aspera-cli 4.15.0 → 4.17.0

data/lib/aspera/cli/transfer_agent.rb

@@ -1,7 +1,10 @@
 # frozen_string_literal: true
 
-require 'aspera/fasp/transfer_spec'
+require 'aspera/agent/base'
+require 'aspera/transfer/spec'
 require 'aspera/cli/info'
+require 'aspera/log'
+require 'aspera/assert'
 
 module Aspera
   module Cli
@@ -28,7 +31,7 @@ module Aspera
         :FILE_LIST_FROM_TRANSFER_SPEC,
         :FILE_LIST_OPTIONS,
         :DEFAULT_TRANSFER_NOTIFY_TEMPLATE
-      TRANSFER_AGENTS = %i[direct node connect httpgw trsdk].freeze
+      TRANSFER_AGENTS = Agent::Base.agent_list.freeze
 
       class << self
         # @return :success if all sessions statuses returned by "start" are success
@@ -52,6 +55,8 @@ module Aspera
         @agent = nil
         # source/destination pair, like "paths" of transfer spec
         @transfer_paths = nil
+        # HTTPGW URL provided by webapp
+        @httpgw_url_lambda = nil
         @opt_mgr.declare(:ts, 'Override transfer spec values', types: Hash, handler: {o: self, m: :option_transfer_spec})
         @opt_mgr.declare(:to_folder, 'Destination folder for transferred files')
         @opt_mgr.declare(:sources, "How list of transferred files is provided (#{FILE_LIST_OPTIONS.join(',')})")
@@ -65,7 +70,7 @@ module Aspera
 
       # multiple option are merged
       def option_transfer_spec=(value)
-        raise 'option ts shall be a Hash' unless value.is_a?(Hash)
+        Aspera.assert_type(value, Hash){'ts'}
         @transfer_spec_command_line.deep_merge!(value)
       end
 
@@ -92,11 +97,12 @@ module Aspera
       end
 
       # analyze options and create new agent if not already created or set
-      def set_agent_by_options
-        return nil unless @agent.nil?
+      # TODO: make a Factory pattern
+      def agent_instance
+        return @agent unless @agent.nil?
         agent_type = @opt_mgr.get_option(:transfer, mandatory: true)
         # agent plugin is loaded on demand to avoid loading unnecessary dependencies
-        require "aspera/fasp/agent_#{agent_type}"
+        require "aspera/agent/#{agent_type}"
         # set keys as symbols
         agent_options = @opt_mgr.get_option(:transfer_info).symbolize_keys
         # special cases
@@ -110,14 +116,20 @@ module Aspera
         when :direct
           # by default do not display ascp native progress bar
           agent_options[:quiet] = true unless agent_options.key?(:quiet)
-          agent_options[:check_ignore] = ->(host, port){@config.ignore_cert?(host, port)}
-          agent_options[:trusted_certs] = @config.trusted_cert_locations(files_only: true) unless agent_options.key?(:trusted_certs)
+          agent_options[:check_ignore_cb] = ->(host, port){@config.ignore_cert?(host, port)}
+          agent_options[:trusted_certs] = @config.trusted_cert_locations unless agent_options.key?(:trusted_certs)
+        when :httpgw
+          unless agent_options.key?(:url) || @httpgw_url_lambda.nil?
+            Log.log.debug('retrieving HTTPGW URL from webapp')
+            agent_options[:url] = @httpgw_url_lambda.call
+          end
         end
         agent_options[:progress] = @config.progress_bar
         # get agent instance
-        new_agent = Kernel.const_get("Aspera::Fasp::Agent#{agent_type.capitalize}").new(agent_options)
+        new_agent = Kernel.const_get("Aspera::Agent::#{agent_type.capitalize}").new(agent_options)
         self.agent_instance = new_agent
-        return nil
+        Log.log.debug{"transfer agent is a #{@agent.class}"}
+        return @agent
       end
 
