one_password 0.0.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rspec

@@ -0,0 +1,2 @@
+--color
+--format progress

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in one_password.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Alexander Semyonov
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# OnePassword
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'one_password'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install one_password
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,21 @@
+require 'bundler/gem_tasks'
+
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new(:doc)
+rescue LoadError
+  task :doc do
+    abort 'YARD is not available. In order to run yardoc, you must run: `bundle install``'
+  end
+end
+
+begin
+  require 'rspec/core/rake_task'
+  RSpec::Core::RakeTask.new(:spec)
+rescue LoadError
+  task :spec do
+    abort 'RSpec is not available. In order to run specs, you must run: `bundle install`'
+  end
+end
+
+task default: :spec

data/lib/one_password.rb

@@ -0,0 +1,19 @@
+require 'one_password/version'
+
+module OnePassword
+  WEBFORMS              = 'webforms.WebForm'
+  FOLDERS               = 'system.folder.Regular'
+  NOTES                 = 'securenotes.SecureNote'
+  IDENTITIES            = 'identities.Identity'
+  PASSWORDS             = 'passwords.Password'
+  WALLET                = 'wallet'
+  SOFTWARE_LICENSES     = 'wallet.computer.License'
+  TRASHED               = 'trashed'
+  ACCOUNT               = 'account'
+  ACCOUNT_ONLINESERVICE = 'wallet.onlineservices.'
+  ACCOUNT_COMPUTER      = 'wallet.computer.'
+  CATEGORIES            = [WEBFORMS, NOTES, WALLET, PASSWORDS, IDENTITIES, SOFTWARE_LICENSES, :folders,
+                           ACCOUNT, TRASHED,].map { |type| type.to_sym }
+end
+
+require 'one_password/keychain'

data/lib/one_password/encryption.rb

@@ -0,0 +1,74 @@
+require 'base64'
+require 'openssl'
+require 'pbkdf2'
+require 'cgi'
+
+module OnePassword
+  class Encryption
+    ZERO_IV = "\x00" * 8
+    NR      = 10
+    NK      = 4
+
+    def self.decrypt_using_pbkdf2(data, password, iterations)
+      encrypted = Base64.decode64(data)
+      salt      = ZERO_IV
+      if salted?(encrypted)
+        salt      = encrypted[8, 8]
+        encrypted = encrypted[16..-1]
+      end
+
+      derived_key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(password, salt, iterations, 32)
+
+      key = derived_key.slice(0..15)
+      iv  = derived_key.slice(16..-1)
+
+      decrypt_using_key_and_ivec(encrypted, key, iv)
+    end
+
+    def self.decrypt_using_key(encrypted, encryption_key)
+      encrypted = Base64.decode64(encrypted)
+
+      if Encryption.salted?(encrypted)
+        salt      = encrypted[8, 8]
+        encrypted = encrypted[16..-1]
+
+        key, iv = Encryption.open_ssl_key(encryption_key, salt)
+      else
+        key = OpenSSL::Digest::MD5.digest(encryption_key)
+        iv  = Encryption::ZERO_IV
+      end
+
+      plain_text = Encryption.decrypt_using_key_and_ivec(encrypted, key, iv)
+
+
+      CGI::unescape(CGI::escape(plain_text))
+
+    end
+
+    def self.decrypt_using_key_and_ivec(encrypted, key, iv)
+      aes = OpenSSL::Cipher.new('AES-128-CBC')
+      aes.decrypt
+      aes.key = key
+      aes.iv  = iv
+      aes.update(encrypted) << aes.final
+    end
+
+    def self.salted?(string)
+      (string =~ /\ASalted__/)
+    end
+
+    def self.open_ssl_key(password, salt)
+      rounds   = NR >= 12 ? 3 : 2
+      data00   = password + salt
+      md5_hash = [OpenSSL::Digest::MD5.digest(data00)]
+      result   = md5_hash[0]
+      1.upto(rounds - 1) do |i|
+        md5_hash[i] = OpenSSL::Digest::MD5.digest(md5_hash[i - 1] + data00)
+        result      += md5_hash[i]
+      end
+      key = result.slice(0..(4 * NK - 1))
+      iv  = result.slice((4 * NK)..(4 * NK + 15))
+      [key, iv]
+    end
+  end
+end

