secrets-cipher-base64 1.2.1

data/bin/setup

@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here

data/exe/keychain

@@ -0,0 +1,38 @@
+#!/usr/bin/env ruby
+
+lib_path = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH << lib_path if File.exist?(lib_path) && !$LOAD_PATH.include?(lib_path)
+
+require 'secrets'
+require 'secrets/app'
+require 'secrets/app/keychain'
+require 'colored2'
+
+def usage
+  puts 'Usage: ' + 'keychain'.bold.blue + ' item [ add <contents> | find | delete ]'.bold.green
+  exit 0
+end
+
+usage if ARGV.empty?
+
+key_name, action, data = ARGV
+
+unless %i(add find delete).include?(action.to_sym)
+  puts "Error: operation #{action.bold.red} is not recognized"
+  usage
+end
+
+if action.eql?('add') && data.nil?
+  puts "Error: please provide data to store with the #{'add'.bold.green} operation."
+  usage
+end
+
+begin
+puts data ? \
+  Secrets::App::KeyChain.new(key_name).send(action.to_sym, data) :
+  Secrets::App::KeyChain.new(key_name).send(action.to_sym)
+rescue StandardError => e
+  STDERR.puts "#{e.message.red}"
+end
+
+

data/exe/secrets

@@ -0,0 +1,8 @@
+#!/usr/bin/env ruby
+
+lib_path = File.expand_path(File.dirname(__FILE__) + '/../lib')
+$LOAD_PATH << lib_path if File.exist?(lib_path) && !$LOAD_PATH.include?(lib_path)
+
+require 'secrets'
+
+Secrets::App::CLI.new(ARGV.dup).run

data/lib/secrets.rb

@@ -0,0 +1,73 @@
+require 'require_dir'
+require 'colored2'
+require 'zlib'
+
+require_relative 'secrets/configuration'
+
+Secrets::Configuration.configure do |config|
+  config.password_cipher = 'AES-128-CBC'
+  config.data_cipher = 'AES-256-CBC'
+  config.private_key_cipher = config.data_cipher
+  config.compression_enabled = true
+  config.compression_level = Zlib::BEST_COMPRESSION
+end
+
+#
+# _Include_ +Secrets+ in your class to enable functionality of this library.
+#
+# Once included, you would normally use +#encr+ and +#decr+ instance methods to perform
+# encryption and decryption of object of any type using a symmetric key encryption.
+#
+# You could also use +#encr_password+ and +#decr_password+ if you prefer to encrypt
+# with a password instead. The encryption key is generated from the password in that
+# case.
+#
+# Create a new key with +#create_private_key+ class method, which returns a new key every
+# time it's called, or with +#private_key+ class method, which either assigns, or creates
+# and caches the private key at a class level.
+#
+# ```ruby
+# require 'secrets'
+# class TestClass
+#   include Secrets
+#   private_key ENV['PRIVATE_KEY']
+#
+#   def sensitive_value=(value)
+#     @sensitive_value = encr(value, self.class.private_key)
+#   end
+#
+#   def sensitive_value
+#     decr(@sensitive_value, self.class.private_key)
+#   end
+# end
+# ```
+module Secrets
+  extend RequireDir
+  init(__FILE__)
+end
+
+Secrets.dir 'secrets/extensions'
+
+module Secrets
+  def self.included(klass)
+    klass.instance_eval do
+      include ::Secrets::Extensions::InstanceMethods
+      extend ::Secrets::Extensions::ClassMethods
+      class << self
+        def private_key(value = nil)
+          if value
+            @private_key= value
+          elsif @private_key
+            @private_key
+          else
+            @private_key= self.create_private_key
+          end
+          @private_key
+        end
+      end
+    end
+  end
+end
+
+Secrets.dir 'secrets'
+Secrets.dir 'secrets/app/commands'

data/lib/secrets/app.rb

@@ -0,0 +1,42 @@
+require 'secrets/data'
+require 'active_support/inflector'
+module Secrets
+  # The +App+ Module is responsible for handing user input and executing commands.
+  # Central class in this module is the +CLI+ class.
+
+  # This module is responsible for printing pretty errors and maintaining the
+  # future exit code class-global variable.
+
+  module App
+    class << self
+      attr_accessor :exit_code
+    end
+
+    self.exit_code = 0
+
+    def self.out
+      STDERR
+    end
+
+    def self.error(
+      config: {},
+      exception: nil,
+      type: nil,
+      details: nil,
+      reason: nil)
+
+      self.out.puts([\
+                    "#{(type || exception.class.name).titleize}:".red.bold.underlined +
+                    (sprintf '  %s', details || exception.message).red.italic,
+                    reason ? "\n#{reason.blue.bold.italic}" : nil].compact.join("\n"))
+      self.out.puts "\n" + exception.backtrace.join("\n").bold.red if exception && config && config[:trace]
+      self.exit_code = 1
+    end
+
+    def self.is_osx?
+      Gem::Platform.local.os.eql?('darwin')
+    end
+  end
+end
+
+Secrets.dir_r 'secrets/app'

