legion-crypt 0.2.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/rubocop-analysis.yml +41 -0
- data/.github/workflows/sourcehawk-scan.yml +20 -0
- data/.gitignore +5 -1
- data/.rubocop.yml +7 -13
- data/CHANGELOG.md +4 -0
- data/CODE_OF_CONDUCT.md +75 -0
- data/CONTRIBUTING.md +55 -0
- data/Gemfile +7 -3
- data/INDIVIDUAL_CONTRIBUTOR_LICENSE.md +30 -0
- data/LICENSE +201 -0
- data/NOTICE.txt +9 -0
- data/README.md +43 -31
- data/SECURITY.md +9 -0
- data/attribution.txt +1 -0
- data/legion-crypt.gemspec +19 -26
- data/lib/legion/crypt.rb +16 -10
- data/lib/legion/crypt/cipher.rb +8 -44
- data/lib/legion/crypt/cluster_secret.rb +121 -0
- data/lib/legion/crypt/settings.rb +26 -12
- data/lib/legion/crypt/vault.rb +15 -8
- data/lib/legion/crypt/version.rb +1 -1
- data/sonar-project.properties +11 -0
- data/sourcehawk.yml +4 -0
- metadata +36 -98
- data/.circleci/config.yml +0 -61
- data/.idea/.rakeTasks +0 -7
- data/.idea/legion-crypt.iml +0 -54
- data/.idea/misc.xml +0 -7
- data/.idea/modules.xml +0 -8
- data/.idea/vagrant.xml +0 -7
- data/.idea/workspace.xml +0 -14
- data/.rspec +0 -3
- data/LICENSE.txt +0 -21
- data/Rakefile +0 -8
- data/bin/console +0 -15
- data/bin/setup +0 -8
- data/lib/legion/crypt/box.rb +0 -95
data/.rspec
DELETED
data/LICENSE.txt
DELETED
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
The MIT License (MIT)
|
|
2
|
-
|
|
3
|
-
Copyright (c) 2020 Esity
|
|
4
|
-
|
|
5
|
-
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
-
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
-
in the Software without restriction, including without limitation the rights
|
|
8
|
-
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
-
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
-
furnished to do so, subject to the following conditions:
|
|
11
|
-
|
|
12
|
-
The above copyright notice and this permission notice shall be included in
|
|
13
|
-
all copies or substantial portions of the Software.
|
|
14
|
-
|
|
15
|
-
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
-
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
-
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
-
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
-
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
-
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
21
|
-
THE SOFTWARE.
|
data/Rakefile
DELETED
data/bin/console
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env ruby
|
|
2
|
-
# frozen_string_literal: true
|
|
3
|
-
|
|
4
|
-
require 'bundler/setup'
|
|
5
|
-
require 'legion/crypt'
|
|
6
|
-
|
|
7
|
-
# You can add fixtures and/or initialization code here to make experimenting
|
|
8
|
-
# with your gem easier. You can also use a different console, if you like.
|
|
9
|
-
|
|
10
|
-
# (If you use this, don't forget to add pry to your Gemfile!)
|
|
11
|
-
# require "pry"
|
|
12
|
-
# Pry.start
|
|
13
|
-
|
|
14
|
-
require 'irb'
|
|
15
|
-
IRB.start(__FILE__)
|
data/bin/setup
DELETED
data/lib/legion/crypt/box.rb
DELETED
|
@@ -1,95 +0,0 @@
|
|
|
1
|
-
# frozen_string_literal: true
|
|
2
|
-
|
|
3
|
-
module Legion
|
|
4
|
-
module Crypt
|
|
5
|
-
module Box
|
|
6
|
-
def create_keys
|
|
7
|
-
Legion::Logging.debug 'Legion::Crypt::Box.create_keys has been called'
|
|
8
|
-
@private_key = RbNaCl::PrivateKey.generate
|
|
9
|
-
@public_key = @private_key.public_key
|
|
10
|
-
return unless Dir.exist? './settings'
|
|
11
|
-
|
|
12
|
-
File.open('./settings/private.key', 'w').write(@private_key.to_s)
|
|
13
|
-
File.open('./settings/public.key', 'w').write(@public_key.to_s)
|
|
14
|
-
end
|
|
15
|
-
|
|
16
|
-
def delete_keys
|
|
17
|
-
File.delete('./settings/private.key') if File.exist? './settings/private.key'
|
|
18
|
-
File.delete('./settings/public.key') if File.exist? './settings/public.key'
|
|
19
|
-
end
|
|
20
|
-
|
|
21
|
-
def load_keys
|
|
22
|
-
return unless Dir.exist? './settings'
|
|
23
|
-
|
|
24
|
-
@private_key = RbNaCl::PrivateKey.new(File.read('./settings/private.key').force_encoding('BINARY'))
|
|
25
|
-
@public_key = RbNaCl::PrivateKey.new(File.read('./settings/public.key').force_encoding('BINARY'))
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def encrypt_from_keypair(public_key:, message:, **_opts)
|
|
29
|
-
Legion::Logging.debug('encrypt_from_keypair')
|
|
30
|
-
Base64.encode64(RbNaCl::SimpleBox.from_keypair(Base64.decode64(public_key), @private_key).encrypt(message))
|
|
31
|
-
end
|
|
32
|
-
|
|
33
|
-
def decrypt_from_keypair(public_key, enciphered_message)
|
|
34
|
-
Legion::Logging.debug 'decrypt_from_keypair'
|
|
35
|
-
RbNaCl::SimpleBox
|
|
36
|
-
.from_keypair(Base64.decode64(public_key), @private_key)
|
|
37
|
-
.decrypt(Base64.decode64(enciphered_message))
|
|
38
|
-
end
|
|
39
|
-
|
|
40
|
-
def encrypt(message)
|
|
41
|
-
Legion::Logging.debug 'encrypting message'
|
|
42
|
-
Base64.encode64(@box.encrypt(message))
|
|
43
|
-
end
|
|
44
|
-
|
|
45
|
-
def decrypt(message)
|
|
46
|
-
Legion::Logging.debug 'decrypting message'
|
|
47
|
-
@box.decrypt(Base64.decode64(message))
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def setup_safe # rubocop:disable Metrics/AbcSize,Metrics/PerceivedComplexity
|
|
51
|
-
Legion::Logging.debug 'Setting up Legion::Crypt safe'
|
|
52
|
-
if Legion::Settings[:crypt][:cluster_secret].nil?
