nexus 1.1.0 → 1.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b9afe169e757af4c376e9127b7880a1b8e427ffc
-  data.tar.gz: ec412e696190f225462c3ab626cd9eaf53f23c8e
+  metadata.gz: e11879ab0b9f82568f91c8ce11f044da3956b7ff
+  data.tar.gz: bc935338806a858d17b87fc5834984bb10d2e64e
 SHA512:
-  metadata.gz: 5faef784a2e11d149e20f731fe6d6ae302ae13471957cb22a81b66b528683c567dc5ca4adad5dc59eb05eb1516429412ad7fb78e99b0c9d061f69ee1c98b8fee
-  data.tar.gz: 655818bb467f597bb8ea5665c023cfeb15c8196d44e05e30e196b7b3f3ccf78341e3a6020e20f1adce25639d4199153153060d76bba86a957b7e88484334c8ad
+  metadata.gz: dd857dc03ad489c39efd1a622868f9600398fc4f2721e581f89448d59b04023dbdf8fe3318894209f0e4a619a51fe960ff1e4923f38183056c9406f3abd2cf63
+  data.tar.gz: a0d1607d9297577d23af9b649629c460d176ca7e91b9f903b4d66d3b712cd7ec8abcb793ce34f2c7d0cca76ee9b8593b310ab038e56d44a620c4cf894aa63e3b

data/lib/commands/abstract_command.rb

@@ -9,29 +9,29 @@ class Gem::AbstractCommand < Gem::Command
   def initialize( name, summary )
     super
    
-    add_option( '-c', '--nexus-clear',
-                'Clears the nexus config' ) do |value, options|
-      options[ :nexus_clear ] = value
+    add_option( '-r', '--repo KEY',
+                "pick the configuration under that key.\n                                     can be used in conjuction with --clear-repo and the upload itself." ) do |value, options|
+      options[ :nexus_repo ] = value
     end
 
-    add_option( '--nexus-config FILE',
-                'File location of nexus config' ) do |value, options|
-      options[ :nexus_config ] = File.expand_path( value )
+    add_option( '-c', '--clear-repo',
+                'Clears the nexus config for the given repo or the default repo' ) do |value, options|
+      options[ :nexus_clear ] = value
     end
 
-    add_option( '--repo KEY',
-                'pick the config under that key' ) do |value, options|
-      options[ :nexus_repo ] = value
+    # backward compatibility
+    add_option( '--nexus-clear', 'DEPRECATED' ) do |value, options|
+      options[ :nexus_clear ] = value
     end
 
-    add_option( '--secrets FILE',
-                'use and store secrets in the given instead of local config file. file location will be stored in the local config file.' ) do |value, options|
-      options[ :nexus_secrets ] = File.expand_path( value )
+    add_option( '--nexus-config FILE',
+                "File location of nexus config to use.\n                                     default #{Nexus::Config.default_file}" ) do |value, options|
+      options[ :nexus_config ] = File.expand_path( value )
     end
   end
 
   def url
-    url = config[ :url ]
+    url = config.url
     # no leading slash
     url.sub!(/\/$/,'') if url
     url
@@ -43,7 +43,7 @@ class Gem::AbstractCommand < Gem::Command
     url = ask("URL: ")
 
     if URI.parse( "#{url}" ).host != nil
-      config[ :url ] = url
+      config.url = url
 
       say 'The Nexus URL has been stored in ~/.gem/nexus'
     else
@@ -52,9 +52,27 @@ class Gem::AbstractCommand < Gem::Command
   end
 
   def setup
-    configure_url if !config.key?( :url ) || options[:nexus_clear]
+    prompt_encryption if config.encrypted?
+    configure_url if config.url.nil? || options[ :nexus_clear ]
     use_proxy!( url ) if http_proxy( url )
-    sign_in if !config.key?( :authorization ) || options[:nexus_clear]
+    if( authorization.nil? || 
+        config.always_prompt? || 
+        options[:nexus_clear] )
+      sign_in
+    end
+  end
+
+  def prompt_encryption
+    password = ask_for_password( "Enter your Nexus encryption credentials (no prompt)" )
+ 
+    # recreate config with password
+    config.password = password
+
+#    if options[ :nexus_encrypt ] && !config.encrypted?
+#      config.encrypt_credentials
+#    elsif options[ :nexus_encrypt ] == false && config.encrypted?
+#      config.decrypt_credentials      
+#    end
   end
 
   def sign_in
@@ -64,29 +82,32 @@ class Gem::AbstractCommand < Gem::Command
 
     # mimic strict_encode64 which is not there on ruby1.8
     token = "#{username}:#{password}"
-    if token != ':'
-      config[ :authorization ] =
-        "Basic #{Base64.encode64(username + ':' + password).gsub(/\s+/, '')}"
-    else
-      config[ :authorization ] = nil
+    auth = "Basic #{Base64.encode64(token).gsub(/\s+/, '')}"
+    @authorization = token == ':' ? nil : auth
+     
+    unless config.always_prompt?
+      config.authorization = @authorization
+      if @authorization
+        say "Your Nexus credentials has been stored in #{config}"
+      else
+        say "Your Nexus credentials has been deleted from #{config}"
+      end
     end
-
-    say "Your Nexus credentials has been stored in ~/.gem/nexus"
   end
 
