opensecret 0.0.951 → 0.0.957

data/lib/plugins/usecases/put.rb

@@ -0,0 +1,137 @@
+#!/usr/bin/ruby
+	
+module OpenSecret
+
+  require 'openssl'
+
+  # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
+  # <em>(encrypted at rest)</em> opened file. Put can be called many times to
+  # add secrets. Finally the <b>lock use case</b> commits all opened secrets
+  # into the configured storage engines.
+  #
+  # Calling <em>put</em> <b>before</b> calling open or <b>after</b> calling lock
+  # is not allowed and will result in an error.
+  #
+  # == Put Pre-Conditions
+  #
+  # When the put use case is called - the below conditions ring true.
+  #
+  # - the <b>folder path</b> ending in ../../my must exist
+  # - a session id, filename and encryption key ( in workstation config )
+  #
+  # == Observable Value
+  #
+  # The observable value delivered by +put+ boils down to
+  #
+  # - a new <b>friends.xyz123abc.os.txt</b> file if this is the first put.
+  # - a new group_name/key_name (like monica/surname) entry is added if required
+  # - a secret value is added against the key or updated if it already exists
+  # - a new session id and encryption key is generated and used to re-encrypt
+  #
+  # == The Encrypted Session Bucket
+  #
+  # After the example commands we can visualize the <b><em>encrypted</em></b>
+  # bucket like this.
+  #
+  #     [monica]
+  #     surname = lewinsky
+  #     from = April 1989
+  #     to = September 1994
+  #
+  #     [hilary]
+  #     surname = clinton
+  #     from = Feb 1982
+  #     to = Present Day
+  #
+  # == Bill Clinton's Lady Friends 
+  #
+  # In our fictitious example Bill Clinton uses opensecret to lock away the
+  # names and dates of his lady riends.
+  #
+  # @example
+  #
+  #    $ opensecret email bill.clinton@example.com
+  #    $ opensecret init
+  #    $ opensecret open my/friends
+  #
+  #    $ opensecret put monica/surname lewinsky
+  #    $ opensecret put monica/from "April 1989"
+  #    $ opensecret put monica/to "September 1994"
+  #
+  #    $ opensecret put hilary/surname clinton
+  #    $ opensecret put hilary/from "January 1988"
+  #    $ opensecret put hilary/to "Present Day"
+  #
+  #    $ opensecret lock
+  #
+  class Put < OpenSession::UseCase
+
+    attr_writer :secret_id, :secret_value
+    @@context_name = "opensecret"
+
+    # The <b>put use case</b> follows <b>open</b> and it adds secrets into an
+    # <em>(encrypted at rest)</em> opened file. Put can be called many times to
+    # add secrets. Finally the <b>lock use case</b> commits all opened secrets
+    # into the configured storage engines.
+    #
+    # Calling <em>put</em> <b>before</b> calling open or <b>after</b> calling lock
+    # is not allowed and will result in an error.
+    #
+    # == Put Pre-Conditions
+    #
+    # When the put use case is called - the below conditions ring true.
+    #
+    # - the <b>folder path</b> ending in ../../my must exist
+    # - a session id, filename and encryption key ( in workstation config )
+    #
+    # == Observable Value
+    #
+    # The observable value delivered by +put+ boils down to
+    #
+    # - a new <b>friends.xyz123abc.os.txt</b> file if this is the first put.
+    # - a new group_name/key_name (like monica/surname) entry is added if required
+    # - a secret value is added against the key or updated if it already exists
+    # - a new session id and encryption key is generated and used to re-encrypt
+    def execute
+
+      session_id = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_idname]
+      encrypt_key = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_keyname]
+      rel_filepath = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_pathname]
+
+      put_filepath = File.join @c[:open][:open_dirpath], rel_filepath
+
+      x_dictionary = OpenSession::Dictionary.new
+      x_dictionary.read put_filepath, true, encrypt_key
+
+      secret_ids = @secret_id.split("/")
+      if ( x_dictionary.has_key? secret_ids.first )
+        x_dictionary[secret_ids.first][secret_ids.last] = @secret_value
+      else
+        x_dictionary[secret_ids.first] = { secret_ids.last => @secret_value }
+      end
+
+      new_encryption_key = Engineer.strong_key @c[:open][:open_keylen]
+      OpenSession::Attributes.stash @@context_name, @c[:open][:open_name], @c[:open][:open_keyname], new_encryption_key
+      x_dictionary.write new_encryption_key
+
+    end
+
+
+    # Perform pre-conditional validations in preparation to executing the main flow
+    # of events for this use case. This method may throw the below exceptions.
+    #
+    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
+    # @raise [EmailAddrNotConfigured] if the email address has not been configured
+    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
+    def pre_validation
+
+
+    end
+
+
+  end
+
+
+end
+
+

