win32-certstore 0.1.0 → 0.1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/README.md +228 -225
- data/lib/win32/certstore.rb +1 -1
- data/lib/win32/certstore/mixin/assertions.rb +90 -90
- data/lib/win32/certstore/mixin/crypto.rb +203 -203
- data/lib/win32/certstore/mixin/helper.rb +50 -50
- data/lib/win32/certstore/mixin/shell_out.rb +105 -104
- data/lib/win32/certstore/mixin/string.rb +71 -71
- data/lib/win32/certstore/mixin/unicode.rb +50 -50
- data/lib/win32/certstore/store_base.rb +215 -214
- data/lib/win32/certstore/version.rb +6 -6
- metadata +3 -3
@@ -1,50 +1,50 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Piyush Awasthi (<piyush.awasthi@msystechnologies.com>)
|
3
|
-
# Copyright:: Copyright (c) 2018 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require
|
19
|
-
|
20
|
-
module Win32
|
21
|
-
class Certstore
|
22
|
-
module Mixin
|
23
|
-
module Helper
|
24
|
-
|
25
|
-
# PSCommand to search certificate from thumbprint and convert in pem
|
26
|
-
def cert_ps_cmd(thumbprint)
|
27
|
-
<<-EOH
|
28
|
-
$content = $null
|
29
|
-
$cert = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
30
|
-
if($cert -ne $null)
|
31
|
-
{
|
32
|
-
$content = @(
|
33
|
-
'-----BEGIN CERTIFICATE-----'
|
34
|
-
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
35
|
-
'-----END CERTIFICATE-----'
|
36
|
-
)
|
37
|
-
}
|
38
|
-
$content
|
39
|
-
EOH
|
40
|
-
end
|
41
|
-
|
42
|
-
# validate certificate not_before and not_after date in UTC
|
43
|
-
def valid_duration?(cert_obj)
|
44
|
-
cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
|
45
|
-
end
|
46
|
-
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Piyush Awasthi (<piyush.awasthi@msystechnologies.com>)
|
3
|
+
# Copyright:: Copyright (c) 2018 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require "date"
|
19
|
+
|
20
|
+
module Win32
|
21
|
+
class Certstore
|
22
|
+
module Mixin
|
23
|
+
module Helper
|
24
|
+
|
25
|
+
# PSCommand to search certificate from thumbprint and convert in pem
|
26
|
+
def cert_ps_cmd(thumbprint)
|
27
|
+
<<-EOH
|
28
|
+
$content = $null
|
29
|
+
$cert = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
30
|
+
if($cert -ne $null)
|
31
|
+
{
|
32
|
+
$content = @(
|
33
|
+
'-----BEGIN CERTIFICATE-----'
|
34
|
+
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
35
|
+
'-----END CERTIFICATE-----'
|
36
|
+
)
|
37
|
+
}
|
38
|
+
$content
|
39
|
+
EOH
|
40
|
+
end
|
41
|
+
|
42
|
+
# validate certificate not_before and not_after date in UTC
|
43
|
+
def valid_duration?(cert_obj)
|
44
|
+
cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -1,104 +1,105 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require "mixlib/shellout"
|
19
|
-
|
20
|
-
module Win32
|
21
|
-
class Certstore
|
22
|
-
module Mixin
|
23
|
-
module ShellOut
|
24
|
-
def shell_out_command(*command_args)
|
25
|
-
cmd = Mixlib::ShellOut.new(*command_args)
|
26
|
-
cmd.live_stream
|
27
|
-
cmd.run_command
|
28
|
-
if cmd.error!
|
29
|
-
raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
|
30
|
-
end
|
31
|
-
cmd
|
32
|
-
end
|
33
|
-
|
34
|
-
#
|
35
|
-
#
|
36
|
-
#
|
37
|
-
#
|
38
|
-
# @param
|
39
|
-
# @
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
# @param
|
52
|
-
# @
|
53
|
-
|
54
|
-
|
55
|
-
cmd
|
56
|
-
cmd
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
#
|
66
|
-
# @param
|
67
|
-
# @
|
68
|
-
|
69
|
-
|
70
|
-
options
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
#
|
81
|
-
#
|
82
|
-
# @
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
#
|
93
|
-
|
94
|
-
|
95
|
-
#
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require "mixlib/shellout"
|
19
|
+
|
20
|
+
module Win32
|
21
|
+
class Certstore
|
22
|
+
module Mixin
|
23
|
+
module ShellOut
|
24
|
+
def shell_out_command(*command_args)
|
25
|
+
cmd = Mixlib::ShellOut.new(*command_args)
|
26
|
+
cmd.live_stream
|
27
|
+
cmd.run_command
|
28
|
+
if cmd.error!
|
29
|
+
raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
|
30
|
+
end
|
31
|
+
cmd
|
32
|
+
end
|
33
|
+
|
34
|
+
# Run a command under powershell with the same API as shell_out. The
|
35
|
+
# options hash is extended to take an "architecture" flag which
|
36
|
+
# can be set to :i386 or :x86_64 to force the windows architecture.
|
37
|
+
#
|
38
|
+
# @param script [String] script to run
|
39
|
+
# @param options [Hash] options hash
|
40
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
41
|
+
def powershell_out(*command_args)
|
42
|
+
script = command_args.first
|
43
|
+
options = command_args.last.is_a?(Hash) ? command_args.last : nil
|
44
|
+
|
45
|
+
run_command_with_os_architecture(script, options)
|
46
|
+
end
|
47
|
+
|
48
|
+
# Run a command under powershell with the same API as shell_out!
|
49
|
+
# (raises exceptions on errors)
|
50
|
+
#
|
51
|
+
# @param script [String] script to run
|
52
|
+
# @param options [Hash] options hash
|
53
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
54
|
+
def powershell_out!(*command_args)
|
55
|
+
cmd = powershell_out(*command_args)
|
56
|
+
cmd.error!
