RubyGems - secretmgr - Versions diffs - 0.1.0 → 0.2.0 - Mend

secretmgr 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

checksums.yaml +4 -4
data/.rubocop.yml +27 -22
data/.rubocop_todo.yml +101 -46
data/Gemfile +25 -14
data/Gemfile.lock +65 -49
data/Rakefile +41 -4
data/SECURITY.md +21 -0
data/exe/secretmgr +15 -78
data/lib/secretmgr/cli.rb +171 -0
data/lib/secretmgr/config.rb +42 -41
data/lib/secretmgr/globalsetting.rb +49 -0
data/lib/secretmgr/loggerxs.rb +4 -0
data/lib/secretmgr/secret.rb +228 -0
data/lib/secretmgr/secretmgr.rb +247 -200
data/lib/secretmgr/util.rb +15 -0
data/lib/secretmgr/version.rb +1 -1
data/lib/secretmgr.rb +28 -22
data/rubocoprefine.bat +29 -29
data/secretmgr.gemspec +49 -49
metadata +16 -79

data/lib/secretmgr/secretmgr.rb CHANGED Viewed

@@ -1,200 +1,247 @@
-# frozen_string_literal: true
-require "pathname"
-module Secretmgr
-  # 秘匿情報マネージャ
-  class Secretmgr
-    attr_reader :decrypted_text, :secret
-    class << self
-      def create(secret_dir_pn, plain_setting_file_pn, plain_secret_file_pn)
-        @inst = Secretmgr.new(secret_dir_pn)
-        @inst.set_setting_for_data(plain_setting_file_pn, plain_secret_file_pn)
-        @inst
-      end
-    end
-    def initialize(secret_dir_pn)
-      @content = nil
-      @secret_dir_pn = secret_dir_pn
-      @encrypted_setting_file_pn = "#{@secret_dir_pn}setting.yml"
-      @format_config = Config.new(@secret_dir_pn, "format.txt")
-      home_dir = ENV["HOME"]
-      @home_pn = Pathname.new(home_dir)
-      # pemフォーマットの公開鍵ファイルの内容を取得
-      path = File.join(home_dir, ".ssh", "pem")
-      pub_key = File.read(path)
-      # 鍵をOpenSSLのオブジェクトにする
-      @public_key = OpenSSL::PKey::RSA.new(pub_key)
-      path = File.join(home_dir, ".ssh", "id_rsa_no")
-      private_key = File.read(path)
-      @private_key = OpenSSL::PKey::RSA.new(private_key)
-      @mode = OpenSSL::PKey::RSA::PKCS1_PADDING
-    end
-    def set_setting_for_data(plain_setting_file_pn, plain_secret_file_pn)
-      @plain_setting_file_pn = plain_setting_file_pn
-      @plain_secret_file_pn = plain_secret_file_pn
-      @plain_dir_pn = @plain_setting_file_pn.parent
-    end
-    def setup
-      setup_setting
-      setup_secret
-      setup_secret_for_json_file
-    end
-    def setup_setting
-      content = File.read(@plain_setting_file_pn)
-      @setting = Ykxutils.yaml_load_compati(content)
-      # content = YAML.dump(@setting)
-      encrypted_text = encrypt_with_public_key(content)
-      dest_setting_file_pn = make_pair_file_pn(@secret_dir_pn, @plain_setting_file_pn, "yml")
-      File.write(dest_setting_file_pn, encrypted_text)
-    end
-    def make_pair_file_pn(dest_dir_pn, file_pn, ext)
-      basename = file_pn.basename
-      extname = basename.extname
-      return nil if extname == ext
-      basename = file_pn.basename(".*")
-      dest_dir_pn + %(#{basename}.#{ext})
-    end
-    def setup_secret
-      plaintext = File.read(@plain_secret_file_pn)
-      encrypted_text = encrypt_with_common_key(plaintext, @setting["key"], @setting["iv"])
-      dest_secret_file_pn = make_pair_file_pn(@secret_dir_pn, @plain_secret_file_pn, "yml")
-      dest_secret_file_pn.realpath
-      # puts "setup_secret dest_secret_file_pn=#{dest_secret_file_pn}"
-      # puts "real_pn=#{real_pn}"
-      File.write(dest_secret_file_pn, encrypted_text)
-    end
-    def setup_secret_for_json_file
-      top_pn = "#{@plain_dir_pn}JSON_FILE"
-      top_pn.find do |x|
-        # p x if x.file?
-        relative_path = x.relative_path_from(@plain_dir_pn)
-        # p relative_path
-        encrypt_and_copy(x, @secret_dir_pn, relative_path)
-      end
-    end
-    def encrypt_and_copy(src_pn, dest_top_dir_pn, relative_path)
-      dest_pn = dest_top_dir_pn + relative_path
-      return unless src_pn.exist? && src_pn.file?
-      puts "e_adn_c #{src_pn} -> #{dest_pn}"
-      plaintext = File.read(src_pn)
-      encrypted_text = encrypt_with_common_key(plaintext, @setting["key"], @setting["iv"])