       # return destination folder for transfers
@@ -131,9 +143,9 @@ module Aspera
         return dest_folder unless dest_folder.nil?
         # default: / on remote, . on local
         case direction.to_s
-        when Fasp::TransferSpec::DIRECTION_SEND then dest_folder = '/'
-        when Fasp::TransferSpec::DIRECTION_RECEIVE then dest_folder = '.'
-        else raise "wrong direction: #{direction}"
+        when Transfer::Spec::DIRECTION_SEND then dest_folder = '/'
+        when Transfer::Spec::DIRECTION_RECEIVE then dest_folder = '.'
+        else Aspera.error_unexpected_value(direction)
         end
         return dest_folder
       end
@@ -145,6 +157,11 @@ module Aspera
         end
       end
 
+      def httpgw_url_cb=(httpgw_url_proc)
+        Aspera.assert_type(httpgw_url_proc, Proc){'httpgw_url_cb'}
+        @httpgw_url_lambda = httpgw_url_proc
+      end
+
       # This is how the list of files to be transferred is specified
       # get paths suitable for transfer spec from command line
       # @return [Hash] {source: (mandatory), destination: (optional)}
@@ -167,7 +184,7 @@ module Aspera
           Log.log.debug('assume list provided in transfer spec')
           special_case_direct_with_list =
             @opt_mgr.get_option(:transfer, mandatory: true).eql?(:direct) &&
-            Fasp::Parameters.ts_has_ascp_file_list(@transfer_spec_command_line, @opt_mgr.get_option(:transfer_info))
+            Transfer::Parameters.ascp_args_file_list?(@opt_mgr.get_option(:transfer_info)['ascp_args'])
           raise Cli::BadArgument, 'transfer spec on command line must have sources' if @transfer_paths.nil? && !special_case_direct_with_list
           # here we assume check of sources is made in transfer agent
           return @transfer_paths
@@ -181,14 +198,15 @@ module Aspera
         if !@transfer_paths.nil?
           Log.log.warn('--sources overrides paths from --ts')
         end
-        case @opt_mgr.get_option(:src_type, mandatory: true)
+        source_type = @opt_mgr.get_option(:src_type, mandatory: true)
+        case source_type
         when :list
           # when providing a list, just specify source
           @transfer_paths = file_list.map{|i|{'source' => i}}
         when :pair
-          raise Cli::BadArgument, "When using pair, provide an even number of paths: #{file_list.length}" unless file_list.length.even?
+          Aspera.assert(file_list.length.even?, exception_class: Cli::BadArgument){"When using pair, provide an even number of paths: #{file_list.length}"}
           @transfer_paths = file_list.each_slice(2).to_a.map{|s, d|{'source' => s, 'destination' => d}}
-        else raise 'Unsupported src_type'
+        else Aspera.error_unexpected_value(source_type)
         end
         Log.log.debug{"paths=#{@transfer_paths}"}
         return @transfer_paths
@@ -199,14 +217,14 @@ module Aspera
       # @param rest_token [Rest] if oauth token regeneration supported
       def start(transfer_spec, rest_token: nil)
         # check parameters
-        raise 'transfer_spec must be hash' unless transfer_spec.is_a?(Hash)
+        Aspera.assert_type(transfer_spec, Hash){'transfer_spec'}
         # process :src option
         case transfer_spec['direction']
-        when Fasp::TransferSpec::DIRECTION_RECEIVE
+        when Transfer::Spec::DIRECTION_RECEIVE
           # init default if required in any case
           @transfer_spec_command_line['destination_root'] ||= destination_folder(transfer_spec['direction'])
-        when Fasp::TransferSpec::DIRECTION_SEND
-          if transfer_spec.dig('tags', Fasp::TransferSpec::TAG_RESERVED, 'node', 'access_key')
+        when Transfer::Spec::DIRECTION_SEND
+          if transfer_spec.dig('tags', Transfer::Spec::TAG_RESERVED, 'node', 'access_key')
             # gen4
             @transfer_spec_command_line.delete('destination_root') if @transfer_spec_command_line.key?('destination_root_id')
           elsif transfer_spec.key?('token')
@@ -223,12 +241,14 @@ module Aspera
         @transfer_spec_command_line['paths'] = transfer_spec['paths'] || ts_source_paths
         # updated transfer spec with command line
         updated_ts(transfer_spec)
+        # if TS from app has content_protection (e.g. F5), that means content is protected: ask password if not provided
+        if transfer_spec['content_protection'].eql?('decrypt') && !transfer_spec.key?('content_protection_password')
+          transfer_spec['content_protection_password'] = @opt_mgr.prompt_user_input('content protection password', true)
+        end
         # create transfer agent
-        set_agent_by_options
-        Log.log.debug{"transfer agent is a #{@agent.class}"}
-        @agent.start_transfer(transfer_spec, token_regenerator: rest_token)
+        agent_instance.start_transfer(transfer_spec, token_regenerator: rest_token)
         # list of: :success or "error message string"
-        result = @agent.wait_for_completion
+        result = agent_instance.wait_for_completion
         send_email_transfer_notification(transfer_spec, result)
         return result
       end

