win32-certstore 0.1.3 → 0.1.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -2
- data/lib/win32-certstore.rb +18 -18
- data/lib/win32/certstore.rb +129 -129
- data/lib/win32/certstore/mixin/assertions.rb +2 -2
- data/lib/win32/certstore/mixin/crypto.rb +5 -0
- data/lib/win32/certstore/mixin/shell_out.rb +0 -1
- data/lib/win32/certstore/store_base.rb +4 -7
- data/lib/win32/certstore/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c17507a4ecec6470d09f2ce920862647dd3cffa5f9081565a9f2881e1a9d3c32
|
4
|
+
data.tar.gz: 62a74c513b42c2ec4d9431fe5a7a911c9d08b2b31d1a802728eccdb9b55b428e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6a83b025818c0e1e0708821f64cb0da5d96d612d04437168394caafc88615b389b81a27b1e24ed06d0d65f668090a803fc05cf239fccad86f229d4c8614090f1
|
7
|
+
data.tar.gz: 575e50b799a8b7af0bbdc048d1abbecc8fa51e0f3bdbad744bd29aea8f9ca4d6400f98a58bd0b00c7e4f119421b16a800c1a864d4eb9d4a333173861df3c7f07
|
data/README.md
CHANGED
@@ -203,9 +203,10 @@ store.close
|
|
203
203
|
|
204
204
|
Ruby 1.9.3+ is required.
|
205
205
|
|
206
|
-
##
|
206
|
+
## Contributing
|
207
|
+
|
208
|
+
For information on contributing to this project see https://github.com/chef/chef/blob/master/CONTRIBUTING.md
|
207
209
|
|
208
|
-
Please file bugs against the WIN32-CERTSTORE project at https://github.com/chef/win32-certstore/issues.
|
209
210
|
|
210
211
|
More information on the contribution process for Chef projects can be found in the [Chef Contributions document](http://docs.chef.io/community_contributions.html).
|
211
212
|
|
data/lib/win32-certstore.rb
CHANGED
@@ -1,18 +1,18 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require_relative "win32/certstore"
|
1
|
+
#
|
2
|
+
# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require_relative "win32/certstore"
|
data/lib/win32/certstore.rb
CHANGED
@@ -1,129 +1,129 @@
|
|
1
|
-
#
|
2
|
-
# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
|
3
|
-
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
-
# License:: Apache License, Version 2.0
|
5
|
-
#
|
6
|
-
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
-
# you may not use this file except in compliance with the License.
|
8
|
-
# You may obtain a copy of the License at
|
9
|
-
#
|
10
|
-
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
-
#
|
12
|
-
# Unless required by applicable law or agreed to in writing, software
|
13
|
-
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
-
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
-
# See the License for the specific language governing permissions and
|
16
|
-
# limitations under the License.
|
17
|
-
|
18
|
-
require_relative "certstore/mixin/crypto"
|
19
|
-
require_relative "certstore/mixin/assertions"
|
20
|
-
require_relative "certstore/mixin/helper"
|
21
|
-
require_relative "certstore/mixin/string"
|
22
|
-
require_relative "certstore/store_base"
|
23
|
-
require_relative "certstore/version"
|
24
|
-
|
25
|
-
module Win32
|
26
|
-
class Certstore
|
27
|
-
include Win32::Certstore::Mixin::Crypto
|
28
|
-
extend Win32::Certstore::Mixin::Assertions
|
29
|
-
include Win32::Certstore::Mixin::String
|
30
|
-
include Win32::Certstore::StoreBase
|
31
|
-
|
32
|
-
attr_reader :store_name
|
33
|
-
|
34
|
-
def initialize(store_name)
|
35
|
-
@certstore_handler = open(store_name)
|
36
|
-
end
|
37
|
-
|
38
|
-
# To open given certificate store
|
39
|
-
def self.open(store_name)
|
40
|
-
validate_store(store_name)
|
41
|
-
if block_given?
