nexpose_thycotic 0.0.4 → 0.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a26c9a2b129625a04a2c7f9a1faef0c3c66899bd
-  data.tar.gz: 9a421deb85297f7cb43172884d7da17e0999ca5e
+  metadata.gz: 72d72a2f1294229464df29985e8c3a0145f18d60
+  data.tar.gz: 13e76a6eaeb8f69879b2a808251f9ad2a4bb2716
 SHA512:
-  metadata.gz: 758dffd4689c3bb786c5d85169ad0004f2c98e1d823cf5b567c3970434b24b08fe73e37c1641408850490c5a2a59a171fd0fdb19abcfe541d31132062dd45303
-  data.tar.gz: 479bb7191e92a2642a52511761eb4c9dd58957969ed98f1d4a7bce9c866017bcd21d76db1473ff077284187c797d419f0453c8a11606ab70b7dfb6bd8590e752
+  metadata.gz: 0b6f9d979b6064ca1eadfa76d0026461057701110fcddb172bde51429412a97589e4de7b4e1c96bab5b0f5e760337620f955f4d95b7294d1b5d03fbc6d606bef
+  data.tar.gz: c9f6ab9b22517feb3035b214492ab2cd7fffa1b0a3b5a4e2c4ef1823ed9e7e41113fa20d7cf25f2db5600346acc2b94b93a4f6911fbef3579d2bc1ca0349e635

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    nexpose_thycotic (0.0.4)
+    nexpose_thycotic (0.0.5)
       nexpose (~> 0.8.0)
       rubyntlm
       savon
@@ -25,8 +25,6 @@ GEM
       rex (~> 2.0.4, >= 2.0.4)
     nokogiri (1.6.6.2)
       mini_portile (~> 0.6.0)
-    nokogiri (1.6.6.2-x86-mingw32)
-      mini_portile (~> 0.6.0)
     nori (2.6.0)
     rack (1.6.1)
     rake (10.4.2)

data/README.md

@@ -1,6 +1,8 @@
 # NexposeThycotic
 
-Nexpose Thycotic Gem allows users to import credentials from Thycotic SecretServer into their Nexpose instance.
+Nexpose Thycotic Gem allows users to import credentials from Thycotic SecretServer into their Nexpose instance.  
+
+For assistance with using the gem, documentation, or issues, please email the Rapid7 support team at support@rapid7.com, including description of issues and log files.
 
 ## Installation
 
@@ -18,6 +20,51 @@ Or install it yourself as:
 
 ## Usage
 
-Edit the nx_thycotic.rb file in the /bin folder with a text editor. Add a proper username/password for both nexpose
-and SecretServer, followed by the URL for SecretServer webservice.
-Add the Site # to be managed by this integration, save and run on schedule.
+Edit the nexpose_thycotic.config file in the */lib/nexpose\_thycotic/config* folder with a text editor.
+Nexpose and Thycotic configuration options can be set in this file, or as Environment Variables.
+
+- Add a proper username/password for both Nexpose and SecretServer.
+- Add the URL for SecretServer webservice and URL for Nexpose, with optional port (defaults to 3780).
+- The logging level can also be modified.
+- Add the Site ID(s) to be managed by this integration, save and run on schedule.
+
+Run the following command from inside the bin folder:
+
+		nexpose_thycotic
+		
+## Encryption Settings
+
+The usernames and passwords within the configuration files are automatically encrypted when the integration runs. The key and IV files used during encryption/decryption are saved within the config folder by default.
+
+#### Setting Custom Locations for Encryption Files
+
+To set custom locations for the key and IV files, update the following values within the encryption.config file:
+
+ - key_filename - The absolute path to where the key file will be created.
+ - iv_file - The absolute path to where the IV file will be created.
+
+To set a custom path after the integration has already executed, the files must be moved to the new location manually.
+
+#### Encrypting the Configuration without running the Integration
+The Nexpose Thycotic integration can encrypt its configuration file without running the gem. This allows users to secure their login information for future use e.g for use in a cron-schedule. 
+ 
+The command to do so is:  
+```
+nexpose_thycotic -e
+```  
+or  
+```
+nexpose_thycotic --encrypt_config
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
+
+## Changelog
+
+### 0.0.7
+- User now has the option to configure the gem using a configuration file as well as with environment variables. Nexpose and Thycotic options have been added to the configuration file.
+- Added an encryption configuration file. Usernames and passwords within the configuration file are now encrypted when the application runs.
+- Command line options have been added to the gem. Several are common to all Nexpose gem integrations. Call the gem with '-h' or '--help' to view these options.  
+- *Breaking change*: Environment variables **NEXPOSE_PASS** and **THYCOTIC_PASS** have been renamed to **NEXPOSE_PASSWORD** and **THYCOTIC_PASSWORD** respectively.

