portunus 0.3.0

data/lib/portunus/tasks/generate_keys.rake

@@ -0,0 +1,36 @@
+namespace :portunus do
+  desc "Output master keys for use with Portunus"
+  task generate_master_keys: :environment do
+    adaptor_name = Portunus.configuration.storage_adaptor.to_s
+    puts "Generating keys for adaptor: #{adaptor_name}"
+
+    keys = (0..5).to_a.map do 
+      { 
+        "key": ::Portunus.configuration.encrypter.generate_key, 
+        "enabled": true,
+        "created_at": DateTime.now.rfc3339
+      }
+    end
+
+    if adaptor_name == "Portunus::StorageAdaptors::Credentials"
+      key_hash = keys.inject({}) do |hash, key|
+        hash[SecureRandom.hex(16).to_s] = key
+        hash
+      end
+
+      puts({ portunus: key_hash }.to_yaml)
+    elsif adaptor_name == "Portunus::StorageAdaptors::Environment" 
+      output = ""
+      keys.map do |portunus_key|
+        key_name = SecureRandom.hex(10)
+        output += "export PORTUNUS_#{key_name}_KEY=#{portunus_key[:key]}\n"
+        output += "export PORTUNUS_#{key_name}_ENABLED=true\n"
+        output += "export PORTUNUS_#{key_name}_CREATED_AT=#{portunus_key[:created_at]}\n"
+      end
+
+      puts output
+    else
+      raise ::Portunus::Error.new("Adaptor does not support key generation")
+    end
+  end
+end

data/lib/portunus/tasks/rotate_keys.rake

@@ -0,0 +1,36 @@
+namespace :portunus do
+  desc "Rotate KEK keys, reencrypt the deks"
+  task rotate_keks: :environment do
+    scope = ::Portunus::DataEncryptionKey.
+      where(
+        "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null", 
+        ::Portunus.configuration.max_key_duration,
+        ::Portunus.configuration.max_key_duration
+      )
+
+    scope.in_batches do |relation|
+      relation.map do |encryption_key|
+        ::Portunus::Rotators::Kek.for(encryption_key)
+      end
+    end
+  end
+
+  desc "Rotate DEK keys, reencrypt the data"
+  task rotate_deks: :environment do
+    if ENV["FORCE"] == "true"
+      scope = ::Portunus::DataEncryptionKey.all
+    else
+      scope = ::Portunus::DataEncryptionKey.
+        where(
+          "last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null", 
+          ::Portunus.configuration.max_key_duration,
+          ::Portunus.configuration.max_key_duration
+        )
+    end
+    scope.in_batches do |relation|
+      relation.map do |encryption_key|
+        ::Portunus::Rotators::Dek.for(encryption_key)
+      end
+    end
+  end
+end

data/lib/portunus/type_caster.rb

@@ -0,0 +1,37 @@
+module Portunus
+  class TypeCaster
+    TYPE_MAP = {
+      string: ::Portunus::TypeCasters::String,
+      integer: ::Portunus::TypeCasters::Integer,
+      float: ::Portunus::TypeCasters::Float,
+      date:  ::Portunus::TypeCasters::Date,
+      datetime: ::Portunus::TypeCasters::DateTime,
+      boolean: ::Portunus::TypeCasters::Boolean
+    }
+
+    def self.cast(value:, type: nil)
+      new(value: value, type: type).cast
+    end
+
+    def self.uncast(value:, type: nil)
+      new(value: value, type: type).uncast
+    end
+
+    def initialize(value:, type: :string)
+      @value = value
+      @type = type
+    end
+
+    def cast
+      TYPE_MAP[type.to_sym].cast(value: value)
+    end
+
+    def uncast
+      TYPE_MAP[type.to_sym].uncast(value: value)
+    end
+
+    private
+
+    attr_reader :type, :value
+  end
+end

data/lib/portunus/type_casters/boolean.rb

@@ -0,0 +1,39 @@
+module Portunus
+  module TypeCasters
+    class Boolean
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        if [false, nil, "false", 0].include?(value)
+          "false"
+        else
+          "true"
+        end
+      end
+
+      def uncast
+        if value == "true"
+          true
+        elsif value == "false"
+          false
+        else
+          raise ::Portunus::Error.new("Invalid boolean value")
+        end
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/type_casters/date.rb

