Added verify certificate and fetch certificate actions

Signed-off-by: piyushawasthi <[email protected]>

libraries/windows_helper.rb

@@ -123,20 +123,6 @@ def to_array(var)
       var.reject(&:nil?)
     end
 
-    def openssl_cert_obj
-      OpenSSL::X509::Certificate.new(raw_source)
-    end
-
-    def add_cert(cert_obj)
-      store = Win32::Certstore.open(store_name)
-      store.add(cert_obj)
-    end
-
-    def delete_cert
-      store = Win32::Certstore.open(store_name)
-      store.delete(source)
-    end
-
     def raw_source
       ext = File.extname(source)
       convert_pem(ext, source)

resources/certificate.rb

@@ -23,6 +23,7 @@
 property :private_key_acl, Array
 property :store_name, String, default: 'MY', equal_to: ['TRUSTEDPUBLISHER', 'TrustedPublisher', 'CLIENTAUTHISSUER', 'REMOTE DESKTOP', 'ROOT', 'TRUSTEDDEVICES', 'WEBHOSTING', 'CA', 'AUTHROOT', 'TRUSTEDPEOPLE', 'MY', 'SMARTCARDROOT', 'TRUST', 'DISALLOWED']
 property :user_store, [true, false], default: false
+property :cert_path, String
 
 action :create do
   add_cert_in_certstore
@@ -55,6 +56,23 @@
   delete_cert_from_certstore
 end
 
+action :fetch do
+  cert_obj = fetch_cert_from_certstore
+  if cert_obj
+    show_or_store_cert(cert_obj)
+  else
+    Chef::Log.info('Certificate not found')
+  end
+end
+
+action :verify do
+  out = verify_cert_from_certstore
+  if !!out == out
+    out = out ? 'Certificate is valid' : 'Certificate not valid'
+  end
+  Chef::Log.info(out.to_s)
+end
+
 action_class do
   include Windows::Helper
 
@@ -66,6 +84,76 @@ def delete_cert_from_certstore
     delete_cert
   end
 
+  def fetch_cert_from_certstore
+    fetch_cert
+  end
+
+  def verify_cert_from_certstore
+    verify_cert
+  end
+
+  def openssl_cert_obj
+    OpenSSL::X509::Certificate.new(raw_source)
+  end
+
+  def add_cert(cert_obj)
+    store = ::Win32::Certstore.open(store_name)
+    store.add(cert_obj)
+  end
+
+  def delete_cert
+    store = ::Win32::Certstore.open(store_name)
+    store.delete(source)
+  end
+
+  def fetch_cert
+    store = ::Win32::Certstore.open(store_name)
+    store.get(source)
+  end
+
+  def verify_cert
+    store = ::Win32::Certstore.open(store_name)
+    store.valid?(source)
+  end
+
+  def show_or_store_cert(cert_obj)
+    if cert_path
+      export_cert(cert_obj, cert_path)
+      if ::File.size(cert_path) > 0
+        Chef::Log.info("Certificate export in #{cert_path}")
+      else
+        ::File.delete(cert_path)
+      end
+    else
+      Chef::Log.info(cert_obj.display)
+    end
+  end
+
+  def export_cert(cert_obj, cert_path)
+    out_file = ::File.new(cert_path, 'w+')
+    case ::File.extname(cert_path)
+    when '.pem'
+      out_file.puts(cert_obj.to_pem)
+    when '.der'
+      out_file.puts(cert_obj.to_der)
+    when '.cer'
+      cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CER").stdout
+      out_file.puts(cert_out)
+    when '.crt'
+      cert_out = powershell_out("openssl x509 -text -inform DER -in #{cert_obj.to_pem} -outform CRT").stdout
+      out_file.puts(cert_out)
+    when '.pfx'
+      cert_out = powershell_out("openssl pkcs12 -export -nokeys -in #{cert_obj.to_pem} -outform PFX").stdout
+      out_file.puts(cert_out)
+    when '.p7b'
+      cert_out = powershell_out("openssl pkcs7 -export -nokeys -in #{cert_obj.to_pem} -outform P7B").stdout
+      out_file.puts(cert_out)
+    else
+      Chef::Log.info('Supported certificate format .pem, .der, .cer, .crt, .pfx and .p7b')
+    end
+    out_file.close
+  end
+
   def cert_location
     @location ||= new_resource.user_store ? 'CurrentUser' : 'LocalMachine'
   end

test/cookbooks/test/recipes/certificate.rb

@@ -107,3 +107,78 @@
   pfx_password 'chef123'
   store_name 'CA'
 end
+
+# Add (.PEM) format certificate in MY certificate store
+windows_certificate 'C:/certs/GlobalSignRootCA.pem' do
+  action :create
+end
+
+# Validate certificate by thumbprint
+windows_certificate 'b1bc968bd4f49d622aa89a81f2150152a41d829c' do
+  action :verify
+end
+
+# Validate certificate by thumbprint with space
+windows_certificate 'b1bc968bd4f49d622aa89a81f2150152a41d829c' do
+  action :verify
+end
+
+# Validate certificate by thumbprint with colon
+windows_certificate 'validate certificate' do
+  action :verify
+  source 'b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c'
+end
+
+# Validate certificate by invalid thumbprint
+windows_certificate 'validate certificate' do
+  action :verify
+  source 'b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c:1'
+end
+
+# Fetch certificate and display on console in PEM format
+windows_certificate 'b1bc968bd4f49d622aa89a81f2150152a41d829c' do
+  action :fetch
+end
+
+# Export certificate in PEM
+windows_certificate 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.pem'
+end
+
+# Export certificate in DER
+windows_certificate 'b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.der'
+end
+
+# Export certificate in CER
+windows_certificate 'Export certificate in cer' do
+  action :fetch
+  source 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c'
+  cert_path 'C:\certs\demo.cer'
+end
+
+# Export certificate in CRT
+windows_certificate 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.crt'
+end
+
+# Export certificate in PFX with no keys
+windows_certificate 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.pfx'
+end
+
+# Export certificate in P7B
+windows_certificate 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.p7b'
+end
+
+# Export certificate in invalid format return error
+windows_certificate 'b1 bc 96 8b d4 f4 9d 62 2a a8 9a 81 f2 15 01 52 a4 1d 82 9c' do
+  action :fetch
+  cert_path 'C:\certs\demo.mp3'
+end