data/lib/plugins/usecases/safe.rb

@@ -2,23 +2,17 @@
 	
 module OpenSecret
 
-#####  require "usecase/usecase"
-#####  require "session/attributes"
-
   # This is the [On] usecase that is triggered when a user would like
   # to start a locking (encryption) session.
   #
   # Pre-Conditions
   #
   # - [session.config.file] exists with domain,user,email,store_id => store_url
-  # -
-  # -
-  #
   #
   # Main Flow of Events
   #
-  # -
-  # -
+  # Stash the path into the host machine's configuration file and proceed
+  # to create the path directory chain if it does not already exist.
   #
   class Safe < OpenSession::UseCase
 
@@ -26,9 +20,13 @@ module OpenSecret
     @@context_name = "opensecret"
     @@prime_name = "opensecret.safe"
 
+    # The safe use case simply validates the presented path and when the
+    # execute method is called it stashes the path within the host machine's
+    # configuration file and proceeds to create the path directory chain
+    # if it does not already exist.
     def execute
       
-      OpenSession::Attributes.stash @@context_name, "safe", @safe_path
+      OpenSession::Attributes.stash @@context_name, @@context_name, "safe", @safe_path
       FileUtils.mkdir_p @safe_path unless File.exists? @safe_path
 
     end
@@ -76,7 +74,7 @@ module OpenSecret
     #     configurations right down to missing keys or even missing values.
     def post_validation
 
-      configured_path = OpenSession::Attributes.instance.get_value @@context_name, "safe"
+      configured_path = OpenSession::Attributes.instance.get_value @@context_name, @@context_name, "safe"
       path_string_1 = "  path 1 => #{configured_path}"
       path_string_2 = "  path 2 => #{@safe_path}"
       mismatch_path = "Path mismatch to opensecret [safe] detected."

data/lib/session/attributes.rb

@@ -85,14 +85,18 @@ module OpenSession
     # Stash the attribute within the session's configuration file and
     # print out the current state of the configuration.
     #
+    # @param context_name [String] the context will define the folder and filepath
     # @param section_name [String] name grouping the section of config values
     # @param key_name [String] the name of the key whose value is to be written
     # @param key_value [String] the data item value of the key specified
-    def self.stash section_name, key_name, key_value
+    def self.stash context_name, section_name, key_name, key_value
 
       the_session = OpenSession::Attributes.instance
-      the_session.write_keyvalue section_name, key_name, key_value
-      puts "\n" + File.read(the_session.get_filepath(section_name)) + "\n"
+      the_session.write_keyvalue context_name, section_name, key_name, key_value
+
+      puts ""
+      puts File.read(the_session.get_filepath(context_name))
+      puts ""
 
     end
 
@@ -138,10 +142,11 @@ module OpenSession
     # width = 3m
     #
     # @param context_name [String] name of program writing a session attribute
+    # @param section_name [String] name grouping the section of config values
     # @param key [String] the key name of config directive to be written into the file
     # @param value [String] value of the config directive to be written into the file
     #
-    def write_keyvalue context_name, key, value
+    def write_keyvalue context_name, section_name, key, value
 
       config_file_dir = get_filedir(context_name)
       FileUtils.mkdir_p config_file_dir unless File.exists? config_file_dir
@@ -150,7 +155,7 @@ module OpenSession
       config_map = IniFile.new( :filename => config_filepath, :encoding => 'UTF-8' )
       config_map = IniFile.load( config_filepath ) if File.exists? config_filepath
 
