loyal3-sentry 0.4.2

data/.gitignore

@@ -0,0 +1,3 @@
+.idea/*
+*.log
+

data/CHANGELOG

@@ -0,0 +1,58 @@
+*0.3.1* (7 Jan 2006)
+
+* removed useless breakpoint [Solomon White]
+
+*0.3* (29 Oct 2005)
+
+* added rake task for generating asymmetric keys
+* Switch to migrations and schema for testing setup
+
+*0.2.9* (18 Sep 2005)
+
+* First RubyForge release.
+
+*0.2.8* (17 Sep 2005)
+
+* Added Active Record unit tests
+
+*0.2.7* (17 Sep 2005)
+
+* Added rdocs and stubs for AR unit tests
+
+*0.2.6* (2 Aug 2005)
+
+* Fixed generates_crypted so it adds attribute accessors
+
+*0.2.5* (27 Jul 2005)
+
+* Set ActiveRecord callback objects to only encrypt fields when they are not empty.
+
+*0.2.4* (11 Jul 2005)
+
+* Split ActiveRecord callback methods into their own classes.
+* Set AR virtual columns to fail silently on errors.
+
+*0.2.3* (11 Jul 2005)
+
+* Added ActiveRecord callback objects for SymmetricSentry and AsymmetricSentry.  +one_way_encrypt+ is depreciated.
+* Readme doc added too
+
+*0.2.1* (9 Jul 2005)
+
+* vastly simplified one_way_encrypt at danp's suggestion.  Use this in your model to try it out:
+
+    +one_way_encrypt :password*
+
+  That generates an SHA hash of model.password to model.crypted_password which is saved in the DB.  
+  model.password is a virtual field.  Continue using validates_confirmation_of for confirmation.
+
+
+*0.2* (9 Jul 2005)
+
+* added ActiveRecord::Base#one_way_encrypt class method to hash passwords with SHA
+* Renamed core classes to SymmetricSentry and AsymmetricSentry
+* Test Suite added
+
+*0.1* 
+
+* Initial Import

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2005 Rick Olson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,94 @@
+= Sentry lib - painless encryption library
+
+Sentry is a simple wrapper around the mostly undocumented OpenSSL encryption classes.  
+For now, look at the pseudo test cases in sentry.rb until I can get more examples written out.
+
+== Resources
+
+Install
+
+* gem install sentry
+
+Rubyforge project
+
+* http://rubyforge.org/projects/sentry
+
+RDocs
+
+* http://sentry.rubyforge.org
+
+Subversion
+
+* http://techno-weenie.net/svn/projects/sentry
+
+Collaboa
+
+* http://collaboa.techno-weenie.net/repository/browse/sentry
+
+== Using with ActiveRecord
+
+I wrote this for the purpose of encrypting ActiveRecord attributes.  Just <tt>require 'sentry'</tt>, and some new 
+class methods will be available to you:
+
+=== generates_crypted
+
+  generates_crypted :password, :mode => :sha | :symmetric | :asymmetric
+  
+This is the generic class method to use.  Default mode is :sha.  
+
+=== generates_crypted_hash_of
+
+  generates_crypted_hash_of :password
+
+This is a shortcut for using SHA encryption.  No different than specifying <tt>generates_crypted :password</tt>.  In the above 
+example, model.password is a virtual field, and the SHA hash is saved to model.crypted_password
+
+=== asymmetrically_encrypts
+  
+  asymmetrically_encrypts :password
+
+This is a shortcut for using an asymmetrical algorithm with a private/public key file.  To use this, generate a public and
+private key with Sentry::AsymmetricalSentry.save_random_rsa_key(private_key_file, public_key_file).  If you want to encrypt the
+private key file with a symmetrical algorithm, pass a secret key (neither the key nor the decrypted value will be stored).
+
+  Sentry::AsymmetricSentry.save_random_rsa_key(private_key_file, public_key_file, :key => 'secret_password')
+
+What that does, is requires you to pass in that same secret password when accesing the method.  
+
+  class Model < ActiveRecord::Base
+    generates_crypted :password, :mode => :asymmetric
+  end
+  
+  model.password = '5234523453425'
+  model.save   # password is encrypted and saved to crypted_password in the database, 
+               # model.password is cleared and becomes a virtual field.
+  model.password('secret_password')
+  => '5234523453425'
+
+The public and private key file names can be set in config/environment.rb
+
+  Sentry::AsymmetricSentry.default_public_key_file = "#{RAILS_ROOT}/config/public.key"
+  Sentry::AsymmetricSentry.default_private_key_file = "#{RAILS_ROOT}/config/private.key"
+
+If the private key was encrypted with the Sentry::AsymmetricalSentry#save_random_rsa_key, you must provide that same key
+when accessing the AR model.
+
+=== symmetrically_encrypts
+
+  symmetrically_encrypts :password
+
+This is a shortcut for using a symmetrical algorithm with a secret password to encrypt the field.  
+
+  class Model < ActiveRecord::Base
+    generates_crypted :password, :mode => :symmetric
+  end
+  
+  model.password = '5234523453425'
+  model.save   # password is encrypted and saved to crypted_password in the database, 
+               # model.password is cleared and becomes a virtual field.
+  model.password
+  => '5234523453425'
+
+The secret password can be set in config/environment.rb
+
+  Sentry::SymmetricSentry.default_key = "secret_password"

