sentry 0.2.8

data/CHANGELOG

@@ -0,0 +1,45 @@
+*0.2.8* (17 Sep 2005)
+
+* Added Active Record unit tests
+
+*0.2.7* (17 Sep 2005)
+
+* Added rdocs and stubs for AR unit tests
+
+*0.2.6* (2 Aug 2005)
+
+* Fixed generates_crypted so it adds attribute accessors
+
+*0.2.5* (27 Jul 2005)
+
+* Set ActiveRecord callback objects to only encrypt fields when they are not empty.
+
+*0.2.4* (11 Jul 2005)
+
+* Split ActiveRecord callback methods into their own classes.
+* Set AR virtual columns to fail silently on errors.
+
+*0.2.3* (11 Jul 2005)
+
+* Added ActiveRecord callback objects for SymmetricSentry and AsymmetricSentry.  +one_way_encrypt+ is depreciated.
+* Readme doc added too
+
+*0.2.1* (9 Jul 2005)
+
+* vastly simplified one_way_encrypt at danp's suggestion.  Use this in your model to try it out:
+
+    +one_way_encrypt :password*
+
+  That generates an SHA hash of model.password to model.crypted_password which is saved in the DB.  
+  model.password is a virtual field.  Continue using validates_confirmation_of for confirmation.
+
+
+*0.2* (9 Jul 2005)
+
+* added ActiveRecord::Base#one_way_encrypt class method to hash passwords with SHA
+* Renamed core classes to SymmetricSentry and AsymmetricSentry
+* Test Suite added
+
+*0.1* 
+
+* Initial Import

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2005 Rick Olson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,80 @@
+= Sentry lib - painless encryption library
+
+Sentry is a simple wrapper around the mostly undocumented OpenSSL encryption classes.  
+For now, look at the pseudo test cases in sentry.rb until I can get more examples written out.
+
+== Download
+
+Sentry is distributed as a gem:
+
+  gem install --source http://techno-weenie.net/code sentry
+
+Please email any comments or changes for code to technoweenie AT gmail.com
+
+== Using with ActiveRecord
+
+I wrote this for the purpose of encrypting ActiveRecord attributes.  Just <tt>require 'sentry'</tt>, and some new 
+class methods will be available to you:
+
+=== generates_crypted
+
+  generates_crypted :password, :mode => :sha | :symmetric | :asymmetric
+  
+This is the generic class method to use.  Default mode is :sha.  
+
+=== generates_crypted_hash_of
+
+  generates_crypted_hash_of :password
+
+This is a shortcut for using SHA encryption.  No different than specifying <tt>generates_crypted :password</tt>.  In the above 
+example, model.password is a virtual field, and the SHA hash is saved to model.crypted_password
+
+=== asymmetrically_encrypts
+  
+  asymmetrically_encrypts :password
+
+This is a shortcut for using an asymmetrical algorithm with a private/public key file.  To use this, generate a public and
+private key with Sentry::AsymmetricalSentry.save_random_rsa_key(private_key_file, public_key_file).  If you want to encrypt the
+private key file with a symmetrical algorithm, pass a secret key (neither the key nor the decrypted value will be stored).
+
+  Sentry::AsymmetricalSentry.save_random_rsa_key(private_key_file, public_key_file, :key => 'secret_password')
+
+What that does, is requires you to pass in that same secret password when accesing the method.  
+
+  class Model < ActiveRecord::Base
+    generates_crypted :password, :mode => :asymmetric
+  end
+  
+  model.password = '5234523453425'
+  model.save   # password is encrypted and saved to crypted_password in the database, 
+               # model.password is cleared and becomes a virtual field.
+  model.password('secret_password')
+  => '5234523453425'
+
+The public and private key file names can be set in config/environment.rb
+
+  Sentry::AsymmetricSentry.default_public_key_file = "#{RAILS_ROOT}/config/public.key"
+  Sentry::AsymmetricSentry.default_private_key_file = "#{RAILS_ROOT}/config/private.key"
+
+If the private key was encrypted with the Sentry::AsymmetricalSentry#save_random_rsa_key, you must provide that same key
+when accessing the AR model.
+
+=== symmetrically_encrypts
+
+  symmetrically_encrypts :password
+
+This is a shortcut for using a symmetrical algorithm with a secret password to encrypt the field.  
+
+  class Model < ActiveRecord::Base
+    generates_crypted :password, :mode => :symmetric
+  end
+  
+  model.password = '5234523453425'
+  model.save   # password is encrypted and saved to crypted_password in the database, 
+               # model.password is cleared and becomes a virtual field.
+  model.password
+  => '5234523453425'
+
+The secret password can be set in config/environment.rb
+
+  Sentry::SymmetricSentry.default_key = "secret_password"

