win32-certstore 0.2.2 → 0.2.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fdfde36cb468d1ce15e0d5fd317783347f07c96f0282519b56b86b424d89e92e
-  data.tar.gz: a4ce61aafb784b12bf5e7ee28958221c4318500d78ec2ac23f3d700e7528d466
+  metadata.gz: 5640bf3ab8b678dc92fda6d689d13d080055f29617009a02e36021a9fd1b42bc
+  data.tar.gz: 2140c35decc023314c21b7cb0bfafd1f1715bc2587751109cb3368818fbfe268
 SHA512:
-  metadata.gz: 3f1ff03dc3ac803b951179683c48bdef81ea481f12c0a1838e9d236085e4451d2698a3f488da855bbc44bdbf037d6fdc753113309ef0838b2b61fab425cc8040
-  data.tar.gz: 61ac2a5b3f1cbceb606822c07dfdfec2b5b76e1ba91820f4f7571c094f16c10ffeba292e9772abf3938eba537951426d8c8ef8f09ddcf5b1bc74cbf0367435ce
+  metadata.gz: 81d031f2d45507b54254c165704f4b8f1de89f7d1958a9a2c803f170fbb07aabcf7c4b5f17f08c843d646fb2c0ebcffbe826d88a77298ae9b9b6c6cc0cbc8718
+  data.tar.gz: 38f969fb096085190123601cda01168bbc77c927306f945b033b83d987d9d649499000ab5ce586dbb30948082addd9aa6c3d5904efdb7ef0c2036cacbbae8a3c

data/lib/win32/certstore.rb

@@ -53,6 +53,20 @@ module Win32
       cert_add(certstore_handler, certificate_obj)
     end
 
+    # Adds a PFX certificate to certificate store
+    #
+    # @note Unlike other certificates, PFX can be password protected and may contain a private key.
+    #       Therefore we need a different approach to import them.
+    #
+    # @param path [String] Path of the certificate that should be imported
+    # @param password [String] Password of the certificate if it is protected
+    #
+    # @return [Boolean]
+    #
+    def add_pfx(path, password)
+      cert_add_pfx(certstore_handler, path, password)
+    end
+
     # Return `OpenSSL::X509` certificate object
     # @param request [thumbprint<string>] of certificate
     # @return [Object] of certificates in OpenSSL::X509 format
@@ -90,11 +104,7 @@ module Win32
 
     # To close and destroy pointer of open certificate store handler
     def close
-      closed = CertCloseStore(@certstore_handler, CERT_CLOSE_STORE_FORCE_FLAG)
-      unless closed
-        last_error = FFI::LastError.error
-        raise SystemCallError.new("Unable to close the Certificate Store.", last_error)
-      end
+      close_cert_store
       remove_finalizer
     end
 

data/lib/win32/certstore/mixin/crypto.rb

@@ -68,12 +68,17 @@ module Win32
         CERT_NAME_UPN_TYPE                                  = 8
 
         # Retrieve Certificates flag
+        CERT_COMPARE_ANY                                    = 0
         CERT_COMPARE_SHA1_HASH                              = 1
         CERT_INFO_SUBJECT_FLAG                              = 7
         CERT_COMPARE_NAME_STR_W                             = 8
         CERT_COMPARE_SHIFT                                  = 16
         CERT_FIND_SHA1_HASH                                 = CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT
         CERT_FIND_SUBJECT_STR                               = CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG
+        CERT_FIND_ANY                                       = CERT_COMPARE_ANY << CERT_COMPARE_SHIFT
+
+        CERT_STORE_ADD_USE_EXISTING                         = 2
+        CERT_STORE_ADD_REPLACE_EXISTING                     = 3
 
         # List Certificates Flag
         CERT_NAME_ISSUER_FLAG                               = 0x1
@@ -144,6 +149,19 @@ module Win32
           end
         end
 