data/RUNNING_UNIT_TESTS

@@ -0,0 +1,42 @@
+== Creating the test database
+
+The default name for the test databases is "sentry_plugin_test". If you 
+want to use another database name then be sure to update the connection 
+adapter setups you want to test with in test/database.yml. 
+
+Make sure that you create database objects with the same user that you specified in i
+database.yml otherwise (on Postgres, at least) tests for default values will fail.
+
+== Running with Rake
+
+The easiest way to run the unit tests is through Rake. The default task runs
+the entire test suite for the sqlite adapter. You can also run the suite on just
+one adapter by passing the DB environment variable.
+
+  rake test DB=mysql
+
+For more information, checkout the full array of rake tasks with "rake -T"
+
+Rake can be found at http://rake.rubyforge.org
+
+== Running by hand
+
+Unit tests are located in test directory. If you only want to run a single test suite, 
+or don't want to bother with Rake, you can do so with something like:
+
+  cd test; DB=mysql ruby base_test.rb
+   
+That'll run the base suite using the MySQL adapter. Change the adapter
+and test suite name as needed.
+
+== Faster tests
+
+If you are using a database that supports transactions, you can set the
+"AR_TX_FIXTURES" environment variable to "yes" to use transactional fixtures.
+This gives a very large speed boost. With rake:
+
+  rake AR_TX_FIXTURES=yes
+
+Or, by hand:
+
+  AR_TX_FIXTURES=yes ruby -I connections/native_sqlite3 base_test.rb

