sfn-vault 0.1.1 → 0.1.3

data/lib/sfn-vault/utils.rb

@@ -0,0 +1,56 @@
+require 'sfn-vault'
+
+module SfnVault
+  module Utils
+
+    def vault_client
+      certs = SfnVault::CertificateStore.default_ssl_cert_store
+
+      conf = {
+        address: vault_addr,
+        token: vault_token,
+      }
+      conf.merge!({ssl_ca_path: '/etc/ssl/certs'}) unless SfnVault::Platform.windows?
+      conf.merge!({ssl_cert_store: certs}) if certs
+
+      client = Vault::Client.new(conf)
+      client
+    end
+
+    def vault_addr
+      address = config.fetch(:vault, :vault_addr, ENV['VAULT_ADDR'])
+      if address.nil?
+        ui.error 'Set vault_addr in .sfn or VAULT_ADDR in environment'
+        exit
+      end
+      ui.debug "Vault address is #{address}"
+      address
+    end
+
+    def vault_token
+      token = config.fetch(:vault, :vault_token, ENV['VAULT_TOKEN'])
+      if token.nil?
+        ui.error 'Set :vault_token in .sfn or VAULT_TOKEN in environment'
+        exit
+      end
+      ui.debug "Vault token is #{token}"
+      token
+    end
+
+    # Test write/read/delete operations
+    # to determine if we can save a secret
+    # @param [Vault::Client] client
+    # @return [TrueClass, FalseClass]
+    def vault_writeable?(client)
+      secret = 'cubbyhole/SfnVaultCallbackCheck'
+      value = 'ensure_writeable'
+      if client.logical.write(secret, value: value)
+        read = client.logical.read(test_secret)
+        client.logical.delete(test_secret)
+        if read.data == value
+          return true
+        end
+      end
+    end
+  end
+end

data/lib/sfn-vault/version.rb

@@ -1,3 +1,3 @@
 module SfnVault
-  VERSION = Gem::Version.new('0.1.1')
+  VERSION = Gem::Version.new('0.1.3')
 end

data/lib/sfn-vault/windows.rb

@@ -0,0 +1,10 @@
+require 'sfn-vault'
+
+module SfnVault
+  class Windows
+  end
+end
+
+# if SfnVault::Platform.windows?
+#   require_relative './windows/root_certs'
+# end

data/lib/sfn-vault/windows/root_certs.rb

@@ -0,0 +1,110 @@
+require 'openssl'
+require 'ffi'
+
+# This class abstracts operations with the Windows certificate store and hides
+# ugly ffi functions
+module SfnVault
+  class Windows
+    class RootCerts
+      include Enumerable
+      extend FFI::Library
+
+      typedef :ulong, :dword
+      typedef :uintptr_t, :handle
+
+      def initialize(roots)
+        @roots = roots
+      end
+
+      # Enumerates each root certificate.
+      # @yieldparam cert [OpenSSL::X509::Certificate] each root certificate
+      # @api public
+      def each
+        @roots.each { |cert| yield cert }
+      end
+
+      # Returns a new instance.
+      # @return [TrustedRootsStore::RootCerts] object constructed from current root certificates
+      def self.instance
+        new(load_certs)
+      end
+
+      # Returns an array of root certificates.
+      #
+      # @return [Array<[OpenSSL::X509::Certificate]>] an array of root certificates
+      # @api private
+      # rubocop:disable all
+      def self.load_certs
+        certs = []
+
+        # This is based on a patch submitted to openssl:
+        # http://www.mail-archive.com/openssl-dev@openssl.org/msg26958.html
+        ptr = FFI::Pointer::NULL
+        # This could be smarter and extend FFI usage to enumerate stores
+        # through CertEnumSystemStore:
+        # see: https://msdn.microsoft.com/en-us/library/aa376058(v=vs.85).aspx
+
+        %w(ROOT CA).each do |system_store|
+          store = CertOpenSystemStoreA(nil, system_store)
+          begin
+            while (ptr = CertEnumCertificatesInStore(store, ptr)) and not ptr.null?
+              context = CertContext.new(ptr)
+              cert_buf = context[:pbCertEncoded].read_bytes(context[:cbCertEncoded])
+              begin
+                certs << OpenSSL::X509::Certificate.new(cert_buf)
+              rescue => detail
+                warn("Failed to import certificate: #{detail.inspect} from #{system_store}")
+              end
+            end
+          ensure
+            CertCloseStore(store, 0)
+          end
+        end
+
+        certs
+      end
+      # rubocop:enable all
+
+      private
+
+      # typedef ULONG_PTR HCRYPTPROV_LEGACY;
+      # typedef void *HCERTSTORE;
+      class CertContext < FFI::Struct
+        layout(
+          :dwCertEncodingType, :dword,
+          :pbCertEncoded,      :pointer,
+          :cbCertEncoded,      :dword,
+          :pCertInfo,          :pointer,
+          :hCertStore,         :handle
+        )
+      end
+
+      # HCERTSTORE
+      # WINAPI
+      # CertOpenSystemStoreA(
+      #   __in_opt HCRYPTPROV_LEGACY hProv,
+      #   __in LPCSTR szSubsystemProtocol
+      #   );
+      ffi_lib :crypt32
+      attach_function :CertOpenSystemStoreA, [:pointer, :string], :handle
+
+      # PCCERT_CONTEXT
+      # WINAPI
+      # CertEnumCertificatesInStore(
+      #   __in HCERTSTORE hCertStore,
+      #   __in_opt PCCERT_CONTEXT pPrevCertContext
+      #   );
+      ffi_lib :crypt32
+      attach_function :CertEnumCertificatesInStore, [:handle, :pointer], :pointer
+
+      # BOOL
+      # WINAPI
+      # CertCloseStore(
+      #   __in_opt HCERTSTORE hCertStore,
+      #   __in DWORD dwFlags
+      #   );
+      ffi_lib :crypt32
+      attach_function :CertCloseStore, [:handle, :dword], :bool
+    end
+  end
+end