data/bin/nexpose_thycotic

@@ -0,0 +1,38 @@
+#!/usr/bin/env ruby
+# Please refer to the configuration documentation for instructions on how to run this gem
+# Do NOT run this gem without proper pre-configuration.
+require 'nexpose_thycotic'
+require 'nexpose_thycotic/utilities/config_parser.rb'
+require 'nexpose_thycotic/utilities/gem_options'
+
+CONFIG_PATH =  File.join(File.dirname(__FILE__), 
+                       '../lib/nexpose_thycotic/config/nexpose_thycotic.config')
+config_path = File.expand_path(CONFIG_PATH)
+
+# Setup CLI Options
+GemOptions.create_parser
+    .with_banner_and_options('nexpose_thycotic')
+    .with_configuration_encryption([config_path])
+    .with_help_and_version('Nexpose Thycotic', NexposeThycotic::VERSION)
+    .parse
+
+settings = ConfigParser.get_config(config_path)
+
+thycotic_options = NexposeThycotic.set_variables(settings[:thycotic_options])
+nexpose_options = NexposeThycotic.set_variables(settings[:nexpose_options])
+options = settings[:options]
+
+vault_options = { url: thycotic_options[:thycotic_url],
+                  username: thycotic_options[:thycotic_username],
+                  password: thycotic_options[:thycotic_password] }
+
+nexpose_options = { nexpose_ip: nexpose_options[:nexpose_url], 
+                    nexpose_username: nexpose_options[:nexpose_username], 
+                    nexpose_password: nexpose_options[:nexpose_password], 
+                    nexpose_port: nexpose_options[:nexpose_port], 
+                    sites: options[:sites],
+                    logging_enabled: options[:logging_enabled],
+                    log_level: options[:log_level],
+                    log_console: options[:log_console] }       
+NexposeThycotic.update_credentials(vault_options, nexpose_options)
+

data/lib/nexpose_thycotic.rb

@@ -1,39 +1,68 @@
 require "nexpose_thycotic/version"
 require 'nexpose_thycotic/operations'
-require 'nexpose_thycotic/nx_logger'
+require 'nexpose_thycotic/utilities/nx_logger'
 require 'nexpose'
 
-module NexposeThycotic
+module NexposeThycotic  
   def self.update_credentials(vault_options, nexpose_options = nil)
-    NxLogger.log_message('Starting integration.', 'info')
+    log = NexposeThycotic::NxLogger.instance
+    log.setup_statistics_collection(NexposeThycotic::VENDOR, 
+                                    NexposeThycotic::PRODUCT, 
+                                    NexposeThycotic::VERSION)
+    log.setup_logging(true, nexpose_options[:log_level], nexpose_options[:log_console])
+    log.log_message('Starting integration.')
+    
     ss = ThycoticOperations.new(vault_options[:url])
-    NxLogger.log_message("Logging to Thycotic at #{vault_options[:url]}", 'info')
+    log.log_message("Logging to Thycotic at #{vault_options[:url]}")
     token = ss.authenticate(vault_options[:username], vault_options[:password])
-    @nx = NexposeOperations.new(nexpose_options[:nexpose_ip], nexpose_options[:nexpose_username], nexpose_options[:nexpose_password])
-    NxLogger.log_message('Processing sites', 'info')
+    
+    @nx = NexposeOperations.new(nexpose_options[:nexpose_ip], 
+                                nexpose_options[:nexpose_username], 
+                                nexpose_options[:nexpose_password], 
+                                nexpose_options[:nexpose_port])
+    log.log_message('Processing sites')
 
