RubyGems - secretmgr - Versions diffs - 0.1.0 → 0.2.0 - Mend

secretmgr 0.1.0 → 0.2.0

Files changed (20) hide show

checksums.yaml +4 -4
data/.rubocop.yml +27 -22
data/.rubocop_todo.yml +101 -46
data/Gemfile +25 -14
data/Gemfile.lock +65 -49
data/Rakefile +41 -4
data/SECURITY.md +21 -0
data/exe/secretmgr +15 -78
data/lib/secretmgr/cli.rb +171 -0
data/lib/secretmgr/config.rb +42 -41
data/lib/secretmgr/globalsetting.rb +49 -0
data/lib/secretmgr/loggerxs.rb +4 -0
data/lib/secretmgr/secret.rb +228 -0
data/lib/secretmgr/secretmgr.rb +247 -200
data/lib/secretmgr/util.rb +15 -0
data/lib/secretmgr/version.rb +1 -1
data/lib/secretmgr.rb +28 -22
data/rubocoprefine.bat +29 -29
data/secretmgr.gemspec +49 -49
metadata +16 -79

data/lib/secretmgr/cli.rb ADDED Viewed

@@ -0,0 +1,171 @@
+require "pathname"
+require "yaml"
+require "optparse"
+module Secretmgr
+  class Cli
+    EXIT_CODE_SUCCESS = 0
+    EXIT_CODE_FAILURE = 10
+    CLI_OPTION_SUCCESS = 100
+    CLI_OPTION_ERROR_NIL = 110
+    CLI_OPTION_ERROR_DOES_NOT_EXIST = 120
+    CLI_OPTION_ERROR_ZERO = 130
+    FILE_OPTION = 10
+    DIRECTORY_OPTION = 20
+    def initialize
+      # log_level = :debug
+      log_level = :info
+      Secretmgr.log_init(log_level)
+      # log_level = :info
+      Loggerxs.init("log_", "log.txt", ".", true, log_level)
+      @params = {}
+      @opt = OptionParser.new
+      @opt.banner = "usage: secretmgr2 [@option]"
+      @opt.on("-c", "--cmd command") { |v| @params[:cmd] = v }
+      @opt.on("-d", "--secret_dir dir") { |v| @params[:secret_dir] = v }
+      @opt.on("-s", "--global_setting_file file") { |v| @params[:global_setting_file] = v }
+      @opt.on("-u", "--public_keyfile file") { |v| @params[:public_keyfile] = v }
+      @opt.on("-r", "--private_keyfile file") { |v| @params[:private_keyfile] = v }
+      @opt.on("-k", "--secret_key_dir dir") { |v| @params[:secret_key_dir] = v }
+      @opt.on("-F", "--encrypted_setting_file file") { |v| @params[:encrypted_setting_file] = v }
+      @opt.on("-e", "--encrypted_secret_file file") { |v| @params[:encrypted_secret_file] = v }
+      @opt.on("-f", "--plain_setting_file file") { |v| @params[:plain_setting_file] = v }
+      @opt.on("-p", "--plain_secret_file file") { |v| @params[:plain_secret_file] = v }
+      @opt.on("-t", "--target word") { |v| @params[:target] = v }
+      @opt.on("-b", "--subtarget word") { |v| @params[:subtarget] = v }
+    end
+    def arg_parse(argv)
+      ret = true
+      @opt.parse!(argv)
+      Loggerxs.debug @params
+      @cmd = @params[:cmd]
+      @setting_file_pn = "#{Pathname.new(Dir.home)}.secretmgr.yml"
+      @secret_dir_pn = Pathname.new(@params[:secret_dir]) if @params[:secret_dir]
+      @global_setting_file_pn = Pathname.new(@params[:global_setting_file]) if @params[:global_setting_file]
+      @secret_key_dir_pn = Pathname.new(@params[:secret_key_dir]) if @params[:secret_key_dir]
+      @public_keyfile_pn = Pathname.new(@params[:public_keyfile]) if @params[:public_keyfile]
+      @private_keyfile_pn = Pathname.new(@params[:private_keyfile]) if @params[:private_keyfile]
+      @encrypted_setting_file_pn = Pathname.new(@params[:encrypted_setting_file]) if @params[:encrypted_setting_file]
+      @encrypted_secret_file_pn = Pathname.new(@params[:encrypted_secret_file]) if @params[:encrypted_secret_file]
+      @plain_setting_file_pn = Pathname.new(@params[:plain_setting_file]) if @params[:plain_setting_file]
+      @plain_secret_file_pn = Pathname.new(@params[:plain_secret_file]) if @params[:plain_secret_file]
+      @target = @params[:target]
+      @subtarget = @params[:subtarget]
+      # p "arg_parse @public_keyfile_pn=#{@public_keyfile_pn}"
+      # p "arg_parse @private_keyfile_pn=#{@private_keyfile_pn}"
+      fail_count = 0
+      fail_count += file_option_error?(@global_setting_file_pn, "-s")
+      fail_count += directory_option_error?(@secret_dir_pn, "-d")
