arcanus 0.12.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 7cdb8a1dbb476090b55baecf9a5dde6a7b2b6c5a
-  data.tar.gz: 0f7ba0190d7f34c2a6cf5632bff11820e035ee17
+  metadata.gz: 0f7f318dc67cf83cf9a258a8f73db5f8f8055530
+  data.tar.gz: 051293634b012a4d84b09f03e55ac9a041853f1b
 SHA512:
-  metadata.gz: 13ff94bf3267c65bc210e9a7290a2d589c6243cab79a11eebd6bdeb921e1b2d41d946205852a08db29407e7d5cd57fa835acaa8371c1240a42667a392e124197
-  data.tar.gz: 515a1daa9fccd92f4f44a383c8b98d699b8534fc76cac637b66dc7d6e728b000f77ea2460adba41f16725c9ac85091798feb9bd8a22c3c5cf6644b49a9142f4c
+  metadata.gz: f8aef9c0613d3849b8dfef3c8c585f7fe16c91c3647c1670784029819fe1d31005f3574b882a0b30f4f7faaa505a2171218bf27742decf5094c74690df49b795
+  data.tar.gz: 6c468609ff2cc18b8fa9d4b4cce904c662df53c188dc2f172ec3d3c1c2b15942221f0c5476c8e2ceea3296006a538634b4f93a09475d61e9f5d9f2fca8a93196

data/lib/arcanus.rb

@@ -1,7 +1,6 @@
 require 'arcanus/constants'
 require 'arcanus/errors'
 require 'arcanus/error_handler'
-require 'arcanus/configuration'
 require 'arcanus/input'
 require 'arcanus/output'
 require 'arcanus/ui'
@@ -27,9 +26,8 @@ module Arcanus
   # Loads Arcanus chest and decrypts secrets.
   #
   # @param directory [String] repo directory
-  def load(directory = Dir.pwd)
-    @config = Configuration.load_applicable(directory)
-    @repo = Repo.new(@config)
+  def load
+    @repo = Repo.new
 
     unless File.directory?(@repo.arcanus_dir)
       raise Errors::UsageError,

data/lib/arcanus/chest.rb

@@ -7,6 +7,7 @@ module Arcanus
   # Encapsulates the collection of encrypted secrets managed by Arcanus.
   class Chest # rubocop:disable Metrics/ClassLength
     SIGNATURE_SIZE_BITS = 256
+    ENCRYPTION_CIPHER = OpenSSL::Cipher.new('AES-256-CBC')
 
     def initialize(key:, chest_file_path:)
       @key = key
@@ -157,7 +158,14 @@ module Arcanus
 
     def encrypt_value(value)
       dumped_value = Marshal.dump(value)
-      encrypted_value = Base64.encode64(@key.encrypt(dumped_value))
+
+      # Create a random symmetric key so we can encrypt plaintext of arbitrary length
+      sym_key = ENCRYPTION_CIPHER.reset.encrypt.random_key
+      iv = Base64.encode64(ENCRYPTION_CIPHER.random_iv)
+      enc_sym_key = Base64.encode64(@key.encrypt(sym_key))
+      encrypted_value = Base64.encode64(ENCRYPTION_CIPHER.update(dumped_value) +
+                                        ENCRYPTION_CIPHER.final)
+
       salt = SecureRandom.hex(8)
 
       signature = Digest::SHA2.new(SIGNATURE_SIZE_BITS).tap do |digest|
@@ -165,23 +173,31 @@ module Arcanus
         digest << dumped_value
       end.to_s
 
-      "#{encrypted_value}:#{salt}:#{signature}"
+      "#{iv}:#{enc_sym_key}:#{encrypted_value}:#{salt}:#{signature}"
     end
 
-    def decrypt_value(blob)
+    def decrypt_value(blob) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
       unless blob.is_a?(String)
         raise Errors::DecryptionError,
               "Expecting an encrypted blob but got '#{blob}'"
       end
 
-      encrypted_value, salt, signature = blob.split(':')
+      iv_b64, enc_sym_key_b64, encrypted_value_b64, salt, signature = blob.split(':')
 