|
42
|
-
yield new(store_name)
|
43
|
-
else
|
44
|
-
new(store_name)
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
# Adds a new certificate to an open certificate store
|
49
|
-
# @param request [Object] of certificate in OpenSSL::X509::Certificate.new format
|
50
|
-
# @return [true, false] only true or false
|
51
|
-
def add(certificate_obj)
|
52
|
-
cert_add(certstore_handler, certificate_obj)
|
53
|
-
end
|
54
|
-
|
55
|
-
# Return `OpenSSL::X509` certificate object
|
56
|
-
# @param request [thumbprint<string>] of certificate
|
57
|
-
# @return [Object] of certificates in OpenSSL::X509 format
|
58
|
-
def get(certificate_thumbprint)
|
59
|
-
cert_get(certificate_thumbprint)
|
60
|
-
end
|
61
|
-
|
62
|
-
# Returns all the certificates in a store
|
63
|
-
# @param [nil]
|
64
|
-
# @return [Array] array of certificates list
|
65
|
-
def list
|
66
|
-
cert_list(certstore_handler)
|
67
|
-
end
|
68
|
-
|
69
|
-
# Delete existing certificate from open certificate store
|
70
|
-
# @param request [thumbprint<string>] of certificate
|
71
|
-
# @return [true, false] only true or false
|
72
|
-
def delete(certificate_thumbprint)
|
73
|
-
cert_delete(certstore_handler, certificate_thumbprint)
|
74
|
-
end
|
75
|
-
|
76
|
-
# Returns all matching certificates in a store
|
77
|
-
# @param request[search_token<string>] attributes of certificates as: CN, RDN, Friendly Name and other attributes
|
78
|
-
# @return [Array] array of certificates list
|
79
|
-
def search(search_token)
|
80
|
-
cert_search(certstore_handler, search_token)
|
81
|
-
end
|
82
|
-
|
83
|
-
# Validates a certificate in a certificate store on the basis of time validity
|
84
|
-
# @param request[thumbprint<string>] of certificate
|
85
|
-
# @return [true, false] only true or false
|
86
|
-
def valid?(certificate_thumbprint)
|
87
|
-
cert_validate(certificate_thumbprint)
|
88
|
-
end
|
89
|
-
|
90
|
-
# To close and destroy pointer of open certificate store handler
|
91
|
-
def close
|
92
|
-
closed = CertCloseStore(@certstore_handler, CERT_CLOSE_STORE_FORCE_FLAG)
|
93
|
-
unless closed
|
94
|
-
last_error = FFI::LastError.error
|
95
|
-
raise SystemCallError.new("Unable to close the Certificate Store.", last_error)
|
96
|
-
end
|
97
|
-
remove_finalizer
|
98
|
-
end
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
117
|
-
|
118
|
-
|
119
|
-
|
120
|
-
def
|
121
|
-
|
122
|
-
end
|
123
|
-
|
124
|
-
# To close all open certificate store at the end
|
125
|
-
def remove_finalizer
|
126
|
-
ObjectSpace.undefine_finalizer(self)
|
127
|
-
end
|
128
|
-
end
|
129
|
-
end
|
1
|
+
#
|
2
|
+
# Author:: Nimisha Sharad (<nimisha.sharad@msystechnologies.com>)
|
3
|
+
# Copyright:: Copyright (c) 2017 Chef Software, Inc.
|
4
|
+
# License:: Apache License, Version 2.0
|
5
|
+
#
|
6
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
7
|
+
# you may not use this file except in compliance with the License.
|
8
|
+
# You may obtain a copy of the License at
|
9
|
+
#
|
10
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
11
|
+
#
|
12
|
+
# Unless required by applicable law or agreed to in writing, software
|
13
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
14
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
15
|
+
# See the License for the specific language governing permissions and
|
16
|
+
# limitations under the License.
|
17
|
+
|
18
|
+
require_relative "certstore/mixin/crypto"
|
19
|
+
require_relative "certstore/mixin/assertions"
|
20
|
+
require_relative "certstore/mixin/helper"
|
21
|
+
require_relative "certstore/mixin/string"
|
22
|
+
require_relative "certstore/store_base"
|
23
|
+
require_relative "certstore/version"
|
24
|
+
|
25
|
+
module Win32
|
26
|
+
class Certstore
|
27
|
+
include Win32::Certstore::Mixin::Crypto
|
28
|
+
extend Win32::Certstore::Mixin::Assertions
|
29
|
+
include Win32::Certstore::Mixin::String
|
30
|
+
include Win32::Certstore::StoreBase
|
31
|
+
|
32
|
+
attr_reader :store_name
|
33
|
+
|
34
|
+
def initialize(store_name)
|
35
|
+
@certstore_handler = open(store_name)
|
36
|
+
end
|
37
|
+
|
38
|
+
# To open given certificate store
|
39
|
+
def self.open(store_name)
|
40
|
+
validate_store(store_name)
|
41
|
+
if block_given?
