passw3rd 0.1.3 → 0.2.1

data/History.txt

@@ -1,3 +1,13 @@
+=== 0.2.1 / 2011-11-8
+
+Added option to fail silently.  Pretty common need in a Rails environment.
+
+=== 0.2.0 / 2011-11-5
+
+Added acceptance tests as a contract for future features.  
+Collapsed the KeyLoader class, eliminated the KeyPair class.  If for some reason you referenced those classes, things will break.  But you wouldn't do that, would you?
+More testing goodness.
+
 === 0.1.3 / 2011-11-4
 
 From key rotation, arose cipher changing

data/README.md

@@ -1,5 +1,9 @@
 ![Build status](https://secure.travis-ci.org/oreoshake/passw3rd.png)
 
+It's only failing because it can't find the system ruby.  If you have a solution, checkout bin/passw3rd please :)
+
+It will still work on your machine.
+
 Introduction
 ------------------------------------------------------------------------------
 

data/bin/passw3rd

@@ -1,4 +1,4 @@
-#!/usr/bin/env ruby -w
+#!/usr/bin/env ruby
 
 require File.expand_path('../../lib/passw3rd',  __FILE__)
 require File.expand_path('../../lib/passw3rd/password_client.rb',  __FILE__)

data/lib/passw3rd.rb

@@ -1,6 +1,5 @@
 require 'base64'
 require 'openssl'
 require 'optparse'
-require File.expand_path('../passw3rd/key_loader',  __FILE__)
 require File.expand_path('../passw3rd/password_service',  __FILE__)
 

data/lib/passw3rd/password_client.rb

@@ -1,5 +1,3 @@
-require 'base64'
-require 'openssl'
 require 'optparse'
 
 module Passw3rd
@@ -25,7 +23,7 @@ module Passw3rd
 
     opts.on('-k', '--key-dir KEY_PATH', 'Use the keys specificed in this directory for encryption or decryption (default is ~/)') do |opt|
       key_path = opt
-      if !File.directory?(File.expand_path(key_path))
+      unless File.directory?(File.expand_path(key_path))
         raise "#{opt} must be a directory"
       end
     end
@@ -57,13 +55,13 @@ module Passw3rd
 
     # generate key/IV
     if gen_key_path
-     ::Passw3rd::KeyLoader.create_key_iv_file(gen_key_path)
+     ::Passw3rd::PasswordService.create_key_iv_file(gen_key_path)
       puts "generated keys in #{gen_key_path}"
     end
 
     # decrypt password_file using the key/IV in key_path
     if mode == "decrypt"
-      decrypted =::Passw3rd::PasswordService.get_password(password_file, key_path)
+      decrypted =::Passw3rd::PasswordService.get_password(password_file, :key_path => key_path)
       puts "The password is: #{decrypted}"
     end
 

data/lib/passw3rd/password_service.rb

@@ -1,21 +1,31 @@
 require 'open-uri'
 
 module Passw3rd
+  KEY_FILE = ".passw3rd-encryptionKey"
+  IV_FILE = ".passw3rd-encryptionIV"
+  # more preferred ciphers first
+  APPROVED_CIPHERS = %w{aes-256-cbc aes-256-cfb aes-128-cbc aes-128-cfb}
+  
   class PasswordService
+
     class << self
       attr_writer :password_file_dir
       def password_file_dir
-        @password_file_dir || ENV.fetch("HOME")
+        defined?(@password_file_dir) ? @password_file_dir : ENV.fetch("HOME")
       end
 
       attr_writer :key_file_dir
       def key_file_dir
-        @key_file_dir || ENV.fetch("HOME")
+        defined?(@key_file_dir) ? @key_file_dir : ENV.fetch("HOME")
+      end
+
+      def cipher_name= (cipher_name)
+        raise "Hey man, you can only use #{APPROVED_CIPHERS}, you supplied #{cipher_name}" if cipher_name.nil? || !APPROVED_CIPHERS.include?(cipher_name)
+        @cipher_name = cipher_name
       end
 
-      attr_writer :cipher_name
       def cipher_name
-        @cipher_name || 'aes-256-cbc'
+        defined?(@cipher_name) ? @cipher_name : APPROVED_CIPHERS.first
       end
     end
 
@@ -23,10 +33,12 @@ module Passw3rd
       instance_eval &block
     end
 
-    def self.get_password (password_file, key_path = key_file_dir)
+    def self.get_password (password_file, options = {:key_path => key_file_dir, :force => false})
       uri = _parse_uri(password_file)
-      encoded_password = Base64.decode64(open(uri.to_s) { |f| f.read })
-      decrypt(encoded_password, key_path)
+      encoded_password = Base64.decode64(open(uri) { |f| f.read })
+      decrypt(encoded_password, options[:key_path])
+    rescue
+      raise ArgumentError, "Could not decrypt passw3rd file" if options[:force]
     end
 
     def self.write_password_file(password, output_path, key_path = key_file_dir)
@@ -60,7 +72,7 @@ module Passw3rd
         raise err
       end
     end
-    
+
     def self.rotate_keys(args = {})
       unless args.empty?
         ::Passw3rd::PasswordService.configure do |c|
@@ -80,28 +92,67 @@ module Passw3rd
 
