legion-crypt 0.1.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.circleci/config.yml +69 -25
- data/.rubocop.yml +10 -9
- data/Gemfile.lock +123 -0
- data/README.md +1 -38
- data/bitbucket-pipelines.yml +17 -0
- data/legion-crypt.gemspec +10 -10
- data/lib/legion/crypt.rb +20 -13
- data/lib/legion/crypt/cipher.rb +103 -0
- data/lib/legion/crypt/settings.rb +27 -13
- data/lib/legion/crypt/vault.rb +24 -10
- data/lib/legion/crypt/vault_renewer.rb +5 -1
- data/lib/legion/crypt/version.rb +1 -1
- data/settings/transport.json +5 -0
- data/sonar-project.properties +11 -0
- metadata +37 -39
- data/.idea/.rakeTasks +0 -7
- data/.idea/legion-crypt.iml +0 -45
- data/.idea/misc.xml +0 -7
- data/.idea/modules.xml +0 -8
- data/.idea/vagrant.xml +0 -7
- data/.idea/workspace.xml +0 -14
- data/bin/console +0 -15
- data/bin/setup +0 -8
- data/lib/legion/crypt/box.rb +0 -95
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 265bfefa35f6346031ae28749fa479e511e9f98f5a3c8b5cd3b756e86f6920b4
|
4
|
+
data.tar.gz: 2fedcd11ffcb04683cdf8c122b721bd30e37b7a73b48f2660237895725045999
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 430546afd08fdddbc359be8dd09a530552a596917943ca7e5c0a9bd7a3064e4c95cbb3ea468faaa62cfe6572577eea3eb60765ebbb68f3a8756a0a491de8c44d
|
7
|
+
data.tar.gz: 856f677b6201f8052cf6d0a617f56ce893029afc02df2f9490e506bc55034090814f35cf0c98438c66db6c0a728be84f060f72c7319bb20bfd29f0cc1debdc24
|
data/.circleci/config.yml
CHANGED
@@ -1,49 +1,90 @@
|
|
1
1
|
version: 2.1
|
2
2
|
orbs:
|
3
|
-
ruby: circleci/ruby@
|
3
|
+
ruby: circleci/ruby@1.1.2
|
4
|
+
sonarcloud: sonarsource/sonarcloud@1.0.2
|
4
5
|
|
5
6
|
jobs:
|
6
7
|
"rubocop":
|
7
8
|
docker:
|
8
|
-
- image:
|
9
|
+
- image: cimg/ruby:2.7
|
9
10
|
steps:
|
10
11
|
- checkout
|
11
|
-
-
|
12
|
-
|
13
|
-
- run:
|
14
|
-
|
15
|
-
|
16
|
-
|
12
|
+
- restore_cache:
|
13
|
+
key: "bundler cache mri"
|
14
|
+
- run: bundle update
|
15
|
+
- run: bundle exec rubocop --format=json --out=rubocop-result.json
|
16
|
+
- store_test_results:
|
17
|
+
path: rubocop-result.json
|
18
|
+
- sonarcloud/scan
|
19
|
+
- run: bundle exec rubocop
|
20
|
+
- save_cache:
|
21
|
+
key: "bundler cache mri"
|
22
|
+
paths:
|
23
|
+
- "/usr/local/bundle"
|
17
24
|
"ruby-two-five":
|
18
25
|
docker:
|
19
|
-
- image:
|
20
|
-
- image: memcached:1.5-alpine
|
26
|
+
- image: cimg/ruby:2.5
|
21
27
|
steps:
|
22
28
|
- checkout
|
23
|
-
-
|
24
|
-
|
25
|
-
-
|
26
|
-
-
|
29
|
+
- restore_cache:
|
30
|
+
key: "bundler cache mri"
|
31
|
+
- run: bundle update
|
32
|
+
- save_cache:
|
33
|
+
key: "bundler cache mri"
|
34
|
+
paths:
|
35
|
+
- "/usr/local/bundle"
|
36
|
+
- run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
|
37
|
+
- store_test_results:
|
38
|
+
path: rspec-results.xml
|
39
|
+
- sonarcloud/scan
|
27
40
|
"ruby-two-six":
|
28
41
|
docker:
|
29
|
-
- image:
|
30
|
-
- image: memcached:1.5-alpine
|
42
|
+
- image: cimg/ruby:2.6
|
31
43
|
steps:
|
32
44
|
- checkout
|
33
|
-
-
|
34
|
-
|
35
|
-
-
|
36
|
-
-
|
45
|
+
- restore_cache:
|
46
|
+
key: "bundler cache mri"
|
47
|
+
- run: bundle update
|
48
|
+
- save_cache:
|
49
|
+
key: "bundler cache mri"
|
50
|
+
paths:
|
51
|
+
- "/usr/local/bundle"
|
52
|
+
- run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
|
53
|
+
- store_test_results:
|
54
|
+
path: rspec-results.xml
|
55
|
+
- sonarcloud/scan
|
37
56
|
"ruby-two-seven":
|
38
57
|
docker:
|
39
58
|
- image: circleci/ruby:2.7
|
40
|
-
- image: memcached:1.5-alpine
|
41
59
|
steps:
|
42
60
|
- checkout
|
43
|
-
-
|
44
|
-
|
45
|
-
-
|
46
|
-
-
|
61
|
+
- restore_cache:
|
62
|
+
key: "bundler cache mri"
|
63
|
+
- run: bundle update
|
64
|
+
- save_cache:
|
65
|
+
key: "bundler cache mri"
|
66
|
+
paths:
|
67
|
+
- "/usr/local/bundle"
|
68
|
+
- run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
|
69
|
+
- store_test_results:
|
70
|
+
path: rspec-results.xml
|
71
|
+
- sonarcloud/scan
|
72
|
+
"ruby-three":
|
73
|
+
docker:
|
74
|
+
- image: circleci/ruby:3
|
75
|
+
steps:
|
76
|
+
- checkout
|
77
|
+
- restore_cache:
|
78
|
+
key: "bundler cache mri"
|
79
|
+
- run: bundle update
|
80
|
+
- save_cache:
|
81
|
+
key: "bundler cache mri"
|
82
|
+
paths:
|
83
|
+
- "/usr/local/bundle"
|
84
|
+
- run: bundle exec rspec --format progress --format RspecJunitFormatter -o rspec-results.xml
|
85
|
+
- store_test_results:
|
86
|
+
path: rspec-results.xml
|
87
|
+
- sonarcloud/scan
|
47
88
|
|
48
89
|
workflows:
|
49
90
|
version: 2
|
@@ -57,5 +98,8 @@ workflows:
|
|
57
98
|
requires:
|
58
99
|
- ruby-two-five
|
59
100
|
- ruby-two-seven:
|
101
|
+
requires:
|
102
|
+
- ruby-two-five
|
103
|
+
- ruby-three:
|
60
104
|
requires:
|
61
105
|
- ruby-two-five
|
data/.rubocop.yml
CHANGED
@@ -6,18 +6,19 @@ Metrics/ClassLength:
|
|
6
6
|
Max: 1500
|
7
7
|
Metrics/BlockLength:
|
8
8
|
Max: 50
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
9
|
+
Metrics/CyclomaticComplexity:
|
10
|
+
Max: 14
|
11
|
+
Metrics/AbcSize:
|
12
|
+
Max: 17
|
13
|
+
Metrics/PerceivedComplexity:
|
14
|
+
Max: 16
|
15
|
+
Naming/MethodParameterName:
|
16
|
+
Enabled: false
|
16
17
|
Style/Documentation:
|
17
18
|
Enabled: false
|
18
19
|
AllCops:
|
19
20
|
TargetRubyVersion: 2.5
|
21
|
+
NewCops: enable
|
22
|
+
SuggestExtensions: false
|
20
23
|
Style/FrozenStringLiteralComment:
|
21
24
|
Enabled: false
|
22
|
-
Naming/FileName:
|
23
|
-
Enabled: false
|
data/Gemfile.lock
ADDED
@@ -0,0 +1,123 @@
|
|
1
|
+
PATH
|
2
|
+
remote: .
