bitzesty-safe 0.1.2

data/.gitignore

@@ -0,0 +1 @@
+pkg/*

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Matthew Ford and Bit Zesty Ltd.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.markdown

@@ -0,0 +1,63 @@
+Safe
+====
+
+A wrapper around [strongbox](http://github.com/spikex/strongbox) to store and encrypt data.
+
+Setup
+----
+
+Install strongbox and safe
+
+    config.gem "spikex-strongbox", :lib => "strongbox", :source => "http://gems.github.com"
+    config.gem "bitzesty-safe", :lib => "safe", :source => "http://gems.github.com"
+    
+    rake gems:install
+    rake gems:unpack
+
+Generate a migration with `script/generate migration CreateSafeCabinet` and add the following
+
+    class CreateSafeCabinet < ActiveRecord::Migration
+      def self.up
+        create_table :safe_cabinets, :force => true do |t|
+          t.binary :data
+          t.binary :data_key
+          t.binary :data_iv
+          t.integer :encryptable_id
+          t.string :encryptable_type
+          t.timestamps
+        end
+        add_index :safe_cabinets, [:encryptable_id, :encryptable_type]
+      end
+
+      def self.down
+        drop_table :safe_cabinet
+      end
+    end
+    
+In your model that you want to store the encrypted data add:
+
+    class MyModel
+      include Safe::Keys
+      attr_accessor :password #length must be > 3  
+      has_many :safe_cabinets, :as => :encryptable #or has_one
+      after_create :make_keys!
+    end
+
+_N.B. A password must be used when creating an instance of MyModel._
+
+To create and use safe_cabinets:
+
+    m = MyModel.create(:password => "1234")
+    c = m.safe_cabinets.new
+    c.data = "super secret data"
+    c.save
+    
+    c.data
+    => #<Strongbox::Lock:0x1f372d...
+    
+    c.data.read_data("1234")
+    => "super secret data"
+    
+
+
+Copyright (c) 2009 Matthew Ford and Bit Zesty Ltd, See LICENSE for details.

data/Rakefile

@@ -0,0 +1,40 @@
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'rcov/rcovtask'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |s|
+    s.name = "safe"
+    s.summary = "strongbox wrapper"
+    s.email = "info@bitzesty.com"
+    s.homepage = "http://github.com/bitzesty/safe"
+    s.description = "Storing encrypted data in a Rails app using Strongbox"
+    s.authors = ["Matthew Ford"]
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end
+
+Rake::TestTask.new do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/*_test.rb'
+  t.verbose = false
+end
+
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'safe'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Rcov::RcovTask.new do |t|
+  t.libs << 'test'
+  t.test_files = FileList['test/**/*_test.rb']
+  t.verbose = true
+end
+
+task :default => :rcov

data/VERSION

@@ -0,0 +1 @@
+0.1.2

data/app/controllers/safe_cabinets_controller.rb

@@ -0,0 +1,15 @@
+class SafeCabinetsController < ApplicationController
+  unloadable
+  
+  def show
+    @cabinet = SafeCabinet.find(params[:id])
+    @data = nil
+  end
+  
+  
+  def unlock
+    @cabinet = SafeCabinet.find(params[:id])
+    @data = @cabinet.read_data(params[:passphrase])
+    render :show
+  end
+end

