opensecret 0.0.913 → 0.0.941

data/lib/factbase/facts.opensecret.io.ini

@@ -0,0 +1,28 @@
+
+[global]
+
+min.passwd.len  =  rb>> 16
+nickname        =  godzilla
+root.domain     =  devopswiki.co.uk
+env.var.name    =  SECRET_MATERIAL
+ratio           =  rb>> 3
+bit.key.size    =  rb>> 8192
+key.cipher      =  rb>> OpenSSL::Cipher.new 'AES-256-CBC'
+secret.keyname  =  master.private.key.crypt.txt
+secret.keydir   =  rb>> OpenSession::Attributes.instance.get_value "opensecret", "safe"
+secret.keypath  =  rb>> File.join @s[:secret_keydir], @s[:secret_keyname]
+
+repo.name       =  material_data
+
+## local.gitrepo   =  rb>> File.join @i[:dir], @s[:repo_name]
+
+## public.gitrepo  =  https://www.eco-platform.co.uk/content/material.data.git
+## public.dirname  =  public_keys
+## public.keyroute =  rb>> File.join @s[:root_domain], @s[:public_dirname]
+## public.keydir   =  rb>> File.join @s[:local_gitrepo], @s[:public_keyroute]
+## public.keyname  =  rb>> "public_key." + @s[:nickname] + dot + @s[:root_domain] + ".txt"
+## public.keypath  =  rb>> File.join @s[:public_keydir], @s[:public_keyname]
+
+prompt.1        =  Enter a Robust Password
+prompt.2        =  Re-enter that Password
+

data/lib/logging/gem.logging.rb

@@ -0,0 +1,133 @@
+require "logger"
+require "session/user.home"
+
+# [MIXIN] magic is deployed to hand out DevOps quality logging
+# features to any class that includes the logging module.
+#
+# When logging facilities are not ready we need to log just to
+# stdout but when they are we need to use them.
+#
+# mixin power enables one class to give the logfile path and all
+# classes will suddenly retrieve a another logger and use that.
+#
+#   include Logging
+#   def doImportant
+#     log.warn(ere) "unhappy about doing this"
+#     do_anyway
+#     log.debug(ere) "all good it was okay"
+#   end
+#
+# So what are Mixins?
+#
+# Refer to the below link for excellent coverage of mixins.
+# @see http://ruby-doc.com/docs/ProgrammingRuby/html/tut_modules.html
+#
+module OpenLogger
+
+  @@gem_name = "opensecret"
+  @@gem_base = File.join OpenSession::Home.dir, ".#{@@gem_name}"
+  FileUtils.mkdir_p @@gem_base unless File.exists? @@gem_base
+  @@log_path = File.join @@gem_base, "opensecret-cli-activity.log"
+
+
+
+  # Classes that include (MIXIN) this logging module will
+  # have access to this logger method.
+  #
+  # [memoization] is implemented here for performance and
+  # will only initiate a logger under 2 circumstances
+  #
+  #   [1] - the first call (returns a STDOUT logger)
+  #   [2] - the call after the logfile path is set
+  #          (returns a more sophisticated logger)
+  def log
+
+    @@log_class ||= get_logger
+
+  end
+
+
+  # This Ruby behavioural snippet allows the logger to print 3 crucial
+  # pieces of information for the troubleshooter (detective) so that they
+  # may ascertain
+  #
+  # - the [module] the logging call came from
+  # - the [method] the logging call came from
+  # - the [line number] the logging call is at
+  #
+  # To use this method you can make calls like this
+  #
+  # - log.info(x) { "Log many things about where I am now." }
+  # - log.warn(x) { "Log many things about where I am now." }
+  #
+  def x
+
+    module_name = File.basename caller_locations(1,1).first.absolute_path, ".rb"
+    method_name = caller_locations(1,1).first.base_label
+    line_number = caller_locations(1,1).first.lineno
+
+    "#{module_name} | #{method_name} | (line #{line_number}) "
+
+  end
+
+
+  # This method returns an initialized logger.
+  #
+  # The logger returned may write to
+  #
+  # - a simple file
+  # - a service like fluentd
+  # - a message queue
+  # - a nosql database
+  # - all of the above
+  #
+  # Not that [memoization] should be used so that this method
+  # gets called ideally just once although in practise it may
+  # turn out to be a handful of times.
+  #
+  # @return [Logger] return an initialized logger object
+  def get_logger
+
+    file_logger = Logger.new @@log_path
+    original_formatter = Logger::Formatter.new
+
+    file_logger.formatter = proc { |severity, datetime, progname, msg|
+      original_formatter.call( severity, datetime, progname, msg.dump.chomp.strip )
+    }
+
+    return file_logger
+
+  end
+
+
+  # Overtly long file paths in the log files sometimes hamper readability
+  # and this method improves the situation by returning just the two
+  # immediate ancestors of the file (or folder) path.
+  #
+  # @example A really long input like
+  #          <tt>/home/joe/project/degrees/math/2020</tt>
+  #          is reduced to
+  #          <tt>degrees/math/2020</tt>
+  #
+  # So this method returns the name of the grandparent folder then parent folder
+  # and then the most significant file (or folder) name.
+  #
+  # When this is not possible due to the filepath being colisively near the
+  # filesystem's root, it returns the parameter name.
+  # 
+  # @param object_path [String] overtly long path that will be made more readable
+  # @return [String] the (separated) three most significant path name segments
+  def nickname object_path
+
+    object_name   = File.basename object_path
+    parent_folder = File.dirname  object_path
+    parent_name   = File.basename parent_folder
+    granny_folder = File.dirname  parent_folder
+    granny_name   = File.basename granny_folder
+
+    return [granny_name,parent_name,object_name].join("/")
+
+  end
+
+
+end