+        class CRYPT_DATA_BLOB < FFI::Struct
+          layout :cbData, DWORD, # Count, in bytes, of data
+                 :pbData, :pointer # Pointer to data buffer
+
+          def initialize(str = nil)
+            super(nil)
+            if str
+              self[:pbData] = FFI::MemoryPointer.from_string(str)
+              self[:cbData] = str.size
+            end
+          end
+        end
+
         class CERT_EXTENSION < FFI::Struct
           layout :pszObjId, LPTSTR,
                  :fCritical, BOOL,
@@ -224,6 +242,10 @@ module Win32
         safe_attach_function :CertFindCertificateInStore, [HCERTSTORE, DWORD, DWORD, DWORD, LPVOID, PCCERT_CONTEXT], PCCERT_CONTEXT
 
         safe_attach_function :PFXExportCertStoreEx, [HCERTSTORE, CRYPT_INTEGER_BLOB, LPCTSTR, LPVOID, DWORD], BOOL
+
+        # Fetches store handler of a PFX certificate
+        attach_function :PFXImportCertStore, [CRYPT_DATA_BLOB, LPCTSTR, DWORD], HCERTSTORE
+        attach_function :CertAddCertificateContextToStore, [HCERTSTORE, PCCERT_CONTEXT, DWORD, PCCERT_CONTEXT], BOOL
       end
     end
   end

data/lib/win32/certstore/store_base.rb

@@ -49,6 +49,36 @@ module Win32
         end
       end
 
+      # Adds a PFX certificate to certificate store
+      #
+      # @see https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-pfximportcertstore PFXImportCertStore function
+      # @see https://docs.microsoft.com/en-us/windows/desktop/api/wincrypt/nf-wincrypt-certaddcertificatecontexttostore CertAddCertificateContextToStore
+      #
+      # @param certstore_handler [FFI::Pointer] Handle of the store where certificate should be imported
+      # @param path [String] Path of the certificate that should be imported
+      # @param password [String] Password of the certificate
+      #
+      # @return [Boolean]
+      #
+      # @raise [SystemCallError] when Crypt API would not be able to perform some action
+      #
+      def cert_add_pfx(certstore_handler, path, password = "")
+        # Imports a PFX BLOB and returns the handle of a store
+        pfx_cert_store = PFXImportCertStore(CRYPT_DATA_BLOB.new(File.binread(path)), wstring(password), 0)
+        raise if pfx_cert_store.null?
+        # Find the certificate context in certificate store
+        cert_context = CertFindCertificateInStore(pfx_cert_store, ENCODING_TYPE, 0, CERT_FIND_ANY, nil, nil)
+        close_cert_store(pfx_cert_store)
+        raise if cert_context.null?
+        # Add certificate context to the certificate store
+        args = add_certcontxt_args(certstore_handler, cert_context)
+        cert_added = CertAddCertificateContextToStore(*args)
+        raise unless cert_added
+        cert_added
+      rescue
+        lookup_error("Add a PFX")
+      end
+
       # Get certificate from open certificate store and return certificate object
       # certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
       def cert_get(certificate_thumbprint)
@@ -130,6 +160,14 @@ module Win32
         certificate_list
       end
 
+      # To close and destroy pointer of open certificate store handler
+      def close_cert_store(certstore_handler = @certstore_handler)
+        closed = CertCloseStore(certstore_handler, CERT_CLOSE_STORE_FORCE_FLAG)
+        raise unless closed
+      rescue
+        lookup_error("close")
+      end
+
       private
 
       # Build arguments for CertAddEncodedCertificateToStore
@@ -142,6 +180,11 @@ module Win32
         [store_handler, ENCODING_TYPE, 0, CERT_FIND_SHA1_HASH, CRYPT_HASH_BLOB.new(thumbprint), nil]
       end
 
+      # Build arguments for CertAddCertificateContextToStore
+      def add_certcontxt_args(certstore_handler, cert_context)
+        [certstore_handler, cert_context, CERT_STORE_ADD_REPLACE_EXISTING, nil]
+      end
+
       # Match certificate CN exist in cert_rdn
       def is_cn_match?(cert_rdn, certificate_name)
         cert_rdn.read_wstring.match(/(^|\W)#{certificate_name}($|\W)/i)

data/lib/win32/certstore/version.rb

@@ -1,6 +1,6 @@
 module Win32
   class Certstore
-    VERSION = "0.2.2".freeze
+    VERSION = "0.2.3".freeze
     MAJOR, MINOR, TINY = VERSION.split(".")
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: win32-certstore
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.2.3
 platform: ruby
 authors:
 - Chef Software
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-16 00:00:00.000000000 Z
+date: 2019-01-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler