win32-certstore 0.3.0 → 0.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7498d33d838e240261d6629228c9e5f4135cbc8cfef53dd6eb2c25fd15cfa04f
-  data.tar.gz: 7ebbfe860ed3109d18bf6cedb18040fec935a82985348317a9513e6803b80f1e
+  metadata.gz: e832ae077e8be7cd039393f84b74062e58dd331b1317cdcc2a1bb1f13109f176
+  data.tar.gz: 453bd4ad7e2d6a92d3935b0a4df4f241636b657256a39f1ac35bc81d2d34030b
 SHA512:
-  metadata.gz: 6bcf63bbce574b4c92224c1228b7abd68a9e15bd527ffaafd3750f14bb106a499d03eabef6fd134ee603fa790230c12161f0a64ed7e6a072a3f4135da1cfe8db
-  data.tar.gz: e58963b69cc9e20d7b31316e2a1cc2b00484489ea85a8796115555bc2dd40875f55a2327bcddd067c8c8e985096228b2835f3709233aa04a23174027dc8015e7
+  metadata.gz: a3254affc58f8eb862a585b78cc5c5451c61db3398ef1de59ffcb6580755f5e24338c2a1caf16e89e46db4e8ee7c9f431a1c4372768cb7ff08bd76265d1b53da
+  data.tar.gz: bab7b27e4c0c6d780556a6410836283f6de31c64d559fb1b331b679c3d671b68673b6313f53560916e0a5c89f83fff658fd3335f965cfa3024b5066860393b3b

data/lib/win32/certstore.rb

@@ -31,18 +31,21 @@ module Win32
 
     attr_accessor :store_name
 
-    def initialize(store_name)
+    # Initializes a new instance of a certificate store.
+    # takes 2 parameters - the store name (My, Root, etc) and the location (CurrentUser or LocalMachine), it defaults to LocalMachine for backwards compatibility
+    def initialize(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
       @store_name = store_name
-      @certstore_handler = open(store_name)
+      @store_location = store_location
+      @certstore_handler = open(store_name, store_location: store_location)
     end
 
     # To open given certificate store
-    def self.open(store_name)
+    def self.open(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
       validate_store(store_name)
       if block_given?
-        yield new(store_name)
+        yield new(store_name, store_location: store_location)
       else
-        new(store_name)
+        new(store_name, store_location: store_location)
       end
     end
 
@@ -60,18 +63,19 @@ module Win32
     #
     # @param path [String] Path of the certificate that should be imported
     # @param password [String] Password of the certificate if it is protected
+    # @param key_properties [Integer] dwFlags used to specify properties of the pfx key, see certstore/store_base.rb cert_add_pfx function
     #
     # @return [Boolean]
     #
-    def add_pfx(path, password)
-      cert_add_pfx(certstore_handler, path, password)
+    def add_pfx(path, password, key_properties = 0)
+      cert_add_pfx(certstore_handler, path, password, key_properties)
     end
 
     # Return `OpenSSL::X509` certificate object
     # @param request [thumbprint<string>] of certificate
     # @return [Object] of certificates in OpenSSL::X509 format
-    def get(certificate_thumbprint)
-      cert_get(certificate_thumbprint)
+    def get(certificate_thumbprint, store_name: @store_name, store_location: @store_location)
+      cert_get(certificate_thumbprint, store_name: store_name, store_location: store_location)
     end
 
     # Returns all the certificates in a store
@@ -98,8 +102,8 @@ module Win32
     # Validates a certificate in a certificate store on the basis of time validity
     # @param request[thumbprint<string>] of certificate
     # @return [true, false] only true or false
-    def valid?(certificate_thumbprint)
-      cert_validate(certificate_thumbprint)
+    def valid?(certificate_thumbprint, store_location: "", store_name: "")
+      cert_validate(certificate_thumbprint, store_location: store_location, store_name: store_name)
     end
 
     # To close and destroy pointer of open certificate store handler
@@ -117,8 +121,9 @@ module Win32
     attr_reader :certstore_handler
 
