aspera-cli 4.20.0 → 4.21.2

data/lib/aspera/preview/generator.rb

@@ -4,7 +4,6 @@
 # spellchecker:ignore pauseframes libx264 trunc bufsize muxer apng libmp3lame maxrate posterize movflags faststart
 # spellchecker:ignore palettegen paletteuse pointsize bordercolor repage lanczos unoconv optipng reencode conv transframes
 
-require 'open3'
 require 'aspera/preview/options'
 require 'aspera/preview/utils'
 require 'aspera/preview/file_types'
@@ -24,17 +23,18 @@ module Aspera
       # one of CONVERSION_TYPES
       attr_reader :conversion_type
 
-      # @param src source file path
-      # @param dst destination file path
-      # @param api_mime_type optional mime type as provided by node api (or nil)
       # node API mime types are from: http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types
-      # supported preview type is one of Preview::PREVIEW_FORMATS
       # the resulting preview file type is taken from destination file extension.
       # conversion methods are provided by private methods: convert_<conversion_type>_to_<preview_format>
       #   -> conversion_type is one of FileTypes::CONVERSION_TYPES
       #   -> preview_format is one of Generator::PREVIEW_FORMATS
       # the conversion video->mp4 is implemented in methods: convert_video_to_mp4_using_<video_conversion>
       #  -> conversion method is one of Generator::VIDEO_CONVERSION_METHODS
+      # @param src           [String]  source file path
+      # @param dst           [String]  destination file path
+      # @param options       [Options] All conversion options
+      # @param main_temp_dir [String]  Main temp folder, sub folder will be created for generation
+      # @param api_mime_type [String,nil] Optional mime type as provided by node api (or nil)
       def initialize(src, dst, options, main_temp_dir, api_mime_type)
         @source_file_path = src
         @destination_file_path = dst
@@ -54,7 +54,7 @@ module Aspera
         end
         @processing_method = @processing_method.to_sym
         Log.log.debug{"method: #{@processing_method}"}
-        Aspera.assert(respond_to?(@processing_method, true)){"no processing know for #{conversion_type} -> #{@preview_format_sym}"}
+        Aspera.assert(respond_to?(@processing_method, true)){"no processing known for #{conversion_type} -> #{@preview_format_sym}"}
       end
 
       # create preview as specified in constructor
@@ -66,7 +66,7 @@ module Aspera
           result_size = File.size(@destination_file_path)
           Log.log.warn{"preview size exceeds maximum allowed #{result_size} > #{@options.max_size}"} if result_size > @options.max_size
         rescue StandardError => e
-          Log.log.error{"Ignoring: #{e.message}"}
+          Log.log.error{"Ignoring: #{e.class} #{e.message}"}
           Log.log.debug(e.backtrace.join("\n").red)
           FileUtils.cp(File.expand_path(@preview_format_sym.eql?(:mp4) ? 'video_error.png' : 'image_error.png', File.dirname(__FILE__)), @destination_file_path)
         ensure
@@ -215,7 +215,8 @@ module Aspera
 
       def convert_pdf_to_png(source_file_path=nil)
         source_file_path ||= @source_file_path
-        Utils.external_command(:convert, [
+        Utils.external_command(:magick, [
+          'convert',
           '-size', "x#{@options.thumb_img_size}",
           '-background', 'white',
           '-flatten',
@@ -224,7 +225,8 @@ module Aspera
       end
 
       def convert_image_to_png
-        Utils.external_command(:convert, [
+        Utils.external_command(:magick, [
+          'convert',
           '-auto-orient',
           '-thumbnail', "#{@options.thumb_img_size}x#{@options.thumb_img_size}>",
           '-quality', 95,
@@ -239,7 +241,8 @@ module Aspera
       def convert_plaintext_to_png
         # get 100 first lines of text file
         first_lines = File.open(@source_file_path){|f|Array.new(100){f.readline rescue ''}.join}
-        Utils.external_command(:convert, [
+        Utils.external_command(:magick, [
+          'convert',
           '-size', "#{@options.thumb_img_size}x#{@options.thumb_img_size}",
           'xc:white', # define canvas with background color (xc, or canvas) of preceding size
           '-font', @options.thumb_text_font,

