that performs a deep
analysis of the configuration of any SSL web server on the public
Internet. Methods are provides to initiate scans and retreive scan
results.
## What’s Inside the Tin?
The following functions are implemented:
- `analyze_site`: Invoke assessment and check progress
- `get_endpoint_data`: Retrieve detailed endpoint information
- `get_root_certs_raw`: Retrieve root certificates
- `get_status_codes`: Retrieve known status codes
- `ssllabs`: Tools to Work with the 'SSL Labs' 'API'
- `ssllabs_api_info`: Check SSL Labs availability
- `analyze_site`: Invoke assessment and check progress
- `get_endpoint_data`: Retrieve detailed endpoint information
- `get_root_certs_raw`: Retrieve root certificates
- `get_status_codes`: Retrieve known status codes
- `ssllabs`: Tools to Work with the ‘SSL Labs’ ‘API’
- `ssllabs_api_info`: Check SSL Labs availability
### Installation
## Installation
``` r
devtools::install_github("hrbrmstr/ssllabs")
install.packages("ssllabs", repos = "https://cinc.rud.is/")
```
### Usage
## Usage
``` r
library(ssllabs)
# current verison
packageVersion("ssllabs")
#> [1] '0.1.0.9000'
ssllabs_api_info()
#> $engineVersion
#> [1] "1.22.37"
#>
#> $criteriaVersion
#> [1] "2009l"
#>
#> $clientMaxAssessments
#> [1] 25
#>
#> $maxAssessments
#> [1] 25
#>
#> $currentAssessments
#> [1] 1
#>
#> $newAssessmentCoolOff
#> [1] 1000
#>
#> $messages
#> [1] "This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: https://www.ssllabs.com/about/terms.html"
get_status_codes()
#> $statusDetails
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_399
#> [1] "Testing Protocol Intolerance (TLS 1.99)"
#>
#> $statusDetails$PREPARING_REPORT
#> [1] "Preparing the report"
#>
#> $statusDetails$TESTING_SESSION_RESUMPTION
#> [1] "Testing session resumption"
#>
#> $statusDetails$TESTING_NPN
#> [1] "Testing NPN"
#>
#> $statusDetails$RETRIEVING_CERT_V3__NO_SNI
#> [1] "Retrieving certificate"
#>
#> $statusDetails$RETRIEVING_CERT_V3__SNI_APEX
#> [1] "Retrieving certificate"
#>
#> $statusDetails$TESTING_CVE_2014_0224
#> [1] "Testing CVE-2014-0224"
#>
#> $statusDetails$TESTING_CAPABILITIES
#> [1] "Determining server capabilities"
#>
#> $statusDetails$TESTING_HEARTBLEED
#> [1] "Testing Heartbleed"
#>
#> $statusDetails$TESTING_PROTO_3_3_V2H
#> [1] "Testing TLS 1.1 (v2 handshake)"
#>
#> $statusDetails$TESTING_SESSION_TICKETS
#> [1] "Testing Session Ticket support"
#>
#> $statusDetails$VALIDATING_TRUST_PATHS
#> [1] "Validating trust paths"
#>
#> $statusDetails$TESTING_RENEGOTIATION
#> [1] "Testing renegotiation"
#>
#> $statusDetails$TESTING_HTTPS
#> [1] "Sending one complete HTTPS request"
#>
#> $statusDetails$TESTING_V2H_HANDSHAKE
#> [1] "Testing v2 handshake"
#>
#> $statusDetails$TESTING_STRICT_RI
#> [1] "Testing Strict Renegotiation"
#>
#> $statusDetails$TESTING_SUITES_DEPRECATED
#> [1] "Testing deprecated cipher suites"
#>
#> $statusDetails$TESTING_HANDSHAKE_SIMULATION
#> [1] "Simulating handshakes"
#>
#> $statusDetails$TESTING_STRICT_SNI
#> [1] "Testing Strict SNI"
#>
#> $statusDetails$TESTING_PROTO_3_1_V2H
#> [1] "Testing TLS 1.0 (v2 handshake)"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_499
#> [1] "Testing Protocol Intolerance (TLS 2.99)"
#>
#> $statusDetails$TESTING_TLS_VERSION_INTOLERANCE
#> [1] "Testing TLS version intolerance"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_304
#> [1] "Testing Protocol Intolerance (TLS 1.3)"
#>
#> $statusDetails$TESTING_SUITES_BULK
#> [1] "Bulk-testing less common cipher suites"
#>
#> $statusDetails$TESTING_BEAST
#> [1] "Testing for BEAST"
#>
#> $statusDetails$TESTING_PROTO_2_0
#> [1] "Testing SSL 2.0"
#>
#> $statusDetails$BUILDING_TRUST_PATHS
#> [1] "Building trust paths"
#>
#> $statusDetails$TESTING_PROTO_3_1
#> [1] "Testing TLS 1.0"
#>
#> $statusDetails$TESTING_PROTO_3_0_V2H
#> [1] "Testing SSL 3.0 (v2 handshake)"
#>
#> $statusDetails$TESTING_PROTO_3_0
#> [1] "Testing SSL 3.0"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_300
#> [1] "Testing Protocol Intolerance (SSL 3.0)"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_301
#> [1] "Testing Protocol Intolerance (TLS 1.0)"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_302