data/Rakefile

@@ -0,0 +1,192 @@
+require 'rubygems'
+
+#Gem::manage_gems
+
+require 'rake/rdoctask'
+require 'rake/packagetask'
+require 'rake/gempackagetask'
+require 'rake/testtask'
+require 'rake/contrib/rubyforgepublisher'
+
+PKG_NAME      = 'sentry'
+PKG_VERSION   = '0.3.1'
+PKG_FILE_NAME = "#{PKG_NAME}-#{PKG_VERSION}"
+PROD_HOST     = "technoweenie@bidwell.textdrive.com"
+RUBY_FORGE_PROJECT = 'sentry'
+RUBY_FORGE_USER    = 'technoweenie'
+
+task :default => [:test]
+Rake::TestTask.new("test") do |t|
+  t.libs << "test"
+  t.pattern = "test/*_test.rb"
+  t.verbose = true
+end
+
+load 'tasks/sentry.rake'
+
+Rake::RDocTask.new do |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title    = "#{PKG_NAME} -- painless encryption for Active Record"
+  rdoc.options << '--line-numbers --inline-source --accessor cattr_accessor=object'
+  rdoc.template = "#{ENV['template']}.rb" if ENV['template']
+  rdoc.rdoc_files.include('README', 'CHANGELOG', 'RUNNING_UNIT_TESTS')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+spec = Gem::Specification.new do |s|
+  s.name            = PKG_NAME
+  s.version         = PKG_VERSION
+  s.platform        = Gem::Platform::RUBY
+  s.summary         = "Sentry provides painless encryption services with a wrapper around some OpenSSL classes"
+  s.files           = FileList["{lib,test}/**/*"].to_a + %w(README MIT-LICENSE CHANGELOG RUNNING_UNIT_TESTS)
+  s.files.delete      "test/sentry_plugin.sqlite.db"
+  s.files.delete      "test/sentry_plugin.sqlite3.db"
+  s.require_path    = 'lib'
+  s.autorequire     = 'sentry'
+  s.has_rdoc        = true
+  s.test_file       = 'test/tests.rb'
+  s.author          = "Rick Olson"
+  s.email           = "technoweenie@gmail.com"
+  s.homepage        = "http://techno-weenie.net"
+end
+
+Rake::GemPackageTask.new(spec) do |pkg|
+  pkg.need_tar = true
+end
+
+desc "Publish the API documentation"
+task :pdoc => [:rdoc] do
+  Rake::RubyForgePublisher.new(RUBY_FORGE_PROJECT, RUBY_FORGE_USER).upload
+end
+
+desc 'Publish the gem and API docs'
+task :publish => [:pdoc, :rubyforge_upload]
+
+desc "Publish the release files to RubyForge."
+task :rubyforge_upload => :package do
+  files = %w(gem tgz).map { |ext| "pkg/#{PKG_FILE_NAME}.#{ext}" }
+
+  if RUBY_FORGE_PROJECT then
+    require 'net/http'
+    require 'open-uri'
+
+    project_uri = "http://rubyforge.org/projects/#{RUBY_FORGE_PROJECT}/"
+    project_data = open(project_uri) { |data| data.read }
+    group_id = project_data[/[?&]group_id=(\d+)/, 1]
+    raise "Couldn't get group id" unless group_id
+
+    # This echos password to shell which is a bit sucky
+    if ENV["RUBY_FORGE_PASSWORD"]
+      password = ENV["RUBY_FORGE_PASSWORD"]
+    else
+      print "#{RUBY_FORGE_USER}@rubyforge.org's password: "
+      password = STDIN.gets.chomp
+    end
+
+    login_response = Net::HTTP.start("rubyforge.org", 80) do |http|
+      data = [
+        "login=1",
+        "form_loginname=#{RUBY_FORGE_USER}",
+        "form_pw=#{password}"
+      ].join("&")
+      http.post("/account/login.php", data)
+    end
+
+    cookie = login_response["set-cookie"]
+    raise "Login failed" unless cookie
+    headers = { "Cookie" => cookie }
