icsp 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5f813acb3d0e89f89f936b73e81f414916ce2c18e7cd88b5e64ee1f87c6d3da1
+  data.tar.gz: fd0068b0ac9eaaa50effa685dd1b838fc9fc2e3ab82abb6ec5ba3931b95d0b69
+SHA512:
+  metadata.gz: a2f2b36acc25f7eca2ff29831aa8f6488c8678624cdfa82301945fa0156e391a72e34d2b3d2bd6d4da9e3a1f22c414618acf15a2096f68cc813fa99a50d10e0f
+  data.tar.gz: 9ea0e971e15a6d53137f2b028decedc1dabffe9acab64b91237f36fc89cd049050cbc24f887efd0532b7080e9a57987e86ee11239f7061e0abe40037b580ea9e

data/.gitignore

@@ -0,0 +1,14 @@
+/.bundle/
+/.yardoc
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+
+# rspec failure tracking
+.rspec_status
+
+.idea
+.env

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.rubocop.yml

@@ -0,0 +1,2 @@
+Style/Documentation:
+  Enabled: false

data/.ruby-version

@@ -0,0 +1 @@
+2.7.6

data/Gemfile

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+source 'https://rubygems.org'
+
+gemspec
+
+gem 'rake', '~> 12.0'
+gem 'rspec', '~> 3.0'
+
+group :development, :test do
+  gem 'rubocop', '~> 1.18', require: false
+end

data/Gemfile.lock

@@ -0,0 +1,73 @@
+PATH
+  remote: .
+  specs:
+    icsp (0.1.0)
+      os (~> 1.1)
+      tty-prompt (~> 0.23.1)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    ast (2.4.2)
+    diff-lcs (1.5.0)
+    os (1.1.1)
+    parallel (1.20.1)
+    parser (3.0.2.0)
+      ast (~> 2.4.1)
+    pastel (0.8.0)
+      tty-color (~> 0.5)
+    rainbow (3.0.0)
+    rake (12.3.3)
+    regexp_parser (2.1.1)
+    rexml (3.2.5)
+    rspec (3.12.0)
+      rspec-core (~> 3.12.0)
+      rspec-expectations (~> 3.12.0)
+      rspec-mocks (~> 3.12.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.12.0)
+    rspec-support (3.12.0)
+    rubocop (1.18.3)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.7.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.8.0)
+      parser (>= 3.0.1.1)
+    ruby-progressbar (1.11.0)
+    tty-color (0.6.0)
+    tty-cursor (0.7.1)
+    tty-prompt (0.23.1)
+      pastel (~> 0.8)
+      tty-reader (~> 0.8)
+    tty-reader (0.9.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.8)
+      wisper (~> 2.0)
+    tty-screen (0.8.1)
+    unicode-display_width (2.0.0)
+    wisper (2.0.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  icsp!
+  os (~> 1.1)
+  rake (~> 12.0)
+  rspec (~> 3.0)
+  rubocop (~> 1.18)
+  tty-prompt (~> 0.23.1)
+
+BUNDLED WITH
+   2.1.4

data/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Denis Semenenko
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,68 @@
+# iCSP
+
+An interactive CryptoPro CSP shell that tries to imitate its GUI counterpart on the Windows platform. 
+Built for macOS and Linux daily use by wrapping a set of CryptoPro CLI tools: cryptcp, certmgr, csptest, cpconfig, etc.
+
+The project goal is only to simplify my daily life with CryptoPro CSP on *nix systems.
+Not everything is polished. Feel free to submit a PR if you need to add extra commands/options or fix bugs.
+
+See:
+* https://www.cryptopro.ru/products/other/cryptcp
+* https://www.cryptopro.ru/sites/default/files/products/cryptcp/cryptcp_5.0.x.pdf
+* https://www.cryptopro.ru/sites/default/files/docs/certmgr.pdf
+
+## Usage
+
+Management commands:
+
+* certificate — Manage certificates
+  * list
+  * view
+  * install
+  * delete
+
+* container — Manage containers
+  * list
+  * check
+  
+* hardware — Manage hardware
+  * list — Review of the installed readers, generators of random numbers and media
+  
+* license — Manage licenses
+  * view — View license
+  * set — Set license
+
+CSP commands:
+
+* create_signature
+* verify_signature
+* create_hash
+* verify_hash
+* encrypt_file
+* decrypt_file
+
+
+## Examples
+
+List all key containers
+
+```bash
+icsp container list
+```
+
+Create a signature for the file
+
+```bash
+icsp create_signature document.txt
+```
+
+## Configuration
+
+ICSP is configured by ENV variables
+
+* `CSP_PATH` allows to override default CryptoPro CSP path. Default is `/opt/cprocsp`.
+* `LOG_LEVEL` to debug your operations. Default is `warn`. 
+
+## License
+
+[MIT](./LICENSE)

