win32-certstore 0.1.0 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/README.md +228 -225
- data/lib/win32/certstore.rb +1 -1
- data/lib/win32/certstore/mixin/assertions.rb +90 -90
- data/lib/win32/certstore/mixin/crypto.rb +203 -203
- data/lib/win32/certstore/mixin/helper.rb +50 -50
- data/lib/win32/certstore/mixin/shell_out.rb +105 -104
- data/lib/win32/certstore/mixin/string.rb +71 -71
- data/lib/win32/certstore/mixin/unicode.rb +50 -50
- data/lib/win32/certstore/store_base.rb +215 -214
- data/lib/win32/certstore/version.rb +6 -6
- metadata +3 -3
@@ -1,50 +1,50 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Piyush Awasthi (<piyush.awasthi@msystechnologies.com>)
|
3
|
-
# Copyright:: Copyright (c) 2018 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require
|
19
|
-
|
20
|
-
module Win32
|
21
|
-
class Certstore
|
22
|
-
module Mixin
|
23
|
-
module Helper
|
24
|
-
|
25
|
-
# PSCommand to search certificate from thumbprint and convert in pem
|
26
|
-
def cert_ps_cmd(thumbprint)
|
27
|
-
<<-EOH
|
28
|
-
$content = $null
|
29
|
-
$cert = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
30
|
-
if($cert -ne $null)
|
31
|
-
{
|
32
|
-
$content = @(
|
33
|
-
'-----BEGIN CERTIFICATE-----'
|
34
|
-
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
35
|
-
'-----END CERTIFICATE-----'
|
36
|
-
)
|
37
|
-
}
|
38
|
-
$content
|
39
|
-
EOH
|
40
|
-
end
|
41
|
-
|
42
|
-
# validate certificate not_before and not_after date in UTC
|
43
|
-
def valid_duration?(cert_obj)
|
44
|
-
cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
|
45
|
-
end
|
46
|
-
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Piyush Awasthi (<piyush.awasthi@msystechnologies.com>)
|
3
|
+
# Copyright:: Copyright (c) 2018 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require "date"
|
19
|
+
|
20
|
+
module Win32
|
21
|
+
class Certstore
|
22
|
+
module Mixin
|
23
|
+
module Helper
|
24
|
+
|
25
|
+
# PSCommand to search certificate from thumbprint and convert in pem
|
26
|
+
def cert_ps_cmd(thumbprint)
|
27
|
+
<<-EOH
|
28
|
+
$content = $null
|
29
|
+
$cert = Get-ChildItem Cert:\ -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
30
|
+
if($cert -ne $null)
|
31
|
+
{
|
32
|
+
$content = @(
|
33
|
+
'-----BEGIN CERTIFICATE-----'
|
34
|
+
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
35
|
+
'-----END CERTIFICATE-----'
|
36
|
+
)
|
37
|
+
}
|
38
|
+
$content
|
39
|
+
EOH
|
40
|
+
end
|
41
|
+
|
42
|
+
# validate certificate not_before and not_after date in UTC
|
43
|
+
def valid_duration?(cert_obj)
|
44
|
+
cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
@@ -1,104 +1,105 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require "mixlib/shellout"
|
19
|
-
|
20
|
-
module Win32
|
21
|
-
class Certstore
|
22
|
-
module Mixin
|
23
|
-
module ShellOut
|
24
|
-
def shell_out_command(*command_args)
|
25
|
-
cmd = Mixlib::ShellOut.new(*command_args)
|
26
|
-
cmd.live_stream
|
27
|
-
cmd.run_command
|
28
|
-
if cmd.error!
