win32-certstore 0.2.3 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5640bf3ab8b678dc92fda6d689d13d080055f29617009a02e36021a9fd1b42bc
-  data.tar.gz: 2140c35decc023314c21b7cb0bfafd1f1715bc2587751109cb3368818fbfe268
+  metadata.gz: b391e4d81e324162538a2a3644aea74f0da1f8679409733a58dcf4c590734a6c
+  data.tar.gz: 5ed7821ec5bffe58cb09608cfc008b287874b5ddafe8556662fa27f42a25c1b1
 SHA512:
-  metadata.gz: 81d031f2d45507b54254c165704f4b8f1de89f7d1958a9a2c803f170fbb07aabcf7c4b5f17f08c843d646fb2c0ebcffbe826d88a77298ae9b9b6c6cc0cbc8718
-  data.tar.gz: 38f969fb096085190123601cda01168bbc77c927306f945b033b83d987d9d649499000ab5ce586dbb30948082addd9aa6c3d5904efdb7ef0c2036cacbbae8a3c
+  metadata.gz: fc5c77cd659695ac3a58480ab875a6c5daa2b93cd83e45f1fcdfcd1bd89e0cf9653d38d63ae9e5260ecff90a7277f6ee600b91137665d53e672fbb77e1543cfb
+  data.tar.gz: 5b6a8025b85ae8ce026a9a7b603a35137000525ba182bbbcc8fc9667fb78dd6cf179ad1cfbb1cbdcdf582dd4749f82795a17df01181720d7f77a36a4477dc639

data/lib/win32/certstore.rb

@@ -31,18 +31,21 @@ module Win32
 
     attr_accessor :store_name
 
-    def initialize(store_name)
+    # Initializes a new instance of a certificate store.
+    # takes 2 parameters - the store name (My, Root, etc) and the location (CurrentUser or LocalMachine), it defaults to LocalMachine for backwards compatibility
+    def initialize(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
       @store_name = store_name
-      @certstore_handler = open(store_name)
+      @store_location = store_location
+      @certstore_handler = open(store_name, store_location: store_location)
     end
 
     # To open given certificate store
-    def self.open(store_name)
+    def self.open(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
       validate_store(store_name)
       if block_given?
-        yield new(store_name)
+        yield new(store_name, store_location: store_location)
       else
-        new(store_name)
+        new(store_name, store_location: store_location)
       end
     end
 
@@ -60,11 +63,12 @@ module Win32
     #
     # @param path [String] Path of the certificate that should be imported
     # @param password [String] Password of the certificate if it is protected
+    # @param key_properties [Integer] dwFlags used to specify properties of the pfx key, see certstore/store_base.rb cert_add_pfx function
     #
     # @return [Boolean]
     #
-    def add_pfx(path, password)
-      cert_add_pfx(certstore_handler, path, password)
+    def add_pfx(path, password, key_properties = 0)
+      cert_add_pfx(certstore_handler, path, password, key_properties)
     end
 
     # Return `OpenSSL::X509` certificate object
@@ -117,8 +121,9 @@ module Win32
     attr_reader :certstore_handler
 
     # To open certstore and return open certificate store pointer
-    def open(store_name)
-      certstore_handler = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, wstring(store_name))
+
+    def open(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
+      certstore_handler = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, nil, store_location, wstring(store_name))
       unless certstore_handler
         last_error = FFI::LastError.error
         raise SystemCallError.new("Unable to open the Certificate Store `#{store_name}`.", last_error)

data/lib/win32/certstore/mixin/assertions.rb

@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require "openssl"
+require "openssl" unless defined?(OpenSSL)
 
 module Win32
   class Certstore

data/lib/win32/certstore/mixin/crypto.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require "ffi"
+require "ffi" unless defined?(FFI)
 
 module Win32
   class Certstore
@@ -88,6 +88,9 @@ module Win32
 
         CERT_STORE_PROV_SYSTEM                              = 10
         CERT_SYSTEM_STORE_LOCAL_MACHINE                     = 0x00020000
+        CERT_SYSTEM_STORE_CURRENT_USER                      = 0x00010000
+        CERT_SYSTEM_STORE_SERVICES                          = 0x00050000
+        CERT_SYSTEM_STORE_USERS                             = 0x00060000
 