data/app/models/safe_cabinet.rb

@@ -0,0 +1,51 @@
+require "openssl"
+require 'base64'
+require 'strongbox/lock'
+
+class SafeCabinet < ActiveRecord::Base
+  # Class Configuration :::::::::::::::::::::::::::::::::::::::::::::
+  class_inheritable_reader :lock_options
+  write_inheritable_attribute(:lock_options, {}) if lock_options.nil?
+
+  SAFE_KEYS_DIR = File.join(RAILS_ROOT,'config', 'safe_keys')
+  
+  # Assocations :::::::::::::::::::::::::::::::::::::::::::::::::::::
+  belongs_to :encryptable, :polymorphic => true
+ 
+  # Validations :::::::::::::::::::::::::::::::::::::::::::::::::::::
+  validates_presence_of :encryptable_id
+  validates_presence_of :encryptable_type
+
+  # Callbacks :::::::::::::::::::::::::::::::::::::::::::::::::::::::
+  before_save :lockdown
+
+  # Instance Methods :::::::::::::::::::::::::::::::::::::::::::::::: 
+  def options
+    @options ||= {
+      :base64 => false,
+      :symmetric => :always,
+      :padding => OpenSSL::PKey::RSA::PKCS1_PADDING,
+      :symmetric_cipher => 'aes-256-cbc'
+    }
+  end
+  
+  def data
+    lock_for("data")
+  end
+  
+  def lockdown
+    self.data = lock_for("data").encrypt self[:data]
+  end
+  
+  def read_data(pass)
+    self.data.decrypt pass
+    rescue OpenSSL::PKey::RSAError
+      nil 
+  end
+  
+  def lock_for name
+    lock_options[name] = options.merge(:key_pair => File.join(SAFE_KEYS_DIR, self.encryptable_id.to_s, "keypair.pem"))
+    @_locks ||= {}
+    @_locks[name] ||= Lock.new(name, self, self.class.lock_options[name])
+  end
+end 

data/app/views/safe_cabinets/show.html.erb

@@ -0,0 +1,8 @@
+<% unless @data %>
+  <% form_tag unlock_safe_cabinet_path(@cabinet) do |f| %>
+    <%= password_field_tag :passphrase %>
+    <%= submit_tag "unlock" %>
+  <% end %>
+<% else %>
+  <%= @data %>
+<% end %>

data/config/safe_routes.rb

@@ -0,0 +1,5 @@
+ActionController::Routing::Routes.draw do |map|
+  map.resources :safe_cabinets,
+    :member     => [:unlock],
+    :only       => [:show, :unlock]
+end

data/init.rb

@@ -0,0 +1 @@
+require 'safe'

data/install.rb

@@ -0,0 +1 @@
+# Install hook code here

data/lib/safe/extensions/routes.rb

@@ -0,0 +1,14 @@
+if defined?(ActionController::Routing::RouteSet)
+  class ActionController::Routing::RouteSet
+    def load_routes_with_safe!
+      lib_path = File.dirname(__FILE__)
+      safe_routes = File.join(lib_path, *%w[.. .. .. config safe_routes.rb])
+      unless configuration_files.include?(safe_routes)
+        add_configuration_file(safe_routes)
+      end
+      load_routes_without_safe!
+    end
+
+    alias_method_chain :load_routes!, :safe
+  end
+end

data/lib/safe/keys.rb

@@ -0,0 +1,57 @@
+require 'open4'
+require 'fileutils'
+require 'strongbox'
+
+module Safe
+  class KeygenError < StandardError;end
+  module Keys
+    SAFE_KEYS_DIR = File.join(RAILS_ROOT,'config', 'safe_keys')
+    
+    def gen_private_key(path, pass)
+      cmd = "openssl genrsa -des3 -passout pass:#{pass} -out #{path}private.pem 2048"
+      Open4::popen4("sh") do |pid, stdin, stdout, stderr|
+        stdin.puts cmd
+        stdin.close
+      end
+    end
+
+    def gen_public_key(path, pass)
+      cmd = "openssl rsa -in #{path}private.pem -out #{path}public.pem -outform PEM -pubout -passin pass:#{pass}"
+      Open4::popen4("sh") do |pid, stdin, stdout, stderr|
+        stdin.puts cmd
+        stdin.close
+      end
+    end
+
+    def gen_keypair(path, pass)
+      gen_private_key(path, pass)
+      gen_public_key(path, pass)
+      if File.exists?("#{path}keypair.pem")
+        FileUtils.rm("#{path}keypair.pem")
+      end
+      cmd = "cat #{path}private.pem  #{path}public.pem >> #{path}keypair.pem"
+      Open4::popen4("sh") do |pid, stdin, stdout, stderr|
+        stdin.puts cmd
+        stdin.close
+      end
+    end
+
+    # destructible, only call once
+    def make_keys!
+      root_dir = SAFE_KEYS_DIR
+      object_id = self.id
+      pass = self.password 
+      raise Safe::KeygenError if object_id.nil? || pass.nil?
+      dir_id = "/#{object_id}/"
+      dir = root_dir + dir_id
+      if File.exists?(root_dir) && File.directory?(root_dir)
+        Dir.mkdir(dir) unless File.exists?(dir)
+        gen_keypair(dir, pass)
+      else
+        Dir.mkdir(root_dir)
+        Dir.mkdir(dir)
+        gen_keypair(dir, pass)
+      end  
+    end
+  end
+end