data/lib/opensecret.rb

@@ -1,10 +1,19 @@
 require "thor"
+require "fileutils"
 require "session/time.stamp"
-require "session/session"
+require "session/attributes"
+require "logging/gem.logging"
 
-#
-# This command line processor extends Thor's functionality in
-# order to
+require "usecase/usecases/safe"
+require "usecase/usecases/init"
+
+include OpenLogger
+
+# This standard out sync command flushes text destined for STDOUT immediately,
+# without waiting either for a full cache or script completion.
+$stdout.sync = true
+
+# This command line processor extends the Thor gem CLI tools in order to
 #
 # - read the posted commands, options and switches
 # - maps the incoming string data to objects
@@ -13,7 +22,9 @@ require "session/session"
 # - ensure that the parameter values are in range
 # - delegate processing to the registered handlers
 #
-class CommandProcessor < Thor
+class CliInterpreter < Thor
+
+  log.info(x) {"Wake up loggers."}
 
   #
   # This class option allows every CLI call the option to include
@@ -22,11 +33,21 @@ class CommandProcessor < Thor
   #
   class_option :debug, :type => :boolean
   
+
+
+  # Description of the init configuration call.
+  desc "init", "initialize secret keys and check access to the crypt store"
+
+  # Initialize secret keys and check access to the crypt store.
   #
-  # Thor method describing the mandatory directory path parameter
-  # in the keydir cli interface call.
-  #
-  desc "keydir KEYPATH", "KEYPATH path to USB key for storing private keys"
+  # - checks the installed configuration.
+  def init
+    OpenSecret::Init.new.flow_of_events
+  end
+
+
+  # Description of the mandatory safe and (safe directory) configuration.
+  desc "safe SAFE_DIR", "SAFE_DIR full path to the (ideally USB key) storage location"
 
