thales-pse 0.1.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 9822d9ede725eb7e93e61f5da6edd57880e9085263fac58f4e0d28ac72949747
+  data.tar.gz: c3c6041f5dbde1e17a4709092be0a425f752f11535fb2db9074cb39d2a19abbb
+SHA512:
+  metadata.gz: 8bfc6a8cd47b76425c40c9d00959997583d07c5a62394a7e6f928ff367d89905c5dbcc189c0aebbc780a1e33753501c980b2bd74dc09f5403732e327e78d3f3b
+  data.tar.gz: 51661eade08e5edfd65a7d61a2e3d4e32978e5c07aebb0552067ef92623e091b44f9e8e1d7b39eda3ea916f9d45315ef99819ae2ff8b7fca49e55d2aa644b0e7

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/Gemfile

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+source "https://rubygems.org"
+
+# Specify your gem's dependencies in thales-pse.gemspec
+gemspec
+
+gem "rake", "~> 13.0"
+
+gem "rspec", "~> 3.0"
+
+#gem 'toolrack', path: '/mnt/Vault/08.Dev/01.Workspaces/WIP/toolrack'
+

data/Gemfile.lock

@@ -0,0 +1,70 @@
+PATH
+  remote: .
+  specs:
+    thales-pse (0.1.0)
+      tlogger
+      toolrack
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    base58 (0.2.3)
+    devops_helper (0.5.0)
+      git_cli
+      gvcs
+      tlogger
+      toolrack
+      tty-prompt (= 0.22.0)
+    diff-lcs (1.4.4)
+    git_cli (0.8.0)
+      gvcs (>= 0.1.0)
+      ptools (~> 1.4.0)
+      tlogger (>= 0.21)
+      toolrack (>= 0.4.0)
+    gvcs (0.1.0)
+    pastel (0.8.0)
+      tty-color (~> 0.5)
+    ptools (1.4.2)
+    rake (13.0.6)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    tlogger (0.26.1)
+    toolrack (0.15.0)
+      base58
+      tlogger
+    tty-color (0.6.0)
+    tty-cursor (0.7.1)
+    tty-prompt (0.22.0)
+      pastel (~> 0.8)
+      tty-reader (~> 0.8)
+    tty-reader (0.9.0)
+      tty-cursor (~> 0.7)
+      tty-screen (~> 0.8)
+      wisper (~> 2.0)
+    tty-screen (0.8.1)
+    wisper (2.0.1)
+
+PLATFORMS
+  java
+  universal-java-1.8
+  x86_64-linux
+
+DEPENDENCIES
+  devops_helper
+  rake (~> 13.0)
+  rspec (~> 3.0)
+  thales-pse!
+
+BUNDLED WITH
+   2.2.28

data/README.md

@@ -0,0 +1,29 @@
+# Thales::Pse
+
+Collection of utilities to integrates with the Thales (Previously SafeNet) ProtectServer External (PSE) HSM.
+
+It is tested to ease the usage for local development with the simulator. Not for production use.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'thales-pse'
+```
+
+And then execute:
+
+    $ bundle install
+
+Or install it yourself as:
+
+    $ gem install thales-pse
+
+## Usage
+
+Check the usage inside the spec/thales/hsm\_spec.rb 
+
+Currently it is just API to assist in setting up the HSM for usage.
+
+

data/Rakefile

@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+require 'devops_helper'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task default: :spec

data/bin/console

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+require "bundler/setup"
+require "thales/pse"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+# (If you use this, don't forget to add pry to your Gemfile!)
+# require "pry"
+# Pry.start
+
+require "irb"
+IRB.start(__FILE__)