data/lib/aspera/cli/transfer_progress.rb

@@ -1,6 +1,7 @@
 # frozen_string_literal: true
 
 require 'aspera/log'
+require 'aspera/assert'
 require 'ruby-progressbar'
 
 module Aspera
@@ -25,9 +26,7 @@ module Aspera
 
       def event(session_id:, type:, info: nil)
         Log.log.debug{"progress: #{type} #{session_id} #{info}"}
-        if session_id.nil? && !type.eql?(:pre_start)
-          raise 'Internal error: session_id is nil'
-        end
+        Aspera.assert(!session_id.nil? || type.eql?(:pre_start)){'session_id is nil'}
         return if @completed
         if @progress_bar.nil?
           @progress_bar = ProgressBar.create(

data/lib/aspera/cli/version.rb

@@ -4,6 +4,6 @@ module Aspera
   module Cli
     # for beta add extension : .beta1
     # for dev version add extension : .pre
-    VERSION = '4.15.0'
+    VERSION = '4.17.0'
   end
 end

data/lib/aspera/colors.rb

@@ -53,4 +53,9 @@ class String
       define_method(name){self}
     end
   end
+  def capital_to_snake
+    return gsub(/([a-z\d])([A-Z])/, '\1_\2')
+        .gsub(/([A-Z]+)([A-Z][a-z])/, '\1_\2')
+        .downcase
+  end
 end