|
3
|
+
specs:
|
4
|
+
legion-crypt (0.2.4)
|
5
|
+
vault (>= 0.15.0)
|
6
|
+
|
7
|
+
GEM
|
8
|
+
remote: https://rubygems.org/
|
9
|
+
specs:
|
10
|
+
amq-protocol (2.3.2)
|
11
|
+
ast (2.4.2)
|
12
|
+
aws-eventstream (1.1.0)
|
13
|
+
aws-sigv4 (1.2.2)
|
14
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
15
|
+
bunny (2.17.0)
|
16
|
+
amq-protocol (~> 2.3, >= 2.3.1)
|
17
|
+
concurrent-ruby (1.1.8)
|
18
|
+
concurrent-ruby-ext (1.1.8)
|
19
|
+
concurrent-ruby (= 1.1.8)
|
20
|
+
connection_pool (2.2.3)
|
21
|
+
daemons (1.3.1)
|
22
|
+
dalli (2.7.11)
|
23
|
+
diff-lcs (1.4.4)
|
24
|
+
docile (1.3.5)
|
25
|
+
json (2.5.1)
|
26
|
+
json_pure (2.5.1)
|
27
|
+
legion-cache (1.1.1)
|
28
|
+
connection_pool (>= 2.2.3)
|
29
|
+
dalli (>= 2.7)
|
30
|
+
redis (>= 4.2)
|
31
|
+
legion-exceptions (1.1.5)
|
32
|
+
legion-json (1.1.4)
|
33
|
+
json_pure
|
34
|
+
legion-exceptions (>= 1.1.5)
|
35
|
+
multi_json
|
36
|
+
legion-logging (1.1.4)
|
37
|
+
rainbow (~> 3)
|
38
|
+
legion-settings (1.1.3)
|
39
|
+
legion-json
|
40
|
+
legion-logging
|
41
|
+
legion-transport (1.1.9)
|
42
|
+
bunny (>= 2.17.0)
|
43
|
+
concurrent-ruby (>= 1.1.7)
|
44
|
+
legion-json
|
45
|
+
legionio (0.4.2)
|
46
|
+
concurrent-ruby (>= 1.1.7)
|
47
|
+
concurrent-ruby-ext (>= 1.1.7)
|
48
|
+
daemons (>= 1.3.1)
|
49
|
+
legion-cache
|
50
|
+
legion-crypt (>= 0.2.0)
|
51
|
+
legion-exceptions
|
52
|
+
legion-json
|
53
|
+
legion-logging
|
54
|
+
legion-settings
|
55
|
+
legion-transport (>= 1.1.9)
|
56
|
+
lex-node
|
57
|
+
oj (>= 3.10)
|
58
|
+
thor (>= 1)
|
59
|
+
lex-node (0.1.4)
|
60
|
+
multi_json (1.15.0)
|
61
|
+
oj (3.11.2)
|
62
|
+
parallel (1.20.1)
|
63
|
+
parser (3.0.0.0)
|
64
|
+
ast (~> 2.4.1)
|
65
|
+
rainbow (3.0.0)
|
66
|
+
redis (4.2.5)
|
67
|
+
regexp_parser (2.1.1)
|
68
|
+
rexml (3.2.4)
|
69
|
+
rspec (3.10.0)
|
70
|
+
rspec-core (~> 3.10.0)
|
71
|
+
rspec-expectations (~> 3.10.0)
|
72
|
+
rspec-mocks (~> 3.10.0)
|
73
|
+
rspec-core (3.10.1)
|
74
|
+
rspec-support (~> 3.10.0)
|
75
|
+
rspec-expectations (3.10.1)
|
76
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
77
|
+
rspec-support (~> 3.10.0)
|
78
|
+
rspec-mocks (3.10.2)
|
79
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
80
|
+
rspec-support (~> 3.10.0)
|
81
|
+
rspec-support (3.10.2)
|
82
|
+
rspec_junit_formatter (0.4.1)
|
83
|
+
rspec-core (>= 2, < 4, != 2.12.0)
|
84
|
+
rubocop (1.11.0)
|
85
|
+
parallel (~> 1.10)
|
86
|
+
parser (>= 3.0.0.0)
|
87
|
+
rainbow (>= 2.2.2, < 4.0)
|
88
|
+
regexp_parser (>= 1.8, < 3.0)
|
89
|
+
rexml
|
90
|
+
rubocop-ast (>= 1.2.0, < 2.0)
|
91
|
+
ruby-progressbar (~> 1.7)
|
92
|
+
unicode-display_width (>= 1.4.0, < 3.0)
|
93
|
+
rubocop-ast (1.4.1)
|
94
|
+
parser (>= 2.7.1.5)
|
95
|
+
ruby-progressbar (1.11.0)
|
96
|
+
simplecov (0.17.1)
|
97
|
+
docile (~> 1.1)
|
98
|
+
json (>= 1.8, < 3)
|
99
|
+
simplecov-html (~> 0.10.0)
|
100
|
+
simplecov-html (0.10.2)
|
101
|
+
simplecov_json_formatter (0.1.2)
|
102
|
+
thor (1.1.0)
|
103
|
+
unicode-display_width (2.0.0)
|
104
|
+
vault (0.15.0)
|
105
|
+
aws-sigv4
|
106
|
+
|
107
|
+
PLATFORMS
|
108
|
+
ruby
|
109
|
+
|
110
|
+
DEPENDENCIES
|
111
|
+
legion-crypt!
