conjur-asset-key-pair 0.2.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 905d882153a79ca22feef6527d21c18919211315
+  data.tar.gz: 3c166a28a40fed8bae0a8f565faa5e5458da7ebc
+SHA512:
+  metadata.gz: 835156c879ff781ba618f8608eb4b7d4d2da2f331f5a113436b1412e26840ba3dcefe607b1c9d562e191262b45582f510582bca3e3faea0198e9c9eb202f6df7
+  data.tar.gz: 852aa4d2063284f4049b873c4f7f585ef648606fe363bd970f45e42635938c60c57c7282dc1a54f93b709ba3128ac58cb041ee36617b7f7dd16cb5a9241d136c

data/.gitignore

@@ -0,0 +1,8 @@
+coverage
+.bundle/
+log/*.log
+pkg/
+spec/dummy/db/*.sqlite3
+spec/dummy/log/*.log
+spec/dummy/tmp/
+spec/dummy/.sass-cache

data/.project

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>conjur-asset-key-pair</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>com.aptana.ide.core.unifiedBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>com.aptana.ruby.core.rubynature</nature>
+		<nature>com.aptana.projects.webnature</nature>
+	</natures>
+</projectDescription>

data/.rvmrc

@@ -0,0 +1 @@
+rvm use --create 2.0.0@conjur-asset-key-pair

data/Gemfile

@@ -0,0 +1,16 @@
+source "http://rubygems.org"
+
+# Declare your gem's dependencies in conjur-asset-service-gateway.gemspec.
+# Bundler will treat runtime dependencies like base dependencies, and
+# development dependencies will be added by default to the :development group.
+gemspec
+
+gem 'rails-api'
+gem 'webmock'
+gem 'rspec-rails'
+gem 'selenium-webdriver'
+
+gem 'authable',   git: 'https://inscitiv-ops-dev:Me5aswes@github.com/inscitiv/authable.git', branch: 'master'
+gem 'conjur-api', git: 'https://github.com/inscitiv/api-ruby.git', branch: 'master'
+gem 'slosilo'
+gem 'sequel-rails', git: 'git://github.com/dividedmind/sequel-rails.git', branch: 'max-connections'