   #
   # A USB key drive is the ideal store for the encrypted private
@@ -37,59 +58,95 @@ class CommandProcessor < Thor
   # - if not, it attempts to create the path
   # - if successful it's written into HOME/.opensecret/opensecret.keydir.txt
   #
-  # @example opensecret keydir /path/to/usb/key/dir
+  # @param safe_dir [String] the path to USB key for storing encrypted keys
+  #
+  def safe safe_dir
+
+    configure_safe_uc = OpenSecret::Safe.new
+    configure_safe_uc.safe_path = safe_dir
+    configure_safe_uc.flow_of_events
+
+  end
+
+
+  #
+  # Description of the email-address that is unique
+  # for the domain in question.
   #
-  # Alternate Use Case Flows
+  desc "email EMAIL_ADDRESS", "EMAIL_ADDRESS Your email address unique for the domain."
+
   #
-  # - if file exists with equal (case sensitive) content this is logged
-  # - if file exists with different content that content is logged and changed
+  # This method collects the email address that is unique for the domain in
+  # question. For the email address to be valid it must consist of only alphanumerics,
+  # underscores, periods, hyphens and (at most) one @ symbol.
   #
-  # @param keypath [String] the path to USB key for storing private keys
+  # Note that underscores, periods, hyphens and @ symbol are permissable if not
+  # at the start or end of the email address nor can they appear consecutively.
   #
-  def keydir keypath
+  # <tt>a@b.cd</tt> is the minimum size of an externally addressable email
+  # address so 6 or more characters is enforced by this configuation method.
+  #
+  #    email validation will be added to opensecret including
+  #    - validation of the email address character array
+  #    - proof of control and ownership of the email address
+  #
+  # If an email address already exists within the domain section of the
+  # configuration file, it is overwritten. If there is no configuration
+  # file yet, one is created within the auspices of the home directory.
+  #
+  # @param email_address [String] email address of the user (eg a@b.cd)
+  #
+  def email email_address
 
-    if( File.exists?( keypath ) && !(File.directory? keypath) )
-      abort "The path cannot be a file => #{keypath}"
+    if email_address.length < 6
+      abort "The tiniest (externally accessible) email address [a@b.cd] has 6 characters."
     end
     
-    FileUtils.mkdir_p keypath unless File.exists? keypath
+    OpenSession::Attributes.stash "opensecret", "email", email_address
 
-    secret_session = OpenSession::Session.new
-    secret_session.write_keyvalue "opensecret", "key_folder", keypath
-    session_file = secret_session.get_filepath "opensecret"
+  end
 
-    puts ""
-    puts "private key directory  => [ #{keypath} ]"
-    puts "session configuration  => [ #{session_file} ]"
-    puts "session time stamp is  => [ #{OpenSession::Stamp.yyjjj_hhmm_sst} ]"
-    puts ""
 
-  end
+  desc "store STORE_URL", "STORE_URL denotes the location of the backend crypt store"
 
   #
-  # Initialize (configure) two fundamental crypt pointers
-  #
-  # - an opensecret domain like &raquo; **lecturers@harvard**
-  # - the url to a backend store like Git, S3 or an SSH accessible drive.
-  #
-  # The domain will be extended to cover verified internet domains.
-  # They will also latch onto LDAP domains so when admins add, revoke
-  # or remove users, their opensecret access is adjusted accordingly.
+  # Here we define the location (the URL) of the crypt store. The crypt store will hold
+  # the cipher text and is known as <tt>backend storage</tt>.
   #
-  # @example opensecret user create id=joe email=joebloggs@opensecret.io
+  # The planned list of backend storage systems (each onlined with a plugin), is
   #
-  # @param domain [String] the DOMAIN eg lecturers@harvard for your family or work group.
-  # @param store_url [String] the STORE_URL for connecting to the backend storage service
+  # - Git (including GitHub, GitLab, BitBucket, OpenGit and private repositories.
+  # - S3 Buckets from the Amazon Web Services (AWS) cloud.
+  # - SSH, SCP, SFTP connected file-systems
+  # - network storage including Samba, NFS, VMWare vSAN and
+  # - GoogleDrive (only Windows has suitable synchronized support).
   #
-# --->  def init domain, store_url
+  # @param store_url [String] the STORE_URL identifying a filesystem or Git or S3 storage location
+  def store store_url
 