|
112
|
+
legion-logging
|
113
|
+
legion-settings
|
114
|
+
legion-transport
|
115
|
+
legionio
|
116
|
+
rspec
|
117
|
+
rspec_junit_formatter
|
118
|
+
rubocop
|
119
|
+
simplecov (< 0.18.0)
|
120
|
+
simplecov_json_formatter
|
121
|
+
|
122
|
+
BUNDLED WITH
|
123
|
+
2.2.6
|
data/README.md
CHANGED
@@ -1,40 +1,3 @@
|
|
1
1
|
# Legion::Crypt
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
TODO: Delete this and the text above, and describe your gem
|
6
|
-
|
7
|
-
## Installation
|
8
|
-
|
9
|
-
Add this line to your application's Gemfile:
|
10
|
-
|
11
|
-
```ruby
|
12
|
-
gem 'legion-crypt'
|
13
|
-
```
|
14
|
-
|
15
|
-
And then execute:
|
16
|
-
|
17
|
-
$ bundle install
|
18
|
-
|
19
|
-
Or install it yourself as:
|
20
|
-
|
21
|
-
$ gem install legion-crypt
|
22
|
-
|
23
|
-
## Usage
|
24
|
-
|
25
|
-
TODO: Write usage instructions here
|
26
|
-
|
27
|
-
## Development
|
28
|
-
|
29
|
-
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake spec` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
|
30
|
-
|
31
|
-
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
|
32
|
-
|
33
|
-
## Contributing
|
34
|
-
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/legion-crypt.
|
36
|
-
|
37
|
-
|
38
|
-
## License
|
39
|
-
|
40
|
-
The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
|
3
|
+
The Legion encryption module
|
@@ -0,0 +1,17 @@
|
|
1
|
+
image: ruby:2.7
|
2
|
+
|
3
|
+
pipelines:
|
4
|
+
tags:
|
5
|
+
"v*":
|
6
|
+
- step:
|
7
|
+
name: Push to RubyGems
|
8
|
+
deployment: RubyGems
|
9
|
+
script:
|
10
|
+
- gem install gem-release
|
11
|
+
- (umask 077 ; echo $gem_creds | base64 --decode > ~/.gem/credentials)
|
12
|
+
- gem release
|
13
|
+
artifacts:
|
14
|
+
- pkg/**
|
15
|
+
definitions:
|
16
|
+
caches:
|
17
|
+
bundler: /usr/local/bundle
|
data/legion-crypt.gemspec
CHANGED
@@ -17,23 +17,23 @@ Gem::Specification.new do |spec|
|
|
17
17
|
spec.metadata['homepage_uri'] = spec.homepage
|
18
18
|
spec.metadata['source_code_uri'] = 'https://bitbucket.org/legion-io/legion/'
|
19
19
|
spec.metadata['changelog_uri'] = 'https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md'
|
20
|
+
spec.metadata['wiki_uri'] = 'https://bitbucket.org/legion-io/legion-crypt/wiki'
|
21
|
+
spec.metadata['bug_tracker_uri'] = 'https://bitbucket.org/legion-io/legion-crypt/issues'
|
20
22
|
|
21
23
|
spec.files = Dir.chdir(File.expand_path(__dir__)) do
|
22
24
|
`git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
23
25
|
end
|
24
|
-
spec.bindir = 'exe'
|
25
|
-
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
26
|
spec.require_paths = ['lib']
|
27
27
|
|
28
|
-
spec.add_dependency '
|
29
|
-
spec.add_dependency 'vault'
|
28
|
+
spec.add_dependency 'vault', '>= 0.15.0'
|
30
29
|
|
31
|
-
spec.add_development_dependency '
|
32
|
-
spec.add_development_dependency 'legion-logging'
|
33
|
-
spec.add_development_dependency 'legion-settings'
|
34
|
-
spec.add_development_dependency 'legion-transport'
|
35
|
-
spec.add_development_dependency 'rake'
|
30
|
+
spec.add_development_dependency 'legionio'
|
31
|
+
spec.add_development_dependency 'legion-logging'
|
32
|
+
spec.add_development_dependency 'legion-settings'
|
33
|
+
spec.add_development_dependency 'legion-transport'
|
36
34
|
spec.add_development_dependency 'rspec'
|
35
|
+
spec.add_development_dependency 'rspec_junit_formatter'
|
37
36
|
spec.add_development_dependency 'rubocop'
|
38
|
-
spec.add_development_dependency 'simplecov'
|
37
|
+
spec.add_development_dependency 'simplecov', '< 0.18.0'
|
38
|
+
spec.add_development_dependency 'simplecov_json_formatter'
|
39
39
|
end
|
data/lib/legion/crypt.rb
CHANGED
@@ -1,30 +1,37 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
+
require 'openssl'
|
4
|
+
require 'base64'
|
3
5
|
require 'legion/crypt/version'
|
4
6
|
require 'legion/crypt/settings'
|
5
|
-
require 'rbnacl'
|
6
|
-
require 'base64'
|
7
7
|
|
8
|
-
require 'legion/crypt/
|
9
|
-
require 'legion/crypt/vault'
|
8
|
+
require 'legion/crypt/cipher'
|
10
9
|
|
11
10
|
module Legion
|
12
11
|
module Crypt
|
13
12
|
class << self
|
14
|
-
attr_reader :
|
15
|
-
|
16
|
-
include Legion::Crypt::
|
13
|
+
attr_reader :sessions
|
14
|
+
|
15
|
+
include Legion::Crypt::Cipher
|
16
|
+
|
17
|
+
unless Gem::Specification.find_by_name('vault').nil?
|
18
|
+
require 'legion/crypt/vault'
|
19
|
+
include Legion::Crypt::Vault
|
20
|
+
end
|
17
21
|
|
18
22
|
def start
|
19
23
|
Legion::Logging.debug 'Legion::Crypt is running start'
|
20
|
-
|
21
|
-
|
24
|
+
::File.write('./legionio.key', private_key) if settings[:save_private_key]
|
25
|
+
|
26
|
+
connect_vault unless settings[:vault][:token].nil?
