legion-crypt 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07b24418ca073e0f27ac8b1971b3dff861e245f9e469a1d78bf14a500e02ded8
-  data.tar.gz: 73c531446637ff282583e5e74db187077dd0431493919db84b00348d592b262d
+  metadata.gz: 265bfefa35f6346031ae28749fa479e511e9f98f5a3c8b5cd3b756e86f6920b4
+  data.tar.gz: 2fedcd11ffcb04683cdf8c122b721bd30e37b7a73b48f2660237895725045999
 SHA512:
-  metadata.gz: 4bee5884abd1308aad74fd342168f3622bd19aa213be6908e42178c02172a3682a44398bbad7a484533cd70b6c6e3203ae8589b4b79d9455a971cfda9dc61035
-  data.tar.gz: a4770c968abc0a5f8743a042238f2aa0225ee6189ae49854d1db45e3e6b2b7b442f1b40862d0135e3f901f731a57d4017765d8846c0888b61a014b118eff3849
+  metadata.gz: 430546afd08fdddbc359be8dd09a530552a596917943ca7e5c0a9bd7a3064e4c95cbb3ea468faaa62cfe6572577eea3eb60765ebbb68f3a8756a0a491de8c44d
+  data.tar.gz: 856f677b6201f8052cf6d0a617f56ce893029afc02df2f9490e506bc55034090814f35cf0c98438c66db6c0a728be84f060f72c7319bb20bfd29f0cc1debdc24

data/.circleci/config.yml

@@ -1,49 +1,90 @@
 version: 2.1
 orbs:
-  ruby: circleci/ruby@0.2.1
+  ruby: circleci/ruby@1.1.2
+  sonarcloud: sonarsource/sonarcloud@1.0.2
 
 jobs:
   "rubocop":
     docker:
-      - image: circleci/ruby:2.5-node
+      - image: cimg/ruby:2.7
     steps:
       - checkout
-      - ruby/load-cache
-      - ruby/install-deps
-      - run:
-          name: Run Rubocop
-          command: bundle exec rubocop
-      - ruby/save-cache
+      - restore_cache:
+          key: "bundler cache mri"
+      - run: bundle update
+      - run: bundle exec rubocop --format=json --out=rubocop-result.json
+      - store_test_results:
+          path: rubocop-result.json
+      - sonarcloud/scan
+      - run: bundle exec rubocop
+      - save_cache:
+          key: "bundler cache mri"
+          paths:
+            - "/usr/local/bundle"
   "ruby-two-five":
     docker:
-      - image: circleci/ruby:2.5
-      - image: memcached:1.5-alpine
+      - image: cimg/ruby:2.5
     steps:
       - checkout
-      - ruby/load-cache
-      - ruby/install-deps
-      - ruby/run-tests
-      - ruby/save-cache
+      - restore_cache:
+          key: "bundler cache mri"
+      - run: bundle update
+      - save_cache:
+          key: "bundler cache mri"
+          paths:
+            - "/usr/local/bundle"
+      - run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
+      - store_test_results:
+          path: rspec-results.xml
+      - sonarcloud/scan
   "ruby-two-six":
     docker:
-      - image: circleci/ruby:2.6
-      - image: memcached:1.5-alpine
+      - image: cimg/ruby:2.6
     steps:
       - checkout
-      - ruby/load-cache
-      - ruby/install-deps
-      - ruby/run-tests
-      - ruby/save-cache
+      - restore_cache:
+          key: "bundler cache mri"
+      - run: bundle update
+      - save_cache:
+          key: "bundler cache mri"
+          paths:
+            - "/usr/local/bundle"
+      - run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
+      - store_test_results:
+          path: rspec-results.xml
+      - sonarcloud/scan
   "ruby-two-seven":
     docker:
       - image: circleci/ruby:2.7
-      - image: memcached:1.5-alpine
     steps:
       - checkout
-      - ruby/load-cache
-      - ruby/install-deps
-      - ruby/run-tests
-      - ruby/save-cache
+      - restore_cache:
+          key: "bundler cache mri"
+      - run: bundle update
+      - save_cache:
+          key: "bundler cache mri"
+          paths:
+            - "/usr/local/bundle"
+      - run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
+      - store_test_results:
+          path: rspec-results.xml
+      - sonarcloud/scan
+  "ruby-three":
+    docker:
+      - image: circleci/ruby:3
+    steps:
+      - checkout
+      - restore_cache:
+          key: "bundler cache mri"
+      - run: bundle update
+      - save_cache:
+          key: "bundler cache mri"
+          paths:
+            - "/usr/local/bundle"
+      - run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
+      - store_test_results:
+          path: rspec-results.xml
+      - sonarcloud/scan
 
