pkcs11 0.2.1 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (24) hide show
  1. data/.gemtest +0 -0
  2. data/History.txt +10 -0
  3. data/Manifest.txt +16 -2
  4. data/README.rdoc +24 -7
  5. data/Rakefile +29 -18
  6. data/ext/generate_structs.rb +28 -16
  7. data/ext/pk11.c +132 -99
  8. data/ext/pk11.h +3 -3
  9. data/ext/pk11_const_macros.h +4 -3
  10. data/ext/pk11_struct.doc +792 -0
  11. data/ext/pk11_struct_impl.inc +2 -2
  12. data/ext/pk11_struct_macros.h +14 -2
  13. data/ext/pk11_version.h +6 -0
  14. data/lib/pkcs11/helper.rb +7 -7
  15. data/lib/pkcs11/library.rb +28 -4
  16. data/lib/pkcs11/object.rb +29 -18
  17. data/pkcs11_protect_server/Manifest.txt +14 -0
  18. data/test/helper.rb +17 -9
  19. data/test/test_pkcs11.rb +4 -4
  20. data/test/test_pkcs11_object.rb +22 -8
  21. data/test/test_pkcs11_thread.rb +0 -1
  22. metadata +31 -32
  23. data/sample/firefox_certs.rb +0 -90
  24. data/sample/nssckbi.rb +0 -51
data/sample/firefox_certs.rb DELETED
@@ -1,90 +0,0 @@
1
- require "pkcs11"
2
- require "openssl"
3
-
4
- LIBSOFTOKEN3_SO = "libsoftokn3.so"
5
- LIBNSS_PATHS = %w(
6
- /usr/lib64 /usr/lib/ /usr/lib64/nss /usr/lib/nss
7
- )
8
- unless so_path = ARGV.shift
9
- paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBSOFTOKEN3_SO) }
10
- so_path = paths.find{|path| File.exist?(path) }
11
- end
12
-
13
- dir = Dir.glob(File.expand_path("~/.mozilla/firefox/*.default")).first
14
- NSS_INIT_ARGS = [
15
- "configDir='#{dir}'",
16
- "secmod='secmod.db'",
17
- "flags='readOnly'",
18
- ]
19
-
20
- args = PKCS11::CK_C_INITIALIZE_ARGS.new
21
- args.flags = 0
22
- args.pReserved = NSS_INIT_ARGS.join(" ")
23
-
24
- pk11 = PKCS11.new(so_path, args)
25
- info = pk11.C_GetInfo
26
- p [
27
- info.cryptokiVersion, info.manufacturerID, info.flags,
28
- info.libraryDescription, info.libraryVersion
29
- ]
30
-
31
- slots = pk11.C_GetSlotList(false)
32
- p slots
33
-
34
- slot = 2
35
- sinfo = pk11.C_GetSlotInfo(slot)
36
- p [
37
- sinfo.slotDescription, sinfo.manufacturerID, sinfo.flags,
38
- sinfo.hardwareVersion, sinfo.firmwareVersion
39
- ]
40
- mechanisms = pk11.C_GetMechanismList(slot)
41
- mechanisms.each do |m|
42
- p PKCS11::MECHANISMS[m] || m
43
- end
44
-
45
- flags = PKCS11::CKF_SERIAL_SESSION | PKCS11::CKF_RW_SESSION
46
- session = pk11.C_OpenSession(slot, flags)
47
- p [:session, session]
48
- pk11.C_Login(session, PKCS11::CKU_USER, "")
49
-
50
- find_template = [
51
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE),
52
- ]
53
- p pk11.C_FindObjectsInit(session, find_template)
54
- objs = pk11.C_FindObjects(session, 128)
55
- objs.each do |handle|
56
- template = [
57
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SUBJECT, nil),
58
- ]
59
- attrs = pk11.C_GetAttributeValue(session, handle, template)
60
- attrs.each do |attr|
61
- p OpenSSL::X509::Name.new(attr.value)
62
- end
63
- end
64
- objs = pk11.C_FindObjectsFinal(session)
65
-
66
- find_template = [
67
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_PRIVATE_KEY),
