security 0.0.1

data/Gemfile

@@ -0,0 +1,3 @@
+source :rubygems
+
+gemspec

data/Gemfile.lock

@@ -0,0 +1,18 @@
+PATH
+  remote: .
+  specs:
+    security (0.0.1)
+
+GEM
+  remote: http://rubygems.org/
+  specs:
+    rake (0.9.2.2)
+    rspec (0.6.4)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rake (~> 0.9.2)
+  rspec (~> 0.6.1)
+  security!

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2012 Mattt Thompson (http://mattt.me/)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,24 @@
+# Security
+**Library for interacting with the Mac OS X Keychain**
+
+> This library currently only implements the necessary commands for password management for [Cupertino](https://github.com/mattt/cupertino). As such, some methods are stubbed out to raise `NotImplementedError`.
+
+## Usage
+
+```ruby
+Security::Keychain::default_keychain.filename #=> "/Users/johnnyappleseed/Library/Keychains/login.keychain"
+
+Security::InternetPassword.find(server: "itunesconnect.apple.com").password #=> "p4ssw0rd"
+```
+
+## Contact
+
+Mattt Thompson
+
+- http://github.com/mattt
+- http://twitter.com/mattt
+- m@mattt.me
+
+## License
+
+Security is available under the MIT license. See the LICENSE file for more info.

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler"
+Bundler.setup
+
+gemspec = eval(File.read("security.gemspec"))
+
+task :build => "#{gemspec.full_name}.gem"
+
+file "#{gemspec.full_name}.gem" => gemspec.files + ["security.gemspec"] do
+  system "gem build security.gemspec"
+end

data/lib/security.rb

@@ -0,0 +1,7 @@
+module Security
+  VERSION = "0.0.1"
+end
+
+require 'security/keychain'
+require 'security/certificate'
+require 'security/password'

data/lib/security/certificate.rb

@@ -0,0 +1,19 @@
+module Security
+  class Certificate
+    private_class_method :new
+
+    def delete!
+      raise NotImplementedError
+    end
+
+    def verified?
+      raise NotImplementedError
+    end
+
+    class << self
+      def find
+        raise NotImplementedError
+      end
+    end
+  end
+end

data/lib/security/keychain.rb

@@ -0,0 +1,61 @@
+module Security
+  class Keychain
+    DOMAINS = [:user, :system, :common, :dynamic]
+
+    attr_reader :filename
+
+    def initialize(filename)
+      @filename = filename
+    end
+
+    def info
+      system %{security show-keychain-info "#{@filename}"}
+    end
+
+    def lock
+      system %{security lock-keychain "#{@filename}"}
+    end
+
+    def unlock(password)
+      system %{security unlock-keychain -p #{password} "#{@filename}"}
+    end
+
+    def delete
+      system %{security delete-keychain "#{@filename}"}
+    end
+
+    class << self
+      def create(filename, password)
+        raise NotImplementedError
+      end
+
+      def list(domain = :user)
+        raise ArgumentError "Invalid domain #{domain}, expected one of: #{DOMAINS}" unless DOMAINS.include?(domain)
+
+        keychains_from_command('list-keychains', domain)
+      end
+
+      def lock
+        system %{security lock-keychain -a}
+      end
+
+      def unlock(password)
+        system %{security unlock-keychain -p #{password}}
+      end
+
+      def default_keychain
+        keychains_from_command('default-keychain').first
+      end
+
+      def login_keychain
+        keychains_from_command('login-keychain').first
+      end
+
+      private
+
+      def keychains_from_command(command, *args)
+        `security #{[command, *args].compact.join(' ')}`.split(/\n/).collect{|line| new(line.strip.gsub(/^\"|\"$/, ""))}
+      end
+    end    
+  end
+end