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/lib/thales/pse/cli.rb

@@ -0,0 +1,69 @@
+
+require 'pty'
+require 'expect'
+require 'timeout'
+
+module Thales
+  module Pse
+    module Cli
+      include TR::CondUtils
+      include TR::CliUtils
+
+      class ExecutableNotFoundError < StandardError; end
+      
+      def cli_exec(exec, &block)
+
+        exePath = which(exec)
+        raise ExecutableNotFoundError, "#{exec} cannot be found" if is_empty?(exePath)
+        raise Error, "Block is required" if not block
+
+        params = block.call(:params) || []
+        expect_list = block.call(:expect_list)
+
+        output = block.call(:output) || TR::NullOut.new
+
+        cmd = "#{exePath} #{params.join(" ")}"
+
+        logger.tdebug :cmd, "cli_exec command : #{cmd}"
+
+        PTY.spawn(exePath, *params) do |read, write, pid|
+
+          begin
+
+            if not is_empty?(expect_list)
+              expect_list.each do |ex|
+                to = ex[:timeout] || 1
+                cont = read.expect(/#{ex[:matcher]}/, to)
+                output.puts cont
+                write.puts block.call(ex[:block_key], cont)
+              end
+            end
+
+            Timeout.timeout(1) do
+              read.each do |l|
+                output.puts l if not_empty?(l)
+              end
+            end
+
+          rescue Timeout::Error => e
+            read.close
+            write.close
+            Process.kill('TERM',pid)
+            output.puts "Process #{cmd} ('#{pid}') killed due to timeout"
+          rescue Errno::EIO
+            output.puts "[Done] #{cmd}"
+          end
+        end
+        
+      end
+
+      def logger
+        if @logger.nil?
+          @logger = Tlogger.new
+        end
+        @logger
+      end
+
+    end
+  end
+end