-  def this_config
-    Nexus::Config.new( options[ :nexus_repo ],
-                       options[ :nexus_config ],
-                       options[ :nexus_secrets ] )
+  def this_config( pass = nil )
+    Nexus::Config.new( options[ :nexus_config ],
+                       options[ :nexus_repo ] )
   end
   private :this_config
   
-  def config
+  def config( pass = nil )
+    @config = this_config( pass ) if pass
     @config ||= this_config
   end
 
   def authorization
-    config[ :authorization ]
+    @authorization || config.authorization
   end
 
   def make_request(method, path)
@@ -125,13 +146,15 @@ class Gem::AbstractCommand < Gem::Command
     
     if Gem.configuration.verbose.to_s.to_i > 0
       warn "#{request.method} #{url.to_s}"
-      if authorization
+      if config.authorization
         warn 'use authorization' 
       else
         warn 'no authorization'
       end
- 
-      warn "use proxy at #{http.proxy_address}:#{http.proxy_port}" if http.proxy_address
+
+      if http.proxy_address
+        warn "use proxy at #{http.proxy_address}:#{http.proxy_port}"
+      end
     end
 
     http.request(request)
@@ -139,7 +162,10 @@ class Gem::AbstractCommand < Gem::Command
 
   def use_proxy!( url )
     proxy_uri = http_proxy( url )
-    @proxy_class = Net::HTTP::Proxy(proxy_uri.host, proxy_uri.port, proxy_uri.user, proxy_uri.password)
+    @proxy_class = Net::HTTP::Proxy( proxy_uri.host,
+                                     proxy_uri.port,
+                                     proxy_uri.user,
+                                     proxy_uri.password )
   end
 
   def proxy_class

data/lib/commands/nexus.rb

@@ -5,23 +5,100 @@ class Gem::Commands::NexusCommand < Gem::AbstractCommand
   end
 
   def arguments
-    "GEM       built gem to upload"
+    "GEM       built gem to upload. some options do not require it."
   end
 
   def usage
     "#{program_name} GEM"
   end
 
+  def list_repos
+    puts
+    config.repos.each do |k,v|
+      puts "#{k}: #{v}"
+    end
+    puts
+  end
+  private :list_repos
+
   def initialize
     super 'nexus', description
     add_proxy_option
+
+    add_option( '--all-repos',
+                'list all configured repos with their respective urls.' ) do |value, options|
+      options[ :nexus_all_repos ] = value
+    end
+
+    add_option( '--clear-all',
+                'clears all credentials' ) do |value, options|
+      options[ :nexus_clear_all ] = value
+    end
+
+
+    add_option( '--secrets FILE',
+                'move the credentials to the given secrets file.' ) do |value, options|
+      options[ :nexus_secrets ] = File.expand_path( value )
+    end
+
+    add_option( '--no-secrets',
+                'move the credentials to the configuration file and delete the secrets file.' ) do |value, options|
+      options[ :nexus_secrets ] = false
+    end
+
+    # backward compatibility
+    add_option( '--password', 'DEPRECATED' ) do  |value, options|
+      options[ :nexus_prompt_all ] = value
+    end
+
+    add_option( '--[no-]prompt',
+                'always prompt for the credentials.' ) do |value, options|
+      options[ :nexus_prompt_all ] = value
+    end
+
+    add_option( '--[no-]encrypt',
+                'encrypt/decrypt the credentials with a master password.' ) do |value, options|
+      options[ :nexus_encrypt ] = value
+    end
+    
   end
 