@@ -0,0 +1,29 @@
+module Portunus
+  module TypeCasters
+    class Date
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        value.to_s
+      end
+
+      def uncast
+        ::Date.parse(value)
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/type_casters/date_time.rb

@@ -0,0 +1,29 @@
+module Portunus
+  module TypeCasters
+    class DateTime
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        value.rfc3339
+      end
+
+      def uncast
+        ::DateTime.rfc3339(value)
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/type_casters/float.rb

@@ -0,0 +1,29 @@
+module Portunus
+  module TypeCasters
+    class Float
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        value.to_s
+      end
+
+      def uncast
+        value.to_f
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/type_casters/integer.rb

@@ -0,0 +1,29 @@
+module Portunus
+  module TypeCasters
+    class Integer
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        value.to_s
+      end
+
+      def uncast
+        value.to_i
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/type_casters/string.rb

@@ -0,0 +1,29 @@
+module Portunus
+  module TypeCasters
+    class String
+      def self.cast(value:)
+        new(value: value).cast
+      end
+
+      def self.uncast(value:)
+        new(value: value).uncast
+      end
+
+      def initialize(value:)
+        @value = value
+      end
+
+      def cast
+        value.to_s
+      end
+
+      def uncast
+        value
+      end
+
+      private
+
+      attr_reader :value
+    end
+  end
+end

data/lib/portunus/version.rb

@@ -0,0 +1,3 @@
+module Portunus
+  VERSION = "0.3.0"
+end

data/lib/portunus.rb

@@ -0,0 +1,39 @@
+require "portunus/version"
+require "generators/install_generator.rb"
+require "portunus/configuration"
+require "portunus/data_encryption_key"
+require "portunus/encryptable"
+require "portunus/data_key_generator"
+require "portunus/field_configurer"
+require "portunus/hasher"
+require "portunus/master_key"
+require "portunus/rotators/dek"
+require "portunus/rotators/kek"
+require "portunus/storage_adaptors/credentials"
+require "portunus/storage_adaptors/environment"
+require "portunus/encrypters/open_ssl_aes"
+require "portunus/type_casters/boolean"
+require "portunus/type_casters/date"
+require "portunus/type_casters/date_time"
+require "portunus/type_casters/integer"
+require "portunus/type_casters/float"
+require "portunus/type_casters/string"
+require "portunus/type_caster"
+
+module Portunus
+  require "portunus/railtie" if defined?(Rails)
+  class Error < StandardError; end
+  # Your code goes here...
+  def self.configure
+    @@configuration ||= ::Portunus::Configuration.new
+
+    yield(@@configuration)
+  end
+  def self.configuration
+    @@configuration ||= ::Portunus::Configuration.new
+  end
+
+  def self.table_name_prefix
+    "portunus_"
+  end
+end

