RubyGems - secretmgr - Versions diffs - 0.1.0 → 0.2.0 - Mend

secretmgr 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/.rubocop.yml +27 -22
data/.rubocop_todo.yml +101 -46
data/Gemfile +25 -14
data/Gemfile.lock +65 -49
data/Rakefile +41 -4
data/SECURITY.md +21 -0
data/exe/secretmgr +15 -78
data/lib/secretmgr/cli.rb +171 -0
data/lib/secretmgr/config.rb +42 -41
data/lib/secretmgr/globalsetting.rb +49 -0
data/lib/secretmgr/loggerxs.rb +4 -0
data/lib/secretmgr/secret.rb +228 -0
data/lib/secretmgr/secretmgr.rb +247 -200
data/lib/secretmgr/util.rb +15 -0
data/lib/secretmgr/version.rb +1 -1
data/lib/secretmgr.rb +28 -22
data/rubocoprefine.bat +29 -29
data/secretmgr.gemspec +49 -49
metadata +16 -79

data/lib/secretmgr/cli.rb ADDED Viewed

@@ -0,0 +1,171 @@
+require "pathname"
+require "yaml"
+require "optparse"
+module Secretmgr
+  class Cli
+    EXIT_CODE_SUCCESS = 0
+    EXIT_CODE_FAILURE = 10
+    CLI_OPTION_SUCCESS = 100
+    CLI_OPTION_ERROR_NIL = 110
+    CLI_OPTION_ERROR_DOES_NOT_EXIST = 120
+    CLI_OPTION_ERROR_ZERO = 130
+    FILE_OPTION = 10
+    DIRECTORY_OPTION = 20
+    def initialize
+      # log_level = :debug
+      log_level = :info
+      Secretmgr.log_init(log_level)
+      # log_level = :info
+      Loggerxs.init("log_", "log.txt", ".", true, log_level)
+      @params = {}
+      @opt = OptionParser.new
+      @opt.banner = "usage: secretmgr2 [@option]"
+      @opt.on("-c", "--cmd command") { |v| @params[:cmd] = v }
+      @opt.on("-d", "--secret_dir dir") { |v| @params[:secret_dir] = v }
+      @opt.on("-s", "--global_setting_file file") { |v| @params[:global_setting_file] = v }
+      @opt.on("-u", "--public_keyfile file") { |v| @params[:public_keyfile] = v }
+      @opt.on("-r", "--private_keyfile file") { |v| @params[:private_keyfile] = v }
+      @opt.on("-k", "--secret_key_dir dir") { |v| @params[:secret_key_dir] = v }
+      @opt.on("-F", "--encrypted_setting_file file") { |v| @params[:encrypted_setting_file] = v }
+      @opt.on("-e", "--encrypted_secret_file file") { |v| @params[:encrypted_secret_file] = v }
+      @opt.on("-f", "--plain_setting_file file") { |v| @params[:plain_setting_file] = v }
+      @opt.on("-p", "--plain_secret_file file") { |v| @params[:plain_secret_file] = v }
+      @opt.on("-t", "--target word") { |v| @params[:target] = v }
+      @opt.on("-b", "--subtarget word") { |v| @params[:subtarget] = v }
+    end
+    def arg_parse(argv)
+      ret = true
+      @opt.parse!(argv)
+      Loggerxs.debug @params
+      @cmd = @params[:cmd]
+      @setting_file_pn = "#{Pathname.new(Dir.home)}.secretmgr.yml"
+      @secret_dir_pn = Pathname.new(@params[:secret_dir]) if @params[:secret_dir]
+      @global_setting_file_pn = Pathname.new(@params[:global_setting_file]) if @params[:global_setting_file]
+      @secret_key_dir_pn = Pathname.new(@params[:secret_key_dir]) if @params[:secret_key_dir]
+      @public_keyfile_pn = Pathname.new(@params[:public_keyfile]) if @params[:public_keyfile]
+      @private_keyfile_pn = Pathname.new(@params[:private_keyfile]) if @params[:private_keyfile]
+      @encrypted_setting_file_pn = Pathname.new(@params[:encrypted_setting_file]) if @params[:encrypted_setting_file]
+      @encrypted_secret_file_pn = Pathname.new(@params[:encrypted_secret_file]) if @params[:encrypted_secret_file]
+      @plain_setting_file_pn = Pathname.new(@params[:plain_setting_file]) if @params[:plain_setting_file]
+      @plain_secret_file_pn = Pathname.new(@params[:plain_secret_file]) if @params[:plain_secret_file]
+      @target = @params[:target]
+      @subtarget = @params[:subtarget]
+      # p "arg_parse @public_keyfile_pn=#{@public_keyfile_pn}"
+      # p "arg_parse @private_keyfile_pn=#{@private_keyfile_pn}"
+      fail_count = 0
+      fail_count += file_option_error?(@global_setting_file_pn, "-s")
+      fail_count += directory_option_error?(@secret_dir_pn, "-d")
