opensecret 0.0.988 → 0.0.9925

data/lib/keytools/key.iv.rb

@@ -0,0 +1,107 @@
+#!/usr/bin/ruby
+
+module OpenKey
+
+  # Create and deliver representations of a random initialization vector
+  # suitable for the AES symmetric encryption algorithm which demands a
+  # 18 byte binary string.
+  #
+  # The initialization vector is sourced from {SecureRandom} which provides
+  # a highly random (and secure) byte sequence usually sourced from udev-random.
+  #
+  #   + ------------------ + -------- + ------------ + ------------------- +
+  #   | Random IV Format   | Bits     | Bytes        | Base64              |
+  #   | ------------------ | -------- | ------------ | ------------------- |
+  #   | Random IV Stored   | 192 Bits | 24 bytes     | 32 characters       |
+  #   | Random IV Binary   | 128 Bits | 16 bytes     | (not stored)        |
+  #   + ------------------ + -------- + ------------ + ------------------- +
+  #
+  # This table shows that the initialization vector can be represented by
+  # both a <b>32 character base64 string</b> suitable for storage and a
+  # <b>18 byte binary</b> for feeding the algorithm.
+  class KeyIV
+
+
+    # The 24 random bytes is equivalent to 192 bits which when sliced into 6 bit
+    # blocks (one for each base64 character) results in 32 base64 characters.
+    NO_OF_BASE64_CHARS = 32
+
+    # We ask for 24 secure random bytes that are individually created to ensure
+    # we get exactly the right number.
+    NO_OF_SOURCE_BYTES = 24
+
+    # We truncate the source random bytes so that 16 bytes are returned for the
+    # random initialization vector.
+    NO_OF_BINARY_BYTES = 16
+
+
+    # Initialize an initialization vector from a source of random bytes
+    # which can then be presented in both a <b>(base64) storage</b> format
+    # and a <b>binary string</b> format.
+    #
+    #   + ------------------ + -------- + ------------ + ------------------- +
+    #   | Random IV Format   | Bits     | Bytes        | Base64              |
+    #   | ------------------ | -------- | ------------ | ------------------- |
+    #   | Random IV Stored   | 192 Bits | 24 bytes     | 32 characters       |
+    #   | Random IV Binary   | 128 Bits | 16 bytes     | (not stored)        |
+    #   + ------------------ + -------- + ------------ + ------------------- +
+    #
+    # We ask for 24 secure random bytes that are individually created to ensure
+    # we get exactly the right number.
+    #
+    # If the storage format is requested a <b>32 character base64 string</b> is
+    # returned but if the binary form is requested the <b>first 16 bytes</b> are
+    # issued.
+    def initialize
+      @bit_string = Key.to_random_bits( NO_OF_SOURCE_BYTES )
+    end
+
+
+    # When the storage format is requested a <b>32 character base64 string</b> is
+    # returned - created from the initialized 24 secure random bytes.
+    #
+    #   + ---------------- + -------- + ------------ + ------------------- +
+    #   | Random IV Stored | 192 Bits | 24 bytes     | 32 characters       |
+    #   + ---------------- + -------- + ------------ + ------------------- +
+    #
+    # @return [String]
+    #    a <b>32 character base64 formatted string</b> is returned.
+    def for_storage
+      return Key64.from_bits( @bit_string )
+    end
+
+
+    #
+    #   + ---------------- + -------- + ------------ + ------------------- +
+    #   | Random IV Binary | 128 Bits | 16 bytes     | (not stored)        |
+    #   + ---------------- + -------- + ------------ + ------------------- +
+    #
+    # @param iv_base64_chars [String]
+    #    the 32 characters in base64 format that will be converted into a binary
+    #    string (24 byte) representation and then truncated to 16 bytes and outputted
+    #    in binary form.
+    #
+    # @return [String]
+    #    a <b>16 byte binary string</b> is returned.
+    #
+    # @raise [ArgumentError]
+    #    if a <b>32 base64 characters</b> are not presented in the parameter.
+    def self.in_binary iv_base64_chars
+
+      b64_msg = "Expected #{NO_OF_BASE64_CHARS} base64 chars not #{iv_base64_chars.length}."