data/RUNNING_UNIT_TESTS

@@ -0,0 +1,41 @@
+== Creating the test database
+
+The default name for the test databases is "activerecord_sentry". If you 
+want to use another database name then be sure to update the connection 
+adapter setups you want to test with in test/connections/<your database>/connection.rb. 
+When you have the database online, you can import the fixture tables with 
+the test/fixtures/db_definitions/*.sql files.
+
+Make sure that you create database objects with the same user that you specified in i
+connection.rb otherwise (on Postgres, at least) tests for default values will fail.
+
+== Running with Rake
+
+The easiest way to run the unit tests is through Rake. The default task runs
+the entire test suite for all the adapters. You can also run the suite on just
+one adapter by using the tasks test_mysql_ruby, test_ruby_mysql, test_sqlite, 
+or test_postresql. For more information, checkout the full array of rake tasks with "rake -T"
+
+Rake can be found at http://rake.rubyforge.org
+
+== Running by hand
+
+Unit tests are located in test directory. If you only want to run a single test suite, 
+or don't want to bother with Rake, you can do so with something like:
+
+   cd test; ruby -I "connections/native_mysql" base_test.rb
+   
+That'll run the base suite using the MySQL-Ruby adapter. Change the adapter
+and test suite name as needed.
+
+== Faster tests
+
+If you are using a database that supports transactions, you can set the
+"AR_TX_FIXTURES" environment variable to "yes" to use transactional fixtures.
+This gives a very large speed boost. With rake:
+
+  rake AR_TX_FIXTURES=yes
+
+Or, by hand:
+
+  AR_TX_FIXTURES=yes ruby -I connections/native_sqlite3 base_test.rb

data/lib/active_record/sentry.rb

@@ -0,0 +1,79 @@
+module ActiveRecord # :nodoc:
+  module Sentry
+    def self.included(base) # :nodoc:
+      base.extend ClassMethods
+    end
+  
+    module ClassMethods
+      def generates_crypted(attr_name, options = {})
+        mode = options[:mode] || :sha
+        case mode
+          when :sha
+            generates_crypted_hash_of(attr_name)
+          when :asymmetric, :asymmetrical
+            asymmetrically_encrypts(attr_name)
+          when :symmetric, :symmetrical
+            symmetrically_encrypts(attr_name)
+        end
+      end 
+    
+      def generates_crypted_hash_of(attribute)
+        before_validation ::Sentry::ShaSentry.new(attribute)
+        attr_accessor attribute
+      end
+
+      def asymmetrically_encrypts(attr_name)
+        temp_sentry = ::Sentry::AsymmetricSentryCallback.new(attr_name)
+        before_validation temp_sentry
+        after_save temp_sentry
+      
+        define_method(attr_name) do |*optional|
+          send("#{attr_name}!", *optional) rescue nil
+        end
+      
+        define_method("#{attr_name}!") do |*optional|
+          return decrypted_values[attr_name] unless decrypted_values[attr_name].nil?
+          return nil if send("crypted_#{attr_name}").nil?
+          key = optional.shift
+          ::Sentry::AsymmetricSentry.decrypt_from_base64(send("crypted_#{attr_name}"), key)
+        end
+      
+        define_method("#{attr_name}=") do |value|
+          decrypted_values[attr_name] = value
+          nil
+        end
+      
+        private
+        define_method(:decrypted_values) do
+          @decrypted_values ||= {}
+        end
+      end
+
+      def symmetrically_encrypts(attr_name)
+        temp_sentry = ::Sentry::SymmetricSentryCallback.new(attr_name)
+        before_validation temp_sentry
+        after_save temp_sentry
+
+        define_method(attr_name) do
+          send("#{attr_name}!") rescue nil
+        end
+
+        define_method("#{attr_name}!") do
+          return decrypted_values[attr_name] unless decrypted_values[attr_name].nil?
+          return nil if send("crypted_#{attr_name}").nil?
+          ::Sentry::SymmetricSentry.decrypt_from_base64(send("crypted_#{attr_name}"))
+        end
+      
+        define_method("#{attr_name}=") do |value|
+          decrypted_values[attr_name] = value
+          nil
+        end
+      
+        private
+        define_method(:decrypted_values) do
+          @decrypted_values ||= {}
+        end
+      end
+    end
+  end
+end

data/lib/sentry.rb

@@ -0,0 +1,46 @@
+#Copyright (c) 2005 Rick Olson
+#
+#Permission is hereby granted, free of charge, to any person obtaining
+#a copy of this software and associated documentation files (the
+#"Software"), to deal in the Software without restriction, including
+#without limitation the rights to use, copy, modify, merge, publish,
+#distribute, sublicense, and/or sell copies of the Software, and to
+#permit persons to whom the Software is furnished to do so, subject to
+#the following conditions:
+#
+#The above copyright notice and this permission notice shall be
+#included in all copies or substantial portions of the Software.
+#
+#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+#EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+#MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+#NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+#LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+#OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+#WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+require 'openssl'
+require 'base64'
+require 'sentry/symmetric_sentry'
+require 'sentry/asymmetric_sentry'
+require 'sentry/sha_sentry'
+require 'sentry/symmetric_sentry_callback'
+require 'sentry/asymmetric_sentry_callback'
+
+module Sentry
+  class NoKeyError < StandardError
+  end
+  class NoPublicKeyError < StandardError
+  end
+  class NoPrivateKeyError < StandardError
+  end
+end
+
+begin
+  require 'active_record/sentry'
+  ActiveRecord::Base.class_eval do
+    include ActiveRecord::Sentry
+  end
+rescue NameError
+  nil
+end

