e3db 2.0.0 → 2.1.1

data/lib/e3db/config.rb

@@ -41,6 +41,7 @@ module E3DB
     attribute :client_id, Types::String
     attribute :api_key_id, Types::String
     attribute :api_secret, Types::String
+    attribute :client_email, Types::String
     attribute :public_key, Types::String
     attribute :private_key, Types::String
     attribute :api_url, Types::String.default(DEFAULT_API_URL)
@@ -57,6 +58,7 @@ module E3DB
     #     "client_id": "UUID",
     #     "api_key_id": "API_KEY",
     #     "api_secret": "API_SECRET",
+    #     "client_email": "CLIENT_EMAIL",
     #     "public_key": "PUBLIC_KEY",
     #     "private_key": "PRIVATE_KEY",
     #     "api_url": "URL",

data/lib/e3db/crypto.rb

@@ -5,142 +5,66 @@
 # All Rights Reserved.
 #
 
-
 module E3DB
-  class Client
+  module Crypto
     private
-    def decrypt_record(record)
-      writer_id = record.meta.writer_id
-      user_id = record.meta.user_id
-      type = record.meta.type
-      ak = get_access_key(writer_id, user_id, @config.client_id, type)
-      decrypt_record_with_key(record, ak)
-    end
-
-    def decrypt_record_with_key(encrypted_record, ak)
-      record = Record.new(meta: encrypted_record.meta.clone, data: Hash.new)
-
-      encrypted_record.data.each do |k, v|
-        fields = v.split('.', 4)
-
-        edk =  Crypto.base64decode(fields[0])
-        edkN = Crypto.base64decode(fields[1])
-        ef =   Crypto.base64decode(fields[2])
-        efN =  Crypto.base64decode(fields[3])
-
-        dk = RbNaCl::SecretBox.new(ak).decrypt(edkN, edk)
-        pv = RbNaCl::SecretBox.new(dk).decrypt(efN, ef)
-
-        record.data[k] = pv
-      end
-
-      record
-    end
-
-    def encrypt_record(plaintext_record)
-      record = Record.new(meta: plaintext_record.meta.clone, data: Hash.new)
-
-      writer_id = record.meta.writer_id
-      user_id   = record.meta.user_id
-      type      = record.meta.type
-
-      begin
-        ak = get_access_key(writer_id, user_id, @config.client_id, type)
-      rescue Faraday::ResourceNotFound
-        ak = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
-        put_access_key(writer_id, user_id, @config.client_id, type, ak)
-      end
-
-      plaintext_record.data.each do |k, v|
-        dk =   Crypto.secret_box_random_key
-        efN =  Crypto.secret_box_random_nonce
-        ef =   RbNaCl::SecretBox.new(dk).encrypt(efN, v)
-        edkN = Crypto.secret_box_random_nonce
-        edk =  RbNaCl::SecretBox.new(ak).encrypt(edkN, dk)
-
-        record.data[k] = sprintf('%s.%s.%s.%s',
-                                 Crypto.base64encode(edk), Crypto.base64encode(edkN),
-                                 Crypto.base64encode(ef), Crypto.base64encode(efN))
-      end
-
-      record
-    end
-
-    def decrypt_eak(json)
-      k = json[:authorizer_public_key][:curve25519]
-      authorizer_pubkey = Crypto.decode_public_key(k)
-
-      fields     = json[:eak].split('.', 2)
-      ciphertext = Crypto.base64decode(fields[0])
-      nonce      = Crypto.base64decode(fields[1])
-      box        = RbNaCl::Box.new(authorizer_pubkey, @private_key)
-
-      box.decrypt(nonce, ciphertext)
-    end
-
-    def get_access_key(writer_id, user_id, reader_id, type)
-      ak_cache_key = [writer_id, user_id, type]
-      if @ak_cache.key? ak_cache_key
-        return @ak_cache[ak_cache_key]
-      end
 
-      url = get_url('v1', 'storage', 'access_keys', writer_id, user_id, reader_id, type)
-      resp = @conn.get(url)
-      json = JSON.parse(resp.body, symbolize_names: true)
-
-      ak = decrypt_eak(json)
-      @ak_cache[ak_cache_key] = ak
-      ak
-    end
-
-    def put_access_key(writer_id, user_id, reader_id, type, ak)
-      ak_cache_key = [writer_id, user_id, type]
-      @ak_cache[ak_cache_key] = ak
-
-      reader_key = client_key(reader_id)
-      nonce = RbNaCl::Random.random_bytes(RbNaCl::Box.nonce_bytes)
-      eak   = RbNaCl::Box.new(reader_key, @private_key).encrypt(nonce, ak)
-
-      encoded_eak = sprintf('%s.%s', Crypto.base64encode(eak), Crypto.base64encode(nonce))
-
-      url = get_url('v1', 'storage', 'access_keys', writer_id, user_id, reader_id, type)
-      @conn.put(url, { :eak => encoded_eak })
+    # Create a new, random access key. Returns a
+    # string of bytes representing the key.
+    def new_access_key
+      RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
     end
 