+      raise ArgumentError, b64_msg unless iv_base64_chars.length == NO_OF_BASE64_CHARS
+
+      binary_string = Key.to_binary_from_bit_string( Key64.to_bits( iv_base64_chars ) )
+
+      bin_msg = "Expected #{NO_OF_SOURCE_BYTES} binary bytes not #{binary_string.length}."
+      raise RuntimeError, bin_msg unless binary_string.length == NO_OF_SOURCE_BYTES
+
+      return binary_string[ 0 .. ( NO_OF_BINARY_BYTES - 1 ) ]
+
+    end
+
+
+  end
+
+
+end

data/lib/keytools/key.local.rb

@@ -0,0 +1,265 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenKey
+
+  # The command line interface has a high entropy randomly generated
+  # key whose purpose is to <b>lock the application's data key</b> for
+  # the duration of the session which is between a login and a logout.
+  # 
+  # These keys are unique to only one shell session on one workstation
+  # and they live lives that are no longer (and mostly shorter) than
+  # the life of the parent shell.
+  #
+  # == The 4 CLI Shell Entities
+  #
+  # The four (4) important entities within the shell session are
+  #
+  # - an obfuscator key for locking the shell key during a session
+  # - a high entropy randomly generated shell key for locking the app data key
+  # - one environment variable whose value embodies three (3) data segments
+  # - a session id derived by pushing the env var through a one-way function
+  class KeyLocal
+
+
+    # The number of Radix64 characters that make up a valid BCrypt salt.
+    # To create a BCrypt salt use 
+    BCRYPT_SALT_LENGTH = 22
+
+
+    # The session token comprises of 3 segments with fixed lengths.
+    # This triply segmented text token that can be used to decrypt
+    # and deliver the shell key.
+    SESSION_TOKEN_SIZE = 128 + 22
+
+
+    # Given a 150 character session token, what is the index that pinpoints
+    # the beginning of the 22 character BCrypt salt? The answer is given
+    # by this BCRYPT_SALT_START_INDEX constant.
+    BCRYPT_SALT_START_INDEX = SESSION_TOKEN_SIZE - BCRYPT_SALT_LENGTH
+
+
+    # Instantiate the session by generating a random high entropy shell key
+    # and then generating an obfuscator key which we use to lock the shell
+    # key and return a triply segmented text token that can be used to decrypt
+    # and deliver the shell key as long as the same shell on the same machine
+    # is employed to make the call.
+    #
+    # <b>The 3 Session Token Segments</b>
+    #
+    # The session token is divided up into 3 segments with a total of 150
+    #  characters.
+    #
+    #   | -------- | ------------ | ------------------------------------- |
+    #   | Segment  | Length       | Purpose                               |
+    #   | -------- | ------------ | ------------------------------------- |
+    #   |    1     | 16 bytes     | AES Encrypt Initialization Vector(IV) |
+    #   |    2     | 80 bytes     | Cipher text from Random Key AES crypt |
+    #   |    3     | 22 chars     | Salt for obfuscator key derivation    |
+    #   | -------- | ------------ | ------------------------------------- |
+    #   |  Total   | 150 chars    | Session Token in Environment Variable |
+    #   | -------- | ------------ | ------------------------------------- |
+    #
+    # Why is the <b>16 byte salt and the 80 byte BCrypt ciphertext</b> represented
+    # by <b>128 base64 characters</b>?
+    #
+    #    16 bytes + 80 bytes = 96 bytes
+    #    96 bytes x 8 bits   = 768 bits
+    #    768 bits / 6 bits   = 128 base64 characters
+    #
+    # @return [String]
+    #    return a triply segmented text token that can be used to decrypt
+    #    and redeliver the high entropy session shell key on the same machine
+    #    and within the same shell on the same machine.