 workflows:
   version: 2
@@ -57,5 +98,8 @@ workflows:
           requires:
             - ruby-two-five
       - ruby-two-seven:
+          requires:
+            - ruby-two-five
+      - ruby-three:
           requires:
             - ruby-two-five

data/.rubocop.yml

@@ -6,18 +6,19 @@ Metrics/ClassLength:
   Max: 1500
 Metrics/BlockLength:
   Max: 50
-Layout/SpaceAroundEqualsInParameterDefault:
-  EnforcedStyle: space
-Style/SymbolArray:
-  Enabled: true
-Layout/HashAlignment:
-  EnforcedHashRocketStyle: table
-  EnforcedColonStyle: table
+Metrics/CyclomaticComplexity:
+  Max: 14
+Metrics/AbcSize:
+  Max: 17
+Metrics/PerceivedComplexity:
+  Max: 16
+Naming/MethodParameterName:
+  Enabled: false
 Style/Documentation:
   Enabled: false
 AllCops:
   TargetRubyVersion: 2.5
+  NewCops: enable
+  SuggestExtensions: false
 Style/FrozenStringLiteralComment:
   Enabled: false
-Naming/FileName:
-  Enabled: false

data/Gemfile.lock

@@ -0,0 +1,123 @@
+PATH
+  remote: .
+  specs:
+    legion-crypt (0.2.4)
+      vault (>= 0.15.0)
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    amq-protocol (2.3.2)
+    ast (2.4.2)
+    aws-eventstream (1.1.0)
+    aws-sigv4 (1.2.2)
+      aws-eventstream (~> 1, >= 1.0.2)
+    bunny (2.17.0)
+      amq-protocol (~> 2.3, >= 2.3.1)
+    concurrent-ruby (1.1.8)
+    concurrent-ruby-ext (1.1.8)
+      concurrent-ruby (= 1.1.8)
+    connection_pool (2.2.3)
+    daemons (1.3.1)
+    dalli (2.7.11)
+    diff-lcs (1.4.4)
+    docile (1.3.5)
+    json (2.5.1)
+    json_pure (2.5.1)
+    legion-cache (1.1.1)
+      connection_pool (>= 2.2.3)
+      dalli (>= 2.7)
+      redis (>= 4.2)
+    legion-exceptions (1.1.5)
+    legion-json (1.1.4)
+      json_pure
+      legion-exceptions (>= 1.1.5)
+      multi_json
+    legion-logging (1.1.4)
+      rainbow (~> 3)
+    legion-settings (1.1.3)
+      legion-json
+      legion-logging
+    legion-transport (1.1.9)
+      bunny (>= 2.17.0)
+      concurrent-ruby (>= 1.1.7)
+      legion-json
+    legionio (0.4.2)
+      concurrent-ruby (>= 1.1.7)
+      concurrent-ruby-ext (>= 1.1.7)
+      daemons (>= 1.3.1)
+      legion-cache
+      legion-crypt (>= 0.2.0)
+      legion-exceptions
+      legion-json
+      legion-logging
+      legion-settings
+      legion-transport (>= 1.1.9)
+      lex-node
+      oj (>= 3.10)
+      thor (>= 1)
+    lex-node (0.1.4)
+    multi_json (1.15.0)
+    oj (3.11.2)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    rainbow (3.0.0)
+    redis (4.2.5)
+    regexp_parser (2.1.1)
+    rexml (3.2.4)
+    rspec (3.10.0)
+      rspec-core (~> 3.10.0)
+      rspec-expectations (~> 3.10.0)
+      rspec-mocks (~> 3.10.0)
+    rspec-core (3.10.1)
+      rspec-support (~> 3.10.0)
+    rspec-expectations (3.10.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-mocks (3.10.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.10.0)
+    rspec-support (3.10.2)
+    rspec_junit_formatter (0.4.1)
+      rspec-core (>= 2, < 4, != 2.12.0)
+    rubocop (1.11.0)
+      parallel (~> 1.10)
+      parser (>= 3.0.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml
+      rubocop-ast (>= 1.2.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.4.1)
+      parser (>= 2.7.1.5)
+    ruby-progressbar (1.11.0)
+    simplecov (0.17.1)
+      docile (~> 1.1)
+      json (>= 1.8, < 3)
+      simplecov-html (~> 0.10.0)
+    simplecov-html (0.10.2)
+    simplecov_json_formatter (0.1.2)
+    thor (1.1.0)
+    unicode-display_width (2.0.0)
+    vault (0.15.0)
+      aws-sigv4
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  legion-crypt!
+  legion-logging
+  legion-settings
+  legion-transport
+  legionio
+  rspec
+  rspec_junit_formatter
+  rubocop
+  simplecov (< 0.18.0)
+  simplecov_json_formatter
+
+BUNDLED WITH
+   2.2.6

