ruby-pgp 0.0.1

data/lib/pgp/gpg/runner.rb

@@ -0,0 +1,189 @@
+require 'open3'
+
+module GPG
+  class Runner
+    include PGP::LogCapable
+
+    attr_accessor :version_cache
+
+    def version_default
+      if self.version_cache.nil?
+        self.version_cache = read_version('gpg --version', '')
+      end
+
+      self.version_cache
+    end
+
+    def read_private_key_recipients
+      run('gpg --quiet --list-secret-keys --fingerprint --keyid-format LONG') do |stdin, output, handle|
+        return [] unless handle.value.success?
+        extract_recipients(output)
+      end
+    end
+
+    def read_public_key_recipients
+      run('gpg --quiet --list-keys --fingerprint --keyid-format LONG') do |stdin, output, handle|
+        return [] unless handle.value.success?
+        extract_recipients(output)
+      end
+    end
+
+    def read_private_key_fingerprints
+      run('gpg --quiet --list-secret-keys --fingerprint --keyid-format LONG') do |stdin, output, handle|
+        return [] unless handle.value.success?
+        extract_fingerprints(output)
+      end
+    end
+
+    def read_public_key_fingerprints
+      run('gpg --quiet --list-keys --fingerprint --keyid-format LONG') do |stdin, output, handle|
+        return [] unless handle.value.success?
+        extract_fingerprints(output)
+      end
+    end
+
+    def delete_private_key(fingerprint)
+      run_gpg_silent_command("gpg --quiet --batch --yes --delete-secret-key #{fingerprint}")
+    end
+
+    def delete_public_key(fingerprint)
+      run_gpg_silent_command("gpg --quiet --batch --yes --delete-key #{fingerprint}")
+    end
+
+    def import_key_from_file(path)
+      log("Import Key; path: #{path}; contents:\n#{File.read(path)}")
+      command = "gpg --batch -v --import \"#{path}\""
+      run(command) do |stdin, output, handle|
+        extract_recipients(output)
+      end
+    end
+
+    def verify_signature_file(path, data_output_path=nil)
+      if data_output_path.nil?
+        log("Verify Signature; path: #{path}; contents:\n#{File.read(path)}")
+        run_gpg_silent_command("gpg --quiet --batch --verify \"#{path}\"")
+      else
+        log("Verify Signature; path: #{path}; data_output_path: #{data_output_path}; contents:\n#{File.read(path)}")
+        run_gpg_silent_command("gpg --quiet --batch --output \"#{data_output_path}\" \"#{path}\"")
+      end
+    end
+
+    def decrypt_file(path, data_output_path, passphrase=nil)
+      passphrase ||= ''
+      command_pieces = [
+          'gpg',
+          '--quiet',
+          '--batch',
+          pinentry_mode_command_options(passphrase),
+          passphrase_command_options(passphrase),
+          '--yes',
+          '--ignore-mdc-error',
+          '--output',
+          "\"#{data_output_path}\"",
+          '--decrypt',
+          "\"#{path}\""
+      ]
+      command = command_pieces.reject(&:empty?).join(' ')
+      run_gpg_silent_command(command)
+    end
+
+    def sign_file(path, data_output_path, passphrase=nil)
+      passphrase ||= ''
+      command_pieces = [
+          'gpg',
+          '--quiet',
+          '--batch',
+          pinentry_mode_command_options(passphrase),
+          passphrase_command_options(passphrase),
+          '--yes',
+          '--ignore-mdc-error',
+          '--output',
+          "\"#{data_output_path}\"",
+          '--sign',
+          "\"#{path}\""
+      ]
+      command = command_pieces.reject(&:empty?).join(' ')
+      run_gpg_silent_command(command)
+    end
+
+    def encrypt_file(path, data_output_path, recipients)
+      recipients_str = recipients
+                           .map { |s| "--recipient \"#{s}\"" }
+                           .join(' ')
+      command = "gpg --quiet --batch --yes --output \"#{data_output_path}\" #{recipients_str} --trust-model always --encrypt \"#{path}\""
+      run_gpg_silent_command(command)
+    end
+
+    private
+
+    def run_gpg_silent_command(command)
+      run(command) do |stdin, output, handle|
+        handle.value.success?
+      end
+    end
+
+    def read_version(command, default_value)
+      run(command) do |stdin, output, handle|
+        return default_value unless handle.value.success?
+        output.lines.first.split(' ').last.strip
+      end
+    end
+
+    def extract_fingerprints(str)
+      (str || '')
+          .lines
+          .filter { |l| l.downcase.include? 'key fingerprint =' }
+          .map { |l| l.split('=').last }
+          .map { |l| l.gsub(' ', '').strip }
+    end
+
+    def extract_recipients(str)
+      (str || '')
+          .lines
+          .map { |l| l.scan(/\<(.+)\>/m) }
+          .flatten
+          .reject(&:empty?)
+          .uniq
+    end
+
+    def run(command)
+      log("Running Command: #{command}")
+
+      Open3.popen2e(command) do |stdin, output, handle|
+        output_data = stream_to_string(output)
+
+        log("Output:\n#{output_data}")
+        log("Success?: #{handle.value.success?}")
+
+        yield(stdin, output_data, handle)
+      end
+    end
+
+    def stream_to_string(stream)
+      result = ''
+      loop do
+        data = stream.gets
+
+        if data.nil?
+          break
+        end
+
+        result << data
+      end
+      result
+    end
+
+    def passphrase_command_options(passphrase)
+      return '' if passphrase.empty?
+
+      "--passphrase \"#{passphrase}\""
+    end
+
+    def pinentry_mode_command_options(passphrase)
+      return '' if passphrase.empty?
+      return '' if version_default.start_with?('2.0.')
+
+      '--pinentry-mode loopback'
+    end
+  end
+end

