opensecret 0.0.962 → 0.0.988

data/lib/plugins/ciphers/blowfish.rb

@@ -1,126 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-module OpenSecret
-
-  # Blowfish is a symmetric encryption cipher which inherits extends the
-  # {OpenSecret::Cipher} base class in order to implement plug and play
-  # symmetric encryption.
-  #
-  # Blowfish is still uncrackable - however its successor (TwoFish) has
-  # been reinforced to counter the growth of super-computer brute force
-  # resources.
-  class Blowfish < OpenSecret::Cipher
-
-
-    # The blowfish cipher id constant is used to +initialize+
-    # an {OpenSSL::Cipher} class instance.
-    BLOWFISH_CIPHER_ID = "BF-ECB"
-
-
-    # Blowfish constrains the length of +incoming plain text+ forcing it
-    # to be a multiple of eight (8).
-    BLOWFISH_BLOCK_LEN = 8
-
-
-    # Encrypt the (plain) text parameter using the symmetric encryption key
-    # specified in the second parameter and return the base64 encoded
-    # representation of the cipher text.
-    #
-    # Blowfish is a block cipher meaning it needs both the key and the plain
-    # text inputted to conform to a divisible block length.
-    #
-    # Don't worry about this block length requirement as this encrption method
-    # takes care of it and its sister method {self.decryptor} will also perform
-    # the correct reversal activities to give you back the original plain text.
-    #
-    # {Base64.urlsafe_encode64} facilitates the ciphertext encoding returning text that
-    # is safe to write to a file.
-    #
-    # @param plain_text [String]
-    #    This parameter should be the non-nil text to encrypt using Blowfish.
-    #    Before encryption the text will be padded using a text string from
-    #    the {OpenSecret::Cipher::TEXT_PADDER} constant until it results in
-    #    a string with the required block length.
-    #
-    # @param encryption_key [String]
-    #    send a long strong unencoded key which does not have to be a multiple of
-    #    eight even though the algorithm demands it. Before the encryption this key
-    #    will be passed through a digest using behaviour from {Digest::SHA256.digest}
-    #
-    #    This behaviour returns a key whose length is a multiple of eight.
-    #
-    # @return [String] base64 representation of blowfish crypted ciphertext
-    #
-    # @raise [OpenSSL::Cipher::CipherError]
-    #    An (encryption) <tt>key length too short</tt> error is raised for short keys.
-    def encryptor plain_text, encryption_key
-
-      shortkey_msg = "The #{encryption_key.length} character encryption key is too short."
-      raise ArgumentError, shortkey_msg unless encryption_key.length > 8
-      log.info(x) { "os blowfish request to encrypt plain text with provided key." }
-
-      block_txt = plain_text
-      block_txt += CryptIO::TEXT_PADDER until block_txt.bytesize % OpenSecret::Blowfish::BLOWFISH_BLOCK_LEN == 0
-      raw_stretched_key = Digest::SHA256.digest(encryption_key)
-
-      blowfish_encryptor = OpenSSL::Cipher.new(OpenSecret::Blowfish::BLOWFISH_CIPHER_ID).encrypt
-      blowfish_encryptor.key = raw_stretched_key
-      return blowfish_encryptor.update(block_txt) << blowfish_encryptor.final
-
-    end
-
-
-    # Decrypt the cipher text parameter using the symmetric decryption key
-    # specified in the second parameter. The cipher text is expected to have
-    # already been decoded if necessary.
-    #
-    # Its okay to use a bespoke encryptor - just ensure you encode the result
-    # and override the padding constant.
-    #
-    # Blowfish is a block cipher meaning it needs both the key and the plain
-    # text inputted to conform to a divisible block length.
-    #
-    # Don't worry about this block length requirement as this decrption method
-    # takes care of the reversing the activities carried out by {self.encryptor}.
-    #
-    # @param cipher_text [String]
-    #    This incoming cipher text should already be encoded but it
-    #    will <b>chomped and stripped upon receipt</b> followed by
-    #    decryption using the Blowfish algorithm.
-    #
-    # @param decryption_key [String]
-    #    Send the same key that was used during the encryption phase. The encryption
-    #    phase passed the key through the {Digest::SHA256.digest} digest so here
-    #    the decryption does the exact same thing.
-    #
-    #    The digest processing guarantees a symmetric key whose length conforms to
-    #    the multiple of eight block length requirement.
-    #
-    # @return [String]
-    #    After decoding and decryption the plain text string will still be padded,
-    #    +but not with spaces+. The unlikely to occur padding string constant used
-    #    is the {OpenSecret::Cipher::TEXT_PADDER}.
-    #
-    #    If the plaintext ended with spaces these would be preserved. After padder
-    #    removal any trailing spaces will be preserved in the returned plain text.
-    #
-    def decryptor cipher_text, decryption_key
-
-      digested_key = Digest::SHA256.digest decryption_key
-
-      decrypt_tool = OpenSSL::Cipher.new(OpenSecret::Blowfish::BLOWFISH_CIPHER_ID).decrypt
-      decrypt_tool.key = digested_key
-
-      padded_plaintxt = decrypt_tool.update(cipher_text) << decrypt_tool.final
-      pad_begin_index = padded_plaintxt.index CryptIO::TEXT_PADDER
-      return padded_plaintxt if pad_begin_index.nil?
-      return padded_plaintxt[ 0 .. (pad_begin_index-1) ]
-
-    end
-
-
-  end
-
-
-end