data/lib/aspera/preview/options.rb

@@ -19,10 +19,10 @@ module Aspera
         { name: :thumb_vid_scale,      default: "-1:'min(ih,100)'", description: 'png: video: size (ffmpeg scale argument)' },
         { name: :thumb_vid_fraction,   default: 0.1,                description: 'png: video: time percent position of snapshot' },
         { name: :thumb_img_size,       default: 800,                description: 'png: non-video: height (and width)' },
-        { name: :thumb_text_font,      default: 'Courier',          description: 'png: plaintext: font to render text with imagemagick convert (identify -list font)'},
+        { name: :thumb_text_font,      default: 'Courier',          description: 'png: plaintext: font for text rendering: `magick identify -list font`'},
         { name: :video_conversion,     default: :reencode,          description: 'mp4: method for preview generation', values: VIDEO_CONVERSION_METHODS },
         { name: :video_png_conv,       default: :fixed,             description: 'mp4: method for thumbnail generation', values: VIDEO_THUMBNAIL_METHODS },
-        { name: :video_scale,          default: "'min(iw,360)':-2", description: 'mp4: all: video scale (ffmpeg)' },
+        { name: :video_scale,          default: "'min(iw,360)':-2", description: 'mp4: all: video scale (ffmpeg scale argument)' },
         { name: :video_start_sec,      default: 10,                 description: 'mp4: all: start offset (seconds) of video preview' },
         { name: :reencode_ffmpeg,      default: {},                 description: 'mp4: reencode: options to ffmpeg' },
         { name: :blend_keyframes,      default: 30,                 description: 'mp4: blend: # key frames' },

data/lib/aspera/preview/terminal.rb

@@ -44,7 +44,7 @@ module Aspera
           fit_term_ratio = [term_rows.to_f * font_ratio / image.rows.to_f, term_columns.to_f / image.columns.to_f].min
           height_ratio = double ? 2.0 : 1.0
           image = image.scale((image.columns * fit_term_ratio).to_i, (image.rows * fit_term_ratio * height_ratio / font_ratio).to_i)
-          # quantum depth is 8 or 16, see: `convert xc: -format "%q" info:`
+          # quantum depth is 8 or 16, see: `magick xc: -format "%q" info:`
           shift_for_8_bit = Magick::MAGICKCORE_QUANTUM_DEPTH - 8
           # get all pixel colors, adjusted for Rainbow
           pixel_colors = []

data/lib/aspera/preview/utils.rb

@@ -14,7 +14,7 @@ module Aspera
       # from bash manual: meta-character need to be escaped
       BASH_SPECIAL_CHARACTERS = "|&;()<> \t#\n"
       # external binaries used
-      EXTERNAL_TOOLS = %i[ffmpeg ffprobe convert composite optipng unoconv].freeze
+      EXTERNAL_TOOLS = %i[ffmpeg ffprobe magick optipng unoconv].freeze
       TEMP_FORMAT = 'img%04d.jpg'
       private_constant :BASH_SPECIAL_CHARACTERS, :EXTERNAL_TOOLS, :TEMP_FORMAT
 
@@ -32,7 +32,7 @@ module Aspera
           tools_to_check.delete(:unoconv) if skip_types.include?(:office)
           # Check for binaries
           tools_to_check.each do |command_sym|
-            external_command(command_sym, ['-h'])
+            external_command(command_sym, ['-h'], out: File::NULL)
           rescue Errno::ENOENT => e
             raise "missing #{command_sym} binary: #{e}"
           rescue
@@ -42,10 +42,15 @@ module Aspera
 
         # execute external command
         # one could use "system", but we would need to redirect stdout/err
-        # @return true if su
+        # @return nil
         def external_command(command_sym, command_args)
           Aspera.assert_values(command_sym, EXTERNAL_TOOLS){'command'}
-          return Environment.secure_capture(command_sym.to_s, *command_args)
+          Environment.secure_execute(exec: command_sym.to_s, args: command_args.map(&:to_s), out: File::NULL, err: File::NULL)
+        end
+
+        def external_capture(command_sym, command_args)
+          Aspera.assert_values(command_sym, EXTERNAL_TOOLS){'command'}
+          return Environment.secure_capture(exec: command_sym.to_s, args: command_args.map(&:to_s))
         end
 
