win32-certstore 0.1.11 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/win32/certstore.rb +2 -1
- data/lib/win32/certstore/mixin/crypto.rb +24 -2
- data/lib/win32/certstore/mixin/helper.rb +2 -2
- data/lib/win32/certstore/mixin/unicode.rb +0 -8
- data/lib/win32/certstore/store_base.rb +7 -18
- data/lib/win32/certstore/version.rb +1 -1
- metadata +5 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0806f9e6b2fd19bdcbe22360d33ee9c192e603662564ec5007332b03b498d9ce'
|
|
4
|
+
data.tar.gz: 5cc20bb3a2767b6ea0a9495bb0e7c27892bf9189f662db233d1901c31006b6a9
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9882eb9c3f237dc8564c36cde26fd437ed5fd54f786f2fa9289793e5cab193acd845e425ba240f9eab320c57f693f33a08416f89bb6c0c8ff6db7dcd6363e41b
|
|
7
|
+
data.tar.gz: d86c06df2d6be60b044a7474bcb72851245b2b28c2bd81dbb9b9e5e43185cc344a48302c53f6fcd03ebd4ce2416e384b77d0768015cd01a024786c9aab8c892e
|
data/lib/win32/certstore.rb
CHANGED
|
@@ -29,9 +29,10 @@ module Win32
|
|
|
29
29
|
include Win32::Certstore::Mixin::String
|
|
30
30
|
include Win32::Certstore::StoreBase
|
|
31
31
|
|
|
32
|
-
|
|
32
|
+
attr_accessor :store_name
|
|
33
33
|
|
|
34
34
|
def initialize(store_name)
|
|
35
|
+
@store_name = store_name
|
|
35
36
|
@certstore_handler = open(store_name)
|
|
36
37
|
end
|
|
37
38
|
|
|
@@ -55,6 +55,7 @@ module Win32
|
|
|
55
55
|
PKCS_7_ASN_ENCODING = 0x00010000
|
|
56
56
|
PKCS_7_NDR_ENCODING = 0x00020000
|
|
57
57
|
PKCS_7_OR_X509_ASN_ENCODING = (PKCS_7_ASN_ENCODING | X509_ASN_ENCODING)
|
|
58
|
+
ENCODING_TYPE = X509_ASN_ENCODING | PKCS_7_ASN_ENCODING
|
|
58
59
|
|
|
59
60
|
# Certificate Display Format
|
|
60
61
|
CERT_NAME_EMAIL_TYPE = 1
|
|
@@ -67,8 +68,12 @@ module Win32
|
|
|
67
68
|
CERT_NAME_UPN_TYPE = 8
|
|
68
69
|
|
|
69
70
|
# Retrieve Certificates flag
|
|
70
|
-
|
|
71
|
-
|
|
71
|
+
CERT_COMPARE_SHA1_HASH = 1
|
|
72
|
+
CERT_INFO_SUBJECT_FLAG = 7
|
|
73
|
+
CERT_COMPARE_NAME_STR_W = 8
|
|
74
|
+
CERT_COMPARE_SHIFT = 16
|
|
75
|
+
CERT_FIND_SHA1_HASH = CERT_COMPARE_SHA1_HASH << CERT_COMPARE_SHIFT
|
|
76
|
+
CERT_FIND_SUBJECT_STR = CERT_COMPARE_NAME_STR_W << CERT_COMPARE_SHIFT | CERT_INFO_SUBJECT_FLAG
|
|
72
77
|
|
|
73
78
|
# List Certificates Flag
|
|
74
79
|
CERT_NAME_ISSUER_FLAG = 0x1
|
|
@@ -122,6 +127,23 @@ module Win32
|
|
|
122
127
|
end
|
|
123
128
|
end
|
|
124
129
|
|
|
130
|
+
class CRYPT_HASH_BLOB < FFI::Struct
|
|
131
|
+
layout :cbData, DWORD, # Count, in bytes, of data
|
|
132
|
+
:pbData, :pointer # Pointer to data buffer
|
|
133
|
+
|
|
134
|
+
def initialize(str = nil)
|
|
135
|
+
super(nil)
|
|
136
|
+
if str
|
|
137
|
+
byte_arr = [str].pack("H*").unpack("C*") # Converting string to its byte array
|
|
138
|
+
|
|
139
|
+
buffer = FFI::MemoryPointer.new(:char, byte_arr.size) # Create the pointer to the array
|
|
140
|
+
buffer.put_array_of_char 0, byte_arr # Fill the memory location with data
|
|
141
|
+
self[:pbData] = buffer
|
|
142
|
+
self[:cbData] = byte_arr.size
|
|
143
|
+
end
|
|
144
|
+
end
|
|
145
|
+
end
|
|
146
|
+
|
|
125
147
|
class CERT_EXTENSION < FFI::Struct
|
|
126
148
|
layout :pszObjId, LPTSTR,
|
|
127
149
|
:fCritical, BOOL,
|
|
@@ -23,10 +23,10 @@ module Win32
|
|
|
23
23
|
module Helper
|
|
24
24
|
|
|
25
25
|
# PSCommand to search certificate from thumbprint and convert in pem
|
|
26
|
-
def cert_ps_cmd(thumbprint)
|
|
26
|
+
def cert_ps_cmd(thumbprint, store_name)
|
|
27
27
|
<<-EOH
|
|
28
28
|
$content = $null
|
|
29
|
-
$cert = Get-ChildItem Cert
|
|
29
|
+
$cert = Get-ChildItem Cert:\\LocalMachine\\'#{store_name}' -Recurse | Where { $_.Thumbprint -eq '#{thumbprint}' }
|
|
30
30
|
if($cert -ne $null)
|
|
31
31
|
{
|
|
32
32
|
$content = @(
|
|
@@ -50,7 +50,6 @@ module Win32
|
|
|
50
50
|
end
|
|
51
51
|
|
|
52
52
|
# Get certificate from open certificate store and return certificate object
|
|
53
|
-
# store_handler => Open certificate store handler
|
|
54
53
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
|
55
54
|
def cert_get(certificate_thumbprint)
|
|
56
55
|
validate_thumbprint(certificate_thumbprint)
|
|
@@ -86,21 +85,16 @@ module Win32
|
|
|
86
85
|
def cert_delete(store_handler, certificate_thumbprint)
|
|
87
86
|
validate_thumbprint(certificate_thumbprint)
|
|
88
87
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
|
89
|
-
cert_pem = format_pem(get_cert_pem(thumbprint))
|
|
90
|
-
cert_rdn = get_rdn(build_openssl_obj(cert_pem)) unless cert_pem.empty?