|
57
|
+
cmd
|
58
|
+
end
|
59
|
+
|
60
|
+
private
|
61
|
+
|
62
|
+
# Helper function to run shell_out and wrap it with the correct
|
63
|
+
# flags to possibly disable WOW64 redirection (which we often need
|
64
|
+
# because chef-client runs as a 32-bit app on 64-bit windows).
|
65
|
+
#
|
66
|
+
# @param script [String] script to run
|
67
|
+
# @param options [Hash] options hash
|
68
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
69
|
+
def run_command_with_os_architecture(script, options)
|
70
|
+
options ||= {}
|
71
|
+
options = options.dup
|
72
|
+
arch = options.delete(:architecture)
|
73
|
+
|
74
|
+
shell_out_command(
|
75
|
+
build_powershell_command(script),
|
76
|
+
options
|
77
|
+
)
|
78
|
+
end
|
79
|
+
|
80
|
+
# Helper to build a powershell command around the script to run.
|
81
|
+
#
|
82
|
+
# @param script [String] script to run
|
83
|
+
# @return [String] powershell command to execute
|
84
|
+
def build_powershell_command(script)
|
85
|
+
flags = [
|
86
|
+
# Hides the copyright banner at startup.
|
87
|
+
"-NoLogo",
|
88
|
+
# Does not present an interactive prompt to the user.
|
89
|
+
"-NonInteractive",
|
90
|
+
# Does not load the Windows PowerShell profile.
|
91
|
+
"-NoProfile",
|
92
|
+
# always set the ExecutionPolicy flag
|
93
|
+
# see http://technet.microsoft.com/en-us/library/ee176961.aspx
|
94
|
+
"-ExecutionPolicy Unrestricted",
|
95
|
+
# Powershell will hang if STDIN is redirected
|
96
|
+
# http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected
|
97
|
+
"-InputFormat None",
|
98
|
+
]
|
99
|
+
|
100
|
+
"powershell.exe #{flags.join(' ')} -Command \"#{script.gsub('"', '\"')}\""
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
@@ -1,71 +1,71 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Jay Mundrawala(<jdm@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
module Win32
|
19
|
-
class Certstore
|
20
|
-
module Mixin
|
21
|
-
module String
|
22
|
-
def wstring(str)
|
23
|
-
if str.nil? || str.encoding == Encoding::UTF_16LE
|
24
|
-
str
|
25
|
-
else
|
26
|
-
utf8_to_wide(str)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def utf8_to_wide(ustring)
|
31
|
-
# ensure it is actually UTF-8
|
32
|
-
# Ruby likes to mark binary data as ASCII-8BIT
|
33
|
-
ustring = (ustring + "").force_encoding("UTF-8") if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
|
34
|
-
|
35
|
-
# ensure we have the double-null termination Windows Wide likes
|
36
|
-
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
37
|
-
|
38
|
-
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
39
|
-
ustring = begin
|
40
|
-
if ustring.respond_to?(:encode)
|
41
|
-
ustring.encode("UTF-16LE")
|
42
|
-
else
|
43
|
-
require "iconv"
|
44
|
-
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
45
|
-
end
|
46
|
-
end
|
47
|
-
ustring
|
48
|
-
end
|
49
|
-
|
50
|
-
def wide_to_utf8(wstring)
|
51
|
-
# ensure it is actually UTF-16LE
|
52
|
-
# Ruby likes to mark binary data as ASCII-8BIT
|
53
|
-
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
54
|
-
|
55
|
-
# encode it all as UTF-8
|
56
|
-
wstring = begin
|
57
|
-
if wstring.respond_to?(:encode)
|
58
|
-
wstring.encode("UTF-8")
|
59
|
-
else
|
60
|
-
require "iconv"
|
61
|
-
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
# remove trailing CRLF and NULL characters
|
65
|
-
wstring.strip!
|
66
|
-
wstring
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Jay Mundrawala(<jdm@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Win32
|
19
|
+
class Certstore
|
20
|
+
module Mixin
|
21
|
+
module String
|
22
|
+
def wstring(str)
|
23
|
+
if str.nil? || str.encoding == Encoding::UTF_16LE
|
24
|
+
str
|
25
|
+
else
|
26
|
+
utf8_to_wide(str)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def utf8_to_wide(ustring)
|
31
|
+
# ensure it is actually UTF-8
|
32
|
+
# Ruby likes to mark binary data as ASCII-8BIT
|
33
|
+
ustring = (ustring + "").force_encoding("UTF-8") if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
|
34
|
+
|
35
|
+
# ensure we have the double-null termination Windows Wide likes
|
36
|
+
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
37
|
+
|
38
|
+
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
39
|
+
ustring = begin
|
40
|
+
if ustring.respond_to?(:encode)
|
41
|
+
ustring.encode("UTF-16LE")
|
42
|
+
else
|
43
|
+
require "iconv"
|
44
|
+
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
ustring
|
48
|
+
end
|
49
|
+
|
50
|
+
def wide_to_utf8(wstring)
|
51
|
+
# ensure it is actually UTF-16LE
|
52
|
+
# Ruby likes to mark binary data as ASCII-8BIT
|
53
|
+
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
54
|
+
|
55
|
+
# encode it all as UTF-8
|
56
|
+
wstring = begin
|
57
|
+
if wstring.respond_to?(:encode)
|
58
|
+
wstring.encode("UTF-8")
|
59
|
+
else
|
60
|
+
require "iconv"
|
61
|
+
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
# remove trailing CRLF and NULL characters
|
65
|
+
wstring.strip!
|
66
|
+
wstring
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|