shhh 1.3.0

data/lib/shhh/app/cli.rb

@@ -0,0 +1,150 @@
+#!/usr/bin/env ruby
+require 'slop'
+require 'shhh'
+require 'colored2'
+require 'yaml'
+require 'openssl'
+require 'shhh/app'
+require 'shhh/errors'
+require 'shhh/app/commands'
+require 'shhh/app/keychain'
+require 'shhh/app/private_key/handler'
+require 'highline'
+
+require_relative 'output/file'
+require_relative 'output/stdout'
+
+module Shhh
+  module App
+    class CLI
+
+      attr_accessor :opts, :output_proc, :print_proc, :write_proc,
+                    :action, :password, :key
+
+      def initialize(argv)
+        begin
+          self.opts = parse(argv.dup)
+        rescue StandardError => e
+          error exception: e
+          return
+        end
+        configure_color(argv)
+        select_output_stream
+        self.action = { opts[:encrypt] => :encr, opts[:decrypt] => :decr }[true]
+      end
+
+      def run
+        return Shhh::App.exit_code if Shhh::App.exit_code != 0
+
+        self.key = PrivateKey::Handler.new(self.opts).key unless opts[:generate]
+
+        return self.output_proc.call(command.run) if command
+
+        # command was not found. Reset output to printing, and return an error.
+        self.output_proc = print_proc
+        command_not_found_error!
+
+      rescue ::OpenSSL::Cipher::CipherError => e
+        error type:      'Cipher Error',
+              details:   e.message,
+              reason:    'Perhaps either the secret is invalid, or encrypted data is corrupt.',
+              exception: e
+
+      rescue Shhh::Errors::InvalidEncodingPrivateKey => e
+        error type:      'Private Key Error',
+              details:   'Private key does not appear to be properly encoded. ',
+              reason:    (opts[:password] ? nil : 'Perhaps the key is password-protected?'),
+              exception: e
+
+      rescue Shhh::Errors::Error => e
+        error type:      'Error',
+              details:   e.message,
+              exception: e
+
+      rescue StandardError => e
+        error exception: e
+      end
+
+      def error(hash)
+        Shhh::App.error(hash.merge(config: (opts ? opts.to_hash : {})))
+      end
+
+      def editor
+        ENV['EDITOR'] || '/bin/vi'
+      end
+
+      def command
+        @command_class ||= Shhh::App::Commands.find_command_class(opts)
+        @command       ||= @command_class.new(self) if @command_class
+      end
+
+      private
+
+      def select_output_stream
+        self.print_proc  = Shhh::App::Output::Stdout.new(self).output_proc
+        self.write_proc  = Shhh::App::Output::File.new(self).output_proc
+        self.output_proc = opts[:output] ? self.write_proc : self.print_proc
+      end
+
+
+      def configure_color(argv)
+        if opts[:no_color]
+          Colored2.disable! # reparse options without the colors to create new help msg
+          self.opts = parse(argv.dup)
+        end
+      end
+
+      def command_not_found_error!
+        if key
+          h             = opts.to_hash
+          supplied_opts = h.keys.select { |k| h[k] }.join(', ')
+          error type:    'Options Error',
+                details: 'Unable to determined what command to run',
+                reason:  "You provided the following options: #{supplied_opts.bold.yellow}"
+          output_proc.call(opts.to_s)
+        else
+          raise Shhh::Errors::NoPrivateKeyFound.new('Private key is required')
+        end
+      end
+
+      def parse(arguments)
+        Slop.parse(arguments) do |o|
+          o.banner = 'Usage:'.bold.yellow
+          o.separator '    shhh [options]'.bold.green
+          o.separator 'Modes:'.bold.yellow
+          o.bool '-h', '--help', '           show help'
+          o.bool '-d', '--decrypt', '           decrypt mode'
+          o.bool '-t', '--edit', '           decrypt, open an encr. file in ' + editor
+          o.separator 'Create a private key:'.bold.yellow
+          o.bool '-g', '--generate', '           generate a new private key'
+          o.bool '-p', '--password', '           encrypt the key with a password'
+          o.bool '-c', '--copy', '           copy the new key to the clipboard'
+          o.separator 'Provide a private key:'.bold.yellow
+          o.bool '-i', '--interactive', '           Paste or type the key interactively'
+          o.string '-k', '--private-key', '[key]   '.bold.blue + '   private key as a string'
+          o.string '-K', '--keyfile', '[key-file]'.bold.blue + ' private key from a file'
+          if Shhh::App.is_osx?
+            o.string '-x', '--keychain', '[key-name] '.bold.blue + 'private key to/from a password entry'
+            o.string '--keychain-del', '[key-name] '.bold.blue + 'delete keychain entry with that name'
+          end
+          o.separator 'Data:'.bold.yellow
+          o.string '-s', '--string', '[string]'.bold.blue + '   specify a string to encrypt/decrypt'
+          o.string '-f', '--file', '[file]  '.bold.blue + '   filename to read from'
+          o.string '-o', '--output', '[file]  '.bold.blue + '   filename to write to'
+          o.bool '-b', '--backup', '           create a backup file in the edit mode'
+          o.separator 'Flags:'.bold.yellow
+          o.bool '-v', '--verbose', '           show additional information'
+          o.bool '-T', '--trace', '           print a backtrace of any errors'
+          o.bool '-E', '--examples', '           show several examples'
+          o.bool '-V', '--version', '           print library version'
+          o.bool '-N', '--no-color', '           disable color output'
+          o.bool '-e', '--encrypt', '           encrypt mode'
+          o.separator ''
+        end
+      rescue StandardError => e
+        error exception: e
+        raise(e)
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/command.rb