data/lib/secrets/app/cli.rb

@@ -0,0 +1,197 @@
+ #!/usr/bin/env ruby
+require 'slop'
+require 'secrets'
+require 'colored2'
+require 'yaml'
+require 'openssl'
+require 'secrets/app'
+require 'secrets/errors'
+require 'secrets/app/commands'
+require 'secrets/app/keychain'
+require 'highline'
+
+require_relative 'outputs/to_file'
+require_relative 'outputs/to_stdout'
+
+module Secrets
+  module App
+    class CLI
+      include Secrets
+
+      attr_accessor :opts,
+                    :output_proc,
+                    :action,
+                    :print_proc,
+                    :write_proc,
+                    :password,
+                    :key
+
+      def initialize(argv)
+        begin
+          self.opts = parse(argv.dup)
+        rescue StandardError => e
+          error exception: e
+          return
+        end
+        configure_color(argv)
+        define_output
+        self.action = { opts[:encrypt] => :encr, opts[:decrypt] => :decr }[true]
+      end
+
+      def command
+        @command_class ||= Secrets::App::Commands.find_command_class(opts)
+        @command       ||= @command_class.new(self) if @command_class
+      end
+
+      def run
+        return Secrets::App.exit_code if Secrets::App.exit_code != 0
+
+        define_private_key
+        decrypt_private_key if should_decrypt_private_key?
+        verify_private_key_encoding if key
+
+        if command
+          return self.output_proc.call(command.run)
+        else
+          # command was not found. Reset output to printing, and return an error.
+          self.output_proc = print_proc
+          command_not_found_error!
+        end
+
+      rescue ::OpenSSL::Cipher::CipherError => e
+        error type:      'Cipher Error',
+              details:   e.message,
+              reason:    'Perhaps either the secret is invalid, or encrypted data is corrupt.',
+              exception: e
+
+      rescue Secrets::Errors::InvalidEncodingPrivateKey => e
+        error type:      'Private Key Error',
+              details:   'Private key does not appear to be properly encoded. ',
+              reason:    (opts[:password] ? nil : 'Perhaps the key is password-protected?'),
+              exception: e
+
+      rescue Secrets::Errors::Error => e
+        error type:      'Error',
+              details:   e.message,
+              exception: e
+
+      rescue StandardError => e
+        error exception: e
+      end
+
+      def error(hash)
+        Secrets::App.error(hash.merge(config: (opts ? opts.to_hash : {})))
+      end
+
+      def editor
+        ENV['EDITOR'] || '/bin/vi'
+      end
+
+      private
+
+      def should_decrypt_private_key?
+        key && (key.length > 45 || opts[:password])
+      end
+
+      def define_output
+        self.print_proc  = Secrets::App::Outputs::ToStdout.new(self).output_proc
+        self.write_proc  = Secrets::App::Outputs::ToFile.new(self).output_proc
+        self.output_proc = opts[:output] ? self.write_proc : self.print_proc
+      end
+
+      def define_private_key
+        begin
+          opts[:private_key] = File.read(opts[:key_file]) if opts[:key_file]
+        rescue Errno::ENOENT
+          raise Secrets::Errors::FileNotFound.new("Encryption key file #{opts[:key_file]} was not found.")
+        end
+
+        opts[:private_key] ||= PasswordHandler.handle_user_input('Private Key: ', :magenta) if opts[:interactive]
+        opts[:private_key] ||= KeyChain.new(opts[:keychain]).find if opts[:keychain]
+        self.key           = opts[:private_key]
+      end
+
+      def configure_color(argv)
+        if opts[:no_color]
+          Colored2.disable! # reparse options without the colors to create new help msg
+          self.opts = parse(argv.dup)
+        end
+      end
+
+      def verify_private_key_encoding
+        begin
+          Base64.urlsafe_decode64(key)
+        rescue ArgumentError => e
+          raise Secrets::Errors::InvalidEncodingPrivateKey.new(e)
+        end
+      end
+
+      def decrypt_private_key
+        handler = Secrets::App::PasswordHandler.new(opts)
+        decrypted_key = nil
+        begin
+          retries ||= 0
+          handler.ask
+          decrypted_key = decr_password(key, handler.password)
+        rescue ::OpenSSL::Cipher::CipherError => e
+          STDERR.puts 'Invalid password. Please try again.'
+          ((retries += 1) < 3) ? retry : raise(Secrets::Errors::InvalidPasswordPrivateKey.new(e))
+        end
+        self.key = decrypted_key
+      end
+
+      def command_not_found_error!
+        if key
+          h             = opts.to_hash
+          supplied_opts = h.keys.select { |k| h[k] }.join(', ')
+          error type:    'Options Error',
+                details: 'Unable to determined what command to run',
+                reason:  "You provided the following options: #{supplied_opts.bold.yellow}"
+          output_proc.call(opts.to_s)
+        else
+          raise Secrets::Errors::NoPrivateKeyFound.new('Private key is required')
+        end
+      end
+
+      def parse(arguments)
+        Slop.parse(arguments) do |o|
+          o.banner = 'Usage:'.bold.yellow
+          o.separator '    secrets [options]'.bold.green
+          o.separator 'Modes:'.bold.yellow
+          o.bool      '-h', '--help',         '           show help'
+          o.bool      '-d', '--decrypt',      '           decrypt mode'
+          o.bool      '-t', '--edit',         '           decrypt, open an encr. file in ' + editor
+          o.separator 'Create a private key:'.bold.yellow
+          o.bool      '-g', '--generate',     '           generate a new private key'
+          o.bool      '-p', '--password',     '           encrypt the key with a password'
+          o.bool      '-c', '--copy',         '           copy the new key to the clipboard'
+          o.separator 'Provide a private key:'.bold.yellow
+          o.bool      '-i', '--interactive',  '           Paste or type the key interactively'
+          o.string    '-k', '--private-key',  '[key]   '.bold.blue + '   private key as a string'
+          o.string    '-K', '--key-file',     '[key-file]'.bold.blue + ' private key from a file'
+          if Secrets::App.is_osx?
+          o.string    '-x', '--keychain',     '[key-name] '.bold.blue + 'private key to/from a password entry'
+          o.string    '-X', '--keychain-del', '[key-name] '.bold.blue + 'delete keychain entry with that name'
+          end
+          o.separator 'Data:'.bold.yellow
+          o.string    '-s', '--string',       '[string]'.bold.blue + '   specify a string to encrypt/decrypt'
+          o.string    '-f', '--file',         '[file]  '.bold.blue + '   filename to read from'
+          o.string    '-o', '--output',       '[file]  '.bold.blue + '   filename to write to'
+          o.bool      '-b', '--backup',       '           create a backup file in the edit mode'
+          o.separator 'Flags:'.bold.yellow
+          o.bool      '-v', '--verbose',      '           show additional information'
+          o.bool      '-T', '--trace',        '           print a backtrace of any errors'
+          o.bool      '-E', '--examples',     '           show several examples'
+          o.bool      '-V', '--version',      '           print library version'
+          o.bool      '-N', '--no-color',     '           disable color output'
+          o.bool      '-e', '--encrypt',      '           encrypt mode'
+          o.separator ''
+        end
+      rescue StandardError => e
+        error exception: e
+        raise(e)
+      end
+
+    end
+  end
+end