         # Define ffi pointer
         HCERTSTORE                                          = FFI::TypeDefs[:pointer]
@@ -113,17 +116,17 @@ module Win32
 
         class FILETIME < FFI::Struct
           layout :dwLowDateTime, DWORD,
-                 :dwHighDateTime, DWORD
+            :dwHighDateTime, DWORD
         end
 
         class CRYPT_INTEGER_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
         end
 
         class CRYPT_NAME_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
           def initialize(str = nil)
             super(nil)
             if str
@@ -134,7 +137,7 @@ module Win32
 
         class CRYPT_HASH_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
 
           def initialize(str = nil)
             super(nil)
@@ -151,7 +154,7 @@ module Win32
 
         class CRYPT_DATA_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
 
           def initialize(str = nil)
             super(nil)
@@ -164,47 +167,47 @@ module Win32
 
         class CERT_EXTENSION < FFI::Struct
           layout :pszObjId, LPTSTR,
-                 :fCritical, BOOL,
-                 :Value, CRYPT_INTEGER_BLOB
+            :fCritical, BOOL,
+            :Value, CRYPT_INTEGER_BLOB
         end
 
         class CRYPT_BIT_BLOB < FFI::Struct
           layout :cbData, DWORD,
-                 :pbData, BYTE,
-                 :cUnusedBits, DWORD
+            :pbData, BYTE,
+            :cUnusedBits, DWORD
         end
 
         class CRYPT_ALGORITHM_IDENTIFIER < FFI::Struct
           layout :pszObjId, LPSTR,
-                 :Parameters, CRYPT_INTEGER_BLOB
+            :Parameters, CRYPT_INTEGER_BLOB
         end
 
         class CERT_PUBLIC_KEY_INFO < FFI::Struct
           layout :Algorithm, CRYPT_ALGORITHM_IDENTIFIER,
-                 :PublicKey, CRYPT_BIT_BLOB
+            :PublicKey, CRYPT_BIT_BLOB
         end
 
         class CERT_INFO < FFI::Struct
           layout :dwVersion, DWORD,
-               :SerialNumber, CRYPT_INTEGER_BLOB,
-               :SignatureAlgorithm, CRYPT_ALGORITHM_IDENTIFIER,
-               :Issuer, CRYPT_NAME_BLOB,
-               :NotBefore, FILETIME,
-               :NotAfter, FILETIME,
-               :Subject, CRYPT_NAME_BLOB,
-               :SubjectPublicKeyInfo, CERT_PUBLIC_KEY_INFO,
-               :IssuerUniqueId, CRYPT_BIT_BLOB,
-               :SubjectUniqueId, CRYPT_BIT_BLOB,
-               :cExtension, DWORD,
-               :rgExtension, CERT_EXTENSION
+            :SerialNumber, CRYPT_INTEGER_BLOB,
+            :SignatureAlgorithm, CRYPT_ALGORITHM_IDENTIFIER,
+            :Issuer, CRYPT_NAME_BLOB,
+            :NotBefore, FILETIME,
+            :NotAfter, FILETIME,
+            :Subject, CRYPT_NAME_BLOB,
+            :SubjectPublicKeyInfo, CERT_PUBLIC_KEY_INFO,
+            :IssuerUniqueId, CRYPT_BIT_BLOB,
+            :SubjectUniqueId, CRYPT_BIT_BLOB,
+            :cExtension, DWORD,
+            :rgExtension, CERT_EXTENSION
         end
 
         class CERT_CONTEXT < FFI::Struct
           layout :dwCertEncodingType, DWORD,
-                 :pbCertEncoded, BYTE,
-                 :cbCertEncoded, DWORD,
-                 :pCertInfo, CERT_INFO,
-                 :hCertStore, HCERTSTORE
+            :pbCertEncoded, BYTE,
+            :cbCertEncoded, DWORD,
+            :pCertInfo, CERT_INFO,
+            :hCertStore, HCERTSTORE
         end
 