data/lib/pgp/gpg/temp_path_helper.rb

@@ -0,0 +1,25 @@
+module GPG
+  class TempPathHelper
+    def self.create(&block)
+      path = File.join(Dir.tmpdir, random_string)
+
+      yield(path) if block
+
+      path
+    ensure
+      delete(path)
+    end
+
+    private
+
+    def self.delete(path)
+      if File.exists?(path)
+        File.delete(path)
+      end
+    end
+
+    def self.random_string(length=20)
+      (0...length).map { (65 + rand(26)).chr }.join
+    end
+  end
+end

data/lib/pgp/keys_importer.rb

@@ -0,0 +1,11 @@
+module PGP
+  module KeysImporter
+    def add_keys(key_string)
+      GPG::Engine.new.import_key(key_string)
+    end
+
+    def add_keys_from_file(filename)
+      add_keys(File.read(filename))
+    end
+  end
+end

data/lib/pgp/log.rb

@@ -0,0 +1,28 @@
+require 'logger'
+
+module PGP
+  class Log
+    class << self
+      attr_writer :logger
+      attr_writer :verbose
+
+      def logger
+        @logger ||= Logger.new($stdout).tap do |log|
+          log.progname = self.name
+        end
+      end
+
+      def verbose
+        @verbose ||= false
+      end
+    end
+  end
+
+  module LogCapable
+    def log(message)
+      if PGP::Log.verbose
+        PGP::Log.logger.info(message)
+      end
+    end
+  end
+end

data/lib/pgp/ruby_decryptor.rb

@@ -0,0 +1,9 @@
+module PGP
+  class RubyDecryptor
+    def self.decrypt(encrypted_text, private_key_file, passphrase=nil)
+      engine = GPG::Engine.new
+      engine.import_key(File.read(private_key_file))
+      engine.decrypt(encrypted_text, passphrase)[1]
+    end
+  end
+end

data/lib/pgp/signer.rb

@@ -0,0 +1,16 @@
+module PGP
+  class Signer
+    include PGP::KeysImporter
+
+    attr_accessor :passphrase
+
+    def sign(data)
+      result = GPG::Engine.new.sign(data, self.passphrase)
+      result[1]
+    end
+
+    def sign_file(file_path)
+      sign File.read(file_path)
+    end
+  end
+end

data/lib/pgp/verifier.rb

@@ -0,0 +1,14 @@
+module PGP
+  class Verifier
+    include PGP::KeysImporter
+
+    def verify(signed_data)
+      result = GPG::Engine.new.verify_signature(signed_data)
+      signature_valid = result[0]
+
+      raise 'Signature could not be verified' unless signature_valid
+
+      result[1]
+    end
+  end
+end

data/lib/pgp/version.rb

@@ -0,0 +1,3 @@
+module PGP
+  VERSION = '0.0.1'
+end

data/lib/pgp.rb

@@ -0,0 +1,20 @@
+require 'pgp/log'
+require 'pgp/keys_importer'
+require 'pgp/decryptor'
+require 'pgp/encryptor'
+require 'pgp/verifier'
+require 'pgp/signer'
+require 'pgp/gpg/temp_path_helper'
+require 'pgp/gpg/runner'
+require 'pgp/gpg/engine'
+
+module PGP
+  autoload :VERSION,        'pgp/version'
+  autoload :RubyDecryptor,  'pgp/ruby_decryptor'
+  autoload :CLI,            'pgp/cli'
+
+  # This exists for stubbing during tests
+  def self.time_now
+    Time.now
+  end
+end

data/lib/ruby-pgp.rb

@@ -0,0 +1 @@
+require 'pgp'