data/lib/thales/pse/config.rb

@@ -0,0 +1,313 @@
+
+require 'pty'
+require 'expect'
+require 'toolrack'
+require 'timeout'
+
+require_relative 'cli'
+
+module Thales
+  module Pse
+    module Config
+      include TR::CondUtils
+      include TR::CliUtils
+      include Cli
+      
+      def init(&block)
+
+        expect = [
+          { key: "enter new Admin SO pin:", block_key: :admin_so_pin, timeout: 1 },
+          { key: "confirm new Admin SO pin:", block_key: :admin_so_pin_confirm, timeout: 1 },
+          { key: "enter new Administrator\'s pin:", block_key: :admin_pin, timeout: 1 },
+          { key: "confirm new Administrator\'s pin:", block_key: :admin_pin_confirm, timeout: 1 }
+        ]
+
+        begin
+
+          cli_exec("ctconf") do |ops|
+            case ops
+            when :expect_list
+              expect
+            else
+              block.call(ops)
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+
+      end
+
+      def init_token(&block)
+
+        raise Error, "Block is required" if not block
+
+        expect = [
+          { key: "new token label:", block_key: :token_label, timeout: 1 },
+          { key: "enter Security Officer\'s pin:", block_key: :token_so_pin, timeout: 1 },
+          { key: "confirm Security Officer\'s pin:", block_key: :token_so_pin_confirm, timeout: 1 }
+        ]
+
+        slot = block.call(:slot) || 0
+
+        begin
+
+          cli_exec("ctconf") do |ops|
+            case ops
+            when :params
+              ["-n#{slot}"]
+            when :expect_list
+              expect
+            else
+              block.call(ops)
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+
+      end
+
+      def init_user_pin(&block)
+
+        raise Error, "Block is required" if not block
+
+        expect = [
+          # this key is handled locally not passed to external
+          { key: "Security Officer PIN.+:|current user PIN.+:", block_key: :auth_pin, timeout: 3 },
+          { key: "enter the new user PIN.+:", block_key: :token_user_pin, timeout: 1 },
+          { key: "confirm the new user PIN.+:", block_key: :token_user_pin_confirm, timeout: 1 }
+        ]
+
+        slot = block.call(:slot) || 0
+
+        begin
+
+          cli_exec("ctkmu") do |ops, val|
+            case ops
+            when :params
+              ["p","-s#{slot}"]
+            when :expect_list
+              expect
+            when :auth_pin
+              if not_empty?(val)
+                if val.join =~ /Security Officer/
+                  block.call(:token_so_pin)
+                else
+                  block.call(:token_user_pin)
+                end
+              end
+            else
+              block.call(ops)
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+        
+      end
+
+
+      def genkey(type, &block)
+
+        raise Error, "Block is required" if not block
+
+        expect = [
+          { key: "Enter user PIN.+:", block_key: :slot_user_pin, timeout: 1 }
+        ]
+
+        case type
+        when :rsa
+        else
+          raise Error, "Unsupported key type #{type}"
+        end
+
+        slot = block.call(:slot) || 0
+        
+        name = block.call(:name) 
+        raise Error, "Name is required " if is_empty?(name)
+        name.gsub!(" ","_")
+        
+        attr = block.call(:attr)
+        raise Error, "Attributes (attr) is required " if is_empty?(attr)
+        attr = [attr] if not attr.is_a?(Array)
+        atRes = []
+        attr.each do |at|
+          case at
+          when :private
+            atRes << "P"
+          when :modifiable
+            atRes << "M"
+          when :sensitive
+            atRes << "T"
+          when :wrap
+            atRes << "W"
+          when :export
+            atRes << "w"
+          when :import
+            atRes << "I"
+          when :unwrap
+            atRes << "U"
+          when :extractable
+            atRes << "X"
+          when :exportable
+            atRes << "x"
+          when :derive
+            atRes << "R"
+          when :encrypt
+            atRes << "E"
+          when :decrypt
+            atRes << "D"
+          when :sign
+            atRes << "S"
+          when :verify
+            atRes << "V"
+          when :sign_local_cert
+            atRes << "L"
+          when :usage_count
+            atRes << "C"
+          end
+        end
+
+        keysize = block.call(:keysize) || 2048
+
+        begin
+
+          cli_exec("ctkmu") do |ops, val|
+            case ops
+            when :params
+              ["c","-t#{type}","-s#{slot}","-n#{name}","-a#{atRes.join}"]
+            when :expect_list
+              expect
+            else
+              block.call(ops)
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctkmu' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+        
+       
+      end
+
+      def gencert(&block)
+
+        raise Error, "Block is required" if not block
+
+        expect = [
+          { key: "Enter user PIN.+:", block_key: :slot_user_pin, timeout: 1 },
+        ]
+
+        keylabel = block.call(:keylabel)
+        raise Error, "Keylabel should not be empty" if is_empty?(keylabel)
+        keylabel.gsub!(" ","_")
+
+        slot = block.call(:slot)
+        validFrom = block.call(:valid_from)
+        #if is_empty?(validFrom) or not validFrom.is_a?(Time)
+        #  today = Time.now
+        #  validFrom = Time.new(today.year, today.month, today.day)
+        #end
+        validity = block.call(:validity)
+        if not (validity =~ /h|d|m|y/)
+          raise Error, "Validity requires unit in hour (h), day (d), month (m) or year (y)"
+        end
+        validTo = block.call(:valid_to)
+        raise Error, "Valid_to requires a time object" if (not_empty?(validTo) and not validTo.is_a?(Time))
+
+        slot = block.call(:slot) || 0
+        certFile = block.call(:cert_file)
+
+        cn = block.call(:common_name)
+        raise Error, "Common name is mandatory" if is_empty?(cn)
+        expect << { key: "Common Name:", block_key: :cn, timeout: 1 }
+        org = block.call(:org)
+        expect << { key: "Organization:", block_key: :org, timeout: 1 }
+        ou = block.call(:ou)
+        expect << { key: "Organizational Unit:", block_key: :ou, timeout: 1 }
+        loc = block.call(:locality)
+        expect << { key: "Locality:", block_key: :loc, timeout: 1 }
+        st = block.call(:state)
+        expect << { key: "State:", block_key: :st, timeout: 1 }
+        ctry = block.call(:country)
+        expect << { key: "Country:", block_key: :ctry, timeout: 1 }
+        sn = block.call(:serial_no) || SecureRandom.uuid.gsub("-","")
+        expect << { key: "certificate\'s serial number.+:", block_key: :sn, timeout: 1 }
+
+        params = ["c","-l#{keylabel}", "-s#{slot}"]
+        if not_empty?(validFrom)
+          params << "-b#{validFrom.strftime("%Y%m%d%H%M%S")}"
+        end
+        if not_empty?(validity)
+          params << "-d#{validity}"
+        end
+        if not_empty?(validTo)
+          params << "-e#{validTo.strftime("%Y%m%d%H%M%S")}"
+        end
+
+        begin
+
+          cli_exec("ctcert") do |ops, val|
+            case ops
+            when :params
+              params
+            when :expect_list
+              expect
+            when :cn
+              cn
+            when :org
+              org
+            when :ou
+              ou
+            when :loc
+              loc
+            when :st
+              st
+            when :ctry
+              ctry
+            when :sn
+              sn
+            else
+              block.call(ops)
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctkmu' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+
+        if not_empty?(certFile)
+          export_cert(keylabel, certFile, slot)
+        end
+
+      end # gencert
+
+      def export_cert(label, outFile, slot = 0, &block)
+        
+        raise Error, "Key label cannot be empty" if is_empty?(label) 
+        raise Error, "Output file cannot be empty" if is_empty?(outFile) 
+
+        label.gsub!(" ","_")
+
+        begin
+
+          cli_exec("ctcert") do |ops|
+            case ops
+            when :params
+              ["x","-l#{label}","-s#{slot}","-f#{outFile}"]
+            end
+          end
+
+        rescue ExecutableNotFoundError
+          raise Error, "Executable 'ctcert' not found from PATH. Please install the driver or add the executable to PATH"
+        end
+
+      end # export_cert
+
+    end
+  end
+end