     nexpose_options[:sites].each do |site_id|
-    NxLogger.log_message("Processing site #{site_id}", 'debug')
-    ips = @nx.get_ips_from_site(site_id)
-    site_credentials = []
-    ips.each do |ip|
-      ip_from = ip.instance_of?(Nexpose::HostName) ? ip.host : ip.from
-      NxLogger.log_message("Getting credentials for #{ip_from}", 'debug')
-      secret_summary = ss.get_secret_id(token, ip_from)
-      unless secret_summary.nil?
-        NxLogger.log_message("Found credentials for #{ip_from}", 'debug')
-      # Gets OS
-        asset_data = {}
-        asset_data[:ip] = ip_from
-        res = ss.get_secret_simple(token, secret_summary[:secret_id])
-        asset_data[:username] = res[:username]
-        asset_data[:password] = res[:password]
-        credential = Nexpose::Credential.for_service(ss.check_type(secret_summary[:secret_type]), asset_data[:username], asset_data[:password], nil, ip.from )
-        site_credentials.push(credential)
+      log.log_debug_message("Processing site #{site_id}")
+      ips = @nx.get_ips_from_site(site_id)
+      site_credentials = []
+
+      ips.each do |ip|
+        ip_from = ip.instance_of?(Nexpose::HostName) ? ip.host : ip.from
+        log.log_debug_message("Getting credentials for #{ip_from}")
+        secret_summary = ss.get_secret_id(token, ip_from)
+        unless secret_summary.nil?
+          log.log_debug_message("Found credentials for #{ip_from}")
+          # Gets OS
+          asset_data = {}
+          asset_data[:ip] = ip_from
+          res = ss.get_secret_simple(token, secret_summary[:secret_id])
+          asset_data[:username] = res[:username]
+          asset_data[:password] = res[:password]
+          credential = Nexpose::Credential.for_service(ss.check_type(secret_summary[:secret_type]), 
+                                                       asset_data[:username], 
+                                                       asset_data[:password], 
+                                                       nil, 
+                                                       ip.from)
+          site_credentials.push(credential)
+        end
       end
+      @nx.save_site(site_id, site_credentials)
+      log.log_message("Finished processing #{site_id}")
     end
-    @nx.save_site(site_id, site_credentials)
-    NxLogger.log_message("Finished processing #{site_id}", 'info')
+  end
+
+  def self.set_variables(options)
+    settings = {}
+    options.each_key do |key|
+      value = ENV[key.to_s.upcase]
+      value ||= options[key]
+      if value.nil?
+        log = NexposeThycotic::NxLogger.instance
+        log.info("No configuration value found for #{key}")
+      end
+      settings[key] = value
     end
+    settings
   end
-end
+end

data/lib/nexpose_thycotic/config/encryption.config

@@ -0,0 +1,21 @@
+#
+# Symmetric Encryption for Ruby
+#
+---
+production:
+  # Since the encryption key must NOT be stored along with the
+  # source code, only store the key encryption key here.
+  private_rsa_key:
+
+  # List Symmetric Key Ciphers in the order of current / newest first
+  ciphers:
+    -
+      # Name of the file containing the encrypted key and iv.
+      key_filename: <absolute/path/to/filename>.key
+      iv_filename: <absolute/path/to/filename>.iv
+
+      cipher: aes-256-cbc
+      encoding: base64strict
+      version: 1
+      always_add_header: true
+