@@ -0,0 +1,68 @@
+require 'active_support/inflector'
+module Shhh
+  module App
+    module Commands
+      class Command
+
+        def self.inherited(klass)
+          klass.instance_eval do
+            class << self
+              attr_accessor :required, :incompatible
+
+              def try_after(*dependencies)
+                Shhh::App::Commands.order(self, dependencies)
+              end
+
+              def required_options(*args)
+                self.required ||= Set.new
+                required.merge(args) if args
+                required
+              end
+
+              def incompatible_options(*args)
+                self.incompatible ||= Set.new
+                incompatible.merge(args) if args
+                incompatible
+              end
+
+              def short_name
+                name.split(/::/)[-1].underscore.to_sym
+              end
+
+              def options_satisfied_by?(opts_hash)
+                proc = required_options.find { |option| option.is_a?(Proc) }
+                return true if proc && proc.call(opts_hash)
+                return false if incompatible_options.any? { |option| opts_hash[option] }
+                required_options.to_a.delete_if { |o| o.is_a?(Proc) }.all? { |o|
+                  o.is_a?(Array) ? o.any? { |opt| opts_hash[opt] } : opts_hash[o]
+                }
+              end
+            end
+
+            # Register this command with the global list.
+            Shhh::App::Commands.register klass
+          end
+        end
+
+        attr_accessor :cli
+
+        def initialize(cli)
+          self.cli = cli
+        end
+
+        def opts
+          cli.opts
+        end
+
+        def key
+          @key ||= cli.key
+        end
+
+        def run
+          raise Shhh::Errors::AbstractMethodCalled.new(:run)
+        end
+
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/delete_keychain_item.rb

@@ -0,0 +1,17 @@
+require_relative 'command'
+require 'shhh/app/keychain'
+module Shhh
+  module App
+    module Commands
+      class DeleteKeychainItem < Command
+
+        required_options :keychain_del
+        try_after :generate_key, :open_editor, :encrypt_decrypt
+
+        def run
+          Shhh::App::KeyChain.new(opts[:keychain_del]).delete
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/encrypt_decrypt.rb

@@ -0,0 +1,26 @@
+require_relative 'command'
+module Shhh
+  module App
+    module Commands
+      class EncryptDecrypt < Command
+        include Shhh
+
+        required_options [ :private_key, :keyfile, :keychain, :interactive ],
+                         [ :encrypt, :decrypt ],
+                         [ :file, :string ]
+
+        try_after :generate_key
+
+        def run
+          send(cli.action, content, cli.key)
+        end
+
+        private
+
+        def content
+          @content ||= (opts[:string] || (opts[:file].eql?('-') ? STDIN.read : File.read(opts[:file])))
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/generate_key.rb

@@ -0,0 +1,41 @@
+require_relative 'command'
+require 'shhh/app/keychain'
+module Shhh
+  module App
+    module Commands
+      class GenerateKey < Command
+        include Shhh
+
+        required_options :generate
+
+        def run
+          retries         ||= 0
+          new_private_key = self.class.create_private_key
+
+          if opts[:password]
+            new_private_key = encr_password(new_private_key,
+                                            Shhh::App::Input::Handler.new_password)
+          end
+
+          clipboard_copy(new_private_key) if opts[:copy]
+
+          if opts[:keychain] && Shhh::App.is_osx?
+            Shhh::App::KeyChain.new(opts[:keychain]).add(new_private_key)
+          end
+
+          new_private_key
+        rescue Shhh::Errors::PasswordsDontMatch, Shhh::Errors::PasswordTooShort => e
+          STDERR.puts e.message.bold
+          retry if (retries += 1) < 3
+        end
+
+        private
+
+        def clipboard_copy(key)
+          require 'clipboard'
+          Clipboard.copy(key)
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/open_editor.rb