-      if signature.nil? || salt.nil? || encrypted_value.nil?
+      if signature.nil? || salt.nil? || encrypted_value_b64.nil? ||
+         enc_sym_key_b64.nil? || iv_b64.nil?
         raise Errors::DecryptionError,
-              "Invalid blob format '#{blob}' (must be of the form 'signature:salt:ciphertext')"
+              "Invalid blob format '#{blob}'. " \
+              'Did you encrypt this with an older version of Arcanus?'
       end
 
-      dumped_value = @key.decrypt(Base64.decode64(encrypted_value))
+      iv = Base64.decode64(iv_b64)
+      sym_key = @key.decrypt(Base64.decode64(enc_sym_key_b64))
+      ENCRYPTION_CIPHER.reset.decrypt
+      ENCRYPTION_CIPHER.iv = iv
+      ENCRYPTION_CIPHER.key = sym_key
+      dumped_value = ENCRYPTION_CIPHER.update(Base64.decode64(encrypted_value_b64)) +
+        ENCRYPTION_CIPHER.final
 
       actual_signature = Digest::SHA2.new(SIGNATURE_SIZE_BITS).tap do |digest|
         digest << salt

data/lib/arcanus/cli.rb

@@ -28,8 +28,7 @@ module Arcanus
     # @param [Array<String>] arguments
     # @return [Integer] exit status code
     def run(arguments)
-      config = Configuration.load_applicable
-      run_command(config, arguments)
+      run_command(arguments)
 
       ExitCodes::OK
     rescue => ex
@@ -40,15 +39,14 @@ module Arcanus
 
     # Executes the appropriate command given the list of command line arguments.
     #
-    # @param config [Arcanus::Configuration]
     # @param ui [Arcanus::UI]
     # @param arguments [Array<String>]
     # @raise [Arcanus::Errors::ArcanusError] when any exceptional circumstance occurs
-    def run_command(config, arguments)
+    def run_command(arguments)
       arguments = convert_arguments(arguments)
 
       require 'arcanus/command/base'
-      Command::Base.from_arguments(config, @ui, arguments).run
+      Command::Base.from_arguments(@ui, arguments).run
     end
 
     def convert_arguments(arguments)

data/lib/arcanus/command/base.rb

@@ -8,12 +8,11 @@ module Arcanus::Command
     class << self
       # Create a command from a list of arguments.
       #
-      # @param config [Arcanus::Configuration]
       # @param ui [Arcanus::UI]
       # @param arguments [Array<String>]
       # @return [Arcanus::Command::Base] appropriate command for the given
       #   arguments
-      def from_arguments(config, ui, arguments)
+      def from_arguments(ui, arguments)
         cmd = arguments.first
 
         begin
@@ -23,7 +22,7 @@ module Arcanus::Command
                 "`arcanus #{cmd}` is not a valid command"
         end
 
-        Arcanus::Command.const_get(Arcanus::Utils.camel_case(cmd)).new(config, ui, arguments)
+        Arcanus::Command.const_get(Arcanus::Utils.camel_case(cmd)).new(ui, arguments)
       end
 
       def description(desc = nil)
@@ -36,11 +35,9 @@ module Arcanus::Command
       end
     end
 
-    # @param config [Arcanus::Configuration]
     # @param ui [Arcanus::UI]
     # @param arguments [Array<String>]
-    def initialize(config, ui, arguments)
-      @config = config
+    def initialize(ui, arguments)
       @ui = ui
       @arguments = arguments
     end
@@ -61,7 +58,7 @@ module Arcanus::Command
     #
     # @param command_arguments [Array<String>]
     def execute_command(command_arguments)
-      self.class.from_arguments(config, ui, command_arguments).execute
+      self.class.from_arguments(ui, command_arguments).execute
     end
 
     private
@@ -69,9 +66,6 @@ module Arcanus::Command
     # @return [Array<String>]
     attr_reader :arguments
 
-    # @return [Arcanus::Configuration]
-    attr_reader :config
-
     # @return [Arcanus::UI]
     attr_reader :ui
 
@@ -79,7 +73,7 @@ module Arcanus::Command
     #
     # @return [Arcanus::Repo]
     def repo
-      @repo ||= Arcanus::Repo.new(@config)
+      @repo ||= Arcanus::Repo.new
     end
 