#> [1] "Testing Protocol Intolerance (TLS 1.1)"
#>
#> $statusDetails$TESTING_PROTOCOL_INTOLERANCE_303
#> [1] "Testing Protocol Intolerance (TLS 1.2)"
#>
#> $statusDetails$TESTING_OCSP_STAPLING_PRIME
#> [1] "Trying to prime OCSP stapling"
#>
#> $statusDetails$TESTING_EXTENSION_INTOLERANCE
#> [1] "Testing Extension Intolerance (might take a while)"
#>
#> $statusDetails$TESTING_SSL2_SUITES
#> [1] "Checking if SSL 2.0 has any ciphers enabled"
#>
#> $statusDetails$TESTING_OCSP_STAPLING
#> [1] "Testing OCSP stapling"
#>
#> $statusDetails$TESTING_SUITES
#> [1] "Determining available cipher suites"
#>
#> $statusDetails$TESTING_PROTO_3_2_V2H
#> [1] "Testing TLS 1.1 (v2 handshake)"
#>
#> $statusDetails$TESTING_POODLE_TLS
#> [1] "Testing POODLE against TLS"
#>
#> $statusDetails$RETRIEVING_CERT_V3__SNI_WWW
#> [1] "Retrieving certificate"
#>
#> $statusDetails$CHECKING_REVOCATION
#> [1] "Checking for revoked certificates"
#>
#> $statusDetails$TESTING_COMPRESSION
#> [1] "Testing compression"
#>
#> $statusDetails$TESTING_SUITE_PREFERENCE
#> [1] "Determining cipher suite preference"
#>
#> $statusDetails$TESTING_PROTO_3_2
#> [1] "Testing TLS 1.1"
#>
#> $statusDetails$TESTING_PROTO_3_3
#> [1] "Testing TLS 1.2"
#>
#> $statusDetails$TESTING_LONG_HANDSHAKE
#> [1] "Testing Long Handshake (might take a while)"
get_root_certs_raw()
#> [x509 certificate] AAA Certificate Services
#> md5: 49:79:04:b0:eb:87:19:ac:47:b0:bc:11:51:9b:74:d0
#> sha1: d1:eb:23:a4:6d:17:d6:8f:d9:25:64:c2:f1:f1:60:17:64:d8:e3:49
analyze_site("rud.is")
#> $host
#> [1] "rud.is"
#>
#> $port
#> [1] 443
#>
#> $protocol
#> [1] "HTTP"
#>
#> $isPublic
#> [1] FALSE
#>
#> $status
#> [1] "IN_PROGRESS"
#>
#> $startTime
#> [1] 1.465096e+12
#>
#> $engineVersion
#> [1] "1.22.37"
#>
#> $criteriaVersion
#> [1] "2009l"
#>
#> $endpoints
#> ipAddress statusMessage statusDetails statusDetailsMessage progress eta delegation
#> 1 104.236.112.222 In progress TESTING_OCSP_STAPLING Testing OCSP stapling 98 0 1
#> details.hostStartTime details.protocols details.serverSignature details.prefixDelegation
#> 1 1.465096e+12 769, 770, 771, TLS, TLS, TLS, 1.0, 1.1, 1.2 nginx/1.4.6 (Ubuntu) FALSE
#> details.nonPrefixDelegation details.vulnBeast details.renegSupport details.stsStatus details.stsResponseHeader
#> 1 TRUE TRUE 2 unknown
#> details.stsSubdomains details.stsPreload details.sessionResumption details.compressionMethods details.supportsNpn
#> 1 FALSE FALSE 2 0 TRUE
#> details.npnProtocols details.sessionTickets details.sniRequired details.httpStatusCode details.rc4WithModern
#> 1 http/1.1 1 FALSE 200 FALSE
#> details.openSslCcs details.poodle details.poodleTls details.fallbackScsv details.freak details.hasSct
#> 1 0 FALSE 0 TRUE FALSE 0
#> details.dhPrimes
#> 1 e749e3dd00e8c27cdb4400c4d44126c15aea205431cda2fdc7ee9ec69c3fa40616f7c92096355e9400b98c028deac435d4e3f84a234462a6dc8277bf9c8d5b9ebc01f03b60c609a7494a18eac43fc4b05dac2919f934f9b4f8df3f1e9657a47b7e84f843675ddcf68f7edcc09b9340e4aca3b21480e0fb4e6fdc58ebf34d08592ab60c6b7330e976ad9f71a2621605445177862e4a4893c293ec49c3fc7ede6bb5debf7ebfb69ef394ac9e7577c049017f5a4355bc9805f57e38b778bea28838bbdf23eda7682e4ba0db484a3eb9c756d0f5cab110a4bdf9fb6878d312abf7b7d9d3e7826483898d360848e7a4a042fd3076cd9218b0b76caf271e854944df4b
#> details.dhUsesKnownPrimes details.dhYsReuse details.logjam details.key.size details.key.alg details.key.debianFlaw
#> 1 0 FALSE FALSE 2048 RSA FALSE
#> details.key.strength details.cert.subject details.cert.commonNames details.cert.altNames details.cert.notBefore
#> 1 2048 CN=rud.is rud.is rud.is 1.458496e+12
#> details.cert.notAfter details.cert.issuerSubject details.cert.issuerLabel
#> 1 1.466272e+12 CN=Let's Encrypt Authority X1,O=Let's Encrypt,C=US Let's Encrypt Authority X1
#> details.cert.sigAlg details.cert.revocationInfo details.cert.crlURIs details.cert.ocspURIs
#> 1 SHA256withRSA 2 http://ocsp.int-x1.letsencrypt.org/
#> details.cert.revocationStatus details.cert.crlRevocationStatus details.cert.ocspRevocationStatus details.cert.sgc
#> 1 2 4 2 0
#> details.cert.issues details.cert.sct details.cert.sha1Hash