data/lib/safe.rb

@@ -0,0 +1,3 @@
+require 'safe/extensions/routes'
+
+require 'safe/keys'

data/rails/init.rb

@@ -0,0 +1 @@
+require 'safe'

data/safe.gemspec

@@ -0,0 +1,60 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE
+# Instead, edit Jeweler::Tasks in Rakefile, and run `rake gemspec`
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{safe}
+  s.version = "0.1.2"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Matthew Ford"]
+  s.date = %q{2009-09-25}
+  s.description = %q{Storing encrypted data in a Rails app using Strongbox}
+  s.email = %q{info@bitzesty.com}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.markdown"
+  ]
+  s.files = [
+    ".gitignore",
+     "LICENSE",
+     "README.markdown",
+     "Rakefile",
+     "VERSION",
+     "app/controllers/safe_cabinets_controller.rb",
+     "app/models/safe_cabinet.rb",
+     "app/views/safe_cabinets/show.html.erb",
+     "config/safe_routes.rb",
+     "init.rb",
+     "install.rb",
+     "lib/safe.rb",
+     "lib/safe/extensions/routes.rb",
+     "lib/safe/keys.rb",
+     "rails/init.rb",
+     "safe.gemspec",
+     "tasks/safe_tasks.rake",
+     "test/safe_test.rb",
+     "test/test_helper.rb",
+     "uninstall.rb"
+  ]
+  s.homepage = %q{http://github.com/bitzesty/safe}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{strongbox wrapper}
+  s.test_files = [
+    "test/safe_test.rb",
+     "test/test_helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/tasks/safe_tasks.rake

@@ -0,0 +1,4 @@
+# desc "Explaining what the task does"
+# task :safe do
+#   # Task goes here
+# end

data/test/safe_test.rb

@@ -0,0 +1,8 @@
+require 'test_helper'
+
+class SafeTest < ActiveSupport::TestCase
+  # Replace this with your real tests.
+  test "the truth" do
+    assert true
+  end
+end

data/test/test_helper.rb

@@ -0,0 +1,3 @@
+require 'rubygems'
+require 'active_support'
+require 'active_support/test_case'

data/uninstall.rb

@@ -0,0 +1 @@
+# Uninstall hook code here

metadata

@@ -0,0 +1,75 @@
+--- !ruby/object:Gem::Specification 
+name: bitzesty-safe
+version: !ruby/object:Gem::Version 
+  version: 0.1.2
+platform: ruby
+authors: 
+- Matthew Ford
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-09-25 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: Storing encrypted data in a Rails app using Strongbox
+email: info@bitzesty.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.markdown
+files: 
+- .gitignore
+- LICENSE
+- README.markdown
+- Rakefile
+- VERSION
+- app/controllers/safe_cabinets_controller.rb
+- app/models/safe_cabinet.rb
+- app/views/safe_cabinets/show.html.erb
+- config/safe_routes.rb
+- init.rb
+- install.rb
+- lib/safe.rb
+- lib/safe/extensions/routes.rb
+- lib/safe/keys.rb
+- rails/init.rb
+- safe.gemspec
+- tasks/safe_tasks.rake
+- test/safe_test.rb
+- test/test_helper.rb
+- uninstall.rb
+has_rdoc: false
+homepage: http://github.com/bitzesty/safe
+licenses: 
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: strongbox wrapper
+test_files: 
+- test/safe_test.rb
+- test/test_helper.rb