         def ffmpeg(a)
@@ -63,7 +68,7 @@ module Aspera
 
         # @return Float in seconds
         def video_get_duration(input_file)
-          return external_command(:ffprobe, [
+          return external_capture(:ffprobe, [
             '-loglevel', 'error',
             '-show_entries', 'format=duration',
             '-print_format', 'default=noprint_wrappers=1:nokey=1', # cspell:disable-line
@@ -92,7 +97,7 @@ module Aspera
           1.upto(count) do |i|
             percent = i * 100 / (count + 1)
             filename = get_tmp_num_filepath(temp_folder, index1 + i)
-            external_command(:composite, ['-blend', percent, img2, img1, filename])
+            external_command(:magick, ['composite', '-blend', percent, img2, img1, filename])
           end
         end
 

data/lib/aspera/products/connect.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+require 'aspera/environment'
+require 'singleton'
+
+module Aspera
+  module Products
+    class Connect
+      include Singleton
+      APP_NAME = 'IBM Aspera Connect'
+
+      class << self
+        # standard folder locations
+        def locations
+          case Aspera::Environment.os
+          when Aspera::Environment::OS_WINDOWS then [{
+            app_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Programs', 'Aspera', 'Aspera Connect'),
+            log_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect', 'var', 'log'),
+            run_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect')
+          }]
+          when Aspera::Environment::OS_MACOS then [{
+            app_root: File.join(Dir.home, 'Applications', 'Aspera Connect.app'),
+            log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+            run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+            sub_bin:  File.join('Contents', 'Resources')
+          }, {
+            app_root: File.join('', 'Applications', 'Aspera Connect.app'),
+            log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+            run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+            sub_bin:  File.join('Contents', 'Resources')
+          }, {
+            app_root: File.join(Dir.home, 'Applications', 'IBM Aspera Connect.app'),
+            log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+            run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+            sub_bin:  File.join('Contents', 'Resources')
+          }, {
+            app_root: File.join('', 'Applications', 'IBM Aspera Connect.app'),
+            log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+            run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+            sub_bin:  File.join('Contents', 'Resources')
+          }]
+          else [{ # other: Linux and Unix family
+            app_root: File.join(Dir.home, '.aspera', 'connect'),
+            run_root: File.join(Dir.home, '.aspera', 'connect')
+          }]
+          end.map { |i| i.merge({ expected: APP_NAME }) }
+        end
+      end
+
+      def cdn_api
+        Rest.new(base_url: CDN_BASE_URL)
+      end
+
+      # retrieve structure from cloud (CDN) with all versions available
+      def versions
+        if @connect_versions.nil?
+          javascript = cdn_api.call(operation: 'GET', subpath: VERSION_INFO_FILE)
+          # get result on one line
+          connect_versions_javascript = javascript[:http].body.gsub(/\r?\n\s*/, '')
+          Log.log.debug{"javascript=[\n#{connect_versions_javascript}\n]"}
+          # get javascript object only
+          found = connect_versions_javascript.match(/^.*? = (.*);/)
+          raise Cli::Error, 'Problem when getting connect versions from internet' if found.nil?
+          all_data = JSON.parse(found[1])
+          @connect_versions = all_data['entries']
+        end
+        return @connect_versions
+      end
+
+      private
+
+      def initialize
+        @connect_versions = nil
+      end
+
+      VERSION_INFO_FILE = 'connectversions.js' # cspell: disable-line
+      CDN_BASE_URL = 'https://d3gcli72yxqn2z.cloudfront.net/connect'
+
+      private_constant :VERSION_INFO_FILE, :CDN_BASE_URL
+    end
+  end
+end

data/lib/aspera/products/desktop.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+require 'aspera/environment'
+
+module Aspera
+  module Products
+    # Client Aspera for Desktop
+    class Desktop
+      APP_NAME = 'IBM Aspera for Desktop'
+      APP_IDENTIFIER = 'com.ibm.software.aspera.desktop'
+      class << self
+        # standard folder locations
+        def locations
+          case Aspera::Environment.os
+          when Aspera::Environment::OS_MACOS then [{
+            app_root: File.join('', 'Applications', 'IBM Aspera.app'),
+            log_root: File.join(Dir.home, 'Library', 'Logs', APP_IDENTIFIER),
+            sub_bin:  File.join('Contents', 'Resources', 'transferd', 'bin')
+          }]
+          else []
+          end.map { |i| i.merge({ expected: APP_NAME }) }
+        end
+
+        def log_file
+          File.join(Dir.home, 'Library', 'Logs', APP_IDENTIFIER, 'ibm-aspera-desktop.log')
+        end
+      end
+    end
+  end
+end