+      fail_count += directory_option_error?(@secret_key_dir_pn, "-k")
+      # fail_count += file_option_error?(@public_keyfile_pn, "-u")
+      Loggerxs.debug "@private_keyfile_pn=#{@private_keyfile_pn}"
+      # fail_count += file_option_error?(@private_keyfile_pn, "-r")
+      if @cmd == "setup"
+        fail_count += file_option_error?(@plain_setting_file_pn, "-f")
+        fail_count += file_option_error?(@plain_secret_file_pn, "-p")
+        fail_count += file_specified_option_error?(@encrypted_setting_file_pn, "-F")
+        fail_count += file_specified_option_error?(@encrypted_secret_fifile_pn, "-R")
+      else
+        # debugger
+        @target = @params[:target]
+        @subtarget = @params[:subtarget]
+        fail_count += string_option_error?(@target, "-t")
+        fail_count += string_option_error?(@subtarget, "-b")
+        fail_count += file_option_error?(@encrypted_setting_file_pn, "-F")
+        fail_count += file_option_error?(@encrypted_secret_file_pn, "-e")
+      end
+      ret = false if fail_count.positive?
+      Loggerxs.debug "fail_count=#{fail_count}"
+      Loggerxs.debug "ret=#{ret}"
+      ret
+    end
+    def directory_option_error?(pathn, option_name)
+      path_option_error?(pathn, option_name, DIRECTORY_OPTION)
+    end
+    def file_option_error?(pathn, option_name)
+      path_option_error?(pathn, option_name, FILE_OPTION)
+    end
+    def file_specified_option_error?(pathn, option_name)
+      path_specified_option_error?(pathn, option_name, FILE_OPTION)
+    end
+    def path_specified_option_error?(pathn, _option_name, _kind = FILE_OPTION)
+      fail_count = 0
+      fail_count = 1 if pathn.nil?
+      fail_count
+    end
+    def path_option_error?(pathn, option_name, kind = FILE_OPTION)
+      fail_count = 0
+      if Util.nil_or_dontexist?(pathn)
+        if kind == FILE_OPTION
+          Loggerxs.error "Can't find file(#{pathn}) which specified by #{option_name}"
+        else
+          Loggerxs.error "Can't find directory(#{pathn}) which specified by #{option_name}"
+        end
+        fail_count = 1
+      elsif kind == FILE_OPTION
+        fail_count = 1 unless pathn.file?
+      elsif !pathn.directory?
+        fail_count = 1
+      end
+      fail_count
+    end
+    def string_option_error?(str, option_name)
+      fail_count = 0
+      if Util.nil_or_zero?(str)
+        Loggerxs.error "nil or size zero(#{str}) which specified by #{option_name}"
+        fail_count = 1
+      end
+      fail_count
+    end
+    def execute
+      ret = nil
+      @global_setting = Globalsetting.new(@global_setting_file_pn)
+      @global_setting.ensure
+      @global_setting.load
+      case @cmd
+      when "setup"
+        secretmgr = Secretmgr.new(@global_setting, @secret_dir_pn, @secret_key_dir_pn, "setup")
+        return EXIT_CODE_FAILURE unless secretmgr.valid?
+        Loggerxs.debug "setup 1"
+        # p "@plain_setting_file_pn=#{@plain_setting_file_pn}"
+        secretmgr.set_setting_for_plain(@plain_setting_file_pn, @plain_secret_file_pn)
+        Loggerxs.debug "setup 2"
+        ret = secretmgr.setup
+        Loggerxs.debug "setup ret=#{ret}"
+      else
+        # p "cli execute data @public_keyfile_pn=#{@public_keyfile_pn} @private_keyfile_pn=#{@private_keyfile_pn}"
+        secretmgr = Secretmgr.new(@global_setting, @secret_dir_pn, @secret_key_dir_pn, "data",
+                                  public_keyfile_pn: @public_keyfile_pn,
+                                  private_keyfile_pn: @private_keyfile_pn)
+        # secretmgr.set_setting_for_plain(@plain_setting_file_pn, @plain_secret_file_pn)
+        secretmgr.set_setting_for_encrypted(@encrypted_setting_file_pn, @encrypted_secret_file_pn)
+        secretmgr.set_setting_for_query(@target, @subtarget)
+        secretmgr.load
+        ret = secretmgr.make(@target, @subtarget)
+        # p ret
+      end
+      ret
+    end
+  end
+end

