Class: Puppet::Util::Windows::RootCerts

Inherits:
Object
  • Object
show all
Extended by:
FFI::Library
Includes:
Enumerable
Defined in:
lib/puppet/util/windows/root_certs.rb

Overview

Represents a collection of trusted root certificates.

Defined Under Namespace

Classes: CERT_CONTEXT

Class Method Summary collapse

Instance Method Summary collapse

Methods included from FFI::Library

attach_function_private

Methods included from Enumerable

#uniq

Constructor Details

#initialize(roots) ⇒ RootCerts

Returns a new instance of RootCerts.


12
13
14
# File 'lib/puppet/util/windows/root_certs.rb', line 12

def initialize(roots)
  @roots = roots
end

Class Method Details

.instancePuppet::Util::Windows::RootCerts

Returns a new instance.

Returns:


25
26
27
# File 'lib/puppet/util/windows/root_certs.rb', line 25

def self.instance
  new(self.load_certs)
end

.load_certsArray<[OpenSSL::X509::Certificate]>

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.

Returns an array of root certificates.

Returns:


33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# File 'lib/puppet/util/windows/root_certs.rb', line 33

def self.load_certs
  certs = []

  # This is based on a patch submitted to openssl:
  # https://www.mail-archive.com/[email protected]/msg26958.html
  ptr = FFI::Pointer::NULL
  store = CertOpenSystemStoreA(nil, "ROOT")
  begin
    while (ptr = CertEnumCertificatesInStore(store, ptr)) and not ptr.null?
      context = CERT_CONTEXT.new(ptr)
      cert_buf = context[:pbCertEncoded].read_bytes(context[:cbCertEncoded])
      begin
        certs << OpenSSL::X509::Certificate.new(cert_buf)
      rescue => detail
        Puppet.warning(_("Failed to import root certificate: %{detail}") % { detail: detail.inspect })
      end
    end
  ensure
    CertCloseStore(store, 0)
  end

  certs
end

Instance Method Details

#each {|cert| ... } ⇒ Object

Enumerates each root certificate.

Yield Parameters:


19
20
21
# File 'lib/puppet/util/windows/root_certs.rb', line 19

def each
  @roots.each {|cert| yield cert}
end