data/lib/aspera/products/other.rb

@@ -0,0 +1,82 @@
+# frozen_string_literal: true
+
+# cspell:ignore LOCALAPPDATA
+require 'aspera/environment'
+
+module Aspera
+  # Location of Aspera products, for which an Agent is not proposed
+  module Products
+    # other Aspera products with ascp
+    class Other
+      CLI_V3 = 'Aspera CLI (deprecated)'
+      DRIVE = 'Aspera Drive (deprecated)'
+      HSTS = 'IBM Aspera High-Speed Transfer Server'
+
+      private_constant :CLI_V3, :DRIVE, :HSTS
+      # product information manifest: XML (part of aspera product)
+      INFO_META_FILE = 'product-info.mf'
+
+      # :expected  M app name is taken from the manifest if present, else defaults to this value
+      # :app_root  M main folder for the application
+      # :log_root  O location of log files (Linux uses syslog)
+      # :run_root  O only for Connect Client, location of http port file
+      # :sub_bin   O subfolder with executables, default : bin
+      LOCATION_ON_THIS_OS = case Aspera::Environment.os
+      when Aspera::Environment::OS_WINDOWS then [{
+        expected: CLI_V3,
+        app_root: File.join('C:', 'Program Files', 'Aspera', 'cli'),
+        log_root: File.join('C:', 'Program Files', 'Aspera', 'cli', 'var', 'log')
+      }, {
+        expected: HSTS,
+        app_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server'),
+        log_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server', 'var', 'log')
+      }]
+      when Aspera::Environment::OS_MACOS then [{
+        expected: CLI_V3,
+        app_root: File.join(Dir.home, 'Applications', 'Aspera CLI'),
+        log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+      }, {
+        expected: HSTS,
+        app_root: File.join('', 'Library', 'Aspera'),
+        log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+      }, {
+        expected: DRIVE,
+        app_root: File.join('', 'Applications', 'Aspera Drive.app'),
+        log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Drive'),
+        sub_bin:  File.join('Contents', 'Resources')
+      }]
+      else [{ # other: Linux and Unix family
+        expected: CLI_V3,
+        app_root: File.join(Dir.home, '.aspera', 'cli')
+      }, {
+        expected: HSTS,
+        app_root: File.join('', 'opt', 'aspera')
+      }]
+      end
+      class << self
+        def find(scan_locations)
+          scan_locations.select do |item|
+            # skip if not main folder
+            Log.log.trace1{"Checking #{item[:app_root]}"}
+            next false unless Dir.exist?(item[:app_root])
+            Log.log.debug{"Found #{item[:expected]}"}
+            sub_bin = item[:sub_bin] || 'bin'
+            item[:ascp_path] = File.join(item[:app_root], sub_bin, Environment.exe_file('ascp'))
+            # skip if no ascp
+            next false unless File.exist?(item[:ascp_path])
+            # read info from product info file if present
+            product_info_file = "#{item[:app_root]}/#{INFO_META_FILE}"
+            if File.exist?(product_info_file)
+              res_s = XmlSimple.xml_in(File.read(product_info_file), {'ForceArray' => false})
+              item[:name] = res_s['name']
+              item[:version] = res_s['version']
+            else
+              item[:name] = item[:expected]
+            end
+            true # select this version
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aspera/products/transferd.rb

@@ -0,0 +1,61 @@
+# frozen_string_literal: true
+
+module Aspera
+  module Products
+    class Transferd
+      APP_NAME = 'IBM Aspera Transfer Daemon'
+      V1_DAEMON_NAME = 'asperatransferd'
+      # from 1.1.5
+      V2_DAEMON_NAME = 'transferd'
+      # folders to extract from SDK archive
+      RUNTIME_FOLDERS = %w[bin lib sbin aspera].freeze
+      class << self
+        # standard folder locations
+        def locations
+          [{
+            app_root: sdk_directory,
+            sub_bin:  ''
+          }].map { |i| i.merge({ expected: APP_NAME }) }
+        end
+
+        # location of SDK files
+        def sdk_directory=(v)
+          Log.log.debug{"sdk_directory=#{v}"}
+          @sdk_dir = v
+          sdk_directory
+        end
+
+        # @return the path to folder where SDK is installed
+        def sdk_directory
+          Aspera.assert(!@sdk_dir.nil?){'SDK path was not initialized'}
+          FileUtils.mkdir_p(@sdk_dir)
+          @sdk_dir
+        end
+
+        def transferd_path
+          v1_path = File.join(sdk_directory, Environment.exe_file(V1_DAEMON_NAME))
+          return v1_path if File.exist?(v1_path)
+          return File.join(sdk_directory, Environment.exe_file(V2_DAEMON_NAME))
+        end
+
+        # Well, the port number is only in log file
+        def daemon_port_from_log(log_file)
+          result = nil
+          # if port is zero, a dynamic port was created, get it
+          File.open(log_file, 'r') do |file|
+            file.each_line do |line|
+              # Well, it's tricky to depend on log
+              if (m = line.match(/Info: API Server: Listening on ([^:]+):(\d+) /))
+                result = m[2].to_i
+                # no "break" , need to read last matching log line
+              end
+            end
+          end
+          raise 'Port not found in daemon logs' if result.nil?
+          Log.log.debug{"Got port #{result} from log"}
+          return result
+        end
+      end
+    end
+  end
+end