data/Gemfile.lock

@@ -0,0 +1,214 @@
+GIT
+  remote: git://github.com/dividedmind/sequel-rails.git
+  revision: a5c7454d239cba14993a9ff95fee0ab1556864d6
+  branch: max-connections
+  specs:
+    sequel-rails (0.4.3)
+      railties (>= 3.2.0)
+      sequel (~> 3.28)
+
+GIT
+  remote: https://github.com/inscitiv/api-ruby.git
+  revision: 90dcd6174deb3369e9c4680f9fc4721a6e19394a
+  branch: master
+  specs:
+    conjur-api (2.4.0)
+      activesupport
+      rest-client
+
+GIT
+  remote: https://inscitiv-ops-dev:Me5aswes@github.com/inscitiv/authable.git
+  revision: 3f3680aa5f966e2d7f7bafcb1d25012174cc73a5
+  branch: master
+  specs:
+    authable (0.2.0)
+      activesupport
+      conjur-api
+      slosilo
+
+PATH
+  remote: .
+  specs:
+    conjur-asset-key-pair (0.2.1)
+      conjur-api
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    actionmailer (3.2.13)
+      actionpack (= 3.2.13)
+      mail (~> 2.5.3)
+    actionpack (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+      erubis (~> 2.7.0)
+      journey (~> 1.0.4)
+      rack (~> 1.4.5)
+      rack-cache (~> 1.2)
+      rack-test (~> 0.6.1)
+      sprockets (~> 2.2.1)
+    activemodel (3.2.13)
+      activesupport (= 3.2.13)
+      builder (~> 3.0.0)
+    activerecord (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+      arel (~> 3.0.2)
+      tzinfo (~> 0.3.29)
+    activeresource (3.2.13)
+      activemodel (= 3.2.13)
+      activesupport (= 3.2.13)
+    activesupport (3.2.13)
+      i18n (= 0.6.1)
+      multi_json (~> 1.0)
+    addressable (2.3.5)
+    arel (3.0.2)
+    builder (3.0.4)
+    capybara (2.1.0)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
+    childprocess (0.3.9)
+      ffi (~> 1.0, >= 1.0.11)
+    ci_reporter (1.8.4)
+      builder (>= 2.1.2)
+    crack (0.4.0)
+      safe_yaml (~> 0.9.0)
+    cucumber (1.3.2)
+      builder (>= 2.1.2)
+      diff-lcs (>= 1.1.3)
+      gherkin (~> 2.12.0)
+      multi_json (~> 1.3)
+    cucumber-rails (1.3.1)
+      capybara (>= 1.1.2)
+      cucumber (>= 1.2.0)
+      nokogiri (>= 1.5.0)
+      rails (~> 3.0)
+    diff-lcs (1.2.4)
+    erubis (2.7.0)
+    ffi (1.9.0)
+    gherkin (2.12.0)
+      multi_json (~> 1.3)
+    hike (1.2.3)
+    i18n (0.6.1)
+    journey (1.0.4)
+    json (1.8.0)
+    json_spec (1.1.1)
+      multi_json (~> 1.0)
+      rspec (~> 2.0)
+    mail (2.5.4)
+      mime-types (~> 1.16)
+      treetop (~> 1.4.8)
+    mime-types (1.23)
+    mini_portile (0.5.0)
+    multi_json (1.7.7)
+    nokogiri (1.6.0)
+      mini_portile (~> 0.5.0)
+    pg (0.15.1)
+    pg_random_id (1.0.0)
+    polyglot (0.3.3)
+    rack (1.4.5)
+    rack-cache (1.2)
+      rack (>= 0.4)
+    rack-ssl (1.3.3)
+      rack
+    rack-test (0.6.2)
+      rack (>= 1.0)
+    rails (3.2.13)
+      actionmailer (= 3.2.13)
+      actionpack (= 3.2.13)
+      activerecord (= 3.2.13)
+      activeresource (= 3.2.13)
+      activesupport (= 3.2.13)
+      bundler (~> 1.0)
+      railties (= 3.2.13)
+    rails-api (0.1.0)
+      actionpack (>= 3.2.11)
+      railties (>= 3.2.11)
+      tzinfo (~> 0.3.31)
+    railties (3.2.13)
+      actionpack (= 3.2.13)
+      activesupport (= 3.2.13)
+      rack-ssl (~> 1.3.2)
+      rake (>= 0.8.7)
+      rdoc (~> 3.4)
+      thor (>= 0.14.6, < 2.0)
+    rake (10.1.0)
+    rdoc (3.12.2)
+      json (~> 1.4)
+    rest-client (1.6.7)
+      mime-types (>= 1.16)
+    rspec (2.13.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rspec-core (2.13.1)
+    rspec-expectations (2.13.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.13.1)
+    rspec-rails (2.13.2)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 2.13.0)
+      rspec-expectations (~> 2.13.0)
+      rspec-mocks (~> 2.13.0)
+    rubyzip (0.9.9)
+    safe_yaml (0.9.3)
+    selenium-webdriver (2.33.0)
+      childprocess (>= 0.2.5)
+      multi_json (~> 1.0)
+      rubyzip
+      websocket (~> 1.0.4)
+    sequel (3.48.0)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
+    slosilo (0.2.4)
+    spork (0.9.2)
+    sprockets (2.2.2)
+      hike (~> 1.2)
+      multi_json (~> 1.0)
+      rack (~> 1.0)
+      tilt (~> 1.1, != 1.3.0)
+    talentbox-sequel-rails (0.3.10)
+      railties (~> 3.2.0)
+      sequel (~> 3.28)
+    thor (0.18.1)
+    tilt (1.4.1)
+    treetop (1.4.14)
+      polyglot
+      polyglot (>= 0.3.1)
+    tzinfo (0.3.37)
+    webmock (1.12.3)
+      addressable (>= 2.2.7)
+      crack (>= 0.3.2)
+    websocket (1.0.7)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  authable!
+  ci_reporter
+  conjur-api!
+  conjur-asset-key-pair!
+  cucumber-rails
+  json_spec
+  pg
+  pg_random_id
+  rails-api
+  rspec-rails
+  selenium-webdriver
+  sequel-rails!
+  simplecov
+  slosilo
+  spork
+  talentbox-sequel-rails
+  webmock

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright 2013 YOURNAME
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,3 @@
+= ConjurAssetDeployment
+
+This project rocks and uses MIT-LICENSE.