data/lib/nexpose_thycotic/config/nexpose_thycotic.config

@@ -0,0 +1,34 @@
+---
+# This configuration file defines all the particular options necessary to run the service. 
+# Fields marked (M) are mandatory.
+#
+# Service options:
+:options:
+  # (M) Enables logging to the log directory.
+  :logging_enabled: true  
+  # (M) Sets the log level threshold for output.
+  :log_level: info
+  # (M) Enables logging output to console
+  :log_console: true
+  # Filters to specific sites one per line, leave empty to generate for all sites.
+  :sites:
+  - '1'
+:nexpose_options:
+  # (M) Nexpose IP address
+  :nexpose_url: 127.0.0.1
+  # (M) Nexpose username
+  :nexpose_username: nxadmin
+  # (M) Nexpose password
+  :nexpose_password: nxadmin
+  # (M) The port Nexpose listens on. Default is 3780
+  :nexpose_port: 3780
+:thycotic_options:
+  # (M) Thycotic Instance IP address with WSDL
+  :thycotic_url: https://127.0.0.1/SecretServer/webservices/sswebservice.asmx?wsdl
+  # (M) The Thycotic username
+  :thycotic_username: user
+  # (M) The password for the above user
+  :thycotic_password: password
+:encryption_options:
+# (M) Path to the encryption.config file
+  :directory: ../../config/encryption.config

data/lib/nexpose_thycotic/operations.rb

@@ -7,7 +7,9 @@ module NexposeThycotic
     def initialize(ip, user, pass, port = 3780)
       @nsc = Connection.new(ip, user, pass, port)
       @nsc.login
+      NexposeThycotic::NxLogger.instance.on_connect(ip, port, @nsc.session_id, "{}")
     end
+
     def get_ips_from_site(site_id)
       site = Site.load(@nsc, site_id)
       site.assets
@@ -40,7 +42,9 @@ module NexposeThycotic
     attr_accessor :client
     def initialize(url = nil)
       # log: true, log_level: :info
-      @client = Savon.client(wsdl: url)
+      @client = Savon.client(
+          wsdl: url,
+          ssl_verify_mode: :none)
     end
 
