opensecret 0.0.962 → 0.0.988

data/lib/plugins/usecase.rb

@@ -1,239 +0,0 @@
-#!/usr/bin/ruby
-# coding: utf-8
-
-# opensession contains basic behaviour for managing a client only
-# (serverless) session. Configuration directives are read and written
-# from an INI off the home directory that is created when the session
-# is first initiated.
-#
-# The session is expected to be formally closed down and that is
-# reflected by explicitly deleting the configuration file. If this
-# "session over" command is not issued a reasonable time limit is
-# then invoked when the next session command is issued.
-#
-# This "session awakening" wipes the slate clean and starts afresh
-# with regard to the two dimensional array of configuration directive
-# pointers.
-module OpenSession
-
-
-  # An opensession use case is designed to be extended and does preparatory
-  # work to create favourable and useful conditions to make use cases readable,
-  # less repetitive, simpler and concise.
-  class UseCase
-
-
-    # Execute the use cases's flow from beginning when
-    # you validate the input and parameters through the
-    # memorize, execute and the final cleanup.
-    def flow_of_events
-
-      check_pre_conditions
-      pre_memorize
-      execute
-      post_memorize
-      cleanup
-      check_post_conditions
-
-    end
-
-
-
-    # Validate the input parameters and check that the current
-    # state is perfect for executing the use case.
-    #
-    # If either of the above fail - the validation function should
-    # set a human readable string and then throw an exception.
-    def check_pre_conditions
-
-
-      begin
-
-        pre_validation
-
-      rescue OpenError::CliError => e
-
-        puts ""
-        puts "Your command did not complete successfully."
-        puts "Pre validation checks failed."
-        puts ""
-        puts "   => #{e.message}"
-        puts ""
-        abort e.message
-      end
-
-
-    end
-
-
-    # After the main flow of events certain state conditions
-    # must hold true thus demonstrating that the observable
-    # value has indeed ben delivered.
-    #
-    # Child classes should subclass this method and place any
-    # post execution (post condition) checks in it and then
-    # make a call to this method through the "super" keyword.
-    def check_post_conditions
-
-      begin
-
-        post_validation
-
-      rescue OpenError::CliError => e
-
-        puts ""
-        puts "Your command did not complete successfully."
-        puts "Post validation checks failed."
-        puts ""
-        puts "   => #{e.message}"
-####        puts "   => #{e.culprit}"
-        puts ""
-        abort e.message
-      end
-
-    end
-
-
-    # Child classes should subclass this method and place any
-    # post execution (post condition) checks in it and then
-    # make a call to this method through the "super" keyword if
-    # this method gets any global behaviour in it worth calling.
-    def post_validation
-
-    end
-
-
-
-    # (Pre) memorize adds to permanent storage a configuration
-    # directive and its value <tt>provided by the user</tt>
-    # primarily because it avoids repitition in subsequent
-    # use case commands.
-    def pre_memorize
-
-    end
-
-
-
-    # Execute the main flow of events of the use case. Any
-    # exceptions thrown are captured and if the instance
-    # variale [@human_readable_message] is set - tell the
-    # user about it. Without any message - just tell the
-    # user something went wrong and tell them where the logs
-    # are that might carry more information.
-    def execute
-
-    end
-
-
-
-    # (Post) memorize will add to permanent storage) any
-    # key/values that have been derived or looked up during
-    # use case execution. This allows subsequent use case
-    # commands to
-    #
-    # - capitalize on
-    # - take direction from
-    # - and/or simply use
-    #
-    # the value in later use cases or processing.
-    def post_memorize
-
-    end
-
-
-
-    # If the use case validation went well, the memorization
-    # went well the 
-    def cleanup
-
-    end
-
-
-
-    # Resolve +two attached fact files+ with the first being general and
-    # relevant to every use case in the parameter specified domain, and
-    # the second being specific to this use case.
-    #
-    # The <b><em>general factfile</em></b> is expected to be on the class (load) path
-    # and below are paths for a generic domain name and for an example domain
-    # name of *openpost.io*
-    #
-    # - <tt>factbase/facts.<<domain>>.ini</tt>
-    # - <tt>factbase/facts.openpost.io.ini</tt>
-    #
-    # The <b><em>use case specific factfile</em></b> is also _expected_ to be on the class
-    # (load) path and below is a generic and a use case specific path using
-    # the example <tt>deliver</tt> use case.
-    #
-    # - <tt>factbase/facts.<<uc-name>>.usecase.ini</tt>
-    # - <tt>factbase/facts.deliver.usecase.ini</tt>
-    #
-    # The domain name is delivered in the parameter whilst the use case
-    # name is derived from the (extension) class name.