data/Rakefile

@@ -0,0 +1,6 @@
+require 'bundler/gem_tasks'
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec

data/bin/console

@@ -0,0 +1,14 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'csp'
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require 'irb'
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/config/config.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+class Config
+  def initialize
+    @bin = %i[certmgr cryptcp csptest].freeze
+    @sbin = [:cpconfig].freeze
+  end
+
+  def csp_path
+    @csp_path ||= ENV.fetch('CSP_PATH', '/opt/cprocsp')
+  end
+
+  def build_path(binary_name)
+    File.join(csp_path, category_path(binary_name), arch_path, binary_name.to_s)
+  end
+
+  def category_path(binary_name)
+    @sbin.include?(binary_name) ? 'sbin' : 'bin'
+  end
+
+  def arch_path
+    return '' if OS.mac?
+
+    OS.bits == 64 ? 'amd64' : 'ia32'
+  end
+
+  def log_level
+    @log_level ||= ENV.fetch('LOG_LEVEL', 'warn').upcase
+  end
+
+  private
+
+  def method_missing(symbol, *args)
+    if @bin.include?(symbol) || @sbin.include?(symbol)
+      build_path(symbol)
+    else
+      super
+    end
+  end
+
+  def respond_to_missing?(symbol, *args)
+    if @bin.include?(symbol) || @sbin.include?(symbol)
+      true
+    else
+      super
+    end
+  end
+end

data/config/environment.rb

@@ -0,0 +1,11 @@
+# frozen_string_literal: true
+
+module ICSP
+  def self.config
+    @config ||= Config.new
+  end
+
+  def self.logger
+    @logger ||= Logger.new($stdout, level: Object.const_get("Logger::Severity::#{config.log_level}"))
+  end
+end

data/exe/icsp

@@ -0,0 +1,4 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require 'csp'

data/icsp.gemspec

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+require_relative 'lib/csp/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'icsp'
+  spec.version       = ICSP::VERSION
+  spec.authors       = ['Denis Semenenko']
+  spec.email         = ['hypercoderx@gmail.com']
+
+  spec.summary       = 'An interactive CryptoPro CSP shell'
+  spec.description   = 'An interactive CryptoPro CSP shell that tries to imitate its GUI counterpart on the Windows platform.
+Built for macOS and Linux daily use by wrapping a set of CryptoPro CLI tools: cryptcp, certmgr, csptest, cpconfig, etc.'
+  spec.homepage      = 'https://github.com/denblackstache/icsp'
+  spec.license       = 'MIT'
+  spec.required_ruby_version = Gem::Requirement.new('>= 2.7.0')
+
+  spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+
+  spec.metadata['homepage_uri'] = spec.homepage
+  spec.metadata['source_code_uri'] = 'https://github.com/denblackstache/icsp'
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'os', '~> 1.1'
+  spec.add_dependency 'tty-prompt', '~> 0.23.1'
+end

data/lib/commands/base_command.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    class BaseCommand
+      def initialize(config:, options:, arguments:)
+        @config = config
+        @options = options
+        @arguments = arguments
+        @prompt = TTY::Prompt.new
+        ::ICSP.logger.debug('Command initialized with:')
+        ::ICSP.logger.debug("arguments: #{@arguments.inspect}")
+        ::ICSP.logger.debug("options: #{@options.inspect}")
+      end
+
+      attr_reader :config, :options, :arguments, :prompt
+    end
+  end
+end

data/lib/commands/certificate/delete.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Certificate
+      class Delete < ::ICSP::Commands::BaseCommand
+        def certmgr
+          @certmgr ||= @config.certmgr
+        end
+
+        def execute
+          store = prompt.select('Select store:', available_stores)
+          result = ::ICSP::Shell.new("#{certmgr} -delete -store #{store}", fork: false).execute
+          exit(result.exit_code) unless result.ok
+
+          puts result
+        end
+
+        def available_stores
+          %w[uMy root ca]
+        end
+      end
+    end
+  end
+end