     def operations

data/lib/nexpose_thycotic/utilities/config_parser.rb

@@ -0,0 +1,141 @@
+require 'erb'
+require 'yaml'
+require 'fileutils'
+require 'symmetric-encryption'
+
+class ConfigParser
+  ENCRYPTED_FORMAT = '<%%= SymmetricEncryption.try_decrypt "%s" %%>'
+  PLACEHOLDER = '<absolute/path/to/filename>'
+  # The environment to use, defined within the encryption config
+  STANZA = 'production'
+  # The line width of the YAML file before line-wrapping occurs
+  WIDTH = 120
+
+  # Encrypts a configuration file and returns the unencrypted hash.
+  def self.get_config(config_path, enc_path=nil)
+    # Try to load a path from the provided config
+    custom_enc_path = get_enc_directory(config_path)
+    enc_path = custom_enc_path unless custom_enc_path.nil?
+
+    enc_path = File.expand_path(enc_path, __FILE__)
+    config_path = File.expand_path(config_path)
+
+
+    generate_keys(enc_path, config_path)
+    encrypt_config(enc_path, config_path)
+    decrypt_config(enc_path, config_path)
+  end
+
+  # Writes the YAML to file with custom formatting options
+  def self.save_config(config_details, config_path)
+    yaml = config_details.to_yaml(line_width: WIDTH)
+    File.open(config_path, 'w') {|f| f.write yaml }
+  end
+
+  def self.encrypt_field(value)
+    encrypted_value = SymmetricEncryption.encrypt value
+    ENCRYPTED_FORMAT % encrypted_value
+  end
+
+  # Retrieves the custom directory of the encryption config
+  def self.get_enc_directory(config_path)
+    settings = YAML.load_file(config_path)
+    return nil if settings[:encryption_options].nil?
+
+    enc_dir = settings[:encryption_options][:directory]
+    return nil if (enc_dir.nil? || enc_dir == '')
+
+    File.expand_path(enc_dir, __FILE__)
+  end
+
+  # Generates the RSA key, associated files and directories.
+  def self.generate_keys(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    key = settings[STANZA]['private_rsa_key']
+
+    # Recognise an existing key
+    return unless (key.nil? || key == '')
+
+    # Generate a new RSA key and store the details
+    new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
+    settings[STANZA]['private_rsa_key'] = new_rsa_key
+    save_config(settings, enc_path)
+
+    # Populate the placeholder values within the config
+    populate_ciphers(enc_path, config_path)
+
+    # Need to create a folder (specified by the user) to store the key files
+    dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])
+
+    begin
+      unless File.directory?(dir) || PLACEHOLDER.include?(dir)
+        puts "Creating folder: #{dir}"
+        FileUtils::mkdir_p dir
+      end
+    rescue Exception => e
+      msg = "Unable to create the folders used to store encryption details.\n"\
+            'Please ensure the user has permissions to create folders in the ' \
+            "path specified in the  encryption config: #{enc_path}\n"
+      handle_error(msg, e)
+    end
+
+    SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
+  end
+
+  # Replace placeholder values for the key and iv file paths,
+  # placing them in the config folder by default.
+  def self.populate_ciphers(enc_path, config_path)
+    settings = YAML.load_file(enc_path)
+    ciphers = settings[STANZA]['ciphers'].first
+    config_folder = File.dirname(config_path)
+    config_name = File.basename(config_path, File.extname(config_path))
+
+    %w(key iv).each do |file|
+      label = "#{file}_filename"
+      file_path = ciphers[label]
+      next unless file_path.include? PLACEHOLDER
+
+      filename = ".#{config_name}.#{file}"
+      ciphers[label] = File.join(config_folder, filename)
+    end
+
+    save_config(settings, enc_path)
+  end
+
+  def self.encrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+
+    # Read the config in as an array of strings
+    f = File.open(config_path)
+    config_lines = f.readlines
+    f.close
+
+    # Define the regex that can find relevant fields
+    regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/
+
+    # Line by line, write the line to file, encrypting sensitive fields
+    File.open(config_path, 'w+') do |f|
+      config_lines.each do |l|
+        matches = l.match(regex)
+
+        # Encrypt fields with username/password labels that are in plaintext
+        unless matches.nil? || matches['value'].include?('SymmetricEncryption')
+          l = "#{matches['label']}#{encrypt_field(matches['value'])}"
+        end
+
+        f.puts l
+      end
+    end
+  end
+
+  # Returns a hash containing the decrypted details from a config file.
+  def self.decrypt_config(enc_path, config_path)
+    SymmetricEncryption.load!(enc_path, STANZA)
+    return YAML.load(ERB.new(File.new(config_path).read).result)
+  end
+
+  def self.handle_error(message, error)
+    puts message
+    raise error
+  end
+end

data/lib/nexpose_thycotic/utilities/gem_options.rb

@@ -0,0 +1,91 @@
+require 'optparse'
+
+class GemOptions
+
+  @parser
+
+  def self.create_parser
+    @parser = OptionParser.new
+    self
+  end
+
+  # How the gem is used e.g 'nexpose ticketing jira [options]'
+  def self.with_banner(gem_usage_string)
+    @parser.banner = "Usage: #{gem_usage_string} [options]"
+    @parser.separator ''
+    self
+  end
+
+  # Header for options list
+  def self.with_options
+    @parser.separator 'Options:'
+    self
+  end
+
+  # Creates banner and options
+  def self.with_banner_and_options(gem_usage_string)
+    with_banner(gem_usage_string)
+    with_options
+    self
+  end
+
+  # For setting encryption switch. Can be set to work with two configurations
+  # Config_paths is an array
+  def self.with_configuration_encryption(config_paths, enc_path = nil)
+    @parser.on('-e',
+            '--encrypt_config',
+            'Encrypt the configuration file(s) without running the gem') do |e|
+      ConfigParser.get_config(config_paths.first, enc_path) unless enc_path.nil?
+      ConfigParser.get_config(config_paths.last)
+      puts "\nConfiguration File(s) Encrypted"
+      exit
+    end
+    self
+  end
+
+  def self.with_help
+    @parser.on_tail('-h', '--help', 'Show this message') do |h|
+      puts @parser
+      exit
+    end
+    self
+  end
+
+  def self.with_version(gem, version)
+    @parser.on_tail('--version', 'Version Information') do |v|
+      puts "#{gem} #{version}"
+      exit
+    end
+    self
+  end
+
+  def self.with_help_and_version(gem, version)
+    with_help
+    with_version(gem, version)
+    self
+  end
+
+  # Method to allow integrations to create own options, with both short and long
+  # switches and description.
+  # Handler is the block to run when option is called.
+  def self.with_other_option(short_switch, long_switch, description, &handler)
+    @parser.on("-#{short_switch}", "--#{long_switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Method to allow integrations to create own options, with only one size of
+  # switch and description.
+  # '-' for short switches and '--' for long switches is required.
+  # Handler is the block to run when option is called.
+  def self.with_single_switch_option(identifier, switch, description, &handler)
+    @parser.on("#{identifier}#{switch}", description) do |opt|
+      handler.call
+    end
+  end
+
+  # Parses the options to make them available
+  def self.parse
+    @parser.parse!
+  end
+end