+      fail_count += directory_option_error?(@secret_key_dir_pn, "-k")
+      # fail_count += file_option_error?(@public_keyfile_pn, "-u")
+      Loggerxs.debug "@private_keyfile_pn=#{@private_keyfile_pn}"
+      # fail_count += file_option_error?(@private_keyfile_pn, "-r")
+      if @cmd == "setup"
+        fail_count += file_option_error?(@plain_setting_file_pn, "-f")
+        fail_count += file_option_error?(@plain_secret_file_pn, "-p")
+        fail_count += file_specified_option_error?(@encrypted_setting_file_pn, "-F")
+        fail_count += file_specified_option_error?(@encrypted_secret_fifile_pn, "-R")
+      else
+        # debugger
+        @target = @params[:target]
+        @subtarget = @params[:subtarget]
+        fail_count += string_option_error?(@target, "-t")
+        fail_count += string_option_error?(@subtarget, "-b")
+        fail_count += file_option_error?(@encrypted_setting_file_pn, "-F")
+        fail_count += file_option_error?(@encrypted_secret_file_pn, "-e")
+      end
+      ret = false if fail_count.positive?
+      Loggerxs.debug "fail_count=#{fail_count}"
+      Loggerxs.debug "ret=#{ret}"
+      ret
+    end
+    def directory_option_error?(pathn, option_name)
+      path_option_error?(pathn, option_name, DIRECTORY_OPTION)
+    end
+    def file_option_error?(pathn, option_name)
+      path_option_error?(pathn, option_name, FILE_OPTION)
+    end
+    def file_specified_option_error?(pathn, option_name)
+      path_specified_option_error?(pathn, option_name, FILE_OPTION)
+    end
+    def path_specified_option_error?(pathn, _option_name, _kind = FILE_OPTION)
+      fail_count = 0
+      fail_count = 1 if pathn.nil?
+      fail_count
+    end
+    def path_option_error?(pathn, option_name, kind = FILE_OPTION)
+      fail_count = 0
+      if Util.nil_or_dontexist?(pathn)
+        if kind == FILE_OPTION
+          Loggerxs.error "Can't find file(#{pathn}) which specified by #{option_name}"
+        else
+          Loggerxs.error "Can't find directory(#{pathn}) which specified by #{option_name}"
+        end
+        fail_count = 1
+      elsif kind == FILE_OPTION
+        fail_count = 1 unless pathn.file?
+      elsif !pathn.directory?
+        fail_count = 1
+      end
+      fail_count
+    end
+    def string_option_error?(str, option_name)
+      fail_count = 0
+      if Util.nil_or_zero?(str)
+        Loggerxs.error "nil or size zero(#{str}) which specified by #{option_name}"
+        fail_count = 1
+      end
+      fail_count
+    end
+    def execute
+      ret = nil
+      @global_setting = Globalsetting.new(@global_setting_file_pn)
+      @global_setting.ensure
+      @global_setting.load
+      case @cmd
+      when "setup"
+        secretmgr = Secretmgr.new(@global_setting, @secret_dir_pn, @secret_key_dir_pn, "setup")
+        return EXIT_CODE_FAILURE unless secretmgr.valid?
+        Loggerxs.debug "setup 1"
+        # p "@plain_setting_file_pn=#{@plain_setting_file_pn}"
+        secretmgr.set_setting_for_plain(@plain_setting_file_pn, @plain_secret_file_pn)
+        Loggerxs.debug "setup 2"
+        ret = secretmgr.setup
+        Loggerxs.debug "setup ret=#{ret}"
+      else
+        # p "cli execute data @public_keyfile_pn=#{@public_keyfile_pn} @private_keyfile_pn=#{@private_keyfile_pn}"
+        secretmgr = Secretmgr.new(@global_setting, @secret_dir_pn, @secret_key_dir_pn, "data",
+                                  public_keyfile_pn: @public_keyfile_pn,
+                                  private_keyfile_pn: @private_keyfile_pn)
+        # secretmgr.set_setting_for_plain(@plain_setting_file_pn, @plain_secret_file_pn)
+        secretmgr.set_setting_for_encrypted(@encrypted_setting_file_pn, @encrypted_secret_file_pn)
+        secretmgr.set_setting_for_query(@target, @subtarget)
+        secretmgr.load
+        ret = secretmgr.make(@target, @subtarget)
+        # p ret
+      end
+      ret
+    end
+  end
+end

