diff --git a/lib/win32/certstore.rb b/lib/win32/certstore.rb index fb2d2fe..2117fde 100644 --- a/lib/win32/certstore.rb +++ b/lib/win32/certstore.rb @@ -54,6 +54,12 @@ def add(cert_file_path) return add end + def delete(certificate_name) + delete_cert = cert_delete(certstore_handler, certificate_name) + close + delete_cert + end + private attr_reader :certstore_handler diff --git a/lib/win32/certstore/mixin/crypto.rb b/lib/win32/certstore/mixin/crypto.rb index f8e4c4a..892a61f 100644 --- a/lib/win32/certstore/mixin/crypto.rb +++ b/lib/win32/certstore/mixin/crypto.rb @@ -105,6 +105,12 @@ def initialize(str = nil) safe_attach_function :CertAddEncodedCertificateToStore, [HCERTSTORE, :DWORD, :PWSTR, :DWORD, :INT_PTR, PCCERT_CONTEXT], :BOOL safe_attach_function :CertSerializeCertificateStoreElement, [PCCERT_CONTEXT, :DWORD, :pointer, :DWORD], :BOOL + # Duplicates a certificate context by incrementing its reference count + safe_attach_function :CertDuplicateCertificateContext, [PCCERT_CONTEXT], PCCERT_CONTEXT + # Delete certification from certification store + safe_attach_function :CertDeleteCertificateFromStore, [PCCERT_CONTEXT], :BOOL + # To retrieve specific certificates from certificate store + safe_attach_function :CertFindCertificateInStore, [HCERTSTORE, :DWORD, :DWORD, :DWORD, :LPVOID, PCCERT_CONTEXT], PCCERT_CONTEXT end end end diff --git a/lib/win32/certstore/store_base.rb b/lib/win32/certstore/store_base.rb index 88018bb..5f24207 100644 --- a/lib/win32/certstore/store_base.rb +++ b/lib/win32/certstore/store_base.rb @@ -58,6 +58,22 @@ def cert_add(store_handler, cert_file_path) end end + def cert_delete(store_handler, certificate_name) + begin + if ( pCertContext = CertFindCertificateInStore(store_handler, X509_ASN_ENCODING, 0, CERT_NAME_FRIENDLY_DISPLAY_TYPE, certificate_name, nil) and not pCertContext.null? ) + if CertDeleteCertificateFromStore(CertDuplicateCertificateContext(pCertContext)) + return "Deleted certificate #{certificate_name} successfully" + else + lookup_error + end + end + return "Cannot find certificate with name as `#{certificate_name}`. Please re-verify certificate Issuer name or Friendly name" + rescue Exception => e + @error = "delete: " + lookup_error + end + end + private def lookup_error(failed_operation = nil) @@ -73,6 +89,8 @@ def lookup_error(failed_operation = nil) raise Chef::Exceptions::Win32APIError, "ASN1 bad tag value met. -- Is the certificate in DER format?" when -2146881278 raise Chef::Exceptions::Win32APIError, "ASN1 unexpected end of data." + when -2147024891 + raise Chef::Exceptions::Win32APIError, "System.UnauthorizedAccessException, Access denied.." else raise Chef::Exceptions::Win32APIError, "Unable to #{failed_operation} certificate with error: #{last_error}." end diff --git a/spec/win32/unit/certstore_spec.rb b/spec/win32/unit/certstore_spec.rb index b967a5b..2ae2d32 100644 --- a/spec/win32/unit/certstore_spec.rb +++ b/spec/win32/unit/certstore_spec.rb @@ -72,10 +72,47 @@ end end + context "When deleting valid certificate" do + let (:store_name) { "ca" } + let (:certificate_name) { 'GeoTrust Global CA' } + before(:each) do + allow(certbase).to receive_message_chain(:CertFindCertificateInStore, :last).and_return(true) + allow_any_instance_of(certbase).to receive(:CertDeleteCertificateFromStore).and_return(true) + end + it "return message of successful deletion" do + store = certstore.open(store_name) + delete_cert = store.delete(certificate_name) + expect(delete_cert).to eq("Deleted certificate GeoTrust Global CA successfully") + end + end + + context "When deleting invalid certificate" do + let (:store_name) { "my" } + let (:certificate_name) { "tmp_cert.mydomain.com" } + it "return message of `Cannot find certificate`" do + allow_any_instance_of(certbase).to receive(:CertFindCertificateInStore).and_return(false) + store = certstore.open(store_name) + delete_cert = store.delete(certificate_name) + expect(delete_cert).to eq("Cannot find certificate with name as `tmp_cert.mydomain.com`. Please re-verify certificate Issuer name or Friendly name") + end + end + + context "When passing empty certificate_name to delete it" do + let (:store_name) { "my" } + let (:certificate_name) { "" } + it "return message of `Cannot find certificate`" do + allow_any_instance_of(certbase).to receive(:CertFindCertificateInStore).and_return(false) + store = certstore.open(store_name) + delete_cert = store.delete(certificate_name) + expect(delete_cert).to eq("Cannot find certificate with name as ``. Please re-verify certificate Issuer name or Friendly name") + end + end + context "When adding certificate failed with FFI::LastError" do let (:store_name) { "root" } let (:cert_file_path) { '.\win32\unit\assets\test.cer' } - + let (:certificate_name) { 'GlobalSign' } + it "returns 'The operation was canceled by the user'" do allow(certstore_obj).to receive(:CertAddEncodedCertificateToStore).and_return(false) allow(FFI::LastError).to receive(:error).and_return(1223) @@ -120,6 +157,14 @@ store = certstore.open(store_name) expect { store.add(cert_file_path) }.to raise_error("ASN1 unexpected end of data.") end + + it "return 'System.UnauthorizedAccessException, Access denied..'" do + allow(certbase).to receive(:CertFindCertificateInStore).and_return(true) + allow(certbase).to receive(:CertDeleteCertificateFromStore).and_return(false) + allow(FFI::LastError).to receive(:error).and_return(-2147024891) + store = certstore.open(store_name) + expect { store.delete(certificate_name) }.to raise_error(Chef::Exceptions::Win32APIError) + end end end end