secrets-cipher-base64 1.2.1

data/lib/secrets/app/commands/delete_keychain_key.rb

@@ -0,0 +1,15 @@
+require_relative 'command'
+require 'secrets/app/keychain'
+module Secrets
+  module App
+    module Commands
+      class DeleteKeychainKey < Command
+        include Secrets
+        required_options   :keychain_del
+        def run
+          Secrets::App::KeyChain.new(opts[:keychain_del]).delete
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/encrypt_decrypt.rb

@@ -0,0 +1,22 @@
+require_relative 'command'
+module Secrets
+  module App
+    module Commands
+      class EncryptDecrypt < Command
+        include Secrets
+        required_options   :private_key,
+                         [ :encrypt, :decrypt ],
+                         [ :file, :string ]
+        def run
+          send(cli.action, content, opts[:private_key])
+        end
+
+        private
+
+        def content
+          @content ||= (opts[:string] || (opts[:file].eql?('-') ? STDIN.read : File.read(opts[:file])))
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/generate_key.rb

@@ -0,0 +1,41 @@
+require_relative 'command'
+require 'secrets/app/keychain'
+module Secrets
+  module App
+    module Commands
+      class GenerateKey < Command
+        include Secrets
+
+        required_options :generate
+
+        def run
+          retries         ||= 0
+          new_private_key = self.class.create_private_key
+
+          if opts[:password]
+            handler = Secrets::App::PasswordHandler.new(opts).create
+            new_private_key = encr_password(new_private_key, handler.password)
+          end
+
+          clipboard_copy(new_private_key) if opts[:copy]
+
+          if opts[:keychain] && Secrets::App.is_osx?
+            Secrets::App::KeyChain.new(opts[:keychain]).add(new_private_key)
+          end
+
+          new_private_key
+        rescue Secrets::Errors::PasswordsDontMatch, Secrets::Errors::PasswordTooShort => e
+          STDERR.puts e.message.bold
+          retry if (retries += 1) < 3
+        end
+
+        private
+
+        def clipboard_copy(key)
+          require 'clipboard'
+          Clipboard.copy(key)
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/open_editor.rb

@@ -0,0 +1,90 @@
+require 'digest'
+require 'fileutils'
+require 'tempfile'
+require 'secrets'
+require 'secrets/errors'
+require_relative 'command'
+module Secrets
+  module App
+    module Commands
+      class OpenEditor < Command
+        include Secrets
+        required_options :private_key, :edit, :file
+        attr_accessor :tempfile
+
+        def run
+          begin
+            self.tempfile = ::Tempfile.new(::Base64.urlsafe_encode64(opts[:file]))
+            decrypt_content(self.tempfile)
+            result = process launch_editor
+          ensure
+            self.tempfile.close if tempfile
+            self.tempfile.unlink rescue nil
+          end
+          result
+        end
+
+        def launch_editor
+          system("#{cli.editor} #{tempfile.path}")
+        end
+
+        private
+
+        def decrypt_content(file)
+          file.open
+          file.write(content)
+          file.flush
+        end
+
+        def content
+          @content ||= decr(File.read(opts[:file]), key)
+        end
+
+        def timestamp
+          @timestamp ||= Time.now.to_a.select { |d| d.is_a?(Fixnum) }.map { |d| '%02d' % d }[0..-3].reverse.join
+        end
+
+        def process(code)
+          if code == true
+            content_edited = File.read(tempfile.path)
+            md5            = ::Base64.encode64(Digest::MD5.new.digest(content))
+            md5_edited     = ::Base64.encode64(Digest::MD5.new.digest(content_edited))
+            return 'No changes have been made.' if md5 == md5_edited
+
+            FileUtils.cp opts[:file], "#{opts[:file]}.#{timestamp}" if opts[:backup]
+
+            diff = compute_diff
+
+            File.open(opts[:file], 'w') { |f| f.write(encr(content_edited, key)) }
+
+            out = ''
+            if opts[:verbose]
+              out << "Saved encrypted/compressed content to #{opts[:file].bold.blue}" +
+                      " (#{File.size(opts[:file]) / 1024}Kb), unencrypted size #{content.length / 1024}Kb."
+              out << (opts[:backup] ? ",\nbacked up the last version to #{backup_file.bold.blue}." : '.')
+            end
+            out << "\n\nDiff:\n#{diff}"
+            out
+          else
+            raise Secrets::Errors::EditorExitedAbnormally.new("#{cli.editor} exited with #{$<}")
+          end
+        end
+
+        # Computes the diff between two unencrypted versions
+        def compute_diff
+          original_content_file = Tempfile.new(rand(1024).to_s)
+          original_content_file.open
+          original_content_file.write(content)
+          original_content_file.flush
+          diff = `diff #{original_content_file.path} #{tempfile.path}`
+          diff.gsub!(/> (.*\n)/m, '\1'.green)
+          diff.gsub!(/< (.*\n)/m, '\1'.red)
+        ensure
+          original_content_file.close
+          original_content_file.unlink
+          diff
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/show_examples.rb

