win32-certstore 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/win32/certstore.rb +4 -16
- data/lib/win32/certstore/mixin/helper.rb +6 -38
- data/lib/win32/certstore/mixin/string.rb +12 -16
- data/lib/win32/certstore/store_base.rb +10 -17
- data/lib/win32/certstore/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e832ae077e8be7cd039393f84b74062e58dd331b1317cdcc2a1bb1f13109f176
|
|
4
|
+
data.tar.gz: 453bd4ad7e2d6a92d3935b0a4df4f241636b657256a39f1ac35bc81d2d34030b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a3254affc58f8eb862a585b78cc5c5451c61db3398ef1de59ffcb6580755f5e24338c2a1caf16e89e46db4e8ee7c9f431a1c4372768cb7ff08bd76265d1b53da
|
|
7
|
+
data.tar.gz: bab7b27e4c0c6d780556a6410836283f6de31c64d559fb1b331b679c3d671b68673b6313f53560916e0a5c89f83fff658fd3335f965cfa3024b5066860393b3b
|
data/lib/win32/certstore.rb
CHANGED
|
@@ -74,20 +74,8 @@ module Win32
|
|
|
74
74
|
# Return `OpenSSL::X509` certificate object
|
|
75
75
|
# @param request [thumbprint<string>] of certificate
|
|
76
76
|
# @return [Object] of certificates in OpenSSL::X509 format
|
|
77
|
-
def get(certificate_thumbprint)
|
|
78
|
-
cert_get(certificate_thumbprint)
|
|
79
|
-
end
|
|
80
|
-
|
|
81
|
-
# Returns a filepath to a PKCS12 container. The filepath is in a temporary folder so normal housekeeping by the OS should clear it.
|
|
82
|
-
# However, you should delete it yourself anyway.
|
|
83
|
-
# @param certificate_thumbprint [String] Is the thumbprint of the pfx blob you want to capture
|
|
84
|
-
# @param store_location: [String] A location in the Cert store where the pfx is located, typically 'LocalMachine'
|
|
85
|
-
# @param export_password: [String] The password to export with. P12 objects are an encrypted container that have a private key in \
|
|
86
|
-
# them and a password is required to export them.
|
|
87
|
-
# @param output_path: [String] The path where the you want P12 exported to.
|
|
88
|
-
# @return [Object] of certificate set in PKSC12 format at the path specified above
|
|
89
|
-
def get_pfx(certificate_thumbprint, store_location: @store_location, export_password:, output_path: "")
|
|
90
|
-
get_cert_pfx(certificate_thumbprint, store_location: store_location, export_password: export_password, output_path: output_path)
|
|
77
|
+
def get(certificate_thumbprint, store_name: @store_name, store_location: @store_location)
|
|
78
|
+
cert_get(certificate_thumbprint, store_name: store_name, store_location: store_location)
|
|
91
79
|
end
|
|
92
80
|
|
|
93
81
|
# Returns all the certificates in a store
|
|
@@ -114,8 +102,8 @@ module Win32
|
|
|
114
102
|
# Validates a certificate in a certificate store on the basis of time validity
|
|
115
103
|
# @param request[thumbprint<string>] of certificate
|
|
116
104
|
# @return [true, false] only true or false
|
|
117
|
-
def valid?(certificate_thumbprint)
|
|
118
|
-
cert_validate(certificate_thumbprint)
|
|
105
|
+
def valid?(certificate_thumbprint, store_location: "", store_name: "")
|
|
106
|
+
cert_validate(certificate_thumbprint, store_location: store_location, store_name: store_name)
|
|
119
107
|
end
|
|
120
108
|
|
|
121
109
|
# To close and destroy pointer of open certificate store handler
|