data/README.md

@@ -1,40 +1,3 @@
 # Legion::Crypt
 
-Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/legion/crypt`. To experiment with that code, run `bin/console` for an interactive prompt.
-
-TODO: Delete this and the text above, and describe your gem
-
-## Installation
-
-Add this line to your application's Gemfile:
-
-```ruby
-gem 'legion-crypt'
-```
-
-And then execute:
-
-    $ bundle install
-
-Or install it yourself as:
-
-    $ gem install legion-crypt
-
-## Usage
-
-TODO: Write usage instructions here
-
-## Development
-
-After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
-
-To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
-
-## Contributing
-
-Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/legion-crypt.
-
-
-## License
-
-The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+The Legion encryption module

data/bitbucket-pipelines.yml

@@ -0,0 +1,17 @@
+image: ruby:2.7
+
+pipelines:
+  tags:
+    "v*":
+      - step:
+          name: Push to RubyGems
+          deployment: RubyGems
+          script:
+            - gem install gem-release
+            - (umask  077 ; echo $gem_creds | base64 --decode > ~/.gem/credentials)
+            - gem release
+          artifacts:
+            - pkg/**
+definitions:
+  caches:
+    bundler: /usr/local/bundle

data/legion-crypt.gemspec

@@ -17,23 +17,23 @@ Gem::Specification.new do |spec|
   spec.metadata['homepage_uri'] = spec.homepage
   spec.metadata['source_code_uri'] = 'https://bitbucket.org/legion-io/legion/'
   spec.metadata['changelog_uri'] = 'https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md'
+  spec.metadata['wiki_uri'] = 'https://bitbucket.org/legion-io/legion-crypt/wiki'
+  spec.metadata['bug_tracker_uri'] = 'https://bitbucket.org/legion-io/legion-crypt/issues'
 
   spec.files = Dir.chdir(File.expand_path(__dir__)) do
     `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   end
-  spec.bindir        = 'exe'
-  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ['lib']
 
-  spec.add_dependency 'rbnacl'
-  spec.add_dependency 'vault'
+  spec.add_dependency 'vault', '>= 0.15.0'
 
-  spec.add_development_dependency 'legion'
-  spec.add_development_dependency 'legion-logging', '>= 1.0.0'
-  spec.add_development_dependency 'legion-settings', '>= 1.0.0'
-  spec.add_development_dependency 'legion-transport', '>= 0.1.0'
-  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'legionio'
+  spec.add_development_dependency 'legion-logging'
+  spec.add_development_dependency 'legion-settings'
+  spec.add_development_dependency 'legion-transport'
   spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'rspec_junit_formatter'
   spec.add_development_dependency 'rubocop'
-  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'simplecov', '< 0.18.0'
+  spec.add_development_dependency 'simplecov_json_formatter'
 end

data/lib/legion/crypt.rb

@@ -1,30 +1,37 @@
 # frozen_string_literal: true
 
+require 'openssl'
+require 'base64'
 require 'legion/crypt/version'
 require 'legion/crypt/settings'
-require 'rbnacl'
-require 'base64'
 