data/ruby-pgp.gemspec

@@ -0,0 +1,24 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require 'pgp/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = 'ruby-pgp'
+  gem.version       = PGP::VERSION
+  gem.licenses      = ['MIT']
+  gem.authors       = ['Camilo Sanchez']
+  gem.email         = ['gems@tddapps.com']
+  gem.description   = %q{PGP for Ruby}
+  gem.summary       = %q{This is a GnuPG2 wrapper modeled after the jruby-pgp api}
+  gem.homepage      = 'https://github.com/cshtdd/ruby-pgp'
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ['lib']
+
+  gem.add_development_dependency 'rake', '~> 13'
+  gem.add_development_dependency 'rspec', '~> 3.9.0'
+end

data/run_tests.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+source /etc/profile.d/rvm.sh
+
+bundle install
+
+rspec

data/spec/helpers/keys_helper.rb

@@ -0,0 +1,9 @@
+module KeysHelper
+  def remove_all_keys
+    gpg = GPG::Engine.new
+    gpg.delete_all_keys
+
+    raise 'No public keys expected' unless gpg.runner.read_public_key_fingerprints.empty?
+    raise 'No private keys expected' unless gpg.runner.read_private_key_fingerprints.empty?
+  end
+end

data/spec/helpers/process_helper.rb

@@ -0,0 +1,13 @@
+module ProcessHelper
+  def setup_process(command, success, output)
+    output_stub = double
+    exit_code_stub = double
+    handle_stub = double
+
+    allow(handle_stub).to receive(:value).and_return(exit_code_stub)
+
+    allow(output_stub).to receive(:gets).and_return(output, nil)
+    allow(exit_code_stub).to receive(:success?).and_return(success)
+    allow(Open3).to receive(:popen2e).with(command).and_yield(nil, output_stub, handle_stub)
+  end
+end

data/spec/helpers/temp_helper.rb

@@ -0,0 +1,28 @@
+module TempHelper
+  def setup_temp_file(contents='')
+    stub = create_temp_file_stub(contents)
+    allow(Tempfile).to receive(:open).and_yield(stub)
+    stub
+  end
+
+  def create_temp_file_stub(contents='')
+    stub = double
+    allow(stub).to receive(:path).and_return(random_string)
+    allow(stub).to receive(:write).with(contents)
+    allow(stub).to receive(:read).and_return(contents)
+    allow(stub).to receive(:rewind)
+    stub
+  end
+
+  def random_string(length=20)
+    (0...length).map { (65 + rand(26)).chr }.join
+  end
+
+  def setup_temp_paths(paths)
+    allow(GPG::TempPathHelper).to receive(:create) do |&block|
+      p = paths.pop
+      block.call(p)
+      p
+    end
+  end
+end

data/spec/lib/pgp/cli_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+require 'fileutils'
+
+describe PGP::CLI do
+  let(:private_key_path)  { Fixtures_Path.join('private_key.asc').to_s }
+  let(:public_key_path)   { Fixtures_Path.join('public_key.asc').to_s }
+
+  let(:decrypted_file)  { Fixtures_Path.join('unencrypted_file.txt').to_s }
+  let(:encrypted_file)  { Fixtures_Path.join('unencrypted_file.txt.asc').to_s }
+
+  after {
+    # These files are created in our current working directory
+    FileUtils.rm_rf('unencrypted_file.txt.gpg')
+    FileUtils.rm_rf('unencrypted_file.txt')
+  }
+
+
+  describe 'Encrypting' do
+    it "should encrypt a given file to the given public key" do
+      PGP::CLI::Runner.go!([decrypted_file, "-p", "spec/support/fixtures/public_key.asc"])
+
+      expect(File.exist?('unencrypted_file.txt.gpg')).to eq(true)
+    end
+  end
+
+  describe 'Decrypting' do
+    it "should decrypt a given file to the given private key" do
+      PGP::CLI::Runner.go!([encrypted_file, "-P", "spec/support/fixtures/private_key.asc", "-d"])
+
+      expect(File.exist?('unencrypted_file.txt')).to eq(true)
+    end
+  end
+
+  describe 'Public Keys'
+
+  describe 'Private Keys'
+
+  describe 'Input Files'
+
+  describe 'Output Files'
+end