+    def self.generate_shell_key_and_token
+
+      calling_module = File.basename caller_locations(1,1).first.absolute_path, ".rb"
+      calling_method = caller_locations(1,1).first.base_label
+      calling_lineno = caller_locations(1,1).first.lineno
+      caller_details = "#{calling_module} | #{calling_method} | (line #{calling_lineno})"
+
+      log.info(x) { "### #####################################################################" }
+      log.info(x) { "### Caller Details =>> =>> #{caller_details}"                              }
+      log.info(x) { "### #####################################################################" }
+
+
+      bcrypt_salt_key = KdfBCrypt.generate_bcrypt_salt
+      obfuscator_key = derive_session_crypt_key( bcrypt_salt_key )
+      random_key_ciphertext = obfuscator_key.do_encrypt_key( Key.from_random() )
+      session_token = random_key_ciphertext + bcrypt_salt_key.reverse
+      assert_session_token_size( session_token )
+
+      log.info(x) { "BCrypt Salt Create => #{bcrypt_salt_key}" }
+      log.info(x) { "Obfuscate ShellKey => #{obfuscator_key.to_s()}" }
+      log.info(x) { "EncryptedKey Crypt => #{random_key_ciphertext}" }
+      log.info(x) { "Session Token Unit => #{session_token}" }
+
+      return session_token
+
+    end
+
+
+    # Regenerate the random shell key that was instantiated and locked
+    # during the {instantiate_shell_key_and_generate_token} method.
+    #
+    # To successfully reacquire the randomly generated (and then locked)
+    # shell key we must be provided with four (4) data points, three (3)
+    # of which are embalmed within the 150 character session token
+    # parameter.
+    #
+    # <b>What we need to Regenerate the Shell Key</b>
+    #
+    # Regenerating the shell key is done in two steps when given the
+    # three (3) <b>session token segments</b> described below, and the
+    # shell identity key described in the {OpenKey::Identifier} class.
+    #
+    # The session token is divided up into 3 segments with a total of 150
+    #  characters.
+    #
+    #   | -------- | ------------ | ------------------------------------- |
+    #   | Segment  | Length       | Purpose                               |
+    #   | -------- | ------------ | ------------------------------------- |
+    #   |    1     | 16 bytes     | AES Encrypt Initialization Vector(IV) |
+    #   |    2     | 80 bytes     | Cipher text from Random Key AES crypt |
+    #   |    3     | 22 chars     | Salt 4 shell identity key derivation  |
+    #   | -------- | ------------ | ------------------------------------- |
+    #   |  Total   | 150 chars    | Session Token in Environment Variable |
+    #   | -------- | ------------ | ------------------------------------- |
+    #
+    # <b>How to Regenerate the Shell Key</b>
+    #
+    # The two steps for regenerating the shell key are
+    #
+    # - use the shell identity string and the BCrypt key derivation salt
+    #   in the third segment of the token to regenerate the shell identity
+    #   key.
+    #
+    # - put 3 items through AES 256 decryption to derive the 256 bit shell
+    #   crypt key. The 3 items are the <b>shell identity key</b> derived
+    #   in step 1, the AES IV (initialization vector, in the first segment
+    #   of the token, and the <b>ciphertext in the middle segment</b>.
+    #
+    # @param session_token [String]
+    #    a triply segmented (and one liner) text token instantiated by
+    #    {self.instantiate_shell_key_and_generate_token} and provided
+    #    here ad verbatim.
+    #
+    # @return [OpenKey::Key]
+    #    an extremely high entropy 256 bit key derived (digested) from 48
+    #    random bytes at the beginning of the shell (cli) session.
+    def self.regenerate_shell_key( session_token )
+
+      calling_module = File.basename caller_locations(1,1).first.absolute_path, ".rb"
+      calling_method = caller_locations(1,1).first.base_label
+      calling_lineno = caller_locations(1,1).first.lineno
+      caller_details = "#{calling_module} | #{calling_method} | (line #{calling_lineno})"
+
+      log.info(x) { "### #####################################################################" }
+      log.info(x) { "### Caller Details =>> =>> #{caller_details}"                              }
+      log.info(x) { "### #####################################################################" }
+
+
+      assert_session_token_size( session_token )
+      bcrypt_salt = session_token[ BCRYPT_SALT_START_INDEX .. -1 ].reverse
+      assert_bcrypt_salt_size( bcrypt_salt )
+
+      key_ciphertext = session_token[ 0 .. ( BCRYPT_SALT_START_INDEX - 1 ) ]
+      obfuscator_key = derive_session_crypt_key( bcrypt_salt )
+
+      log.info(x) { "BCrypt Salt REGEND => #{bcrypt_salt}" }
+      log.info(x) { "SessionToken REGEN => #{session_token}" }
+      log.info(x) { "Chopped Ciphertext => #{key_ciphertext}" }
+      log.info(x) { "Obfuscate ShellKey => #{obfuscator_key.to_s()}" }
+
+      regenerated_key = obfuscator_key.do_decrypt_key( key_ciphertext )
+
+      return regenerated_key
+
+    end
+
+
+    # Derive a <b>short term (session scoped) encryption key</b> from the
+    # surrounding shell and workstation (machine) environment with an
+    # important same/different guarantee.
