win32-certstore 0.5.3 → 0.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/win32/certstore.rb +12 -0
- data/lib/win32/certstore/mixin/helper.rb +44 -12
- data/lib/win32/certstore/store_base.rb +12 -2
- data/lib/win32/certstore/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 63c8c4f2aaa89a78a8123d98079710df407a3930b0f4b5a6ef3ff2232c11ba05
|
|
4
|
+
data.tar.gz: 8641dfff337fe7b702783becfcfbfbba6b2a66af189eeb511897c2f0cb5e7d6c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4f255e439feee57642565bd9fca87f19140b5f95c38eed0a1e8621326749dd5274c0b72c8211bddfbec265820bff4b8d2ad9460ebbf5c30fa1d6607a7e81f204
|
|
7
|
+
data.tar.gz: 4efd363fb264fc8501f0f9e105e79f7537319838aafc0cb751387a73360386186d326dedd51522907aa131fe74c1b3ba07bd7b3f6f16a1283f5f59203d96a6a7
|
data/lib/win32/certstore.rb
CHANGED
|
@@ -78,6 +78,18 @@ module Win32
|
|
|
78
78
|
cert_get(certificate_thumbprint)
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
# Returns a filepath to a PKCS12 container. The filepath is in a temporary folder so normal housekeeping by the OS should clear it.
|
|
82
|
+
# However, you should delete it yourself anyway.
|
|
83
|
+
# @param certificate_thumbprint [String] Is the thumbprint of the pfx blob you want to capture
|
|
84
|
+
# @param store_location: [String] A location in the Cert store where the pfx is located, typically 'LocalMachine'
|
|
85
|
+
# @param export_password: [String] The password to export with. P12 objects are an encrypted container that have a private key in \
|
|
86
|
+
# them and a password is required to export them.
|
|
87
|
+
# @param output_path: [String] The path where the you want P12 exported to.
|
|
88
|
+
# @return [Object] of certificate set in PKSC12 format at the path specified above
|
|
89
|
+
def get_pfx(certificate_thumbprint, store_location: @store_location, export_password:, output_path: "")
|
|
90
|
+
get_cert_pfx(certificate_thumbprint, store_location: store_location, export_password: export_password, output_path: output_path)
|
|
91
|
+
end
|
|
92
|
+
|
|
81
93
|
# Returns all the certificates in a store
|
|
82
94
|
# @param [nil]
|
|
83
95
|
# @return [Array] array of certificates list
|
|
@@ -21,20 +21,52 @@ module Win32
|
|
|
21
21
|
class Certstore
|
|
22
22
|
module Mixin
|
|
23
23
|
module Helper
|
|
24
|
-
# PSCommand to search certificate from thumbprint and
|
|
25
|
-
def cert_ps_cmd(thumbprint,
|
|
24
|
+
# PSCommand to search certificate from thumbprint and either turn it into a pem or return a path to a pfx object
|
|
25
|
+
def cert_ps_cmd(thumbprint, store_location: "LocalMachine", export_password: "1234", output_path: "")
|
|
26
26
|
<<-EOH
|
|
27
|
-
$
|
|
28
|
-
|
|
29
|
-
if
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
27
|
+
$cert = Get-ChildItem Cert:\'#{store_location}' -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
|
28
|
+
|
|
29
|
+
# The function and the code below test to see if a) the cert has a private key and b) it has a
|
|
30
|
+
# Enhanced Usage of Client Auth. Those 2 attributes would mean this is a pfx-able object
|
|
31
|
+
function test_cert_values{
|
|
32
|
+
$usagelist = ($cert).EnhancedKeyUsageList
|
|
33
|
+
foreach($use in $usagelist){
|
|
34
|
+
if($use.FriendlyName -like "Client Authentication" ){
|
|
35
|
+
return $true
|
|
36
|
+
}
|
|
37
|
+
}
|
|
38
|
+
return $false
|
|
39
|
+
}
|
|
40
|
+
|
|
41
|
+
$result = test_cert_values
|
|
42
|
+
|
|
43
|
+
$output_path = "#{output_path}"
|
|
44
|
+
if([string]::IsNullOrEmpty($output_path)){
|
|
45
|
+
$temproot = [System.IO.Path]::GetTempPath()
|
|
46
|
+
}
|
|
47
|
+
else{
|
|
48
|
+
$temproot = $output_path
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
if((($cert).HasPrivateKey) -and ($result -eq $true)){
|
|
52
|
+
$file_name = '#{thumbprint}'
|
|
53
|
+
$file_path = $(Join-Path -Path $temproot -ChildPath "$file_name.pfx")
|
|
54
|
+
$mypwd = ConvertTo-SecureString -String '#{export_password}' -Force -AsPlainText
|
|
55
|
+
$cert | Export-PfxCertificate -FilePath $file_path -Password $mypwd | Out-Null
|
|
56
|
+
$file_path
|
|
57
|
+
}
|
|
58
|
+
else {
|
|
59
|
+
$content = $null
|
|
60
|
+
if($cert -ne $null)
|
|
61
|
+
{
|
|
62
|
+
$content = @(
|
|
63
|
+
'-----BEGIN CERTIFICATE-----'
|
|
64
|
+
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
|
65
|
+
'-----END CERTIFICATE-----'
|
|
66
|
+
)
|
|
67
|
+
}
|
|
68
|
+
$content
|
|
36
69
|
}
|
|
37
|
-
$content
|
|
38
70
|
EOH
|
|
39
71
|
end
|
|
40
72
|
|
|
@@ -236,9 +236,19 @@ module Win32
|
|
|
236
236
|
else
|
|
237
237
|
"CurrentUser"
|
|
238
238
|
end
|
|
239
|
-
get_data = powershell_exec!(cert_ps_cmd(thumbprint,
|
|
239
|
+
get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store))
|
|
240
|
+
get_data.stdout
|
|
241
|
+
end
|
|
242
|
+
|
|
243
|
+
# Get PFX object
|
|
244
|
+
def get_cert_pfx(thumbprint, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE, export_password:, output_path: )
|
|
245
|
+
converted_store = if store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
|
|
246
|
+
"LocalMachine"
|
|
247
|
+
else
|
|
248
|
+
"CurrentUser"
|
|
249
|
+
end
|
|
250
|
+
get_data = powershell_exec!(cert_ps_cmd(thumbprint, export_password: export_password, store_location: converted_store, output_path: output_path))
|
|
240
251
|
get_data.stdout
|
|
241
|
-
# get_data.result
|
|
242
252
|
end
|
|
243
253
|
|
|
244
254
|
# Format pem
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-certstore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-03-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|