data/lib/aspera/command_line_builder.rb

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require 'aspera/log'
+require 'aspera/assert'
 module Aspera
   # helper class to build command line from a parameter list (key-value hash)
   # constructor takes hash: { 'param1':'value1', ...}
@@ -27,20 +29,20 @@ module Aspera
       # Called by provider of definition before constructor of this class so that params_definition has all mandatory fields
       def normalize_description(full_description)
         full_description.each do |name, options|
-          raise "Expecting Hash, but have #{options.class} in #{name}" unless options.is_a?(Hash)
+          Aspera.assert_type(options, Hash){name}
           unsupported_keys = options.keys - OPTIONS_KEYS
-          raise "Unsupported definition keys: #{unsupported_keys}" unless unsupported_keys.empty?
-          raise "Missing key: cli for #{name}" unless options.key?(:cli)
-          raise 'Key: cli must be Hash' unless options[:cli].is_a?(Hash)
-          raise 'Missing key: cli.type' unless options[:cli].key?(:type)
-          raise "Unsupported processing type for #{name}: #{options[:cli][:type]}" unless CLI_OPTION_TYPES.include?(options[:cli][:type])
+          Aspera.assert(unsupported_keys.empty?){"Unsupported definition keys: #{unsupported_keys}"}
+          Aspera.assert(options.key?(:cli)){"Missing key: cli for #{name}"}
+          Aspera.assert_type(options[:cli], Hash){'Key: cli'}
+          Aspera.assert(options[:cli].key?(:type)){'Missing key: cli.type'}
+          Aspera.assert_values(options[:cli][:type], CLI_OPTION_TYPES){"Unsupported processing type for #{name}"}
           # by default : optional
           options[:mandatory] ||= false
           options[:desc] ||= ''
           options[:desc] = "DEPRECATED: #{options[:deprecation]}\n#{options[:desc]}" if options.key?(:deprecation)
           cli = options[:cli]
           unsupported_cli_keys = cli.keys - CLI_KEYS
-          raise "Unsupported cli keys: #{unsupported_cli_keys}" unless unsupported_cli_keys.empty?
+          Aspera.assert(unsupported_cli_keys.empty?){"Unsupported cli keys: #{unsupported_cli_keys}"}
           # by default : string, unless it's without arg
           options[:accepted_types] ||= options[:cli][:type].eql?(:opt_without_arg) ? :bool : :string
           # single type is placed in array
@@ -109,7 +111,7 @@ module Aspera
       end
       processing_type = read ? :get_value : options[:cli][:type]
       # check mandatory parameter (nil is valid value)
-      raise Fasp::Error, "Missing mandatory parameter: #{name}" if options[:mandatory] && !@param_hash.key?(name)
+      raise Transfer::Error, "Missing mandatory parameter: #{name}" if options[:mandatory] && !@param_hash.key?(name)
       parameter_value = @param_hash[name]
       # no default setting
       # parameter_value=options[:default] if parameter_value.nil? and options.has_key?(:default)
@@ -121,11 +123,11 @@ module Aspera
         when :hash then Hash
         when :int then Integer
         when :bool then [TrueClass, FalseClass]
-        else raise "INTERNAL: unexpected value: #{type_symbol}"
+        else Aspera.error_unexpected_value(type_symbol)
         end
       end.flatten
       # check that value is of expected type
-      raise Fasp::Error, "#{name} is : #{parameter_value.class} (#{parameter_value}), shall be #{options[:accepted_types]}, " \
+      raise Transfer::Error, "#{name} is : #{parameter_value.class} (#{parameter_value}), shall be #{options[:accepted_types]}, " \
         unless parameter_value.nil? || expected_classes.include?(parameter_value.class)
       # special processing will be requested with type get_value
       @used_param_names.push(name) unless processing_type.eql?(:special)
@@ -147,10 +149,10 @@ module Aspera
         # :convert has name of class and encoding method
         conversion_class, conversion_method = options[:cli][:convert].split('.')
         converted_value = Kernel.const_get(conversion_class).send(conversion_method, parameter_value)
-        raise Fasp::Error, "unsupported #{name}: #{parameter_value}" if converted_value.nil?
+        raise Transfer::Error, "unsupported #{name}: #{parameter_value}" if converted_value.nil?
         parameter_value = converted_value
       when NilClass
-      else raise "not expected type for convert #{options[:cli][:convert].class} for #{name}"
+      else Aspera.error_unexpected_value(options[:cli][:convert].class)
       end
 
       case processing_type
@@ -159,14 +161,14 @@ module Aspera
       when :ignore, :special # ignore this parameter or process later
         return
       when :envvar # set in env var
-        raise 'error' unless options[:cli].key?(:variable)
+        Aspera.assert(options[:cli].key?(:variable)){'missing key: cli.variable'}
         @result[:env][options[:cli][:variable]] = parameter_value
       when :opt_without_arg # if present and true : just add option without value
         add_param = false
         case parameter_value
         when false then nil # nothing to put on command line, no creation by default
         when true then add_param = true
-        else raise Fasp::Error, "unsupported #{name}: #{parameter_value}"
+        else Aspera.error_unexpected_value(parameter_value){name}
         end
         add_param = !add_param if options[:add_on_false]
         add_command_line_options([options[:cli][:switch]]) if add_param