+    #
+    # The <b>same / different guarantee promises</b> us that the derived
+    # key will be
+    #
+    # - <b>the same</b> whenever called from within this executing shell
+    # - <b>different</b> when the shell and/or workstation are different
+    #
+    # This method uses a one-way function to return a combinatorial digested
+    # session identification string using a number of distinct parameters that
+    # deliver the important behaviours of changing in certain circumstances
+    # and remaining unchanged in others.
+    #
+    # <b>Change | When Should the key Change?</b>
+    #
+    # What is really important is that the <b>key changes when</b>
+    #
+    # - the <b>command shell</b> changes
+    # - the workstation <b>shell user is switched</b>
+    # - the host machine <b>workstation</b> is changed
+    # - the user <b>SSH's</b> into another shell
+    #
+    # A distinct workstation is identified by the first MAC address and the
+    # hostname of the machine.
+    #
+    # <b>Unchanged | When Should the Key Remain Unchanged?</b>
+    #
+    # Remaining <b>unchanged</b> in certain scenarios is a feature that is
+    # just as important as changing in others. The key must remain
+    # <b>unchanged</b> when
+    #
+    # - the <b>user returns to a command shell</b>
+    # - the user exits their <b>remote SSH session</b>
+    # - <b>sudo is used</b> to execute the commands
+    # - the user comes back to their <b>workstation</b>
+    # - the clock ticks into another day, month, year ...
+    #
+    # @param bcrypt_salt_key [OpenKey::Key]
+    #
+    #    Either use the {KdfBCrypt.generate_bcrypt_salt} method to generate
+    #    the salt or retrieve and post in a previously generated salt which
+    #    must hold 22 printable characters.
+    #
+    # @return [OpenKey::Key]
+    #    a digested key suitable for short term (session scoped) use with the
+    #    guarantee that the same key will be returned whenever called from within
+    #    the same executing shell environment and a different key when not.
+    def self.derive_session_crypt_key bcrypt_salt_key
+
+      shell_id_text = KeyMach.derive_shell_identity_string()
+      truncate_text = shell_id_text.length > KdfBCrypt::BCRYPT_MAX_IN_TEXT_LENGTH
+      shell_id_trim = shell_id_text unless truncate_text
+      shell_id_trim = shell_id_text[ 0 .. ( KdfBCrypt::BCRYPT_MAX_IN_TEXT_LENGTH - 1 ) ] if truncate_text
+
+      log.info(x) { "Shell Identity Str => #{shell_id_text}" }
+      log.info(x) { "Shell Id TxtLength => #{shell_id_text.length()}" }
+      log.info(x) { "Truncate Shell Str => #{truncate_text}" }
+      log.info(x) { "Resulting IDString => #{shell_id_trim}" }
+
+      return KdfBCrypt.generate_key( shell_id_trim, bcrypt_salt_key )
+
+    end
+
+
+    private
+
+
+    def self.assert_session_token_size session_token
+      err_msg = "Session token has #{session_token.length} and not #{SESSION_TOKEN_SIZE} chars."
+      raise RuntimeError, err_msg unless session_token.length == SESSION_TOKEN_SIZE
+    end
+
+
+    def self.assert_bcrypt_salt_size bcrypt_salt
+      err_msg = "Expected BCrypt salt length of #{BCRYPT_SALT_LENGTH} not #{bcrypt_salt.length}."
+      raise RuntimeError, err_msg unless bcrypt_salt.length == BCRYPT_SALT_LENGTH
+    end
+
+
+  end
+
+
+end

data/lib/keytools/key.mach.rb

@@ -0,0 +1,248 @@
+#!/usr/bin/ruby
+# coding: utf-8
+
+module OpenKey
+
+  # This class knows how to derive information from the machine environment to aide
+  # in producing identifiers unique to the machine and/or workstation, with functionality
+  # similar to that required by licensing software.