#> 1 0 FALSE 95f6c164dea0e6557269abc23dd2ef0b419cbca5
#> details.cert.pinSha256
#> 1 H9b6scxl5ZpWJeL0BUjJsvL70FK7E+/NRoNXlREQSpw=
#> details.chain.certs
#> 1 CN=rud.is, CN=Let's Encrypt Authority X1,O=Let's Encrypt,C=US, rud.is, Let's Encrypt Authority X1, 1458496140000, 1445294016000, 1466272140000, 1603146816000, CN=Let's Encrypt Authority X1,O=Let's Encrypt,C=US, CN=DST Root CA X3,O=Digital Signature Trust Co., Let's Encrypt Authority X1, DST Root CA X3, SHA256withRSA, SHA256withRSA, 0, 0, RSA, RSA, 2048, 2048, 2048, 2048, 2, 2, 4, 2, 2, 2, 95f6c164dea0e6557269abc23dd2ef0b419cbca5, 3eae91937ec85d74483ff4b77b07b43e2af36bf4, H9b6scxl5ZpWJeL0BUjJsvL70FK7E+/NRoNXlREQSpw=, YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg=, -----BEGIN CERTIFICATE-----\nMIIE8DCCA9igAwIBAgISAdBrukxitHslErEbMj17qOZLMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV\r\nBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1\r\ndGhvcml0eSBYMTAeFw0xNjAzMjAxNzQ5MDBaFw0xNjA2MTgxNzQ5MDBaMBExDzANBgNVBAMTBnJ1\r\nZC5pczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM+6xE4IWLSPIaAHqKtmbkkq2rPS\r\nNz/8whgkSPtjX9to6LMoBw6TSA2LKKT86cj3iTd5wnOUdvpSHC9F1UiTLenRqJJp9ZZ+8BRknC6y\r\nHvFqZ3KwD/uuDy+yE432u0pzs4QvhMVV871GknPDbkN5wIwxzmQKT+JLHcVyuTw8Sh+Prv/Ik4hF\r\n4/eLeZn4TxqnLpCrJsyQx2e8lBCP6FKNBOY9SKe76ES85mdwN4bIiQUHGrD/LgVqFhrSmOSpwZgE\r\nR7Zx/pcxFzGxVfvAuotiusjoT1K/kmdPVCISzqcmfum0y5fWeald1e8j9gHKqkWTwKxsZby8+hiE\r\nrH2zw+F/8HcCAwEAAaOCAgcwggIDMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcD\r\nAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUntefpcRjm734PxH1w6glyTA7eGQw\r\nHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwcAYIKwYBBQUHAQEEZDBiMC8GCCsGAQUF\r\nBzABhiNodHRwOi8vb2NzcC5pbnQteDEubGV0c2VuY3J5cHQub3JnLzAvBggrBgEFBQcwAoYjaHR0\r\ncDovL2NlcnQuaW50LXgxLmxldHNlbmNyeXB0Lm9yZy8wEQYDVR0RBAowCIIGcnVkLmlzMIH+BgNV\r\nHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEEAYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDov\r\nL2Nwcy5sZXRzZW5jcnlwdC5vcmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBt\r\nYXkgb25seSBiZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNj\r\nb3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0cHM6Ly9sZXRz\r\nZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wDQYJKoZIhvcNAQELBQADggEBAETgYNrXY2wx2fM472IU\r\nSsKacmeNObZiwHVgmOD1dqOkf7BiXRYh8iSCVJpm2nMLuW2noOj2mm1+kf+KmG0zQyhVRqe2nLzV\r\nTR1cobHihzY97f2itF04jG3dgbjLuZQbsgTsmttovle5PdIy9lj5Ezg9Na33IBFwathFYWsG8mHp\r\naYNUDzZDvXpcuuoGafQu74+w1SxOoDaRKT+vafikQ5cL8Cxm8ItkcqRqTl+1OYCFGD8u2haPASE7\r\nUzvGzhYN8yobn39yvRpl9URzit6VOzaCEccXHFThhTAVpfJgHyPxZ1L4bkWuC7nS1Tci568Icna9\r\nktZNc4PQZMNYjpaehtE=\r\n-----END CERTIFICATE-----\n, -----BEGIN CERTIFICATE-----\nMIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAwPzEkMCIGA1UE\r\nChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzAe\r\nFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZaMEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1M\r\nZXQncyBFbmNyeXB0MSMwIQYDVQQDExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJ\r\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3\r\nuEtBBaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelgPEjMfspN\r\ndxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyGdGfIf6WauFJhFBM/ZemC\r\nh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1gGusSvMbkEl4L6KWTyogJSkExnTA0DHN\r\njzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb44/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEA\r\nAaOCAZIwggGOMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEB\r\nBHMwcTAyBggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5jb20w\r\nOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMvZHN0cm9vdGNheDMu\r\ncDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQMFQGA1UdIARNMEswCAYGZ4EMAQIB\r\nMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUHAgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5j\r\ncnlwdC5vcmcwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJP\r\nT1RDQVgzQ1JMLmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3\r\npkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hdv0J20/FyWo5p\r\npnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4DdITv8S9ZYQ7oaoqs7HwhEMY9s\r\nibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoWZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI\r\n5xxEI4LutHp6s3OT2FuO90WfdsIk6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYah\r\nqKaLn73PAAm1X2kjf1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=\r\n-----END CERTIFICATE-----\n