data/lib/secretmgr/config.rb CHANGED Viewed

@@ -1,41 +1,42 @@
-# frozen_string_literal: true
-require "pathname"
-require "yaml"
-module Secretmgr
-  class Config
-    def initialize(parent_pn, format_filename = "format.txt")
-      format_pn = parent_pn + format_filename
-      file_content = File.read(format_pn)
-      @hash = YAML.safe_load(file_content)
-    end
-    def file_format(*keys)
-      result = keys.flatten.each_with_object([@hash]) do |item, memo|
-        hash = memo[0]
-        memo[0] = if hash
-                    (hash.instance_of?(Hash) ? hash[item] : nil)
-                  end
-      end
-      result ? (result[0] || @hash["default"]) : @hash["default"]
-    end
-    def get_file_path(parent_dir_pn, *keys)
-      flat_keys = keys.flatten
-      valid_keys = flat_keys.reject(&:nil?)
-      file_format = file_format(valid_keys)
-      case file_format
-      when "JSON_FILE"
-        flat_keys.unshift("JSON_FILE")
-        flat_keys.push("config.json")
-      when "YAML"
-        flat_keys = ["secret.yml"]
-      end
-      array = flat_keys.each_with_object([parent_dir_pn]) do |item, memo|
-        memo[0] = memo[0] + item if item
-      end
-      array[0]
-    end
-  end
-end
+# frozen_string_literal: true
+require "pathname"
+require "yaml"
+module Secretmgr
+  class Config
+    def initialize(parent_pn, format_filename = "format.txt")
+      format_pn = Pathname.new(parent_pn) + format_filename
+      file_content = File.read(format_pn)
+      @hash = YAML.safe_load(file_content)
+    end
+    def file_format(*keys)
+      result = keys.flatten.each_with_object([@hash]) do |item, memo|
+        hash = memo[0]
+        memo[0] = if hash
+                    (hash.instance_of?(Hash) ? hash[item] : nil)
+                  end
+      end
+      Loggerxs.debug "hash=#{hash}"
+      result ? (result[0] || @hash["default"]) : @hash["default"]
+    end
+    def get_file_path(parent_dir_pn, *keys)
+      flat_keys = keys.flatten
+      valid_keys = flat_keys.compact
+      file_format = file_format(valid_keys)
+      case file_format
+      when "JSON_FILE"
+        flat_keys.unshift("JSON_FILE")
+        flat_keys.push("config.json")
+      when "YAML"
+        flat_keys = ["secret.yml"]
+      end
+      array = flat_keys.each_with_object([parent_dir_pn]) do |item, memo|
+        memo[0] = memo[0] + item if item
+      end
+      array[0]
+    end
+  end
+end

data/lib/secretmgr/globalsetting.rb ADDED Viewed

@@ -0,0 +1,49 @@
+module Secretmgr
+  class Globalsetting
+    require "yaml"
+    require "pathname"
+    def initialize(file_pn)
+      @file_pn = file_pn
+      @obj = nil
+    end
+    def ensure
+      File.write(@file_pn, "") unless @file_pn.exist?
+    end
+    def load
+      # p "@file_pn=#{@file_pn}"
+      content = File.read(@file_pn)
+      @obj = YAML.safe_load(content)
+      @load ||= {}
+      # p "Globalsetting.load @obj=#{@obj}|"
+    end
+    def save
+      content = YAML.dump(@obj)
+      File.write(@file_pn, content)
+      p "Globalsetting.save @file_pn=#{@file_pn}|"
+      p "Globalsetting.save content=#{content}|"
+    end
+    def get(key)
+      case key
+      when "default_public_keyfile_pn", "default_private_keyfile_pn"
+        Pathname.new(@obj[key])
+      else
+        @obj[key]
+      end
+    end
+    def set(key, value)
+      @obj[key] = case key
+                  when "default_public_keyfile_pn", "default_private_keyfile_pn"
+                    value.to_s
+                  # p "Globalsetting.set @obj=#{@obj}|"
+                  else
+                    value
+                  end
+    end
+  end
+end