+  #
+  # == Identity is Similar to Licensing Software | Except Deeper
+  #
+  # Deriving the identity string follows similar principles to licensing
+  # software that attempts to determine whether the operating environment
+  # is the same or different. But it goes deeper than licensing software
+  # as it is not only concerned about the <b>same workstation</b> - it is
+  # also concerned about <b>the same shell or command line interface</b>.
+  #
+  # == Known Issues
+  #
+  # The dependent macaddr gem is known to fail in scenarios where a
+  # VPN tunnel is active and a tell tale sign is the ifconfig command
+  # returning the tun0 interface rather than "eth0" or something that
+  # resembles "ensp21".
+  #
+  # This is one of the error messages resulting from such a case.
+  #
+  #     macaddr.rb:86 from_getifaddrs undefined method pfamily (NoMethodError)
+  #
+  class KeyMach
+
+    # This method uses a one-way function to return a combinatorial digested
+    # session identification string using a number of distinct parameters that
+    # deliver the important behaviours of changing in certain circumstances
+    # and remaining unchanged in others.
+    #
+    # <b>Change | When Should the Session ID Change?</b>
+    #
+    # The session id is not a secret but it has to be unique due to its role
+    # in indexing the session envelopes and their changes.
+    #
+    # What is really important is that the <b>session id changes</b> when
+    #
+    # - the <b>domain</b> being used changes
+    # - the <b>command shell</b> changes
+    # - the user <b>switches to another workstation user</b>
+    # - the <b>workstation host</b> is changed
+    # - the <b>session token</b> environment variable changes
+    # - the user <b>SSH's</b> into another shell
+    #
+    # A distinct workstation is identified by the first MAC address and the
+    # hostname of the machine.
+    #
+    # <b>Unchanged | When Should it Remain Unchanged?</b>
+    #
+    # Remaining <b>unchanged</b> in certain scenarious is a session ID feature
+    # that is just as important as it changing in others.
+    #
+    # The session ID <b>must remain unchanged</b> when
+    #
+    # - the <b>user returns to a command shell</b>
+    # - the user <b>switches back to using a domain</b>
+    # - the user exits their <b>remote SSH session</b>
+    # - <b>sudo is used</b> to execute the commands
+    # - the user comes back to their <b>workstation</b>
+    # - the clock ticks into another day, month, year ...
+    #
+    #     The pre-hash inputs are an amalgam of the below example data.
+    #
+    #     Mac Address  => 20cf3067dec3
+    #     Parent PID   => 5817
+    #     Machine Host => data-cruncher
+    #     Session Time => 18083.0310.41.796577366
+    #
+    # @return [String]
+    #    a one line textual shell identity string
+    def self.derive_shell_identity_string
+
+      require 'socket'
+
+      calling_module = File.basename caller_locations(1,1).first.absolute_path, ".rb"
+      calling_method = caller_locations(1,1).first.base_label
+      calling_lineno = caller_locations(1,1).first.lineno
+      caller_details = "#{calling_module} | #{calling_method} | (line #{calling_lineno})"
+
+      log.info(x) { "### #####################################################################" }
+      log.info(x) { "### Caller Details =>> =>> #{caller_details}"                              }
+      log.info(x) { "### #####################################################################" }
+
+
+      log.info(x) { "Etc.getlogin()       => #{Etc.getlogin()}" }
+      log.info(x) { "Socket.gethostname() => #{Socket.gethostname()}" }
+      log.info(x) { "get_net_address_digits() => #{get_net_address_digits()}" }
+      log.info(x) { "derive_network_identity() => #{derive_network_identity()}" }
+      log.info(x) { "Process.ppid.to_s() => #{Process.ppid.to_s()}" }
+
+
+      # Do not change the order of this data because it is reversed and
+      # the parent's shell ID hotly followed by the network identifier are
+      # the most significant data points.
+      identity_text = [
+        Etc.getlogin(),
+        Socket.gethostname(),
+        get_net_address_digits(),
+        derive_network_identity(),
+        Process.ppid.to_s()
+      ].join.reverse
+
+      return identity_text
+
+    end
+
+
+    # This method uses a one-way function to return a combinatorial digested
+    # machine identification string using a number of distinct input parameters
+    # to deliver the characteristic of producing the same identifier for the
+    # same machine, virtual machine, workstation and/or compute element, and
+    # reciprocally, a different one on a different machine.
+    #
+    # The userspace is also a key machine identifier so a different machine user
+    # generates a different identifier when all other things remain equal.