-  end
+    alias :new_data_key :new_access_key
 
-  class Crypto
-    def self.decode_public_key(s)
+    def decode_public_key(s)
       RbNaCl::PublicKey.new(base64decode(s))
     end
 
-    def self.encode_public_key(k)
+    def encode_public_key(k)
       base64encode(k.to_bytes)
     end
 
-    def self.decode_private_key(s)
+    def decode_private_key(s)
       RbNaCl::PrivateKey.new(base64decode(s))
     end
 
-    def self.encode_private_key(k)
+    def encode_private_key(k)
       base64encode(k.to_bytes)
     end
 
-    def self.secret_box_random_key
-      RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
+    def box_random_nonce
+      RbNaCl::Random.random_bytes(RbNaCl::Box.nonce_bytes)
     end
 
-    def self.secret_box_random_nonce
+    def secret_box_random_nonce
       RbNaCl::Random.random_bytes(RbNaCl::SecretBox.nonce_bytes)
     end
 
-    def self.base64encode(x)
+    def base64encode(x)
       Base64.urlsafe_encode64(x, padding: false)
     end
 
-    def self.base64decode(x)
+    def base64decode(x)
       Base64.urlsafe_decode64(x)
     end
+
+    def decrypt_box(encrypted, pub, priv)
+      pub = decode_public_key(pub) unless pub.is_a? RbNaCl::PublicKey
+      priv = decode_private_key(priv) unless priv.is_a? RbNaCl::PrivateKey
+
+      ciphertext, nonce = encrypted.split('.', 2).map { |f| base64decode(f) }
+      RbNaCl::Box.new(pub, priv).decrypt(nonce, ciphertext)
+    end
+
+    def encrypt_box(plain, pub, priv)
+      pub = decode_public_key(pub) unless pub.is_a? RbNaCl::PublicKey
+      priv = decode_private_key(priv) unless priv.is_a? RbNaCl::PrivateKey
+
+      nonce = box_random_nonce
+      encrypted = RbNaCl::Box.new(pub, priv).encrypt(nonce, plain)
+      [encrypted, nonce].map { |f| base64encode(f) }.join(".")
+    end
   end
 
   private_constant :Crypto

data/lib/e3db/version.rb

@@ -1,3 +1,3 @@
 module E3DB
-  VERSION = "2.0.0"
+  VERSION = "2.1.1"
 end

data/travis-install-configfile.sh

@@ -21,4 +21,22 @@ cat > "$HOME/.tozny/integration-test/e3db.json" <<EOT
     "public_key":"${PUBLIC_KEY}",
     "private_key":"${PRIVATE_KEY}"
 }
+EOT
+
+# Check if the config is already set
+if [ ! -d "$HOME/.tozny/integration-test-share" ]; then
+    mkdir -p "$HOME/.tozny/integration-test-share"
+fi
+
+cat > "$HOME/.tozny/integration-test-share/e3db.json" <<EOT
+{
+    "version":1,
+    "api_url":"${API_URL_2}",
+    "api_key_id":"${API_KEY_ID_2}",
+    "api_secret":"${API_SECRET_2}",
+    "client_id":"${CLIENT_ID_2}",
+    "client_email":"${CLIENT_EMAIL_2}",
+    "public_key":"${PUBLIC_KEY_2}",
+    "private_key":"${PRIVATE_KEY_2}"
+}
 EOT

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: e3db
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.1
 platform: ruby
 authors:
 - Tozny, LLC
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-07-11 00:00:00.000000000 Z
+date: 2017-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -188,12 +188,13 @@ files:
 - ".travis.yml"
 - ".yardopts"
 - Gemfile
-- LICENSE.txt
+- LICENSE.md
 - README.md
 - Rakefile
 - bin/console
 - bin/setup
 - e3db.gemspec
+- examples/registration.rb
 - examples/simple.rb
 - lib/e3db.rb
 - lib/e3db/client.rb
@@ -223,7 +224,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: e3db client SDK

data/LICENSE.txt

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (C) 2017, Tozny, LLC.
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.