data/lib/aspera/coverage.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+# coverage for tests
+if ENV.key?('ENABLE_COVERAGE')
+  require 'simplecov'
+  require 'securerandom'
+  # compute development top folder based on this source location
+  development_root = 3.times.inject(File.realpath(__FILE__)) { |p, _| File.dirname(p) }
+  SimpleCov.root(development_root)
+  SimpleCov.enable_for_subprocesses if SimpleCov.respond_to?(:enable_for_subprocesses)
+  # keep cache data for 1 day (must be longer that time to run the whole test suite)
+  SimpleCov.merge_timeout(86400)
+  SimpleCov.command_name(SecureRandom.uuid)
+  SimpleCov.at_exit do
+    original_file_descriptor = $stdout
+    $stdout.reopen(File.join(development_root, 'simplecov.log'))
+    SimpleCov.result.format!
+    $stdout.reopen(original_file_descriptor)
+  end
+  SimpleCov.start
+end

data/lib/aspera/data_repository.rb

@@ -1,15 +1,46 @@
 # frozen_string_literal: true
 
-require 'aspera/log'
+require 'aspera/assert'
 require 'singleton'
+require 'openssl'
 
 module Aspera
   # a simple binary data repository
   class DataRepository
     include Singleton
+    # in same order as elements in folder
+    ELEMENTS = %i[dsa rsa uuid aspera.global-cli-client aspera.drive license]
+    START_INDEX = 1
+    DATA_FOLDER_NAME = 'data'
+
+    # decode data as expected as string
+    # @param name [Symbol] name of the data item
+    # @return [String] decoded data
+    def item(name)
+      index = ELEMENTS.index(name)
+      raise ArgumentError, "unknown data item #{name} (#{name.class})" unless index
+      raw_data = data(START_INDEX + index)
+      case name
+      when :dsa, :rsa
+        # generate PEM from DER
+        return OpenSSL::PKey.const_get(name.to_s.upcase).new(raw_data).to_pem
+      when :license
+        return Zlib::Inflate.inflate(raw_data)
+      when :uuid
+        return format('%08x-%04x-%04x-%04x-%04x%08x', *raw_data.unpack('NnnnnN'))
+      when :'aspera.global-cli-client', :'aspera.drive'
+        return Base64.urlsafe_encode64(raw_data)
+      else Aspera.error_unexpected_value(name)
+      end
+    end
+
+    private
+
+    private_constant :START_INDEX, :DATA_FOLDER_NAME
+
     # get binary value from data repository
     def data(id)
-      File.read(File.join(__dir__, 'data', id.to_s), mode: 'rb')
+      File.read(File.join(__dir__, DATA_FOLDER_NAME, id.to_s), mode: 'rb')
     end
   end
 end

data/lib/aspera/environment.rb

@@ -2,6 +2,7 @@
 
 # cspell:ignore USERPROFILE HOMEDRIVE HOMEPATH LC_CTYPE msys aarch
 require 'aspera/log'
+require 'aspera/assert'
 require 'rbconfig'
 
 # cspell:words MEBI mswin bccwin
@@ -15,10 +16,11 @@ module Aspera
     OS_AIX = :aix
     OS_LIST = [OS_WINDOWS, OS_X, OS_LINUX, OS_AIX].freeze
     CPU_X86_64 = :x86_64
+    CPU_ARM64 = :arm64
     CPU_PPC64 = :ppc64
     CPU_PPC64LE = :ppc64le
     CPU_S390 = :s390
-    CPU_LIST = [CPU_X86_64, CPU_PPC64, CPU_PPC64LE, CPU_S390].freeze
+    CPU_LIST = [CPU_X86_64, CPU_ARM64, CPU_PPC64, CPU_PPC64LE, CPU_S390].freeze
 