#> details.chain.issues details.suites.preference details.sims.results details.hstsPolicy.LONG_MAX_AGE
#> 1 0 TRUE NULL 15552000
#> details.hstsPolicy.status details.hpkpPolicy.status details.hpkpPolicy.pins details.hpkpPolicy.matchedPins
#> 1 unknown unknown NULL NULL
#> details.hpkpRoPolicy.status details.hpkpRoPolicy.pins details.hpkpRoPolicy.matchedPins
#> 1 unknown NULL NULL
## [1] '0.1.0.9000'
ssllabs_api_info() %>%
str(1)
## List of 7
## $ engineVersion : chr "1.32.16"
## $ criteriaVersion : chr "2009p"
## $ clientMaxAssessments: int 24
## $ maxAssessments : int 24
## $ currentAssessments : int 0
## $ newAssessmentCoolOff: int 1000
## $ messages : chr "This assessment service is provided free of charge by Qualys SSL Labs, subject to our terms and conditions: htt"| __truncated__
get_status_codes() %>%
str(2)
## List of 1
## $ statusDetails:List of 58
## ..$ TESTING_STRICT_RI : chr "Testing Strict Renegotiation"
## ..$ TESTING_PROTOCOL_INTOLERANCE_304: chr "Testing Protocol Intolerance (TLS 1.3)"
## ..$ TESTING_HANDSHAKE_SIMULATION : chr "Simulating handshakes"
## ..$ TESTING_CVE_2014_0224 : chr "Testing CVE-2014-0224"
## ..$ TESTING_PROTO_3_2_V2H : chr "Testing TLS 1.1 (v2 handshake)"
## ..$ TESTING_HEARTBLEED : chr "Testing Heartbleed"
## ..$ TESTING_RENEGOTIATION : chr "Testing renegotiation"
## ..$ TESTING_PROTOCOL_INTOLERANCE_300: chr "Testing Protocol Intolerance (SSL 3.0)"
## ..$ TESTING_ECDHE_PARAMETER_REUSE : chr "Testing ECDHE parameter reuse"
## ..$ TESTING_SUITES_BULK : chr "Bulk-testing less common cipher suites"
## ..$ TESTING_PROTO_3_1_V2H : chr "Testing TLS 1.0 (v2 handshake)"
## ..$ TESTING_PROTOCOL_INTOLERANCE_301: chr "Testing Protocol Intolerance (TLS 1.0)"
## ..$ TESTING_PROTOCOL_INTOLERANCE_302: chr "Testing Protocol Intolerance (TLS 1.1)"
## ..$ BUILDING_TRUST_PATHS : chr "Building trust paths"
## ..$ TESTING_PROTOCOL_INTOLERANCE_303: chr "Testing Protocol Intolerance (TLS 1.2)"
## ..$ TESTING_PROTO_3_0 : chr "Testing SSL 3.0"
## ..$ TESTING_DROWN : chr "Testing for DROWN"
## ..$ TESTING_PROTO_3_1 : chr "Testing TLS 1.0"
## ..$ TESTING_PROTO_3_3_V2H : chr "Testing TLS 1.1 (v2 handshake)"
## ..$ TESTING_SUITE_PREFERENCE : chr "Determining cipher suite preference"
## ..$ TESTING_TLS_VERSION_INTOLERANCE : chr "Testing TLS version intolerance"
## ..$ VALIDATING_TRUST_PATHS : chr "Validating trust paths"
## ..$ TESTING_LONG_HANDSHAKE : chr "Testing Long Handshake (might take a while)"
## ..$ TESTING_SUITES_DEPRECATED : chr "Testing deprecated cipher suites"
## ..$ TESTING_TICKETBLEED : chr "Testing Ticketbleed"
## ..$ RETRIEVING_CERT_V3__SNI_APEX : chr "Retrieving certificate"
## ..$ TESTING_SESSION_TICKETS : chr "Testing Session Ticket support"
## ..$ TESTING_PROTO_3_4 : chr "Testing TLS 1.3"
## ..$ TESTING_PROTOCOL_INTOLERANCE_499: chr "Testing Protocol Intolerance (TLS 2.152)"
## ..$ TESTING_PROTO_3_2 : chr "Testing TLS 1.1"
## ..$ TESTING_PROTO_3_3 : chr "Testing TLS 1.2"
## ..$ RETRIEVING_CERT_V3__SNI_WWW : chr "Retrieving certificate"
## ..$ TESTING_SUITES_NO_SNI : chr "Observed extra suites during simulation, Testing cipher suites without SNI support"
## ..$ TESTING_CAPABILITIES : chr "Determining server capabilities"
## ..$ TESTING_EXTENSION_INTOLERANCE : chr "Testing Extension Intolerance (might take a while)"
## ..$ TESTING_EC_NAMED_CURVES : chr "Determining supported named groups"
## ..$ TESTING_NPN : chr "Testing NPN"
## ..$ TESTING_POODLE_TLS : chr "Testing POODLE against TLS"
## ..$ CHECKING_REVOCATION : chr "Checking for revoked certificates"
## ..$ TESTING_BEAST : chr "Testing for BEAST"
## ..$ TESTING_COMPRESSION : chr "Testing compression"
## ..$ RETRIEVING_CERT_V3__NO_SNI : chr "Retrieving certificate"
## ..