@@ -0,0 +1,96 @@
+require 'digest'
+require 'fileutils'
+require 'tempfile'
+require 'shhh'
+require 'shhh/errors'
+require_relative 'command'
+module Shhh
+  module App
+    module Commands
+      class OpenEditor < Command
+        include Shhh
+
+        required_options [ :private_key, :keyfile, :keychain, :interactive ],
+                           :edit,
+                           :file
+
+        try_after :generate_key, :encrypt_decrypt
+
+        attr_accessor :tempfile
+
+        def run
+          begin
+            self.tempfile = ::Tempfile.new(::Base64.urlsafe_encode64(opts[:file]))
+            decrypt_content(self.tempfile)
+            result = process launch_editor
+          ensure
+            self.tempfile.close if tempfile
+            self.tempfile.unlink rescue nil
+          end
+          result
+        end
+
+        def launch_editor
+          system("#{cli.editor} #{tempfile.path}")
+        end
+
+        private
+
+        def decrypt_content(file)
+          file.open
+          file.write(content)
+          file.flush
+        end
+
+        def content
+          @content ||= decr(File.read(opts[:file]), key)
+        end
+
+        def timestamp
+          @timestamp ||= Time.now.to_a.select { |d| d.is_a?(Fixnum) }.map { |d| '%02d' % d }[0..-3].reverse.join
+        end
+
+        def process(code)
+          if code == true
+            content_edited = File.read(tempfile.path)
+            md5            = ::Base64.encode64(Digest::MD5.new.digest(content))
+            md5_edited     = ::Base64.encode64(Digest::MD5.new.digest(content_edited))
+            return 'No changes have been made.' if md5 == md5_edited
+
+            FileUtils.cp opts[:file], "#{opts[:file]}.#{timestamp}" if opts[:backup]
+
+            diff = compute_diff
+
+            File.open(opts[:file], 'w') { |f| f.write(encr(content_edited, key)) }
+
+            out = ''
+            if opts[:verbose]
+              out << "Saved encrypted/compressed content to #{opts[:file].bold.blue}" +
+                      " (#{File.size(opts[:file]) / 1024}Kb), unencrypted size #{content.length / 1024}Kb."
+              out << (opts[:backup] ? ",\nbacked up the last version to #{backup_file.bold.blue}." : '.')
+            end
+            out << "\n\nDiff:\n#{diff}"
+            out
+          else
+            raise Shhh::Errors::EditorExitedAbnormally.new("#{cli.editor} exited with #{$<}")
+          end
+        end
+
+        # Computes the diff between two unencrypted versions
+        def compute_diff
+          original_content_file = Tempfile.new(rand(1024).to_s)
+          original_content_file.open
+          original_content_file.write(content)
+          original_content_file.flush
+          diff = `diff #{original_content_file.path} #{tempfile.path}`
+          diff.gsub!(/> (.*\n)/m, '\1'.green)
+          diff.gsub!(/< (.*\n)/m, '\1'.red)
+        ensure
+          original_content_file.close
+          original_content_file.unlink
+          diff
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/print_key.rb

@@ -0,0 +1,18 @@
+require_relative 'command'
+require 'shhh/app/keychain'
+module Shhh
+  module App
+    module Commands
+      class PrintKey < Command
+        include Shhh
+        required_options [ :keychain, :keyfile ]
+
+        try_after :show_examples
+
+        def run
+          cli.key
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/show_examples.rb

