win32-certstore 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/win32/certstore.rb +4 -16
- data/lib/win32/certstore/mixin/helper.rb +6 -38
- data/lib/win32/certstore/mixin/string.rb +12 -16
- data/lib/win32/certstore/store_base.rb +10 -17
- data/lib/win32/certstore/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e832ae077e8be7cd039393f84b74062e58dd331b1317cdcc2a1bb1f13109f176
|
|
4
|
+
data.tar.gz: 453bd4ad7e2d6a92d3935b0a4df4f241636b657256a39f1ac35bc81d2d34030b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a3254affc58f8eb862a585b78cc5c5451c61db3398ef1de59ffcb6580755f5e24338c2a1caf16e89e46db4e8ee7c9f431a1c4372768cb7ff08bd76265d1b53da
|
|
7
|
+
data.tar.gz: bab7b27e4c0c6d780556a6410836283f6de31c64d559fb1b331b679c3d671b68673b6313f53560916e0a5c89f83fff658fd3335f965cfa3024b5066860393b3b
|
data/lib/win32/certstore.rb
CHANGED
|
@@ -74,20 +74,8 @@ module Win32
|
|
|
74
74
|
# Return `OpenSSL::X509` certificate object
|
|
75
75
|
# @param request [thumbprint<string>] of certificate
|
|
76
76
|
# @return [Object] of certificates in OpenSSL::X509 format
|
|
77
|
-
def get(certificate_thumbprint)
|
|
78
|
-
cert_get(certificate_thumbprint)
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
# Returns a filepath to a PKCS12 container. The filepath is in a temporary folder so normal housekeeping by the OS should clear it.
|
|
82
|
-
# However, you should delete it yourself anyway.
|
|
83
|
-
# @param certificate_thumbprint [String] Is the thumbprint of the pfx blob you want to capture
|
|
84
|
-
# @param store_location: [String] A location in the Cert store where the pfx is located, typically 'LocalMachine'
|
|
85
|
-
# @param export_password: [String] The password to export with. P12 objects are an encrypted container that have a private key in \
|
|
86
|
-
# them and a password is required to export them.
|
|
87
|
-
# @param output_path: [String] The path where the you want P12 exported to.
|
|
88
|
-
# @return [Object] of certificate set in PKSC12 format at the path specified above
|
|
89
|
-
def get_pfx(certificate_thumbprint, store_location: @store_location, export_password:, output_path: "")
|
|
90
|
-
get_cert_pfx(certificate_thumbprint, store_location: store_location, export_password: export_password, output_path: output_path)
|
|
77
|
+
def get(certificate_thumbprint, store_name: @store_name, store_location: @store_location)
|
|
78
|
+
cert_get(certificate_thumbprint, store_name: store_name, store_location: store_location)
|
|
91
79
|
end
|
|
92
80
|
|
|
93
81
|
# Returns all the certificates in a store
|
|
@@ -114,8 +102,8 @@ module Win32
|
|
|
114
102
|
# Validates a certificate in a certificate store on the basis of time validity
|
|
115
103
|
# @param request[thumbprint<string>] of certificate
|
|
116
104
|
# @return [true, false] only true or false
|
|
117
|
-
def valid?(certificate_thumbprint)
|
|
118
|
-
cert_validate(certificate_thumbprint)
|
|
105
|
+
def valid?(certificate_thumbprint, store_location: "", store_name: "")
|
|
106
|
+
cert_validate(certificate_thumbprint, store_location: store_location, store_name: store_name)
|
|
119
107
|
end
|
|
120
108
|
|
|
121
109
|
# To close and destroy pointer of open certificate store handler
|
|
@@ -21,52 +21,20 @@ module Win32
|
|
|
21
21
|
class Certstore
|
|
22
22
|
module Mixin
|
|
23
23
|
module Helper
|
|
24
|
-
|
|
25
|
-
def cert_ps_cmd(thumbprint, store_location: "LocalMachine", export_password: "1234", output_path: "")
|
|
24
|
+
def cert_ps_cmd(thumbprint, store_location: "LocalMachine", store_name: "My")
|
|
26
25
|
<<-EOH
|
|
27
|
-
$cert = Get-ChildItem Cert
|
|
26
|
+
$cert = Get-ChildItem Cert:\\#{store_location}\\#{store_name} -Recurse | Where { $_.Thumbprint -eq "#{thumbprint}" }
|
|
28
27
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
$usagelist = ($cert).EnhancedKeyUsageList
|
|
33
|
-
foreach($use in $usagelist){
|
|
34
|
-
if($use.FriendlyName -like "Client Authentication" ){
|
|
35
|
-
return $true
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
return $false
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
$result = test_cert_values
|
|
42
|
-
|
|
43
|
-
$output_path = "#{output_path}"
|
|
44
|
-
if([string]::IsNullOrEmpty($output_path)){
|
|
45
|
-
$temproot = [System.IO.Path]::GetTempPath()
|
|
46
|
-
}
|
|
47
|
-
else{
|
|
48
|
-
$temproot = $output_path
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
if((($cert).HasPrivateKey) -and ($result -eq $true)){
|
|
52
|
-
$file_name = '#{thumbprint}'
|
|
53
|
-
$file_path = $(Join-Path -Path $temproot -ChildPath "$file_name.pfx")