|
29
|
-
raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
|
30
|
-
end
|
31
|
-
cmd
|
32
|
-
end
|
33
|
-
|
34
|
-
#
|
35
|
-
#
|
36
|
-
#
|
37
|
-
#
|
38
|
-
# @param
|
39
|
-
# @
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
#
|
49
|
-
#
|
50
|
-
#
|
51
|
-
# @param
|
52
|
-
# @
|
53
|
-
|
54
|
-
|
55
|
-
cmd
|
56
|
-
cmd
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
#
|
63
|
-
#
|
64
|
-
#
|
65
|
-
#
|
66
|
-
# @param
|
67
|
-
# @
|
68
|
-
|
69
|
-
|
70
|
-
options
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
#
|
81
|
-
#
|
82
|
-
# @
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
#
|
93
|
-
|
94
|
-
|
95
|
-
#
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Daniel DeLeo (<dan@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require "mixlib/shellout"
|
19
|
+
|
20
|
+
module Win32
|
21
|
+
class Certstore
|
22
|
+
module Mixin
|
23
|
+
module ShellOut
|
24
|
+
def shell_out_command(*command_args)
|
25
|
+
cmd = Mixlib::ShellOut.new(*command_args)
|
26
|
+
cmd.live_stream
|
27
|
+
cmd.run_command
|
28
|
+
if cmd.error!
|
29
|
+
raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
|
30
|
+
end
|
31
|
+
cmd
|
32
|
+
end
|
33
|
+
|
34
|
+
# Run a command under powershell with the same API as shell_out. The
|
35
|
+
# options hash is extended to take an "architecture" flag which
|
36
|
+
# can be set to :i386 or :x86_64 to force the windows architecture.
|
37
|
+
#
|
38
|
+
# @param script [String] script to run
|
39
|
+
# @param options [Hash] options hash
|
40
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
41
|
+
def powershell_out(*command_args)
|
42
|
+
script = command_args.first
|
43
|
+
options = command_args.last.is_a?(Hash) ? command_args.last : nil
|
44
|
+
|
45
|
+
run_command_with_os_architecture(script, options)
|
46
|
+
end
|
47
|
+
|
48
|
+
# Run a command under powershell with the same API as shell_out!
|
49
|
+
# (raises exceptions on errors)
|
50
|
+
#
|
51
|
+
# @param script [String] script to run
|
52
|
+
# @param options [Hash] options hash
|
53
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
54
|
+
def powershell_out!(*command_args)
|
55
|
+
cmd = powershell_out(*command_args)
|
56
|
+
cmd.error!
|
57
|
+
cmd
|
58
|
+
end
|
59
|
+
|
60
|
+
private
|
61
|
+
|
62
|
+
# Helper function to run shell_out and wrap it with the correct
|
63
|
+
# flags to possibly disable WOW64 redirection (which we often need
|
64
|
+
# because chef-client runs as a 32-bit app on 64-bit windows).
|
65
|
+
#
|
66
|
+
# @param script [String] script to run
|
67
|
+
# @param options [Hash] options hash
|
68
|
+
# @return [Mixlib::Shellout] mixlib-shellout object
|
69
|
+
def run_command_with_os_architecture(script, options)
|
70
|
+
options ||= {}
|
71
|
+
options = options.dup
|
72
|
+
arch = options.delete(:architecture)
|
73
|
+
|
74
|
+
shell_out_command(
|
75
|
+
build_powershell_command(script),
|
76
|
+
options
|
77
|
+
)
|
78
|
+
end
|
79
|
+
|
80
|
+
# Helper to build a powershell command around the script to run.
|
81
|
+
#
|
82
|
+
# @param script [String] script to run
|
83
|
+
# @return [String] powershell command to execute
|
84
|
+
def build_powershell_command(script)