|
27
|
+
end
|
28
|
+
|
29
|
+
def settings
|
30
|
+
if Legion.const_defined?('Settings')
|
31
|
+
Legion::Settings[:crypt]
|
22
32
|
else
|
23
|
-
|
24
|
-
create_keys
|
33
|
+
Legion::Crypt::Settings.default
|
25
34
|
end
|
26
|
-
|
27
|
-
connect_vault
|
28
35
|
end
|
29
36
|
|
30
37
|
def shutdown
|
@@ -0,0 +1,103 @@
|
|
1
|
+
require 'securerandom'
|
2
|
+
|
3
|
+
module Legion
|
4
|
+
module Crypt
|
5
|
+
module Cipher
|
6
|
+
def encrypt(message)
|
7
|
+
cipher = OpenSSL::Cipher.new('aes-256-cbc')
|
8
|
+
cipher.encrypt
|
9
|
+
cipher.key = cs
|
10
|
+
iv = cipher.random_iv
|
11
|
+
{ enciphered_message: Base64.encode64(cipher.update(message) + cipher.final), iv: Base64.encode64(iv) }
|
12
|
+
end
|
13
|
+
|
14
|
+
def decrypt(message, iv)
|
15
|
+
until cs.is_a?(String) || Legion::Settings[:client][:shutting_down]
|
16
|
+
Legion::Logging.debug('sleeping Legion::Crypt.decrypt due to CS not being set')
|
17
|
+
sleep(0.5)
|
18
|
+
end
|
19
|
+
|
20
|
+
decipher = OpenSSL::Cipher.new('aes-256-cbc')
|
21
|
+
decipher.decrypt
|
22
|
+
decipher.key = cs
|
23
|
+
decipher.iv = Base64.decode64(iv)
|
24
|
+
message = Base64.decode64(message)
|
25
|
+
decipher.update(message) + decipher.final
|
26
|
+
end
|
27
|
+
|
28
|
+
def encrypt_from_keypair(message:, pub_key: public_key)
|
29
|
+
rsa_public_key = OpenSSL::PKey::RSA.new(pub_key)
|
30
|
+
|
31
|
+
Base64.encode64(rsa_public_key.public_encrypt(message))
|
32
|
+
end
|
33
|
+
|
34
|
+
def decrypt_from_keypair(message:, **_opts)
|
35
|
+
private_key.private_decrypt(Base64.decode64(message))
|
36
|
+
end
|
37
|
+
|
38
|
+
def public_key
|
39
|
+
@public_key ||= private_key.public_key.to_s
|
40
|
+
end
|
41
|
+
|
42
|
+
def private_key
|
43
|
+
@private_key ||= if Legion::Settings[:crypt][:read_private_key] && File.exist?('./legionio.key')
|
44
|
+
OpenSSL::PKey::RSA.new File.read './legionio.key'
|
45
|
+
else
|
46
|
+
OpenSSL::PKey::RSA.new 2048
|
47
|
+
end
|
48
|
+
end
|
49
|
+
|
50
|
+
def cs
|
51
|
+
@cs ||= Digest::SHA256.digest(fetch_cs)
|
52
|
+
end
|
53
|
+
|
54
|
+
def fetch_cs # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity,Metrics/CyclomaticComplexity
|
55
|
+
if Legion::Settings[:crypt][:vault][:read_cluster_secret] && Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt') # rubocop:disable Layout/LineLength
|
56
|
+
Legion::Crypt.get('crypt')[:cluster_secret]
|
57
|
+
elsif Legion::Settings[:crypt][:cluster_secret].is_a? String
|
58
|
+
Legion::Settings[:crypt][:cluster_secret]
|
59
|
+
elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
|
60
|
+
Legion::Settings[:crypt][:cluster_secret] = generate_secure_random
|
61
|
+
elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.positive?
|
62
|
+
require 'legion/transport/messages/request_cluster_secret'
|
63
|
+
Legion::Logging.info 'Requesting cluster secret via public key'
|
64
|
+
start = Time.now
|
65
|
+
Legion::Transport::Messages::RequestClusterSecret.new.publish
|
66
|
+
sleep_time = 0.001
|
67
|
+
until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
|
68
|
+
sleep(sleep_time)
|
69
|
+
sleep_time *= 2 unless sleep_time > 0.5
|
70
|
+
end
|
71
|
+
|
72
|
+
if Legion::Settings[:crypt][:cluster_secret].nil?
|
73
|
+
Legion::Logging.warn 'Cluster secret is still nil'
|
74
|
+
else
|
75
|
+
Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
|
76
|
+
end
|
77
|
+
end
|
78
|
+
rescue StandardError => e
|
79
|
+
Legion::Logging.error(e.message)
|
80
|
+
Legion::Logging.error(e.backtrace)
|
81
|
+
ensure
|
82
|
+
Legion::Settings[:crypt][:cluster_secret] = generate_secure_random unless Legion::Settings[:crypt].key? :cluster_secret
|
83
|
+
nil if Legion::Settings[:crypt][:cluster_secret].nil?
|
84
|
+
|
85
|
+
Legion::Settings[:crypt][:cs_encrypt_ready] = true
|
86
|
+
push_cs_to_vault if Legion::Settings[:crypt][:vault][:push_cs_to_vault]
|
87
|
+
|
88
|
+
return Legion::Settings[:crypt][:cluster_secret] # rubocop:disable Lint/EnsureReturn
|
89
|
+
end
|
90
|
+
|
91
|
+
def push_cs_to_vault
|
92
|
+
return false unless Legion::Settings[:crypt][:vault][:connected] && Legion::Settings[:crypt][:cluster_secret]
|
93
|
+
|
94
|
+
Legion::Logging.info 'Pushing Cluster Secret to Vault'
|
95
|
+
Legion::Crypt.write('cluster', secret: Legion::Settings[:crypt][:cluster_secret])
|
96
|
+
end
|
97
|
+
|
98
|
+
def generate_secure_random
|
99
|
+
SecureRandom.uuid
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
@@ -3,28 +3,42 @@ module Legion
|
|
3
3
|
module Settings
|
4
4
|
def self.default
|
5
5
|
{
|
6
|