data/lib/secretmgr/config.rb CHANGED Viewed

@@ -1,41 +1,42 @@
-# frozen_string_literal: true
-require "pathname"
-require "yaml"
-module Secretmgr
-  class Config
-    def initialize(parent_pn, format_filename = "format.txt")
-      format_pn = parent_pn + format_filename
-      file_content = File.read(format_pn)
-      @hash = YAML.safe_load(file_content)
-    end
-    def file_format(*keys)
-      result = keys.flatten.each_with_object([@hash]) do |item, memo|
-        hash = memo[0]
-        memo[0] = if hash
-                    (hash.instance_of?(Hash) ? hash[item] : nil)
-                  end
-      end
-      result ? (result[0] || @hash["default"]) : @hash["default"]
-    end
-    def get_file_path(parent_dir_pn, *keys)
-      flat_keys = keys.flatten
-      valid_keys = flat_keys.reject(&:nil?)
-      file_format = file_format(valid_keys)
-      case file_format
-      when "JSON_FILE"
-        flat_keys.unshift("JSON_FILE")
-        flat_keys.push("config.json")
-      when "YAML"
-        flat_keys = ["secret.yml"]
-      end
-      array = flat_keys.each_with_object([parent_dir_pn]) do |item, memo|
-        memo[0] = memo[0] + item if item
-      end
-      array[0]
-    end
-  end
-end
+# frozen_string_literal: true
+require "pathname"
+require "yaml"
+module Secretmgr
+  class Config
+    def initialize(parent_pn, format_filename = "format.txt")
+      format_pn = Pathname.new(parent_pn) + format_filename
+      file_content = File.read(format_pn)
+      @hash = YAML.safe_load(file_content)
+    end
+    def file_format(*keys)
+      result = keys.flatten.each_with_object([@hash]) do |item, memo|
+        hash = memo[0]
+        memo[0] = if hash
+                    (hash.instance_of?(Hash) ? hash[item] : nil)
+                  end
+      end
+      Loggerxs.debug "hash=#{hash}"
+      result ? (result[0] || @hash["default"]) : @hash["default"]
+    end
+    def get_file_path(parent_dir_pn, *keys)
+      flat_keys = keys.flatten
+      valid_keys = flat_keys.compact
+      file_format = file_format(valid_keys)
+      case file_format
+      when "JSON_FILE"
+        flat_keys.unshift("JSON_FILE")
+        flat_keys.push("config.json")
+      when "YAML"
+        flat_keys = ["secret.yml"]
+      end
+      array = flat_keys.each_with_object([parent_dir_pn]) do |item, memo|
+        memo[0] = memo[0] + item if item
+      end
+      array[0]
+    end
+  end
+end

data/lib/secretmgr/globalsetting.rb ADDED Viewed

@@ -0,0 +1,49 @@
+module Secretmgr
+  class Globalsetting
+    require "yaml"
+    require "pathname"
+    def initialize(file_pn)
+      @file_pn = file_pn
+      @obj = nil
+    end
+    def ensure
+      File.write(@file_pn, "") unless @file_pn.exist?
+    end
+    def load
+      # p "@file_pn=#{@file_pn}"
+      content = File.read(@file_pn)
+      @obj = YAML.safe_load(content)
+      @load ||= {}
+      # p "Globalsetting.load @obj=#{@obj}|"
+    end
+    def save
+      content = YAML.dump(@obj)
+      File.write(@file_pn, content)
+      p "Globalsetting.save @file_pn=#{@file_pn}|"
+      p "Globalsetting.save content=#{content}|"
+    end
+    def get(key)
+      case key
+      when "default_public_keyfile_pn", "default_private_keyfile_pn"
+        Pathname.new(@obj[key])
+      else
+        @obj[key]
+      end
+    end
+    def set(key, value)
+      @obj[key] = case key
+                  when "default_public_keyfile_pn", "default_private_keyfile_pn"
+                    value.to_s
+                  # p "Globalsetting.set @obj=#{@obj}|"
+                  else
+                    value
+                  end
+    end
+  end
+end