data/lib/commands/certificate/install.rb

@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Certificate
+      class Install < ::ICSP::Commands::BaseCommand
+        def certmgr
+          @certmgr ||= @config.certmgr
+        end
+
+        def execute
+          unless options[:file]
+            install_from_container
+            return
+          end
+
+          install_from_file
+        end
+
+        def install_from_container
+          result = ::ICSP::Shell.new("#{certmgr} -inst -cont '#{selected_container}'", convert_to_utf8: false).execute
+          exit(result.exit_code) unless result.ok
+
+          puts result
+        end
+
+        def install_from_file
+          store = prompt.select('Select store:', available_stores)
+          not_crl = prompt.no?('Is it CRL?')
+          result = ::ICSP::Shell.new(
+            "#{certmgr} -inst -file '#{options[:file]}' -store #{store} #{not_crl ? '' : '-crl'}", convert_to_utf8: false
+          ).execute
+          exit(result.exit_code) unless result.ok
+
+          puts result
+        end
+
+        def selected_container
+          ::ICSP::Commands::Container::List.new(config: config, options: options, arguments: arguments).select
+        end
+
+        def available_stores
+          %w[uMy root ca]
+        end
+      end
+    end
+  end
+end

data/lib/commands/certificate/list.rb

@@ -0,0 +1,71 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Certificate
+      class List < ::ICSP::Commands::BaseCommand
+        def certmgr
+          @certmgr ||= @config.certmgr
+        end
+
+        def execute
+          store = prompt.select('Select store:', available_stores)
+          result = ::ICSP::Shell.new("#{certmgr} -list -store #{store}", convert_to_utf8: false).execute
+          exit(result.exit_code) unless result.ok
+
+          result
+        end
+
+        def select
+          list_divider = '============================================================================='
+          i = 1
+          certificate_hash = {}
+          certificates = []
+          divider_count = 0
+          execute.output_lines.each do |line|
+            index_line = "#{i}-------"
+            next_index_line = "#{i + 1}-------"
+            if line == index_line || next_index_line || line == list_divider
+              if line == "#{i}-------"
+                certificate_hash = {}
+                certificate_hash['index'] = i
+                next
+              end
+
+              if line == "#{i + 1}-------"
+                certificates << OpenStruct.new(certificate_hash.dup)
+                i += 1
+                certificate_hash = {}
+                certificate_hash['index'] = i
+              end
+
+              if line == list_divider
+                divider_count += 1
+                break if divider_count == 2
+              end
+            end
+
+            next unless certificate_hash['index']
+
+            attribute = line.split(' : ').map(&:strip)
+            key = attribute.first
+            value = attribute[1..].join(' : ')
+
+            certificate_hash[key] = value if key
+          end
+
+          choices = certificates.map { |certificate| [certificate['Subject'], certificate['SHA1 Hash']] }.to_h
+          @prompt.select('Choose certificate:', choices)
+        end
+
+        def print
+          puts execute
+        end
+
+        def available_stores
+          %w[uMy root ca]
+        end
+      end
+    end
+  end
+end

data/lib/commands/certificate/view.rb

@@ -0,0 +1,16 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Certificate
+      class View < ::ICSP::Commands::BaseCommand
+        def execute
+          result = ::ICSP::Shell.new("openssl x509 -in #{arguments.first} -text -noout -nameopt multiline,-esc_msb,utf8").execute
+          exit(result.exit_code) unless result.ok
+
+          puts result
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/change_pin_code.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class ChangePinCode < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          raise 'Not implemented'
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/check.rb

@@ -0,0 +1,24 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class Check < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          result = ::ICSP::Shell.new("#{csptest} -keyset -check -cont '#{selected_container}'").execute
+          exit(result.exit_code) unless result.ok
+
+          puts result
+        end
+
+        def selected_container
+          ::ICSP::Commands::Container::List.new(config: config, options: options, arguments: arguments).select
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/copy.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class Copy < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          raise 'Not implemented'
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/delete.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class Delete < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          raise 'Not implemented'
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/forget_all_pin_codes.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class ForgetAllPinCodes < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          raise 'Not implemented'
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/list.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class List < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          result = ::ICSP::Shell.new("#{csptest} -keyset -enum_containers -verifycontext -fqcn").execute
+          exit(result.exit_code) unless result.ok
+
+          result.output_lines.filter { |l| l.start_with?('\\') }
+        end
+
+        def print
+          puts execute
+        end
+
+        def select
+          @prompt.select('Choose container:', execute)
+        end
+      end
+    end
+  end
+end

data/lib/commands/container/view.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+module ICSP
+  module Commands
+    module Container
+      class View < ::ICSP::Commands::BaseCommand
+        def csptest
+          @csptest ||= @config.csptest
+        end
+
+        def execute
+          raise 'Not implemented'
+        end
+      end
+    end
+  end
+end