|
|
54
|
-
$mypwd = ConvertTo-SecureString -String '#{export_password}' -Force -AsPlainText
|
|
55
|
-
$cert | Export-PfxCertificate -FilePath $file_path -Password $mypwd | Out-Null
|
|
56
|
-
$file_path
|
|
57
|
-
}
|
|
58
|
-
else {
|
|
59
|
-
$content = $null
|
|
60
|
-
if($cert -ne $null)
|
|
61
|
-
{
|
|
28
|
+
$content = $null
|
|
29
|
+
if($null -ne $cert)
|
|
30
|
+
{
|
|
62
31
|
$content = @(
|
|
63
32
|
'-----BEGIN CERTIFICATE-----'
|
|
64
33
|
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
|
65
34
|
'-----END CERTIFICATE-----'
|
|
66
35
|
)
|
|
67
|
-
}
|
|
68
|
-
$content
|
|
69
36
|
}
|
|
37
|
+
$content
|
|
70
38
|
EOH
|
|
71
39
|
end
|
|
72
40
|
|
|
@@ -36,14 +36,12 @@ module Win32
|
|
|
36
36
|
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
|
37
37
|
|
|
38
38
|
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
|
39
|
-
ustring =
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
end
|
|
46
|
-
end
|
|
39
|
+
ustring = if ustring.respond_to?(:encode)
|
|
40
|
+
ustring.encode("UTF-16LE")
|
|
41
|
+
else
|
|
42
|
+
require "iconv"
|
|
43
|
+
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
|
44
|
+
end
|
|
47
45
|
ustring
|
|
48
46
|
end
|
|
49
47
|
|
|
@@ -53,14 +51,12 @@ module Win32
|
|
|
53
51
|
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
|
54
52
|
|
|
55
53
|
# encode it all as UTF-8
|
|
56
|
-
wstring =
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
end
|
|
63
|
-
end
|
|
54
|
+
wstring = if wstring.respond_to?(:encode)
|
|
55
|
+
wstring.encode("UTF-8")
|
|
56
|
+
else
|
|
57
|
+
require "iconv"
|
|
58
|
+
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
|
59
|
+
end
|
|
64
60
|
# remove trailing CRLF and NULL characters
|
|
65
61
|
wstring.strip!
|
|
66
62
|
wstring
|
|
@@ -87,11 +87,15 @@ module Win32
|
|
|
87
87
|
|
|
88
88
|
# Get certificate from open certificate store and return certificate object
|
|
89
89
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
|
90
|
-
def cert_get(certificate_thumbprint)
|
|
90
|
+
def cert_get(certificate_thumbprint, store_name:, store_location:)
|
|
91
91
|
validate_thumbprint(certificate_thumbprint)
|
|
92
92
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
|
93
|
-
cert_pem = get_cert_pem(thumbprint)
|
|
93
|
+
cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
|
|
94
94
|
cert_pem = format_pem(cert_pem)
|
|
95
|
+
if cert_pem.empty?
|
|
96
|
+
raise ArgumentError, "Unable to retrieve the certificate"
|
|
97
|
+
end
|
|
98
|
+
|
|
95
99
|
unless cert_pem.empty?
|
|
96
100
|
build_openssl_obj(cert_pem)
|
|
97
101
|
end
|
|
@@ -138,10 +142,10 @@ module Win32
|
|
|
138
142
|
# Verify certificate from open certificate store and return boolean or exceptions
|
|
139
143
|
# store_handler => Open certificate store handler
|
|
140
144
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
|
141
|
-
def cert_validate(certificate_thumbprint)
|
|
145
|
+
def cert_validate(certificate_thumbprint, store_location:, store_name:)
|
|
142
146
|
validate_thumbprint(certificate_thumbprint)
|
|
143
147
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
|
144
|
-
cert_pem = get_cert_pem(thumbprint)
|
|
148
|
+
cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
|
|
145
149
|
cert_pem = format_pem(cert_pem)
|
|
146
150
|
verify_certificate(cert_pem)
|
|
147
151
|
end
|
|
@@ -230,24 +234,13 @@ module Win32
|
|
|
230
234
|
end
|
|
231
235
|
|
|
232
236
|
# Get certificate pem
|
|
233
|
-
def get_cert_pem(thumbprint)
|
|
234
|
-
converted_store = if @store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
|
|
235
|
-
"LocalMachine"
|
|
236
|
-
else
|
|
237
|
-
"CurrentUser"
|
|
238
|
-
end
|
|
239
|
-
get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store))
|
|
240
|
-
get_data.stdout
|
|
241
|
-
end
|
|
242
|
-
|
|
243
|
-
# Get PFX object
|
|
244
|
-
def get_cert_pfx(thumbprint, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE, export_password:, output_path: )
|
|
237
|
+
def get_cert_pem(thumbprint, store_name:, store_location:)
|
|
245
238
|
converted_store = if store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
|
|
246
239
|
"LocalMachine"
|
|
247
240
|
else
|
|
248
241
|
"CurrentUser"
|
|
249
242
|
end
|
|
250
|
-
get_data = powershell_exec!(cert_ps_cmd(thumbprint,
|
|
243
|
+
get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store, store_name: store_name))
|
|
251
244
|
get_data.stdout
|
|
252
245
|
end
|
|
253
246
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-certstore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|