-      File.write(dest_pn, encrypted_text)
-    end
-    def set_setting_for_query(*dirs)
-      @valid_dirs = dirs.flatten.reject(&:nil?)
-      @target, @sub_target, _tmp = @valid_dirs
-      # p "@valid_dirs=#{@valid_dirs}"
-      @file_format = @format_config.file_format(@target, @sub_target)
-      p "@file_format=#{@file_format}"
-      p "dirs=#{dirs}"
-      @encrypted_secret_file_pn = @format_config.get_file_path(@secret_dir_pn, dirs)
-    end
-    def load_setting
-      encrypted_text = File.read(@encrypted_setting_file_pn)
-      # puts "encrypted_text=#{encrypted_text}"
-      decrypted_text = decrypt_with_private_key(encrypted_text)
-      setting = YAML.safe_load(decrypted_text)
-      @key = setting["key"]
-      @iv = setting["iv"]
-      # p "load_settings @key=#{@key}"
-      # p "load_settings @iv=#{@iv}"
-    end
-    def load_secret
-      base64_text = File.read(@encrypted_secret_file_pn)
-      encrypted_content = Base64.decode64(base64_text)
-      begin
-        @decrpyted_content = decrypt_with_common_key(encrypted_content, @key, @iv)
-        @content = case @file_format
-                   when "JSON_FILE"
-                     @decrpyted_content
-                   when "YAML"
-                     @secret = YAML.safe_load(@decrpyted_content)
-                     @sub_target ? @secret[@target][@sub_target] : @secret[@target]
-                   else
-                     ""
-                   end
-      rescue StandardError => e
-        puts e
-        puts e.message
-        puts e.backtrace
-        puts "Can't dencrypt #{@encrypted_setting_file_pn}"
-      end
-      @content
-    end
-    def load
-      load_setting
-      load_secret
-    end
-    def encrypt_with_public_key(data)
-      Base64.encode64(
-        @public_key.public_encrypt(
-          data,
-          OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
-        )
-      ).delete("\n")
-    end
-    def decrypt_with_private_key(base64_text)
-      @private_key.private_decrypt(
-        Base64.decode64(base64_text),
-        OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
-      )
-    end
-    # 引数 str を暗号化した結果を返す
-    def encrypt_with_common_key(plaintext, key, _ivalue)
-      encx = OpenSSL::Cipher.new(CIPHER_NAME)
-      encx.encrypt
-      encx.key = key
-      encx.iv = ivvalue
-      # str に与えた文字列を暗号化します。
-      encrypted_text = encx.update(plaintext) + encx.final
-      Base64.encode64(encrypted_text)
-    end
-    def decrypt_with_common_key(encrypted_data, key, ivalue)
-      decx = OpenSSL::Cipher.new(CIPHER_NAME)
-      decx.decrypt
-      decx.key = key
-      decx.iv = ivalue
-      data = decx.update(encrypted_data)
-      final_data = decx.final
-      decrypted_data = data + final_data
-      decrypted_data.force_encoding("UTF-8")
-    end
-    def make(_template_dir, _target, _sub_target)
-      case @file_format
-      when "JSON_FILE"
-        @content
-      when "YAML"
-        @content.map do |item|
-          %(export #{item[0]}=#{item[1]})
-        end.flatten
-      else
-        ""
-      end
-    end
-  end
-end
+# frozen_string_literal: true
+require "pathname"
+require "debug"
+module Secretmgr
+  # 秘匿情報マネージャ
+  class Secretmgr
+    attr_reader :decrypted_text, :secret
+    @log_level = nil
+    @init_count = 0
+    # @setting_file = "setting.yml"
+    JSON_FILE_DIR = "JSON_FILE"
+    SETTING_KEY = "key"
+    SETTING_IV = "iv"
+    FORMAT_JSON = "JSON_FILE"
+    FORMAT_YAML = "YAML"
+    YML = "yml"
+    # @dot_yml = "yml"
+    # @secret_dir = "secret"
+    DEFAULT_PRIVATE_KEYFILE = ".ssh/id_rsa"
+    DEFAULT_PUBLIC_KEYFILE = ".ssh/id_rsa.pub"
+    class << self
+      def log_init(log_level)
+        return unless @log_level.nil?
+        @log_level = log_level
+        Loggerxs.init("log_", "log.txt", ".", true, log_level) if @init_count.zero?
+        @init_count += 1
+      end
+      def reset_init_count
+        @init_count = 0
+      end
+    end