data/lib/sentry/asymmetric_sentry.rb

@@ -0,0 +1,144 @@
+module Sentry
+  class AsymmetricSentry
+    attr_reader   :private_key_file
+    attr_reader   :public_key_file
+    attr_accessor :symmetric_algorithm
+    @@default_private_key_file = nil
+    @@default_public_key_file = nil
+    @@default_symmetric_algorithm = nil
+
+    # available options:
+    # * <tt>:private_key_file</tt> - encrypted private key file
+    # * <tt>:public_key_file</tt>  - public key file
+    # * <tt>:symmetric_algorithm</tt> - algorithm to use for SymmetricSentry
+    def initialize(options = {})
+      @public_key = @private_key = nil
+      private_key_file = options[:private_key_file]
+      public_key_file  = options[:public_key_file] || @@default_public_key_file
+      @symmetric_algorithm = options[:symmetric_algorithm] || @@default_symmetric_algorithm
+    end
+  
+    def encrypt(data)
+      raise NoPublicKeyError unless public?
+      public_rsa.public_encrypt(data)
+    end
+  
+    def encrypt_to_base64(data)
+      Base64.encode64(encrypt(data))
+    end
+  
+    def decrypt(data, key = nil)
+      raise NoPrivateKeyError unless private?
+      private_rsa(key).private_decrypt(data)
+    end
+  
+    def decrypt_from_base64(data, key = nil)
+      decrypt(Base64.decode64(data), key)
+    end
+  
+    def private_key_file=(file)
+      @private_key_file = file and load_private_key
+    end
+  
+    def public_key_file=(file)
+      @public_key_file = file and load_public_key
+    end
+  
+    def public?
+      return true unless @public_key.nil?
+      load_public_key and return @public_key
+    end
+  
+    def private?
+      return true unless @private_key.nil?
+      load_private_key and return @private_key
+    end
+
+    class << self
+      # * <tt>:key</tt> - secret password
+      # * <tt>:symmetric_algorithm</tt> - symmetrical algorithm to use
+      def save_random_rsa_key(private_key_file, public_key_file, options = {})
+        rsa = OpenSSL::PKey::RSA.new(512)
+        public_key = rsa.public_key
+        private_key = options[:key] ? 
+          SymmetricSentry.new(:algorithm => options[:symmetric_algorithm]).encrypt_to_base64(rsa.to_s, options[:key]) :
+          rsa.to_s
+        File.open(public_key_file, 'w')  { |f| f.write(public_key) }
+        File.open(private_key_file, 'w') { |f| f.write(private_key) }
+      end
+
+      def encrypt(data)
+        self.new.encrypt(data)
+      end
+  
+      def encrypt_to_base64(data)
+        self.new.encrypt_to_base64(data)
+      end
+  
+      def decrypt(data, key = nil)
+        self.new.decrypt(data, key)
+      end
+  
+      def decrypt_from_base64(data, key = nil)
+        self.new.decrypt_from_base64(data, key)
+      end
+
+      # cattr_accessor would be lovely
+      def default_private_key_file
+        @@default_private_key_file
+      end
+      
+      def default_private_key_file=(value)
+        @@default_private_key_file = value
+      end
+      
+      def default_public_key_file
+        @@default_public_key_file
+      end
+      
+      def default_public_key_file=(value)
+        @@default_public_key_file = value
+      end
+      
+      def default_symmetric_algorithm
+        @@default_symmetric_algorithm
+      end
+      
+      def default_symmetric_algorithm=(value)
+        @@default_symmetric_algorithm = value
+      end
+    end
+  
+    private
+    def encryptor
+      @encryptor ||= SymmetricSentry.new(:algorithm => @symmetric_algorithm)
+    end
+
+    def load_private_key
+      @private_rsa = nil
+      @private_key_file ||= @@default_private_key_file
+      if @private_key_file and File.file?(@private_key_file)
+        @private_key = File.open(@private_key_file) { |f| f.read }
+      end
+    end
+  
+    def load_public_key
+      @public_rsa = nil
+      @public_key_file ||= @@default_public_key_file
+      if @public_key_file and File.file?(@public_key_file)
+        @public_key = File.open(@public_key_file) { |f| f.read }
+      end
+    end
+
+    # retrieves private rsa from encrypted private key
+    def private_rsa(key = nil)
+      return @private_rsa ||= OpenSSL::PKey::RSA.new(@private_key) unless key
+      OpenSSL::PKey::RSA.new(encryptor.decrypt_from_base64(@private_key, key))
+    end
+
+    # retrieves public rsa
+    def public_rsa
+      @public_rsa ||= OpenSSL::PKey::RSA.new(@public_key)
+    end
+  end
+end

data/lib/sentry/asymmetric_sentry_callback.rb

@@ -0,0 +1,17 @@
+module Sentry
+  class AsymmetricSentryCallback
+    def initialize(attr_name)
+      @attr_name = attr_name
+    end
+  
+    # Performs encryption on before_validation Active Record callback
+    def before_validation(model)
+      return if model.send(@attr_name).blank?
+      model.send("crypted_#{@attr_name}=", AsymmetricSentry.encrypt_to_base64(model.send(@attr_name)))
+    end
+    
+    def after_save(model)
+      model.send("#{@attr_name}=", nil)
+    end
+  end
+end

data/lib/sentry/sha_sentry.rb

@@ -0,0 +1,41 @@
+require 'digest/sha1'
+module Sentry
+  class ShaSentry
+    @@salt = 'salt'
+    attr_accessor :salt
+    
+    # Encrypts data using SHA.
+    def encrypt(data)
+      self.class.encrypt(data + salt.to_s)
+    end
+    
+    # Initialize the class.  
+    # Used by ActiveRecord::Base#generates_crypted to set up as a callback object for a model
+    def initialize(attribute = nil)
+      @attribute = attribute
+    end
+    
+    # Performs encryption on before_validation Active Record callback
+    def before_validation(model)
+      return unless model.send(@attribute)
+      model.send("crypted_#{@attribute}=", encrypt(model.send(@attribute)))
+    end
+        
+    class << self
+      # Gets the class salt value used when encrypting
+      def salt
+        @@salt
+      end
+      
+      # Sets the class salt value used when encrypting
+      def salt=(value)
+        @@salt = value
+      end
+      
+      # Encrypts the data
+      def encrypt(data)
+        Digest::SHA1.hexdigest(data + @@salt)
+      end
+    end
+  end
+end