$ RETRIEVING_CERT_TLS13 : chr "Retrieving certificate"
## ..$ TESTING_PROTO_2_0 : chr "Testing SSL 2.0"
## ..$ TESTING_ALPN : chr "Determining supported ALPN protocols"
## ..$ TESTING_OCSP_STAPLING_PRIME : chr "Trying to prime OCSP stapling"
## ..$ TESTING_SESSION_RESUMPTION : chr "Testing session resumption"
## ..$ TESTING_OCSP_STAPLING : chr "Testing OCSP stapling"
## ..$ TESTING_PROTOCOL_INTOLERANCE_399: chr "Testing Protocol Intolerance (TLS 1.152)"
## ..$ TESTING_STRICT_SNI : chr "Testing Strict SNI"
## ..$ TESTING_HTTPS : chr "Sending one complete HTTPS request"
## ..$ PREPARING_REPORT : chr "Preparing the report"
## ..$ TESTING_SSL2_SUITES : chr "Checking if SSL 2.0 has any ciphers enabled"
## ..$ TESTING_SUITES : chr "Determining available cipher suites"
## ..$ TESTING_CVE_2016_2107 : chr "Testing CVE-2016-2107"
## ..$ TESTING_PROTO_3_0_V2H : chr "Testing SSL 3.0 (v2 handshake)"
## ..$ TESTING_V2H_HANDSHAKE : chr "Testing v2 handshake"
## ..$ TESTING_BLEICHENBACHER : chr "Testing Bleichenbacher"
get_root_certs_raw() %>%
str(1)
## List of 8
## $ subject : chr "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"
## $ issuer : chr "CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB"
## $ algorithm : chr "sha1WithRSAEncryption"
## $ signature : raw [1:256] 08 56 fc 02 ...
## $ validity : chr [1:2] "Jan 1 00:00:00 2004 GMT" "Dec 31 23:59:59 2028 GMT"
## $ self_signed: logi TRUE
## $ alt_names : NULL
## $ pubkey :List of 5
analyze_site("rud.is") %>%
str(2)
## List of 10
## $ host : chr "rud.is"
## $ port : int 443
## $ protocol : chr "HTTP"
## $ isPublic : logi FALSE
## $ status : chr "READY"
## $ startTime : num 1.55e+12
## $ testTime : num 1.55e+12
## $ engineVersion : chr "1.32.16"
## $ criteriaVersion: chr "2009p"
## $ endpoints :'data.frame': 2 obs. of 96 variables:
## ..$ ipAddress : chr [1:2] "2602:ff16:3:0:0:0:4dfb:9ac5" "172.93.49.183"
## ..$ statusMessage : chr [1:2] "Ready" "Ready"
## ..$ grade : chr [1:2] "A+" "A+"
## ..$ gradeTrustIgnored : chr [1:2] "A+" "A+"
## ..$ hasWarnings : logi [1:2] FALSE FALSE
## ..$ isExceptional : logi [1:2] TRUE TRUE
## ..$ progress : int [1:2] 100 100
## ..$ duration : int [1:2] 41233 40519
## ..$ eta : int [1:2] 6 3
## ..$ delegation : int [1:2] 1 1
## ..$ details.hostStartTime : num [1:2] 1.55e+12 1.55e+12
## ..$ details.protocols :List of 2
## ..$ details.serverSignature : chr [1:2] "nginx/1.15.9" "nginx/1.15.9"
## ..$ details.prefixDelegation : logi [1:2] FALSE FALSE
## ..$ details.nonPrefixDelegation : logi [1:2] TRUE TRUE
## ..$ details.vulnBeast : logi [1:2] FALSE FALSE
## ..$ details.stsStatus : chr [1:2] "present" "present"
## ..$ details.stsResponseHeader : chr [1:2] "max-age=31536000; includeSubDomains; preload" "max-age=31536000; includeSubDomains; preload"
## ..$ details.stsMaxAge : int [1:2] 31536000 31536000
## ..$ details.stsSubdomains : logi [1:2] TRUE TRUE
## ..$ details.stsPreload : logi [1:2] TRUE TRUE
## ..$ details.sessionResumption : int [1:2] 2 2
## ..$ details.compressionMethods : int [1:2] 0 0
## ..$ details.supportsNpn : logi [1:2] TRUE TRUE
## ..$ details.npnProtocols : chr [1:2] "h2 http/1.1" "h2 http/1.1"
## ..$ details.supportsAlpn : logi [1:2] TRUE TRUE
## ..$ details.sessionTickets : int [1:2] 0 0
## ..$ details.ocspStapling : logi [1:2] TRUE TRUE
## ..$ details.staplingRevocationStatus : int [1:2] 2 2
## ..$ details.sniRequired : logi [1:2] TRUE TRUE
## ..$ details.httpStatusCode : int [1:2] 200 200
## ..$ details.supportsRc4 : logi [1:2] FALSE FALSE
## ..$ details.rc4WithModern : logi [1:2] FALSE FALSE
## ..$ details.rc4Only : logi [1:2] FALSE FALSE
## ..$ details.forwardSecrecy : int [1:2] 4 4
## ..$ details.protocolIntolerance : int [1:2] 0 0
## ..$ details.miscIntolerance : int [1:2] 0 0
## ..$ details.heartbleed : logi [1:2] FALSE FALSE
## ..$ details.heartbeat : logi [1:2] TRUE TRUE
## ..$ details.openSslCcs : int [1:2] 1 1
## ..$ details.openSSLLuckyMinus20 : int [1:2] 1 1
## ..$ details.poodle : logi [1:2] FALSE FALSE
## ..$ details.poodleTls : int [1:2] 1 1
## ..$ details.freak : logi [1:2] FALSE FALSE
## ..$ details.hasSct : int [1:2] 1 1
## ..