certstore_c 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/example/manage_certstore.rb +13 -0
- data/ext/certstore/certstore.h +1 -0
- data/ext/certstore/certstore_util.c +22 -0
- data/ext/certstore/loader.c +44 -8
- data/lib/certstore/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: '0910066063e5a1d4bbfeb144a111b6c14f663959aa52eef2e3eed7fa0b024d41'
|
4
|
+
data.tar.gz: b964fbfaa33f0a75cbc3df611fa7ea141870f8a2cf5791d4ffa2264067df0567
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 5403938369f1e51832e2b299bbb08df72efb5fc7f676b17a92bb7c63836a402480503311b26ed409a07cf4ba2ca5400492c2333b79662cdb47389b4d3971d85d
|
7
|
+
data.tar.gz: c04387a545822a2af1c9a6fb1ff2d49dbc92a0eb09cd71e335a320754e7f4418fdc8c715475a951f27eab65d18248e0417b6367e8341a758487896e028fe3b5e
|
@@ -0,0 +1,13 @@
|
|
1
|
+
require 'socket'
|
2
|
+
require 'openssl'
|
3
|
+
require 'certstore'
|
4
|
+
|
5
|
+
cert_store = OpenSSL::X509::Store.new
|
6
|
+
loader = Certstore::OpenSSL::Loader.new(cert_store, "Trust", enterprise: true)
|
7
|
+
|
8
|
+
File.open(File.join(__dir__, "..", "./test/data/ca_cert.pem")) do |file|
|
9
|
+
x509_obj = OpenSSL::X509::Certificate.new(file.read)
|
10
|
+
thumbprint = OpenSSL::Digest::SHA1.new(x509_obj.to_der).to_s
|
11
|
+
loader.add_certificate(file)
|
12
|
+
loader.delete_certificate(thumbprint)
|
13
|
+
end
|
data/ext/certstore/certstore.h
CHANGED
@@ -21,3 +21,25 @@ wstr_to_mbstr(UINT cp, const WCHAR *wstr, int clen)
|
|
21
21
|
|
22
22
|
return ptr;
|
23
23
|
}
|
24
|
+
|
25
|
+
TCHAR*
|
26
|
+
handle_error_code(VALUE self, DWORD errCode)
|
27
|
+
{
|
28
|
+
DWORD ret;
|
29
|
+
static TCHAR buffer[1024];
|
30
|
+
|
31
|
+
ret = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
|
32
|
+
NULL,
|
33
|
+
errCode,
|
34
|
+
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
35
|
+
buffer,
|
36
|
+
sizeof(buffer)/sizeof(buffer[0]),
|
37
|
+
NULL);
|
38
|
+
|
39
|
+
if (ret) {
|
40
|
+
rb_ivar_set(self, rb_intern("@error_code"), INT2NUM(errCode));
|
41
|
+
rb_ivar_set(self, rb_intern("@error_message"), rb_utf8_str_new_cstr(buffer));
|
42
|
+
}
|
43
|
+
|
44
|
+
return buffer;
|
45
|
+
}
|
data/ext/certstore/loader.c
CHANGED
@@ -10,6 +10,7 @@
|
|
10
10
|
/* limitations under the License. */
|
11
11
|
|
12
12
|
#include <certstore.h>
|
13
|
+
#include <tchar.h>
|
13
14
|
|
14
15
|
static void certstore_loader_free(void *certstore);
|
15
16
|
|
@@ -48,6 +49,10 @@ rb_win_certstore_loader_initialize(VALUE self, VALUE store_name, VALUE use_enter
|
|
48
49
|
VALUE vStoreName;
|
49
50
|
struct CertstoreLoader *loader;
|
50
51
|
DWORD len;
|
52
|
+
DWORD errCode;
|
53
|
+
TCHAR buffer[1024];
|
54
|
+
TCHAR errBuffer[1132];
|
55
|
+
DWORD ret;
|
51
56
|
|
52
57
|
Check_Type(store_name, T_STRING);
|
53
58
|
|
@@ -63,6 +68,32 @@ rb_win_certstore_loader_initialize(VALUE self, VALUE store_name, VALUE use_enter
|
|
63
68
|
loader->hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE, winStoreName);
|
64
69
|
} else {
|
65
70
|
loader->hStore = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, 0, CERT_SYSTEM_STORE_LOCAL_MACHINE, winStoreName);
|
71
|
+
}
|
72
|
+
errCode = GetLastError();
|
73
|
+
switch (errCode) {
|
74
|
+
case ERROR_SUCCESS:
|
75
|
+
break;
|
76
|
+
case ERROR_ACCESS_DENIED: {
|
77
|
+
ALLOCV_END(vStoreName);
|
78
|
+
ret = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,
|
79
|
+
NULL,
|
80
|
+
errCode,
|
81
|
+
MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),
|
82
|
+
buffer,
|
83
|
+
sizeof(buffer)/sizeof(buffer[0]),
|
84
|
+
NULL);
|
85
|
+
if (ret) {
|
86
|
+
_snprintf_s(errBuffer, 1024, _TRUNCATE,
|
87
|
+
"cannot access specified logical store. Perhaps you should do as an administrator. ErrorCode: %d, Message: %s",
|
88
|
+
errCode,
|
89
|
+
buffer);
|
90
|
+
rb_raise(rb_eCertLoaderError, errBuffer);
|
91
|
+
}
|
92
|
+
}
|
93
|
+
default: {
|
94
|
+
handle_error_code(self, errCode);
|
95
|
+
}
|
96
|
+
|
66
97
|
}
|
67
98
|
ALLOCV_END(vStoreName);
|
68
99
|
|
@@ -101,8 +132,9 @@ certificate_context_to_string(PCCERT_CONTEXT pContext)