data/lib/sentry/symmetric_sentry.rb

@@ -0,0 +1,79 @@
+module Sentry
+  class SymmetricSentry
+    @@default_algorithm = 'DES-EDE3-CBC'
+    @@default_key = nil
+    attr_accessor :algorithm
+    def initialize(options = {})
+      @algorithm = options[:algorithm] || @@default_algorithm
+    end
+  
+    def encrypt(data, key = nil)
+      key = check_for_key!(key)
+      des = encryptor
+      des.encrypt(key)
+      data = des.update(data)
+      data << des.final
+    end
+  
+    def encrypt_to_base64(text, key = nil)
+      Base64.encode64(encrypt(text, key))
+    end
+  
+    def decrypt(data, key = nil)
+      key = check_for_key!(key)
+      des = encryptor
+      des.decrypt(key)
+      text = des.update(data)
+      text << des.final
+    end
+  
+    def decrypt_from_base64(text, key = nil)
+      decrypt(Base64.decode64(text), key)
+    end
+
+    class << self
+      def default_algorithm
+        @@default_algorithm
+      end
+    
+      def default_algorithm=(value)
+        @@default_algorithm = value
+      end
+      
+      def default_key
+        @@default_key
+      end
+      
+      def default_key=(value)
+        @@default_key = value
+      end
+
+      def encrypt(data, key = nil)
+        self.new.encrypt(data, key)
+      end
+  
+      def encrypt_to_base64(text, key = nil)
+        self.new.encrypt_to_base64(text, key)
+      end
+  
+      def decrypt(data, key = nil)
+        self.new.decrypt(data, key)
+      end
+  
+      def decrypt_from_base64(text, key = nil)
+        self.new.decrypt_from_base64(text, key)
+      end
+    end
+
+    private
+    def encryptor
+      @encryptor ||= OpenSSL::Cipher::Cipher.new(@algorithm)
+    end
+    
+    def check_for_key!(key)
+      valid_key = key || @@default_key
+      raise Sentry::NoKeyError if valid_key.nil?
+      valid_key
+    end
+  end
+end

data/lib/sentry/symmetric_sentry_callback.rb

@@ -0,0 +1,17 @@
+module Sentry
+  class SymmetricSentryCallback
+    def initialize(attr_name)
+      @attr_name = attr_name
+    end
+
+    # Performs encryption on before_validation Active Record callback
+    def before_validation(model)
+      return if model.send(@attr_name).blank?
+      model.send("crypted_#{@attr_name}=", SymmetricSentry.encrypt_to_base64(model.send(@attr_name)))
+    end
+    
+    def after_save(model)
+      model.send("#{@attr_name}=", nil)
+    end
+  end
+end

data/test/abstract_unit.rb

@@ -0,0 +1,25 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'active_record'
+require 'active_record/fixtures'
+require 'active_support/binding_of_caller'
+require 'active_support/breakpoint'
+require 'connection'
+require 'sentry'
+
+class Test::Unit::TestCase #:nodoc:
+  def create_fixtures(*table_names)
+    if block_given?
+      Fixtures.create_fixtures(File.dirname(__FILE__) + "/fixtures/", table_names) { yield }
+    else
+      Fixtures.create_fixtures(File.dirname(__FILE__) + "/fixtures/", table_names)
+    end
+  end
+end
+
+Test::Unit::TestCase.fixture_path = File.dirname(__FILE__) + "/fixtures/"
+Test::Unit::TestCase.use_instantiated_fixtures = false
+Test::Unit::TestCase.use_transactional_fixtures = (ENV['AR_TX_FIXTURES'] == "yes")
+

data/test/asymmetric_sentry_callback_test.rb

@@ -0,0 +1,61 @@
+require 'abstract_unit'
+require 'fixtures/user'
+
+class AsymmetricSentryCallbackTest < Test::Unit::TestCase
+  fixtures :users
+
+  def setup
+    @str = 'sentry'
+    @key = 'secret'
+    @public_key_file = File.dirname(__FILE__) + '/keys/public'
+    @private_key_file = File.dirname(__FILE__) + '/keys/private'
+    @encrypted_public_key_file = File.dirname(__FILE__) + '/keys/encrypted_public'
+    @encrypted_private_key_file = File.dirname(__FILE__) + '/keys/encrypted_private'
+    
+    @orig = 'sentry'
+    Sentry::AsymmetricSentry.default_public_key_file = @public_key_file
+    Sentry::AsymmetricSentry.default_private_key_file = @private_key_file
+  end
+  
+  def test_should_encrypt_creditcard
+    u = User.create :login => 'jones'
+    u.creditcard = @orig
+    assert u.save
+    assert !u.crypted_creditcard.empty?
+  end
+
+  def test_should_decrypt_creditcard
+    assert_equal @orig, users(:user_1).creditcard
+  end
+
+  def test_should_not_decrypt_encrypted_creditcard_with_invalid_key
+    assert_nil users(:user_2).creditcard
+    assert_nil users(:user_2).creditcard(@key)
+    use_encrypted_keys
+    assert_nil users(:user_1).creditcard
+  end
+
+  def test_should_not_decrypt_encrypted_creditcard
+    use_encrypted_keys
+    assert_nil users(:user_2).creditcard
+    assert_nil users(:user_2).creditcard('other secret')
+  end
+  
+  def test_should_encrypt_encrypted_creditcard
+    use_encrypted_keys
+    u = User.create :login => 'jones'
+    u.creditcard = @orig
+    assert u.save
+    assert !u.crypted_creditcard.empty?
+  end
+
+  def test_should_decrypt_encrypted_creditcard
+    use_encrypted_keys
+    assert_equal @orig, users(:user_2).creditcard(@key)
+  end
+  
+  def use_encrypted_keys
+    Sentry::AsymmetricSentry.default_public_key_file = @encrypted_public_key_file
+    Sentry::AsymmetricSentry.default_private_key_file = @encrypted_private_key_file
+  end
+end