     # To open certstore and return open certificate store pointer
-    def open(store_name)
-      certstore_handler = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, nil, CERT_SYSTEM_STORE_LOCAL_MACHINE, wstring(store_name))
+
+    def open(store_name, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE)
+      certstore_handler = CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, nil, store_location, wstring(store_name))
       unless certstore_handler
         last_error = FFI::LastError.error
         raise SystemCallError.new("Unable to open the Certificate Store `#{store_name}`.", last_error)

data/lib/win32/certstore/mixin/assertions.rb

@@ -14,7 +14,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-require "openssl"
+require "openssl" unless defined?(OpenSSL)
 
 module Win32
   class Certstore

data/lib/win32/certstore/mixin/crypto.rb

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-require "ffi"
+require "ffi" unless defined?(FFI)
 
 module Win32
   class Certstore
@@ -88,6 +88,9 @@ module Win32
 
         CERT_STORE_PROV_SYSTEM                              = 10
         CERT_SYSTEM_STORE_LOCAL_MACHINE                     = 0x00020000
+        CERT_SYSTEM_STORE_CURRENT_USER                      = 0x00010000
+        CERT_SYSTEM_STORE_SERVICES                          = 0x00050000
+        CERT_SYSTEM_STORE_USERS                             = 0x00060000
 
         # Define ffi pointer
         HCERTSTORE                                          = FFI::TypeDefs[:pointer]
@@ -113,17 +116,17 @@ module Win32
 
         class FILETIME < FFI::Struct
           layout :dwLowDateTime, DWORD,
-                 :dwHighDateTime, DWORD
+            :dwHighDateTime, DWORD
         end
 
         class CRYPT_INTEGER_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
         end
 
         class CRYPT_NAME_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
           def initialize(str = nil)
             super(nil)
             if str
@@ -134,7 +137,7 @@ module Win32
 
         class CRYPT_HASH_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
 
           def initialize(str = nil)
             super(nil)
@@ -151,7 +154,7 @@ module Win32
 
         class CRYPT_DATA_BLOB < FFI::Struct
           layout :cbData, DWORD, # Count, in bytes, of data
-                 :pbData, :pointer # Pointer to data buffer
+            :pbData, :pointer # Pointer to data buffer
 
           def initialize(str = nil)
             super(nil)
@@ -164,47 +167,47 @@ module Win32
 
         class CERT_EXTENSION < FFI::Struct
           layout :pszObjId, LPTSTR,
-                 :fCritical, BOOL,
-                 :Value, CRYPT_INTEGER_BLOB
+            :fCritical, BOOL,
+            :Value, CRYPT_INTEGER_BLOB
         end
 
         class CRYPT_BIT_BLOB < FFI::Struct
           layout :cbData, DWORD,
-                 :pbData, BYTE,
-                 :cUnusedBits, DWORD
+            :pbData, BYTE,
+            :cUnusedBits, DWORD
         end
 
         class CRYPT_ALGORITHM_IDENTIFIER < FFI::Struct
           layout :pszObjId, LPSTR,
-                 :Parameters, CRYPT_INTEGER_BLOB
+            :Parameters, CRYPT_INTEGER_BLOB
         end
 
         class CERT_PUBLIC_KEY_INFO < FFI::Struct
           layout :Algorithm, CRYPT_ALGORITHM_IDENTIFIER,
-                 :PublicKey, CRYPT_BIT_BLOB
+            :PublicKey, CRYPT_BIT_BLOB
         end
 