data/lib/security/password.rb

@@ -0,0 +1,101 @@
+module Security
+  class Password
+    attr_reader :keychain, :attributes, :password
+
+    private_class_method :new
+
+    def initialize(keychain, attributes, password)
+      @keychain = Keychain.new(keychain)
+      @attributes = attributes
+      @password = password 
+    end
+
+    class << self
+      private
+
+      def password_from_output(output)
+        return nil if /^security\: / === output 
+
+        keychain, attributes, password = nil, {}, nil
+        output.split(/\n/).each do |line|
+          case line
+          when /^keychain\: \"(.+)\"/
+            keychain = $1
+          when /\"(\w{4})\".+\=\"(.+)\"/
+            attributes[$1] = $2
+          when /^password\: \"(.+)\"/
+            password = $1
+          end
+        end
+
+        new(keychain, attributes, password)
+      end
+
+      def flags_for_options(options = {})
+        flags = options.dup
+        flags[:a] ||= options.delete(:account)
+        flags[:c] ||= options.delete(:creator)
+        flags[:C] ||= options.delete(:type)
+        flags[:D] ||= options.delete(:kind)
+        flags[:G] ||= options.delete(:value)
+        flags[:j] ||= options.delete(:comment)
+        flags[:s] ||= options.delete(:service) || options.delete(:server)
+
+        flags.delete_if{|k,v| v.nil?}.collect{|k, v| "-#{k} #{v}".strip}.join(" ")
+      end
+    end
+  end
+
+  class GenericPassword < Password
+    class << self
+      def add(account, service, password, options = {})
+        options[:a] = account
+        options[:s] = service
+        options[:w] = password
+
+        system "security add-generic-password #{flags_for_options(options)}"
+      end
+
+      def find(options)
+        options[:g] = ''
+
+        password_from_output(`security 2>&1 find-generic-password #{flags_for_options(options)}`)
+      end
+
+      def delete(options)
+        system "security delete-generic-password #{flags_for_options(options)}"
+      end
+    end
+  end
+
+  class InternetPassword < Password
+    class << self
+      def add(account, server, password, options = {})
+        options[:a] = account
+        options[:s] = server
+        options[:w] = password
+        
+        system "security add-internet-password #{flags_for_options(options)}"
+      end
+
+      def find(options)
+        options[:g] = ''
+
+        password_from_output(`security 2>&1 find-internet-password #{flags_for_options(options)}`)
+      end
+
+      def delete(options)
+        system "security delete-internet-password #{flags_for_options(options)}"
+      end
+
+      private
+
+      def flags_for_options(options = {})
+        options[:p] ||= options.delete(:path)
+        options[:P] ||= options.delete(:port)
+        options[:r] ||= options.delete(:protocol)
+        super(options)
+      end
+    end
+  end
+end

data/security.gemspec

@@ -0,0 +1,22 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+require "security"
+
+Gem::Specification.new do |s|
+  s.name        = "security"
+  s.authors     = ["Mattt Thompson"]
+  s.email       = "m@mattt.me"
+  s.homepage    = "http://mattt.me"
+  s.version     = Security::VERSION
+  s.platform    = Gem::Platform::RUBY
+  s.summary     = "Security"
+  s.description = "Library for interacting with the Mac OS X Keychain"
+
+  s.add_development_dependency "rspec", "~> 0.6.1"
+  s.add_development_dependency "rake",  "~> 0.9.2"
+
+  s.files         = Dir["./**/*"].reject { |file| file =~ /\.\/(bin|log|pkg|script|spec|test|vendor)/ }
+  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.require_paths = ["lib"]
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: security
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+  prerelease: 
+platform: ruby
+authors:
+- Mattt Thompson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-07-21 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &70220282679320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.1
+  type: :development
+  prerelease: false
+  version_requirements: *70220282679320
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &70220282678600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.2
+  type: :development
+  prerelease: false
+  version_requirements: *70220282678600
+description: Library for interacting with the Mac OS X Keychain
+email: m@mattt.me
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ./Gemfile
+- ./Gemfile.lock
+- ./lib/security/certificate.rb
+- ./lib/security/keychain.rb
+- ./lib/security/password.rb
+- ./lib/security.rb
+- ./LICENSE
+- ./Rakefile
+- ./README.md
+- ./security.gemspec
+homepage: http://mattt.me
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -4232387281816222953
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -4232387281816222953
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.15
+signing_key: 
+specification_version: 3
+summary: Security
+test_files: []