data/sfn-vault.gemspec

@@ -11,8 +11,10 @@ Gem::Specification.new do |s|
   s.license = 'Apache-2.0'
   s.require_path = 'lib'
   s.add_dependency 'sfn', '>= 3.0', '< 4.0'
-  s.add_dependency 'vault', '~> 0.7.3'
+  s.add_dependency 'vault', '~> 0.9.0'
+  s.add_dependency 'ffi', '~> 1.9.14'
   s.add_development_dependency 'pry', '~> 0.10.4'
-  s.add_development_dependency 'pry-coolline'
+  s.add_development_dependency 'pry-byebug', '~> 3.4', '>= 3.4.2'
+  s.add_development_dependency 'rb-readline', '~> 0.5.3'
   s.files = Dir['{lib,bin,docs}/**/*'] + %w(sfn-vault.gemspec README.md CHANGELOG.md LICENSE)
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sfn-vault
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.1.3
 platform: ruby
 authors:
 - Sean Escriva
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-01-03 00:00:00.000000000 Z
+date: 2017-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sfn
@@ -36,14 +36,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 0.9.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.7.3
+        version: 0.9.0
+- !ruby/object:Gem::Dependency
+  name: ffi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.14
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.9.14
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
@@ -59,19 +73,39 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.10.4
 - !ruby/object:Gem::Dependency
-  name: pry-coolline
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.4'
     - - ">="
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 3.4.2
+- !ruby/object:Gem::Dependency
+  name: rb-readline
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.3
 description: SparkleFormation Vault Callback
 email: sean.escriva@gmail.com
 executables: []
@@ -81,13 +115,15 @@ files:
 - CHANGELOG.md
 - LICENSE
 - README.md
-- bin/coderay
-- bin/generate_sparkle_docs
-- bin/graph
-- bin/pry
-- bin/sfn
 - lib/sfn-vault.rb
+- lib/sfn-vault/callback.rb
+- lib/sfn-vault/certificate_store.rb
+- lib/sfn-vault/inject.rb
+- lib/sfn-vault/platform.rb
+- lib/sfn-vault/utils.rb
 - lib/sfn-vault/version.rb
+- lib/sfn-vault/windows.rb
+- lib/sfn-vault/windows/root_certs.rb
 - sfn-vault.gemspec
 homepage: http://github.com/webframp/sfn-vault
 licenses:
@@ -109,7 +145,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: SparkleFormation Vault Callback

data/bin/coderay

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'coderay' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("coderay", "coderay")

data/bin/generate_sparkle_docs

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'generate_sparkle_docs' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("sparkle_formation", "generate_sparkle_docs")

data/bin/graph

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'graph' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("graph", "graph")

data/bin/pry

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'pry' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("pry", "pry")

data/bin/sfn

@@ -1,17 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-#
-# This file was generated by Bundler.
-#
-# The application 'sfn' is installed as part of a gem, and
-# this file is here to facilitate running it.
-#
-
-require "pathname"
-ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../../Gemfile",
-  Pathname.new(__FILE__).realpath)
-
-require "rubygems"
-require "bundler/setup"
-
-load Gem.bin_path("sfn", "sfn")