-    #
-    # @param fact_domain [String] domain of the general attached factfile
-    # @return [Hash] a 2d (two-dimensional) hash of keys and their corresponding values
-    def attached_facts fact_domain
-
-    end
-
-
-
-
-###    def path_to_resources
-###      File.join(File.dirname(File.expand_path(__FILE__)), '../path/to/resources')
-###    end
-
-    # This use case is initialized primary by resolving the configured
-    # +general and use case specific facts+. To access the general facts,
-    # a domain name is expected in the parameter delegated by the extension
-    # use case classes.
-    def initialize
-
-
-      class_name = self.class.name.downcase.split(":").last
-      is_pre_init_usecase = [ "safe", "store", "email" ].include? class_name
-      return if is_pre_init_usecase
-
-      @ucid_str = self.class.name.do_flatten
-      log.info(x) { "Usecase class [self.class.name] converted to => #{@ucid_str}" }
-      @ucid_sym = @ucid_str.gsub(".", "_").to_sym
-
-      OpenSession::FactFind.instance.instantiate @ucid_str
-      OpenSession::FactFind.instance.assimilate "facts.opensecret.io.ini"
-
-      @c = OpenSession::FactFind.instance.f
-      @i = OpenSession::FactFind.instance.i
-      @p = OpenSession::FactFind.instance.f[@ucid_sym]
-
-      log.info(x) { "assimilated [#{@p.length}] facts specific to the [#{@ucid_str}] use case." }
-
-############      @time_stamp = OpenSession::Stamp.instance
-
-=begin
-    @eco_id_str = SnapFlat.do self.class.name
-    @eco_id_sym = @eco_id_str.gsub(".", "_").to_sym
-    @plugin_path = plugin_src_dir
-
-    FactTree.instance.instantiate @eco_id_str, @plugin_path
-    FactTree.instance.assimilate_instance_facts
-
-    instantiate_runtime FactTree.instance.f
-
-    FactTree.instance.identify_my_workstation
-    FactTree.instance.assimilate_station_facts
-    FactTree.instance.assimilate_plugin_facts
-    FactTree.instance.assimilate_general_facts
-
-    @c = FactTree.instance.f
-    @i = FactTree.instance.i
-    @p = FactTree.instance.f[@eco_id_sym]
-=end
-
-    end
-
-
-  end
-
-
-end

data/lib/plugins/usecases/init.rb

@@ -1,145 +0,0 @@
-#!/usr/bin/ruby
-	
-module OpenSecret
-
-  require 'openssl'
-
-  # The <b>init use case</b> initializes opensecret thus preparing it
-  # for the ability to lock secrets, unlock them, transport their keys and
-  # much more.
-  #
-  # Like all use cases, +init+ validates to ensure that the pre-conditions
-  # have been met and then proceeds to execute its core offering and deliver
-  # observable value.
-  #
-  # == Observable Value
-  #
-  # The observable value from the <b>init use case</b> init boils down to
-  #
-  # - the public key and <b>8192 bit encrypted private key</b> in the safe
-  # - the <b>encrypted workstation key</b> in the user's configuration file
-  # - the <b>encrypted public key signature</b> in the user's configuration file
-  # - a robust password (for unlocking secrets) +stashed in a human brain+
-  # - successful test of the open, put, list, lock, read and tell use cases
-  #
-  # No cloud or other external access occurs as per the opensecret policy.
-  #
-  # == Thwart Public Key Switch Attacks
-  #
-  # A <b><em>public key switch attack</em></b> tries to access <b>future secrets</b>
-  # (not the ones already encrypted) via unwitting encryption using a public key
-  # the attacker controls.
-  #
-  # <b>opensecret</b> thwarts this by continual verification against an
-  # encrypted <em>public key signature</em> aboard the workstation.
-  class Init < SecretsUseCase
-
-    attr_writer :safe_path, :email_addr, :store_url
-    @@context_name = "opensecret"
-
-
-    # The init use case prepares <b>opensecret</b> so that you can <b>open</b> a packet,
-    # <b>put</b> secrets into it and then <b>lock</b> it, effectively writing the crypt
-    # material into the backend store.