data/lib/plugins/coldstore.rb

@@ -1,181 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-module OpenSecret
-
-  # Cold storage can sync repositories with a <b>bias during conflicts</b>
-  # either to the <em>remote repository</em> <b>when pulling</b>, and then
-  # conversely to the <em>local reposiory</em> <b>when pushing</b>.
-  #
-  # In between the sync operations a ColdStore can create, read, update and
-  # delete to and from the local mirror.
-  #
-  # == ColdStore | Use Cases
-  #
-  # Any <b>self-respecting coldstore</b> must, after initialization, provide
-  # some basic (and mandatory) behaviour.
-  #
-  # These include
-  #
-  # - <b>read</b> - reading text from a (possibly unavailable) frozen path
-  # - <b>write</b> - writing text (effectively freezing it) to a path
-  # - <b>pull</b> - sync with a <b>collision bias</b> that favours the remote mirror 
-  # - <b>push</b> - sync with a <b>collision bias</b> that favours the local mirror
-  #
-  # <b>Cold Storage</b> is borrowed from BitCoin and represents offline storage
-  # for keys and crypts. opensecret separates keys and crypts so that you can
-  # transfer and share secrets by moving keys (not the crypts).
-  #
-  # == Houses and Gold Bullion
-  #
-  # You don't carry houses or gold bullion around to rent, share or transfer
-  # their ownership.
-  #
-  # You copy keys to rent secrets and when the tenure is up (or you change your
-  # mind) you revoke access with a metaphorical lock change.
-  #
-  # opensecret embodies concepts like an owner who rents as opposed to a change
-  # in ownership.
-  #
-  # == trade secrets | commoditizing secrets
-  #
-  # opensecret is a conduit through which secrets can be bought and sold.
-  #
-  # It commoditizes secrets so that they can be owned, traded, leased and
-  # auctioned. Options to acquire or relinquish them at set prices can easily
-  # be taken out.
-  class ColdStore
-
-    # @param base_path [String]
-    #    path to the store's (mirror) base directory.
-    #    If the denoted directory does not exist an attempt will be made to
-    #    create it. If a file exists at this path an error will be thrown.
-    #
-    # @param domain [String]
-    #    the domain is an identifier (and namespace) denoting which opensecret
-    #    "account" is being accessed. opensecret allows the creation and use of
-    #    multiple domains.
-    def initialize local_path
-
-      @store_path = local_path
-      FileUtils.mkdir_p @store_path
-
-    end
-
-
-    # Read the file frozen (in this store mirror) at this path and
-    # return its contents.
-    #
-    # Coldstores are usually frozen offline (offmachine) so for this
-    # to work the {ColdStore.pull} behaviour must have executed to
-    # create a local store mirror. This method reads from that mirror.
-    #
-    # @param from_path [String]
-    #    read the file frozen at this path and return its contents
-    #    so that the defreeze process can begin.
-    #
-    #    This path is relative to the base of the store defined in
-    #    the constructor.
-    #
-    # @return [String]
-    #    return the text frozen in a file at the denoted local path
-    #
-    #    nil is reurned if no file can be found in the local mirror
-    #    at the configured path
-    #
-    # @raise [RuntimeError]
-    #    unless the path exists in this coldstore and that path is
-    #    a directory (as opposed to a file).
-    #
-    # @raise [ArgumentError]
-    #    if more than one file match is made at the path specified.
-    def read from_path
-
-      frozen_filepath = File.join @store_path, from_path
-      frozen_dir_path = File.dirname(frozen_filepath)
-
-      log.info(x) { "Coldstore will search in folder [#{frozen_dir_path.hr_path}]" }
-
-      exists_msg = "Directory #{frozen_dir_path} does not exist in store."
-      is_dir_msg = "Path #{frozen_dir_path} should be a directory (not a file)."
-      raise RuntimeError, exists_msg unless File.exists? frozen_dir_path
-      raise RuntimeError, is_dir_msg unless File.directory? frozen_dir_path
-
-      full_filepath = ""
-      file_matched = false
-
-      Dir.glob("#{frozen_dir_path}/**/*.os.txt").each do |matched_path|
-
-        log.info(x) { "Coldstore search with [#{from_path}] has matched [#{matched_path.hr_path}]" }
-        log.info(x) { "Ignore directory at [#{matched_path.hr_path}]." } if File.directory? matched_path
-        next if File.directory? matched_path
-
-        two_match_msg = "More than one file matched. The second is #{matched_path}."
-        raise ArgumentError, two_match_msg if file_matched
-        file_matched = true
-
-        full_filepath = matched_path
-
-      end
-
-      no_file_msg = "Coldstore could not find path [#{from_path}] from [#{@store_path}]."
-      raise RuntimeError, no_file_msg unless file_matched
-
-      log.info(x) { "Coldstore matched exactly one envelope at [#{full_filepath.hr_path}]." }
-      return File.read full_filepath
-
-    end
-
-
-    # Write (freeze) the text into a file at the denoted path. The
-    # folder path will be created if need be.
-    #
-    # Coldstores are usually frozen offline (offmachine) so after
-    # this method completes the {ColdStore.push} behaviour must be
-    # executed to synchronize the local coldstore freezer with the
-    # remote mirror.
-    #
-    # @param this_text [String]
-    #    this is the text that needs to be frozen into the local and
-    #    subsequently the remote coldstore freezer.
-    #
-    # @param to_path [String]
-    #    write the text (effectively freezing it) into the file at
-    #    this path. An attempt will be made to put down the necessary
-    #    directory structure.
-    #
-    #    This path is relative to the base of the store defined in
-    #    the constructor.
-    def write this_text, to_path
-
-      freeze_filepath = File.join @store_path, to_path
-
-      log.info(x) { "ColdStore freezing #{this_text.length} characters of worthless text."}
-      log.info(x) { "ColdStore freeze file path => #{freeze_filepath.hr_path}"}
-
-      FileUtils.mkdir_p(File.dirname(freeze_filepath))
-      File.write freeze_filepath, this_text
-
-    end
-
-
-    private
-
-    # @todo - write sync (with a local bias during conflicts)
-    #     The open up to the public (published) api.
-    def push
-
-
-    end
-
-    # @todo - write sync (with a rmote bias during conflicts)
-    #     The open up to the public (published) api.
-    def pull
-
-    end
-
-
-  end
-
-
-end