data/test/asymmetric_sentry_test.rb

@@ -0,0 +1,88 @@
+require 'abstract_unit'
+
+class AsymmetricSentryTest < Test::Unit::TestCase
+  def setup
+    @str = 'sentry'
+    @key = 'secret'
+    @public_key_file = File.dirname(__FILE__) + '/keys/public'
+    @private_key_file = File.dirname(__FILE__) + '/keys/private'
+    @encrypted_public_key_file = File.dirname(__FILE__) + '/keys/encrypted_public'
+    @encrypted_private_key_file = File.dirname(__FILE__) + '/keys/encrypted_private'
+    @sentry = Sentry::AsymmetricSentry.new
+    
+    @orig = 'sentry'
+    @data = "vYfMxtVB8ezXmQKSNqTC9sPgi8TbsYRxWd7DVbpprzyuEdZ7gftJ/0IXsbXm\nXCU08bTAl0uEFm7dau+eJMXEJg==\n"
+    @encrypted_data = "q2obYAITmK93ylzVS01mJx1jSlnmylMX15nFpb4uKesVgnqvtzBRHZ/SK+Nm\nEzceIoAcJc3DHosVa4VUE/aK/A==\n"
+    Sentry::AsymmetricSentry.default_public_key_file = nil
+    Sentry::AsymmetricSentry.default_private_key_file = nil
+  end
+  
+  def test_should_decrypt_files
+    set_key_files @public_key_file, @private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@data)
+  end
+  
+  def test_should_decrypt_files_with_encrypted_key
+    set_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_read_key_files
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_key_files @public_key_file, @private_key_file
+  end
+  
+  def test_should_read_encrypted_key_files
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_key_files @encrypted_public_key_file, @encrypted_private_key_file
+  end
+
+  def test_should_decrypt_files_with_default_key
+    set_default_key_files @public_key_file, @private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@data)
+  end
+  
+  def test_should_decrypt_files_with_default_encrypted_key
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_decrypt_files_with_default_key_using_class_method
+    set_default_key_files @public_key_file, @private_key_file
+    assert_equal @orig, Sentry::AsymmetricSentry.decrypt_from_base64(@data)
+  end
+  
+  def test_should_decrypt_files_with_default_encrypted_key_using_class_method
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, Sentry::AsymmetricSentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_read_key_files_with_default_key
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_default_key_files @public_key_file, @private_key_file
+  end
+  
+  def test_should_read_encrypted_key_files_with_default_key
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+  end
+
+  private  
+  def set_key_files(public_key, private_key)
+    @sentry.public_key_file = public_key
+    @sentry.private_key_file = private_key
+    assert @sentry.private?
+    assert @sentry.public?
+  end
+  
+  def set_default_key_files(public_key, private_key)
+    Sentry::AsymmetricSentry.default_public_key_file = public_key
+    Sentry::AsymmetricSentry.default_private_key_file = private_key
+    assert @sentry.private?
+    assert @sentry.public?
+  end
+end

data/test/connections/native_db2/connection.rb

@@ -0,0 +1,14 @@
+print "Using native DB2\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+db1 = 'arsentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => "db2",
+  :host     => "localhost",
+  :username => "arunit",
+  :password => "arunit",
+  :database => db1
+)

data/test/connections/native_mysql/connection.rb

@@ -0,0 +1,14 @@
+print "Using native MySQL\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+db1 = 'activerecord_sentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => "mysql",
+  :host     => "localhost",
+  :username => "rails",
+  :password => "",
+  :database => db1
+)

data/test/connections/native_oci/connection.rb

@@ -0,0 +1,15 @@
+print "Using OCI Oracle\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new STDOUT
+ActiveRecord::Base.logger.level = Logger::WARN
+
+db1 = 'activerecord_sentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => 'oci',
+  :host     => '',          # can use an oracle SID
+  :username => 'arunit',
+  :password => 'arunit',
+  :database => db1
+)

data/test/connections/native_postgresql/connection.rb

@@ -0,0 +1,14 @@
+print "Using native PostgreSQL\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+db1 = 'activerecord_sentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => "postgresql",
+  :host     => nil, 
+  :username => "postgres",
+  :password => "postgres", 
+  :database => db1
+)