-require 'legion/crypt/box'
-require 'legion/crypt/vault'
+require 'legion/crypt/cipher'
 
 module Legion
   module Crypt
     class << self
-      attr_reader :public_key, :sessions
-      include Legion::Crypt::Box
-      include Legion::Crypt::Vault if Legion::Settings[:crypt][:vault][:enabled]
+      attr_reader :sessions
+
+      include Legion::Crypt::Cipher
+
+      unless Gem::Specification.find_by_name('vault').nil?
+        require 'legion/crypt/vault'
+        include Legion::Crypt::Vault
+      end
 
       def start
         Legion::Logging.debug 'Legion::Crypt is running start'
-        if Dir.exist?('./settings') && File.exist?('./settings/private.key') && File.exist?('./settings/public.key')
-          load_keys
+        ::File.write('./legionio.key', private_key) if settings[:save_private_key]
+
+        connect_vault unless settings[:vault][:token].nil?
+      end
+
+      def settings
+        if Legion.const_defined?('Settings')
+          Legion::Settings[:crypt]
         else
-          delete_keys if Dir.exist? './settings'
-          create_keys
+          Legion::Crypt::Settings.default
         end
-
-        connect_vault
       end
 
       def shutdown

data/lib/legion/crypt/cipher.rb

@@ -0,0 +1,103 @@
+require 'securerandom'
+
+module Legion
+  module Crypt
+    module Cipher
+      def encrypt(message)
+        cipher = OpenSSL::Cipher.new('aes-256-cbc')
+        cipher.encrypt
+        cipher.key = cs
+        iv = cipher.random_iv
+        { enciphered_message: Base64.encode64(cipher.update(message) + cipher.final), iv: Base64.encode64(iv) }
+      end
+
+      def decrypt(message, iv)
+        until cs.is_a?(String) || Legion::Settings[:client][:shutting_down]
+          Legion::Logging.debug('sleeping Legion::Crypt.decrypt due to CS not being set')
+          sleep(0.5)
+        end
+
+        decipher = OpenSSL::Cipher.new('aes-256-cbc')
+        decipher.decrypt
+        decipher.key = cs
+        decipher.iv = Base64.decode64(iv)
+        message = Base64.decode64(message)
+        decipher.update(message) + decipher.final
+      end
+
+      def encrypt_from_keypair(message:, pub_key: public_key)
+        rsa_public_key = OpenSSL::PKey::RSA.new(pub_key)
+
+        Base64.encode64(rsa_public_key.public_encrypt(message))
+      end
+
+      def decrypt_from_keypair(message:, **_opts)
+        private_key.private_decrypt(Base64.decode64(message))
+      end
+
+      def public_key
+        @public_key ||= private_key.public_key.to_s
+      end
+
+      def private_key
+        @private_key ||= if Legion::Settings[:crypt][:read_private_key] && File.exist?('./legionio.key')
+                           OpenSSL::PKey::RSA.new File.read './legionio.key'
+                         else
+                           OpenSSL::PKey::RSA.new 2048
+                         end
+      end
+
+      def cs
+        @cs ||= Digest::SHA256.digest(fetch_cs)
+      end
+
+      def fetch_cs # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
+        if Legion::Settings[:crypt][:vault][:read_cluster_secret] && Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt') # rubocop:disable Layout/LineLength
+          Legion::Crypt.get('crypt')[:cluster_secret]
+        elsif Legion::Settings[:crypt][:cluster_secret].is_a? String
+          Legion::Settings[:crypt][:cluster_secret]
+        elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
+          Legion::Settings[:crypt][:cluster_secret] = generate_secure_random
+        elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.positive?
+          require 'legion/transport/messages/request_cluster_secret'
+          Legion::Logging.info 'Requesting cluster secret via public key'
+          start = Time.now
+          Legion::Transport::Messages::RequestClusterSecret.new.publish
+          sleep_time = 0.001
+          until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
+            sleep(sleep_time)
+            sleep_time *= 2 unless sleep_time > 0.5
+          end
+
+          if Legion::Settings[:crypt][:cluster_secret].nil?
+            Legion::Logging.warn 'Cluster secret is still nil'
+          else
+            Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
+          end
+        end
+      rescue StandardError => e
+        Legion::Logging.error(e.message)
+        Legion::Logging.error(e.backtrace)
+      ensure
+        Legion::Settings[:crypt][:cluster_secret] = generate_secure_random unless Legion::Settings[:crypt].key? :cluster_secret
+        nil if Legion::Settings[:crypt][:cluster_secret].nil?
+
+        Legion::Settings[:crypt][:cs_encrypt_ready] = true
+        push_cs_to_vault if Legion::Settings[:crypt][:vault][:push_cs_to_vault]
+
+        return Legion::Settings[:crypt][:cluster_secret] # rubocop:disable Lint/EnsureReturn
+      end
+
+      def push_cs_to_vault
+        return false unless Legion::Settings[:crypt][:vault][:connected] && Legion::Settings[:crypt][:cluster_secret]
+
+        Legion::Logging.info 'Pushing Cluster Secret to Vault'
+        Legion::Crypt.write('cluster', secret: Legion::Settings[:crypt][:cluster_secret])
+      end
+
+      def generate_secure_random
+        SecureRandom.uuid
+      end
+    end
+  end
+end