$ details.logjam : logi [1:2] FALSE FALSE
## ..$ details.hstsPreloads :List of 2
## ..$ details.drownHosts :List of 2
## ..$ details.drownErrors : logi [1:2] FALSE FALSE
## ..$ details.drownVulnerable : logi [1:2] FALSE FALSE
## ..$ details.key.size : int [1:2] 2048 2048
## ..$ details.key.alg : chr [1:2] "RSA" "RSA"
## ..$ details.key.debianFlaw : logi [1:2] FALSE FALSE
## ..$ details.key.strength : int [1:2] 2048 2048
## ..$ details.cert.subject : chr [1:2] "CN=rud.is" "CN=rud.is"
## ..$ details.cert.commonNames :List of 2
## ..$ details.cert.altNames :List of 2
## ..$ details.cert.notBefore : num [1:2] 1.55e+12 1.55e+12
## ..$ details.cert.notAfter : num [1:2] 1.56e+12 1.56e+12
## ..$ details.cert.issuerSubject : chr [1:2] "CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US" "CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US"
## ..$ details.cert.issuerLabel : chr [1:2] "Let's Encrypt Authority X3" "Let's Encrypt Authority X3"
## ..$ details.cert.sigAlg : chr [1:2] "SHA256withRSA" "SHA256withRSA"
## ..$ details.cert.revocationInfo : int [1:2] 2 2
## ..$ details.cert.crlURIs :List of 2
## ..$ details.cert.ocspURIs :List of 2
## ..$ details.cert.revocationStatus : int [1:2] 2 2
## ..$ details.cert.crlRevocationStatus : int [1:2] 4 4
## ..$ details.cert.ocspRevocationStatus : int [1:2] 2 2
## ..$ details.cert.sgc : int [1:2] 0 0
## ..$ details.cert.issues : int [1:2] 0 0
## ..$ details.cert.sct : logi [1:2] TRUE TRUE
## ..$ details.cert.mustStaple : int [1:2] 0 0
## ..$ details.cert.sha1Hash : chr [1:2] "11ddb41c60593c77c93c32da72dd6d10f3c017f7" "11ddb41c60593c77c93c32da72dd6d10f3c017f7"
## ..$ details.cert.pinSha256 : chr [1:2] "zx1eDaN0/w/ZvtwQW5wPWUunFkSGQ6Fp8uOOh4Qn85A=" "zx1eDaN0/w/ZvtwQW5wPWUunFkSGQ6Fp8uOOh4Qn85A="
## ..$ details.chain.certs :List of 2
## ..$ details.chain.issues : int [1:2] 0 0
## ..$ details.suites.list :List of 2
## ..$ details.suites.preference : logi [1:2] TRUE TRUE
## ..$ details.sims.results :List of 2
## ..$ details.hstsPolicy.LONG_MAX_AGE : int [1:2] 15552000 15552000
## ..$ details.hstsPolicy.header : chr [1:2] "max-age=31536000; includeSubDomains; preload" "max-age=31536000; includeSubDomains; preload"
## ..$ details.hstsPolicy.status : chr [1:2] "present" "present"
## ..$ details.hstsPolicy.maxAge : int [1:2] 31536000 31536000
## ..$ details.hstsPolicy.includeSubDomains : logi [1:2] TRUE TRUE
## ..$ details.hstsPolicy.preload : logi [1:2] TRUE TRUE
## ..$ details.hstsPolicy.directives.includesubdomains: chr [1:2] "" ""
## ..$ details.hstsPolicy.directives.max-age : chr [1:2] "31536000" "31536000"
## ..$ details.hstsPolicy.directives.preload : chr [1:2] "" ""
## ..$ details.hpkpPolicy.status : chr [1:2] "absent" "absent"
## ..$ details.hpkpPolicy.pins :List of 2
## ..$ details.hpkpPolicy.matchedPins :List of 2
## ..$ details.hpkpPolicy.directives :List of 2
## ..$ details.hpkpRoPolicy.status : chr [1:2] "absent" "absent"
## ..$ details.hpkpRoPolicy.pins :List of 2
## ..$ details.hpkpRoPolicy.matchedPins :List of 2
## ..$ details.hpkpRoPolicy.directives :List of 2
```
### Test Results
## `ssllabs` Metrics
``` r
library(ssllabs)
library(testthat)
date()
#> [1] "Sat Jun 4 23:15:12 2016"
test_dir("tests/")
#> testthat results ========================================================================================================
#> OK: 0 SKIPPED: 0 FAILED: 0
#>
#> DONE ===================================================================================================================
```
| Lang | \# Files | (%) | LoC | (%) | Blank lines | (%) | \# Lines | (%) |
| :--- | -------: | --: | --: | --: | ----------: | ---: | -------: | ---: |
| R | 9 | 0.9 | 49 | 0.7 | 9 | 0.28 | 131 | 0.79 |
| Rmd | 1 | 0.1 | 21 | 0.3 | 23 | 0.72 | 34 | 0.21 |
### Code of Conduct
## Code of Conduct
Please note that this project is released with a [Contributor Code of Conduct](CONDUCT.md). By participating in this project you agree to abide by its terms.
Please note that this project is released with a [Contributor Code of
Conduct](CONDUCT.md). By participating in this project you agree to
abide by its terms.