+
+    release_uri = "http://rubyforge.org/frs/admin/?group_id=#{group_id}"
+    release_data = open(release_uri, headers) { |data| data.read }
+    package_id = release_data[/[?&]package_id=(\d+)/, 1]
+    raise "Couldn't get package id" unless package_id
+
+    first_file = true
+    release_id = ""
+
+    files.each do |filename|
+      basename  = File.basename(filename)
+      file_ext  = File.extname(filename)
+      file_data = File.open(filename, "rb") { |file| file.read }
+
+      puts "Releasing #{basename}..."
+
+      release_response = Net::HTTP.start("rubyforge.org", 80) do |http|
+        release_date = Time.now.strftime("%Y-%m-%d %H:%M")
+        type_map = {
+          ".zip"    => "3000",
+          ".tgz"    => "3110",
+          ".gz"     => "3110",
+          ".gem"    => "1400"
+        }; type_map.default = "9999"
+        type = type_map[file_ext]
+        boundary = "rubyqMY6QN9bp6e4kS21H4y0zxcvoor"
+
+        query_hash = if first_file then
+          {
+            "group_id" => group_id,
+            "package_id" => package_id,
+            "release_name" => PKG_FILE_NAME,
+            "release_date" => release_date,
+            "type_id" => type,
+            "processor_id" => "8000", # Any
+            "release_notes" => "",
+            "release_changes" => "",
+            "preformatted" => "1",
+            "submit" => "1"
+          }
+        else
+          {
+            "group_id" => group_id,
+            "release_id" => release_id,
+            "package_id" => package_id,
+            "step2" => "1",
+            "type_id" => type,
+            "processor_id" => "8000", # Any
+            "submit" => "Add This File"
+          }
+        end
+
+        query = "?" + query_hash.map do |(name, value)|
+          [name, URI.encode(value)].join("=")
+        end.join("&")
+
+        data = [
+          "--" + boundary,
+          "Content-Disposition: form-data; name=\"userfile\"; filename=\"#{basename}\"",
+          "Content-Type: application/octet-stream",
+          "Content-Transfer-Encoding: binary",
+          "", file_data, ""
+          ].join("\x0D\x0A")
+
+        release_headers = headers.merge(
+          "Content-Type" => "multipart/form-data; boundary=#{boundary}"
+        )
+
+        target = first_file ? "/frs/admin/qrs.php" : "/frs/admin/editrelease.php"
+        http.post(target + query, data, release_headers)
+      end
+
+      if first_file then
+        release_id = release_response.body[/release_id=(\d+)/, 1]
+        raise("Couldn't get release id") unless release_id
+      end
+
+      first_file = false
+    end
+  end
+end
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "sentry"
+    gemspec.summary = "Asymmetric encryption of active record fields"
+    gemspec.description = "Asymmetric encryption of active record fields"
+    gemspec.email = "commoncode@pivotallabs.com"
+    gemspec.homepage = "http://github.com/pivotal/sentry"
+    gemspec.authors = ["John Pelly", "David Stevenson"]
+  end
+rescue LoadError
+  puts "Jeweler not available. Install it with: sudo gem install technicalpickles-jeweler -s http://gems.github.com"
+end