     # Execute a process and return the result including status and output.

data/lib/arcanus/key.rb

@@ -4,7 +4,7 @@ module Arcanus
   # Encapsulates operations for creating keys that encrypt/decrypt secrets.
   class Key
     DEFAULT_SIZE = 4096
-    PASSWORD_CIPHER = OpenSSL::Cipher.new('AES-256-CBC')
+    PEM_PASSWORD_CIPHER = OpenSSL::Cipher.new('AES-256-CBC')
 
     class << self
       def generate(key_size_bits: DEFAULT_SIZE)
@@ -36,7 +36,7 @@ module Arcanus
     def save(key_file_path:, password: nil)
       pem =
         if password
-          @key.to_pem(PASSWORD_CIPHER, password)
+          @key.to_pem(PEM_PASSWORD_CIPHER, password)
         else
           @key.to_pem
         end

data/lib/arcanus/repo.rb

@@ -3,11 +3,6 @@ require 'pathname'
 module Arcanus
   # Exposes information about the current git repository.
   class Repo
-    # @param config [Arcanus::Configuration]
-    def initialize(config)
-      @config = config
-    end
-
     # Returns the absolute path to the root of the current repository the
     # current working directory resides within.
     #

data/lib/arcanus/version.rb

@@ -2,5 +2,5 @@
 
 # Defines the gem version.
 module Arcanus
-  VERSION = '0.12.1'.freeze
+  VERSION = '1.0.0'.freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arcanus
 version: !ruby/object:Gem::Version
-  version: 0.12.1
+  version: 1.0.0
 platform: ruby
 authors:
 - Shane da Silva
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-11-08 00:00:00.000000000 Z
+date: 2016-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: childprocess
@@ -74,7 +74,6 @@ files:
 - lib/arcanus/command/show.rb
 - lib/arcanus/command/unlock.rb
 - lib/arcanus/command/version.rb
-- lib/arcanus/configuration.rb
 - lib/arcanus/constants.rb
 - lib/arcanus/error_handler.rb
 - lib/arcanus/errors.rb

data/lib/arcanus/configuration.rb

@@ -1,94 +0,0 @@
-# frozen_string_literal: true
-
-require 'pathname'
-require 'yaml'
-
-module Arcanus
-  # Stores runtime configuration for the application.
-  #
-  # This is intended to define helper methods for accessing configuration so
-  # this logic can be shared amongst the various components of the system.
-  class Configuration
-    # Name of the configuration file.
-    FILE_NAME = 'config.yaml'.freeze
-
-    class << self
-      # Loads appropriate configuration file given the current working
-      # directory.
-      #
-      # @return [Arcanus::Configuration]
-      def load_applicable(working_directory = Dir.pwd)
-        current_directory = File.expand_path(working_directory)
-        config_file = applicable_config_file(current_directory)
-
-        if config_file
-          from_file(config_file)
-        else
-          # No configuration file, so assume defaults
-          new({})
-        end
-      end
-
-      # Loads a configuration from a file.
-      #
-      # @return [Arcanus::Configuration]
-      def from_file(config_file)
-        options =
-          if yaml = YAML.load_file(config_file)
-            yaml.to_hash
-          else
-            {}
-          end
-
-        new(options)
-      end
-
-      private
-
-      # Returns the first valid configuration file found, starting from the
-      # current working directory and ascending to ancestor directories.
-      #
-      # @param directory [String]
-      # @return [String, nil]
-      def applicable_config_file(directory)
-        Pathname.new(directory)
-                .enum_for(:ascend)
-                .map { |dir| dir + '.arcanus' + FILE_NAME }
-                .find do |config_file|
-          config_file if config_file.exist?
-        end
-      end
-    end
-
-    # Creates a configuration from the given options hash.
-    #
-    # @param options [Hash]
-    def initialize(options)
-      @options = options
-    end
-
-    # Access the configuration as if it were a hash.
-    #
-    # @param key [String, Symbol]
-    # @return [Array, Hash, Number, String]
-    def [](key)
-      @options[key.to_s]
-    end
-
-    # Access the configuration as if it were a hash.
-    #
-    # @param key [String, Symbol]
-    # @return [Array, Hash, Number, String]
-    def fetch(key, *args)
-      @options.fetch(key.to_s, *args)
-    end
-
-    # Compares this configuration with another.
-    #
-    # @param other [HamlLint::Configuration]
-    # @return [true,false] whether the given configuration is equivalent
-    def ==(other)
-      super || @options == other.instance_variable_get('@options')
-    end
-  end
-end