       ::Passw3rd::PasswordService.cipher_name = args[:new_cipher] if args[:new_cipher]
 
-      path = ::Passw3rd::KeyLoader.create_key_iv_file
+      path = self.create_key_iv_file
       puts "Wrote new keys to #{path}"
 
       passwords.each do |password|
         full_path = File.join(::Passw3rd::PasswordService.password_file_dir, password[:file])
-        FileUtils::rm(full_path)
         ::Passw3rd::PasswordService.write_password_file(password[:clear_password], password[:file])    
         puts "Wrote new password to #{full_path}"
       end
     end
 
+    def self.create_key_iv_file(path=nil)
+      unless path
+        path = ::Passw3rd::PasswordService.key_file_dir || ENV['HOME']
+      end    
+
+      # d'oh!
+      cipher = OpenSSL::Cipher::Cipher.new(::Passw3rd::PasswordService.cipher_name)
+      iv = cipher.random_iv
+      key = cipher.random_key
+
+      begin
+        File.open(key_path, 'w') {|f| f.write(key.unpack("H*").join) }
+        File.open(iv_path, 'w') {|f| f.write(iv.unpack("H*").join) }
+      rescue
+        puts "Couldn't write key/IV to #{path}\n"
+        raise $!
+      end
+      path
+    end
+    
+    def self.key_path
+      File.join(::Passw3rd::PasswordService.key_file_dir, KEY_FILE)
+    end
+    
+    def self.iv_path
+      File.join(::Passw3rd::PasswordService.key_file_dir, IV_FILE)
+    end      
+
     protected
+    
+    def self.load_key(path=::Passw3rd::PasswordService.key_file_dir) 
+      begin
+        key = IO.readlines(File.expand_path(self.key_path))[0]
+        iv = IO.readlines(self.iv_path)[0]
+      rescue Errno::ENOENT
+        puts "Couldn't read key/iv from #{path}.  Have they been generated?\n"
+        raise $!
+      end
+
+      {:key => [key].pack("H*"), :iv => [iv].pack("H*")}
+    end    
 
     def self.cipher_setup(method, key_path)
-      pair = KeyLoader.load(key_path)
+      pair = self.load_key(key_path)
       cipher = OpenSSL::Cipher::Cipher.new(cipher_name)
       cipher.send(method)
-      cipher.key = pair.key
-      cipher.iv = pair.iv
+      cipher.key = pair[:key]
+      cipher.iv = pair[:iv]
       cipher
     end
-    
+
     def self._parse_uri password_file
       unless (password_file =~ URI::regexp(['ftp', 'http', 'https', 'file'])).nil?
         URI.parse(password_file)

data/lib/passw3rd/version.rb

@@ -1,3 +1,3 @@
 module Passw3rd
-  Version = VERSION = '0.1.3'
+  Version = VERSION = '0.2.1'
 end

data/spec/password_service_spec.rb

@@ -1,6 +1,10 @@
 require 'spec_helper'
 
 describe ::Passw3rd::PasswordService do 
+  it "restricts assigning ciphers to just a select few" do
+    lambda { ::Passw3rd::PasswordService.cipher_name = "aes-256-donkey" }.should raise_error
+  end
+  
   describe "#_parse_uri" do
     it "detects uris" do
       ::Passw3rd::PasswordService._parse_uri("http://example.com").should be_is_a URI::HTTP

data/test/password_service_test.rb

@@ -6,12 +6,10 @@ require File.expand_path('../../lib/passw3rd.rb',  __FILE__)
 
 class PasswordServiceTest < Test::Unit::TestCase
   def setup
-    random_num = sudorandumb
     @random_string = sudorandumb
-
-    ::Passw3rd::KeyLoader.create_key_iv_file(Dir.tmpdir)
-    ::Passw3rd::PasswordService.key_file_dir = Dir.tmpdir    
-    ::Passw3rd::PasswordService.cipher_name = 'aes-256-cbc'
+    ::Passw3rd::PasswordService.key_file_dir = Dir.tmpdir
+    ::Passw3rd::PasswordService.password_file_dir = Dir.tmpdir    
+    ::Passw3rd::PasswordService.create_key_iv_file
   end
   
   def test_enc_dec
@@ -36,27 +34,27 @@ class PasswordServiceTest < Test::Unit::TestCase
   end
 
   def test_set_and_get_password_custom_dir
-    ::Passw3rd::PasswordService.password_file_dir = Dir.tmpdir    
+    dir = "#{Dir.tmpdir}/#{sudorandumb}"
+    
+    FileUtils.mkdir_p(dir)
+    ::Passw3rd::PasswordService.password_file_dir = dir
 