data/lib/plugins/envelope.rb

@@ -1,116 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-module OpenSecret
-
-  require 'json'
-
-  # An envelope knows how to manipulate a JSON backed data structure
-  # (put, add etc) <b>after reading and then decrypting it</b> from a
-  # file and <b>before encrypting and then writing it</b> to a file.
-  #
-  # It provides behaviour to which we can create, append (add), update
-  # (change), read parts and delete essentially two structures
-  #
-  # - a collection of name/value pairs
-  # - an  ordered list of values
-  #
-  # == JSON is Not Exposed in the Interface
-  #
-  # An envelope doesn't expose the data format used in the implementation
-  # allowing this to be changed seamlessly to YAMl or other formats.
-  #
-  # == Symmetric Encryption and Decryption
-  #
-  # An envelope supports operations to <b>read from</b> and <b>write to</b>
-  # a known filepath and with a symmetric key it can
-  #
-  # - decrypt <b>after reading from</b> a file and
-  # - encrypt <b>before writing to</b> a (the same) file
-  #
-  # == Hashes as the Primary Data Structure
-  #
-  # Envelope extends {Hash} as the core data structure for holding
-  #
-  # - strings
-  # - arrays
-  # - other hashes
-  # - booleans
-  # - integers and floats
-  class Envelope < Hash
-
-
-    # Read and inject into this envelope, the data structure found in a
-    # file at the path specified in the first parameter.
-    #
-    # Symmetric cryptography is mandatory for the envelope so we must
-    # <b>encrypt before writing</b> and <b>decrypt after reading</b>.
-    #
-    # An argument error will result if a suitable key is not provided.
-    #
-    # If the file does not exist (denoting the first read) all this method
-    # does is to stash the filepath as an instance variable and igore the
-    # decryption key which can be nil (or ommitted).
-    #
-    # @param the_filepath [String]
-    #     absolute path to the file which acts as the persistent mirror to
-    #     this data structure envelope.
-    #
-    # @param decryption_key [String]
-    #     encryption at rest is a given so this mandatory parameter must
-    #     contain a robust symmetric decryption key. The key will be used
-    #     for decryption after the read and it will not linger (ie not cached
-    #     as an instance variable).
-    #
-    # @raise [ArgumentError] if the decryption key is not robust enough.
-    def read the_filepath, decryption_key = nil
-
-      @filepath = the_filepath
-      return unless File.exists? @filepath
-
-      cipher_text = Base64.decode64( File.read( @filepath ).strip )
-      plain_text = OpenSecret::Blowfish.new.decryptor( cipher_text, decryption_key )
-
-      puts ""
-      puts "=== ============================"
-      puts "=== Envelope After Decryption"
-      puts "=== ============================"
-      puts plain_text
-      puts "=== ============================"
-      puts ""
-
-      data_structure = JSON.parse plain_text
-      self.merge! data_structure
-
-    end
-
-
-    # Write the data in this envelope hash map into a file-system
-    # backed mirror whose path was specified in the {self.read} method.
-    #
-    # Technology for encryption at rest is supported by this dictionary
-    # and to this aim, please endeavour to post a robust symmetric
-    # encryption key.
-    #
-    # Calling this {self.write} method when the file at the prescribed path
-    # does not exist results in the directory structure being created
-    # (if necessary) and then the encrypted file being written.
-    #
-    # @param encryption_key [String]
-    #     encryption at rest is a given so this mandatory parameter must
-    #     contain a robust symmetric encryption key. The symmetric key will
-    #     be used for the decryption after the read. Note that the decryption
-    #     key does not linger meaning it isn't cached in an instance variable.
-    def write encryption_key
-
-      FileUtils.mkdir_p(File.dirname(@filepath))
-      cipher_text = Base64.encode64 Blowfish.new.encryptor( self.to_json, encryption_key )
-      File.write @filepath, cipher_text
-
-    end
-
-
-  end
-
-
-end