data/lib/legion/crypt/settings.rb

@@ -3,28 +3,42 @@ module Legion
     module Settings
       def self.default
         {
-          vault:            vault,
+          vault: vault,
           cs_encrypt_ready: false,
-          dynamic_keys:     true
+          dynamic_keys: true,
+          cluster_secret: nil,
+          save_private_key: true,
+          read_private_key: true
         }
       end
 
       def self.vault
         {
-          enabled:             !Gem::Specification.find_by_name('vault').nil?,
-          protocol:            'http',
-          address:             'localhost',
-          port:                8200,
-          token:               ENV['VAULT_DEV_ROOT_TOKEN_ID'] || ENV['VAULT_TOKEN_ID'] || nil,
-          connected:           false,
-          renewer_time:        5,
-          renewer:             true,
-          push_cluster_secret: false,
-          read_cluster_secret: false
+          enabled: !Gem::Specification.find_by_name('vault').nil?,
+          protocol: 'http',
+          address: 'localhost',
+          port: 8200,
+          token: ENV['VAULT_DEV_ROOT_TOKEN_ID'] || ENV['VAULT_TOKEN_ID'] || nil,
+          connected: false,
+          renewer_time: 5,
+          renewer: true,
+          push_cluster_secret: true,
+          read_cluster_secret: true,
+          kv_path: ENV['LEGION_VAULT_KV_PATH'] || 'legion'
         }
       end
     end
   end
 end
 
-Legion::Settings.merge_settings('crypt', Legion::Crypt::Settings.default) if Legion.const_defined?('Settings')
+begin
+  Legion::Settings.merge_settings('crypt', Legion::Crypt::Settings.default) if Legion.const_defined?('Settings')
+rescue StandardError => e
+  if Legion.const_defined?('Logging') && Legion::Logging.method_defined?(:fatal)
+    Legion::Logging.fatal(e.message)
+    Legion::Logging.fatal(e.backtrace)
+  else
+    puts e.message
+    puts e.backtrace
+  end
+end

data/lib/legion/crypt/vault.rb

@@ -4,6 +4,7 @@ module Legion
   module Crypt
     module Vault
       attr_accessor :sessions
+
       def settings
         Legion::Settings[:crypt][:vault]
       end
@@ -21,26 +22,32 @@ module Legion
 
         require_relative 'vault_renewer'
         @renewer = Legion::Crypt::Vault::Renewer.new
+      rescue StandardError => e
+        Legion::Logging.error e.message
+        Legion::Settings[:crypt][:vault][:connected] = false
+        false
       end
 
-      def read(path, type = 'kv-v2')
-        lease = ::Vault.logical.read(type + '/' + path)
+      def read(path, type = 'legion')
+        full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path
+        lease = ::Vault.logical.read(full_path)
         add_session(path: lease.lease_id) if lease.respond_to? :lease_id
         lease.data
       end
 
       def get(path)
-        ::Vault.kv('kv-v2').read(path).data
+        result = ::Vault.kv(settings[:vault][:kv_path]).read(path)
+        return nil if result.nil?
+
+        result.data
       end
 
-      def write(path, key, value)
-        hash = {}
-        hash[key.to_sym] = value
-        ::Vault.kv('kv-v2').write(path, **hash)
+      def write(path, **hash)
+        ::Vault.kv(settings[:vault][:kv_path]).write(path, **hash)
       end
 
       def exist?(path)
-        !::Vault.kv('kv-v2').read_metadata(path).nil?
+        !::Vault.kv(settings[:vault][:kv_path]).read_metadata(path).nil?
       end
 
       def add_session(path:)
@@ -48,7 +55,10 @@ module Legion
       end
 
       def close_sessions
+        return if @sessions.nil?
+
         Legion::Logging.info 'Closing all Legion::Crypt vault sessions'
+
         @sessions.each do |session|
           close_session(session: session)
         end
@@ -58,7 +68,7 @@ module Legion
         return unless Legion::Settings[:crypt][:vault][:connected]
         return if @renewer.nil?
 
