safedb 0.3.1011 → 0.4.1002

data/lib/controller/admin/init.rb

@@ -0,0 +1,113 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # This idempotent <b>init use case</b> promises that a password-protected
+  # book with the given name will exist within the safe's directory tree, along
+  # with key derivation salts, ciphertext and other paraphernalia.
+  #
+  # After successful execution, the following state is observable
+  #
+  # - folder **`~/.safedb.net/safedb-master-crypts/safedb.book.<BOOK_ID>`** exists
+  # - book content file **`safedb.chapter.<CONTENT_ID>.txt`** exists
+  # - **`safedb-user-configuration.ini`** links the branch and book ids
+  # - **`safedb-master-index-local.ini`** has section with [<BOOK_ID>]
+  #
+  # Within the master index file in the [<BOOK_ID>] section will be
+  #
+  # - the book initialiize time
+  # - the salts and ciphertext from the key derivation functions
+  # - the ID and initialization vector (iv) of the contents file
+  #
+  # == init use case <b>pre-conditions</b>
+  #
+  # Warning or error messages must result unless these pre-conditions are met
+  #
+  # - a secret (if required) is prompted or in --password or SAFE_BOOK_PASSWORD
+  # - the strength of the human sourced password is adequate
+  # - the book name ( maybe from SAFE_BOOK_NAME ) follows convention
+  # - the shell must have a SAFE_TTY_TOKEN environment variable
+  #
+  class Init < AccessUc
+
+
+    def execute
+
+# @todo => in parent class Auth validate the book name
+
+
+      @book_id = Identifier.derive_ergonomic_identifier( @book_name, Indices::SAFE_BOOK_ID_LENGTH )
+
+      if is_book_initialized?()
+        print_already_initialized
+        return
+      end
+
+      StateMigrate.create_book( @book_id )
+
+# @todo => search for password in environment variable
+
+      book_secret = KeyPass.password_from_shell( true ) if @password.nil?
+      book_secret = @password unless @password.nil?
+
+      master_keys = DataMap.new( Indices::MASTER_INDICES_FILEPATH )
+      master_keys.use( @book_id )
+
+      StateMigrate.recycle_both_keys(
+        @book_id,
+        book_secret,
+        master_keys,
+        virginal_book()
+      )
+
+      print_success_initializing
+
+    end
+
+
+    private
+
+
+    def virginal_book()
+
+      initial_db = DataStore.new()
+      initial_db.store( Indices::SAFE_BOOK_INITIALIZE_TIME, KeyNow.readable() )
+      initial_db.store( Indices::SAFE_BOOK_NAME, @book_name )
+      initial_db.store( Indices::SAFE_BOOK_INIT_VERSION, Indices::SAFE_VERSION_STRING )
+      initial_db.store( Indices::SAFE_BOOK_CHAPTER_KEYS, {} )
+
+      return initial_db.to_json
+
+    end
+
+
+    def print_already_initialized
+
+      puts ""
+      puts "You can go ahead and login."
+      puts "Your domain [#{@book_name}] is already setup."
+      puts "You should already know the password."
+      puts ""
+      puts "    #{COMMANDMENT} login #{@book_name}"
+      puts ""
+
+    end
+
+
+    def print_success_initializing
+
+      puts ""
+      puts "Success! You can now login."
+      puts "Your book #{@book_name} with id #{@book_id} is up."
+      puts "From now on you simply login like this."
+      puts ""
+      puts "    #{COMMANDMENT} login #{@book_name}"
+      puts ""
+
+    end
+
+
+  end
+
+
+end

data/lib/controller/admin/login.rb

@@ -0,0 +1,88 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <b>login use case</b> is given the domain name and if needs be
+  # it collects the password then (if correct) logs the user in.
+  #
+  # Here are some key facts about the login command
+  #
+  # - its domain name parameter is mandatory
+  # - it is called at the start of every branch
+  # - it is undone by the logout command
+  # - it requires the shell token environment variable to be set
+  # - you can nest login commands thus using multiple domains
+  # - you can call it with a --with=password switch
+  # - a space before the command prevents it being logged in .bash_history
+  # - you can deliver the password in multiple ways
+  class Login < AccessUc
+
+    def execute
+
+# @todo => in parent class Auth validate the book name
+
+      @book_id = Identifier.derive_ergonomic_identifier( @book_name, Indices::SAFE_BOOK_ID_LENGTH )
+
+      unless ( is_book_initialized?() )
+        print_not_initialized
+        return
+      end
+
+      if( StateInspect.is_logged_in?( @book_id ) )
+        StateMigrate.use_book( @book_id )
+        View.new().flow()
+        return
+      end
+
+# @todo => search for password in environment variable
+
+      book_password = KeyPass.password_from_shell( false ) if @password.nil?
+      book_password = @password unless @password.nil?
+
+# @todo => if password is correct - if not print out an error.
+
+      book_keys = DataMap.new( Indices::MASTER_INDICES_FILEPATH )
+      book_keys.use( @book_id )
+
+      StateMigrate.login( book_keys, book_password )
+      View.new().flow()
+
+    end
+
+
+    private
+
+
+    def print_already_logged_in
+
+      puts ""
+      puts "We are already logged in. Open a secret envelope, put, then seal."
+      puts ""
+      puts "    #{COMMANDMENT} open aws.credentials:s3reader"
+      puts "    #{COMMANDMENT} put access_key ABCD1234"
+      puts "    #{COMMANDMENT} put secret_key FGHIJ56789"
+      puts "    #{COMMANDMENT} put region_key eu-central-1"
+      puts "    #{COMMANDMENT} seal"
+      puts ""
+
+    end
+
+
+    def print_not_initialized
+
+      puts ""
+      puts "This book [ #{@book_name} ] has not yet been initialized."
+      puts "Please initialize it with this command."
+      puts ""
+      puts "    #{COMMANDMENT} init #{@book_name}"
+      puts ""
+
+    end
+
+
+  end
+
+
+end
+
+