|
42
|
+
yield new(store_name)
|
43
|
+
else
|
44
|
+
new(store_name)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
|
48
|
+
# Adds a new certificate to an open certificate store
|
49
|
+
# @param request [Object] of certificate in OpenSSL::X509::Certificate.new format
|
50
|
+
# @return [true, false] only true or false
|
51
|
+
def add(certificate_obj)
|
52
|
+
cert_add(certstore_handler, certificate_obj)
|
53
|
+
end
|
54
|
+
|
55
|
+
# Return `OpenSSL::X509` certificate object
|
56
|
+
# @param request [thumbprint<string>] of certificate
|
57
|
+
# @return [Object] of certificates in OpenSSL::X509 format
|
58
|
+
def get(certificate_thumbprint)
|
59
|
+
cert_get(certificate_thumbprint)
|
60
|
+
end
|
61
|
+
|
62
|
+
# Returns all the certificates in a store
|
63
|
+
# @param [nil]
|
64
|
+
# @return [Array] array of certificates list
|
65
|
+
def list
|
66
|
+
cert_list(certstore_handler)
|
67
|
+
end
|
68
|
+
|
69
|
+
# Delete existing certificate from open certificate store
|
70
|
+
# @param request [thumbprint<string>] of certificate
|
71
|
+
# @return [true, false] only true or false
|
72
|
+
def delete(certificate_thumbprint)
|
73
|
+
cert_delete(certstore_handler, certificate_thumbprint)
|
74
|
+
end
|
75
|
+
|
76
|
+
# Returns all matching certificates in a store
|
77
|
+
# @param request[search_token<string>] attributes of certificates as: CN, RDN, Friendly Name and other attributes
|
78
|
+
# @return [Array] array of certificates list
|
79
|
+
def search(search_token)
|
80
|
+
cert_search(certstore_handler, search_token)
|
81
|
+
end
|
82
|
+
|
83
|
+
# Validates a certificate in a certificate store on the basis of time validity
|
84
|
+
# @param request[thumbprint<string>] of certificate
|
85
|
+
# @return [true, false] only true or false
|
86
|
+
def valid?(certificate_thumbprint)
|
87
|
+
cert_validate(certificate_thumbprint)
|
88
|
+
end
|
89
|
+
|
90
|
+
# To close and destroy pointer of open certificate store handler
|
91
|
+
def close
|
92
|
+
closed = CertCloseStore(@certstore_handler, CERT_CLOSE_STORE_FORCE_FLAG)
|
93
|
+
unless closed
|
94
|
+
last_error = FFI::LastError.error
|
95
|
+
raise SystemCallError.new("Unable to close the Certificate Store.", last_error)
|
96
|
+
end
|
97
|
+
remove_finalizer
|
98
|
+
end
|
99
|
+
|
100
|
+
def self.finalize(certstore_handler)
|
101
|
+
proc { certstore_handler.to_s }
|
102
|
+
end
|
103
|
+
|
104
|
+
private
|
105
|
+
|
106
|
+
attr_reader :certstore_handler
|
107
|
+
|
108
|
+
# To open certstore and return open certificate store pointer
|
109
|
+
def open(store_name)
|
110
|
+
certstore_handler = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, wstring(store_name))
|
111
|
+
unless certstore_handler
|
112
|
+
last_error = FFI::LastError.error
|
113
|
+
raise SystemCallError.new("Unable to open the Certificate Store `#{store_name}`.", last_error)
|
114
|
+
end
|
115
|
+
add_finalizer(certstore_handler)
|
116
|
+
certstore_handler
|
117
|
+
end
|
118
|
+
|
119
|
+
# Get all open certificate store handler
|
120
|
+
def add_finalizer(certstore_handler)
|
121
|
+
ObjectSpace.define_finalizer(self, self.class.finalize(certstore_handler))
|
122
|
+
end
|
123
|
+
|
124
|
+
# To close all open certificate store at the end
|
125
|
+
def remove_finalizer
|
126
|
+
ObjectSpace.undefine_finalizer(self)
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|
@@ -22,8 +22,8 @@ module Win32
|
|
22
22
|
module Assertions
|
23
23
|
# Validate certificate store name
|
24
24
|
def validate_store(store_name)
|
25
|
-
|
26
|
-
raise ArgumentError, "
|
25
|
+
if store_name.to_s.strip.empty?