68
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, PKCS11::CKK_RSA),
69
- ]
70
- p pk11.C_FindObjectsInit(session, find_template)
71
- objs = pk11.C_FindObjects(session, 128)
72
- objs.each do |handle|
73
- template = [
74
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, nil),
75
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_KEY_TYPE, nil),
76
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_ID, nil),
77
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN, nil),
78
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_SIGN_RECOVER, nil),
79
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_DECRYPT, nil),
80
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_EXTRACTABLE, nil),
81
- ]
82
- attrs = pk11.C_GetAttributeValue(session, handle, template)
83
- attrs.each do |attr|
84
- p [PKCS11::ATTRIBUTES[attr.type], attr.value]
85
- end
86
- end
87
- objs = pk11.C_FindObjectsFinal(session)
88
-
89
- pk11.C_Logout(session)
90
- pk11.C_CloseSession(session)
data/sample/nssckbi.rb DELETED
@@ -1,51 +0,0 @@
1
- require "pkcs11"
2
- require "openssl"
3
-
4
- LIBNSSCKBI_SO = "libnssckbi.so"
5
- LIBNSS_PATHS = %w(
6
- /usr/lib64 /usr/lib /usr/lib64/nss /usr/lib/nss
7
- /usr/lib64/xulrunner /usr/lib/xulrunner
8
- /usr/local/lib64/xulrunner /usr/local/lib/xulrunner
9
- )
10
- unless so_name = ARGV[0]
11
- paths = LIBNSS_PATHS.collect{|path| File.join(path, LIBNSSCKBI_SO) }
12
- so_name = paths.find{|path| File.exist?(path) }
13
- end
14
-
15
- pkcs11 = PKCS11.new(so_name)
16
- slot = pkcs11.C_GetSlotList(true).first
17
- session = pkcs11.C_OpenSession(slot, PKCS11::CKF_SERIAL_SESSION)
18
-
19
- pkcs11.C_FindObjectsInit(session, [
20
- PKCS11::CK_ATTRIBUTE.new(PKCS11::CKA_CLASS, PKCS11::CKO_CERTIFICATE)
21
- ])
22
- handles = pkcs11.C_FindObjects(session, 1000)
23
- pkcs11.C_FindObjectsFinal(session)
24
-
25
- attribute_types = [
26
- PKCS11::CKA_CLASS,
27
- PKCS11::CKA_TOKEN, PKCS11::CKA_PRIVATE, PKCS11::CKA_MODIFIABLE,
28
- PKCS11::CKA_LABEL, PKCS11::CKA_CERTIFICATE_TYPE,
29
- PKCS11::CKA_SUBJECT, PKCS11::CKA_ID, PKCS11::CKA_ISSUER,
30
- PKCS11::CKA_SERIAL_NUMBER, PKCS11::CKA_VALUE,
31
- ]
32
- template = attribute_types.collect{|a| PKCS11::CK_ATTRIBUTE.new(a, nil) }
33
- handles.each do |handle|
34
- attributes = pkcs11.C_GetAttributeValue(session, handle, template)
35
- attributes.each do |attribute|
36
- type_name = PKCS11::ATTRIBUTES[attribute.type]
37
- case attribute.type
38
- when PKCS11::CKA_LABEL
39
- p [type_name, attribute.value]
40
- when PKCS11::CKA_SUBJECT, PKCS11::CKA_ISSUER
41
- p [type_name, OpenSSL::X509::Name.new(attribute.value)]
42
- when PKCS11::CKA_SERIAL_NUMBER
43
- serial = OpenSSL::ASN1.decode(attribute.value).value rescue nil
44
- attribute.value.unpack("w").first
45
- p [type_name, serial]
46
- when PKCS11::CKA_VALUE
47
- cert = OpenSSL::X509::Certificate.new(attribute.value)
48
- p [cert.serial, cert.not_before, cert.not_after]
49
- end
50
- end
51
- end