         ###############################################################################

data/lib/win32/certstore/mixin/helper.rb

@@ -21,12 +21,11 @@ module Win32
   class Certstore
     module Mixin
       module Helper
-
         # PSCommand to search certificate from thumbprint and convert in pem
-        def cert_ps_cmd(thumbprint, store_name)
+        def cert_ps_cmd(thumbprint, store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
           <<-EOH
             $content = $null
-            $cert = Get-ChildItem Cert:\\LocalMachine\\'#{store_name}' -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
+            $cert = Get-ChildItem Cert:\\'#{store_location}'\\'#{store_name}' -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
             if($cert -ne $null)
             {
             $content = @(
@@ -43,7 +42,6 @@ module Win32
         def valid_duration?(cert_obj)
           cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
         end
-
       end
     end
   end

data/lib/win32/certstore/mixin/{shell_out.rb → shell_exec.rb}

@@ -15,12 +15,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "mixlib/shellout"
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
 
 module Win32
   class Certstore
     module Mixin
-      module ShellOut
+      module ShellExec
         def shell_out_command(*command_args)
           cmd = Mixlib::ShellOut.new(*command_args)
           cmd.live_stream
@@ -28,6 +28,7 @@ module Win32
           if cmd.error!
             raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
           end
+
           cmd
         end
 
@@ -38,7 +39,7 @@ module Win32
         # @param script [String] script to run
         # @param options [Hash] options hash
         # @return [Mixlib::Shellout] mixlib-shellout object
-        def powershell_out(*command_args)
+        def powershell_exec(*command_args)
           script = command_args.first
           options = command_args.last.is_a?(Hash) ? command_args.last : nil
 
@@ -51,8 +52,8 @@ module Win32
         # @param script [String] script to run
         # @param options [Hash] options hash
         # @return [Mixlib::Shellout] mixlib-shellout object
-        def powershell_out!(*command_args)
-          cmd = powershell_out(*command_args)
+        def powershell_exec!(*command_args)
+          cmd = powershell_exec(*command_args)
           cmd.error!
           cmd
         end
@@ -96,7 +97,7 @@ module Win32
             "-InputFormat None",
           ]
 
-          "powershell.exe #{flags.join(' ')} -Command \"#{script.gsub('"', '\"')}\""
+          "powershell.exe #{flags.join(" ")} -Command \"#{script.gsub('"', '\"')}\""
         end
       end
     end

data/lib/win32/certstore/store_base.rb

@@ -17,10 +17,10 @@
 
 require_relative "mixin/crypto"
 require_relative "mixin/string"
-require_relative "mixin/shell_out"
+require_relative "mixin/shell_exec"
 require_relative "mixin/unicode"
-require "openssl"
-require "json"
+require "openssl" unless defined?(OpenSSL)
+require "json" unless defined?(JSON)
 
 module Win32
   class Certstore
@@ -28,7 +28,7 @@ module Win32
       include Win32::Certstore::Mixin::Crypto
       include Win32::Certstore::Mixin::Assertions
       include Win32::Certstore::Mixin::String
-      include Win32::Certstore::Mixin::ShellOut
+      include Win32::Certstore::Mixin::ShellExec
       include Win32::Certstore::Mixin::Unicode
       include Win32::Certstore::Mixin::Helper
 