-        Legion::Logging.debug 'Shutdown down Legion::Crypt::Vault::Renewer'
+        Legion::Logging.debug 'Shutting down Legion::Crypt::Vault::Renewer'
         @renewer.cancel
       end
 
@@ -70,11 +80,15 @@ module Legion
         ::Vault.sys.renew(session)
       end
 
-      def renew_sessions
+      def renew_sessions(**_opts)
         @sessions.each do |session|
           renew_session(session: session)
         end
       end
+
+      def vault_exists?(name)
+        ::Vault.sys.mounts.key?(name.to_sym)
+      end
     end
   end
 end

data/lib/legion/crypt/vault_renewer.rb

@@ -8,7 +8,7 @@ module Legion
           'renew_sessions'
         end
 
-        def klass
+        def runner_class
           Legion::Crypt
         end
 
@@ -23,6 +23,10 @@ module Legion
         def generate_task?
           false
         end
+
+        def use_runner?
+          false
+        end
       end
     end
   end

data/lib/legion/crypt/version.rb

@@ -2,6 +2,6 @@
 
 module Legion
   module Crypt
-    VERSION = '0.1.0'
+    VERSION = '0.3.0'
   end
 end

data/settings/transport.json

@@ -0,0 +1,5 @@
+{
+  "transport": {
+    "vhost": "/"
+  }
+}

data/sonar-project.properties

@@ -0,0 +1,11 @@
+sonar.projectKey=legion-io_legion-crypt
+sonar.organization=legion-io
+sonar.sources=.
+sonar.exclusions=vendor/**
+sonar.coverage.exclusions=spec/**
+sonar.ruby.coverage.reportPath=coverage/.resultset.json
+sonar.ruby.file.suffixes=rb,ruby
+sonar.ruby.coverage.framework=RSpec
+sonar.ruby.rubocopConfig=.rubocop.yml
+sonar.ruby.rubocop.reportPath=rubocop-result.json
+sonar.ruby.rubocop.filePath=.

metadata

@@ -1,37 +1,37 @@
 --- !ruby/object:Gem::Specification
 name: legion-crypt
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Esity
-autorequire: 
-bindir: exe
+autorequire:
+bindir: bin
 cert_chain: []
-date: 2020-03-12 00:00:00.000000000 Z
+date: 2021-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  name: rbnacl
+  name: vault
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.15.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.15.0
 - !ruby/object:Gem::Dependency
-  name: vault
+  name: legionio
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -39,7 +39,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: legion
+  name: legion-logging
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -53,49 +53,49 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: legion-logging
+  name: legion-settings
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: legion-settings
+  name: legion-transport
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 1.0.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: legion-transport
+  name: rspec
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.0
+        version: '0'
 - !ruby/object:Gem::Dependency
-  name: rake
+  name: rspec_junit_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +109,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rspec
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,21 +123,21 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: rubocop
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.18.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.18.0
 - !ruby/object:Gem::Dependency
-  name: simplecov
+  name: simplecov_json_formatter
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -159,27 +159,23 @@ extra_rdoc_files: []
 files:
 - ".circleci/config.yml"
 - ".gitignore"
-- ".idea/.rakeTasks"
-- ".idea/legion-crypt.iml"
-- ".idea/misc.xml"
-- ".idea/modules.xml"
-- ".idea/vagrant.xml"
-- ".idea/workspace.xml"
 - ".rspec"
 - ".rubocop.yml"
 - Gemfile
+- Gemfile.lock
 - LICENSE.txt
 - README.md
 - Rakefile
-- bin/console
-- bin/setup
+- bitbucket-pipelines.yml
 - legion-crypt.gemspec
 - lib/legion/crypt.rb
-- lib/legion/crypt/box.rb
+- lib/legion/crypt/cipher.rb
 - lib/legion/crypt/settings.rb
 - lib/legion/crypt/vault.rb
 - lib/legion/crypt/vault_renewer.rb
 - lib/legion/crypt/version.rb
+- settings/transport.json
+- sonar-project.properties
 homepage: https://bitbucket.org/legion-io/legion-vault/
 licenses:
 - MIT
@@ -187,7 +183,9 @@ metadata:
   homepage_uri: https://bitbucket.org/legion-io/legion-vault/
   source_code_uri: https://bitbucket.org/legion-io/legion/
   changelog_uri: https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md
-post_install_message: 
+  wiki_uri: https://bitbucket.org/legion-io/legion-crypt/wiki
+  bug_tracker_uri: https://bitbucket.org/legion-io/legion-crypt/issues
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -202,8 +200,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.8
-signing_key: 
+rubygems_version: 3.2.6
+signing_key:
 specification_version: 4
 summary: Legion::Vault is used to keep things safe
 test_files: []