data/test/connections/native_sqlite/connection.rb

@@ -0,0 +1,34 @@
+print "Using native SQlite\n"
+require 'logger'
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+class SqliteError < StandardError
+end
+
+BASE_DIR = File.expand_path(File.dirname(__FILE__) + '/../../fixtures')
+sqlite_test_db  = "#{BASE_DIR}/activerecord_sentry.sqlite"
+
+def make_connection(clazz, db_file, db_definitions_file)
+  unless File.exist?(db_file)
+    puts "SQLite database not found at #{db_file}. Rebuilding it."
+    sqlite_command = %Q{sqlite #{db_file} "create table a (a integer); drop table a;"}
+    puts "Executing '#{sqlite_command}'"
+    raise SqliteError.new("Seems that there is no sqlite executable available") unless system(sqlite_command)
+    clazz.establish_connection(
+        :adapter => "sqlite",
+        :dbfile  => db_file)
+    script = File.read("#{BASE_DIR}/db_definitions/#{db_definitions_file}")
+    # SQLite-Ruby has problems with semi-colon separated commands, so split and execute one at a time
+    script.split(';').each do
+      |command|
+      clazz.connection.execute(command) unless command.strip.empty?
+    end
+  else
+    clazz.establish_connection(
+        :adapter => "sqlite",
+        :dbfile  => db_file)
+  end
+end
+
+make_connection(ActiveRecord::Base, sqlite_test_db, 'sqlite.sql')
+

data/test/connections/native_sqlite3/connection.rb

@@ -0,0 +1,33 @@
+print "Using native SQLite3\n"
+require 'logger'
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+class SqliteError < StandardError
+end
+
+BASE_DIR = File.expand_path(File.dirname(__FILE__) + '/../../fixtures')
+sqlite_test_db  = "#{BASE_DIR}/activerecord_sentry.sqlite3"
+
+def make_connection(clazz, db_file, db_definitions_file)
+  unless File.exist?(db_file)
+    puts "SQLite3 database not found at #{db_file}. Rebuilding it."
+    sqlite_command = %Q{sqlite3 #{db_file} "create table a (a integer); drop table a;"}
+    puts "Executing '#{sqlite_command}'"
+    raise SqliteError.new("Seems that there is no sqlite3 executable available") unless system(sqlite_command)
+    clazz.establish_connection(
+        :adapter => "sqlite3",
+        :dbfile  => db_file)
+    script = File.read("#{BASE_DIR}/db_definitions/#{db_definitions_file}")
+    # SQLite-Ruby has problems with semi-colon separated commands, so split and execute one at a time
+    script.split(';').each do
+      |command|
+      clazz.connection.execute(command) unless command.strip.empty?
+    end
+  else
+    clazz.establish_connection(
+        :adapter => "sqlite3",
+        :dbfile  => db_file)
+  end
+end
+
+make_connection(ActiveRecord::Base, sqlite_test_db, 'sqlite.sql')

data/test/connections/native_sqlserver/connection.rb

@@ -0,0 +1,14 @@
+print "Using native SQLServer\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+db1 = 'activerecord_sentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => "sqlserver",
+  :host     => "localhost",
+  :username => "sa",
+  :password => "",
+  :database => db1
+)

data/test/connections/native_sqlserver_odbc/connection.rb

@@ -0,0 +1,15 @@
+print "Using native SQLServer via ODBC\n"
+require 'logger'
+
+ActiveRecord::Base.logger = Logger.new("debug.log")
+
+dsn1 = 'activerecord_sentry'
+
+ActiveRecord::Base.establish_connection(
+  :adapter  => "sqlserver",
+  :mode     => "ODBC",
+  :host     => "localhost",
+  :username => "sa",
+  :password => "",
+  :dsn => dsn1
+)

data/test/fixtures/db_definitions/postgresql.drop.sql

@@ -0,0 +1 @@
+drop table users;

data/test/fixtures/db_definitions/postgresql.sql

@@ -0,0 +1,8 @@
+CREATE TABLE users (
+  id                 SERIAL,
+  crypted_password   VARCHAR(255),
+  crypted_creditcard VARCHAR(255),
+  login              VARCHAR(50),
+  type               VARCHAR(20)
+);
+SELECT setval('users_id_seq', 100);

data/test/fixtures/db_definitions/sqlite.drop.sql

@@ -0,0 +1 @@
+DROP TABLE 'pages';

data/test/fixtures/db_definitions/sqlite.sql

@@ -0,0 +1,7 @@
+CREATE TABLE 'users' (
+  'id'                 INTEGER NOT NULL PRIMARY KEY,
+  'crypted_password'   VARCHAR(255),
+  'crypted_creditcard' VARCHAR(255),
+  'login'              VARCHAR(50),
+  'type'               VARCHAR(20)
+);

data/test/fixtures/user.rb

@@ -0,0 +1,25 @@
+class User < ActiveRecord::Base
+  generates_crypted :creditcard, :mode => :asymmetric
+  
+  def self.validates_password
+    validates_presence_of :crypted_password
+    validates_presence_of :password, :on => :create
+    validates_length_of :password, :in => 4..40
+  end
+end
+
+class ShaUser < User
+  validates_password
+  validates_confirmation_of :password
+  generates_crypted :password # sha is used by default
+end
+
+class DangerousUser < User # no password confirmation
+# validates_password
+  generates_crypted :password
+end
+
+class SymmetricUser < User
+  validates_password
+  generates_crypted :password, :mode => :symmetric
+end

data/test/fixtures/users.yml

@@ -0,0 +1,11 @@
+user_1:
+  id: 1
+  login: bob
+  crypted_password: "0XlmUuNpE2k=\n"
+  crypted_creditcard: "vYfMxtVB8ezXmQKSNqTC9sPgi8TbsYRxWd7DVbpprzyuEdZ7gftJ/0IXsbXm\nXCU08bTAl0uEFm7dau+eJMXEJg==\n"
+  type: SymmetricUser
+user_2:
+  id: 2
+  login: fred
+  crypted_creditcard: "q2obYAITmK93ylzVS01mJx1jSlnmylMX15nFpb4uKesVgnqvtzBRHZ/SK+Nm\nEzceIoAcJc3DHosVa4VUE/aK/A==\n"
+  