data/lib/secretmgr/loggerxs.rb ADDED Viewed

@@ -0,0 +1,4 @@
+module Secretmgr
+  class Loggerxs < Loggerx::Loggerxcm0
+  end
+end

data/lib/secretmgr/secret.rb ADDED Viewed

@@ -0,0 +1,228 @@
+module Secretmgr
+  class Secret
+    require "rspec/expectations"
+    include RSpec::Matchers
+    RSA_KEY_SIZE = 2048
+    FORMAT_FILE = "format.txt".freeze
+    SSH_DIR = ".ssh".freeze
+    RSA_PRIVATE_FILE = "id_rsa_no".freeze
+    RSA_PUBLIC_PEM_FILE = "id_rsa_no.pub.pem".freeze
+    SETTING_FILE = "setting.yml".freeze
+    SECRET_FILE = "secret.yml".freeze
+    DEFAULT_PUBLIC_KEYFILE = ".ssh/id_rsa.pub".freeze
+    DEFAULT_PRIVATE_KEYFILE = ".ssh/id_rsa".freeze
+    attr_reader :public_key, :public_keyfile_pn, :private_key, :private_keyfile_pn, :valid
+    def initialize(setting, home_pn, secret_dir_pn, ope,
+                   default_public_keyfile_pn,
+                   default_private_keyfile_pn,
+                   public_keyfile_pn: nil,
+                   private_keyfile_pn: nil)
+      # p "Secret.initialize public_keyfile_pn=#{public_keyfile_pn}"
+      # p "Secret.initialize private_keyfile_pn~#{private_keyfile_pn}"
+      @mode = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
+      @setting = setting
+      # p "Secret.new secret_dir_pn=#{secret_dir_pn}"
+      @secret_dir_pn = secret_dir_pn
+      @secret_dir_pn = Pathname.new(@secret_dir_pn) unless @secret_dir_pn.instance_of?(Pathname)
+      # p "@Secret.new secret_dir_pn=#{@secret_dir_pn}"
+      @home_pn = home_pn
+      @format_config = Config.new(@secret_dir_pn, FORMAT_FILE)
+      @private_key = nil
+      @public_key = nil
+      @private_key = create_private_key(private_keyfile_pn) if private_keyfile_pn
+      @public_key = create_public_key(public_keyfile_pn) if public_keyfile_pn
+      @valid = false
+      if @private_key.nil? && @public_key.nil?
+        case ope
+        when "setup"
+          # @public_key, @private_key = create_keyfiles()
+          @rsa_key, @public_key, @public_key_str, @private_key, @private_key_str = create_keyfiles
+          default_public_keyfile_pn ||= @setting.get("default_public_keyfile_pn")
+          default_private_keyfile_pn ||= @setting.get("default_private_keyfile_pn")
+          output_public_key(default_public_keyfile_pn)
+          output_private_key(default_private_keyfile_pn)
+          @setting.set("default_public_keyfile_pn", default_public_keyfile_pn)
+          @setting.set("default_private_keyfile_pn", default_private_keyfile_pn)
+          @setting.save
+        else
+          default_public_keyfile_pn = @setting.get("default_public_keyfile_pn")
+          default_private_keyfile_pn = @setting.get("default_private_keyfile_pn")
+          @private_key = create_private_key(default_private_keyfile_pn)
+          @public_key = create_public_key(default_public_keyfile_pn)
+        end
+      end
+      @valid = true
+    end
+    def output_public_key(public_keyfile_pn)
+      File.write(public_keyfile_pn, @public_key_str)
+      Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"
+    end
+    def create_public_key(public_keyfile_pn)
+      key_obj = nil
+      pub_key = nil
+      pub_key = File.read(public_keyfile_pn) if public_keyfile_pn.exist?
+      Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"
+      unless pub_key.nil?
+        # 鍵をOpenSSLのオブジェクトにする
+        key_obj = OpenSSL::PKey::RSA.new(pub_key)
+        Loggerxs.debug "3 key_obj="
+      end
+      key_obj
+    end
+    def output_private_key(private_keyfile_pn)
+      File.write(private_keyfile_pn, @private_key_str)
+      Loggerxs.debug "0 private_keyfile_pn=#{private_keyfile_pn}"
+    end
+    def create_private_key(private_keyfile_pn)
+      key_obj = nil
+      private_key = nil
+      Loggerxs.debug "20 private_keyfile_pn=#{private_keyfile_pn}"
+      private_key = File.read(private_keyfile_pn) if private_keyfile_pn.exist?