         class CERT_INFO < FFI::Struct
           layout :dwVersion, DWORD,
-               :SerialNumber, CRYPT_INTEGER_BLOB,
-               :SignatureAlgorithm, CRYPT_ALGORITHM_IDENTIFIER,
-               :Issuer, CRYPT_NAME_BLOB,
-               :NotBefore, FILETIME,
-               :NotAfter, FILETIME,
-               :Subject, CRYPT_NAME_BLOB,
-               :SubjectPublicKeyInfo, CERT_PUBLIC_KEY_INFO,
-               :IssuerUniqueId, CRYPT_BIT_BLOB,
-               :SubjectUniqueId, CRYPT_BIT_BLOB,
-               :cExtension, DWORD,
-               :rgExtension, CERT_EXTENSION
+            :SerialNumber, CRYPT_INTEGER_BLOB,
+            :SignatureAlgorithm, CRYPT_ALGORITHM_IDENTIFIER,
+            :Issuer, CRYPT_NAME_BLOB,
+            :NotBefore, FILETIME,
+            :NotAfter, FILETIME,
+            :Subject, CRYPT_NAME_BLOB,
+            :SubjectPublicKeyInfo, CERT_PUBLIC_KEY_INFO,
+            :IssuerUniqueId, CRYPT_BIT_BLOB,
+            :SubjectUniqueId, CRYPT_BIT_BLOB,
+            :cExtension, DWORD,
+            :rgExtension, CERT_EXTENSION
         end
 
         class CERT_CONTEXT < FFI::Struct
           layout :dwCertEncodingType, DWORD,
-                 :pbCertEncoded, BYTE,
-                 :cbCertEncoded, DWORD,
-                 :pCertInfo, CERT_INFO,
-                 :hCertStore, HCERTSTORE
+            :pbCertEncoded, BYTE,
+            :cbCertEncoded, DWORD,
+            :pCertInfo, CERT_INFO,
+            :hCertStore, HCERTSTORE
         end
 
         ###############################################################################

data/lib/win32/certstore/mixin/helper.rb

@@ -21,19 +21,18 @@ module Win32
   class Certstore
     module Mixin
       module Helper
-
-        # PSCommand to search certificate from thumbprint and convert in pem
-        def cert_ps_cmd(thumbprint, store_name)
+        def cert_ps_cmd(thumbprint, store_location: "LocalMachine", store_name: "My")
           <<-EOH
+            $cert = Get-ChildItem Cert:\\#{store_location}\\#{store_name} -Recurse | Where { $_.Thumbprint -eq "#{thumbprint}" }
+
             $content = $null
-            $cert = Get-ChildItem Cert:\\LocalMachine\\'#{store_name}' -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
-            if($cert -ne $null)
+            if($null -ne $cert)
             {
-            $content = @(
-              '-----BEGIN CERTIFICATE-----'
-              [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
-              '-----END CERTIFICATE-----'
-            )
+              $content = @(
+                '-----BEGIN CERTIFICATE-----'
+                [System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
+                '-----END CERTIFICATE-----'
+              )
             }
             $content
           EOH
@@ -43,7 +42,6 @@ module Win32
         def valid_duration?(cert_obj)
           cert_obj.not_before < Time.now.utc && cert_obj.not_after > Time.now.utc
         end
-
       end
     end
   end

data/lib/win32/certstore/mixin/{shell_out.rb → shell_exec.rb}

@@ -15,12 +15,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-require "mixlib/shellout"
+require "mixlib/shellout" unless defined?(Mixlib::ShellOut)
 
 module Win32
   class Certstore
     module Mixin
-      module ShellOut
+      module ShellExec
         def shell_out_command(*command_args)
           cmd = Mixlib::ShellOut.new(*command_args)
           cmd.live_stream
@@ -28,6 +28,7 @@ module Win32
           if cmd.error!
             raise Mixlib::ShellOut::ShellCommandFailed, cmd.error!
           end
+
           cmd
         end
 
@@ -38,7 +39,7 @@ module Win32
         # @param script [String] script to run
         # @param options [Hash] options hash
         # @return [Mixlib::Shellout] mixlib-shellout object
-        def powershell_out(*command_args)
+        def powershell_exec(*command_args)
           script = command_args.first
           options = command_args.last.is_a?(Hash) ? command_args.last : nil
 