data/test/keys/encrypted_private

@@ -0,0 +1,12 @@
+OBNa1q8kbx8pyZZjIpr/pZV0oulE2czh5JlPW/13XsBvoz+A2zxA9gchhi6c
+3yvfqgcZdojcsep+IiTqeg3gOPB2xNbedpP1lm+9tEfgdb9r1CLzRcURh7Hg
+ufWgyEkS0lloz/YLy4hg9YDKetFNF9fnrk3xVwZPwFVuk4l/Unw1FTXLHsrq
+KG27cR8mvNOow4bk4LVhk/avFSM85m3ITySEnyJsQQDzsI/RrWcQ7Js+8Ynv
+esN51E/T0CYtkMEne2zSaD5qUTJlQ7Qtn4UUeZkpYjn4xQZPxw4OjL6zofg7
+lsqElSv1/qP3QI8aKcQQklVsHRc5AgsxOFX4J6g6lo4kOGOwn0Ex8IRDfOej
+pq4SUDh9IXz+6FBieQrObB/xEsKysVwRSzXre6ObHlPFsigg5ekFPyCv5ZTz
+0iP8+xe/FJRrYdR3r3F5pRkOy0pw9EqlrLjmOx3/fgxhLq8FWmcSBbH3h3SG
+GkJlfHNjF77FTJjnHKzRS+5VpdW4IHbsjL+NlI1z9Ol//czYvSGv85NdJvkq
+PmH3o0+uYdwY5PeSMOPV21nJ3dwiKlm5IMFasL3C5yVJNVTVZTS7vWdcgZ4U
+XfWQ9Y266ibbqXPluv4nxt1+kgjxmPbjPdYrlB5t7a2+unzT3oE3f4VGOG+k
+YqFg0ErHN+fu

data/test/keys/encrypted_public

@@ -0,0 +1,4 @@
+-----BEGIN RSA PUBLIC KEY-----
+MEgCQQCvktJgveIcgTH98hAhMjo0g6/GVMJaYdUh+/zQn4RBWASRmwEfJqggsfKT
+pSNendZQMD8kKS8J1YTBr60ToM25AgMBAAE=
+-----END RSA PUBLIC KEY-----

data/test/keys/private

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOwIBAAJBAL/xeY6aqFx6z1ThNOwgPgxv3tsonTlCj8VkN3Ikumg6SzBuLxlV
+i9gFQZ7K9Pv9o/7+xUTYODqBpVhwgLBeu2cCAwEAAQJAHyjFMfg7Yp/xLndMzxRA
+3mX+yJckRtpeWo31TktWE3syks1r9OrfmxKiStM9kFRubeBHTihZrW92TYkROLxh
+uQIhAPuftVTJZFDNxeYDKIMIMqwR8KZgtuf25cv4pTxYwPqLAiEAw0gNwDJHBkvo
+da4402pZNQmBA6qCSf0svDXqoEoaShUCIGBma340Oe6LJ0pb42Vv+pnZtazIWMq9
+2IQwmn1oM2bJAiEAhgP869mVRIzzi091UCG79tn+4DU0FPLasI+P5VD1mcECIQDb
+3ndvbPcElVvdJgabxyWJJsNtBBNZYPsuc6NrQyShOw==
+-----END RSA PRIVATE KEY-----

data/test/keys/public

@@ -0,0 +1,4 @@
+-----BEGIN RSA PUBLIC KEY-----
+MEgCQQC/8XmOmqhces9U4TTsID4Mb97bKJ05Qo/FZDdyJLpoOkswbi8ZVYvYBUGe
+yvT7/aP+/sVE2Dg6gaVYcICwXrtnAgMBAAE=
+-----END RSA PUBLIC KEY-----

data/test/sha_sentry_test.rb

@@ -0,0 +1,31 @@
+require 'abstract_unit'
+require 'fixtures/user'
+
+class ShaSentryTest < Test::Unit::TestCase
+  def setup
+    Sentry::ShaSentry.salt = 'salt'
+  end
+
+  def test_should_encrypt
+    assert_equal 'f438229716cab43569496f3a3630b3727524b81b', Sentry::ShaSentry.encrypt('test')
+  end
+
+  def test_should_encrypt_with_salt
+    Sentry::ShaSentry.salt = 'different salt'
+    assert_equal '18e3256d71529db8fa65b2eef24a69ddad7070f3', Sentry::ShaSentry.encrypt('test')
+  end
+  
+  def test_should_encrypt_user_password
+    u = ShaUser.new :login => 'bob'
+    u.password = u.password_confirmation = 'test'
+    assert u.save
+    assert u.crypted_password = 'f438229716cab43569496f3a3630b3727524b81b'
+  end
+  
+  def test_should_encrypt_user_password_without_confirmation
+    u = DangerousUser.new :login => 'bob'
+    u.password = 'test'
+    assert u.save
+    assert u.crypted_password = 'f438229716cab43569496f3a3630b3727524b81b'
+  end
+end