|
@@ -21,52 +21,20 @@ module Win32
|
|
|
21
21
|
class Certstore
|
|
22
22
|
module Mixin
|
|
23
23
|
module Helper
|
|
24
|
-
|
|
25
|
-
def cert_ps_cmd(thumbprint, store_location: "LocalMachine", export_password: "1234", output_path: "")
|
|
24
|
+
def cert_ps_cmd(thumbprint, store_location: "LocalMachine", store_name: "My")
|
|
26
25
|
<<-EOH
|
|
27
|
-
$cert = Get-ChildItem Cert
|
|
26
|
+
$cert = Get-ChildItem Cert:\\#{store_location}\\#{store_name} -Recurse | Where { $_.Thumbprint -eq "#{thumbprint}" }
|
|
28
27
|
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
$usagelist = ($cert).EnhancedKeyUsageList
|
|
33
|
-
foreach($use in $usagelist){
|
|
34
|
-
if($use.FriendlyName -like "Client Authentication" ){
|
|
35
|
-
return $true
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
return $false
|
|
39
|
-
}
|
|
40
|
-
|
|
41
|
-
$result = test_cert_values
|
|
42
|
-
|
|
43
|
-
$output_path = "#{output_path}"
|
|
44
|
-
if([string]::IsNullOrEmpty($output_path)){
|
|
45
|
-
$temproot = [System.IO.Path]::GetTempPath()
|
|
46
|
-
}
|
|
47
|
-
else{
|
|
48
|
-
$temproot = $output_path
|
|
49
|
-
}
|
|
50
|
-
|
|
51
|
-
if((($cert).HasPrivateKey) -and ($result -eq $true)){
|
|
52
|
-
$file_name = '#{thumbprint}'
|
|
53
|
-
$file_path = $(Join-Path -Path $temproot -ChildPath "$file_name.pfx")
|
|
54
|
-
$mypwd = ConvertTo-SecureString -String '#{export_password}' -Force -AsPlainText
|
|
55
|
-
$cert | Export-PfxCertificate -FilePath $file_path -Password $mypwd | Out-Null
|
|
56
|
-
$file_path
|
|
57
|
-
}
|
|
58
|
-
else {
|
|
59
|
-
$content = $null
|
|
60
|
-
if($cert -ne $null)
|
|
61
|
-
{
|
|
28
|
+
$content = $null
|
|
29
|
+
if($null -ne $cert)
|
|
30
|
+
{
|
|
62
31
|
$content = @(
|
|
63
32
|
'-----BEGIN CERTIFICATE-----'
|
|
64
33
|
[System.Convert]::ToBase64String($cert.RawData, 'InsertLineBreaks')
|
|
65
34
|
'-----END CERTIFICATE-----'
|
|
66
35
|
)
|
|
67
|
-
}
|
|
68
|
-
$content
|
|
69
36
|
}
|
|
37
|
+
$content
|
|
70
38
|
EOH
|
|
71
39
|
end
|
|
72
40
|
|
|
@@ -36,14 +36,12 @@ module Win32
|
|
|
36
36
|
ustring += "\000\000" if ustring.length == 0 || ustring[-1].chr != "\000"
|
|
37
37
|
|
|
38
38
|
# encode it all as UTF-16LE AKA Windows Wide Character AKA Windows Unicode
|
|
39
|
-
ustring =
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
end
|
|
46
|
-
end
|
|
39
|
+
ustring = if ustring.respond_to?(:encode)
|
|
40
|
+
ustring.encode("UTF-16LE")
|
|
41
|
+
else
|
|
42
|
+
require "iconv"
|
|
43
|
+
Iconv.conv("UTF-16LE", "UTF-8", ustring)
|
|
44
|
+
end
|
|
47
45
|
ustring
|
|
48
46
|
end
|
|
49
47
|
|
|
@@ -53,14 +51,12 @@ module Win32
|
|
|
53
51
|
wstring = wstring.force_encoding("UTF-16LE") if wstring.respond_to?(:force_encoding)
|
|
54
52
|
|
|
55
53
|
# encode it all as UTF-8
|
|
56
|
-
wstring =
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
end
|
|
63
|
-
end
|
|
54
|
+
wstring = if wstring.respond_to?(:encode)
|
|
55
|
+
wstring.encode("UTF-8")
|
|
56
|
+
else
|
|
57
|
+
require "iconv"
|
|
58
|
+
Iconv.conv("UTF-8", "UTF-16LE", wstring)
|
|
59
|
+
end
|
|
64
60
|
# remove trailing CRLF and NULL characters
|
|
65
61
|
wstring.strip!