|
|
91
88
|
cert_delete_flag = false
|
|
92
89
|
begin
|
|
93
|
-
cert_args = cert_find_args(store_handler,
|
|
94
|
-
|
|
90
|
+
cert_args = cert_find_args(store_handler, thumbprint)
|
|
91
|
+
pcert_context = CertFindCertificateInStore(*cert_args)
|
|
92
|
+
if !pcert_context.null?
|
|
95
93
|
cert_delete_flag = CertDeleteCertificateFromStore(CertDuplicateCertificateContext(pcert_context)) || lookup_error
|
|
96
94
|
end
|
|
97
95
|
CertFreeCertificateContext(pcert_context)
|
|
98
96
|
rescue
|
|
99
|
-
|
|
100
|
-
raise SystemCallError.new("Invalid thumbprint #{certificate_thumbprint}.")
|
|
101
|
-
else
|
|
102
|
-
lookup_error("delete")
|
|
103
|
-
end
|
|
97
|
+
lookup_error("delete")
|
|
104
98
|
end
|
|
105
99
|
cert_delete_flag
|
|
106
100
|
end
|
|
@@ -144,8 +138,8 @@ module Win32
|
|
|
144
138
|
end
|
|
145
139
|
|
|
146
140
|
# Build arguments for CertFindCertificateInStore
|
|
147
|
-
def cert_find_args(store_handler,
|
|
148
|
-
[store_handler,
|
|
141
|
+
def cert_find_args(store_handler, thumbprint)
|
|
142
|
+
[store_handler, ENCODING_TYPE, 0, CERT_FIND_SHA1_HASH, CRYPT_HASH_BLOB.new(thumbprint), nil]
|
|
149
143
|
end
|
|
150
144
|
|
|
151
145
|
# Match certificate CN exist in cert_rdn
|
|
@@ -188,15 +182,10 @@ module Win32
|
|
|
188
182
|
|
|
189
183
|
# Get certificate pem
|
|
190
184
|
def get_cert_pem(thumbprint)
|
|
191
|
-
get_data = powershell_out!(cert_ps_cmd(thumbprint))
|
|
185
|
+
get_data = powershell_out!(cert_ps_cmd(thumbprint, store_name))
|
|
192
186
|
get_data.stdout
|
|
193
187
|
end
|
|
194
188
|
|
|
195
|
-
# To get RDN from certificate object
|
|
196
|
-
def get_rdn(cert_obj)
|
|
197
|
-
cert_obj.issuer.to_s.concat("/").scan(/=(.*?)\//).join(", ")
|
|
198
|
-
end
|
|
199
|
-
|
|
200
189
|
# Format pem
|
|
201
190
|
def format_pem(cert_pem)
|
|
202
191
|
cert_pem.delete("\r")
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-certstore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1
|
|
4
|
+
version: 0.2.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
|
-
-
|
|
7
|
+
- Chef Software
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2019-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -68,7 +68,7 @@ dependencies:
|
|
|
68
68
|
version: '0'
|
|
69
69
|
description:
|
|
70
70
|
email:
|
|
71
|
-
-
|
|
71
|
+
- oss@chef.io
|
|
72
72
|
executables: []
|
|
73
73
|
extensions: []
|
|
74
74
|
extra_rdoc_files: []
|
|
@@ -97,7 +97,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
97
97
|
requirements:
|
|
98
98
|
- - ">="
|
|
99
99
|
- !ruby/object:Gem::Version
|
|
100
|
-
version: '
|
|
100
|
+
version: '2.3'
|
|
101
101
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
102
102
|
requirements:
|
|
103
103
|
- - ">="
|