data/lib/thales/pse/hsm.rb

@@ -0,0 +1,75 @@
+
+require_relative 'cli'
+require_relative 'slot'
+
+module Thales
+  module Pse
+
+    class HSM
+      
+      def self.instance(eng = :cli)
+        case eng
+        when :cli
+          h = HSM.new
+          h.extend(Cli::HSM)
+          h
+        else
+          h = HSM.new
+          h.extend(Cli::HSM)
+          h
+        end
+      end
+
+    end
+
+    module Cli
+      module HSM
+        include TR::CondUtils
+        include TR::CliUtils
+        include Cli
+
+        def init_hsm(*args,&block)
+
+          expect = [
+            { matcher: "enter new Admin SO pin:", block_key: :admin_so_pin, timeout: 5 },
+            { matcher: "confirm new Admin SO pin:", block_key: :admin_so_pin_confirm, timeout: 5 },
+            { matcher: "enter new Administrator\'s pin:", block_key: :admin_pin, timeout: 5 },
+            { matcher: "confirm new Administrator\'s pin:", block_key: :admin_pin_confirm, timeout: 5 }
+          ]
+
+          begin
+
+            cli_exec("ctconf") do |ops|
+              case ops
+              when :expect_list
+                expect
+              else
+                block.call(ops)
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+
+        end
+
+        def default_user_slot
+          if @defUserSlot.nil?
+            @defUserSlot = Slot.new(0)
+          end
+          @defUserSlot
+        end
+
+        def default_admin_slot
+          if @defAdminSlot.nil?
+            @defAdminSlot = Slot.new(1)
+          end
+          @defAdminSlot
+        end
+        
+      end
+    end
+  end
+end

data/lib/thales/pse/slot.rb

@@ -0,0 +1,23 @@
+
+require_relative 'token'
+
+module Thales
+  module Pse
+    class Slot
+
+      attr_reader :id, :token
+      def initialize(id)
+        @id = id
+      end
+
+      def default_token
+        if @token.nil?
+          @token = Token.new(self)
+        end
+        @token
+      end
+
+    end
+
+  end
+end