@@ -0,0 +1,64 @@
+require 'colored2'
+require_relative 'command'
+module Shhh
+  module App
+    module Commands
+      class ShowExamples < Command
+        required_options :examples
+        try_after :show_help
+
+        def run
+          output = []
+
+          output << example(comment: 'generate a new private key into an environment variable:',
+                            command: 'export KEY=$(shhh -g)',
+                            echo:    'echo $KEY',
+                            result:  '75ngenJpB6zL47/8Wo7Ne6JN1pnOsqNEcIqblItpfg4='.green)
+
+          output << example(comment: 'generate a new password-protected key, copy to the clipboard & save to a file',
+                            command: 'shhh -gpc -o ~/.key',
+                            echo:    'New Password     : ' + '••••••••••'.green,
+                            result:  'Confirm Password : ' + '••••••••••'.green)
+
+          output << example(comment: 'encrypt a plain text string with a key, and save the output to a file',
+                            command: 'shhh -e -s ' + '"secret string"'.bold.yellow + ' -k $KEY -o file.enc',
+                            echo:    'cat file.enc',
+                            result:  'Y09MNDUyczU1S0UvelgrLzV0RTYxZz09CkBDMEw4Q0R0TmpnTm9md1QwNUNy%T013PT0K'.green)
+
+          output << example(comment: 'decrypt a previously encrypted string:',
+                            command: 'shhh -d -s $(cat file.enc) -k $KEY',
+                            result:  'secret string'.green)
+
+          output << example(comment: 'encrypt shhh.yml and save it to shhh.enc:',
+                            command: 'shhh -e -f shhh.yml -o shhh.enc -k $KEY')
+
+          output << example(comment: 'decrypt an encrypted file and print it to STDOUT:',
+                            command: 'shhh -df shhh.enc -k $KEY')
+
+          output << example(comment: 'edit an encrypted file in $EDITOR, ask for key, create a backup',
+                            command: 'shhh -tibf ecrets.enc',
+                            result:  '
+Private Key: ••••••••••••••••••••••••••••••••••••••••••••
+Saved encrypted content to shhh.enc.
+
+Diff:
+3c3
+'.white.dark + '# (c) 2015 Konstantin Gredeskoul.  All rights reserved.'.red.bold  + '
+---' + '
+# (c) 2016 Konstantin Gredeskoul.  All rights reserved.'.green.bold)
+
+          output.flatten.compact.join("\n")
+        end
+
+        def example(comment: nil, command: nil, echo: nil, result: nil)
+          out = []
+          out << "# #{comment}".white.dark.italic if comment
+          out << "#{command}" if command
+          out << "#{echo}" if echo
+          out << "#{result}" if result
+          out << '—'*80
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/show_help.rb

@@ -0,0 +1,16 @@
+require_relative 'command'
+module Shhh
+  module App
+    module Commands
+      class ShowHelp < Command
+
+        required_options :help, ->(opts) { opts.keys.all? { |k| !opts[k] } }
+        try_after :generate_key, :open_editor, :encrypt_decrypt
+
+        def run
+          opts.to_s
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands/show_version.rb

@@ -0,0 +1,14 @@
+require_relative 'command'
+module Shhh
+  module App
+    module Commands
+      class ShowVersion < Command
+        required_options :version
+        try_after :show_help
+        def run
+          "shhh (version #{Shhh::VERSION})"
+        end
+      end
+    end
+  end
+end

data/lib/shhh/app/commands.rb

@@ -0,0 +1,55 @@
+require 'active_support/inflector'
+require 'tsort'
+require 'pp'
+module Shhh
+  module App
+    module Commands
+
+      class DependencyResolver < Hash
+        include TSort
+        alias tsort_each_node each_key
+
+        def tsort_each_child(node, &block)
+          fetch(node).each(&block)
+        end
+      end
+
+      @dependency = DependencyResolver.new
+      @commands = Set.new
+
+      class << self
+        attr_accessor :commands, :dependency
+
+        def register(command_class)
+          self.commands << command_class
+          self.dependency[command_class.short_name] ||= []
+        end
+
+        def order(command_class, after)
+          self.dependency[command_class.short_name].unshift(after) if after
+          self.dependency[command_class.short_name].flatten!
+        end
+
+        def dependencies
+          @dependencies ||= self.dependency.tsort
+          @dependencies
+        end
+
+        # Sort commands based on the #dependencies array, which itself is sorted
+        # based on command dependencies.
+        def sorted_commands
+          @sorted_commands ||= self.commands.to_a.sort_by{|klass| dependencies.index(klass.short_name) }
+          @sorted_commands
+        end
+
+        def find_command_class(opts)
+          self.sorted_commands.each do |command_class|
+            return command_class if command_class.options_satisfied_by?(opts.to_hash)
+          end
+          nil
+        end
+      end
+    end
+  end
+end
+

data/lib/shhh/app/input/handler.rb

@@ -0,0 +1,35 @@
+require 'shhh/errors'
+
+module Shhh
+  module App
+    module Input
+      class Handler
+        def self.ask
+          retries ||= 0
+          prompt('Password: ', :green)
+        rescue ::OpenSSL::Cipher::CipherError
+          STDERR.puts 'Invalid password. Please try again.'
+          retry if (retries += 1) < 3
+          nil
+        end
+
+        def self.prompt(message, color)
+          HighLine.new(STDIN, STDERR).ask(message.bold) { |q| q.echo = '•'.send(color) }
+        end
+
+        def self.new_password
+          password         = prompt('New Password     : ', :blue)
+          password_confirm = prompt('Confirm Password : ', :blue)
+
+          raise Shhh::Errors::PasswordsDontMatch.new(
+            'The passwords you entered do not match.') if password != password_confirm
+
+          raise Shhh::Errors::PasswordTooShort.new(
+            'Minimum length is 7 characters.') if password.length < 7
+
+          password
+        end
+      end
+    end
+  end
+end