-      config_map[context_name][key] = value
+      config_map[section_name][key] = value
       config_map.write
 
     end
@@ -169,7 +174,7 @@ module OpenSession
     #     cause the key value to not be retrieved. This can range from
     #     non-existent directories and files, non readable files, incorrect
     #     configurations right down to missing keys or even missing values.
-    def get_value context_name, key_name
+    def get_value context_name, section_name, key_name
 
       the_file = get_filepath context_name
       raise ArgumentError.new "No configuration file found => [ #{the_file} ]" unless File.exists? the_file
@@ -178,14 +183,14 @@ module OpenSession
       raise ArgumentError.new "Configuration file is empty => [ #{the_file} ]" if the_text.empty?
 
       the_data = IniFile.load the_file
-      key_exists = the_data[ context_name ].has_key?( key_name )
-      raise ArgumentError.new "Key [#{key_name}] not configured => #{the_data.to_s}" unless key_exists
+      key_exists = the_data[ section_name ].has_key?( key_name )
+      raise ArgumentError.new "Key [#{key_name}] not found in section [#{section_name}] => #{the_data.to_s}" unless key_exists
 
-      rawvalue = the_data[context_name][key_name]
-      raise ArgumentError.new "Empty value 4 key [#{key_name}] => #{the_data.to_s}" if rawvalue.empty?
+      rawvalue = the_data[section_name][key_name]
+      raise ArgumentError.new "Empty value 4 key [#{section_name}][#{key_name}] => #{the_data.to_s}" if rawvalue.empty?
 
       keyvalue = rawvalue.chomp.strip
-      raise ArgumentError.new "Whitespace value 4 key [#{key_name}] => #{the_data.to_s}" if keyvalue.empty?
+      raise ArgumentError.new "Whitespace value 4 key [#{section_name}][#{key_name}] => #{the_data.to_s}" if keyvalue.empty?
 