|
26
|
+
raise ArgumentError, "Empty Certificate Store."
|
27
27
|
end
|
28
28
|
end
|
29
29
|
|
@@ -76,6 +76,9 @@ module Win32
|
|
76
76
|
CERT_NAME_SEARCH_ALL_NAMES_FLAG = 0x2
|
77
77
|
CERT_NAME_STR_ENABLE_PUNYCODE_FLAG = 0x00200000
|
78
78
|
|
79
|
+
CERT_STORE_PROV_SYSTEM = 10
|
80
|
+
CERT_SYSTEM_STORE_LOCAL_MACHINE = 0x00020000
|
81
|
+
|
79
82
|
# Define ffi pointer
|
80
83
|
HCERTSTORE = FFI::TypeDefs[:pointer]
|
81
84
|
HCRYPTPROV_LEGACY = FFI::TypeDefs[:pointer]
|
@@ -172,6 +175,8 @@ module Win32
|
|
172
175
|
|
173
176
|
# To opens the most common system certificate store
|
174
177
|
safe_attach_function :CertOpenSystemStoreW, [HCRYPTPROV_LEGACY, LPCTSTR], HCERTSTORE
|
178
|
+
# To open a certificate store for most purposes
|
179
|
+
safe_attach_function :CertOpenStore, [DWORD, DWORD, HCRYPTPROV_LEGACY, DWORD, LPCTSTR], HCERTSTORE
|
175
180
|
# To close the already open certificate store
|
176
181
|
safe_attach_function :CertCloseStore, [HCERTSTORE, DWORD], BOOL
|
177
182
|
# To create encoded certificate context
|
@@ -44,7 +44,7 @@ module Win32
|
|
44
44
|
else
|
45
45
|
lookup_error
|
46
46
|
end
|
47
|
-
rescue
|
47
|
+
rescue
|
48
48
|
lookup_error("add")
|
49
49
|
end
|
50
50
|
end
|
@@ -74,7 +74,7 @@ module Win32
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
CertFreeCertificateContext(pcert_context)
|
77
|
-
rescue
|
77
|
+
rescue
|
78
78
|
lookup_error("list")
|
79
79
|
end
|
80
80
|
cert_list.to_json
|
@@ -85,7 +85,6 @@ module Win32
|
|
85
85
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
86
86
|
def cert_delete(store_handler, certificate_thumbprint)
|
87
87
|
validate_thumbprint(certificate_thumbprint)
|
88
|
-
cert_name = memory_ptr
|
89
88
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
90
89
|
cert_pem = format_pem(get_cert_pem(thumbprint))
|
91
90
|
cert_rdn = get_rdn(build_openssl_obj(cert_pem))
|
@@ -96,7 +95,7 @@ module Win32
|
|
96
95
|
cert_delete_flag = CertDeleteCertificateFromStore(CertDuplicateCertificateContext(pcert_context)) || lookup_error
|
97
96
|
end
|
98
97
|
CertFreeCertificateContext(pcert_context)
|
99
|
-
rescue
|
98
|
+
rescue
|
100
99
|
lookup_error("delete")
|
101
100
|
end
|
102
101
|
cert_delete_flag
|
@@ -118,9 +117,7 @@ module Win32
|
|
118
117
|
# search_token => CN, RDN or any certificate attribute
|
119
118
|
def cert_search(store_handler, search_token)
|
120
119
|
raise ArgumentError, "Invalid search token" if !search_token || search_token.strip.empty?
|
121
|
-
cert_rdn = memory_ptr
|
122
120
|
certificate_list = []
|
123
|
-
counter = 0
|
124
121
|
begin
|
125
122
|
while (pcert_context = CertEnumCertificatesInStore(store_handler, pcert_context)) && !pcert_context.null?
|
126
123
|
cert_property = get_cert_property(pcert_context)
|
@@ -129,7 +126,7 @@ module Win32
|
|
129
126
|
end
|
130
127
|
end
|
131
128
|
CertFreeCertificateContext(pcert_context)
|
132
|
-
rescue
|
129
|
+
rescue
|
133
130
|
lookup_error
|
134
131
|
end
|
135
132
|
certificate_list
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: win32-certstore
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.7
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- nimisha
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-07-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|