15
man/analyze_site.Rd
View File

@ -4,8 +4,9 @@
\alias{analyze_site}
\title{Invoke assessment and check progress}
\usage{
analyze_site(host, publish = "off", start_new = NULL, from_cache = "off",
max_age = NULL, all = "on", ignore_mismatch = "off")
analyze_site(host, publish = "off", start_new = NULL,
from_cache = "off", max_age = NULL, all = "on",
ignore_mismatch = "off")
}
\arguments{
\item{host}{hostname; required.}
@ -43,10 +44,14 @@ in progress or in the cache. It will return a single Host object on success. The
Endpoint object embedded in the Host object will provide partial endpoint results.
Please note that assessments of individual endpoints can fail even when the overall
assessment is successful (e.g., one server might be down). At this time, you can
determine the success of an endpoint assessment by checking the statusMessage field;
determine the success of an endpoint assessment by checking the \code{statusMessage} field;
it should contain "Ready".
}
\examples{
\dontrun{
analyze_site(host = "www.ssllabs.com", from_cache = TRUE)
}
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
}

10
man/get_endpoint_data.Rd
View File

@ -4,7 +4,7 @@
\alias{get_endpoint_data}
\title{Retrieve detailed endpoint information}
\usage{
get_endpoint_data(host, ip, from_cache = "off")
get_endpoint_data(host, ip, from_cache = FALSE)
}
\arguments{
\item{host}{hostname; required.}
@ -12,7 +12,7 @@ get_endpoint_data(host, ip, from_cache = "off")
\item{ip}{endpoint IP address}
\item{from_cache}{always deliver cached assessment reports if available; optional,
defaults to "off". This parameter is intended for API consumers that
defaults to \code{FALSE}. This parameter is intended for API consumers that
don't want to wait for assessment results. Can't be used at the same
time as the start_new parameter.}
}
@ -22,7 +22,9 @@ Endpoint object on success. The object will contain complete assessment informat
This API call does not initiate new assessments, even when a cached report is not
found.
}
\examples{
get_endpoint_data("www.ssllabs.com", "64.41.200.100", TRUE)
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
}