data/lib/one_password/encryption_key.rb

@@ -0,0 +1,34 @@
+require 'one_password/encryption'
+
+module OnePassword
+  class EncryptionKey
+    #noinspection RubyResolve
+    attr_accessor :profile, :data, :validation, :level, :iterations, :identifier
+
+    def initialize(profile, data)
+      @profile = profile
+      data.each do |name, value|
+        send("#{name}=", value)
+      end
+    end
+
+    #noinspection RubyResolve
+    def iterations=(iterations)
+      @iterations = iterations.to_i
+      @iterations = 1000 if @iterations < 1000
+      @iterations
+    end
+
+    def decrypt(password=self.profile.password)
+      @decrypted_key = Encryption.decrypt_using_pbkdf2(data, password, iterations)
+    end
+
+    def decrypted_key
+      @decrypted_key || decrypt
+    end
+
+    def valid?
+      Encryption.decrypt_using_key(validation, decrypted_key) == decrypted_key
+    end
+  end
+end

data/lib/one_password/errors.rb

@@ -0,0 +1,13 @@
+module OnePassword
+  class Error < StandardError
+  end
+
+  class UndefinedProfile < Error
+    def initialize(profile_name)
+      super "Undefined profile #{profile_name.inspect}"
+    end
+  end
+
+  class NoPassword < Error
+  end
+end