-# --->    OpenSecret::Crypto.register_domain domain, store_url
 
-# --->    puts ""
-# --->    puts "New domain configured  => [ #{domain} ]"
-# --->    puts "Crypt store configured => [ #{store_url} ]"
-# --->    puts ""
+    if store_url.strip.length < 3
+      abort "4 characters is the minimum domain name length."
+    end
+
+    OpenSession::Attributes.stash "opensecret", "store", store_url.strip
+
+###    if( File.exists?( store_url ) && !(File.directory? store_url) )
+###      abort "The store url path cannot be a file => #{store_url}"
+###    end
+
+  end
+
+
+  desc "on", "Open a session to encrypt (lock) one or more secrets"
+
+  # The [on] message tells opensecret to prepare to lock one or more secrets.
+  def on
+
+####    FileUtils.mkdir_p store_url unless File.exists? store_url
+####    OpenSession::Attributes.stash "opensecret", "store.id.#{store_id}", store_url
+
+  end
 
-# --->  end
 
 end

data/lib/opensecret/executors/crypt.keys/crypt.keys.ini

@@ -24,56 +24,3 @@ public.keypath  =  e>> File.join @s[:public_keydir], @s[:public_keyname]
 prompt.1        =  Enter a Robust Password
 prompt.2        =  Re-enter that Password
 
-#--
-#-- ------------------------------------------
-#-- How to Add the Secret Material on Windows
-#-- ------------------------------------------
-#--
-#-- Check that the variable is not set.
-#-- $ set
-#--
-#-- Run the commands below and then acquire another
-#-- command prompt or emacs/cygwin window.
-#--
-#-- $ setx SECRET_MATERIAL ABC123
-#-- $ set
-#--
-#-- Check (with last command) on new prompt that the
-#-- environment variable is now set.
-#--
-#-- ----------------------------------------
-#-- How to Add the Secret Material (Linux)
-#-- ----------------------------------------
-#--
-#-- Check that the variable is not set.
-#-- $ printenv | sort
-#--
-#-- Run the commands below and then reboot.
-#-- (Ensure that the whole disk is encrypted so that the
-#-- /etc/environment file cannot be accessed if your desktop
-#-- or laptop is stolen.
-#--
-#-- $ sudo chmod 666 /etc/environment
-#-- $ sudo echo "SECRET_MATERIAL=ABC123" >> /etc/environment
-#-- $ sudo chmod 644 /etc/environment
-#-- $ printenv | sort
-#--
-#-- Check (with last command) after the reboot to ensure
-#-- that the environment variable is now set.
-#--
-#-- ---------------------------------------------------
-#-- How to TEMPORARILY Add the Secret Material (Linux)
-#-- ---------------------------------------------------
-#--
-#-- Check that the variable is not set.
-#-- $ printenv | sort
-#--
-#-- We are only adding for the session (perhaps to test it)
-#-- therefore we simply export. On closing the shell the
-#-- environment variable will be gone.
-#--
-#-- $ export SECRET_MATERIAL=ABC123
-#-- $ printenv | sort
-#--
-#-- Now the environment variable should be temporarily set.
-#--

data/lib/session/{session.rb → attributes.rb}

@@ -17,6 +17,7 @@
 module OpenSession
 
   require 'inifile'
+  require 'singleton'
 
 
  ## ---> Cleaning User Input - Use Me
@@ -73,13 +74,30 @@ module OpenSession
   # This "session awakening" wipes the slate clean and starts afresh
   # with regard to the two dimensional array of configuration directive
   # pointers.
-  class Session
-
+  class Attributes
+    include Singleton
 