+    def initialize(seting, secret_dir_pn, secret_key_dir_pn, ope,
+                   public_keyfile_pn: nil, private_keyfile_pn: nil)
+      log_level = :info
+      # log_level = :debug
+      Secretmgr.log_init(log_level)
+      @setting = seting
+      home_pn = Pathname.new(Dir.home)
+      secret_dir_pn = Pathname.new(secret_dir_pn) unless secret_dir_pn.instance_of?(Pathname)
+      secret_key_dir_pn = Pathname.new(secret_key_dir_pn) unless secret_key_dir_pn.instance_of?(Pathname)
+      secret_key_dir_pn.mkdir unless secret_key_dir_pn.exist?
+      default_public_keyfile_pn = secret_key_dir_pn + "id_rsa.pub"
+      default_private_keyfile_pn = secret_key_dir_pn + "id_rsa"
+      public_keyfile_pn = Pathname.new(public_keyfile_pn) if public_keyfile_pn
+      private_keyfile_pn = Pathname.new(private_keyfile_pn) if private_keyfile_pn
+      @secret = Secret.new(@setting, home_pn, secret_dir_pn, ope,
+                           default_public_keyfile_pn,
+                           default_private_keyfile_pn,
+                           public_keyfile_pn: public_keyfile_pn,
+                           private_keyfile_pn: private_keyfile_pn)
+    end
+    def valid?
+      @secret.valid
+      # Loggerxs.debug "1 ret=#{ret}"
+      # p  "2 ret=#{ret}"
+    end
+    def output_public_key(public_keyfile_pn)
+      @secret.output_public_key(public_keyfile_pn)
+    end
+    def create_public_key(public_keyfile_pn)
+      @secret.create_public_key(public_keyfile_pn)
+    end
+    def output_private_key(private_keyfile_pn)
+      @secret.output_private_key(private_keyfile_pn)
+    end
+    def create_private_key(private_keyfile_pn)
+      @secret.create_private_key(private_keyfile_pn)
+    end
+    def set_setting_for_plain(plain_setting_file_pn, plain_secret_file_pn)
+      @plain_setting_file_pn = Pathname.new(@plain_setting_file_pn) if @plain_setting_file_pn
+      @plain_setting_file_pn ||= Pathname.new(plain_setting_file_pn)
+      @plain_secret_file_pn = Pathname.new(@plain_secret_file_pn) if @plain_secret_file_pn
+      @plain_secret_file_pn ||= Pathname.new(plain_secret_file_pn)
+      @plain_dir_pn = @plain_setting_file_pn.parent
+      @encrypted_setting_file_pn = @secret.encrypted_setting_file_pn
+      @encrypted_secret_file_pn = @secret.encrypted_secret_file_pn
+    end
+    def set_setting_for_encrypted(encrypted_setting_file_pn, encrypted_secret_file_pn)
+      @encrypted_setting_file_pn = Pathname.new(encrypted_setting_file_pn)
+      @encrypted_secret_file_pn = Pathname.new(encrypted_secret_file_pn)
+    end
+    def setup
+      # p "###### setup_setting"
+      setup_setting
+      # p "###### setup_secret"
+      setup_secret
+      # p "###### setup_secret_for_json_file"
+      setup_secret_for_json_file
+    end
+    def setup_setting
+      content = File.read(@plain_setting_file_pn)
+      # p "setup_setting content.size=#{content.size}"
+      # p "setup_setting content=#{content}"
+      @setting = YAML.safe_load(content)
+      # p "setup_setting @setting=#{@setting}"
+      Loggerxs.debug @setting
+      # pp "@setting=#{@setting}"
+      # puts "setup_setting    @setting=#{@setting}"
+      encrypted_text = @secret.encrypt_with_public_key(content)
+      # puts "setup_setting encrypted_text.size=#{encrypted_text.size}"
+      # puts "setup_setting encrypted_text=#{encrypted_text}"
+      #
+      @secret.decrypt_with_private_key(encrypted_text)
+      # puts "setup_setting decrypted_text=#{decrypted_text}"
+      # puts "setup_setting decrypted_text.size=#{decrypted_text.size}"
+      dest_setting_file_pn = @secret.make_pair_file_pn(@plain_setting_file_pn, YML)
+      Loggerxs.debug "setup_setting dest_setting_file_pn=#{dest_setting_file_pn}"
+      File.write(dest_setting_file_pn, encrypted_text)
+      # p "dest_setting_file_pn=#{dest_setting_file_pn}"
+    end
+    def setup_secret
+      plaintext = File.read(@plain_secret_file_pn)
+      # puts "setup_secret @setting=#{@setting}"