data/lib/thales/pse/token.rb

@@ -0,0 +1,313 @@
+
+
+require_relative 'cli'
+
+module Thales
+  module Pse
+    module Cli
+      module Token
+        include TR::CondUtils
+        include TR::CliUtils
+        include Cli
+
+        def init_token(*args, &block)
+          
+          init_token_so(&block)
+          init_token_user(&block)
+
+        end
+
+        def init_token_so(*args, &block)
+
+          raise TokenError, "Block is required" if not block
+          raise TokenError, "Slot is not available!" if is_empty?(@slot)
+
+          expect = [
+            { matcher: "new token label:", block_key: :token_label, timeout: 1 },
+            { matcher: "enter Security Officer\'s pin:", block_key: :token_so_pin, timeout: 1 },
+            { matcher: "confirm Security Officer\'s pin:", block_key: :token_so_pin_confirm, timeout: 1 }
+          ]
+
+          #slot = block.call(:slot) || 0
+          slot = @slot.id
+
+          begin
+
+            cli_exec("ctconf") do |ops|
+              case ops
+              when :params
+                ["-n#{slot}"]
+              when :expect_list
+                expect
+              else
+                block.call(ops)
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+        end
+
+        def init_token_user(*args, &block)
+
+          raise TokenError, "Block is required" if not block
+          raise TokenError, "Slot is not available!" if is_empty?(@slot)
+
+          expect = [
+            # this key is handled locally not passed to external
+            { matcher: "Security Officer PIN.+:|current user PIN.+:", block_key: :auth_pin, timeout: 3 },
+            { matcher: "enter the new user PIN.+:", block_key: :token_user_pin, timeout: 1 },
+            { matcher: "confirm the new user PIN.+:", block_key: :token_user_pin_confirm, timeout: 1 }
+          ]
+
+          #slot = block.call(:slot) || 0
+          slot = @slot.id
+
+          begin
+
+            cli_exec("ctkmu") do |ops, val|
+              case ops
+              when :params
+                ["p","-s#{slot}"]
+              when :expect_list
+                expect
+              when :auth_pin
+                if not_empty?(val)
+                  if val.join =~ /Security Officer/
+                    block.call(:token_so_pin)
+                  else
+                    block.call(:token_user_pin)
+                  end
+                end
+              else
+                block.call(ops)
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctconf' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+        end
+
+        def genkey(*args, &block)
+
+          raise TokenError, "Block is required" if not block
+          raise TokenError, "Slot is not available!" if is_empty?(@slot)
+
+          expect = [
+            { matcher: "Enter user PIN.+:", block_key: :token_user_pin, timeout: 1 }
+          ]
+
+          type = args.first
+          case type
+          when :rsa
+          else
+            raise Error, "Unsupported key type #{type}"
+          end
+
+          #slot = block.call(:slot) || 0
+          slot = @slot.id
+
+          keylabel = block.call(:keylabel) 
+          raise Error, "Keylabel is required " if is_empty?(keylabel)
+          keylabel.gsub!(" ","_")
+
+          attr = block.call(:attr)
+          raise Error, "Attributes (attr) is required " if is_empty?(attr)
+          attr = [attr] if not attr.is_a?(Array)
+          atRes = []
+          attr.each do |at|
+            case at
+            when :private
+              atRes << "P"
+            when :modifiable
+              atRes << "M"
+            when :sensitive
+              atRes << "T"
+            when :wrap
+              atRes << "W"
+            when :export
+              atRes << "w"
+            when :import
+              atRes << "I"
+            when :unwrap
+              atRes << "U"
+            when :extractable
+              atRes << "X"
+            when :exportable
+              atRes << "x"
+            when :derive
+              atRes << "R"
+            when :encrypt
+              atRes << "E"
+            when :decrypt
+              atRes << "D"
+            when :sign
+              atRes << "S"
+            when :verify
+              atRes << "V"
+            when :sign_local_cert
+              atRes << "L"
+            when :usage_count
+              atRes << "C"
+            end
+          end
+
+          keysize = block.call(:keysize) || 2048
+
+          begin
+
+            cli_exec("ctkmu") do |ops, val|
