bcome 1.2.0 → 1.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 815c945bf4581f86eb3b246bc8c3c2f50590722e
-  data.tar.gz: fc57c0bd29952acb549553a5a421523b8e02ce83
+  metadata.gz: 5175174eb843f0f210c02ca12ded004f75d77368
+  data.tar.gz: ffd09a8ba7edc0df044a17b55db02d3176e0feee
 SHA512:
-  metadata.gz: 211fdcf4946327294f6562bc386de71ace4261754a92311221984d5180608299e9088320709906658d8dc2dac4d1599502536b8d9f4c4b84290ca07c42266030
-  data.tar.gz: 778cede06f00dc1e154aab3c65f531d8a171c5d298f5b162ecf219df42efad388508513c69576a817abf06b63591be4ee8d708cf2193b5cb5616eb7c5bafd82e
+  metadata.gz: 855151285002aa2270d025f97ff85c8beead1f3b7aabcad797bcd8eb03885c38f296a2ad1f1e01c2b1be6631a3d9ba724f57fae6046e6132f8ec8e95ae3e9ee9
+  data.tar.gz: 09500dc2f2ac59b5a1c70252c07ca0bbc665f32eac78a52fc1ded53d3e9d79ba09d0367ac56921eab5d56d9ddd300665924640733d3e0d436150badbec7f55db

data/lib/objects/bcome/version.rb

@@ -1,3 +1,3 @@
 module Bcome
-  VERSION = '1.2.0'.freeze
+  VERSION = '1.3.0'.freeze
 end

data/lib/objects/encryptor.rb

@@ -0,0 +1,99 @@
+module Bcome
+  class Encryptor
+
+    UNENC_SIGNIFIER = "".freeze  
+    ENC_SIGNIFIER = "enc".freeze
+
+    include Singleton
+
+    attr_reader :key
+
+    def pack
+      # Bcome currently works with a single encryption key - the same one - for all files
+      # When we attempt an encrypt we'll check first to see if any encrypted files already exists, and
+      # we'll try our key on it. If the fails to unpack the file, we abort the encryption attempt.
+      prompt_for_key
+      if has_files_to_encrypt?
+        verify_presented_key if has_encrypted_files?
+        toggle_packed_files(all_unencrypted_filenames, :encrypt)
+      else
+        puts "\nNo unencrypted files to encrypt.\n".warning
+      end
+      return
+    end
+
+    def prompt_for_key
+      message = "Please enter an encryption key (and if your data is already encrypted, you must provide the same key): ".informational
+      @key = ::Readline.readline("\n#{message}", true).squeeze('').to_s
+      puts "\n"
+    end
+
+    def has_encrypted_files?
+      all_encrypted_filenames.any?
+    end
+
+    def has_files_to_encrypt?
+      all_unencrypted_filenames.any?
+    end
+
+    def verify_presented_key
+      # We attempt a decrypt of any encrypted file in order to verify that a newly presented key
+      # matches the key used to previously encrypt. Bcome operates on a one-key-per-implementation basis.
+      test_file = all_encrypted_filenames.first
+      file_contents = File.read(test_file)
+      file_contents.decrypt(@key)
+    end
+
+    def unpack
+      prompt_for_key
+      toggle_packed_files(all_encrypted_filenames,:decrypt)
+      return
+    end
+
+    def toggle_packed_files(filenames, packer_method)
+      raise "Missing encryption key. Please set an encryption key" unless @key
+      filenames.each do |filename|
+        # Get raw
+        raw_contents = File.read(filename)
+ 
+        if packer_method == :decrypt
+          filename =~ /#{path_to_metadata}\/(.+)\.enc/
+          opposing_filename = $1
+          action = "Unpacking"
+        else
+          filename =~ /#{path_to_metadata}\/(.*)/
+          opposing_filename = "#{$1}.enc"
+          action = "Packing"
+        end       
+
+        # Write encrypted/decryption action
+        enc_decrypt_result = raw_contents.send(packer_method, @key)
+        puts "#{action}\s".informational + filename + "\sto\s".informational + "#{path_to_metadata}/" + opposing_filename
+        write_file(opposing_filename, enc_decrypt_result)
+      end
+      puts "\ndone".informational
+    end  
+ 
+    def path_to_metadata
+      "bcome/metadata"
+    end
+
+    def write_file(filename, contents)
+      filepath = "#{path_to_metadata}/#{filename}"
+      File.open("#{filepath}", 'w') { |f| f.write(contents) }
+    end
+ 
+    def all_unencrypted_filenames
+      Dir["#{metadata_path}/*"].reject {|f| f =~ /\.enc/}  
+    end
+
+    def all_encrypted_filenames
+      Dir["#{metadata_path}/*.enc"]
+    end
+
+    def metadata_path
+      "bcome/metadata"
+    end
+
+  end
+end

data/lib/objects/exception/invalid_metadata_encryption_key.rb

@@ -0,0 +1,7 @@
+module Bcome::Exception
+  class InvalidMetaDataEncryptionKey < ::Bcome::Exception::Base
+    def message_prefix
+      'Your metadata encryption key is invalid - your metadata files are encrypted with a different key.'
+    end
+  end
+end