@@ -51,8 +52,8 @@ module Win32
         # @param script [String] script to run
         # @param options [Hash] options hash
         # @return [Mixlib::Shellout] mixlib-shellout object
-        def powershell_out!(*command_args)
-          cmd = powershell_out(*command_args)
+        def powershell_exec!(*command_args)
+          cmd = powershell_exec(*command_args)
           cmd.error!
           cmd
         end
@@ -96,7 +97,7 @@ module Win32
             "-InputFormat None",
           ]
 
-          "powershell.exe #{flags.join(' ')} -Command \"#{script.gsub('"', '\"')}\""
+          "powershell.exe #{flags.join(" ")} -Command \"#{script.gsub('"', '\"')}\""
         end
       end
     end

data/lib/win32/certstore/mixin/string.rb

@@ -36,14 +36,12 @@ module Win32
           ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
 
           # encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
-          ustring = begin
-            if ustring.respond_to?(:encode)
-              ustring.encode("UTF-16LE")
-            else
-              require "iconv"
-              Iconv.conv("UTF-16LE", "UTF-8", ustring)
-            end
-          end
+          ustring = if ustring.respond_to?(:encode)
+                      ustring.encode("UTF-16LE")
+                    else
+                      require "iconv"
+                      Iconv.conv("UTF-16LE", "UTF-8", ustring)
+                    end
           ustring
         end
 
@@ -53,14 +51,12 @@ module Win32
           wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
 
           # encode it all as UTF-8
-          wstring = begin
-            if wstring.respond_to?(:encode)
-              wstring.encode("UTF-8")
-            else
-              require "iconv"
-              Iconv.conv("UTF-8", "UTF-16LE", wstring)
-            end
-          end
+          wstring = if wstring.respond_to?(:encode)
+                      wstring.encode("UTF-8")
+                    else
+                      require "iconv"
+                      Iconv.conv("UTF-8", "UTF-16LE", wstring)
+                    end
           # remove trailing CRLF and NULL characters
           wstring.strip!
           wstring

data/lib/win32/certstore/store_base.rb

@@ -17,10 +17,10 @@
 
 require_relative "mixin/crypto"
 require_relative "mixin/string"
-require_relative "mixin/shell_out"
+require_relative "mixin/shell_exec"
 require_relative "mixin/unicode"
-require "openssl"
-require "json"
+require "openssl" unless defined?(OpenSSL)
+require "json" unless defined?(JSON)
 
 module Win32
   class Certstore
@@ -28,7 +28,7 @@ module Win32
       include Win32::Certstore::Mixin::Crypto
       include Win32::Certstore::Mixin::Assertions
       include Win32::Certstore::Mixin::String
-      include Win32::Certstore::Mixin::ShellOut
+      include Win32::Certstore::Mixin::ShellExec
       include Win32::Certstore::Mixin::Unicode
       include Win32::Certstore::Mixin::Helper
 
@@ -57,16 +57,18 @@ module Win32
       # @param certstore_handler [FFI::Pointer] Handle of the store where certificate should be imported
       # @param path [String] Path of the certificate that should be imported
       # @param password [String] Password of the certificate
+      # @param key_properties [Integer] dwFlags used to specify properties of the pfx key, see link above
       #
       # @return [Boolean]
       #
       # @raise [SystemCallError] when Crypt API would not be able to perform some action
       #
-      def cert_add_pfx(certstore_handler, path, password = "")
+      def cert_add_pfx(certstore_handler, path, password = "", key_properties = 0)
         cert_added = false
         # Imports a PFX BLOB and returns the handle of a store
-        pfx_cert_store = PFXImportCertStore(CRYPT_DATA_BLOB.new(File.binread(path)), wstring(password), 0)
+        pfx_cert_store = PFXImportCertStore(CRYPT_DATA_BLOB.new(File.binread(path)), wstring(password), key_properties)
         raise if pfx_cert_store.null?
+
         # Find all the certificate contexts in certificate store and add them ino the store
         while (cert_context = CertEnumCertificatesInStore(pfx_cert_store, cert_context)) && (not cert_context.null?)
           # Add certificate context to the certificate store
@@ -85,11 +87,15 @@ module Win32
 