data/.idea/.rakeTasks

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<Settings><!--This file was automatically generated by Ruby plugin.
-You are allowed to: 
-1. Remove rake task
-2. Add existing rake tasks
-To add existing rake tasks automatically delete this file and reload the project.
---><RakeGroup description="" fullCmd="" taksId="rake"><RakeTask description="Build legion-crypt-0.1.0.gem into the pkg directory" fullCmd="build" taksId="build" /><RakeTask description="Remove any temporary products" fullCmd="clean" taksId="clean" /><RakeTask description="Remove any generated files" fullCmd="clobber" taksId="clobber" /><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems" fullCmd="install" taksId="install" /><RakeGroup description="" fullCmd="" taksId="install"><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems without network access" fullCmd="install:local" taksId="local" /></RakeGroup><RakeTask description="Create tag v0.1.0 and build and push legion-crypt-0.1.0.gem to rubygems.org" fullCmd="release[remote]" taksId="release[remote]" /><RakeTask description="Run RSpec code examples" fullCmd="spec" taksId="spec" /><RakeTask description="" fullCmd="default" taksId="default" /><RakeTask description="" fullCmd="release" taksId="release" /><RakeGroup description="" fullCmd="" taksId="release"><RakeTask description="" fullCmd="release:guard_clean" taksId="guard_clean" /><RakeTask description="" fullCmd="release:rubygem_push" taksId="rubygem_push" /><RakeTask description="" fullCmd="release:source_control_push" taksId="source_control_push" /></RakeGroup></RakeGroup></Settings>

data/.idea/legion-crypt.iml

@@ -1,45 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="RUBY_MODULE" version="4">
-  <component name="ModuleRunConfigurationManager">
-    <shared />
-  </component>
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" scope="PROVIDED" name="amq-protocol (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="ast (v2.4.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="aws-eventstream (v1.0.3, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="aws-sigv4 (v1.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="bundler (v2.1.4, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="bunny (v2.14.4, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.3, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="docile (v1.3.2, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="ffi (v1.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="jaro_winkler (v1.5.4, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="json (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="legion (v0.1.2, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="legion-json (v0.1.6, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="legion-logging (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="legion-settings (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="legion-transport (v0.1.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="oj (v3.10.5, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="parallel (v1.19.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="parser (v2.7.0.4, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rainbow (v3.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rake (v13.0.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rbnacl (v7.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rexml (v3.2.4, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.9.2, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="rubocop (v0.80.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.10.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="simplecov (v0.18.5, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v1.6.1, RVM: ruby-2.6.3) [gem]" level="application" />
-    <orderEntry type="library" scope="PROVIDED" name="vault (v0.13.0, RVM: ruby-2.6.3) [gem]" level="application" />
-  </component>
-</module>

data/.idea/misc.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="JavaScriptSettings">
-    <option name="languageLevel" value="ES6" />
-  </component>
-  <component name="ProjectRootManager" version="2" project-jdk-name="RVM: ruby-2.6.3" project-jdk-type="RUBY_SDK" />
-</project>

data/.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/legion-crypt.iml" filepath="$PROJECT_DIR$/.idea/legion-crypt.iml" />
-    </modules>
-  </component>
-</project>

data/.idea/vagrant.xml

@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VagrantProjectSettings">
-    <option name="instanceFolder" value="" />
-    <option name="provider" value="" />
-  </component>
-</project>

data/.idea/workspace.xml

@@ -1,14 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="CoverageOptionsProvider">
-    <option name="myAddOrReplace" value="0" />
-  </component>
-  <component name="Git.Settings">
-    <option name="PUSH_AUTO_UPDATE" value="true" />
-    <option name="ROOT_SYNC" value="DONT_SYNC" />
-  </component>
-  <component name="ProjectId" id="1Yk09ZatgP1aKTE1VrPrnkK2STE" />
-  <component name="PropertiesComponent">
-    <property name="settings.editor.selected.configurable" value="reference.settingsdialog.project.vagrant" />
-  </component>
-</project>

data/bin/console

@@ -1,15 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require 'bundler/setup'
-require 'legion/crypt'
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require 'irb'
-IRB.start(__FILE__)