+              case ops
+              when :params
+                ["c","-t#{type}","-s#{slot}","-n#{keylabel}","-a#{atRes.join}"]
+              when :expect_list
+                expect
+              else
+                block.call(ops)
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctkmu' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+        end
+
+        def gencert(*args, &block)
+          
+          raise TokenError, "Block is required" if not block
+          raise TokenError, "Slot is not available!" if is_empty?(@slot)
+
+          expect = [
+            { matcher: "Enter user PIN.+:", block_key: :token_user_pin, timeout: 1 },
+          ]
+
+          keylabel = block.call(:keylabel)
+          raise Error, "Keylabel should not be empty" if is_empty?(keylabel)
+          keylabel.gsub!(" ","_")
+
+          validFrom = block.call(:valid_from)
+          #if is_empty?(validFrom) or not validFrom.is_a?(Time)
+          #  today = Time.now
+          #  validFrom = Time.new(today.year, today.month, today.day)
+          #end
+          validity = block.call(:validity)
+          if not (validity =~ /h|d|m|y/)
+            raise Error, "Validity requires unit in hour (h), day (d), month (m) or year (y)"
+          end
+          validTo = block.call(:valid_to)
+          raise Error, "Valid_to requires a time object" if (not_empty?(validTo) and not validTo.is_a?(Time))
+
+          #slot = block.call(:slot) || 0
+          slot = @slot.id
+          certFile = block.call(:cert_file)
+
+          cn = block.call(:common_name)
+          raise Error, "Common name is mandatory" if is_empty?(cn)
+          expect << { matcher: "Common Name:", block_key: :cn, timeout: 1 }
+          org = block.call(:org)
+          expect << { matcher: "Organization:", block_key: :org, timeout: 1 }
+          ou = block.call(:ou)
+          expect << { matcher: "Organizational Unit:", block_key: :ou, timeout: 1 }
+          loc = block.call(:locality)
+          expect << { matcher: "Locality:", block_key: :loc, timeout: 1 }
+          st = block.call(:state)
+          expect << { matcher: "State:", block_key: :st, timeout: 1 }
+          ctry = block.call(:country)
+          expect << { matcher: "Country:", block_key: :ctry, timeout: 1 }
+          sn = block.call(:serial_no) || SecureRandom.uuid.gsub("-","")
+          expect << { matcher: "certificate\'s serial number.+:", block_key: :sn, timeout: 1 }
+
+          params = ["c","-l#{keylabel}", "-s#{slot}"]
+          if not_empty?(validFrom)
+            params << "-b#{validFrom.strftime("%Y%m%d%H%M%S")}"
+          end
+          if not_empty?(validity)
+            params << "-d#{validity}"
+          end
+          if not_empty?(validTo)
+            params << "-e#{validTo.strftime("%Y%m%d%H%M%S")}"
+          end
+
+          begin
+
+            cli_exec("ctcert") do |ops, val|
+              case ops
+              when :params
+                params
+              when :expect_list
+                expect
+              when :cn
+                cn
+              when :org
+                org
+              when :ou
+                ou
+              when :loc
+                loc
+              when :st
+                st
+              when :ctry
+                ctry
+              when :sn
+                sn
+              else
+                block.call(ops)
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctkmu' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+          if not_empty?(certFile)
+            export_cert(keylabel, certFile)
+          end
+
+        end
+
+        def export_cert(label, outFile, &block)
+
+          raise TokenError, "Key label cannot be empty" if is_empty?(label) 
+          raise TokenError, "Output file cannot be empty" if is_empty?(outFile) 
+          raise TokenError, "Slot is not available!" if is_empty?(@slot)
+
+          slot = @slot.id
+          label.gsub!(" ","_")
+
+          begin
+
+            cli_exec("ctcert") do |ops|
+              case ops
+              when :params
+                ["x","-l#{label}","-s#{slot}","-f#{outFile}"]
+              end
+            end
+
+          rescue ExecutableNotFoundError
+            raise Error, "Executable 'ctcert' not found from PATH. Please install the driver or add the executable to PATH"
+          end
+
+
+        end
+
+      end
+    end # Cli
+
+    class Token
+      include Cli::Token
+
+      attr_accessor :slot
+      def initialize(slot)
+        @slot = slot
+      end
+
+    end
+
+  end
+
+end