data/lib/nexpose_thycotic/utilities/nx_logger.rb

@@ -0,0 +1,166 @@
+require 'fileutils'
+require 'json'
+require 'net/http'
+require 'singleton'
+
+module NexposeThycotic
+  class NxLogger
+    include Singleton
+    LOG_PATH = "../logs/rapid7_%s.log"
+    KEY_FORMAT = "external.integration.%s"
+    PRODUCT_FORMAT = "%s_%s"
+
+    DEFAULT_LOG = 'integration'
+    PRODUCT_RANGE = 4..30
+    KEY_RANGE = 3..15
+
+    ENDPOINT = '/data/external/statistic/'
+
+    def initialize()
+      create_calls
+      @logger_file = get_log_path @product
+      setup_logging(true, 'info')
+    end
+
+    def setup_statistics_collection(vendor, product_name, gem_version)
+      begin
+        @statistic_key = get_statistic_key vendor
+        @product = get_product product_name, gem_version
+      rescue => e
+        #Continue
+      end
+    end
+
+    def setup_logging(enabled, log_level = 'info', stdout=false)
+      @stdout = stdout
+
+      log_message('Logging disabled.') unless enabled || @log.nil?
+      @enabled = enabled
+      return unless @enabled
+
+      @logger_file = get_log_path @product
+
+      require 'logger'
+      directory = File.dirname(@logger_file)
+      FileUtils.mkdir_p(directory) unless File.directory?(directory)
+      io = IO.for_fd(IO.sysopen(@logger_file, 'a'), 'a')
+      io.autoclose = false
+      io.sync = true
+      @log = Logger.new(io, 'weekly')
+      @log.level = if log_level.to_s.casecmp('info') == 0 
+                     Logger::INFO 
+                   else
+                     Logger::DEBUG
+                   end
+      log_message("Logging enabled at level <#{log_level}>")
+    end
+
+    def create_calls
+      levels = [:info, :debug, :error, :warn]
+      levels.each do |level|
+        method_name = 
+        define_singleton_method("log_#{level.to_s}_message") do |message|
+          puts message if @stdout
+          @log.send(level, message) unless !@enabled || @log.nil?
+        end
+      end
+    end
+
+    def log_message(message)
+      log_info_message message
+    end
+
+    def log_stat_message(message)
+    end
+
+    def get_log_path(product)
+      product.downcase! unless product.nil?
+      File.join(File.dirname(__FILE__), LOG_PATH % (product || DEFAULT_LOG))
+    end
+
+    def get_statistic_key(vendor)
+      if vendor.nil? || vendor.length < KEY_RANGE.min
+        log_stat_message("Vendor length is below minimum of <#{KEY_RANGE}>")
+        return nil
+      end
+
+      vendor.gsub!('-', '_')
+      vendor.slice! vendor.rindex('_') until vendor.count('_') <= 1
+
+      vendor.delete! "^A-Za-z0-9\_"
+
+      KEY_FORMAT % vendor[0...KEY_RANGE.max].downcase
+    end
+
+    def get_product(product, version)
+      return nil if ((product.nil? || product.empty?) || 
+                     (version.nil? || version.empty?))
+
+      product.gsub!('-', '_')
+      product.slice! product.rindex('_') until product.count('_') <= 1
+
+      product.delete! "^A-Za-z0-9\_"
+      version.delete! "^A-Za-z0-9\.\-"
+
+      product = (PRODUCT_FORMAT % [product, version])[0...PRODUCT_RANGE.max]
+
+      product.slice! product.rindex(/[A-Z0-9]/i)+1..-1
+
+      if product.length < PRODUCT_RANGE.min
+        log_stat_message("Product length below minimum <#{PRODUCT_RANGE.min}>.")
+        return nil
+      end
+      product.downcase
+    end
+
+    def generate_payload(statistic_value='')
+      product_name, separator, version = @product.to_s.rpartition('_')
+      payload_value = {'version' => version}.to_json
+
+      payload = {'statistic-key' => @statistic_key.to_s,
+                 'statistic-value' => payload_value,
+                 'product' => product_name}
+      JSON.generate(payload)
+    end
+
+    def send(nexpose_address, nexpose_port, session_id, payload)
+      header = {'Content-Type' => 'application/json',
+                'nexposeCCSessionID' => session_id,
+                'Cookie' => "nexposeCCSessionID=#{session_id}"}
+      req = Net::HTTP::Put.new(ENDPOINT, header)
+      req.body = payload
+      http_instance = Net::HTTP.new(nexpose_address, nexpose_port)
+      http_instance.use_ssl = true
+      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      response = http_instance.start { |http| http.request(req) }
+      log_stat_message "Received code #{response.code} from Nexpose console."
+      log_stat_message "Received message #{response.msg} from Nexpose console."
+      log_stat_message 'Finished sending statistics data to Nexpose.'
+
+      response.code
+    end
+
+    def on_connect(nexpose_address, nexpose_port, session_id, value)
+      log_stat_message 'Sending statistics data to Nexpose'
+
+      if @product.nil? || @statistic_key.nil?
+        log_stat_message('Invalid product name and/or statistics key.')
+        log_stat_message('Statistics collection not enabled.')
+        return
+      end
+      
+      begin
+        payload = generate_payload value
+        send(nexpose_address, nexpose_port, session_id, payload)
+      rescue => e
+        #Let the program continue
+      end
+    end
+
+    #Used by net library for debugging 
+    def <<(value)
+      log_debug_message(value)
+    end
+
+  end
+end