     BITS_PER_BYTE = 8
     MEBI = 1024 * 1024
@@ -54,8 +56,7 @@ module Aspera
         when /s390/
           return CPU_S390
         when /arm/, /aarch64/
-          # arm on mac has rosetta 2
-          return CPU_X86_64 if os.eql?(OS_X)
+          return CPU_ARM64
         end
         raise "Unknown CPU: #{RbConfig::CONFIG['host_cpu']}"
       end
@@ -88,7 +89,7 @@ module Aspera
 
       # value is provided in block
       def write_file_restricted(path, force: false, mode: nil)
-        raise 'coding error, missing content block' unless block_given?
+        Aspera.assert(block_given?, exception_class: Aspera::InternalError)
         if force || !File.exist?(path)
           # Windows may give error
           File.unlink(path) rescue nil

data/lib/aspera/faspex_gw.rb

@@ -1,17 +1,18 @@
 # frozen_string_literal: true
 
-require 'aspera/web_server_simple'
 require 'aspera/log'
+require 'aspera/assert'
+require 'webrick'
 require 'json'
 
 module Aspera
-  # this class answers the Faspex /send API and creates a package on Aspera on Cloud
+  # Simulate the Faspex 4 /send API and creates a package on Aspera on Cloud or Faspex 5
   class Faspex4GWServlet < WEBrick::HTTPServlet::AbstractServlet
-    # @param app_api [Aspera::AoC]
+    # @param app_api
     # @param app_context [String]
     def initialize(server, app_api, app_context)
+      Aspera.assert_values(app_api.class.name, ['Aspera::Api::AoC', 'Aspera::Rest'])
       super(server)
-      # typed: Aspera::AoC
       @app_api = app_api
       @app_context = app_context
     end
@@ -49,7 +50,7 @@ module Aspera
         operation:   'POST',
         subpath:     "packages/#{package['id']}/transfer_spec/upload",
         headers:     {'Accept' => 'application/json'},
-        url_params:  {transfer_type: Aspera::Cli::Plugins::Faspex5::TRANSFER_CONNECT},
+        url_params:  {transfer_type: Cli::Plugins::Faspex5::TRANSFER_CONNECT},
         json_params: {paths: [{'destination'=>'/'}]}
       )[:data]
       transfer_spec.delete('authentication')
@@ -67,13 +68,14 @@ module Aspera
           raise 'no payload' if request.body.nil?
           faspex_pkg_parameters = JSON.parse(request.body)
           Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
+          # compare string, as class is not yet known here
           faspex_package_create_result =
-            if @app_api.class.name.eql?('Aspera::AoC')
+            case @app_api.class.name
+            when 'Aspera::Api::AoC'
               faspex4_send_to_aoc(faspex_pkg_parameters)
-            elsif @app_api.class.name.eql?('Aspera::Rest')
+            when 'Aspera::Rest'
               faspex4_send_to_faspex5(faspex_pkg_parameters)
-            else
-              raise "No such adapter: #{@app_api.class}"
+            else Aspera.error_unexpected_value(@app_api.class.name)
             end
           Log.log.info{"faspex_package_create_result=#{faspex_package_create_result}"}
           response.status = 200
@@ -89,8 +91,8 @@ module Aspera
       else
         response.status = 400
         response['Content-Type'] = 'application/json'
-        response.body = {error: 'Bad request'}.to_json
+        response.body = {error: 'Unsupported endpoint'}.to_json
       end
     end
   end # Faspex4GWServlet
-end # AsperaLm
+end # Aspera

data/lib/aspera/faspex_postproc.rb

@@ -1,17 +1,18 @@
 # frozen_string_literal: true
 
-require 'English'
-require 'aspera/web_server_simple'
-require 'aspera/log'
 require 'json'
 require 'timeout'
+require 'English'
+require 'webrick'
+require 'aspera/log'
+require 'aspera/assert'
 