data/lib/thales/pse/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Thales
+  module Pse
+    VERSION = "0.1.1"
+  end
+end

data/lib/thales/pse.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+require 'tlogger'
+require 'toolrack'
+
+require_relative "pse/version"
+require_relative "pse/hsm"
+
+module Thales
+  module Pse
+    class Error < StandardError; end
+    
+    class HSMError < StandardError; end
+    class SlotError < StandardError; end
+    class TokenError < StandardError; end
+
+    # Your code goes here...
+
+
+  end
+end

data/pty_test.rb

@@ -0,0 +1,23 @@
+
+require 'pty'
+
+prs, pws = PTY.open
+r, w = IO.pipe
+
+pid = spawn("/opt/safenet/protecttoolkit5/cpsdk/bin/linux-x86_64/ctconf 2>&1", in: r, out: pws)
+
+r.close
+pws.close
+
+loop do
+  begin
+    line = prs.gets
+  rescue Errno::EIO => ex
+    p ex
+    Process.kill('TERM', pid)
+    break
+  end
+end
+
+puts "done"
+

data/thales-pse.gemspec

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+require_relative "lib/thales/pse/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "thales-pse"
+  spec.version       = Thales::Pse::VERSION
+  spec.authors       = ["Ian"]
+  spec.email         = ["cameronian0@protonmail.com"]
+
+  spec.summary       = ""
+  spec.description   = ""
+  spec.homepage      = ""
+  spec.required_ruby_version = ">= 2.4.0"
+
+  #spec.metadata["allowed_push_host"] = "TODO: Set to your gem server 'https://example.com'"
+
+  #spec.metadata["homepage_uri"] = spec.homepage
+  #spec.metadata["source_code_uri"] = "TODO: Put your gem's public repo URL here."
+  #spec.metadata["changelog_uri"] = "TODO: Put your gem's CHANGELOG.md URL here."
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files = Dir.chdir(File.expand_path(__dir__)) do
+    `git ls-files -z`.split("\x0").reject do |f|
+      (f == __FILE__) || f.match(%r{\A(?:(?:test|spec|features)/|\.(?:git|travis|circleci)|appveyor)})
+    end
+  end
+  spec.bindir        = "exe"
+  spec.executables   = spec.files.grep(%r{\Aexe/}) { |f| File.basename(f) }
+  spec.require_paths = ["lib"]
+
+  spec.add_dependency 'tlogger'
+  spec.add_dependency 'toolrack'
+
+  spec.add_development_dependency "devops_helper"
+
+  # Uncomment to register a new dependency of your gem
+  # spec.add_dependency "example-gem", "~> 1.0"
+
+  # For more information and examples about making a new gem, checkout our
+  # guide at: https://bundler.io/guides/creating_gem.html
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: thales-pse
+version: !ruby/object:Gem::Version
+  version: 0.1.1
+platform: ruby
+authors:
+- Ian
+autorequire: 
+bindir: exe
+cert_chain: []
+date: 2021-10-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: tlogger
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: toolrack
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: devops_helper
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: ''
+email:
+- cameronian0@protonmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".rspec"
+- Gemfile
+- Gemfile.lock
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/thales/pse.rb
+- lib/thales/pse/cli.rb
+- lib/thales/pse/config.rb
+- lib/thales/pse/hsm.rb
+- lib/thales/pse/slot.rb
+- lib/thales/pse/token.rb
+- lib/thales/pse/version.rb
+- pty_test.rb
+- thales-pse.gemspec
+homepage: ''
+licenses: []
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.4.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.2.22
+signing_key: 
+specification_version: 4
+summary: ''
+test_files: []