data/lib/controller/admin/open.rb

@@ -0,0 +1,39 @@
+#!/usr/bin/ruby
+	
+module SafeDb
+
+  # The <tt>open use case</tt> allows us to add (put), subtract (remove), change
+  # (update) and list the credential within first a chapter (outer) and then within
+  # a verse (inner), of the logged in book.
+  #
+  # == safe reopen <<chapter>> <<verse>>
+  #
+  # If you need to be sure that you are re-opening a chapter and verse that already
+  # exists you use the <tt>safe reopen</tt> command. This command produces an error
+  # if it cannot find specified chapter and verse.
+  #
+  class Open < UseCase
+
+    # The chapter and verse of this book that are to be opened.
+    attr_writer :chapter, :verse
+
+    def execute
+
+      book = Book.new()
+      book.set_open_chapter_name( @chapter )
+      book.set_open_verse_name( @verse )
+      book.write()
+
+      # Show the mini dictionary at the opened chapter and verse location
+      # More work is needed when for when only the chapter is opened in
+      # which case we should show the list of verses and perhaps the count
+      # of key value pairs each verse contains.
+      Show.new.flow()
+
+    end
+
+
+  end
+
+
+end

data/lib/{usecase → controller/admin}/token.rb

@@ -2,7 +2,7 @@
 
 module SafeDb
 
-  # The <tt>token use case</tt> prints out an encrypted session token tied
+  # The <tt>token use case</tt> prints out an encrypted shell token tied
   # to the workstation and shell environment. See the root README.md on how
   # to export it and create a simple command alias for it in the ~/.bash_aliases
   # script which is executed when the shell starts.
@@ -11,7 +11,7 @@ module SafeDb
 
     def execute
 
-      print KeyLocal.generate_shell_key_and_token()
+      print KeyDerivation.generate_shell_key_and_token()
 
     end
 

data/lib/controller/admin/tree.md

@@ -0,0 +1,54 @@
+
+# the safedb directory tree
+
+On disk, the safe database is largely just **crypt files** and **indices** which contain salts and possibly remote repository urls. You'll also find a safe **user configuration file** plus activity logs.
+
+```
+~/.safedb.net
+    |
+    |--- safedb-master-index-local.ini
+    |--- safedb-user-configuration.ini
+    |--- safedb-activity-journal.log
+    |
+    |--- safedb-master-crypts
+             |
+             |--- .git
+             |--- safedb.book.ababab-ababab
+                      |
+                      |--- safedb.chapter.8d04ldabcd.txt
+                      |--- safedb.chapter.fl3456asdf.txt
+                      |--- safedb.chapter.pw9521pqwo.txt
+
+             |
+             |--- safedb.book.cdcdcd-cdcdcd
+                      |
+                      |--- safedb.chapter.o3wertpoiu.txt
+                      |--- safedb.chapter.xcvbrt2345.txt
+    |
+    |
+    |--- safedb-branch-crypts
+             |
+             |--- safedb-branch-ababab-ababab-xxxxxx-xxxxxx-xxxxxx
+                      |
+                      |--- safedb.chapter.8d04ldabcd.txt
+                      |--- safedb.chapter.fl3456asdf.txt
+                      |--- safedb.chapter.pw9521pqwo.txt
+             |
+             |
+             |--- safedb-branch-ababab-ababab-xxxxxx-zzzzzz-zzzzzz
+                      |
+                      |--- safedb.chapter.id1234abcd.txt
+                      |--- safedb.chapter.id3456asdf.txt
+                      |--- safedb.chapter.id9521pqwo.txt
+
+             |
+             |
+             |--- safedb-branch-cdcdcd-cdcdcd-ghighi-ghighi-ghighi
+                      |
+                      |--- safedb.chapter.o3wertpoiu.txt
+                      |--- safedb.chapter.xcvbrt2345.txt
+
+    |--- safedb-branch-indices
+             |
+             |--- safedb-indices-xxxxxx-xxxxxx-xxxxxx.ini
+```