       # Get certificate from open certificate store and return certificate object
       # certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
-      def cert_get(certificate_thumbprint)
+      def cert_get(certificate_thumbprint, store_name:, store_location:)
         validate_thumbprint(certificate_thumbprint)
         thumbprint = update_thumbprint(certificate_thumbprint)
-        cert_pem = get_cert_pem(thumbprint)
+        cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
         cert_pem = format_pem(cert_pem)
+        if cert_pem.empty?
+          raise ArgumentError, "Unable to retrieve the certificate"
+        end
+
         unless cert_pem.empty?
           build_openssl_obj(cert_pem)
         end
@@ -123,7 +129,7 @@ module Win32
         begin
           cert_args = cert_find_args(store_handler, thumbprint)
           pcert_context = CertFindCertificateInStore(*cert_args)
-          if !pcert_context.null?
+          unless pcert_context.null?
             cert_delete_flag = CertDeleteCertificateFromStore(CertDuplicateCertificateContext(pcert_context)) || lookup_error
           end
           CertFreeCertificateContext(pcert_context)
@@ -136,10 +142,10 @@ module Win32
       # Verify certificate from open certificate store and return boolean or exceptions
       # store_handler => Open certificate store handler
       # certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
-      def cert_validate(certificate_thumbprint)
+      def cert_validate(certificate_thumbprint, store_location:, store_name:)
         validate_thumbprint(certificate_thumbprint)
         thumbprint = update_thumbprint(certificate_thumbprint)
-        cert_pem = get_cert_pem(thumbprint)
+        cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
         cert_pem = format_pem(cert_pem)
         verify_certificate(cert_pem)
       end
@@ -149,6 +155,7 @@ module Win32
       # search_token => CN, RDN or any certificate attribute
       def cert_search(store_handler, search_token)
         raise ArgumentError, "Invalid search token" if !search_token || search_token.strip.empty?
+
         certificate_list = []
         begin
           while (pcert_context = CertEnumCertificatesInStore(store_handler, pcert_context)) && !pcert_context.null?
@@ -217,6 +224,7 @@ module Win32
       # Verify OpenSSL::X509::Certificate object
       def verify_certificate(cert_pem)
         return "Certificate not found" if cert_pem.empty?
+
         valid_duration?(build_openssl_obj(cert_pem))
       end
 
@@ -226,8 +234,13 @@ module Win32
       end
 
       # Get certificate pem
-      def get_cert_pem(thumbprint)
-        get_data = powershell_out!(cert_ps_cmd(thumbprint, store_name))
+      def get_cert_pem(thumbprint, store_name:, store_location:)
+        converted_store = if store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
+                            "LocalMachine"
+                          else
+                            "CurrentUser"
+                          end
+        get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store, store_name: store_name))
         get_data.stdout
       end
 

data/lib/win32/certstore/version.rb

@@ -1,6 +1,6 @@
 module Win32
   class Certstore
-    VERSION = "0.3.0".freeze
+    VERSION = "0.6.2".freeze
     MAJOR, MINOR, TINY = VERSION.split(".")
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: win32-certstore
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.6.2
 platform: ruby
 authors:
 - Chef Software
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-03-11 00:00:00.000000000 Z
+date: 2021-04-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -79,7 +79,7 @@ files:
 - lib/win32/certstore/mixin/assertions.rb
 - lib/win32/certstore/mixin/crypto.rb
 - lib/win32/certstore/mixin/helper.rb
-- lib/win32/certstore/mixin/shell_out.rb
+- lib/win32/certstore/mixin/shell_exec.rb
 - lib/win32/certstore/mixin/string.rb
 - lib/win32/certstore/mixin/unicode.rb
 - lib/win32/certstore/store_base.rb
@@ -97,16 +97,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '2.3'
+      version: '2.5'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
-summary: Ruby library for accessing the certificate store on Windows.
+summary: Ruby library for accessing the certificate stores on Windows.
 test_files: []