-
vault:
|
6
|
+
vault: vault,
|
7
7
|
cs_encrypt_ready: false,
|
8
|
-
dynamic_keys:
|
8
|
+
dynamic_keys: true,
|
9
|
+
cluster_secret: nil,
|
10
|
+
save_private_key: true,
|
11
|
+
read_private_key: true
|
9
12
|
}
|
10
13
|
end
|
11
14
|
|
12
15
|
def self.vault
|
13
16
|
{
|
14
|
-
enabled:
|
15
|
-
protocol:
|
16
|
-
address:
|
17
|
-
port:
|
18
|
-
token:
|
19
|
-
connected:
|
20
|
-
renewer_time:
|
21
|
-
renewer:
|
22
|
-
push_cluster_secret:
|
23
|
-
read_cluster_secret:
|
17
|
+
enabled: !Gem::Specification.find_by_name('vault').nil?,
|
18
|
+
protocol: 'http',
|
19
|
+
address: 'localhost',
|
20
|
+
port: 8200,
|
21
|
+
token: ENV['VAULT_DEV_ROOT_TOKEN_ID'] || ENV['VAULT_TOKEN_ID'] || nil,
|
22
|
+
connected: false,
|
23
|
+
renewer_time: 5,
|
24
|
+
renewer: true,
|
25
|
+
push_cluster_secret: true,
|
26
|
+
read_cluster_secret: true,
|
27
|
+
kv_path: ENV['LEGION_VAULT_KV_PATH'] || 'legion'
|
24
28
|
}
|
25
29
|
end
|
26
30
|
end
|
27
31
|
end
|
28
32
|
end
|
29
33
|
|
30
|
-
|
34
|
+
begin
|
35
|
+
Legion::Settings.merge_settings('crypt', Legion::Crypt::Settings.default) if Legion.const_defined?('Settings')
|
36
|
+
rescue StandardError => e
|
37
|
+
if Legion.const_defined?('Logging') && Legion::Logging.method_defined?(:fatal)
|
38
|
+
Legion::Logging.fatal(e.message)
|
39
|
+
Legion::Logging.fatal(e.backtrace)
|
40
|
+
else
|
41
|
+
puts e.message
|
42
|
+
puts e.backtrace
|
43
|
+
end
|
44
|
+
end
|
data/lib/legion/crypt/vault.rb
CHANGED
@@ -4,6 +4,7 @@ module Legion
|
|
4
4
|
module Crypt
|
5
5
|
module Vault
|
6
6
|
attr_accessor :sessions
|
7
|
+
|
7
8
|
def settings
|
8
9
|
Legion::Settings[:crypt][:vault]
|
9
10
|
end
|
@@ -21,26 +22,32 @@ module Legion
|
|
21
22
|
|
22
23
|
require_relative 'vault_renewer'
|
23
24
|
@renewer = Legion::Crypt::Vault::Renewer.new
|
25
|
+
rescue StandardError => e
|
26
|
+
Legion::Logging.error e.message
|
27
|
+
Legion::Settings[:crypt][:vault][:connected] = false
|
28
|
+
false
|
24
29
|
end
|
25
30
|
|
26
|
-
def read(path, type = '
|
27
|
-
|
31
|
+
def read(path, type = 'legion')
|
32
|
+
full_path = type.nil? || type.empty? ? "#{type}/#{path}" : path
|
33
|
+
lease = ::Vault.logical.read(full_path)
|
28
34
|
add_session(path: lease.lease_id) if lease.respond_to? :lease_id
|
29
35
|
lease.data
|
30
36
|
end
|
31
37
|
|
32
38
|
def get(path)
|
33
|
-
::Vault.kv(
|
39
|
+
result = ::Vault.kv(settings[:vault][:kv_path]).read(path)
|
40
|
+
return nil if result.nil?
|
41
|
+
|
42
|
+
result.data
|
34
43
|
end
|
35
44
|
|
36
|
-
def write(path,
|
37
|
-
hash
|
38
|
-
hash[key.to_sym] = value
|
39
|
-
::Vault.kv('kv-v2').write(path, **hash)
|
45
|
+
def write(path, **hash)
|
46
|
+
::Vault.kv(settings[:vault][:kv_path]).write(path, **hash)
|
40
47
|
end
|
41
48
|
|
42
49
|
def exist?(path)
|
43
|
-
!::Vault.kv(
|
50
|
+
!::Vault.kv(settings[:vault][:kv_path]).read_metadata(path).nil?
|
44
51
|
end
|
45
52
|
|
46
53
|
def add_session(path:)
|
@@ -48,7 +55,10 @@ module Legion
|
|
48
55
|
end
|
49
56
|
|
50
57
|
def close_sessions
|
58
|
+
return if @sessions.nil?
|
59
|
+
|
51
60
|
Legion::Logging.info 'Closing all Legion::Crypt vault sessions'
|
61
|
+
|
52
62
|
@sessions.each do |session|
|
53
63
|
close_session(session: session)
|
54
64
|
end
|
@@ -58,7 +68,7 @@ module Legion
|
|
58
68
|
return unless Legion::Settings[:crypt][:vault][:connected]
|
59
69
|
return if @renewer.nil?
|
60
70
|
|
61
|
-
Legion::Logging.debug '
|
71
|
+
Legion::Logging.debug 'Shutting down Legion::Crypt::Vault::Renewer'
|
62
72
|
@renewer.cancel
|
63
73
|
end
|
64
74
|
|
@@ -70,11 +80,15 @@ module Legion
|
|
70
80
|
::Vault.sys.renew(session)
|
71
81
|
end
|
72
82
|
|
73
|
-
def renew_sessions
|
83
|
+
def renew_sessions(**_opts)
|
74
84
|
@sessions.each do |session|
|
75
85
|
renew_session(session: session)
|
76
86
|
end
|
77
87
|
end
|
88
|
+
|
89
|
+
def vault_exists?(name)
|
90
|
+
::Vault.sys.mounts.key?(name.to_sym)
|
91
|
+
end
|
78
92
|
end
|
79
93
|
end
|
80
94
|
end
|
data/lib/legion/crypt/version.rb
CHANGED
@@ -0,0 +1,11 @@
|
|
1
|
+
sonar.projectKey=legion-io_legion-crypt
|
2
|
+
sonar.organization=legion-io
|
3
|
+
sonar.sources=.
|
4
|
+
sonar.exclusions=vendor/**
|
5
|
+
sonar.coverage.exclusions=spec/**
|
6
|
+
sonar.ruby.coverage.reportPath=coverage/.resultset.json
|
7
|
+
sonar.ruby.file.suffixes=rb,ruby
|
8
|
+
sonar.ruby.coverage.framework=RSpec
|
9
|
+
sonar.ruby.rubocopConfig=.rubocop.yml
|
10
|
+
sonar.ruby.rubocop.reportPath=rubocop-result.json
|
11
|
+
sonar.ruby.rubocop.filePath=.