|
|
101
132
|
certificate = malloc(sizeof(CHAR) * (strlen(utf8str) + strlen(certHeader) + strlen(certFooter)));
|
102
133
|
sprintf(certificate, "%s%s%s", certHeader, utf8str, certFooter);
|
103
134
|
|
104
|
-
|
105
|
-
|
135
|
+
errCode = GetLastError();
|
136
|
+
if (ERROR_SUCCESS != errCode && CRYPT_E_NOT_FOUND != errCode) {
|
137
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "ErrorCode(%d)", errCode);
|
106
138
|
|
107
139
|
goto error;
|
108
140
|
}
|
@@ -216,7 +248,7 @@ error:
|
|
216
248
|
|
217
249
|
CertFreeCertificateContext(pContext);
|
218
250
|
|
219
|
-
|
251
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot find certificates with thumbprint(%S)", winThumbprint);
|
220
252
|
rb_raise(rb_eCertLoaderError, errBuf);
|
221
253
|
}
|
222
254
|
|
@@ -240,9 +272,10 @@ rb_win_certstore_loader_add_certificate(VALUE self, VALUE rb_der_cert_bin_str)
|
|
240
272
|
|
241
273
|
switch (errCode){
|
242
274
|
case CRYPT_E_EXISTS:
|
275
|
+
handle_error_code(self, errCode);
|
243
276
|
return Qfalse;
|
244
277
|
default: {
|
245
|
-
|
278
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot add certificates. ErrorCode: %d", errCode);
|
246
279
|
goto error;
|
247
280
|
|
248
281
|
}
|
@@ -306,7 +339,7 @@ error:
|
|
306
339
|
|
307
340
|
CertFreeCertificateContext(pContext);
|
308
341
|
|
309
|
-
|
342
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot find certificates with thumbprint(%S)", winThumbprint);
|
310
343
|
rb_raise(rb_eCertLoaderError, errBuf);
|
311
344
|
}
|
312
345
|
|
@@ -350,7 +383,7 @@ rb_win_certstore_loader_export_pfx(VALUE self, VALUE rb_thumbprint, VALUE rb_pas
|
|
350
383
|
&blob,
|
351
384
|
pContext);
|
352
385
|
if (!pContext) {
|
353
|
-
|
386
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot find certificates with thumbprint(%S)", winThumbprint);
|
354
387
|
|
355
388
|
goto error;
|
356
389
|
}
|
@@ -360,14 +393,14 @@ rb_win_certstore_loader_export_pfx(VALUE self, VALUE rb_thumbprint, VALUE rb_pas
|
|
360
393
|
|
361
394
|
pfxPacket.pbData = NULL;
|
362
395
|
if (!PFXExportCertStoreEx(hMemoryStore, &pfxPacket, winPassword, NULL, EXPORT_PRIVATE_KEYS | REPORT_NO_PRIVATE_KEY | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) {
|
363
|
-
|
396
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot export pfx certificate with thumbprint(%S)", winThumbprint);
|
364
397
|
|
365
398
|
goto error;
|
366
399
|
}
|
367
400
|
|
368
401
|
pfxPacket.pbData = (LPBYTE)CryptMemAlloc(pfxPacket.cbData);
|
369
402
|
if (!PFXExportCertStoreEx(hMemoryStore, &pfxPacket, winPassword, NULL, EXPORT_PRIVATE_KEYS | REPORT_NO_PRIVATE_KEY | REPORT_NOT_ABLE_TO_EXPORT_PRIVATE_KEY)) {
|
370
|
-
|
403
|
+
_snprintf_s(errBuf, 256, _TRUNCATE, "Cannot export pfx certificate with thumbprint(%S)", winThumbprint);
|
371
404
|
|
372
405
|
CryptMemFree(pfxPacket.pbData);
|
373
406
|
|
@@ -409,4 +442,7 @@ Init_certstore_loader(VALUE rb_mCertstore)
|
|
409
442
|
rb_define_method(rb_cCertLoader, "delete_cert", rb_win_certstore_loader_delete_certificate, 1);
|
410
443
|
rb_define_method(rb_cCertLoader, "add_cert", rb_win_certstore_loader_add_certificate, 1);
|
411
444
|
rb_define_method(rb_cCertLoader, "export_pfx", rb_win_certstore_loader_export_pfx, 2);
|
445
|
+
|
446
|
+
rb_ivar_set(rb_cCertLoader, rb_intern("@error_code"), INT2NUM(0));
|
447
|
+
rb_ivar_set(rb_cCertLoader, rb_intern("@error_message"), rb_utf8_str_new_cstr(""));
|
412
448
|
}
|
data/lib/certstore/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: certstore_c
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Hiroshi Hatake
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-09-
|
11
|
+
date: 2019-09-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|
@@ -103,6 +103,7 @@ files:
|
|
103
103
|
- bin/console
|
104
104
|
- bin/setup
|
105
105
|
- certstore_c.gemspec
|
106
|
+
- example/manage_certstore.rb
|
106
107
|
- example/open_tls_socket.rb
|
107
108
|
- ext/certstore/certstore.c
|
108
109
|
- ext/certstore/certstore.h
|