 module Aspera
   # this class answers the Faspex /send API and creates a package on Aspera on Cloud
   class Faspex4PostProcServlet < WEBrick::HTTPServlet::AbstractServlet
     ALLOWED_PARAMETERS = %i[root script_folder fail_on_error timeout_seconds].freeze
     def initialize(server, parameters)
-      raise 'parameters must be Hash' unless parameters.is_a?(Hash)
+      Aspera.assert_type(parameters, Hash)
       @parameters = parameters.symbolize_keys
       Log.log.debug{Log.dump(:post_proc_parameters, @parameters)}
       raise "unexpected key in parameters config: only: #{ALLOWED_PARAMETERS.join(', ')}" if @parameters.keys.any?{|k|!ALLOWED_PARAMETERS.include?(k)}
@@ -74,4 +75,4 @@ module Aspera
       end
     end
   end # Faspex4PostProcServlet
-end # AsperaLm
+end # Aspera

data/lib/aspera/id_generator.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require 'aspera/assert'
 require 'uri'
 
 module Aspera
@@ -11,14 +12,15 @@ module Aspera
     class << self
       def from_list(object_id)
         if object_id.is_a?(Array)
+          # compact: remove nils
           object_id = object_id.compact.map do |i|
             i.is_a?(String) && i.start_with?('https://') ? URI.parse(i).host : i.to_s
           end.join(ID_SEPARATOR)
         end
-        raise 'id must be a String' unless object_id.is_a?(String)
+        Aspera.assert_type(object_id, String)
         return object_id
             .gsub(WINDOWS_PROTECTED_CHAR, PROTECTED_CHAR_REPLACE) # remove windows forbidden chars
-            .gsub('.', PROTECTED_CHAR_REPLACE)  # keep dot for extension only (nicer)
+            .gsub('.', PROTECTED_CHAR_REPLACE) # keep dot for extension only (nicer)
             .downcase
       end
     end

data/lib/aspera/json_rpc.rb

@@ -3,6 +3,7 @@
 # cspell:ignore blankslate
 
 require 'aspera/rest_error_analyzer'
+require 'aspera/assert'
 require 'blankslate'
 
 Aspera::RestErrorAnalyzer.instance.add_simple_handler(name: 'JSON RPC', path: %w[error message], always: true)
@@ -34,15 +35,16 @@ module Aspera
         params:  args,
         id:      @request_id += 1
       })[:data]
-      raise 'response shall be Hash' unless data.is_a?(Hash)
-      raise 'bad version in response' unless data['jsonrpc'] == JSON_RPC_VERSION
-      raise 'missing id in response' unless data.key?('id')
-      raise 'both error and response' if data.key?('error') && data.key?('result')
-      raise 'bad error response' unless
+      Aspera.assert_type(data, Hash){'response'}
+      Aspera.assert(data['jsonrpc'] == JSON_RPC_VERSION){'bad version in response'}
+      Aspera.assert(data.key?('id')){'missing id in response'}
+      Aspera.assert(!(data.key?('error') && data.key?('result'))){'both error and response'}
+      Aspera.assert(
         !data.key?('error') ||
-          data['error'].is_a?(Hash) &&
-            data['error']['code'].is_a?(Integer) &&
-            data['error']['message'].is_a?(String)
+        data['error'].is_a?(Hash) &&
+        data['error']['code'].is_a?(Integer) &&
+        data['error']['message'].is_a?(String)
+      ){'bad error response'}
       return data['result']
     end
   end

data/lib/aspera/keychain/encrypted_hash.rb

@@ -2,6 +2,8 @@
 
 require 'aspera/hash_ext'
 require 'aspera/environment'
+require 'aspera/log'
+require 'aspera/assert'
 require 'symmetric_encryption/core'
 require 'yaml'
 