data/lib/one_password/item.rb

@@ -0,0 +1,156 @@
+require 'one_password/encryption'
+require 'active_support/core_ext'
+
+module OnePassword
+  class Item
+    INDEX_UUID              = 0
+    INDEX_TYPE              = 1
+    INDEX_NAME              = 2
+    INDEX_URL               = 3
+    INDEX_DATE              = 4
+    INDEX_FOLDER            = 5
+    INDEX_PASSWORD_STRENGTH = 6
+    INDEX_TRASHED           = 7
+
+                                                    # @return [String]
+    attr_accessor :uuid, :type, :title, :domain, :updated_at, :trashed, :security_level, :open_contents, :encrypted#,
+                  #:location_key, :open_contents, :key_id, :location, :encrypted,
+                  #:created_at, :trashed, :type_name #,
+                                                    #:reminderq, :port, :notes_plain, :cash_limit, :html_name, :fields,
+                                                    #:expiry_mm, :expiry_yy, :member_name, :zip, :database_type, :html_action, :phone_toll_free,
+                                                    #:lastname, :password, :html_method, :html_id,
+                                                    #:renewal_date_yy, :renewal_date_mm, :renewal_date_dd, :cardholder, :credit_limit,
+                                                    #:birthdate_yy, :birthdate_mm, :birthdate_dd, :username, :company, :bank, :email, :ccnum,
+                                                    #:idisk_storage, :pin, :firstname, :path, :hostname, :website, :country, :interest, :database, :sex,
+                                                    #:server, :cvv, :address1, :address2, :cellphone_local, :city, :aim, :jobtitle, :state, :occupation,
+                                                    #:department, :busphone_local
+                                                    # @return [Time]
+
+    # @return [OnePassword::Profile]
+    attr_reader :profile
+
+    # @param [Profile] profile
+    # @param [Array] data
+    def initialize(profile, data)
+      @profile        = profile
+      self.attributes = {
+        uuid:       data[INDEX_UUID],
+        type:       data[INDEX_TYPE],
+        title:      data[INDEX_NAME],
+        domain:     data[INDEX_URL],
+        updated_at: data[INDEX_DATE],
+        trashed:    data[INDEX_TRASHED]
+      }
+    end
+
+    def updated_at=(seconds)
+      @updated_at = Time.at(seconds)
+    end
+
+    def created_at=(seconds)
+      @created_at = Time.at(seconds)
+    end
+
+    def system?
+      @type =~ /^system/
+    end
+
+    def wallet?
+      @type =~ /^wallet\.(membership|financial|government)}/
+    end
+
+    def trashed?
+      @trashed == 'Y'
+    end
+
+    def category
+      @category ||= case type
+                    when SOFTWARE_LICENSES, WEBFORMS, NOTES, IDENTITIES, PASSWORDS
+                      type.to_sym
+                    else
+                      if type == FOLDERS
+                        :folders
+                      elsif wallet?
+                        WALLET
+                      else
+                        ACCOUNT.to_sym
+                      end
+                    end
+    end
+
+    def matches?(text)
+      title.downcase.index(text) || domain.downcase.index(text)
+    end
+
+    def file_name
+      profile.directory.join("#{uuid}.1password")
+    end
+
+    def security_level
+      open_contents.try(:[], 'securityLevel') || 'SL5'
+    end
+
+    def encryption_key
+      profile.encryption_keys[security_level].decrypted_key
+    end
+
+    def load_encrypted_data
+      self.attributes = JSON.parse(File.read(file_name))
+    end
+
+    def encrypted
+      load_encrypted_data unless @encrypted
+      @encrypted
+    end
+
+    def decrypt_data
+      unless @decrypted
+        @decrypted      = true
+        plain_text = Encryption.decrypt_using_key(encrypted, encryption_key)
+        attrs = JSON.parse(plain_text)
+        self.attributes = attrs
+      end
+    end
+
+    def login_username
+      find_field_with_designation('username')
+    end
+
+    def login_password
+      attributes['password'].presence || find_field_with_designation('password')
+    end
+
+    def find_field_with_designation(designation)
+      fields = attributes['fields']
+      field = fields.find do |field|
+        field['designation'] == designation
+      end if fields
+
+      field['value'] if field
+    end
+
+    def attributes
+      @attributes ||= {}
+      fields = instance_variables.inject({}) do |result, ivar|
+        result[ivar] = instance_variable_get(ivar) unless ivar == :@profile
+        result
+      end
+      @attributes.merge(fields)
+    end
+
+    def attributes=(attrs)
+      attrs.each do |name, value|
+        if value.present?
+          attribute = name.to_s.underscore
+          writer    = "#{attribute}="
+          if respond_to?(writer)
+            send(writer, value)
+          else
+            @attributes            ||= {}
+            @attributes[attribute] = value
+          end
+        end
+      end
+    end
+  end
+end

data/lib/one_password/keychain.rb

@@ -0,0 +1,47 @@
+# coding: utf-8
+
+require 'json'
+require 'one_password/profile'
+require 'one_password/errors'
+
+module OnePassword
+  class Keychain
+    def initialize(directory = '~/Dropbox/1Password.agilekeychain')
+      @directory       = Pathname(File.expand_path(directory))
+      @master_password = nil
+      profiles
+    end
+
+    # @return [Profile]
+    def current_profile
+      @current_profile ||= profiles['default']
+    end
+
+    # @param [String, Profile] profile
+    def current_profile=(profile)
+      unless profile.is_a?(Profile)
+        raise UndefinedProfile.new(profile) unless profiles.key?(profile)
+        profile = profiles[profile]
+      end
+      @profile = profile
+    end
+
+    def password=(password)
+      current_profile.password = password
+    end
+
+    protected
+
+    def data_directory
+      @directory.join('data')
+    end
+
+    def profiles
+      @profiles ||= Dir["#{data_directory}/*"].inject({}) do |result, dir|
+        profile              = Profile.new(self, dir)
+        result[profile.name] = profile
+        result
+      end
+    end
+  end
+end