/usr/lib/ruby/vendor_ruby/certificate_authority/pkcs11_key_material.rb is in ruby-certificate-authority 0.2.0~6dd483bf-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 | module CertificateAuthority
class Pkcs11KeyMaterial
include KeyMaterial
attr_accessor :engine
attr_accessor :token_id
attr_accessor :pkcs11_lib
attr_accessor :openssl_pkcs11_engine_lib
attr_accessor :pin
def initialize(attributes = {})
@attributes = attributes
initialize_engine
end
def is_in_hardware?
true
end
def is_in_memory?
false
end
def generate_key(modulus_bits=1024)
puts "Key generation is not currently supported in hardware"
nil
end
def private_key
initialize_engine
self.engine.load_private_key(self.token_id)
end
def public_key
initialize_engine
self.engine.load_public_key(self.token_id)
end
private
def initialize_engine
## We're going to return early and try again later if params weren't passed in
## at initialization. Any attempt at getting a public/private key will try
## again.
return false if self.openssl_pkcs11_engine_lib.nil? or self.pkcs11_lib.nil?
return self.engine unless self.engine.nil?
OpenSSL::Engine.load
pkcs11 = OpenSSL::Engine.by_id("dynamic") do |e|
e.ctrl_cmd("SO_PATH",self.openssl_pkcs11_engine_lib)
e.ctrl_cmd("ID","pkcs11")
e.ctrl_cmd("LIST_ADD","1")
e.ctrl_cmd("LOAD")
e.ctrl_cmd("PIN",self.pin) unless self.pin.nil? or self.pin == ""
e.ctrl_cmd("MODULE_PATH",self.pkcs11_lib)
end
self.engine = pkcs11
pkcs11
end
end
end
|