data/lib/secretmgr/loggerxs.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Secretmgr
+  class Loggerxs < Loggerx::Loggerxcm0
+  end
+end

data/lib/secretmgr/secret.rb ADDED Viewed

@@ -0,0 +1,228 @@
+module Secretmgr
+  class Secret
+    require "rspec/expectations"
+    include RSpec::Matchers
+    RSA_KEY_SIZE = 2048
+    FORMAT_FILE = "format.txt".freeze
+    SSH_DIR = ".ssh".freeze
+    RSA_PRIVATE_FILE = "id_rsa_no".freeze
+    RSA_PUBLIC_PEM_FILE = "id_rsa_no.pub.pem".freeze
+    SETTING_FILE = "setting.yml".freeze
+    SECRET_FILE = "secret.yml".freeze
+    DEFAULT_PUBLIC_KEYFILE = ".ssh/id_rsa.pub".freeze
+    DEFAULT_PRIVATE_KEYFILE = ".ssh/id_rsa".freeze
+    attr_reader :public_key, :public_keyfile_pn, :private_key, :private_keyfile_pn, :valid
+    def initialize(setting, home_pn, secret_dir_pn, ope,
+                   default_public_keyfile_pn,
+                   default_private_keyfile_pn,
+                   public_keyfile_pn: nil,
+                   private_keyfile_pn: nil)
+      # p "Secret.initialize public_keyfile_pn=#{public_keyfile_pn}"
+      # p "Secret.initialize private_keyfile_pn~#{private_keyfile_pn}"
+      @mode = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
+      @setting = setting
+      # p "Secret.new secret_dir_pn=#{secret_dir_pn}"
+      @secret_dir_pn = secret_dir_pn
+      @secret_dir_pn = Pathname.new(@secret_dir_pn) unless @secret_dir_pn.instance_of?(Pathname)
+      # p "@Secret.new secret_dir_pn=#{@secret_dir_pn}"
+      @home_pn = home_pn
+      @format_config = Config.new(@secret_dir_pn, FORMAT_FILE)
+      @private_key = nil
+      @public_key = nil
+      @private_key = create_private_key(private_keyfile_pn) if private_keyfile_pn
+      @public_key = create_public_key(public_keyfile_pn) if public_keyfile_pn
+      @valid = false
+      if @private_key.nil? && @public_key.nil?
+        case ope
+        when "setup"
+          # @public_key, @private_key = create_keyfiles()
+          @rsa_key, @public_key, @public_key_str, @private_key, @private_key_str = create_keyfiles
+          default_public_keyfile_pn ||= @setting.get("default_public_keyfile_pn")
+          default_private_keyfile_pn ||= @setting.get("default_private_keyfile_pn")
+          output_public_key(default_public_keyfile_pn)
+          output_private_key(default_private_keyfile_pn)
+          @setting.set("default_public_keyfile_pn", default_public_keyfile_pn)
+          @setting.set("default_private_keyfile_pn", default_private_keyfile_pn)
+          @setting.save
+        else
+          default_public_keyfile_pn = @setting.get("default_public_keyfile_pn")
+          default_private_keyfile_pn = @setting.get("default_private_keyfile_pn")
+          @private_key = create_private_key(default_private_keyfile_pn)
+          @public_key = create_public_key(default_public_keyfile_pn)
+        end
+      end
+      @valid = true
+    end
+    def output_public_key(public_keyfile_pn)
+      File.write(public_keyfile_pn, @public_key_str)
+      Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"
+    end
+    def create_public_key(public_keyfile_pn)
+      key_obj = nil
+      pub_key = nil
+      pub_key = File.read(public_keyfile_pn) if public_keyfile_pn.exist?
+      Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"
+      unless pub_key.nil?
+        # 鍵をOpenSSLのオブジェクトにする
+        key_obj = OpenSSL::PKey::RSA.new(pub_key)
+        Loggerxs.debug "3 key_obj="
+      end
+      key_obj
+    end
+    def output_private_key(private_keyfile_pn)
+      File.write(private_keyfile_pn, @private_key_str)
+      Loggerxs.debug "0 private_keyfile_pn=#{private_keyfile_pn}"
+    end
+    def create_private_key(private_keyfile_pn)
+      key_obj = nil
+      private_key = nil
+      Loggerxs.debug "20 private_keyfile_pn=#{private_keyfile_pn}"
+      private_key = File.read(private_keyfile_pn) if private_keyfile_pn.exist?