data/lib/aspera/rest.rb

@@ -10,7 +10,6 @@ require 'net/http'
 require 'net/https'
 require 'json'
 require 'base64'
-require 'cgi'
 require 'singleton'
 require 'securerandom'
 
@@ -22,11 +21,13 @@ class Net::HTTP::Cancel < Net::HTTPRequest # rubocop:disable Style/ClassAndModul
 end
 
 module Aspera
-  # Global settings
+  # Global settings for Rest object
+  # For example to remove certificate verification globally:
+  # `RestParameters.instance.session_cb = lambda{|http|http.verify_mode=OpenSSL::SSL::VERIFY_NONE}`
   # @param user_agent [String] HTTP request header: 'User-Agent'
   # @param download_partial_suffix [String] suffix for partial download
   # @param session_cb [lambda] lambda called on new HTTP session. Takes the Net::HTTP as arg. Used to change parameters on creation.
-  # @param progress_bar [Object] progress bar object
+  # @param progress_bar [Object] progress bar object called for file transfer
   class RestParameters
     include Singleton
 
@@ -61,7 +62,7 @@ module Aspera
 
     class << self
       # @return [String] Basic auth token
-      def basic_token(user, pass); return "Basic #{Base64.strict_encode64("#{user}:#{pass}")}"; end
+      def basic_authorization(user, pass); return "Basic #{Base64.strict_encode64("#{user}:#{pass}")}"; end
 
       # Build a parameter list prefixed with "[]"
       # @param values [Array] list of values
@@ -200,6 +201,9 @@ module Aspera
       }
     end
 
+    # Create a REST object for API calls
+    # HTTP sessions parameters can be modified using global parameters in RestParameters
+    # For example, TLS verification can be skipped.
     # @param base_url [String] base URL of REST API
     # @param auth [Hash] authentication parameters:
     #     :type (:none, :basic, :url, :oauth2)
@@ -207,14 +211,15 @@ module Aspera
     #     :password   [:basic]
     #     :url_query  [:url]    a hash
     #     :*          [:oauth2] see OAuth::Factory class
-    # @param not_auth_codes [Array] codes that trigger a refresh/regeneration of bearer token
-    # @param redirect_max [int] max redirection allowed
+    # @param not_auth_codes [Array]   codes that trigger a refresh/regeneration of bearer token
+    # @param redirect_max   [Integer] max redirection allowed
+    # @param headers        [Hash]    default headers to include in all calls
     def initialize(
       base_url:,
-      auth: nil,
-      not_auth_codes: nil,
+      auth: {type: :none},
+      not_auth_codes: ['401'],
       redirect_max: 0,
-      headers: nil
+      headers: {}
     )
       Aspera.assert_type(base_url, String)
       # base url with no trailing slashes (note: string may be frozen)
@@ -224,20 +229,20 @@ module Aspera
       @base_url = @base_url.gsub(/:80$/, '') if @base_url.start_with?('http://')
       Log.log.debug{"Rest.new(#{@base_url})"}
       # default is no auth
-      @auth_params = auth.nil? ? {type: :none} : auth
+      @auth_params = auth
       Aspera.assert_type(@auth_params, Hash)
       Aspera.assert(@auth_params.key?(:type)){'no auth type defined'}
-      @not_auth_codes = not_auth_codes.nil? ? ['401'] : not_auth_codes
+      @not_auth_codes = not_auth_codes
       Aspera.assert_type(@not_auth_codes, Array)
       # persistent session
       @http_session = nil
-      # OAuth object (created on demand)
-      @oauth = nil
       @redirect_max = redirect_max
       Aspera.assert_type(@redirect_max, Integer)
-      @headers = headers.nil? ? {} : headers
+      @headers = headers
       Aspera.assert_type(@headers, Hash)
       @headers['User-Agent'] ||= RestParameters.instance.user_agent
+      # OAuth object (created on demand)
+      @oauth = nil
     end
 