   def execute
     name = get_one_gem_name rescue nil
-    setup
-    # if there is no gemname and no clear options then fail with send_gem
-    if !name.nil? || !options[ :nexus_clear ]
+    if( name && ( options[ :nexus_all_repos ] != nil ||
+                  options[ :nexus_clear_all ] != nil ||
+                  options[ :nexus_prompt_all ] != nil ||
+                  options[ :nexus_encrypt ] != nil ||
+                  options[ :nexus_secrets ] != nil ) )
+      warn "given gemfile #{name} get ignored due to the options used"
+    end
+
+    if options[ :nexus_all_repos ]
+      list_repos
+    elsif options[ :nexus_prompt_all ]
+      if ask( "setup nexus to always prompt username/passwords and delete all current credentials ? (y/N)" ) == 'y'
+        config.always_prompt
+      end
+    elsif options[ :nexus_prompt_all ] == false
+      say( "setup nexus to store username/passwords" )
+      config.clear_always_prompt
+    elsif options[ :nexus_clear_all ]
+      if ask( "delete all current credentials ? (y/N)" ) == 'y'
+        config.clear_credentials
+      end
+    elsif options[ :nexus_encrypt ]
+      prompt_encryption
+      config.encrypt_credentials
+    elsif options[ :nexus_encrypt ] == false
+      prompt_encryption
+      config.decrypt_credentials
+    elsif options[ :nexus_secrets ] == false
+      config.new_secrets( nil )
+    elsif options[ :nexus_secrets ]
+      config.new_secrets( options[ :nexus_secrets ] )
+    else
+      setup
+      # if there is no gemname and no options which then fail with send_gem
       send_gem
     end
   end

data/lib/nexus/cipher.rb

@@ -0,0 +1,52 @@
+require 'openssl'
+require 'base64'
+
+module Nexus
+  class Cipher
+
+    def initialize( pass, token = nil )
+      @token = Base64.strict_decode64( token ) if token
+      @token ||= OpenSSL::Random.random_bytes( 32 )
+
+      iter = 20000
+      key_len = 32
+      @key = OpenSSL::PKCS5.pbkdf2_hmac_sha1( pass,
+                                              @token,
+                                              iter,
+                                              key_len )
+    end
+    
+    def cipher
+      @c ||= OpenSSL::Cipher::AES.new( 256, :CBC )
+    end
+    private :cipher
+
+    def token
+      Base64.strict_encode64( @token ) 
+    end
+
+    def iv
+      Base64.strict_encode64( @iv ) if @iv
+    end
+
+    def iv=( iv )
+      @iv = Base64.strict_decode64( iv )
+    end
+
+    def encrypt( data )
+      c = cipher
+      c.encrypt
+      c.key = @key
+      @iv = c.random_iv
+      Base64.strict_encode64( c.update( data ) + c.final )
+    end
+
+    def decrypt( data )
+      c = cipher
+      c.decrypt
+      c.key = @key
+      c.iv = @iv
+      c.update( Base64.strict_decode64( data ) ) + c.final
+    end
+  end
+end

data/lib/nexus/config.rb

@@ -1,110 +1,197 @@
-require 'rubygems/local_remote_options'
-require 'net/http'
-require 'base64'
+require 'nexus/cipher'
+require 'nexus/config_file'
 
 module Nexus
   class Config
 
-    class File
-      def initialize( file, repo )
-        if file.is_a?( String )
-          @file = file
-
-          if file && ::File.exists?( file )
-            @all = YAML.load( ::File.read( file ) )
-          end
-        elsif file
-          @file = file.instance_variable_get( '@file'.to_sym )
-          @all = file.instance_variable_get( '@all'.to_sym )
-        end
-        @all ||= {}
+    def self.default_file
+      File.join( Gem.user_home, '.gem', 'nexus' )
+    end
 
-        @data = ( @all[ repo ] ||= {} ) if repo
-        @data ||= @all
-      end
+    def initialize( file = nil, repo = nil )
+      @repo = repo
+      @conf = ConfigFile.new( file || self.class.default_file )
+      @secr = ConfigFile.new( @conf[ :secrets ] ) if @conf.key? :secrets
+    end
 
-      def key?( key )
-        @data.key? key
-      end
+    private
 
-      def []( key )
-        @data[ key ]
+    def encrypt_or_decrypt_credentials
+      map = config.all
+      yield map if map[ :authorization ]
+      map.each do |k, v|
+        yield v if v.is_a?( Hash ) && v[ :authorization ]
       end
+    end
 
-      def []=( key, value )
-        if value
-          @data[ key ] = value
-        else
-          @data.delete( key )
-        end
-      end
-      
-      def store
-        if @file
-          dirname = ::File.dirname( @file )
-          Dir.mkdir( dirname ) unless ::File.exists?( dirname )
-          new = !::File.exists?( @file )
-
-          ::File.open( @file, 'w') do |f|
-            f.write @all.to_yaml
-          end
-          if new
-            ::File.chmod( 0100600, @file ) rescue nil
-          end
-          true
-        else
-          false
+    def move_credentials( from, to )
+      keys = [ :secrets, :token, :iv, :authorization ]
+      ([ nil ] + from.repos ).each do |repo|
+        keys.each do |k|
+          to[ k, repo ] = from[ k, repo ]
+          from[ k, repo ] = nil
         end
       end
     end
 