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/lib/legion/crypt/box.rb

@@ -1,95 +0,0 @@
-# frozen_string_literal: true
-
-module Legion
-  module Crypt
-    module Box
-      def create_keys
-        Legion::Logging.debug 'Legion::Crypt::Box.create_keys has been called'
-        @private_key = RbNaCl::PrivateKey.generate
-        @public_key = @private_key.public_key
-        return unless Dir.exist? './settings'
-
-        File.open('./settings/private.key', 'w').write(@private_key.to_s)
-        File.open('./settings/public.key', 'w').write(@public_key.to_s)
-      end
-
-      def delete_keys
-        File.delete('./settings/private.key') if File.exist? './settings/private.key'
-        File.delete('./settings/public.key') if File.exist? './settings/public.key'
-      end
-
-      def load_keys
-        return unless Dir.exist? './settings'
-
-        @private_key = RbNaCl::PrivateKey.new(File.read('./settings/private.key').force_encoding('BINARY'))
-        @public_key = RbNaCl::PrivateKey.new(File.read('./settings/public.key').force_encoding('BINARY'))
-      end
-
-      def encrypt_from_keypair(public_key:, message:, **_opts)
-        Legion::Logging.debug('encrypt_from_keypair')
-        Base64.encode64(RbNaCl::SimpleBox.from_keypair(Base64.decode64(public_key), @private_key).encrypt(message))
-      end
-
-      def decrypt_from_keypair(public_key, enciphered_message)
-        Legion::Logging.debug 'decrypt_from_keypair'
-        RbNaCl::SimpleBox
-          .from_keypair(Base64.decode64(public_key), @private_key)
-          .decrypt(Base64.decode64(enciphered_message))
-      end
-
-      def encrypt(message)
-        Legion::Logging.debug 'encrypting message'
-        Base64.encode64(@box.encrypt(message))
-      end
-
-      def decrypt(message)
-        Legion::Logging.debug 'decrypting message'
-        @box.decrypt(Base64.decode64(message))
-      end
-
-      def setup_safe # rubocop:disable Metrics/CyclomaticComplexity,Metrics/AbcSize,Metrics/PerceivedComplexity
-        Legion::Logging.debug 'Setting up Legion::Crypt safe'
-        if Legion::Settings[:crypt][:cluster_secret].nil?
-          if Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt')
-            Legion::Settings[:crypt][:cluster_secret] = Base64.decode64(Legion::Crypt.get('crypt')[:cluster_secret])
-          elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
-            Legion::Logging.info 'Legion::Crypt Generating new cluster_secret since this is the first node'
-            Legion::Settings[:crypt][:bootstrapped] = true
-            Legion::Settings[:crypt][:cluster_secret] = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
-            if Legion::Settings[:crypt][:vault][:connected]
-              Legion::Crypt.write('crypt', :cluster_secret, Base64.encode64(Legion::Settings[:crypt][:cluster_secret]))
-            end
-          else
-            require 'legion/transport/messages/request_cluster_secret'
-            Legion::Logging.info 'Requesting cluster secret via public key'
-            start = Time.now
-            Legion::Transport::Messages::RequestClusterSecret.new.publish
-            sleep_time = 0.001
-            until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
-              sleep(sleep_time)
-              sleep_time *= 2
-            end
-            unless Legion::Settings[:crypt][:cluster_secret].nil?
-              Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
-            end
-            Legion::Logging.warn 'Cluster secret is still nil' if Legion::Settings[:crypt][:cluster_secret].nil?
-          end
-        end
-
-        @key = Legion::Settings[:crypt][:cluster_secret].to_s
-        @box = RbNaCl::SimpleBox.from_secret_key(@key) unless @key.empty?
-        if !Legion::Settings[:crypt].key?(:encrypted_string) || !Legion::Settings[:crypt].key?(:validation_string)
-          unless Legion::Settings[:crypt][:bootstrapped]
-            Legion::Logging.warn 'Legion::Crypt has been set up but wasn\'t testing with a validation string!'
-          end
-          Legion::Settings[:crypt][:cs_encrypt_ready] = true
-        elsif Legion::Crypt.decrypt(Legion::Settings[:crypt][:encrypted_string]) == Legion::Settings[:crypt][:validation_string]
-          Legion::Logging.info 'Legion::Crypt was set up correctly after string match'
-          Legion::Settings[:crypt][:cs_encrypt_ready] = true
-        else
-          Legion::Logging.fatal 'idk wtf happened'
-        end
-      end
-    end
-  end
-end