-
Notifications
You must be signed in to change notification settings - Fork 103
/
Copy pathconnection.rb
137 lines (125 loc) · 4.1 KB
/
connection.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
module Nexpose
# Object that represents a connection to a Nexpose Security Console.
#
# === Examples
# # Create a new Nexpose::Connection on the default port
# nsc = Connection.new('10.1.40.10', 'nxadmin', 'password')
#
# # Create a new Nexpose::Connection from a URI or "URI" String
# nsc = Connection.from_uri('https://10.1.40.10:3780', 'nxadmin', 'password')
#
# # Login to NSC and Establish a Session ID
# nsc.login
#
# # Check Session ID
# if nsc.session_id
# puts 'Login Successful'
# else
# puts 'Login Failure'
# end
#
# # Logout
# logout_success = nsc.logout
#
class Connection
include XMLUtils
# Session ID of this connection
attr_reader :session_id
# The hostname or IP Address of the NSC
attr_reader :host
# The port of the NSC (default is 3780)
attr_reader :port
# The username used to login to the NSC
attr_reader :username
# The password used to login to the NSC
attr_reader :password
# The URL for communication
attr_reader :url
# The token used to login to the NSC
attr_reader :token
# The last XML request sent by this object, useful for debugging.
attr_reader :request_xml
# The last XML response received by this object, useful for debugging.
attr_reader :response_xml
# The trust store to validate connections against if any
attr_reader :trust_store
# A constructor to load a Connection object from a URI
def self.from_uri(uri, user, pass, silo_id = nil, token = nil)
uri = URI.parse(uri)
new(uri.host, user, pass, uri.port, silo_id, token, nil)
end
# A constructor for Connection
def initialize(ip, user, pass, port = 3780, silo_id = nil, token = nil, trust_cert = nil)
@host = ip
@port = port
@username = user
@password = pass
@token = token
@silo_id = silo_id
unless trust_cert.nil?
@trust_store = create_trust_store(trust_cert)
end
@session_id = nil
@url = "https://#{@host}:#{@port}/api/API_VERSION/xml"
end
# Establish a new connection and Session ID
def login
begin
login_hash = {'sync-id' => 0, 'password' => @password, 'user-id' => @username, 'token' => @token}
login_hash['silo-id'] = @silo_id if @silo_id
r = execute(make_xml('LoginRequest', login_hash))
if r.success
@session_id = r.sid
true
end
rescue APIError
raise AuthenticationFailed.new(r)
end
end
# Logout of the current connection
def logout
r = execute(make_xml('LogoutRequest', {'sync-id' => 0}))
return true if r.success
raise APIError.new(r, 'Logout failed')
end
# Execute an API request
def execute(xml, version = '1.1', options = {})
@request_xml = xml.to_s
@api_version = version
response = APIRequest.execute(@url, @request_xml, @trust_store, @api_version, options)
@response_xml = response.raw_response_data
response
end
# Download a specific URL, typically a report.
# Include an optional file_name parameter to write the output to a file.
#
# Note: XML and HTML reports have charts not downloaded by this method.
# Would need to do something more sophisticated to grab
# all the associated image files.
def download(url, file_name = nil)
return nil if url.nil? or url.empty?
uri = URI.parse(url)
http = Net::HTTP.new(@host, @port)
http.use_ssl = true
if @trust_store.nil?
http.verify_mode = OpenSSL::SSL::VERIFY_NONE # XXX: security issue
else
http.cert_store = @trust_store
end
headers = {'Cookie' => "nexposeCCSessionID=#{@session_id}"}
resp = http.get(uri.to_s, headers)
if file_name
::File.open(file_name, 'wb') { |file| file.write(resp.body) }
else
resp.body
end
end
def create_trust_store(trust_cert)
store = OpenSSL::X509::Store.new
store.trust
store.add_cert(OpenSSL::X509::Certificate.new(trust_cert))
store
end
private :create_trust_store
end
end