RubyGems - rcredstash - Versions diffs - 0.1.1 → 0.2.0 - Mend

rcredstash 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8a93b119dd169d80cf8ffaee1b098f153b0c7f5b
-  data.tar.gz: 37722f3b8674110281a0c292120a4a58a0629252
+  metadata.gz: 54924cbb3ef0b7e9e664afc6fe17bf2ed7f8b083
+  data.tar.gz: d97592afae4bb20e1bc0550275ae35866ab35c46
 SHA512:
-  metadata.gz: 9e2940ee12917db050ce6b5cdaa9c951c8a4d92d54d5c1be8a868dd6695681ba006f1f4bfa711b0837deab1e9ac3eaccc8c512af3531420d925f82ce922bd853
-  data.tar.gz: d319431cc1f5f7f357602485b972bb1d66deff5639d4a327efb6f2b1790023d9e915dd97692f7a647eb23ed7e9e4e686c0a9eb235aeb4a9fca5be0a4730bc850
+  metadata.gz: b07368c741370d224b0027fecf4dddd63d9dcf87785f0ff3c2eb5e2d9c819da7cfdc6b8c4f6178252379816f751e0d6a0022c091d1d005d1b4d911ada29c4bcd
+  data.tar.gz: 259753ebbadb4e6e6c0c49819e68b5f78b250e1074b77dd459cf39788f6882a83e513cf95ace9ff9b764f338a848c43fa2a3b94e7b18663aa0a58068b803d45c

data/lib/cred_stash/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module CredStash
-  VERSION = "0.1.1"
+  VERSION = "0.2.0"
 end