@@ -0,0 +1,63 @@
+require 'colored2'
+require_relative 'command'
+module Secrets
+  module App
+    module Commands
+      class ShowExamples < Command
+        required_options :examples
+
+        def run
+          output = []
+
+          output << example(comment: 'generate a new private key into an environment variable:',
+                            command: 'export KEY=$(secrets -g)',
+                            echo:    'echo $KEY',
+                            result:  '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='.green)
+
+          output << example(comment: 'generate a new password-protected key, copy to the clipboard & save to a file',
+                            command: 'secrets -gpc -o ~/.key',
+                            echo:    'New Password     : ' + '••••••••••'.green,
+                            result:  'Confirm Password : ' + '••••••••••'.green)
+
+          output << example(comment: 'encrypt a plain text string with a key, and save the output to a file',
+                            command: 'secrets -e -s ' + '"secret string"'.bold.yellow + ' -k $KEY -o file.enc',
+                            echo:    'cat file.enc',
+                            result:  'Y09MNDUyczU1S0UvelgrLzV0RTYxZz09CkBDMEw4Q0R0TmpnTm9md1QwNUNy%T013PT0K'.green)
+
+          output << example(comment: 'decrypt a previously encrypted string:',
+                            command: 'secrets -d -s $(cat file.enc) -k $KEY',
+                            result:  'secret string'.green)
+
+          output << example(comment: 'encrypt secrets.yml and save it to secrets.enc:',
+                            command: 'secrets -e -f secrets.yml -o secrets.enc -k $KEY')
+
+          output << example(comment: 'decrypt an encrypted file and print it to STDOUT:',
+                            command: 'secrets -df secrets.enc -k $KEY')
+
+          output << example(comment: 'edit an encrypted file in $EDITOR, ask for key, create a backup',
+                            command: 'secrets -tibf ecrets.enc',
+                            result:  '
+Private Key: ••••••••••••••••••••••••••••••••••••••••••••
+Saved encrypted content to secrets.enc.
+
+Diff:
+3c3
+'.white.dark + '# (c) 2015 Konstantin Gredeskoul.  All rights reserved.'.red.bold  + '
+---' + '
+# (c) 2016 Konstantin Gredeskoul.  All rights reserved.'.green.bold)
+
+          output.flatten.compact.join("\n")
+        end
+
+        def example(comment: nil, command: nil, echo: nil, result: nil)
+          out = []
+          out << "# #{comment}".white.dark.italic if comment
+          out << "#{command}" if command
+          out << "#{echo}" if echo
+          out << "#{result}" if result
+          out << '—'*80
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/show_help.rb

@@ -0,0 +1,13 @@
+require_relative 'command'
+module Secrets
+  module App
+    module Commands
+      class ShowHelp < Command
+        required_options :help, ->(opts) { opts.keys.all? { |k| !opts[k] } }
+        def run
+          opts.to_s
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/commands/show_version.rb

@@ -0,0 +1,13 @@
+require_relative 'command'
+module Secrets
+  module App
+    module Commands
+      class ShowVersion < Command
+        required_options :version
+        def run
+          "secrets-cipher-base64 (version #{Secrets::VERSION})"
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/keychain.rb