data/test/symmetric_sentry_callback_test.rb

@@ -0,0 +1,33 @@
+require 'abstract_unit'
+require 'fixtures/user'
+
+class SymmetricSentryCallbackTest < Test::Unit::TestCase
+  fixtures :users
+  
+  def setup
+    @str = 'sentry'
+    Sentry::SymmetricSentry.default_key = @key = 'secret'
+    @encrypted = "0XlmUuNpE2k=\n"
+  end
+  
+  def test_should_encrypt_user_password
+    u = SymmetricUser.new :login => 'bob'
+    u.password = @str
+    assert u.save
+    assert_equal @encrypted, u.crypted_password
+  end
+  
+  def test_should_decrypted_user_password
+    assert_equal @str, users(:user_1).password
+  end
+  
+  def test_should_return_nil_on_invalid_key
+    Sentry::SymmetricSentry.default_key = 'other secret'
+    assert_nil users(:user_1).password
+  end
+  
+  def test_should_raise_error_on_invalid_key
+    Sentry::SymmetricSentry.default_key = 'other secret'
+    assert_raises(OpenSSL::CipherError) { users(:user_1).password! }
+  end
+end

data/test/symmetric_sentry_test.rb

@@ -0,0 +1,37 @@
+require 'abstract_unit'
+
+class SymmetricSentryTest < Test::Unit::TestCase
+  def setup
+    @str = 'sentry'
+    @key = 'secret'
+    @encrypted = "0XlmUuNpE2k=\n"
+    @sentry = Sentry::SymmetricSentry.new
+    Sentry::SymmetricSentry.default_key = nil
+  end
+  
+  def test_should_encrypt
+    assert_equal @encrypted, @sentry.encrypt_to_base64(@str, @key)
+  end
+  
+  def test_should_decrypt
+    assert_equal @str, @sentry.decrypt_from_base64(@encrypted, @key)
+  end
+
+  def test_should_encrypt_with_default_key
+    Sentry::SymmetricSentry.default_key = @key
+    assert_equal @encrypted, @sentry.encrypt_to_base64(@str)
+  end
+  
+  def test_should_decrypt_with_default_key
+    Sentry::SymmetricSentry.default_key = @key
+    assert_equal @str, @sentry.decrypt_from_base64(@encrypted)
+  end
+
+  def test_should_raise_error_when_encrypt_with_no_key
+    assert_raises(Sentry::NoKeyError) { @sentry.encrypt_to_base64(@str) }
+  end
+
+  def test_should_raise_error_when_decrypt_with_no_key
+    assert_raises(Sentry::NoKeyError) { @sentry.decrypt_from_base64(@str) }
+  end
+end

data/test/tests.rb

@@ -0,0 +1,2 @@
+$:.unshift "../lib"
+Dir["**/*_test.rb"].each { |f| load f }

metadata

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification 
+rubygems_version: 0.8.10
+specification_version: 1
+name: sentry
+version: !ruby/object:Gem::Version 
+  version: 0.2.8
+date: 2005-09-17
+summary: Sentry provides painless encryption services with a wrapper around some OpenSSL classes
+require_paths: 
+  - lib
+email: technoweenie@gmail.com
+homepage: http://techno-weenie.net
+rubyforge_project: 
+description: 
+autorequire: sentry
+default_executable: 
+bindir: bin
+has_rdoc: true
+required_ruby_version: !ruby/object:Gem::Version::Requirement 
+  requirements: 
+    - 
+      - ">"
+      - !ruby/object:Gem::Version 
+        version: 0.0.0
+  version: 
+platform: ruby
+authors: 
+  - Rick Olson
+files: 
+  - lib/active_record
+  - lib/sentry
+  - lib/sentry.rb
+  - lib/active_record/sentry.rb
+  - lib/sentry/asymmetric_sentry.rb
+  - lib/sentry/asymmetric_sentry_callback.rb
+  - lib/sentry/sha_sentry.rb
+  - lib/sentry/symmetric_sentry.rb
+  - lib/sentry/symmetric_sentry_callback.rb
+  - test/abstract_unit.rb
+  - test/asymmetric_sentry_callback_test.rb
+  - test/asymmetric_sentry_test.rb
+  - test/connections
+  - test/fixtures
+  - test/keys
+  - test/sha_sentry_test.rb
+  - test/symmetric_sentry_callback_test.rb
+  - test/symmetric_sentry_test.rb
+  - test/tests.rb
+  - test/connections/native_db2
+  - test/connections/native_mysql
+  - test/connections/native_oci
+  - test/connections/native_postgresql
+  - test/connections/native_sqlite
+  - test/connections/native_sqlite3
+  - test/connections/native_sqlserver
+  - test/connections/native_sqlserver_odbc
+  - test/connections/native_db2/connection.rb
+  - test/connections/native_mysql/connection.rb
+  - test/connections/native_oci/connection.rb
+  - test/connections/native_postgresql/connection.rb
+  - test/connections/native_sqlite/connection.rb
+  - test/connections/native_sqlite3/connection.rb
+  - test/connections/native_sqlserver/connection.rb
+  - test/connections/native_sqlserver_odbc/connection.rb
+  - test/fixtures/activerecord_sentry.sqlite
+  - test/fixtures/activerecord_sentry.sqlite3
+  - test/fixtures/db_definitions
+  - test/fixtures/user.rb
+  - test/fixtures/users.yml
+  - test/fixtures/db_definitions/postgresql.drop.sql
+  - test/fixtures/db_definitions/postgresql.sql
+  - test/fixtures/db_definitions/sqlite.drop.sql
+  - test/fixtures/db_definitions/sqlite.sql
+  - test/keys/encrypted_private
+  - test/keys/encrypted_public
+  - test/keys/private
+  - test/keys/public
+  - README
+  - MIT-LICENSE
+  - CHANGELOG
+  - RUNNING_UNIT_TESTS
+test_files: 
+  - test/tests.rb
+rdoc_options: []
+extra_rdoc_files: []
+executables: []
+extensions: []
+requirements: []
+dependencies: []