+    #
+    #     Mac Address  => 20cf3067dec3
+    #     Machine User => joebloggs
+    #     Machine Host => data-cruncher
+    #     IP Addresses => w.x.y.z + a.b.c.d
+    #
+    # @return [String]
+    #    a one line textual machine workstation or compute element identifier
+    #    that is (surprisingly) different when the machine user changes.
+    def self.derive_machine_identity_string
+
+      require 'socket'
+
+      identity_text = [
+        Etc.getlogin,
+        Socket.gethostname(),
+        get_net_address_digits(),
+        derive_network_identity()
+      ].join.reverse
+
+      return identity_text
+
+    end
+
+
+    # If the system was rebooted on April 23rd, 2018 at 22:00:16 we
+    # expect this method not to return <b>2018-04-23 22:00:16</b>, but
+    # to return the <b>8 least significant digits</b> bootup time
+    # digits which in this case are <b>23220016</b>.
+    #
+    # Investigate all Linux flavours to understand whether this command
+    # works (or is it just Ubuntu). Also does Docker return a sensible
+    # value here?
+    #
+    # This method is not production ready. Not only is the time within
+    # a small range, also the most significant digit can fluctuate up
+    # or down randomly (in  a non-deterministic manner.
+    #
+    # @return [String] the time when the system was booted.
+    def self.get_bootup_time_digits
+
+      boot_time_cmd = "uptime -s"
+      uptime_string = %x[ #{boot_time_cmd} ]
+      return uptime_string.to_alphanumeric[ 6 .. -1 ]
+
+    end
+
+
+    # This method will return the first readable non loopback (127.0.0.1)
+    # IP address if the bolean {ip_address_readable?} returns true.
+    #
+    # @return [String]
+    #    the first sensible non-loopback IP address which we know to exist.
+    #
+    # @raise RuntimeError if the IP address that we have on good authority exists, does not.
+    def self.get_net_address_digits
+
+      return "mT4Lq8DsG-x=@/y(_9A:]r" unless ip_address_readable?()
+
+      ip_addresses = get_address_list()
+      ip_addresses.each do |candidate_address|
+        return candidate_address.to_alphanumeric unless candidate_address.eql?( "127.0.0.1" )
+      end
+      raise RuntimeError, "Was led to expect at least one readable IP address."
+
+    end
+
+
+    # Return a string that is the same if the logical underlying machine the
+    # software is running on is the same - and different if it is different.
+    #
+    # The current implementation ciphens off the last 12 characters of the gnerated
+    # UUID and this is guaranteed to remain constant in a manner required by
+    # <b>license generating tools</b>.
+    #
+    # Within a Docker container this behaviour will have to be observed
+    # carefully - especially when Docker Compose type tools are used
+    # and the container persists across the host machine reboots.
+    def self.derive_network_identity
+
+      require 'uuid'
+
+      the_uuid = UUID.new.generate
+
+      too_short = the_uuid.length <= NETWORK_ID_LENGTH
+      raise RuntimeError, "Unexpected UUID format [#{the_uuid}]" if too_short
+
+      net_id_chunk = the_uuid[ (the_uuid.length - NETWORK_ID_LENGTH) .. -1 ]
+      perfect_size = net_id_chunk.length == NETWORK_ID_LENGTH
+      size_err_msg = "Expected [ #{net_id_chunk} ] net ID length of #{NETWORK_ID_LENGTH}."
+      raise RuntimeError,size_err_msg unless perfect_size
+
+      return net_id_chunk
+
+    end
+
+
+
+    private
+
+
+
+    NETWORK_ID_LENGTH = 12
+
+
+    def self.ip_address_readable?
+      ip_addresses = get_address_list()
+      no_addresses = ip_addresses.length == 0 || ( ip_addresses.length == 1 && ip_addresses[0] == "127.0.0.1" ) 
+      return false if no_addresses
+      ip_addresses.each do |candidate_address|
+        return true unless candidate_address.eql?( "127.0.0.1" )
+      end
+      return false
+    end
+
+
+    def self.get_address_list
+      multipleAddresses = Socket.ip_address_list
+      stringAddressText = multipleAddresses.to_s
+      ipAddressRegEx = /\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/;
+      return stringAddressText.scan( ipAddressRegEx );
+    end
+
+
+  end
+
+
+end