data/spec/lib/pgp/decryptor_spec.rb

@@ -0,0 +1,58 @@
+require 'spec_helper'
+
+describe PGP::Decryptor do
+  include KeysHelper
+
+  let(:private_key_path)  { Fixtures_Path.join('private_key.asc').to_s }
+  let(:public_key_path)   { Fixtures_Path.join('public_key.asc').to_s }
+
+  let(:decryptor) { PGP::Decryptor.new }
+
+  let(:encrypted_file)    { Fixtures_Path.join('unencrypted_file.txt.asc') }
+  let(:encrypted_text)    { File.read(encrypted_file) }
+  let(:file_path)         { Fixtures_Path.join('unencrypted_file.txt') }
+  let(:unencrypted_text)  { File.read(file_path) }
+
+  before { remove_all_keys }
+
+  describe '#decrypt' do
+    before {
+      decryptor.add_keys_from_file(private_key_path)
+    }
+
+    it "should successfully decrypt an encrypted file" do
+      expect(decryptor.decrypt(encrypted_text)).to eq(unencrypted_text)
+    end
+
+    describe 'ruby_decryptor' do
+      it 'should successfully decrypt an encrypted file' do
+        actual_text = PGP::RubyDecryptor.decrypt(encrypted_text, private_key_path)
+        expect(actual_text).to eq(unencrypted_text)
+      end
+    end
+  end
+
+  describe "decrypt with private key and passphrase" do
+    let(:private_key_with_passphrase_path) { Fixtures_Path.join('private_key_with_passphrase.asc') }
+    let(:encrypted_with_passphrase_file)    { Fixtures_Path.join('encrypted_with_passphrase_key.txt.asc') }
+    let(:encrypted_text) { File.read(encrypted_with_passphrase_file) }
+    let(:unencrypted_text) { File.read(Fixtures_Path.join('encrypted_with_passphrase_key.txt'))}
+    let(:passphrase) { "testingpgp" }
+
+    before do
+      decryptor.passphrase = passphrase
+      decryptor.add_keys_from_file(private_key_with_passphrase_path)
+    end
+
+    it "should decrypt" do
+      expect(decryptor.decrypt(encrypted_text)).to eq(unencrypted_text)
+    end
+
+    describe 'ruby_decryptor' do
+      it 'should decrypt' do
+        actual_text = PGP::RubyDecryptor.decrypt(encrypted_text, private_key_path, passphrase)
+        expect(actual_text).to eq(unencrypted_text)
+      end
+    end
+  end
+end

data/spec/lib/pgp/encryptor_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+
+describe PGP::Encryptor do
+  include KeysHelper
+
+  let(:private_key_path)  { Fixtures_Path.join('private_key.asc').to_s }
+  let(:public_key_path)   { Fixtures_Path.join('public_key.asc').to_s }
+
+  let(:encryptor) { PGP::Encryptor.new }
+  let(:string) { "FooBar" }
+
+  before { remove_all_keys }
+
+  describe '#initialize' do
+    let(:encryptor) { PGP::Encryptor.new(File.read public_key_path) }
+
+    it "should accept public key(s) as an argument" do
+      encrypted_string = encryptor.encrypt(string, "some filename.txt")
+
+      expect(PGP::RubyDecryptor.decrypt(encrypted_string, private_key_path)).to eq(string)
+    end
+  end
+
+  describe '#encrypt' do
+    after {
+      File.delete("some filename.txt") if File.exists?("some filename.txt")
+    }
+
+    context 'When the Public Key is from a file' do
+      before {
+        encryptor.add_keys_from_file(public_key_path)
+      }
+
+      it "it's encrypted string should be decryptable. durr" do
+        encrypted_string = encryptor.encrypt(string, "some filename.txt")
+
+        expect(File.read("some filename.txt")).to eq(encrypted_string)
+        expect(PGP::RubyDecryptor.decrypt(encrypted_string, private_key_path)).to eq(string)
+      end
+
+      it "should not require that a filename be specified" do
+        encrypted_string = encryptor.encrypt(string)
+
+        expect(PGP::RubyDecryptor.decrypt(encrypted_string, private_key_path)).to eq(string)
+      end
+    end # context 'When the Public Key is from a file'
+
+    context 'When the Public Key has been read in to memory' do
+      before {
+        encryptor.add_keys(File.read public_key_path)
+      }
+
+      it "it's encrypted string should be decryptable. durr" do
+        encrypted_string = encryptor.encrypt(string, "some filename.txt")
+
+        expect(File.read("some filename.txt")).to eq(encrypted_string)
+        expect(PGP::RubyDecryptor.decrypt(encrypted_string, private_key_path)).to eq(string)
+      end
+
+      it "should not require that a filename be specified" do
+        encrypted_string = encryptor.encrypt(string)
+
+        expect(PGP::RubyDecryptor.decrypt(encrypted_string, private_key_path)).to eq(string)
+      end
+    end # context 'When the Public Key has been read in to memory'
+
+  end # describe '#encrypt'
+
+  describe '#encrypt_file' do
+    let(:file_path) { Fixtures_Path.join('unencrypted_file.txt') }
+    let(:contents) { File.read(file_path) }
+
+    before {
+      encryptor.add_keys(File.read public_key_path)
+    }
+
+    pending "should have an encryptStream method to avoid memory bloat"
+
+    it "should encrypt a file" do
+      encrypted_file = encryptor.encrypt_file(file_path)
+
+      expect(PGP::RubyDecryptor.decrypt(encrypted_file, private_key_path)).to eq(contents)
+    end
+  end # describe '#encrypt_file'
+
+end