|
85
|
+
flags = [
|
86
|
+
# Hides the copyright banner at startup.
|
87
|
+
"-NoLogo",
|
88
|
+
# Does not present an interactive prompt to the user.
|
89
|
+
"-NonInteractive",
|
90
|
+
# Does not load the Windows PowerShell profile.
|
91
|
+
"-NoProfile",
|
92
|
+
# always set the ExecutionPolicy flag
|
93
|
+
# see http://technet.microsoft.com/en-us/library/ee176961.aspx
|
94
|
+
"-ExecutionPolicy Unrestricted",
|
95
|
+
# Powershell will hang if STDIN is redirected
|
96
|
+
# http://connect.microsoft.com/PowerShell/feedback/details/572313/powershell-exe-can-hang-if-stdin-is-redirected
|
97
|
+
"-InputFormat None",
|
98
|
+
]
|
99
|
+
|
100
|
+
"powershell.exe #{flags.join(' ')} -Command \"#{script.gsub('"', '\"')}\""
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
@@ -1,71 +1,71 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Jay Mundrawala(<jdm@chef.io>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
module Win32
|
19
|
-
class Certstore
|
20
|
-
module Mixin
|
21
|
-
module String
|
22
|
-
def wstring(str)
|
23
|
-
if str.nil? || str.encoding == Encoding::UTF_16LE
|
24
|
-
str
|
25
|
-
else
|
26
|
-
utf8_to_wide(str)
|
27
|
-
end
|
28
|
-
end
|
29
|
-
|
30
|
-
def utf8_to_wide(ustring)
|
31
|
-
# ensure it is actually UTF-8
|
32
|
-
# Ruby likes to mark binary data as ASCII-8BIT
|
33
|
-
ustring = (ustring + "").force_encoding("UTF-8") if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
|
34
|
-
|
35
|
-
# ensure we have the double-null termination Windows Wide likes
|
36
|
-
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
37
|
-
|
38
|
-
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
39
|
-
ustring = begin
|
40
|
-
if ustring.respond_to?(:encode)
|
41
|
-
ustring.encode("UTF-16LE")
|
42
|
-
else
|
43
|
-
require "iconv"
|
44
|
-
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
45
|
-
end
|
46
|
-
end
|
47
|
-
ustring
|
48
|
-
end
|
49
|
-
|
50
|
-
def wide_to_utf8(wstring)
|
51
|
-
# ensure it is actually UTF-16LE
|
52
|
-
# Ruby likes to mark binary data as ASCII-8BIT
|
53
|
-
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
54
|
-
|
55
|
-
# encode it all as UTF-8
|
56
|
-
wstring = begin
|
57
|
-
if wstring.respond_to?(:encode)
|
58
|
-
wstring.encode("UTF-8")
|
59
|
-
else
|
60
|
-
require "iconv"
|
61
|
-
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
62
|
-
end
|
63
|
-
end
|
64
|
-
# remove trailing CRLF and NULL characters
|
65
|
-
wstring.strip!
|
66
|
-
wstring
|
67
|
-
end
|
68
|
-
end
|
69
|
-
end
|
70
|
-
end
|
71
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Jay Mundrawala(<jdm@chef.io>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
module Win32
|
19
|
+
class Certstore
|
20
|
+
module Mixin
|
21
|
+
module String
|
22
|
+
def wstring(str)
|
23
|
+
if str.nil? || str.encoding == Encoding::UTF_16LE
|
24
|
+
str
|
25
|
+
else
|
26
|
+
utf8_to_wide(str)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def utf8_to_wide(ustring)
|
31
|
+
# ensure it is actually UTF-8
|
32
|
+
# Ruby likes to mark binary data as ASCII-8BIT
|
33
|
+
ustring = (ustring + "").force_encoding("UTF-8") if ustring.respond_to?(:force_encoding) && ustring.encoding.name != "UTF-8"
|
34
|
+
|
35
|
+
# ensure we have the double-null termination Windows Wide likes
|
36
|
+
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
37
|
+
|
38
|
+
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
39
|
+
ustring = begin
|
40
|
+
if ustring.respond_to?(:encode)
|
41
|
+
ustring.encode("UTF-16LE")
|
42
|
+
else
|
43
|
+
require "iconv"
|
44
|
+
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
ustring
|
48
|
+
end
|
49
|
+
|
50
|
+
def wide_to_utf8(wstring)
|
51
|
+
# ensure it is actually UTF-16LE
|
52
|
+
# Ruby likes to mark binary data as ASCII-8BIT
|
53
|
+
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
54
|
+
|
55
|
+
# encode it all as UTF-8
|
56
|
+
wstring = begin
|
57
|
+
if wstring.respond_to?(:encode)
|
58
|
+
wstring.encode("UTF-8")
|
59
|
+
else
|
60
|
+
require "iconv"
|
61
|
+
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
62
|
+
end
|
63
|
+
end
|
64
|
+
# remove trailing CRLF and NULL characters
|
65
|
+
wstring.strip!
|
66
|
+
wstring
|
67
|
+
end
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|