data/lib/cred_stash.rb CHANGED Viewed

@@ -1,36 +1,127 @@
 require 'aws-sdk'
 module CredStash
-  def self.get(name)
-    dynamodb = Aws::DynamoDB::Client.new
-    res = dynamodb.query(
-      table_name:  'credential-store',
-      limit: 1,
-      consistent_read: true,
-      scan_index_forward: false,
-      key_condition_expression: "#name = :name",
-      expression_attribute_names: { "#name" => "name"},
-      expression_attribute_values: { ":name" => name }
-    )
-    material = res.items.first
-    data = Base64.decode64(material["key"])
-    contents = Base64.decode64(material["contents"])
-    kms = Aws::KMS::Client.new
-    kms_res = kms.decrypt(ciphertext_blob: data)
-    key = kms_res.plaintext[0..32]
-    hmackey = kms_res.plaintext[32..-1]
-    unless OpenSSL::HMAC.hexdigest("sha256", hmackey, contents) == material["hmac"]
-      raise "invalid"
+  class << self
+    def get(name)
+      dynamodb = Aws::DynamoDB::Client.new
+      res = dynamodb.query(
+        table_name:  'credential-store',
+        limit: 1,
+        consistent_read: true,
+        scan_index_forward: false,
+        key_condition_expression: "#name = :name",
+        expression_attribute_names: { "#name" => "name"},
+        expression_attribute_values: { ":name" => name }
+      )
+      material = res.items.first
+      data = Base64.decode64(material["key"])
+      contents = Base64.decode64(material["contents"])
+      kms = Aws::KMS::Client.new
+      kms_res = kms.decrypt(ciphertext_blob: data)
+      key = kms_res.plaintext[0..32]
+      hmackey = kms_res.plaintext[32..-1]
+      unless OpenSSL::HMAC.hexdigest("sha256", hmackey, contents) == material["hmac"]
+        raise "invalid"
+      end
+      cipher = OpenSSL::Cipher::AES.new(256, "CTR")
+      cipher.decrypt
+      cipher.key = key
+      # FIXME It is better to generate and store initial counter
+      cipher.iv = %w(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1).map(&:hex).pack('C' * 16)
+      value = cipher.update(contents) + cipher.final
+      value.force_encoding("UTF-8")
+    end
+    def put(name, value)
+      kms = Aws::KMS::Client.new
+      kms_res = kms.generate_data_key(key_id: 'alias/credstash', number_of_bytes: 64)
+      data_key = kms_res.plaintext[0..32]
+      hmac_key = kms_res.plaintext[32..-1]
+      wrapped_key = kms_res.ciphertext_blob
+      cipher = OpenSSL::Cipher::AES.new(256, "CTR")
+      cipher.encrypt
+      cipher.key = data_key
+      # FIXME It is better to generate and store initial counter
+      cipher.iv = %w(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1).map(&:hex).pack('C' * 16)
+      contents = cipher.update(value) + cipher.final
+      hmac = OpenSSL::HMAC.hexdigest("sha256", hmac_key, contents)
+      version = get_highest_version(name) + 1
+      dynamodb = Aws::DynamoDB::Client.new
+      dynamodb.put_item(
+        table_name:  'credential-store',
+        item: {
+          name: name,
+          version: "%019d" % version,
+          key: Base64.encode64(wrapped_key),
+          contents: Base64.encode64(contents),
+          hmac: hmac
+        },
+        condition_expression: "attribute_not_exists(#name)",
+        expression_attribute_names: { "#name" => "name" },
+      )
+    end
+    def list
+      dynamodb = Aws::DynamoDB::Client.new
+      res = dynamodb.scan(
+        table_name:  'credential-store',
+        projection_expression: '#name, version',
+        expression_attribute_names: { "#name" => "name" },
+      )
+      res.items.inject({}) {|h, i| h[i['name']] = i['version']; h }
+    end
+    def delete(name)
+      dynamodb = Aws::DynamoDB::Client.new
+      res = dynamodb.query(
+        table_name:  'credential-store',
+        consistent_read: true,
+        key_condition_expression: "#name = :name",
+        expression_attribute_names: { "#name" => "name"},
+        expression_attribute_values: { ":name" => name }
+      )
+      # TODO needs delete target version option
+      item = res.items.first
+      dynamodb.delete_item(
+        table_name:  'credential-store',
+        key: {
+          name: item['name'],
+          version: item['version'],
+        }
+      )
     end
-    cipher = OpenSSL::Cipher::AES.new(256, "CTR")
-    cipher.decrypt
-    cipher.key = key
-    # FIXME It is better to generate and store initial counter
-    cipher.iv = %w(0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1).map(&:hex).pack('C' * 16)
-    value = cipher.update(contents) + cipher.final
-    value.force_encoding("UTF-8")
+    private
+    def get_highest_version(name)
+      dynamodb = Aws::DynamoDB::Client.new
+      res = dynamodb.query(
+        table_name:  'credential-store',
+        limit: 1,
+        consistent_read: true,
+        scan_index_forward: false,
+        key_condition_expression: "#name = :name",
+        expression_attribute_names: { "#name" => "name"},
+        expression_attribute_values: { ":name" => name },
+        projection_expression: 'version',
+      )
+      item = res.items.first
+      if item
+        item['version'].to_i
+      else
+        0
+      end
+    end
   end
 end

data/rcredstash.gemspec CHANGED Viewed

@@ -8,6 +8,7 @@ Gem::Specification.new do |spec|
   spec.version       = CredStash::VERSION
   spec.authors       = ["adorechic"]
   spec.email         = ["adorechic@gmail.com"]
+  spec.homepage      = 'https://github.com/adorechic/rcredstash'
   spec.summary       = %q{A Ruby port of CredStash}
   spec.description   = %q{A Ruby port of CredStash}

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rcredstash
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - adorechic
@@ -88,7 +88,7 @@ files:
 - lib/rcredstash.rb
 - lib/rcredstash/version.rb
 - rcredstash.gemspec
-homepage:
+homepage: https://github.com/adorechic/rcredstash
 licenses:
 - MIT
 metadata: {}