pkcs11 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,90 +0,0 @@
1
- require "pkcs11"
2
- require "openssl"
3
-
4
- LIBSOFTOKEN3_SO = "libsoftokn3.so"
5
- LIBNSS_PATHS = %w(
6
- /usr/lib64 /usr/lib/ /usr/lib64/nss /usr/lib/nss
7
- )
8
- unless so_path = ARGV.shift
9
- paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBSOFTOKEN3_SO) }
10
- so_path = paths.find{|path| File.exist?(path) }
11
- end
12
-
13
- dir = Dir.glob(File.expand_path("~/.mozilla/firefox/*.default")).first
14
- NSS_INIT_ARGS = [
15
- "configDir='#{dir}'",
16
- "secmod='secmod.db'",
17
- "flags='readOnly'",
18
- ]
19
-
20
- args = PKCS11::CK_C_INITIALIZE_ARGS.new
21
- args.flags = 0
22
- args.pReserved = NSS_INIT_ARGS.join(" ")
23
-
24
- pk11 = PKCS11.new(so_path, args)
25
- info = pk11.C_GetInfo
26
- p [
27
- info.cryptokiVersion, info.manufacturerID, info.flags,
28
- info.libraryDescription, info.libraryVersion
29
- ]
30
-
31
- slots = pk11.C_GetSlotList(false)
32
- p slots
33
-
34
- slot = 2
35
- sinfo = pk11.C_GetSlotInfo(slot)
36
- p [
37
- sinfo.slotDescription, sinfo.manufacturerID, sinfo.flags,
38
- sinfo.hardwareVersion, sinfo.firmwareVersion
39
- ]
40
- mechanisms = pk11.C_GetMechanismList(slot)
41
- mechanisms.each do |m|
42
- p PKCS11::MECHANISMS[m] || m
43
- end
44
-
45
- flags = PKCS11::CKF_SERIAL_SESSION | PKCS11::CKF_RW_SESSION
46
- session = pk11.C_OpenSession(slot, flags)
47
- p [:session, session]
48
- pk11.C_Login(session, PKCS11::CKU_USER, "")
49
-
50
- find_template = [
51
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE),
52
- ]
53
- p pk11.C_FindObjectsInit(session, find_template)
54
- objs = pk11.C_FindObjects(session, 128)
55
- objs.each do |handle|
56
- template = [
57
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SUBJECT, nil),
58
- ]
59
- attrs = pk11.C_GetAttributeValue(session, handle, template)
60
- attrs.each do |attr|
61
- p OpenSSL::X509::Name.new(attr.value)
62
- end
63
- end
64
- objs = pk11.C_FindObjectsFinal(session)
65
-
66
- find_template = [
67
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_PRIVATE_KEY),
68
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, PKCS11::CKK_RSA),
69
- ]
70
- p pk11.C_FindObjectsInit(session, find_template)
71
- objs = pk11.C_FindObjects(session, 128)
72
- objs.each do |handle|
73
- template = [
74
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, nil),
75
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, nil),
76
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_ID, nil),
77
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN, nil),
78
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN_RECOVER, nil),
79
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_DECRYPT, nil),
80
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_EXTRACTABLE, nil),
81
- ]
82
- attrs = pk11.C_GetAttributeValue(session, handle, template)
83
- attrs.each do |attr|
84
- p [PKCS11::ATTRIBUTES[attr.type], attr.value]
85
- end
86
- end
87
- objs = pk11.C_FindObjectsFinal(session)
88
-
89
- pk11.C_Logout(session)
90
- pk11.C_CloseSession(session)
@@ -1,51 +0,0 @@
1
- require "pkcs11"
2
- require "openssl"
3
-
4
- LIBNSSCKBI_SO = "libnssckbi.so"
5
- LIBNSS_PATHS = %w(
6
- /usr/lib64 /usr/lib /usr/lib64/nss /usr/lib/nss
7
- /usr/lib64/xulrunner /usr/lib/xulrunner
8
- /usr/local/lib64/xulrunner /usr/local/lib/xulrunner
9
- )
10
- unless so_name = ARGV[0]
11
- paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBNSSCKBI_SO) }
12
- so_name = paths.find{|path| File.exist?(path) }
13
- end
14
-
15
- pkcs11 = PKCS11.new(so_name)
16
- slot = pkcs11.C_GetSlotList(true).first
17
- session = pkcs11.C_OpenSession(slot, PKCS11::CKF_SERIAL_SESSION)
18
-
19
- pkcs11.C_FindObjectsInit(session, [
20
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE)
21
- ])
22
- handles = pkcs11.C_FindObjects(session, 1000)
23
- pkcs11.C_FindObjectsFinal(session)
24
-
25
- attribute_types = [
26
- PKCS11::CKA_CLASS,
27
- PKCS11::CKA_TOKEN, PKCS11::CKA_PRIVATE, PKCS11::CKA_MODIFIABLE,
28
- PKCS11::CKA_LABEL, PKCS11::CKA_CERTIFICATE_TYPE,
29
- PKCS11::CKA_SUBJECT, PKCS11::CKA_ID, PKCS11::CKA_ISSUER,
30
- PKCS11::CKA_SERIAL_NUMBER, PKCS11::CKA_VALUE,
31
- ]
32
- template = attribute_types.collect{|a| PKCS11::CK_ATTRIBUTE.new(a, nil) }
33
- handles.each do |handle|
34
- attributes = pkcs11.C_GetAttributeValue(session, handle, template)
35
- attributes.each do |attribute|
36
- type_name = PKCS11::ATTRIBUTES[attribute.type]
37
- case attribute.type
38
- when PKCS11::CKA_LABEL
39
- p [type_name, attribute.value]
40
- when PKCS11::CKA_SUBJECT, PKCS11::CKA_ISSUER
41
- p [type_name, OpenSSL::X509::Name.new(attribute.value)]
42
- when PKCS11::CKA_SERIAL_NUMBER
43
- serial = OpenSSL::ASN1.decode(attribute.value).value rescue nil
44
- attribute.value.unpack("w").first
45
- p [type_name, serial]
46
- when PKCS11::CKA_VALUE
47
- cert = OpenSSL::X509::Certificate.new(attribute.value)
48
- p [cert.serial, cert.not_before, cert.not_after]
49
- end
50
- end
51
- end