     # @return the OAuth object (create, or cached if already created)
@@ -290,7 +295,7 @@ module Aspera
         Log.log.debug('using Basic auth')
         # done in build_req
       when :oauth2
-        headers['Authorization'] = oauth.token unless headers.key?('Authorization')
+        headers['Authorization'] = oauth.authorization unless headers.key?('Authorization')
       when :url
         query ||= {}
         @auth_params[:url_query].each do |key, value|
@@ -404,12 +409,12 @@ module Aspera
         if @not_auth_codes.include?(result[:http].code.to_s) && @auth_params[:type].eql?(:oauth2)
           begin
             # try to use refresh token
-            req['Authorization'] = oauth.token(refresh: true)
+            req['Authorization'] = oauth.authorization(refresh: true)
           rescue RestCallError => e_tok
             e = e_tok
             Log.log.error('refresh failed'.bg_red)
             # regenerate a brand new token
-            req['Authorization'] = oauth.token(refresh: true)
+            req['Authorization'] = oauth.authorization(cache: false)
           end
           Log.log.debug{"using new token=#{headers['Authorization']}"}
           do_retry = true if (oauth_tries -= 1).positive?

data/lib/aspera/secret_hider.rb

@@ -20,6 +20,8 @@ module Aspera
     KEY_FALSE_POSITIVES = [/^access_key$/, /^fallback_private_key$/].freeze
     # regex that define named captures :begin and :end
     REGEX_LOG_REPLACES = [
+      # private key values (place first)
+      /(?<begin>--+BEGIN [^-]+ KEY--+)[[:ascii:]]+?(?<end>--+?END [^-]+ KEY--+)\n*/,
       # CLI manager get/set options
       /(?<begin>[sg]et (?:#{KEY_SECRETS.join('|')})=).*(?<end>)/,
       # env var ascp exec
@@ -28,8 +30,6 @@ module Aspera
       /(?<begin>(?:(?<quote>["'])|:)[^"':=]*(?:#{ALL_SECRETS.join('|')})[^"':=]*\k<quote>?(?:=>|:) *")[^"]+(?<end>")/,
       # logged data
       /(?<begin>(?:#{ALL_SECRETS2.join('|')})[ =:]+).*(?<end>$)/,
-      # private key values
-      /(?<begin>--+BEGIN [^-]+ KEY--+)[[:ascii:]]+?(?<end>--+?END [^-]+ KEY--+)/,
       # cred in http dump
       /(?<begin>(?:#{HTTP_SECRETS.join('|')}): )[^\\]+(?<end>\\)/i
     ].freeze
@@ -38,6 +38,7 @@ module Aspera
     class << self
       attr_accessor :log_secrets
 
+      # @return new log formatter that hides secrets
       def log_formatter(original_formatter)
         original_formatter ||= Logger::Formatter.new
         # NOTE: that @log_secrets may be set AFTER this init is done, so it's done at runtime
@@ -51,6 +52,11 @@ module Aspera
         end
       end
 
+      def hide_secrets_in_string(value)
+        return value.gsub(REGEX_LOG_REPLACES.first){"#{Regexp.last_match(:begin)}#{HIDDEN_PASSWORD}#{Regexp.last_match(:end)}"}
+      end
+
+      # @return true if the key denotes a secret
       def secret?(keyword, value)
         keyword = keyword.to_s if keyword.is_a?(Symbol)
         # only Strings can be secrets, not booleans, or hash, arrays
@@ -62,6 +68,7 @@ module Aspera
         ALL_SECRETS.any?{|kw|keyword.include?(kw)}
       end
 