+      encrypted_text = @secret.encrypt_with_common_key(plaintext,
+                                                       @setting[SETTING_KEY],
+                                                       @setting[SETTING_IV])
+      dest_secret_file_pn = @secret.make_pair_file_pn(@plain_secret_file_pn, YML)
+      Loggerxs.debug "setup_secret dest_secret_file_pn=#{dest_secret_file_pn}"
+      File.write(dest_secret_file_pn, encrypted_text)
+    end
+    def remove_last_extension(pathn)
+      parent = pathn.parent
+      basename = pathn.basename
+      ext = basename.extname
+      base = basename.basename(ext)
+      parent + base
+    end
+    def setup_secret_for_json_file
+      top_pn = @plain_dir_pn + JSON_FILE_DIR
+      top_pn.find do |x|
+        next if x.directory?
+        relative_path = x.relative_path_from(@plain_dir_pn)
+        new_relative_path = remove_last_extension(relative_path)
+        Loggerxs.debug("################ relative_path=#{relative_path}")
+        Loggerxs.debug("################ new_relative_path=#{new_relative_path}")
+        @secret.encrypt_and_copy(x, new_relative_path, @setting[SETTING_KEY], @setting[SETTING_IV])
+      end
+    end
+    def set_setting_for_query(*dirs)
+      @valid_dirs = dirs.flatten.compact
+      @target, @sub_target, _tmp = @valid_dirs
+      # p "@valid_dirs=#{@valid_dirs}"
+      @file_format = @secret.file_format(@target, @sub_target)
+      Loggerxs.debug "@secret_dir_pn=#{@secret_dir_pn}"
+      Loggerxs.debug "dirs=#{dirs}"
+      Loggerxs.debug "@encrypted_secret_file_pn=#{@encrypted_secret_file_pn}"
+      @encrypted_secret_file_pn = @secret.get_file_path(dirs)
+    end
+    def load_setting
+      Loggerxs.debug "load_setting @encrypted_setting_file_pn=#{@encrypted_setting_file_pn}"
+      encrypted_text = File.read(@encrypted_setting_file_pn)
+      Loggerxs.debug "load_setting encrypted_text=#{encrypted_text}"
+      decrypted_text = @secret.decrypt_with_private_key(encrypted_text)
+      setting = YAML.safe_load(decrypted_text)
+      @key = setting[SETTING_KEY]
+      Loggerxs.debug "load_setting @key=#{@key}"
+      @iv = setting[SETTING_IV]
+      Loggerxs.debug "load_setting @iv=#{@iv}"
+    end
+    def load_and_decrypt
+      Loggerxs.debug("@encrypted_secret_file_pn=#{@encrypted_secret_file_pn}")
+      base64_text = File.read(@encrypted_secret_file_pn)
+      encrypted_content = Base64.decode64(base64_text)
+      begin
+        @decrpyted_content = @secret.decrypt_with_common_key(encrypted_content, @key, @iv)
+        @content = case @file_format
+                   when FORMAT_JSON
+                     @decrpyted_content
+                   when FORMAT_YAML
+                     @secret_content = YAML.safe_load(@decrpyted_content)
+                     @sub_target ? @secret_content[@target][@sub_target] : @secret_content[@target]
+                   else
+                     ""
+                   end
+      rescue StandardError => e
+        Loggerxs.error e
+        Loggerxs.error e.message
+        Loggerxs.error e.backtrace
+        Loggerxs.error "Can't dencrypt #{@encrypted_setting_file_pn}"
+      end
+      @content
+    end
+    def load
+      load_setting
+      load_and_decrypt
+    end
+    def make(_target, _sub_target)
+      case @file_format
+      when FORMAT_JSON
+        @content
+      when FORMAT_YAML
+        @content.map do |item|
+          %(export #{item[0]}=#{item[1]})
+        end.flatten
+      else
+        ""
+      end
+    end
+    def valid_private_keyfile(path, default_path = DEFAULT_PRIVATE_KEYFILE)
+      valid_pathname(path, default_path)
+    end
+    def valid_public_keyfile(path, default_path = DEFAULT_PUBLIC_KEYFILE)
+      valid_pathname(path, default_path)
+    end
+    def valid_pathname(path, default_path)
+      pathn = path
+      pathn = Pathname.new(Dir.home) + default_path if Util.nil_or_dontexist?(path)
+      pathn = nil if Util.nil_or_dontexist?(pathn)
+      pathn
+    end
+  end
+end

