openssl-win-root 0.9.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c8efedecb76d722740ca0373f393abcd59b74589
+  data.tar.gz: a30d32f28d6089cb2c6bfa4594c3b11c39c1832c
+SHA512:
+  metadata.gz: a074031098476c9ebc8bad468836bb3b4f88d41a9ceb30fec09b6f5396e30da89f77ab5a7736e4b0df710d5ca968930a2a20d30fa6dd1289a09633e4282a8ac5
+  data.tar.gz: 52088461747c1a7d66e7efc92ac2ab509c3d721556db1a187334c1da99124de22be58781bd93c74252757e7d16bb558dc30173279920d0d5b501554d91dcde14

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+pem

data/FarMenu.ini

@@ -0,0 +1,12 @@
+I:  Install dependencies
+    bundle install
+--:
+B:  Build gem
+    bundle exec rake build
+L:  Install gem locally
+    bundle exec rake install
+U:  Uninstall gem
+    gem uninstall -a openssl-win-root
+--:
+C:  Open console
+    bundle console -new_console:c

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2015 Stas Ukolov
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,59 @@
+# OpenSSL::Win::Root
+
+[![Gem Version](https://badge.fury.io/rb/openssl-win-root.svg)](http://badge.fury.io/rb/openssl-win-root)
+
+Fetch Root CA certificates from Windows system store.
+
+## Abstract
+
+Default installation of Ruby on Microsoft Windows provides no root certificates at all.
+Secure connections are simply impossible.
+
+Recommended fix is to load http://curl.haxx.se/ca/cacert.pem and set SSL_CERT_FILE environment variable.
+
+But Windows has its own certificate store. This gem just access it, fetch trusted root certificates
+and feed them to Ruby's OpenSSL.
+
+So, if you installed some certificates or your company certificate is installed by Group Policy,
+these certificates will be available to your Ruby program. In addition, no network access is required.
+
+Under other OSes this gem does nothing.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+  gem 'openssl-win-root' if Gem.win_platform?
+```
+
+And then execute:
+
+```sh
+  $ bundle
+```
+
+Or install it yourself as:
+
+```sh
+  $ gem install openssl-win-root
+```
+
+## Usage
+
+Just `require 'openssl/win/root'`
+
+If your project uses `Bundler.require` (eg. Ruby on Rails) then just do nothing!
+
+To test whether SSL works (or not):
+
+```ruby
+require 'net/http'
+Net::HTTP.get(URI 'https://ya.ru').length
+```
+
+## Credits
+
+  * [Ruby](https://www.ruby-lang.org/)
+  * [OpenSSL](https://www.openssl.org/)
+  * [FFI](https://github.com/ffi/ffi)

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/ext/Rakefile

@@ -0,0 +1,3 @@
+task :default do
+  require File.expand_path '../../lib/openssl/win/root', __FILE__
+end

data/lib/openssl/win/root.rb

@@ -0,0 +1,100 @@
+require 'ffi'
+require 'openssl'
+require 'fileutils'
+
+require_relative "root/version"
+
+module OpenSSL::Win::Root
+
+  On = Gem.win_platform?
+
+  module Crypt
+    extend FFI::Library
+    ffi_lib 'crypt32'
+    ffi_convention :stdcall
+
+    attach_function :open, :CertOpenSystemStoreA, [:pointer, :string], :pointer
+    attach_function :close, :CertCloseStore, [:pointer, :uint], :int
+    attach_function :enum, :CertEnumCertificatesInStore, [:pointer, :pointer], :pointer
+
+    class Ctx < FFI::Struct
+      layout :dwCertEncodingType, :uint,
+        :pbCertEncoded, :pointer,
+        :cbCertEncoded, :uint,
+        :pCertInfo, :pointer,
+        :hCertStore, :pointer
+
+      def crt
+        OpenSSL::X509::Certificate.new self[:pbCertEncoded].read_string self[:cbCertEncoded]
+      end
+    end
+
+    # Based on Puppet::Util::Windows::RootCerts
+    def self.each
+      store = open nil, 'ROOT'
+      begin
+        ctx = nil
+        yield Ctx.new(ctx).crt until (ctx = enum store, ctx).null?
+      ensure
+        close store, 0
+      end
+    end
+  end if On
+
+  def self.save(f=STDOUT)
+    f.puts <<-EOT
+#
+# Generated by #{self} v#{VERSION} @#{Time.now}
+#
+
+    EOT
+    Crypt.each do |crt|
+      f.puts <<-EOT
+Subject: #{crt.subject}
+Valid:   #{crt.not_before} - #{crt.not_after}
+#{crt.to_pem}
+      EOT
+    end
+  end
+
+  def self.path
+    return @path if @path
+    x = File.expand_path '..', __FILE__
+    x = File.dirname x until File.exists? File.join x, 'Gemfile'
+    x = File.join x, 'pem'
+    FileUtils.mkdir_p x
+    @path = File.join x, 'cacert.pem'
+  end
+
+  def self.tmpnam
+    File.join File.dirname(path), "#{rand.to_s.gsub /\D+/, ''}.pem"
+  end
+
+  def self.update
+    tmp = tmpnam
+    begin
+      File.open(tmp, 'w'){|f| save f}
+      FileUtils.mv tmp, path, force: true
+      inject
+    ensure
+      File.unlink tmp rescue nil
+    end
+  end
+
+  def self.inject
+    return unless File.exists? path
+    return if @inject
+    OpenSSL::SSL::SSLContext::DEFAULT_CERT_STORE.add_file path
+    @inject = true
+    path
+  end
+
+  def self.go!
+    t = Thread.new{ update }
+    at_exit{t.join}
+    inject
+  end
+
+  go! if On
+
+end

data/lib/openssl/win/root/version.rb

@@ -0,0 +1,7 @@
+module OpenSSL
+  module Win
+    module Root
+      VERSION = "0.9.0"
+    end
+  end
+end

data/openssl-win-root.gemspec

@@ -0,0 +1,27 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'openssl/win/root/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "openssl-win-root"
+  spec.version       = OpenSSL::Win::Root::VERSION
+  spec.authors       = ["Stas Ukolov"]
+  spec.email         = ["ukoloff@gmail.com"]
+  spec.description   = 'Fetch Root CA certificates from Windows system store'
+  spec.summary       = ''
+  spec.homepage      = "https://github.com/ukoloff/openssl-win-root"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.extensions    = ['ext/mkrf_conf.rb']
+
+  spec.add_dependency "ffi"
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+end

metadata

@@ -0,0 +1,98 @@
+--- !ruby/object:Gem::Specification
+name: openssl-win-root
+version: !ruby/object:Gem::Version
+  version: 0.9.0
+platform: ruby
+authors:
+- Stas Ukolov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-03-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Fetch Root CA certificates from Windows system store
+email:
+- ukoloff@gmail.com
+executables: []
+extensions:
+- ext/mkrf_conf.rb
+extra_rdoc_files: []
+files:
+- .gitignore
+- FarMenu.ini
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- ext/Rakefile
+- ext/mkrf_conf.rb
+- lib/openssl/win/root.rb
+- lib/openssl/win/root/version.rb
+- openssl-win-root.gemspec
+homepage: https://github.com/ukoloff/openssl-win-root
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.6
+signing_key: 
+specification_version: 4
+summary: ''
+test_files: []