data/lib/plugins/secrets.uc.rb

@@ -1,94 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-module OpenSecret
-
-  # The parent OpenSecret use case is designed to be extended by the cli
-  # (command line) use cases like {OpenSecret::Open}, {OpenSecret::Put} and
-  # {OpenSecret::Lock} because it describes behaviour common to at least two
-  # (but usually more) of the use cases.
-  #
-  # == Behaviour Reuse
-  #
-  # Behaviour that is reusable by any use case fits within {OpenSession::UseCase}
-  # whilst behaviour common to two or more {OpenSecret} use cases belongs here.
-  # Therefore the only behaviour in the named use case is detailed and must belong
-  # solely to it.
-  #
-  # == Fact Reuse
-  #
-  # Fact evaluation rules are born with reuse in mind. <b>Use case facts</b>
-  # are evaluated when they belong to either the class or its parent or any
-  # ancestors.
-  class SecretsUseCase < OpenSession::UseCase
-
-    @@context_name = "opensecret"
-
-    # Get the envelope that <b>was opened</b> by the open command but
-    # <b>not locked</b> with the lock command.
-    #
-    # @return [Envelope]
-    #    return the Envelope that has been opened. The state carried alongside an
-    #    open envelope is an id, an encryption key and a filepath all inside the
-    #    userhome configuration file.
-    def get_envelope
-
-      encrypt_key = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_keyname]
-      rel_filepath = OpenSession::Attributes.instance.get_value @@context_name, @c[:open][:open_name], @c[:open][:open_pathname]
-
-      put_filepath = File.join @c[:open][:open_dirpath], rel_filepath
-      the_envelope = Envelope.new
-      the_envelope.read put_filepath, encrypt_key
-      return the_envelope
-
-    end
-
-
-    # Unlock the {OpenSSL::PKey::RSA} private key and return the cipher object
-    # usable for asymmetric encryption, decryption, signing and signature
-    # verification use cases.
-    #
-    # The returned private key can be used to generate its twin public key
-    # and should be used to verify the same public key as (if) and when the
-    # need arises.
-    #
-    # @param locked_private_key [String]
-    #    the locked up private key ciphertext
-    #
-    # @param unlock_key [String]
-    #    the symmetric encryption key that can be used to unlock the private
-    #    key ciphertext in the first parameter.
-    #
-    # @return [OpenSSL::PKey::RSA]
-    #    return the {OpenSSL::PKey::RSA} private key that will be
-    #    usable for asymmetric encryption, decryption, signing and signature
-    #    verification.
-    def unlock_private_key locked_private_key, unlock_key
-      return OpenSSL::PKey::RSA.new locked_private_key, unlock_key
-    end
-
-
-    # Return the {OpenSSL::PKey::RSA} private key which is a cipher object
-    # usable for asymmetric encryption, decryption, signing and signature
-    # verification use cases.
-    #
-    # The returned private key can be used to generate its twin public key
-    # and should be used to verify the same public key as (if) and when the
-    # need arises.
-    #
-    # @param private_key_text [String]
-    #    the private key plain text
-    #
-    # @return [OpenSSL::PKey::RSA]
-    #    return the {OpenSSL::PKey::RSA} private key that will be
-    #    usable for asymmetric encryption, decryption, signing and signature
-    #    verification.
-    def to_private_key private_key_text
-      return OpenSSL::PKey::RSA.new private_key_text
-    end
-
-
-  end
-
-
-end