@@ -57,26 +57,32 @@ module Win32
       # @param certstore_handler [FFI::Pointer] Handle of the store where certificate should be imported
       # @param path [String] Path of the certificate that should be imported
       # @param password [String] Password of the certificate
+      # @param key_properties [Integer] dwFlags used to specify properties of the pfx key, see link above
       #
       # @return [Boolean]
       #
       # @raise [SystemCallError] when Crypt API would not be able to perform some action
       #
-      def cert_add_pfx(certstore_handler, path, password = "")
+      def cert_add_pfx(certstore_handler, path, password = "", key_properties = 0)
+        cert_added = false
         # Imports a PFX BLOB and returns the handle of a store
-        pfx_cert_store = PFXImportCertStore(CRYPT_DATA_BLOB.new(File.binread(path)), wstring(password), 0)
+        pfx_cert_store = PFXImportCertStore(CRYPT_DATA_BLOB.new(File.binread(path)), wstring(password), key_properties)
         raise if pfx_cert_store.null?
-        # Find the certificate context in certificate store
-        cert_context = CertFindCertificateInStore(pfx_cert_store, ENCODING_TYPE, 0, CERT_FIND_ANY, nil, nil)
-        close_cert_store(pfx_cert_store)
-        raise if cert_context.null?
-        # Add certificate context to the certificate store
-        args = add_certcontxt_args(certstore_handler, cert_context)
-        cert_added = CertAddCertificateContextToStore(*args)
-        raise unless cert_added
+
+        # Find all the certificate contexts in certificate store and add them ino the store
+        while (cert_context = CertEnumCertificatesInStore(pfx_cert_store, cert_context)) && (not cert_context.null?)
+          # Add certificate context to the certificate store
+          args = add_certcontxt_args(certstore_handler, cert_context)
+          cert_added = CertAddCertificateContextToStore(*args)
+          raise unless cert_added
+        end
         cert_added
       rescue
         lookup_error("Add a PFX")
+      ensure
+        if pfx_cert_store && !pfx_cert_store.null?
+          close_cert_store(pfx_cert_store)
+        end
       end
 
       # Get certificate from open certificate store and return certificate object
@@ -119,7 +125,7 @@ module Win32
         begin
           cert_args = cert_find_args(store_handler, thumbprint)
           pcert_context = CertFindCertificateInStore(*cert_args)
-          if !pcert_context.null?
+          unless pcert_context.null?
             cert_delete_flag = CertDeleteCertificateFromStore(CertDuplicateCertificateContext(pcert_context)) || lookup_error
           end
           CertFreeCertificateContext(pcert_context)
@@ -145,6 +151,7 @@ module Win32
       # search_token => CN, RDN or any certificate attribute
       def cert_search(store_handler, search_token)
         raise ArgumentError, "Invalid search token" if !search_token || search_token.strip.empty?
+
         certificate_list = []
         begin
           while (pcert_context = CertEnumCertificatesInStore(store_handler, pcert_context)) && !pcert_context.null?
@@ -163,9 +170,7 @@ module Win32
       # To close and destroy pointer of open certificate store handler
       def close_cert_store(certstore_handler = @certstore_handler)
         closed = CertCloseStore(certstore_handler, CERT_CLOSE_STORE_FORCE_FLAG)
-        raise unless closed
-      rescue
-        lookup_error("close")
+        lookup_error("close") unless closed
       end
 
       private
@@ -215,6 +220,7 @@ module Win32
       # Verify OpenSSL::X509::Certificate object
       def verify_certificate(cert_pem)
         return "Certificate not found" if cert_pem.empty?
+
         valid_duration?(build_openssl_obj(cert_pem))
       end
 
@@ -225,8 +231,14 @@ module Win32
 
       # Get certificate pem
       def get_cert_pem(thumbprint)
-        get_data = powershell_out!(cert_ps_cmd(thumbprint, store_name))
+        converted_store = if @store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
+                            "LocalMachine"
+                          else
+                            "CurrentUser"
+                          end
+        get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_name, store_location: converted_store))
         get_data.stdout
+        # get_data.result
       end
 
       # Format pem

data/lib/win32/certstore/version.rb

@@ -1,6 +1,6 @@
 module Win32
   class Certstore
-    VERSION = "0.2.3".freeze
+    VERSION = "0.5.3".freeze
     MAJOR, MINOR, TINY = VERSION.split(".")
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: win32-certstore
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.5.3
 platform: ruby
 authors:
 - Chef Software
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-01-29 00:00:00.000000000 Z
+date: 2021-02-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -79,7 +79,7 @@ files:
 - lib/win32/certstore/mixin/assertions.rb
 - lib/win32/certstore/mixin/crypto.rb
 - lib/win32/certstore/mixin/helper.rb
-- lib/win32/certstore/mixin/shell_out.rb
+- lib/win32/certstore/mixin/shell_exec.rb
 - lib/win32/certstore/mixin/string.rb
 - lib/win32/certstore/mixin/unicode.rb
 - lib/win32/certstore/store_base.rb
@@ -97,16 +97,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
-summary: Ruby library for accessing the certificate store on Windows.
+summary: Ruby library for accessing the certificate stores on Windows.
 test_files: []