pkcs11 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gemtest +0 -0
- data/History.txt +10 -0
- data/Manifest.txt +16 -2
- data/README.rdoc +24 -7
- data/Rakefile +29 -18
- data/ext/generate_structs.rb +28 -16
- data/ext/pk11.c +132 -99
- data/ext/pk11.h +3 -3
- data/ext/pk11_const_macros.h +4 -3
- data/ext/pk11_struct.doc +792 -0
- data/ext/pk11_struct_impl.inc +2 -2
- data/ext/pk11_struct_macros.h +14 -2
- data/ext/pk11_version.h +6 -0
- data/lib/pkcs11/helper.rb +7 -7
- data/lib/pkcs11/library.rb +28 -4
- data/lib/pkcs11/object.rb +29 -18
- data/pkcs11_protect_server/Manifest.txt +14 -0
- data/test/helper.rb +17 -9
- data/test/test_pkcs11.rb +4 -4
- data/test/test_pkcs11_object.rb +22 -8
- data/test/test_pkcs11_thread.rb +0 -1
- metadata +31 -32
- data/sample/firefox_certs.rb +0 -90
- data/sample/nssckbi.rb +0 -51
data/sample/firefox_certs.rb
DELETED
@@ -1,90 +0,0 @@
|
|
1
|
-
require "pkcs11"
|
2
|
-
require "openssl"
|
3
|
-
|
4
|
-
LIBSOFTOKEN3_SO = "libsoftokn3.so"
|
5
|
-
LIBNSS_PATHS = %w(
|
6
|
-
/usr/lib64 /usr/lib/ /usr/lib64/nss /usr/lib/nss
|
7
|
-
)
|
8
|
-
unless so_path = ARGV.shift
|
9
|
-
paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBSOFTOKEN3_SO) }
|
10
|
-
so_path = paths.find{|path| File.exist?(path) }
|
11
|
-
end
|
12
|
-
|
13
|
-
dir = Dir.glob(File.expand_path("~/.mozilla/firefox/*.default")).first
|
14
|
-
NSS_INIT_ARGS = [
|
15
|
-
"configDir='#{dir}'",
|
16
|
-
"secmod='secmod.db'",
|
17
|
-
"flags='readOnly'",
|
18
|
-
]
|
19
|
-
|
20
|
-
args = PKCS11::CK_C_INITIALIZE_ARGS.new
|
21
|
-
args.flags = 0
|
22
|
-
args.pReserved = NSS_INIT_ARGS.join(" ")
|
23
|
-
|
24
|
-
pk11 = PKCS11.new(so_path, args)
|
25
|
-
info = pk11.C_GetInfo
|
26
|
-
p [
|
27
|
-
info.cryptokiVersion, info.manufacturerID, info.flags,
|
28
|
-
info.libraryDescription, info.libraryVersion
|
29
|
-
]
|
30
|
-
|
31
|
-
slots = pk11.C_GetSlotList(false)
|
32
|
-
p slots
|
33
|
-
|
34
|
-
slot = 2
|
35
|
-
sinfo = pk11.C_GetSlotInfo(slot)
|
36
|
-
p [
|
37
|
-
sinfo.slotDescription, sinfo.manufacturerID, sinfo.flags,
|
38
|
-
sinfo.hardwareVersion, sinfo.firmwareVersion
|
39
|
-
]
|
40
|
-
mechanisms = pk11.C_GetMechanismList(slot)
|
41
|
-
mechanisms.each do |m|
|
42
|
-
p PKCS11::MECHANISMS[m] || m
|
43
|
-
end
|
44
|
-
|
45
|
-
flags = PKCS11::CKF_SERIAL_SESSION | PKCS11::CKF_RW_SESSION
|
46
|
-
session = pk11.C_OpenSession(slot, flags)
|
47
|
-
p [:session, session]
|
48
|
-
pk11.C_Login(session, PKCS11::CKU_USER, "")
|
49
|
-
|
50
|
-
find_template = [
|
51
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE),
|
52
|
-
]
|
53
|
-
p pk11.C_FindObjectsInit(session, find_template)
|
54
|
-
objs = pk11.C_FindObjects(session, 128)
|
55
|
-
objs.each do |handle|
|
56
|
-
template = [
|
57
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SUBJECT, nil),
|
58
|
-
]
|
59
|
-
attrs = pk11.C_GetAttributeValue(session, handle, template)
|
60
|
-
attrs.each do |attr|
|
61
|
-
p OpenSSL::X509::Name.new(attr.value)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
objs = pk11.C_FindObjectsFinal(session)
|
65
|
-
|
66
|
-
find_template = [
|
67
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_PRIVATE_KEY),
|
68