     @@filename_tail = "-session.ini"
     attr_reader :time_stamp
 
 
+
+    # Stash the attribute within the session's configuration file and
+    # print out the current state of the configuration.
+    #
+    # @param section_name [String] name grouping the section of config values
+    # @param key_name [String] the name of the key whose value is to be written
+    # @param key_value [String] the data item value of the key specified
+    def self.stash section_name, key_name, key_value
+
+      the_session = OpenSession::Attributes.instance
+      the_session.write_keyvalue section_name, key_name, key_value
+      puts "\n" + File.read(the_session.get_filepath(section_name)) + "\n"
+
+    end
+
+
+
     # This singleton (one instance) class initializes by getting
     # the current timestamp.
     def initialize
@@ -138,6 +156,42 @@ module OpenSession
     end
 
 
+    # Given the configuration key name and the context name, get the
+    # corresponding key value from the configuration file whose path
+    # is acquired using the {self#get_filepath} method.
+    #
+    # @param context_name [String] name of program writing a session attribute
+    # @param key_name [String] the key whose value is to be retrieved
+    #
+    # @return [String] the value configured for the parameter key
+    #
+    # @raise ArgumentError for any one of a long list of reasons that
+    #     cause the key value to not be retrieved. This can range from
+    #     non-existent directories and files, non readable files, incorrect
+    #     configurations right down to missing keys or even missing values.
+    def get_value context_name, key_name
+
+      the_file = get_filepath context_name
+      raise ArgumentError.new "No configuration file found => [ #{the_file} ]" unless File.exists? the_file
+
+      the_text = File.read the_file
+      raise ArgumentError.new "Configuration file is empty => [ #{the_file} ]" if the_text.empty?
+
+      the_data = IniFile.load the_file
+      key_exists = the_data[ context_name ].has_key?( key_name )
+      raise ArgumentError.new "Key [#{key_name}] not configured => #{the_data.to_s}" unless key_exists
+
+      rawvalue = the_data[context_name][key_name]
+      raise ArgumentError.new "Empty value 4 key [#{key_name}] => #{the_data.to_s}" if rawvalue.empty?
+
+      keyvalue = rawvalue.chomp.strip
+      raise ArgumentError.new "Whitespace value 4 key [#{key_name}] => #{the_data.to_s}" if keyvalue.empty?
+
+      return keyvalue
+
+    end
+
+
     #
     # Get the path to the session context file.
     # This file will be in a folder whose name is simply the dot
@@ -147,7 +201,7 @@ module OpenSession
     # @example ~/.openbox/openbox-session.ini is the filepath for context "openbox"
     #
     # @param context_name [String] name of program writing a session attribute
-    #
+    # @return [String] full path to the context configuration file
     def get_filepath context_name
 
       return File.join( get_filedir(context_name), "#{context_name}#{@@filename_tail}" )
@@ -165,7 +219,7 @@ module OpenSession
     # @example ~/.openbox is the directory for context "openbox"
     #
     # @param context_name [String] name of program (or use case) context
-    #
+    # @return [String] path to directory holding context configuration file
     def get_filedir context_name
 
       return File.join home_directory, ".#{context_name}"
@@ -173,7 +227,6 @@ module OpenSession
     end
 
 
-    #
     # On non-windows systems the home directory is defined
     # perfectly by Ruby's Dir object.
     #
@@ -181,6 +234,7 @@ module OpenSession
     # onto the actual home directory. In these cases this
     # method removes it.
     #
+    # @return [String] the path to the machine user's home directory
     def home_directory
 
       return Dir.home unless Gem.win_platform?
@@ -205,6 +259,7 @@ module OpenSession
     # - ENV['USERNAME'] for the Windows platform
     # - ENV['USER'] for Linux (and everything else)
     #
+    # @return [String] the username of the machine user
     def username
 
       return ENV['USERNAME'] if Gem.win_platform?