-    #
-    # <b>Main Flow of Events</b>
-    #
-    # So to prepare for the <b><em>modus operandi</em></b> that encrypts, decrypts and if
-    # required transports secrets, we
-    #
-    # - collect the human password (twice) and verify its robustness
-    # - manufacture workstation key that will be encrypted b4 it rests on machine
-    # - create amalgamated human/workstation password for locking the private key
-    # - create a long cryptographically strong symmetric encryption key
-    # - encrypt workstation key and put crypt into the opensecret configuration file
-    # - create a super sized 8192 bit private key (and its asymmetric public key)
-    # - write the AES 256bit encrypted private key into safe-store's master keys
-    # - create a text bundle for signing composed of the keys, email and date/time
-    # - sign the bundle and save the signature in the master keys store
-    # - put the public key in the configuration file (off the homedirectory)
-    # - test the core open, put, list, lock, read and tell use case commands
-    #
-    # <b>Observable Value</b>
-    #
-    # The <tt>init use case</tt> observable value post-conditions are
-    #
-    # - the <b>8192 bit encrypted private key</b> in the master keys safe
-    # - the <b>public key</b>, time stamp and encrypted workstation key in config
-    # - the <b>encrypted workstation key</b> in the user's configuration file
-    # - the <b>asymmetric keys, time stamp and email</b> signature in master keys safe
-    # - a robust password (for unlocking secrets) +stashed in a human brain+
-    def execute
-
-      human_password = Collect.secret_text(
-        @c[:global][:min_passwd_len],
-        true,
-        @c[:global][:prompt_1],
-        @c[:global][:prompt_2]
-      )
-
-      machine_key = Engineer.machine_key human_password.length, @c[:global][:ratio]
-      amalgam_key = Amalgam.passwords human_password, machine_key, @c[:global][:ratio]
-      asymmetric_keys = OpenSSL::PKey::RSA.new @c[:global][:bit_key_size]
-      secured_keytext = asymmetric_keys.export @c[:global][:key_cipher], amalgam_key
-
-      crypt_key_segments = [ human_password, @c[:global][:separator_a], @email_addr, @c[:global][:separator_a], @c[:global][:stamp_23] ]
-
-      machine_key_crypt_key = crypt_key_segments.alphanumeric_union.concat_length
-      machine_key_x = Base64.urlsafe_encode64(
-        Blowfish.new.encryptor(machine_key, machine_key_crypt_key)
-      )
-
-      OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:machine_key_x], machine_key_x
-      OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:stamp_key], @c[:global][:stamp_23]
-
-
-      ## Change and write the public key to own file (see paper notes for naming direction)
-      ## Change and write the public key to own file (see paper notes for naming direction)
-      ## Change and write the public key to own file (see paper notes for naming direction)
-      public_key_64 = Base64.urlsafe_encode64 asymmetric_keys.public_key.to_pem
-      OpenSession::Attributes.stash @c[:global][:name], @c[:global][:name], @c[:global][:publickey_id], public_key_64
-
-      ## not needed - produce public key from private key then validate with key in configuration.
-      ## not needed - produce public key from private key then validate with key in configuration.
-      ## not needed - produce public key from private key then validate with key in configuration.
-      to_sign_segments = [ secured_keytext, public_key_64, @email_addr, @c[:global][:stamp_23] ]
-      to_sign_packet = to_sign_segments.alphanumeric_union.concat_length
-      signature_string = Base64.urlsafe_encode64( asymmetric_keys.sign( OpenSSL::Digest::SHA256.new, to_sign_packet ) )
-
-      FileUtils.mkdir_p @c[:global][:master_dirpath]
-      File.write @c[:global][:master_prv_key], secured_keytext
-      File.write @c[:global][:master_sig_path], signature_string
-
-    end
-
-
-    # Perform pre-conditional validations in preparation to executing the main flow
-    # of events for this use case. This method may throw the below exceptions.
-    #
-    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
-    # @raise [EmailAddrNotConfigured] if the email address has not been configured
-    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
-    def pre_validation
-
-      @safe_path = OpenSession::Attributes.instance.get_value @@context_name, @@context_name, "safe"
-      safe_configured = File.exists?( @safe_path ) && File.directory?( @safe_path )
-      @err_msg = "[safe] storage not yet configured. Try =>] opensecret safe /folder/path"
-      raise SafeDirNotConfigured.new @err_msg, @safe_path unless safe_configured
-
-      @email_addr = OpenSession::Attributes.instance.get_value @@context_name, @@context_name, "email"
-      email_configured = !@email_addr.nil? && !@email_addr.empty? && @email_addr.length > 4
-      @err_msg = "viable [email address] not configured. Try =>] opensecret email joe@example.com"
-      raise EmailAddrNotConfigured.new @err_msg, @email_addr unless email_configured
-
-      @store_url = OpenSession::Attributes.instance.get_value @@context_name, @@context_name, "store"
-      store_configured = !@store_url.nil? && !@store_url.empty? && @store_url.length > 0
-      @err_msg = "crypt [store url] not configured. Try =>] opensecret store /path/to/crypt"
-      raise StoreUrlNotConfigured.new @err_msg, @store_url unless store_configured
-
-    end
-
-
-  end
-
-
-end

data/lib/plugins/usecases/open.rb

@@ -1,108 +0,0 @@
-#!/usr/bin/ruby
-	
-module OpenSecret
-
-  require 'openssl'
-
-  # The <tt>open use case</tt> allows us to add (put), subtract (del)ete and list
-  # the secrets in a file (whether it exists or not). The file can then be locked.