|
metadata
CHANGED
@@ -1,37 +1,37 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: legion-crypt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Esity
|
8
|
-
autorequire:
|
9
|
-
bindir:
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
name:
|
14
|
+
name: vault
|
15
15
|
requirement: !ruby/object:Gem::Requirement
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 0.15.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 0.15.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
|
-
name:
|
28
|
+
name: legionio
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
30
30
|
requirements:
|
31
31
|
- - ">="
|
32
32
|
- !ruby/object:Gem::Version
|
33
33
|
version: '0'
|
34
|
-
type: :
|
34
|
+
type: :development
|
35
35
|
prerelease: false
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
37
37
|
requirements:
|
@@ -39,7 +39,7 @@ dependencies:
|
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
41
|
- !ruby/object:Gem::Dependency
|
42
|
-
name: legion
|
42
|
+
name: legion-logging
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
44
44
|
requirements:
|
45
45
|
- - ">="
|
@@ -53,49 +53,49 @@ dependencies:
|
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
|
-
name: legion-
|
56
|
+
name: legion-settings
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - ">="
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version:
|
61
|
+
version: '0'
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - ">="
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version:
|
68
|
+
version: '0'
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
|
-
name: legion-
|
70
|
+
name: legion-transport
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - ">="
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version:
|
75
|
+
version: '0'
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version:
|
82
|
+
version: '0'
|
83
83
|
- !ruby/object:Gem::Dependency
|
84
|
-
name:
|
84
|
+
name: rspec
|
85
85
|
requirement: !ruby/object:Gem::Requirement
|
86
86
|
requirements:
|
87
87
|
- - ">="
|
88
88
|
- !ruby/object:Gem::Version
|
89
|
-
version: 0
|
89
|
+
version: '0'
|
90
90
|
type: :development
|
91
91
|
prerelease: false
|
92
92
|
version_requirements: !ruby/object:Gem::Requirement
|
93
93
|
requirements:
|
94
94
|
- - ">="
|
95
95
|
- !ruby/object:Gem::Version
|
96
|
-
version: 0
|
96
|
+
version: '0'
|
97
97
|
- !ruby/object:Gem::Dependency
|
98
|
-
name:
|
98
|
+
name: rspec_junit_formatter
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
101
|
- - ">="
|
@@ -109,7 +109,7 @@ dependencies:
|
|
109
109
|
- !ruby/object:Gem::Version
|
110
110
|
version: '0'
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
|
-
name:
|
112
|
+
name: rubocop
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
114
114
|
requirements:
|
115
115
|
- - ">="
|
@@ -123,21 +123,21 @@ dependencies:
|
|
123
123
|
- !ruby/object:Gem::Version
|
124
124
|
version: '0'
|
125
125
|
- !ruby/object:Gem::Dependency
|
126
|
-
name:
|
126
|
+
name: simplecov
|
127
127
|
requirement: !ruby/object:Gem::Requirement
|
128
128
|
requirements:
|
129
|
-
- - "
|
129
|
+
- - "<"
|
130
130
|
- !ruby/object:Gem::Version
|
131
|
-
version:
|
131
|
+
version: 0.18.0
|
132
132
|
type: :development
|
133
133
|
prerelease: false
|
134
134
|
version_requirements: !ruby/object:Gem::Requirement
|
135
135
|
requirements:
|
136
|
-
- - "
|
136
|
+
- - "<"
|
137
137
|
- !ruby/object:Gem::Version
|
138
|
-
version:
|
138
|
+
version: 0.18.0
|
139
139
|
- !ruby/object:Gem::Dependency
|
140
|
-
name:
|
140
|
+
name: simplecov_json_formatter
|
141
141
|
requirement: !ruby/object:Gem::Requirement
|
142
142
|
requirements:
|
143
143
|
- - ">="
|
@@ -159,27 +159,23 @@ extra_rdoc_files: []
|
|
159
159
|
files:
|
160
160
|
- ".circleci/config.yml"
|
161
161
|
- ".gitignore"
|
162
|
-
- ".idea/.rakeTasks"
|
163
|
-
- ".idea/legion-crypt.iml"
|
164
|
-
- ".idea/misc.xml"
|
165
|
-
- ".idea/modules.xml"
|
166
|
-
- ".idea/vagrant.xml"
|
167
|
-
- ".idea/workspace.xml"
|
168
162
|
- ".rspec"
|
169
163
|
- ".rubocop.yml"
|
170
164
|
- Gemfile
|
165
|
+
- Gemfile.lock
|
171
166
|
- LICENSE.txt
|
172
167
|
- README.md
|
173
168
|
- Rakefile
|
174
|
-
-
|
175
|
-
- bin/setup
|
169
|
+
- bitbucket-pipelines.yml
|
176
170
|
- legion-crypt.gemspec
|
177
171
|
- lib/legion/crypt.rb
|
178
|
-
- lib/legion/crypt/
|
172
|
+
- lib/legion/crypt/cipher.rb
|
179
173
|
- lib/legion/crypt/settings.rb
|
180
174
|
- lib/legion/crypt/vault.rb
|
181
175
|
- lib/legion/crypt/vault_renewer.rb
|
182
176
|
- lib/legion/crypt/version.rb
|
177
|
+
- settings/transport.json
|
178
|
+
- sonar-project.properties
|
183
179
|
homepage: https://bitbucket.org/legion-io/legion-vault/
|
184
180
|
licenses:
|
185
181
|
- MIT
|
@@ -187,7 +183,9 @@ metadata:
|
|
187
183
|
homepage_uri: https://bitbucket.org/legion-io/legion-vault/
|
188
184
|
source_code_uri: https://bitbucket.org/legion-io/legion/
|
189
185
|
changelog_uri: https://bitbucket.org/legion-io/legion/src/master/CHANGELOG.md
|
190
|
-
|
186
|
+
wiki_uri: https://bitbucket.org/legion-io/legion-crypt/wiki
|
187
|
+
bug_tracker_uri: https://bitbucket.org/legion-io/legion-crypt/issues
|
188
|
+
post_install_message:
|
191
189
|
rdoc_options: []
|
192
190
|
require_paths:
|
193
191
|
- lib
|
@@ -202,8 +200,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
202
200
|
- !ruby/object:Gem::Version
|
203
201
|
version: '0'
|
204
202
|
requirements: []
|
205
|
-
rubygems_version: 3.
|
206
|
-
signing_key:
|
203
|
+
rubygems_version: 3.2.6
|
204
|
+
signing_key:
|
207
205
|
specification_version: 4
|
208
206
|
summary: Legion::Vault is used to keep things safe
|
209
207
|
test_files: []
|
data/.idea/.rakeTasks
DELETED
@@ -1,7 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<Settings><!--This file was automatically generated by Ruby plugin.
|
3
|
-
You are allowed to:
|
4
|
-
1. Remove rake task
|
5
|
-
2. Add existing rake tasks
|
6
|
-
To add existing rake tasks automatically delete this file and reload the project.