data/lib/controller/admin/view.rb

@@ -0,0 +1,61 @@
+#!/usr/bin/ruby
+
+module SafeDb
+
+  # View provides a bird's eye view of the book's content and links well with
+  # the <b>goto</b>, <b>show</b> and <b>tell</b> commands.
+  #
+  # View maps out and numbers each chapter/verse combination.
+  # Goto with the number effectively shortcuts the open pinpointer.
+  # Show prints out the verse lines at the opened path but masks any secrets.
+  # Tell also prints out the verse lines but unabashedly displays secrets.
+  class View < UseCase
+
+    def execute
+
+      book = Book.new()
+
+      puts ""
+      puts " == Birth Day := #{book.init_time()}\n"
+      puts " == Book Name := #{book.book_name()} [#{book.book_id}]\n"
+      puts " == Book Mark := #{book.get_open_chapter_name()}/#{book.get_open_verse_name()}\n" if book.is_opened?()
+      puts ""
+
+      verse_count = 0
+      chapter_index = 0
+      book.branch_chapter_keys().each_pair do | chapter_name, chapter_keys |
+
+        chapter_index += 1
+        verse_index = 0
+        chapter_data = Content.unlock_branch_chapter( chapter_keys )
+        chapter_data.each_key do | verse_name |
+
+          verse_index += 1
+          verse_count += 1
+          is_open = book.is_open?( chapter_name, verse_name )
+          isnt_first = verse_count != 1
+          isnt_last = ( chapter_index != book.branch_chapter_keys().length() ) || ( verse_index != chapter_data.length() )
+          mark_open = is_open ? "<< " : ""
+          mark_close = is_open ? " >>" : ""
+          fixdint = format( "%02d", verse_count )
+          puts " -- ---- --------------------------------------" if( is_open && isnt_first )
+          puts " -- [#{fixdint}] #{mark_open}#{chapter_name} :~~ #{verse_name}#{mark_close}\n"
+          puts " -- ---- --------------------------------------" if( is_open && isnt_last )
+
+        end
+
+      end
+
+      puts ""
+      puts " == There are #{book.branch_chapter_keys().length()} chapters and #{verse_count} verses."
+      puts ""
+
+      return
+
+    end
+
+
+  end
+
+
+end

data/lib/{usecase → controller/api}/docker/docker.rb

@@ -30,7 +30,7 @@ module SafeDb
             # key/value mini-dictionary breadcrumbs sitting
             # within the master database at the section labelled
             # envelope@<<actual_chapter_id>>.
-            chapter_data = KeyDb.from_json( KeyApi.content_unlock( master_db[ chapter_id ] ) )
+            chapter_data = DataStore.from_json( Lock.content_unlock( master_db[ chapter_id ] ) )
 
             key_value_dictionary = chapter_data[ verse_id ]
             docker_username = key_value_dictionary[ "docker.username" ]

data/lib/{usecase → controller/api}/jenkins/jenkins.rb

@@ -169,7 +169,7 @@ module SafeDb
             # key/value mini-dictionary breadcrumbs sitting
             # within the master database at the section labelled
             # envelope@<<actual_chapter_id>>.
-            chapter_data = KeyDb.from_json( KeyApi.content_unlock( master_db[ chapter_id ] ) )
+            chapter_data = DataStore.from_json( Lock.content_unlock( master_db[ chapter_id ] ) )
 
             key_value_dictionary = chapter_data[ verse_id ]
 

data/lib/{usecase → controller/api}/terraform/README.md

@@ -44,7 +44,7 @@ Now and forever you can return to the chapter and verse and enjoy a secure crede
 
 You can even change directories and run other terraform projects against the opened IAM user. You can also open an IAM user, run commands, open another run commands and then reopen the first and run commands.
 
-As long as you stay within your shell window - your safe login will persist. Once your session is finished you either logout or exit the shell.
+As long as you stay within your shell window - your safe login will persist. Once your branch is finished you either logout or exit the shell.
 
 ### Shortcut Alert
 

data/lib/{usecase → controller/api}/terraform/terraform.rb

@@ -46,7 +46,7 @@ module SafeDb
       # key/value mini-dictionary breadcrumbs sitting
       # within the master database at the section labelled
       # envelope@<<actual_chapter_id>>.
-      chapter_data = KeyDb.from_json( KeyApi.content_unlock( master_db[ chapter_id ] ) )
+      chapter_data = DataStore.from_json( Lock.content_unlock( master_db[ chapter_id ] ) )
 
       # Now read the three AWS IAM credentials @access.key, @secret.key and region.key
       # into the 3 environment variables terraform expects to find.

data/lib/{usecase → controller/api}/vpn/README.md

@@ -103,7 +103,7 @@ Now and forever you can return to the chapter and verse and enjoy a secure crede
 
 You can even change directories and run other terraform projects against the opened IAM user. You can also open an IAM user, run commands, open another run commands and then reopen the first and run commands.
 
-As long as you stay within your shell window - your safe login will persist. Once your session is finished you either logout or exit the shell.
+As long as you stay within your shell window - your safe login will persist. Once your branch is finished you either logout or exit the shell.
 
 ### Shortcut Alert