|
|
66
62
|
wstring
|
|
@@ -87,11 +87,15 @@ module Win32
|
|
|
87
87
|
|
|
88
88
|
# Get certificate from open certificate store and return certificate object
|
|
89
89
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
|
90
|
-
def cert_get(certificate_thumbprint)
|
|
90
|
+
def cert_get(certificate_thumbprint, store_name:, store_location:)
|
|
91
91
|
validate_thumbprint(certificate_thumbprint)
|
|
92
92
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
|
93
|
-
cert_pem = get_cert_pem(thumbprint)
|
|
93
|
+
cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
|
|
94
94
|
cert_pem = format_pem(cert_pem)
|
|
95
|
+
if cert_pem.empty?
|
|
96
|
+
raise ArgumentError, "Unable to retrieve the certificate"
|
|
97
|
+
end
|
|
98
|
+
|
|
95
99
|
unless cert_pem.empty?
|
|
96
100
|
build_openssl_obj(cert_pem)
|
|
97
101
|
end
|
|
@@ -138,10 +142,10 @@ module Win32
|
|
|
138
142
|
# Verify certificate from open certificate store and return boolean or exceptions
|
|
139
143
|
# store_handler => Open certificate store handler
|
|
140
144
|
# certificate_thumbprint => thumbprint is a hash. which could be sha1 or md5.
|
|
141
|
-
def cert_validate(certificate_thumbprint)
|
|
145
|
+
def cert_validate(certificate_thumbprint, store_location:, store_name:)
|
|
142
146
|
validate_thumbprint(certificate_thumbprint)
|
|
143
147
|
thumbprint = update_thumbprint(certificate_thumbprint)
|
|
144
|
-
cert_pem = get_cert_pem(thumbprint)
|
|
148
|
+
cert_pem = get_cert_pem(thumbprint, store_name: store_name, store_location: store_location)
|
|
145
149
|
cert_pem = format_pem(cert_pem)
|
|
146
150
|
verify_certificate(cert_pem)
|
|
147
151
|
end
|
|
@@ -230,24 +234,13 @@ module Win32
|
|
|
230
234
|
end
|
|
231
235
|
|
|
232
236
|
# Get certificate pem
|
|
233
|
-
def get_cert_pem(thumbprint)
|
|
234
|
-
converted_store = if @store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
|
|
235
|
-
"LocalMachine"
|
|
236
|
-
else
|
|
237
|
-
"CurrentUser"
|
|
238
|
-
end
|
|
239
|
-
get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store))
|
|
240
|
-
get_data.stdout
|
|
241
|
-
end
|
|
242
|
-
|
|
243
|
-
# Get PFX object
|
|
244
|
-
def get_cert_pfx(thumbprint, store_location: CERT_SYSTEM_STORE_LOCAL_MACHINE, export_password:, output_path: )
|
|
237
|
+
def get_cert_pem(thumbprint, store_name:, store_location:)
|
|
245
238
|
converted_store = if store_location == CERT_SYSTEM_STORE_LOCAL_MACHINE
|
|
246
239
|
"LocalMachine"
|
|
247
240
|
else
|
|
248
241
|
"CurrentUser"
|
|
249
242
|
end
|
|
250
|
-
get_data = powershell_exec!(cert_ps_cmd(thumbprint,
|
|
243
|
+
get_data = powershell_exec!(cert_ps_cmd(thumbprint, store_location: converted_store, store_name: store_name))
|
|
251
244
|
get_data.stdout
|
|
252
245
|
end
|
|
253
246
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: win32-certstore
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chef Software
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-04-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|