data/lib/objects/modules/workspace_menu.rb

@@ -113,6 +113,12 @@ module Bcome::WorkspaceMenu
       meta: {
         description: 'Print out all metadata related to this node'
       },
+      pack_metadata: {
+        description: 'Encrypt your metadata files',
+      },
+      unpack_metadata: {
+        description: 'Decrypt and expose your encrypted metadata files',
+      },
       registry: {
         description: 'List all user defined commands present in your registry, and available to this namespace',
         console_only: false

data/lib/objects/node/base.rb

@@ -50,7 +50,7 @@ module Bcome::Node
     end
 
     def enabled_menu_items
-      [:ls, :lsa, :workon, :enable, :disable, :enable!, :disable!, :run, :tree, :ping, :put, :rsync, :cd, :meta, :registry, :interactive, :execute_script] 
+      [:ls, :lsa, :workon, :enable, :disable, :enable!, :disable!, :run, :tree, :ping, :put, :rsync, :cd, :meta, :pack_metadata, :unpack_metadata, :registry, :interactive, :execute_script] 
     end
 
     def has_proxy?
@@ -91,6 +91,14 @@ module Bcome::Node
       end
       results
     end
+
+    def pack_metadata
+      ::Bcome::Encryptor.instance.pack
+    end
+
+    def unpack_metadata
+      ::Bcome::Encryptor.instance.unpack
+    end 
  
     def validate_attributes
       validate_identifier 

data/lib/objects/node/meta_data_loader.rb

@@ -8,6 +8,10 @@ module Bcome::Node
       @all_metadata_filenames = Dir["#{META_DATA_FILE_PATH_PREFIX}/*"]
     end
 
+    def decryption_key
+      @decryption_key
+    end
+ 
     def data
       @data ||= do_load
     end
@@ -16,11 +20,29 @@ module Bcome::Node
       data[namespace.to_sym] ? data[namespace.to_sym] : {}
     end
 
+    def prompt_for_decryption_key
+      message = "Please enter your metadata encryption key: ".informational
+      @decryption_key = ::Readline.readline("\n#{message}", true).squeeze('').to_s
+    end
+
+    def load_file_data_for(filepath)
+     if filepath =~ /.enc/  # encrypted file contents 
+        prompt_for_decryption_key unless decryption_key
+        encrypted_contents = File.read(filepath)     
+        decrypted_contents = encrypted_contents.decrypt(decryption_key) 
+        return YAML.load(decrypted_contents)
+      else # unencrypted
+        return YAML.load_file(filepath)
+      end
+    end
+
     def do_load
       all_meta_data = {}
-      @all_metadata_filenames.each do |filename|
+      @all_metadata_filenames.each do |filepath|
+        next if filepath =~ /-unenc/  # we only read from the encrypted, packed files. 
+
         begin
-          filedata = YAML.load_file(filename)
+          filedata = load_file_data_for(filepath)
           all_meta_data.deep_merge!(filedata)
         rescue Psych::SyntaxError => e
           raise Bcome::Exception::InvalidMetaDataConfig, "Error: #{e.message}"

data/patches/string-encrypt.rb

@@ -0,0 +1,40 @@
+require 'openssl'
+
+# Adapted from https://stackoverflow.com/questions/39033577/opensslcipherciphererror-wrong-final-block-length
+
+class String
+
+  ALGORITHM = 'AES-256-ECB'
+
+  def encrypt(key)
+    begin
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.encrypt()
+      cipher.key = key.as_256_bit_key
+      crypt = cipher.update(self) + cipher.final()
+      crypt_string = (Base64.encode64(crypt))
+      return crypt_string
+    rescue Exception => e
+      puts "Failed to encrypt: #{e.message}"
+    end
+  end
+
+  def decrypt(key)
+    begin
+      cipher = OpenSSL::Cipher.new(ALGORITHM)
+      cipher.decrypt()
+      cipher.key = key.as_256_bit_key
+      tempkey = Base64.decode64(self)
+      crypt = cipher.update(tempkey)
+      crypt << cipher.final()
+      return crypt
+    rescue Exception => e
+      raise ::Bcome::Exception::InvalidMetaDataEncryptionKey.new
+    end
+  end
+
+  def as_256_bit_key
+    ::Digest::SHA256.digest self
+  end
+
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bcome
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.3.0
 platform: ruby
 authors:
 - Guillaume Roderick (Webzakimbo)
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-03-13 00:00:00.000000000 Z
+date: 2018-06-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -163,6 +163,7 @@ files:
 - lib/objects/driver/bucket.rb
 - lib/objects/driver/ec2.rb
 - lib/objects/driver/static.rb
+- lib/objects/encryptor.rb
 - lib/objects/exception/argument_error_invoking_method_from_command_line.rb
 - lib/objects/exception/base.rb
 - lib/objects/exception/can_only_subselect_on_inventory.rb
@@ -186,6 +187,7 @@ files:
 - lib/objects/exception/invalid_machines_cache_config.rb
 - lib/objects/exception/invalid_matcher_query.rb
 - lib/objects/exception/invalid_meta_data_config.rb
+- lib/objects/exception/invalid_metadata_encryption_key.rb
 - lib/objects/exception/invalid_network_config.rb
 - lib/objects/exception/invalid_network_driver_type.rb
 - lib/objects/exception/invalid_proxy_config.rb
@@ -268,6 +270,7 @@ files:
 - lib/objects/system/local.rb
 - lib/objects/workspace.rb
 - patches/irb.rb
+- patches/string-encrypt.rb
 - patches/string.rb
 - patches/string_stylesheet.rb
 homepage: https://github.com/webzakimbo/bcome-kontrol