data/portunus.gemspec

@@ -0,0 +1,51 @@
+lib = File.expand_path("../lib", __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require "portunus/version"
+
+Gem::Specification.new do |spec|
+  spec.name          = "portunus"
+  spec.version       = Portunus::VERSION
+  spec.authors       = ["Colin Petruno"]
+  spec.email         = ["colinpetruno@gmail.com"]
+
+  spec.summary       = %q{DEK and KEK Encryption for Rails}
+  spec.description   = %q{Easily encrypt all your sensitive data.}
+  spec.homepage      = "https://www.github.com/colinpetruno/portunus"
+  spec.license       = "MIT"
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    # spec.metadata["allowed_push_host"] = "TODO: Set to 'http://mygemserver.com'"
+
+    spec.metadata["homepage_uri"] = "https://www.github.com/colinpetruno/portunus"
+    spec.metadata["source_code_uri"] = "https://www.github.com/colinpetruno/portunus"
+    spec.metadata["changelog_uri"] = "https://www.github.com/colinpetruno/portunus/CHANGELOG.md"
+  else
+    raise "RubyGems 2.0 or newer is required to protect against " \
+      "public gem pushes."
+  end
+
+  # Specify which files should be added to the gem when it is released.
+  # The `git ls-files -z` loads the files in the RubyGem that have been added into git.
+  spec.files         = Dir.chdir(File.expand_path('..', __FILE__)) do
+    `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  end
+  spec.require_paths = ["lib"]
+
+  spec.add_runtime_dependency "rails", ">= 5.0.0"
+  spec.add_runtime_dependency "aes"
+  spec.add_runtime_dependency "openssl", ">= 2.1.0"
+
+  spec.add_development_dependency "bundler", "> 1.17"
+  spec.add_development_dependency "rails", ">= 5.0.0"
+  spec.add_development_dependency "rake", "> 12.3.3"
+  spec.add_development_dependency "rspec"
+  spec.add_development_dependency "sqlite3"
+  spec.add_development_dependency "pry-rails"
+  spec.add_development_dependency "pry-stack_explorer"
+  # simplecov 18 is incompatible with test reporter
+  # https://github.com/codeclimate/test-reporter/issues/413
+  spec.add_development_dependency "simplecov", "~> 0.17.1"
+  spec.add_development_dependency "codeclimate-test-reporter"
+end

metadata

@@ -0,0 +1,255 @@
+--- !ruby/object:Gem::Specification
+name: portunus
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+platform: ruby
+authors:
+- Colin Petruno
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2020-03-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: aes
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: openssl
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.1.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 5.0.0
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 12.3.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">"
+      - !ruby/object:Gem::Version
+        version: 12.3.3
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: pry-stack_explorer
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.17.1
+- !ruby/object:Gem::Dependency
+  name: codeclimate-test-reporter
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Easily encrypt all your sensitive data.
+email:
+- colinpetruno@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".nvmrc"
+- ".travis.yml"
+- CODE_OF_CONDUCT.md
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/console
+- bin/setup
+- lib/Rakefile
+- lib/generators/install_generator.rb
+- lib/generators/templates/create_portunus.rb.erb
+- lib/portunus.rb
+- lib/portunus/configuration.rb
+- lib/portunus/data_encryption_key.rb
+- lib/portunus/data_key_generator.rb
+- lib/portunus/encryptable.rb
+- lib/portunus/encrypters/open_ssl_aes.rb
+- lib/portunus/encrypters/time.rb
+- lib/portunus/field_configurer.rb
+- lib/portunus/hasher.rb
+- lib/portunus/master_key.rb
+- lib/portunus/railtie.rb
+- lib/portunus/rotators/dek.rb
+- lib/portunus/rotators/kek.rb
+- lib/portunus/storage_adaptors/credentials.rb
+- lib/portunus/storage_adaptors/environment.rb
+- lib/portunus/tasks/generate_keys.rake
+- lib/portunus/tasks/rotate_keys.rake
+- lib/portunus/type_caster.rb
+- lib/portunus/type_casters/boolean.rb
+- lib/portunus/type_casters/date.rb
+- lib/portunus/type_casters/date_time.rb
+- lib/portunus/type_casters/float.rb
+- lib/portunus/type_casters/integer.rb
+- lib/portunus/type_casters/string.rb
+- lib/portunus/version.rb
+- portunus.gemspec
+- tmp/log/development.log
+homepage: https://www.github.com/colinpetruno/portunus
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://www.github.com/colinpetruno/portunus
+  source_code_uri: https://www.github.com/colinpetruno/portunus
+  changelog_uri: https://www.github.com/colinpetruno/portunus/CHANGELOG.md
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3
+signing_key: 
+specification_version: 4
+summary: DEK and KEK Encryption for Rails
+test_files: []