|
7
|
-
--><RakeGroup description="" fullCmd="" taksId="rake"><RakeTask description="Build legion-crypt-0.1.0.gem into the pkg directory" fullCmd="build" taksId="build" /><RakeTask description="Remove any temporary products" fullCmd="clean" taksId="clean" /><RakeTask description="Remove any generated files" fullCmd="clobber" taksId="clobber" /><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems" fullCmd="install" taksId="install" /><RakeGroup description="" fullCmd="" taksId="install"><RakeTask description="Build and install legion-crypt-0.1.0.gem into system gems without network access" fullCmd="install:local" taksId="local" /></RakeGroup><RakeTask description="Create tag v0.1.0 and build and push legion-crypt-0.1.0.gem to rubygems.org" fullCmd="release[remote]" taksId="release[remote]" /><RakeTask description="Run RSpec code examples" fullCmd="spec" taksId="spec" /><RakeTask description="" fullCmd="default" taksId="default" /><RakeTask description="" fullCmd="release" taksId="release" /><RakeGroup description="" fullCmd="" taksId="release"><RakeTask description="" fullCmd="release:guard_clean" taksId="guard_clean" /><RakeTask description="" fullCmd="release:rubygem_push" taksId="rubygem_push" /><RakeTask description="" fullCmd="release:source_control_push" taksId="source_control_push" /></RakeGroup></RakeGroup></Settings>
|
data/.idea/legion-crypt.iml
DELETED
@@ -1,45 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<module type="RUBY_MODULE" version="4">
|
3
|
-
<component name="ModuleRunConfigurationManager">
|
4
|
-
<shared />
|
5
|
-
</component>
|
6
|
-
<component name="NewModuleRootManager">
|
7
|
-
<content url="file://$MODULE_DIR$" />
|
8
|
-
<orderEntry type="inheritedJdk" />
|
9
|
-
<orderEntry type="sourceFolder" forTests="false" />
|
10
|
-
<orderEntry type="library" scope="PROVIDED" name="amq-protocol (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
11
|
-
<orderEntry type="library" scope="PROVIDED" name="ast (v2.4.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
12
|
-
<orderEntry type="library" scope="PROVIDED" name="aws-eventstream (v1.0.3, RVM: ruby-2.6.3) [gem]" level="application" />
|
13
|
-
<orderEntry type="library" scope="PROVIDED" name="aws-sigv4 (v1.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
14
|
-
<orderEntry type="library" scope="PROVIDED" name="bundler (v2.1.4, RVM: ruby-2.6.3) [gem]" level="application" />
|
15
|
-
<orderEntry type="library" scope="PROVIDED" name="bunny (v2.14.4, RVM: ruby-2.6.3) [gem]" level="application" />
|
16
|
-
<orderEntry type="library" scope="PROVIDED" name="diff-lcs (v1.3, RVM: ruby-2.6.3) [gem]" level="application" />
|
17
|
-
<orderEntry type="library" scope="PROVIDED" name="docile (v1.3.2, RVM: ruby-2.6.3) [gem]" level="application" />
|
18
|
-
<orderEntry type="library" scope="PROVIDED" name="ffi (v1.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
|
19
|
-
<orderEntry type="library" scope="PROVIDED" name="jaro_winkler (v1.5.4, RVM: ruby-2.6.3) [gem]" level="application" />
|
20
|
-
<orderEntry type="library" scope="PROVIDED" name="json (v2.3.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
21
|
-
<orderEntry type="library" scope="PROVIDED" name="legion (v0.1.2, RVM: ruby-2.6.3) [gem]" level="application" />
|
22
|
-
<orderEntry type="library" scope="PROVIDED" name="legion-json (v0.1.6, RVM: ruby-2.6.3) [gem]" level="application" />
|
23
|
-
<orderEntry type="library" scope="PROVIDED" name="legion-logging (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
24
|
-
<orderEntry type="library" scope="PROVIDED" name="legion-settings (v1.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
25
|
-
<orderEntry type="library" scope="PROVIDED" name="legion-transport (v0.1.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
26
|
-
<orderEntry type="library" scope="PROVIDED" name="oj (v3.10.5, RVM: ruby-2.6.3) [gem]" level="application" />
|
27
|
-
<orderEntry type="library" scope="PROVIDED" name="parallel (v1.19.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
28
|
-
<orderEntry type="library" scope="PROVIDED" name="parser (v2.7.0.4, RVM: ruby-2.6.3) [gem]" level="application" />
|
29
|
-
<orderEntry type="library" scope="PROVIDED" name="rainbow (v3.0.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
30
|
-
<orderEntry type="library" scope="PROVIDED" name="rake (v13.0.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
31
|
-
<orderEntry type="library" scope="PROVIDED" name="rbnacl (v7.1.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
32
|
-
<orderEntry type="library" scope="PROVIDED" name="rexml (v3.2.4, RVM: ruby-2.6.3) [gem]" level="application" />
|
33
|
-
<orderEntry type="library" scope="PROVIDED" name="rspec (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
34
|
-
<orderEntry type="library" scope="PROVIDED" name="rspec-core (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
35
|
-
<orderEntry type="library" scope="PROVIDED" name="rspec-expectations (v3.9.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
36
|
-
<orderEntry type="library" scope="PROVIDED" name="rspec-mocks (v3.9.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
37
|
-
<orderEntry type="library" scope="PROVIDED" name="rspec-support (v3.9.2, RVM: ruby-2.6.3) [gem]" level="application" />
|
38
|
-
<orderEntry type="library" scope="PROVIDED" name="rubocop (v0.80.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
39
|
-
<orderEntry type="library" scope="PROVIDED" name="ruby-progressbar (v1.10.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
40
|
-
<orderEntry type="library" scope="PROVIDED" name="simplecov (v0.18.5, RVM: ruby-2.6.3) [gem]" level="application" />
|
41
|
-
<orderEntry type="library" scope="PROVIDED" name="simplecov-html (v0.12.2, RVM: ruby-2.6.3) [gem]" level="application" />
|
42
|
-
<orderEntry type="library" scope="PROVIDED" name="unicode-display_width (v1.6.1, RVM: ruby-2.6.3) [gem]" level="application" />
|
43
|
-
<orderEntry type="library" scope="PROVIDED" name="vault (v0.13.0, RVM: ruby-2.6.3) [gem]" level="application" />
|
44
|
-
</component>
|
45
|
-
</module>
|
data/.idea/misc.xml
DELETED
@@ -1,7 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<project version="4">
|
3
|
-
<component name="JavaScriptSettings">
|
4
|
-
<option name="languageLevel" value="ES6" />
|
5
|
-
</component>
|
6
|
-
<component name="ProjectRootManager" version="2" project-jdk-name="RVM: ruby-2.6.3" project-jdk-type="RUBY_SDK" />
|
7
|
-
</project>
|
data/.idea/modules.xml
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<project version="4">
|
3
|
-
<component name="ProjectModuleManager">
|
4
|
-
<modules>
|
5
|
-
<module fileurl="file://$PROJECT_DIR$/.idea/legion-crypt.iml" filepath="$PROJECT_DIR$/.idea/legion-crypt.iml" />
|
6
|
-
</modules>
|
7
|
-
</component>
|
8
|
-
</project>
|
data/.idea/vagrant.xml
DELETED
data/.idea/workspace.xml
DELETED
@@ -1,14 +0,0 @@
|
|
1
|
-
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
-
<project version="4">
|
3
|
-
<component name="CoverageOptionsProvider">
|
4
|
-
<option name="myAddOrReplace" value="0" />
|
5
|
-
</component>
|
6
|
-
<component name="Git.Settings">
|
7
|
-
<option name="PUSH_AUTO_UPDATE" value="true" />
|
8
|
-
<option name="ROOT_SYNC" value="DONT_SYNC" />
|
9
|
-
</component>
|
10
|
-
<component name="ProjectId" id="1Yk09ZatgP1aKTE1VrPrnkK2STE" />
|
11
|
-
<component name="PropertiesComponent">
|
12
|
-
<property name="settings.editor.selected.configurable" value="reference.settingsdialog.project.vagrant" />
|
13
|
-
</component>
|
14
|
-
</project>
|
data/bin/console
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# frozen_string_literal: true
|
3
|
-
|
4
|
-
require 'bundler/setup'
|
5
|
-
require 'legion/crypt'