data/lib/secrets/app/commands.rb

@@ -0,0 +1,27 @@
+require 'active_support/inflector'
+
+module Secrets
+  module App
+    module Commands
+      class << self
+        attr_accessor :commands
+      end
+
+      self.commands = Set.new
+
+      class << self
+        def find_command_class(opts)
+          self.commands.each do |command_class|
+            return command_class if command_class.options_satisfied_by?(opts.to_hash)
+          end
+          nil
+        end
+
+        def register(command_class)
+          self.commands << command_class
+        end
+      end
+    end
+  end
+end
+

data/lib/secrets/app/commands/command.rb

@@ -0,0 +1,55 @@
+require 'active_support/inflector'
+module Secrets
+  module App
+    module Commands
+      class Command
+
+        def self.inherited(klass)
+          klass.instance_eval do
+            @required_options = Set.new
+            class << self
+              def required_options(*args)
+                @required_options.merge(args) if args
+                @required_options
+              end
+
+              def short_name
+                name.split(/::/)[-1].underscore
+              end
+
+              def options_satisfied_by?(opts_hash)
+                proc = required_options.find { |option| option.is_a?(Proc) }
+                return true if proc && proc.call(opts_hash)
+
+                required_options.to_a.delete_if { |o| o.is_a?(Proc) }.all? { |o|
+                  o.is_a?(Array) ? o.any? { |opt| opts_hash[opt] } : opts_hash[o]
+                }
+              end
+            end
+            # Register this command with the global list.
+            Secrets::App::Commands.register klass
+          end
+        end
+
+        attr_accessor :cli
+
+        def initialize(cli)
+          self.cli = cli
+        end
+
+        def opts
+          cli.opts
+        end
+
+        def key
+          @key ||= opts[:private_key]
+        end
+
+        def run
+          raise Secrets::Errors::AbstractMethodCalled.new(:run)
+        end
+
+      end
+    end
+  end
+end