-  # Lookout for the reopen command.
-  #
-  # If the file to open already exists a --with option (giving the master-secret)
-  # must be provided.
-  #
-  # == Observable Value
-  #
-  #     $ opensecret open home/wifi
-  #
-  # The observable value delivered by +[open]+ boils down to
-  #
-  # - an openkey (eg asdfx1234) and corresponding open encryption key
-  # - open encryption key written to <tt>~/.opensecret/open.keys/asdfx1234.x.txt</tt>
-  # - the opened path (ending in filename) written to session.cache base in [safe]
-  # - the INI string (were the file to be decrypted) would look like the below
-  #
-  #     [session]
-  #     base.path = home/wifi
-  #
-  class Open < SecretsUseCase
-
-    attr_writer :outer_path
-    @@context_name = "opensecret"
-
-    # Execute the <tt>open use case</tt> activities which precedes the ability to
-    # to add (put), subtract (del)ete and list the secrets into the opened session file.
-    # The file can then be locked (committed and pushed to permanent crypted stores).
-    #
-    # If the file to open already exists a --with option (giving the master-secret)
-    # must be provided.
-    #
-    # <b>Observable Value [Open Use Case]</b>
-    #
-    #     $ opensecret open home/wifi
-    #
-    # The observable value delivered by +[open]+ boils down to
-    #
-    # - a provisioned openkey (eg asdfx1234) and corresponding open encryption key
-    # - open encryption key written to <tt>~/.opensecret/open.keys/asdfx1234.x.txt</tt>
-    # - the opened path (ending in filename) written to session.cache base in [safe]
-    # - the INI string (were the file to be decrypted) would look like the below
-    #
-    #     [session]
-    #     session.key = EQFe4TKMWyrlyD59NRWWJYVue8xsTnKAnuXtsZ6NRoVXMeqFRj
-    #     session.path = home/wifi.1vz16m5Zl47w.x.os.txt
-    #
-    # @example
-    #    home/wifi can be simply populated like this.
-    #
-    #    $ opensecret put bt/ssid g034gdf3455
-    #    $ opensecret put bt/password HRAsyf324g4DF
-    #
-    #    $ opensecret put virgin.media/ssid 345SDFS
-    #    $ opensecret put virgin.media/password HlksHRd043NjPO
-    #
-    #    $ opensecret file virgin.media/contract /home/joe/downloads/vm.contract.pdf
-    #
-    #    To encrypt (lock-down) these secrets we simply issue
-    #
-    #    $ opensecret close
-    #
-    def execute
-
-      last_fwdslash_index = @outer_path.rindex "/"
-      folder_path = @outer_path[0 .. last_fwdslash_index]
-      file_word = @outer_path[last_fwdslash_index .. -1]
-
-      session_folder_path = File.join @p[:open_dirpath], folder_path
-
-      FileUtils.mkdir_p session_folder_path
-      open_id = Engineer.strong_key @p[:open_idlen]
-      open_key = Engineer.strong_key @p[:open_keylen]
-
-      file_name = file_word + ".#{open_id}.os.txt"
-#######################      file_path = File.join session_folder_path, file_name
-      file_key = File.join folder_path, file_name
-
-      OpenSession::Attributes.stash @@context_name, @p[:open_name], @p[:open_idname], open_id
-      OpenSession::Attributes.stash @@context_name, @p[:open_name], @p[:open_keyname], open_key
-      OpenSession::Attributes.stash @@context_name, @p[:open_name], @p[:open_pathname], file_key
-
-    end
-
-
-    # Perform pre-conditional validations in preparation to executing the main flow
-    # of events for this use case. This method may throw the below exceptions.
-    #
-    # @raise [SafeDirNotConfigured] if the safe's url has not been configured
-    # @raise [EmailAddrNotConfigured] if the email address has not been configured
-    # @raise [StoreUrlNotConfigured] if the crypt store url is not configured
-    def pre_validation
-
-
-    end
-
-
-  end
-
-
-end