+      unless private_key.nil?
+        # 鍵をOpenSSLのオブジェクトにする
+        key_obj = OpenSSL::PKey::RSA.new(private_key)
+        Loggerxs.debug "23 private_key="
+      end
+      key_obj
+    end
+    def file_format(target, sub_target)
+      @format_config.file_format(target, sub_target)
+    end
+    def get_file_path(dirs)
+      @format_config.get_file_path(@secret_dir_pn, dirs)
+    end
+    def make_pair_file_pn(file_pn, ext)
+      basename = file_pn.basename
+      extname = basename.extname
+      return nil if extname == ext
+      basename = file_pn.basename(".*")
+      @secret_dir_pn + %(#{basename}.#{ext})
+    end
+    def encrypted_setting_file_pn
+      @secret_dir_pn + SETTING_FILE
+    end
+    def encrypted_secret_file_pn
+      @secret_dir_pn + SECRET_FILE
+    end
+    def encrypt_with_public_key(data)
+      key = nil
+      if @public_key.nil?
+        return nil if @rsa_key.nil?
+        key = @rsa_key
+      else
+        key = @public_key
+      end
+      return unless key
+      # p "data.size=#{data.size}"
+      ecrypted_text = key.public_encrypt(
+        data,
+        @mode
+      )
+      Base64.encode64(ecrypted_text)
+      #         # p "base64_test.size=#{base64_text.size}"
+      #         #
+      #         decrypted_text = @private_key_2.private_decrypt(
+      #           ecrypted_text,
+      #           @mode
+      #         )
+      #
+      #         # p "decrypted_text.size=#{decrypted_text.size}"
+      #         # p "decrypted_text=#{decrypted_text}"
+    end
+    def encrypt_and_copy(src_pn, relative_path, key, ivx)
+      dest_pn = @secret_dir_pn + relative_path
+      return unless src_pn.exist? && src_pn.file?
+      dest_parent_pn = dest_pn.parent
+      dest_parent_pn.mkpath
+      plaintext = File.read(src_pn)
+      encrypted_text = encrypt_with_common_key(plaintext, key, ivx)
+      File.write(dest_pn, encrypted_text)
+    end
+    def decrypt_with_private_key(base64_text)
+      key = nil
+      if @private_key.nil?
+        return nil if @rsa_key.nil?
+        key = @rsa_key
+      else
+        key = @private_key
+      end
+      return unless key
+      plain_text = Base64.decode64(base64_text)
+      #         p "decrypt_with_private_key base64_text.size=#{base64_text.size}"
+      #         p "decrypt_with_private_key base64_text=#{base64_text}"
+      #         p "decrypt_with_private_key @private_key=#{@private_key}"
+      #         p "decrypt_with_private_key @rsa_key=#{@rsa_key}"
+      #         p "decrypt_with_private_key key=#{key}"
+      #         p "decrypt_with_private_key plain_text.size=#{plain_text.size}"
+      key.private_decrypt(
+        plain_text,
+        @mode
+      )
+    end
+    # 引数 plaintext を暗号化した結果を返す
+    def encrypt_with_common_key(plaintext, key, ivalue)
+      encx = OpenSSL::Cipher.new(CIPHER_NAME)
+      encx.encrypt
+      encx.key = key
+      encx.iv = ivalue
+      # str に与えた文字列を暗号化します。
+      encrypted_text = encx.update(plaintext) + encx.final
+      Base64.encode64(encrypted_text)
+    end
+    def decrypt_with_common_key(encrypted_data, key, ivalue)
+      decx = OpenSSL::Cipher.new(CIPHER_NAME)
+      decx.decrypt
+      decx.key = key
+      decx.iv = ivalue
+      data = decx.update(encrypted_data)
+      final_data = decx.final
+      decrypted_data = data + final_data
+      decrypted_data.force_encoding("UTF-8")
+    end
+    def create_keyfiles
+      rsa_key = OpenSSL::PKey::RSA.new(RSA_KEY_SIZE)
+      # 秘密鍵を生成
+      private_key = rsa_key
+      private_key_str = rsa_key.to_pem
+      # 公開鍵を生成
+      public_key = rsa_key.public_key
+      public_key_str = public_key.to_pem
+      Loggerxs.debug "############## create_keyfiles public_key=#{public_key}"
+      [rsa_key, public_key, public_key_str, private_key, private_key_str]
+    end
+  end
+end