-    def self.default_file
-      ::File.join( Gem.user_home, '.gem', 'nexus' )
+    def config
+      @map ||= @secr ? @secr : @conf
+    end
+
+    def key?( key )
+      config.key?( key, @repo )
+    end
+
+    def []( key )
+      config[ key, @repo ]
+    end
+
+    def []=( key, value )
+      config[ key, @repo ] = value
+    end
+
+    public
+
+    def encrypted?
+      config.key?( :token )
+    end
+
+    def password=( pass )
+      @cipher = Cipher.new( pass, config[ :token ] )
+    end
+
+    def always_prompt?
+      @conf[ :always_prompt ]
     end
 
-    def initialize( repo = nil, config = nil, secrets = nil )
-      config ||= self.class.default_file
-      conf = File.new( config, nil )
-      if secrets
-        conf[ :secrets ] = secrets
-        conf.store
+    def clear_always_prompt
+      @conf.delete( :always_prompt )
+      @conf.store
+    end
+
+    def clear_credentials( store = true )
+      secrets = @conf[ :secrets ]
+      if secrets && !config.key?( :token )
+        FileUtils.rm_f( secrets )
+        @map = @conf
+      else
+        config.delete :iv, :authorization
       end
-      @conf = File.new( conf, repo )
-      @secr = File.new( secrets || conf[ :secrets ], repo )
+      @conf.delete( :secrets )
+      @conf.store if store
     end
 
-    def key?( key )
-      @conf.key?( key ) || @secr.key?( key )
+    def always_prompt
+      @conf[ :always_prompt, nil ] = true
+      
+      config.delete( :token )
+
+      clear_credentials( false )
+
+      @conf.store
     end
 
-    def []( key )
-      if key == :authorization && @conf[ key ]
-        copy_authorization
+    def decrypt_credentials
+      unless encrypted?
+        warn 'not encrypted - nothing to do'
+        return
       end
-      @conf[ key ] || @secr[ key ]
+      encrypt_or_decrypt_credentials do |c|
+        @cipher.iv = c[ :iv ]
+        c[ :authorization ] = @cipher.decrypt( c[ :authorization ] )
+        c.delete( :iv )
+      end
+      config.all.delete( :token )
+      config.store
+      @cipher = nil
+    end
+    
+    def encrypt_credentials
+       if encrypted?
+         warn 'already encrypted - nothing to do'
+         return
+       end
+      encrypt_or_decrypt_credentials do |c|
+        c[ :authorization ] = @cipher.encrypt( c[ :authorization ] )
+        c[ :iv ] = @cipher.iv
+      end
+      config.all[ :token ] = @cipher.token
+      config.store
     end
+        
+    def new_secrets( new )
+      old = @conf.all[ :secrets ]
+      if old and new
+        FileUtils.mv( old, new )
+      end
+      if new
+        @secr = ConfigFile.new( new )
+      end
+        
+      if new.nil? && old
+        @conf.merge!( @secr )
+        FileUtils.rm_f( old )
+        @secr = nil
+      end
+
+      if old.nil? and new
+        move_credentials( @conf, @secr )
 
-    def copy_authorization
-      @secr[ :authorization ] = @conf[ :authorization ]
-      if @secr.store
-        @conf[ :authorization ] = nil
-        @conf.store
+        @secr.store
       end
+
+      # store the new location
+      @conf[ :secrets, nil ] = new
+      @conf.store
     end
-    private :copy_authorization
 
-    def []=( key, value )
-      stored = false
-      if key == :authorization
-        @secr[ key ] = value
-        stored = @secr.store
+    def repos
+      result = @conf.section( :url )
+      if url = result.delete( :url )
+        result[ 'DEFAULT' ] = url
+      end
+      result.keys.each do |key|
+        if key != 'DEFAULT'
+          result[ key ] = result[ key ][ :url ]
+        end
       end
+      result
+    end
 
-      unless stored
-        @conf[ key ] = value
-        @conf.store
+    def authorization
+      auth = self[ :authorization ]
+      if @cipher && auth && self[ :iv ]
+        @cipher.iv = self[ :iv ]
+        @cipher.decrypt( auth )
+      elsif @cipher && auth
+        authorization = auth
+      else
+        auth
       end
     end
 
+    def authorization=( auth )
+      if @cipher && auth
+        self[ :authorization ] = @cipher.encrypt( auth )
+        self[ :iv ] = @cipher.iv
+      else
+        self[ :authorization ] = auth
+      end
+      config.store
+      auth
+    end
+
+    def url
+      @conf[ :url, @repo ]
+    end
+
+    def url=( u )
+      @conf[ :url, @repo ] = u
+      @conf.store
+    end
+
+    def to_s
+      config.file
+    end
   end
 end