data/VERSION

@@ -0,0 +1 @@
+0.4.2

data/init.rb

@@ -0,0 +1 @@
+require 'sentry'

data/lib/active_record/sentry.rb

@@ -0,0 +1,96 @@
+module ActiveRecord # :nodoc:
+  module Sentry
+    def self.included(base) # :nodoc:
+      base.extend ClassMethods
+    end
+
+    module ClassMethods
+      def generates_crypted(attr_name, options = {})
+        mode = options[:mode] || :asymmetric
+        case mode
+          #when :sha
+          #  generates_crypted_hash_of(attr_name)
+          when :asymmetric, :asymmetrical
+            asymmetrically_encrypts(attr_name)
+          #when :symmetric, :symmetrical
+          #  symmetrically_encrypts(attr_name)
+        end
+      end
+
+      #def generates_crypted_hash_of(attribute)
+      #  before_validation ::Sentry::ShaSentry.new(attribute)
+      #  attr_accessor attribute
+      #end
+
+      def asymmetrically_encrypts(attr_name, options = {})
+        #temp_sentry = ::Sentry::AsymmetricSentryCallback.new(attr_name)
+        #before_validation temp_sentry
+        #after_save temp_sentry
+        unless instance_methods.include?("#{attr_name}_with_decryption")
+          define_read_methods
+
+          define_method("#{attr_name}_with_decryption") do |*optional|
+            begin
+              crypted_value = self.send("#{attr_name}_without_decryption")
+              return nil if crypted_value.nil?
+              key = optional.shift || (options[:key].is_a?(Proc) ? options[:key].call : options[:key]) || ::Sentry.default_key
+              decrypted_value = ::Sentry::AsymmetricSentry.decrypt_from_base64(crypted_value, key)
+              return decrypted_value[8,decrypted_value.length-8]
+            rescue
+              nil
+            end
+          end
+
+          alias_method_chain attr_name, :decryption
+          alias_method "crypted_#{attr_name}", "#{attr_name}_without_decryption"
+          alias_method "#{attr_name}_before_type_cast", "#{attr_name}_with_decryption"
+
+          define_method("#{attr_name}_with_encryption=") do |value|
+            padded_value = ActiveRecord::Sentry.rand_string + value
+            encrypted_value = ::Sentry::AsymmetricSentry.encrypt_to_base64(padded_value)
+            self.send("#{attr_name}_without_encryption=", encrypted_value)
+            nil
+          end
+
+          alias_method_chain "#{attr_name}=", :encryption
+        end
+
+      end
+      private
+
+      #def symmetrically_encrypts(attr_name)
+      #  temp_sentry = ::Sentry::SymmetricSentryCallback.new(attr_name)
+      #  before_validation temp_sentry
+      #  after_save temp_sentry
+      #
+      #  define_method(attr_name) do
+      #    send("#{attr_name}!") rescue nil
+      #  end
+      #
+      #  define_method("#{attr_name}!") do
+      #    return decrypted_values[attr_name] unless decrypted_values[attr_name].nil?
+      #    return nil if send("crypted_#{attr_name}").nil?
+      #    ::Sentry::SymmetricSentry.decrypt_from_base64(send("crypted_#{attr_name}"))
+      #  end
+      #
+      #  define_method("#{attr_name}=") do |value|
+      #    decrypted_values[attr_name] = value
+      #    nil
+      #  end
+      #
+      #  private
+      #  define_method(:decrypted_values) do
+      #    @decrypted_values ||= {}
+      #  end
+      #end
+    end
+
+    @@CHARS = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a
+
+    def self.rand_string(length=8)
+      s=''
+      length.times{ s << @@CHARS[rand(@@CHARS.length)] }
+      s
+    end
+  end
+end