data/lib/nexpose_thycotic/version.rb

@@ -1,5 +1,7 @@
 module NexposeThycotic
-  VERSION = "0.0.4"
+  VERSION = "0.1.0"
+  VENDOR = "Thycotic"
+  PRODUCT = "Secret Server"
   def self.show_version
     puts VERSION
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose_thycotic
 version: !ruby/object:Gem::Version
-  version: 0.0.4
+  version: 0.1.0
 platform: ruby
 authors:
-- Damian Finol
+- Damian Finol, Adam Robinson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-05-20 00:00:00.000000000 Z
+date: 2017-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -72,20 +72,40 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
+        version: '0.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.8.0
-description: This gem allows Nexpose users to poll credentials from Thycotic SecretServer
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: symmetric-encryption
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.9'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.9.0
+description: This gem allows Nexpose users to pull credentials from Thycotic SecretServer
   into Nexpose
 email:
-- damian_finol@rapid7.com
+- support@rapid7.com
 executables:
-- nx_thycotic.rb
+- nexpose_thycotic
 extensions: []
 extra_rdoc_files: []
 files:
@@ -94,13 +114,15 @@ files:
 - LICENSE.txt
 - README.md
 - Rakefile
-- bin/nx_thycotic.rb
+- bin/nexpose_thycotic
 - lib/nexpose_thycotic.rb
-- lib/nexpose_thycotic/nx_logger.rb
+- lib/nexpose_thycotic/config/encryption.config
+- lib/nexpose_thycotic/config/nexpose_thycotic.config
 - lib/nexpose_thycotic/operations.rb
+- lib/nexpose_thycotic/utilities/config_parser.rb
+- lib/nexpose_thycotic/utilities/gem_options.rb
+- lib/nexpose_thycotic/utilities/nx_logger.rb
 - lib/nexpose_thycotic/version.rb
-- nexpose_thycotic-0.0.3.gem
-- nexpose_thycotic.gemspec
 homepage: http://www.rapid7.com/
 licenses:
 - MIT
@@ -121,7 +143,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.4
+rubygems_version: 2.5.1
 signing_key: 
 specification_version: 4
 summary: Nexpose Thycotic Gem Integration