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, PKCS11::CKK_RSA),
|
69
|
-
]
|
70
|
-
p pk11.C_FindObjectsInit(session, find_template)
|
71
|
-
objs = pk11.C_FindObjects(session, 128)
|
72
|
-
objs.each do |handle|
|
73
|
-
template = [
|
74
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, nil),
|
75
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, nil),
|
76
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_ID, nil),
|
77
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN, nil),
|
78
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN_RECOVER, nil),
|
79
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_DECRYPT, nil),
|
80
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_EXTRACTABLE, nil),
|
81
|
-
]
|
82
|
-
attrs = pk11.C_GetAttributeValue(session, handle, template)
|
83
|
-
attrs.each do |attr|
|
84
|
-
p [PKCS11::ATTRIBUTES[attr.type], attr.value]
|
85
|
-
end
|
86
|
-
end
|
87
|
-
objs = pk11.C_FindObjectsFinal(session)
|
88
|
-
|
89
|
-
pk11.C_Logout(session)
|
90
|
-
pk11.C_CloseSession(session)
|
data/sample/nssckbi.rb
DELETED
@@ -1,51 +0,0 @@
|
|
1
|
-
require "pkcs11"
|
2
|
-
require "openssl"
|
3
|
-
|
4
|
-
LIBNSSCKBI_SO = "libnssckbi.so"
|
5
|
-
LIBNSS_PATHS = %w(
|
6
|
-
/usr/lib64 /usr/lib /usr/lib64/nss /usr/lib/nss
|
7
|
-
/usr/lib64/xulrunner /usr/lib/xulrunner
|
8
|
-
/usr/local/lib64/xulrunner /usr/local/lib/xulrunner
|
9
|
-
)
|
10
|
-
unless so_name = ARGV[0]
|
11
|
-
paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBNSSCKBI_SO) }
|
12
|
-
so_name = paths.find{|path| File.exist?(path) }
|
13
|
-
end
|
14
|
-
|
15
|
-
pkcs11 = PKCS11.new(so_name)
|
16
|
-
slot = pkcs11.C_GetSlotList(true).first
|
17
|
-
session = pkcs11.C_OpenSession(slot, PKCS11::CKF_SERIAL_SESSION)
|
18
|
-
|
19
|
-
pkcs11.C_FindObjectsInit(session, [
|
20
|
-
PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE)
|
21
|
-
])
|
22
|
-
handles = pkcs11.C_FindObjects(session, 1000)
|
23
|
-
pkcs11.C_FindObjectsFinal(session)
|
24
|
-
|
25
|
-
attribute_types = [
|
26
|
-
PKCS11::CKA_CLASS,
|
27
|
-
PKCS11::CKA_TOKEN, PKCS11::CKA_PRIVATE, PKCS11::CKA_MODIFIABLE,
|
28
|
-
PKCS11::CKA_LABEL, PKCS11::CKA_CERTIFICATE_TYPE,
|
29
|
-
PKCS11::CKA_SUBJECT, PKCS11::CKA_ID, PKCS11::CKA_ISSUER,
|
30
|
-
PKCS11::CKA_SERIAL_NUMBER, PKCS11::CKA_VALUE,
|
31
|
-
]
|
32
|
-
template = attribute_types.collect{|a| PKCS11::CK_ATTRIBUTE.new(a, nil) }
|
33
|
-
handles.each do |handle|
|
34
|
-
attributes = pkcs11.C_GetAttributeValue(session, handle, template)
|
35
|
-
attributes.each do |attribute|
|
36
|
-
type_name = PKCS11::ATTRIBUTES[attribute.type]
|
37
|
-
case attribute.type
|
38
|
-
when PKCS11::CKA_LABEL
|
39
|
-
p [type_name, attribute.value]
|
40
|
-
when PKCS11::CKA_SUBJECT, PKCS11::CKA_ISSUER
|
41
|
-
p [type_name, OpenSSL::X509::Name.new(attribute.value)]
|
42
|
-
when PKCS11::CKA_SERIAL_NUMBER
|
43
|
-
serial = OpenSSL::ASN1.decode(attribute.value).value rescue nil
|
44
|
-
attribute.value.unpack("w").first
|
45
|
-
p [type_name, serial]
|
46
|
-
when PKCS11::CKA_VALUE
|
47
|
-
cert = OpenSSL::X509::Certificate.new(attribute.value)
|
48
|
-
p [cert.serial, cert.not_before, cert.not_after]
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|