+      unless private_key.nil?
+        # 鍵をOpenSSLのオブジェクトにする
+        key_obj = OpenSSL::PKey::RSA.new(private_key)
+        Loggerxs.debug "23 private_key="
+      end
+      key_obj
+    end
+    def file_format(target, sub_target)
+      @format_config.file_format(target, sub_target)
+    end
+    def get_file_path(dirs)
+      @format_config.get_file_path(@secret_dir_pn, dirs)
+    end
+    def make_pair_file_pn(file_pn, ext)
+      basename = file_pn.basename
+      extname = basename.extname
+      return nil if extname == ext
+      basename = file_pn.basename(".*")
+      @secret_dir_pn + %(#{basename}.#{ext})
+    end
+    def encrypted_setting_file_pn
+      @secret_dir_pn + SETTING_FILE
+    end
+    def encrypted_secret_file_pn
+      @secret_dir_pn + SECRET_FILE
+    end
+    def encrypt_with_public_key(data)
+      key = nil
+      if @public_key.nil?
+        return nil if @rsa_key.nil?
+        key = @rsa_key
+      else
+        key = @public_key
+      end
+      return unless key
+      # p "data.size=#{data.size}"
+      ecrypted_text = key.public_encrypt(
+        data,
+        @mode
+      )
+      Base64.encode64(ecrypted_text)
+      #         # p "base64_test.size=#{base64_text.size}"
+      #         #
+      #         decrypted_text = @private_key_2.private_decrypt(
+      #           ecrypted_text,
+      #           @mode
+      #         )
+      #
+      #         # p "decrypted_text.size=#{decrypted_text.size}"
+      #         # p "decrypted_text=#{decrypted_text}"
+    end
+    def encrypt_and_copy(src_pn, relative_path, key, ivx)
+      dest_pn = @secret_dir_pn + relative_path
+      return unless src_pn.exist? && src_pn.file?
+      dest_parent_pn = dest_pn.parent
+      dest_parent_pn.mkpath
+      plaintext = File.read(src_pn)
+      encrypted_text = encrypt_with_common_key(plaintext, key, ivx)
+      File.write(dest_pn, encrypted_text)
+    end
+    def decrypt_with_private_key(base64_text)
+      key = nil
+      if @private_key.nil?
+        return nil if @rsa_key.nil?
+        key = @rsa_key
+      else
+        key = @private_key
+      end
+      return unless key
+      plain_text = Base64.decode64(base64_text)
+      #         p "decrypt_with_private_key base64_text.size=#{base64_text.size}"
+      #         p "decrypt_with_private_key base64_text=#{base64_text}"
+      #         p "decrypt_with_private_key @private_key=#{@private_key}"
+      #         p "decrypt_with_private_key @rsa_key=#{@rsa_key}"
+      #         p "decrypt_with_private_key key=#{key}"
+      #         p "decrypt_with_private_key plain_text.size=#{plain_text.size}"
+      key.private_decrypt(
+        plain_text,
+        @mode
+      )
+    end
+    # 引数 plaintext を暗号化した結果を返す
+    def encrypt_with_common_key(plaintext, key, ivalue)
+      encx = OpenSSL::Cipher.new(CIPHER_NAME)
+      encx.encrypt
+      encx.key = key
+      encx.iv = ivalue
+      # str に与えた文字列を暗号化します。
+      encrypted_text = encx.update(plaintext) + encx.final
+      Base64.encode64(encrypted_text)
+    end
+    def decrypt_with_common_key(encrypted_data, key, ivalue)
+      decx = OpenSSL::Cipher.new(CIPHER_NAME)
+      decx.decrypt
+      decx.key = key
+      decx.iv = ivalue
+      data = decx.update(encrypted_data)
+      final_data = decx.final
+      decrypted_data = data + final_data
+      decrypted_data.force_encoding("UTF-8")
+    end
+    def create_keyfiles
+      rsa_key = OpenSSL::PKey::RSA.new(RSA_KEY_SIZE)
+      # 秘密鍵を生成
+      private_key = rsa_key
+      private_key_str = rsa_key.to_pem
+      # 公開鍵を生成
+      public_key = rsa_key.public_key
+      public_key_str = public_key.to_pem
+      Loggerxs.debug "############## create_keyfiles public_key=#{public_key}"
+      [rsa_key, public_key, public_key_str, private_key, private_key_str]
+    end
+  end
+end