|
6
|
-
|
7
|
-
# You can add fixtures and/or initialization code here to make experimenting
|
8
|
-
# with your gem easier. You can also use a different console, if you like.
|
9
|
-
|
10
|
-
# (If you use this, don't forget to add pry to your Gemfile!)
|
11
|
-
# require "pry"
|
12
|
-
# Pry.start
|
13
|
-
|
14
|
-
require 'irb'
|
15
|
-
IRB.start(__FILE__)
|
data/bin/setup
DELETED
data/lib/legion/crypt/box.rb
DELETED
@@ -1,95 +0,0 @@
|
|
1
|
-
# frozen_string_literal: true
|
2
|
-
|
3
|
-
module Legion
|
4
|
-
module Crypt
|
5
|
-
module Box
|
6
|
-
def create_keys
|
7
|
-
Legion::Logging.debug 'Legion::Crypt::Box.create_keys has been called'
|
8
|
-
@private_key = RbNaCl::PrivateKey.generate
|
9
|
-
@public_key = @private_key.public_key
|
10
|
-
return unless Dir.exist? './settings'
|
11
|
-
|
12
|
-
File.open('./settings/private.key', 'w').write(@private_key.to_s)
|
13
|
-
File.open('./settings/public.key', 'w').write(@public_key.to_s)
|
14
|
-
end
|
15
|
-
|
16
|
-
def delete_keys
|
17
|
-
File.delete('./settings/private.key') if File.exist? './settings/private.key'
|
18
|
-
File.delete('./settings/public.key') if File.exist? './settings/public.key'
|
19
|
-
end
|
20
|
-
|
21
|
-
def load_keys
|
22
|
-
return unless Dir.exist? './settings'
|
23
|
-
|
24
|
-
@private_key = RbNaCl::PrivateKey.new(File.read('./settings/private.key').force_encoding('BINARY'))
|
25
|
-
@public_key = RbNaCl::PrivateKey.new(File.read('./settings/public.key').force_encoding('BINARY'))
|
26
|
-
end
|
27
|
-
|
28
|
-
def encrypt_from_keypair(public_key:, message:, **_opts)
|
29
|
-
Legion::Logging.debug('encrypt_from_keypair')
|
30
|
-
Base64.encode64(RbNaCl::SimpleBox.from_keypair(Base64.decode64(public_key), @private_key).encrypt(message))
|
31
|
-
end
|
32
|
-
|
33
|
-
def decrypt_from_keypair(public_key, enciphered_message)
|
34
|
-
Legion::Logging.debug 'decrypt_from_keypair'
|
35
|
-
RbNaCl::SimpleBox
|
36
|
-
.from_keypair(Base64.decode64(public_key), @private_key)
|
37
|
-
.decrypt(Base64.decode64(enciphered_message))
|
38
|
-
end
|
39
|
-
|
40
|
-
def encrypt(message)
|
41
|
-
Legion::Logging.debug 'encrypting message'
|
42
|
-
Base64.encode64(@box.encrypt(message))
|
43
|
-
end
|
44
|
-
|
45
|
-
def decrypt(message)
|
46
|
-
Legion::Logging.debug 'decrypting message'
|
47
|
-
@box.decrypt(Base64.decode64(message))
|
48
|
-
end
|
49
|
-
|
50
|
-
def setup_safe # rubocop:disable Metrics/CyclomaticComplexity,Metrics/AbcSize,Metrics/PerceivedComplexity
|
51
|
-
Legion::Logging.debug 'Setting up Legion::Crypt safe'
|
52
|
-
if Legion::Settings[:crypt][:cluster_secret].nil?
|
53
|
-
if Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt')
|
54
|
-
Legion::Settings[:crypt][:cluster_secret] = Base64.decode64(Legion::Crypt.get('crypt')[:cluster_secret])
|
55
|
-
elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
|
56
|
-
Legion::Logging.info 'Legion::Crypt Generating new cluster_secret since this is the first node'
|
57
|
-
Legion::Settings[:crypt][:bootstrapped] = true
|
58
|
-
Legion::Settings[:crypt][:cluster_secret] = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
|
59
|
-
if Legion::Settings[:crypt][:vault][:connected]
|
60
|
-
Legion::Crypt.write('crypt', :cluster_secret, Base64.encode64(Legion::Settings[:crypt][:cluster_secret]))
|
61
|
-
end
|
62
|
-
else
|
63
|
-
require 'legion/transport/messages/request_cluster_secret'
|
64
|
-
Legion::Logging.info 'Requesting cluster secret via public key'
|
65
|
-
start = Time.now
|
66
|
-
Legion::Transport::Messages::RequestClusterSecret.new.publish
|
67
|
-
sleep_time = 0.001
|
68
|
-
until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
|
69
|
-
sleep(sleep_time)
|
70
|
-
sleep_time *= 2
|
71
|
-
end
|
72
|
-
unless Legion::Settings[:crypt][:cluster_secret].nil?
|
73
|
-
Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
|
74
|
-
end
|
75
|
-
Legion::Logging.warn 'Cluster secret is still nil' if Legion::Settings[:crypt][:cluster_secret].nil?
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
@key = Legion::Settings[:crypt][:cluster_secret].to_s
|
80
|
-
@box = RbNaCl::SimpleBox.from_secret_key(@key) unless @key.empty?
|
81
|
-
if !Legion::Settings[:crypt].key?(:encrypted_string) || !Legion::Settings[:crypt].key?(:validation_string)
|
82
|
-
unless Legion::Settings[:crypt][:bootstrapped]
|
83
|
-
Legion::Logging.warn 'Legion::Crypt has been set up but wasn\'t testing with a validation string!'
|
84
|
-
end
|
85
|
-
Legion::Settings[:crypt][:cs_encrypt_ready] = true
|
86
|
-
elsif Legion::Crypt.decrypt(Legion::Settings[:crypt][:encrypted_string]) == Legion::Settings[:crypt][:validation_string]
|
87
|
-
Legion::Logging.info 'Legion::Crypt was set up correctly after string match'
|
88
|
-
Legion::Settings[:crypt][:cs_encrypt_ready] = true
|
89
|
-
else
|
90
|
-
Legion::Logging.fatal 'idk wtf happened'
|
91
|
-
end
|
92
|
-
end
|
93
|
-
end
|
94
|
-
end
|
95
|
-
end
|