|
|
53
|
-
if Legion::Settings[:crypt][:vault][:connected] && Legion::Crypt.exist?('crypt')
|
|
54
|
-
Legion::Settings[:crypt][:cluster_secret] = Base64.decode64(Legion::Crypt.get('crypt')[:cluster_secret])
|
|
55
|
-
elsif Legion::Transport::Queue.new('node.crypt', passive: true).consumer_count.zero?
|
|
56
|
-
Legion::Logging.info 'Legion::Crypt Generating new cluster_secret since this is the first node'
|
|
57
|
-
Legion::Settings[:crypt][:bootstrapped] = true
|
|
58
|
-
Legion::Settings[:crypt][:cluster_secret] = RbNaCl::Random.random_bytes(RbNaCl::SecretBox.key_bytes)
|
|
59
|
-
if Legion::Settings[:crypt][:vault][:connected]
|
|
60
|
-
Legion::Crypt.write('crypt', :cluster_secret, Base64.encode64(Legion::Settings[:crypt][:cluster_secret]))
|
|
61
|
-
end
|
|
62
|
-
else
|
|
63
|
-
require 'legion/transport/messages/request_cluster_secret'
|
|
64
|
-
Legion::Logging.info 'Requesting cluster secret via public key'
|
|
65
|
-
start = Time.now
|
|
66
|
-
Legion::Transport::Messages::RequestClusterSecret.new.publish
|
|
67
|
-
sleep_time = 0.001
|
|
68
|
-
until !Legion::Settings[:crypt][:cluster_secret].nil? || (Time.now - start) > Legion::Settings[:crypt][:cluster_secret_timeout]
|
|
69
|
-
sleep(sleep_time)
|
|
70
|
-
sleep_time *= 2
|
|
71
|
-
end
|
|
72
|
-
unless Legion::Settings[:crypt][:cluster_secret].nil?
|
|
73
|
-
Legion::Logging.info "Received cluster secret in #{((Time.new - start) * 1000.0).round}ms"
|
|
74
|
-
end
|
|
75
|
-
Legion::Logging.warn 'Cluster secret is still nil' if Legion::Settings[:crypt][:cluster_secret].nil?
|
|
76
|
-
end
|
|
77
|
-
end
|
|
78
|
-
|
|
79
|
-
@key = Legion::Settings[:crypt][:cluster_secret].to_s
|
|
80
|
-
@box = RbNaCl::SimpleBox.from_secret_key(@key) unless @key.empty?
|
|
81
|
-
if !Legion::Settings[:crypt].key?(:encrypted_string) || !Legion::Settings[:crypt].key?(:validation_string)
|
|
82
|
-
unless Legion::Settings[:crypt][:bootstrapped]
|
|
83
|
-
Legion::Logging.warn 'Legion::Crypt has been set up but wasn\'t testing with a validation string!'
|
|
84
|
-
end
|
|
85
|
-
Legion::Settings[:crypt][:cs_encrypt_ready] = true
|
|
86
|
-
elsif Legion::Crypt.decrypt(Legion::Settings[:crypt][:encrypted_string]) == Legion::Settings[:crypt][:validation_string]
|
|
87
|
-
Legion::Logging.info 'Legion::Crypt was set up correctly after string match'
|
|
88
|
-
Legion::Settings[:crypt][:cs_encrypt_ready] = true
|
|
89
|
-
else
|
|
90
|
-
Legion::Logging.fatal 'idk wtf happened'
|
|
91
|
-
end
|
|
92
|
-
end
|
|
93
|
-
end
|
|
94
|
-
end
|
|
95
|
-
end
|