@@ -9,33 +11,66 @@ module Aspera
   module Keychain
     # Manage secrets in a simple Hash
     class EncryptedHash
-      CIPHER_NAME = 'aes-256-cbc'
+      LEGACY_CIPHER_NAME = 'aes-256-cbc'
+      DEFAULT_CIPHER_NAME = 'aes-256-cbc'
+      FILE_TYPE = 'encrypted_hash_vault'
       CONTENT_KEYS = %i[label username password url description].freeze
+      FILE_KEYS = %w[version type cipher data].sort.freeze
       def initialize(path, current_password)
+        Aspera.assert_type(path, String){'path to vault file'}
         @path = path
+        @all_secrets = {}
+        vault_encrypted_data = nil
+        if File.exist?(@path)
+          vault_file = File.read(@path)
+          if vault_file.start_with?('---')
+            vault_info = YAML.parse(vault_file).to_ruby
+            Aspera.assert(vault_info.keys.sort == FILE_KEYS){'Invalid vault file'}
+            @cipher_name = vault_info['cipher']
+            vault_encrypted_data = vault_info['data']
+          else
+            # legacy vault file
+            @cipher_name = LEGACY_CIPHER_NAME
+            vault_encrypted_data = File.read(@path, mode: 'rb')
+          end
+        end
+        # setting password also creates the cipher
         self.password = current_password
-        raise 'path to vault file shall be String' unless @path.is_a?(String)
-        @all_secrets = File.exist?(@path) ? YAML.load_stream(@cipher.decrypt(File.read(@path))).first : {}
+        if !vault_encrypted_data.nil?
+          @all_secrets = YAML.load_stream(@cipher.decrypt(vault_encrypted_data)).first
+        end
       end
 
+      # set the password and cipher
       def password=(new_password)
         # number of bits in second position
-        key_bytes = CIPHER_NAME.split('-')[1].to_i / Environment::BITS_PER_BYTE
+        key_bytes = DEFAULT_CIPHER_NAME.split('-')[1].to_i / Environment::BITS_PER_BYTE
         # derive key from passphrase, add trailing zeros
         key = "#{new_password}#{"\x0" * key_bytes}"[0..(key_bytes - 1)]
-        Log.log.debug{"key=[#{key}],#{key.length}"}
-        SymmetricEncryption.cipher = @cipher = SymmetricEncryption::Cipher.new(cipher_name: CIPHER_NAME, key: key, encoding: :none)
+        Log.log.trace1{"secret=[#{key}],#{key.length}"}
+        @cipher = SymmetricEncryption.cipher = SymmetricEncryption::Cipher.new(cipher_name: DEFAULT_CIPHER_NAME, key: key, encoding: :none)
       end
 
+      # save current data to file with format
       def save
-        File.write(@path, @cipher.encrypt(YAML.dump(@all_secrets)), encoding: 'BINARY')
+        vault_info = {
+          'version' => '1.0.0',
+          'type'    => FILE_TYPE,
+          'cipher'  => @cipher_name,
+          'data'    => @cipher.encrypt(YAML.dump(@all_secrets))
+        }
+        File.write(@path, YAML.dump(vault_info))
       end
 
+      # set a secret
+      # @param options [Hash] with keys :label, :username, :password, :url, :description
       def set(options)
-        raise 'options shall be Hash' unless options.is_a?(Hash)
+        Aspera.assert_type(options, Hash){'options'}
         unsupported = options.keys - CONTENT_KEYS
-        options.each_value {|v| raise 'value must be String' unless v.is_a?(String)}
-        raise "unsupported options: #{unsupported}" unless unsupported.empty?
+        Aspera.assert(unsupported.empty?){"unsupported options: #{unsupported}"}
+        options.each_pair do |k, v|
+          Aspera.assert_type(v, String){k.to_s}
+        end
         label = options.delete(:label)
         raise "secret #{label} already exist, delete first" if @all_secrets.key?(label)
         @all_secrets[label] = options.symbolize_keys
@@ -59,7 +94,7 @@ module Aspera
       end
 
       def get(label:, exception: true)
-        raise "Label not found: #{label}" unless @all_secrets.key?(label) || !exception
+        Aspera.assert(@all_secrets.key?(label)){"Label not found: #{label}"} if exception
         result = @all_secrets[label].clone
         result[:label] = label if result.is_a?(Hash)
         return result