       return keyvalue
 

data/lib/session/dictionary.rb

@@ -0,0 +1,191 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenSession
+
+  require 'inifile'
+
+
+  # An OpenSession dictionary is a +2D (two dimensional) hash+ data
+  # structure backed by a file that can optionally be +encrypted+.
+  #
+  # It supports operations to +read from+ and +write to+ a known filepath
+  # and can optionally be given a crypt key so that it can
+  #
+  # - decrypt +after reading from+ a file
+  # - encrypt +before writing to+ a file
+  #
+  # Dictionary extends {Hash} in order to deliver on its core key value
+  # store, report and retrieve use cases.
+  #
+  # @example
+  #    This dictionary implementation is backed by an INI file
+  #    that could initially look like this.
+  #
+  #    [openbox]
+  #    length = 2m
+  #
+  #    Then we add a section called closedbox with two key value pairs.
+  #    And we add width key with a value of 3m to the openbox section.
+  #    The result will look like this.
+  #
+  #    [closedbox]
+  #    shape = cuboid
+  #    color = blue
+  #
+  #    [openbox]
+  #    length = 2m
+  #    width = 3m
+  #
+  class Dictionary < Hash
+
+
+    # Write the data in this dictionary hash map into a file-system
+    # backed mirror whose path was specified in the {self.read} method.
+    #
+    # Technology for encryption at rest is supported by this dictionary
+    # and a non-nil encryption key parameter is expected if this dictionary
+    # has been configured to encrypt data at rest.
+    #
+    # An argument error will result if a suitable key is not provided
+    # when encryption at rest is desired.
+    #
+    # Calling this {self.write} method when the file at the prescribed path
+    # does not exist results in the directory structure being created
+    # (if necessary) and then the (possibly encrypted) file being written.
+    #
+    # @param encrypt_key [String]
+    #     if encryption at rest is required this parameter must contain a
+    #     robust symmetric decryption key. The symmetric key will be used
+    #     for the decryption after the read. Note that the decryption key
+    #     does not linger meaning it isn't cached in an instance variable.
+    #
+    # @raise [ArgumentError] if +encryption at rest+ is prescribed for the
+    #     dictionary but no encryption key is provided. The +converse+
+    #     assertion will also be made.
+    def write encrypt_key = nil
+
+      file_exists = File.exists? @filepath
+      folder_path = File.dirname(@filepath) unless file_exists
+      FileUtils.mkdir_p folder_path unless file_exists
+
+      crypt_assertion encrypt_key
+      ini_file = IniFile.new
+
+      self.each_key do |section_name|
+        ini_file[section_name] = self[section_name]
+      end
+
+      ini_string = ini_file.to_s
+
+      puts ""
+      puts "============================"
+      puts "Before Encryption Dictionary"
+      puts "============================"
+      puts ini_string
+      puts "============================"
+      puts ""
+
+      ini_string = OpenSecret::Blowfish.new.encryptor(ini_string,encrypt_key) if @encrypt_at_rest
+
+      File.write @filepath, ini_string
+
+    end
+
+
+    # Read and inject into this dictionary, map data found in a fle
+    # at the path specified in the first parameter.
+    #
+    # Technology for encryption at rest is supported by this dictionary
+    # and the second parameter being TRUE denotes that we are required
+    # to encrypt before writing and decrypt after reading.
+    #
+    # An argument error will result if a suitable key is not provided
+    # when encryption at rest is desired.
+    #
+    # If the file does not exist (boundary condition) - this read method
+    # remembers the file path as well as remembering the need for encryption
+    # at rest.
+    #
+    # @param the_filepath [String] absolute path to the file mirroring this dictionary
+    # @param is_encrypted_at_rest [Boolean] true if dictionary encryption at rest is desired
+    # @param decrypt_key [String]
+    #     if encryption at rest is required this parameter must contain a
+    #     robust symmetric decryption key. The symmetric key will be used
+    #     for the decryption after the read. Note that the decryption key
+    #     does not linger meaning it isn't cached in an instance variable.
+    #
+    # @raise [ArgumentError] if +encryption at rest+ is prescribed for the
+    #     dictionary but no encryption key is provided and the +converse+
+    #     is also true.
+    def read the_filepath, is_encrypted_at_rest, decrypt_key = nil
+
+      @filepath = the_filepath
+      @encrypt_at_rest = is_encrypted_at_rest
+      return unless File.exists? @filepath
+      crypt_assertion decrypt_key
+
+      file_contents = File.read( @filepath ).strip
+      if @encrypt_at_rest then
+        file_contents = OpenSecret::Blowfish.new.decryptor( file_contents, decrypt_key )
+      end
+
+      puts ""
+      puts "==========================="
+      puts "After Decryption Dictionary"
+      puts "==========================="
+      puts file_contents
+      puts "==========================="
+      puts ""
+
+      ingest_contents file_contents
+
+    end
+
+
+    private
+
+
+    def ingest_contents the_contents
+      
+      ini_file = IniFile.new( :content => the_contents )
+      ini_file.each do | data_group, data_key, data_value |
+        ingest_entry data_group, data_key, data_value
+      end
+
+    end
+
+
+    def ingest_entry section_name, key_name, value
+
+      msg = "A NIL object detected during ingestion of file [#{@filepath}]."
+      raise RuntimetError.new msg if section_name.nil? || key_name.nil? || value.nil?
+
+      if self.has_key? section_name then
+        self[section_name][key_name] = value
+      else
+        self.store section_name, { key_name => value }
+      end
+
+    end
+
+
+    def crypt_assertion  with_crypt_key
+
+      if @encrypt_at_rest
+        msg1 = "Encryption at rest required but no (none whitespace) encryption key provided."
+        raise ArgumentError, msg1 unless !with_crypt_key.nil?
+        return
+      end
+
+      msg2 = "Encryption at rest not required but an encryption key was provided."
+      raise ArgumentError, msg2 unless with_crypt_key.nil?
+      return
+
+    end
+
+
+  end
+
+
+end