data/bin/nx_thycotic.rb

@@ -1,31 +0,0 @@
-#!/usr/bin/env ruby
-# Please refer to the configuration documentation for instructions on how to run this gem
-# Do NOT run this gem without proper pre-configuration.
-require 'nexpose_thycotic'
-
-# Sites to collect credentials on, separated by commas.
-sites = [ 7 ]
-# Thycotic SecretServer URL.
-# Set an Environment variable called THYCOTIC_URL to your sswebservice install
-# IE: http://127.0.0.1/SecretServer/webservices/sswebservice.asmx?wsdl
-thycotic_url = ENV['THYCOTIC_URL']
-# Thycotic username.
-thycotic_username = ENV['THYCOTIC_USER']
-# Thycotic password
-thycotic_password = ENV['THYCOTIC_PASS']
-
-
-### NEXPOSE CONFIGURATION ###
-# Nexpose IP Address
-nexpose_ip = ENV['NEXPOSE_URL']
-# Nexpose username
-nexpose_username = ENV['NEXPOSE_USER']
-# Nexpose password
-nexpose_password = ENV['NEXPOSE_PASS']
-
-
-
-### DO NOT EDIT AFTER THIS LINE ###
-vault_options = { url: thycotic_url, username: thycotic_username, password: thycotic_password }
-nexpose_options = { nexpose_ip: nexpose_ip, nexpose_username: nexpose_username, nexpose_password: nexpose_password, sites: sites }
-NexposeThycotic.update_credentials(vault_options, nexpose_options)

data/lib/nexpose_thycotic/nx_logger.rb

@@ -1,19 +0,0 @@
-module NexposeThycotic
-  module NxLogger
-    require 'logger'
-    LOGGER_FILE = File.join(File.dirname(__FILE__), '/log/nx_thycotic.log')
-    directory = File.dirname(LOGGER_FILE)
-    FileUtils.mkdir_p(directory) unless File.directory?(directory)
-    @log = Logger.new(LOGGER_FILE, 'monthly')
-    @log.level = Logger::INFO
-
-    def self.log_message(message, level)
-      case level
-        when 'info' then @log.info(message)
-        when 'debug' then @log.debug(message)
-        when 'error' then @log.error(message)
-        when 'warn' then @log.warn(message)
-      end
-    end
-  end
-end

data/nexpose_thycotic.gemspec

@@ -1,27 +0,0 @@
-# coding: utf-8
-lib = File.expand_path('../lib', __FILE__)
-$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'nexpose_thycotic/version'
-
-Gem::Specification.new do |spec|
-  spec.name          = "nexpose_thycotic"
-  spec.version       = NexposeThycotic::VERSION
-  spec.authors       = ["Damian Finol"]
-  spec.email         = ["damian_finol@rapid7.com"]
-  spec.summary       = %q{Nexpose Thycotic Gem Integration}
-  spec.description   = %q{This gem allows Nexpose users to poll credentials from Thycotic SecretServer into Nexpose}
-  spec.homepage      = 'http://www.rapid7.com/'
-  spec.license       = "MIT"
-
-  spec.files         = Dir['[A-Z]*'] + Dir['lib/**/*'] + Dir['bin/**']
-  spec.files.reject! { |fn| fn.include? "CVS" }
-  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-  spec.require_paths = ['lib']
-
-  spec.add_development_dependency "bundler", "~> 1.5"
-  spec.add_development_dependency "rake"
-  spec.add_runtime_dependency "savon"
-  spec.add_runtime_dependency "rubyntlm"
-  spec.add_runtime_dependency 'nexpose', '~> 0.8.0'
-end