+      # Hides recursively secrets in Hash or Array of Hash
       def deep_remove_secret(obj)
         case obj
         when Array

data/lib/aspera/ssh.rb

@@ -1,33 +1,41 @@
 # frozen_string_literal: true
 
 require 'net/ssh'
-
-if ENV.fetch('ASCLI_ENABLE_ED25519', 'false').eql?('false')
-  # HACK: deactivate ed25519 and ecdsa private keys from SSH identities, as it usually causes problems
-  old_verbose = $VERBOSE
-  $VERBOSE = nil
-  begin
-    module Net; module SSH; module Authentication; class Session; private; def default_keys; %w[~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa]; end; end; end; end; end # rubocop:disable Layout/AccessModifierIndentation, Layout/EmptyLinesAroundAccessModifier, Layout/LineLength, Style/Semicolon
-  rescue StandardError
-    # ignore errors
-  end
-  $VERBOSE = old_verbose
-end
-
-if defined?(JRUBY_VERSION) && ENV.fetch('ASCLI_ENABLE_ECDSHA2', 'false').eql?('false')
-  Net::SSH::Transport::Algorithms::ALGORITHMS.each_value { |a| a.reject! { |a| a =~ /^ecd(sa|h)-sha2/ } }
-  Net::SSH::KnownHosts::SUPPORTED_TYPE.reject! { |t| t =~ /^ecd(sa|h)-sha2/ }
-end
+require 'aspera/assert'
+require 'aspera/log'
 
 module Aspera
   # A simple wrapper around Net::SSH
   # executes one command and get its result from stdout
   class Ssh
+    class << self
+      def disable_ed25519_keys
+        Log.log.debug('Disabling SSH ed25519 user keys')
+        old_verbose = $VERBOSE
+        $VERBOSE = nil
+        Net::SSH::Authentication::Session.class_eval do
+          define_method(:default_keys) do
+            %w[~/.ssh/id_dsa ~/.ssh/id_rsa ~/.ssh2/id_dsa ~/.ssh2/id_rsa].freeze
+          end
+          private(:default_keys)
+        end rescue nil
+        $VERBOSE = old_verbose
+      end
+
+      def disable_ecd_sha2_algorithms
+        Log.log.debug('Disabling SSH ecdsa')
+        Net::SSH::Transport::Algorithms::ALGORITHMS.each_value { |a| a.reject! { |a| a =~ /^ecd(sa|h)-sha2/ } }
+        Net::SSH::KnownHosts::SUPPORTED_TYPE.reject! { |t| t =~ /^ecd(sa|h)-sha2/ }
+      end
+    end
     # ssh_options: same as Net::SSH.start
     # see: https://net-ssh.github.io/net-ssh/classes/Net/SSH.html#method-c-start
     def initialize(host, username, ssh_options)
       Log.log.debug{"ssh:#{username}@#{host}"}
       Log.log.debug{"ssh_options:#{ssh_options}"}
+      Aspera.assert_type(host, String)
+      Aspera.assert_type(username, String)
+      Aspera.assert_type(ssh_options, Hash)
       @host = host
       @username = username
       @ssh_options = ssh_options
@@ -35,10 +43,7 @@ module Aspera
     end
 
     def execute(cmd, input=nil)
-      if cmd.is_a?(Array)
-        # concatenate arguments, enclose in double quotes
-        cmd = cmd.map{|v|%Q("#{v}")}.join(' ')
-      end
+      Aspera.assert_type(cmd, String)
       Log.log.debug{"cmd=#{cmd}"}
       response = []
       Net::SSH.start(@host, @username, @ssh_options) do |session|
@@ -49,9 +54,7 @@ module Aspera
           channel.on_extended_data do |_chan, _type, data|
             error_message = "#{cmd}: [#{data.chomp}]"
             # Happens when windows user hasn't logged in and created home account.
-            if data.include?('Could not chdir to home directory')
-              error_message += "\nHint: home not created in Windows?"
-            end
+            error_message += "\nHint: home not created in Windows?" if data.include?('Could not chdir to home directory')
             raise error_message
           end
           # send command to SSH channel (execute) cspell: disable-next-line
@@ -67,3 +70,7 @@ module Aspera
     end
   end
 end
+
+# HACK: deactivate ed25519 and ecdsa private keys from SSH identities, as it usually causes problems
+Aspera::Ssh.disable_ed25519_keys if ENV.fetch('ASCLI_ENABLE_ED25519', 'false').eql?('false')
+Aspera::Ssh.disable_ecd_sha2_algorithms if defined?(JRUBY_VERSION) && ENV.fetch('ASCLI_ENABLE_ECDSHA2', 'false').eql?('false')