@@ -0,0 +1,136 @@
+require 'secrets'
+require 'secrets/app'
+require 'secrets/errors'
+
+
+module Secrets
+  module App
+    #
+    # This class forms and shells several commands that wrap Mac OS-X +security+ command.
+    # They provide access to storing generic passwords in the KeyChain Access.
+    #
+    class KeyChain
+
+      class << self
+        attr_accessor :user, :kind, :sub_section
+
+        def configure
+          yield self
+        end
+
+        def validate!
+          raise ArgumentError.new(
+            'User is not defined. Either set $USER in environment, or directly on the class.') unless self.user
+        end
+      end
+
+      configure do
+        @kind        = 'secrets-cipher-base64'
+        @user        = ENV['USER']
+        @sub_section = 'generic-password'
+      end
+
+      attr_accessor :key_name, :opts, :stderr_disabled
+
+      def initialize(key_name, opts = {})
+        self.key_name = key_name
+        self.opts     = opts
+        self.class.validate!
+      end
+
+      def add(password)
+        execute command(:add, "-w '#{password}' ")
+      end
+
+      def find
+        execute command(:find, ' -g -w ')
+      end
+
+      def delete
+        execute command(:delete)
+      end
+
+      def execute(command)
+        command += ' 2>/dev/null' if stderr_disabled
+        puts "> #{command.yellow.green}" if opts[:verbose]
+        output = `#{command}`
+        result = $?
+        raise Secrets::Errors::ExternalCommandError.new("Command error: #{result}, command: #{command}") unless result.success?
+        output.chomp
+      rescue Errno::ENOENT => e
+        raise Secrets::Errors::ExternalCommandError.new("Command error: #{e.message}, command: #{command}")
+      end
+
+      def stderr_off
+        self.stderr_disabled = true
+      end
+
+      def stderr_on
+        self.stderr_disabled = false
+      end
+
+      private
+
+      def command(action, extras = nil)
+        out = base_command(action)
+        out << extras if extras
+        out = out.join
+        # Do not actually ever run these commands on non MacOSX
+        out = "echo #{out}" unless Secrets::App.is_osx?
+        out
+      end
+
+      def base_command(action)
+        [
+          "security #{action}-#{self.class.sub_section} ",
+          "-a '#{self.class.user}' ",
+          "-D '#{self.class.kind}' ",
+          "-s '#{self.key_name}' "
+        ]
+      end
+    end
+  end
+end
+
+
+#
+# Usage: add-generic-password [-a account] [-s service] [-w password] [options...] [-A|-T appPath] [keychain]
+#     -a  Specify account name (required)
+#     -c  Specify item creator (optional four-character code)
+#     -C  Specify item type (optional four-character code)
+#     -D  Specify kind (default is "application password")
+#     -G  Specify generic attribute (optional)
+#     -j  Specify comment string (optional)
+#     -l  Specify label (if omitted, service name is used as default label)
+#     -s  Specify service name (required)
+#     -p  Specify password to be added (legacy option, equivalent to -w)
+#     -w  Specify password to be added
+#     -A  Allow any application to access this item without warning (insecure, not recommended!)
+#     -T  Specify an application which may access this item (multiple -T options are allowed)
+#     -U  Update item if it already exists (if omitted, the item cannot already exist)
+#
+# Usage: find-generic-password [-a account] [-s service] [options...] [-g] [keychain...]
+#     -a  Match "account" string
+#     -c  Match "creator" (four-character code)
+#     -C  Match "type" (four-character code)
+#     -D  Match "kind" string
+#     -G  Match "value" string (generic attribute)
+#     -j  Match "comment" string
+#     -l  Match "label" string
+#     -s  Match "service" string
+#     -g  Display the password for the item found
+#     -w  Display only the password on stdout
+# If no keychains are specified to search, the default search list is used.
+#         Find a generic password item.
+#
+# Usage: delete-generic-password [-a account] [-s service] [options...] [keychain...]
+#     -a  Match "account" string
+#     -c  Match "creator" (four-character code)
+#     -C  Match "type" (four-character code)
+#     -D  Match "kind" string
+#     -G  Match "value" string (generic attribute)
+#     -j  Match "comment" string
+#     -l  Match "label" string
+#     -s  Match "service" string
+# If no keychains are specified to search, the default search list is used.
+#         Delete a generic password item.

data/lib/secrets/app/outputs/to_file.rb

@@ -0,0 +1,27 @@
+module Secrets
+  module App
+    module Outputs
+      class ToFile
+        attr_accessor :cli
+
+        def initialize(cli)
+          self.cli = cli
+        end
+
+        def opts
+          cli.opts
+        end
+
+        def output_proc
+          ->(data) {
+            File.open(opts[:output], 'w') { |f| f.write(data) }
+            if opts[:verbose]
+              puts %Q\File #{opts[:file].bold.green} (#{File.size(opts[:file])/1024}Kb) has been #{action}ypted.\ + "\n" +
+                   %Q\Encrypted version written to #{(opts[:output] || 'STDOUT').bold.green} (#{File.size(opts[:output]) / 1024}Kb)\
+            end
+          }
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/outputs/to_stdout.rb

@@ -0,0 +1,11 @@
+module Secrets
+  module App
+    module Outputs
+      class ToStdout < ToFile
+        def output_proc
+          ->(argument) { puts argument }
+        end
+      end
+    end
+  end
+end

data/lib/secrets/app/password_handler.rb

@@ -0,0 +1,39 @@
+require 'secrets/errors'
+
+module Secrets
+  module App
+    class PasswordHandler
+      attr_accessor :opts, :password
+
+      def initialize(opts)
+        self.opts = opts
+      end
+
+      def ask
+        retries       ||= 0
+        self.password = self.class.handle_user_input('Password: ', :green)
+      rescue ::OpenSSL::Cipher::CipherError
+        STDERR.puts 'Invalid password. Please try again.'
+        retry if (retries += 1) < 3
+      end
+
+      def self.handle_user_input(message, color)
+        HighLine.new(STDIN, STDERR).ask(message.bold) { |q| q.echo = '•'.send(color) }
+      end
+
+      def create
+        if opts[:password]
+          self.password    = self.class.handle_user_input('New Password     : ', :blue)
+          password_confirm = self.class.handle_user_input('Confirm Password : ', :blue)
+
+          raise Secrets::Errors::PasswordsDontMatch.new(
+            'The passwords you entered do not match.') if password != password_confirm
+
+          raise Secrets::Errors::PasswordTooShort.new(
+            'Minimum length is 7 characters.') if password.length < 7
+        end
+        self
+      end
+    end
+  end
+end