data/Rakefile

@@ -0,0 +1,27 @@
+#!/usr/bin/env rake
+begin
+  require 'bundler/setup'
+rescue LoadError
+  puts 'You must `gem install bundler` and `bundle install` to run rake tasks'
+end
+begin
+  require 'rdoc/task'
+rescue LoadError
+  require 'rdoc/rdoc'
+  require 'rake/rdoctask'
+  RDoc::Task = Rake::RDocTask
+end
+
+RDoc::Task.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'ConjurAssetService'
+  rdoc.options << '--line-numbers'
+  rdoc.rdoc_files.include('README.rdoc')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+
+
+
+Bundler::GemHelper.install_tasks
+

data/app/controllers/key_pairs_controller.rb

@@ -0,0 +1,30 @@
+class KeyPairsController < ApplicationController
+  include Authable::Rails::AuthableController
+  include Authable::Rails::AuthableCRUD
+
+  before_filter :find_key_pair, only: [ :show, :encrypt, :decrypt ]
+  
+  def create
+    create_record do
+      new_record whitelist: [ :id ]
+    end
+  end
+  
+  # Permissions checking is gated by access to the public key.
+  def encrypt
+    value = request.body.read
+    render text: @key_pair.encrypt(value)
+  end
+  
+  # Permissions checking is gated by access to the private key.
+  def decrypt
+    value = request.body.read
+    render text: @key_pair.decrypt(value)
+  end
+  
+  protected
+  
+  def find_key_pair
+    @key_pair = KeyPair[params[:id]] or raise RecordNotFound
+  end
+end

data/app/models/key_pair.rb

@@ -0,0 +1,55 @@
+# A public/private key pair.
+class KeyPair < Sequel::Model
+  plugin :authable, container: true
+  plugin :belongs_to_user
+
+  role :encrypt, :decrypt
+
+  def public_json
+    super.except(:public_keyid, :private_keyid)
+  end
+
+  def encrypt(value)
+    public_key.encrypt_message(value)
+  end
+  
+  def decrypt(value)
+    private_key.decrypt_message(value)
+  end
+  
+  def public_key
+    @public_key ||= Slosilo::Key.new authz_api.variable(public_keyid).value
+  end
+
+  def private_key
+    @private_key ||= Slosilo::Key.new authz_api.variable(private_keyid).value
+  end
+
+  # @private
+  def after_initialize
+    super
+    
+    unless self.public_keyid
+      @key = Slosilo::Key.new
+      
+      private_key = authz_api.create_variable 'application/x-pem-file', 'rsa-private-key', owner_option
+      private_key.add_value @key.key.to_pem
+
+      public_key = authz_api.create_variable 'application/x-pem-file', 'rsa-public-key', owner_option
+      public_key.add_value @key.key.public_key.to_pem
+  
+      self.private_keyid = private_key.id
+      self.public_keyid = public_key.id
+    end
+  end
+
+  # @private
+  def after_create
+    super
+    
+    # Encrypt role can execute the public key variable
+    # Decrypt role can execute the private key variable
+    authz_api.variable(public_keyid).resource.permit :execute, role('encrypt')
+    authz_api.variable(private_keyid).resource.permit :execute, role('decrypt')
+  end
+end

data/config/routes.rb

@@ -0,0 +1,8 @@
+Rails.application.routes.draw do
+  resources :key_pairs, :format => false do
+    member do
+      post :encrypt
+      post :decrypt
+    end
+  end
+end

data/conjur-asset-key-pair.gemspec

@@ -0,0 +1,48 @@
+$:.push File.expand_path("../lib", __FILE__)
+
+# Maintain your gem's version:
+require "conjur-asset-key-pair-version"
+
+files = if ENV['API_ONLY']
+  exclude_dirs = [ ".project", ".rvmrc", "lib/conjur/asset", "config", "db", "features", "spec", "app" ]
+  `git ls-files`.split("\n").select do |f|
+    exclude_dirs.find{|d| f.index(d) == 0}.nil?
+  end.tap do |files|
+    puts "Packaging #{files.join(" ")}"
+  end
+else
+  `git ls-files`.split($/)
+end
+
+name = if ENV['API_ONLY']
+  "conjur-asset-key-pair-api"
+else
+  "conjur-asset-key-pair"
+end
+
+# Describe your gem and declare its dependencies:
+Gem::Specification.new do |s|
+  s.name        = name
+  s.version     = Conjur::Asset::KeyPair::VERSION
+  s.authors     = ["Kevin Gilpin"]
+  s.email       = ["kgilpin@gmail.com"]
+  s.homepage    = "http://conjur.net"
+  s.summary     = "Conjur asset plugin for RSA key pairs."
+
+  s.files = files
+
+  s.add_dependency "conjur-api"
+  
+  s.add_development_dependency "authable"
+  s.add_development_dependency "rails-api"
+  s.add_development_dependency "talentbox-sequel-rails"
+  s.add_development_dependency "pg"
+  s.add_development_dependency "pg_random_id"
+  s.add_development_dependency "rspec-rails"
+  s.add_development_dependency "cucumber-rails"
+  s.add_development_dependency "spork"
+  s.add_development_dependency "simplecov"
+  s.add_development_dependency "webmock"
+  s.add_development_dependency "json_spec"
+  s.add_development_dependency "ci_reporter"
+end