data/lib/secretmgr/util.rb ADDED Viewed

@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+module Secretmgr
+  class Util
+    class << self
+      def nil_or_dontexist?(pathn)
+        pathn.nil? || !pathn.exist?
+      end
+      def nil_or_zero?(str)
+        str.nil? || str.empty?
+      end
+    end
+  end
+end

data/lib/secretmgr/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Secretmgr
-  VERSION = "0.1.0"
+  VERSION = "0.2.0"
 end

data/lib/secretmgr.rb CHANGED Viewed

@@ -1,22 +1,28 @@
-# frozen_string_literal: true
-require "openssl"
-require "base64"
-require "multi_json"
-require "ykxutils"
-require "ykutils"
-require_relative "secretmgr/version"
-require_relative "secretmgr/secretmgr"
-require_relative "secretmgr/config"
-module Secretmgr
-  INSTALLED_APP = "installed"
-  WEB_APP = "web"
-  CLIENT_ID = "client_id"
-  CLIENT_SECRET = "client_secret"
-  CIPHER_NAME = "AES-256-CBC"
-  class Error < StandardError; end
-  # Your code goes here...
-end
+# frozen_string_literal: true
+require "openssl"
+require "base64"
+require "multi_json"
+require "loggerx"
+require_relative "secretmgr/version"
+require_relative "secretmgr/util"
+require_relative "secretmgr/globalsetting"
+require_relative "secretmgr/cli"
+require_relative "secretmgr/secretmgr"
+require_relative "secretmgr/config"
+require_relative "secretmgr/secret"
+require_relative "secretmgr/loggerxs"
+# require_relative "secretmgr/loggerxs"
+module Secretmgr
+  INSTALLED_APP = "installed"
+  WEB_APP = "web"
+  CLIENT_ID = "client_id"
+  CLIENT_SECRET = "client_secret"
+  CIPHER_NAME = "AES-256-CBC"
+  class Error < StandardError; end
+  # Your code goes here...
+end

data/rubocoprefine.bat CHANGED Viewed

@@ -1,30 +1,30 @@
-REMM メソッド定義やメソッド呼び出しの()をいい感じに
-rubocop -a --only Style/DefWithParentheses,\
-Style/MethodCallParentheses,\
-Style/MethodDefParentheses
-REM インデント崩れを修正
-rubocop -a --only Style/IndentationConsistency,\
-Style/IndentationWidth,\
-Style/MultilineOperationIndentation
-REM 空行をいい感じに
-rubocop -a --only Style/EmptyLineBetweenDefs,\
-Style/EmptyLines,\
-Style/EmptyLinesAroundAccessModifier,\
-Style/EmptyLinesAroundBlockBody,\
-Style/EmptyLinesAroundClassBody,\
-Style/EmptyLinesAroundMethodBody,\
-Style/EmptyLinesAroundModuleBody,\
-Style/TrailingBlankLines
-REM コロンやカンマの前後のスペースをいい感じにする
-rubocop -a --only Style/SpaceAfterColon,\
-Style/SpaceAfterComma,\
-Style/SpaceAfterNot,\
-Style/SpaceAfterSemicolon,\
-Style/SpaceAroundEqualsInParameterDefault,\
-Style/SpaceBeforeSemicolon
-REM 行末のスペース削除
+REMM メソッド定義やメソッド呼び出しの()をいい感じに
+rubocop -a --only Style/DefWithParentheses,\
+Style/MethodCallParentheses,\
+Style/MethodDefParentheses
+REM インデント崩れを修正
+rubocop -a --only Style/IndentationConsistency,\
+Style/IndentationWidth,\
+Style/MultilineOperationIndentation
+REM 空行をいい感じに
+rubocop -a --only Style/EmptyLineBetweenDefs,\
+Style/EmptyLines,\
+Style/EmptyLinesAroundAccessModifier,\
+Style/EmptyLinesAroundBlockBody,\
+Style/EmptyLinesAroundClassBody,\
+Style/EmptyLinesAroundMethodBody,\
+Style/EmptyLinesAroundModuleBody,\
+Style/TrailingBlankLines
+REM コロンやカンマの前後のスペースをいい感じにする
+rubocop -a --only Style/SpaceAfterColon,\
+Style/SpaceAfterComma,\
+Style/SpaceAfterNot,\
+Style/SpaceAfterSemicolon,\
+Style/SpaceAroundEqualsInParameterDefault,\
+Style/SpaceBeforeSemicolon
+REM 行末のスペース削除
 rubocop -a --only Style/TrailingWhitespace