-    password_file = ::Passw3rd::PasswordService.write_password_file(@random_string, "test2")
+    password_file_path = ::Passw3rd::PasswordService.write_password_file(@random_string, "test2")
+    assert_match(Regexp.new(dir), password_file_path)
+    
     decrypted = ::Passw3rd::PasswordService.get_password("test2")
     assert_equal(@random_string, decrypted)
+    FileUtils.rm_rf(dir)
   end  
 
   def test_configure_with_block
    ::Passw3rd::PasswordService.configure do |c|
-      c.password_file_dir = "/tmp/"
-      c.cipher_name = "aes-256-cbc"
+      c.password_file_dir = Dir.tmpdir
+      c.key_file_dir = Dir.tmpdir
+      c.cipher_name = ::Passw3rd::APPROVED_CIPHERS.first
     end
-    assert_equal(::Passw3rd::PasswordService.password_file_dir, "/tmp/")
-    assert_equal(::Passw3rd::PasswordService.cipher_name, "aes-256-cbc")
-  end
-  
-  def test_gen_key
-    enc = ::Passw3rd::PasswordService.encrypt(@random_string)
-    dec = ::Passw3rd::PasswordService.decrypt(enc)
-    
-    assert_equal(@random_string, dec)
+    assert_equal(::Passw3rd::PasswordService.password_file_dir, Dir.tmpdir)
+    assert_equal(::Passw3rd::PasswordService.cipher_name, ::Passw3rd::APPROVED_CIPHERS.first)
   end
   
   def sudorandumb

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: passw3rd
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.2.1
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-11-05 00:00:00.000000000Z
+date: 2011-11-08 00:00:00.000000000Z
 dependencies: []
 description: Generate a key/iv file, generate passwords, and store encrypted files
   in source control, keep the key/iv safe!
@@ -24,14 +24,12 @@ files:
 - LICENSE
 - EXAMPLES.md
 - History.txt
-- lib/passw3rd/key_loader.rb
 - lib/passw3rd/password_client.rb
 - lib/passw3rd/password_service.rb
 - lib/passw3rd/version.rb
 - lib/passw3rd.rb
 - bin/passw3rd
 - test/password_service_test.rb
-- spec/config_spec.rb
 - spec/password_service_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/oreoshake/passw3rd
@@ -59,3 +57,4 @@ signing_key:
 specification_version: 3
 summary: A simple "keep the passwords out of source code and config files".
 test_files: []
+has_rdoc: 

data/lib/passw3rd/key_loader.rb

@@ -1,51 +0,0 @@
-require 'openssl'
-module Passw3rd
-  class KeyLoader
-    KEY_FILE = "/.passw3rd-encryptionKey"
-    IV_FILE = "/.passw3rd-encryptionIV"
-
-
-    def self.load(path=nil) 
-      if path.nil?
-        path = ::Passw3rd::PasswordService.key_file_dir
-      end
-
-      begin
-        key = IO.readlines(File.expand_path(path + KEY_FILE))[0]
-        iv = IO.readlines(File.expand_path(path + IV_FILE))[0]
-      rescue Errno::ENOENT
-        puts "Couldn't read key/iv from #{path}.  Have they been generated?\n"
-        raise $!
-      end
-
-      pair = KeyIVPair.new
-      pair.key = [key].pack("H*")
-      pair.iv = [iv].pack("H*")
-      pair
-    end
-
-    def self.create_key_iv_file(path=nil)
-      unless path
-        path = ::Passw3rd::PasswordService.key_file_dir || ENV['HOME']
-      end    
-
-      # d'oh!
-      cipher = OpenSSL::Cipher::Cipher.new(::Passw3rd::PasswordService.cipher_name)
-      iv = cipher.random_iv
-      key = cipher.random_key
-
-      begin
-        File.open(path + KEY_FILE, 'w') {|f| f.write(key.unpack("H*").join) }
-        File.open(path + IV_FILE, 'w') {|f| f.write(iv.unpack("H*").join) }
-      rescue
-        puts "Couldn't write key/IV to #{path}\n"
-        raise $!
-      end
-      path
-    end
-  end
-
-  class KeyIVPair
-    attr_accessor :key, :iv
-  end
-end

data/spec/config_spec.rb

@@ -1,3 +0,0 @@
-describe "Config" do
-  it "does stuff"
-end