data/lib/sentry/asymmetric_sentry.rb

@@ -0,0 +1,146 @@
+module Sentry
+  class AsymmetricSentry
+    attr_reader   :private_key_file
+    attr_reader   :public_key_file
+    attr_accessor :symmetric_algorithm
+    @@default_private_key_file = nil
+    @@default_public_key_file = nil
+    @@default_symmetric_algorithm = nil
+
+    # available options:
+    # * <tt>:private_key_file</tt> - encrypted private key file
+    # * <tt>:public_key_file</tt>  - public key file
+    # * <tt>:symmetric_algorithm</tt> - algorithm to use for SymmetricSentry
+    def initialize(options = {})
+      @public_key = @private_key = nil
+      private_key_file = options[:private_key_file]
+      public_key_file  = options[:public_key_file] || @@default_public_key_file
+      @symmetric_algorithm = options[:symmetric_algorithm] || @@default_symmetric_algorithm
+    end
+  
+    def encrypt(data)
+      raise NoPublicKeyError unless public?
+      rsa = public_rsa
+      rsa.public_encrypt(data)
+    end
+  
+    def encrypt_to_base64(data)
+      Base64.encode64(encrypt(data))
+    end
+  
+    def decrypt(data, key = nil)
+      raise NoPrivateKeyError unless private?
+      rsa = private_rsa(key)
+      rsa.private_decrypt(data)
+    end
+  
+    def decrypt_from_base64(data, key = nil)
+      decrypt(Base64.decode64(data), key)
+    end
+  
+    def private_key_file=(file)
+      @private_key_file = file and load_private_key
+    end
+  
+    def public_key_file=(file)
+      @public_key_file = file and load_public_key
+    end
+  
+    def public?
+      return true unless @public_key.nil?
+      load_public_key and return @public_key
+    end
+  
+    def private?
+      return true unless @private_key.nil?
+      load_private_key and return @private_key
+    end
+
+    class << self
+      # * <tt>:key</tt> - secret password
+      # * <tt>:symmetric_algorithm</tt> - symmetrical algorithm to use
+      def save_random_rsa_key(private_key_file, public_key_file, options = {})
+        rsa = OpenSSL::PKey::RSA.new(512)
+        public_key = rsa.public_key
+        private_key = options[:key].to_s.empty? ? 
+          rsa.to_s :
+          SymmetricSentry.new(:algorithm => options[:symmetric_algorithm]).encrypt_to_base64(rsa.to_s, options[:key])
+        File.open(public_key_file, 'w')  { |f| f.write(public_key) }
+        File.open(private_key_file, 'w') { |f| f.write(private_key) }
+      end
+
+      def encrypt(data)
+        self.new.encrypt(data)
+      end
+  
+      def encrypt_to_base64(data)
+        self.new.encrypt_to_base64(data)
+      end
+  
+      def decrypt(data, key = nil)
+        self.new.decrypt(data, key)
+      end
+  
+      def decrypt_from_base64(data, key = nil)
+        self.new.decrypt_from_base64(data, key)
+      end
+
+      # cattr_accessor would be lovely
+      def default_private_key_file
+        @@default_private_key_file
+      end
+      
+      def default_private_key_file=(value)
+        @@default_private_key_file = value
+      end
+      
+      def default_public_key_file
+        @@default_public_key_file
+      end
+      
+      def default_public_key_file=(value)
+        @@default_public_key_file = value
+      end
+      
+      def default_symmetric_algorithm
+        @@default_symmetric_algorithm
+      end
+      
+      def default_symmetric_algorithm=(value)
+        @@default_symmetric_algorithm = value
+      end
+    end
+  
+    private
+    def encryptor
+      @encryptor ||= SymmetricSentry.new(:algorithm => @symmetric_algorithm)
+    end
+
+    def load_private_key
+      @private_rsa = nil
+      @private_key_file ||= @@default_private_key_file
+      if @private_key_file and File.file?(@private_key_file)
+        @private_key = File.open(@private_key_file) { |f| f.read }
+      end
+    end
+  
+    def load_public_key
+      @public_rsa = nil
+      @public_key_file ||= @@default_public_key_file
+      if @public_key_file and File.file?(@public_key_file)
+        @public_key = File.open(@public_key_file) { |f| f.read }
+      end
+    end
+
+    # retrieves private rsa from encrypted private key
+    def private_rsa(key = nil)
+      return @private_rsa ||= OpenSSL::PKey::RSA.new(@private_key) unless key
+      OpenSSL::PKey::RSA.new(encryptor.decrypt_from_base64(@private_key, key))
+    end
+
+    # retrieves public rsa
+    def public_rsa
+      @public_rsa ||= OpenSSL::PKey::RSA.new(@public_key)
+    end
+  end
+end

data/lib/sentry/asymmetric_sentry_callback.rb

@@ -0,0 +1,17 @@
+module Sentry
+  class AsymmetricSentryCallback
+    def initialize(attr_name)
+      @attr_name = attr_name
+    end
+  
+    # Performs encryption on before_validation Active Record callback
+    #def before_validation(model)
+    #  return if model.send(@attr_name).blank?
+    #  model.send("crypted_#{@attr_name}=", AsymmetricSentry.encrypt_to_base64(model.send(@attr_name)))
+    #end
+    
+    #def after_save(model)
+    #  model.send("#{@attr_name}=", nil)
+    #end
+  end
+end