24
man/get_root_certs.Rd
View File

@ -0,0 +1,24 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/root.r
\name{get_root_certs}
\alias{get_root_certs}
\title{Retrieve root certificates}
\usage{
get_root_certs(trust_store = c("moz", "apple", "android", "java", "ms"))
}
\arguments{
\item{trust_store}{one of "\code{moz}" (Mozilla), "\code{apple}", "\code{android}", "\code{java}", "\code{ms}" (Windows)}
}
\value{
\code{list} of \code{openssl}-parsed certificates
}
\description{
This call returns the latest root certificates(Mozilla, Apple MacOS, Android,
Java and Windows) used for trust validation
}
\examples{
get_root_certs()
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
}

15
man/get_root_certs_raw.Rd
View File

@ -1,15 +0,0 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/root.r
\name{get_root_certs_raw}
\alias{get_root_certs_raw}
\title{Retrieve root certificates}
\usage{
get_root_certs_raw()
}
\description{
This call returns the root certificates used for trust validation.
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
}

15
man/get_status_codes.Rd
View File

@ -1,15 +0,0 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/status.r
\name{get_status_codes}
\alias{get_status_codes}
\title{Retrieve known status codes}
\usage{
get_status_codes()
}
\description{
This call will return one StatusCodes instance.
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
}

12
man/pipe.Rd
View File

@ -0,0 +1,12 @@
% Generated by roxygen2: do not edit by hand
% Please edit documentation in R/utils-pipe.R
\name{\%>\%}
\alias{\%>\%}
\title{Pipe operator}
\usage{
lhs \%>\% rhs
}
\description{
See \code{magrittr::\link[magrittr]{\%>\%}} for details.
}
\keyword{internal}

17
man/ssllabs.Rd
View File

@ -4,8 +4,8 @@
\name{ssllabs}
\alias{ssllabs}
\alias{ssllabs-package}
\title{Tools to Work with the `SSL Labs` `API`
\title{Interrogate SSL Certificate Configuration Efficacy via 'ssllabs' API}
\description{
SSL Labs APIs are provided free of charge, subject to our terms and conditions:
\url{https://www.ssllabs.com/about/terms.html}. The spirit of the license is that the
APIs are made available so that system operators can test their own infrastructure.
@ -13,7 +13,8 @@ Please read the actual terms and conditions, which are more involved and cover t
such as integrating with open source projects, and so on. For example, it's important
(for reasons of privacy, compliance, etc.) for end users to understand that assessments
are carried out by Qualys's servers, not locally.
}
\details{
Commercial use is generally not allowed, except with an explicit permission from Qualys.
That said, we're usually happy to support good causes, even uses by commercial
organizations that help improve the security of their customers. If you're a CA, CDN,
@ -46,8 +47,12 @@ to be in. If you encounter it, take a break and come back later.
All successful API calls contain response headers X-Max-Assessments and
X-Current-Assessments. They can be used to calculate how many new assessments can be
submitted. It is recommended that clients update their internal state after each
complete response.}
complete response.
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
}
\author{
Bob Rudis (@hrbrmstr)
Bob Rudis (bob@rud.is)
}
\keyword{internal}

6
man/ssllabs_api_info.Rd
View File

@ -11,7 +11,9 @@ This call should be used to check the availability of the SSL Labs servers, retr
the engine and criteria version, and initialize the maximum number of concurrent
assessments. Returns one Info object on success.
}
\examples{
ssllabs_api_info()
}
\references{
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs.md}
\url{https://github.com/ssllabs/ssllabs-scan/blob/stable/ssllabs-api-docs-v3.md}
}

14
ssllabs.Rproj
View File

@ -5,21 +5,19 @@ SaveWorkspace: No
AlwaysSaveHistory: Default
EnableCodeIndexing: Yes
UseSpacesForTab: Yes
NumSpacesForTab: 2
Encoding: UTF-8
RnwWeave: Sweave
LaTeX: pdfLaTeX
AutoAppendNewline: Yes
StripTrailingWhitespace: Yes
BuildType: Package
PackageUseDevtools: Yes
PackageInstallArgs: --no-multiarch --with-keep.source
PackageRoxygenize: rd,collate,namespace
UseSpacesForTab: Yes
NumSpacesForTab: 2
RnwWeave: Sweave
LaTeX: pdfLaTeX
PackageBuildArgs: --resave-data
PackageCheckArgs: --as-cran
PackageRoxygenize: rd,collate,namespace

17
tests/testthat/test-ssllabs.R
View File

@ -1,6 +1,15 @@
context("basic functionality")
test_that("we can do something", {
context("API coverage")
#expect_that(some_function(), is_a("data.frame"))
expect_true("engineVersion" %in% names(ssllabs_api_info()))
})
x <- get_root_certs()
expect(length(x) > 0)
expect_is(x[[1]], "cert")
x <- get_endpoint_data("www.ssllabs.com", "64.41.200.100", TRUE)
expect(length(x) > 0)
expect_equal(x$ipAddress, "64.41.200.100")
x <- analyze_site(host = "www.ssllabs.com", from_cache = TRUE)
expect(length(x) > 0)
expect_true(grepl("A", x$endpoints$grade[1]))

Write Preview
Loading…
Cancel
Save