stderr-sentry 0.5.4

data/lib/sentry/symmetric_sentry_callback.rb

@@ -0,0 +1,17 @@
+module Sentry
+  class SymmetricSentryCallback
+    def initialize(attr_name)
+      @attr_name = attr_name
+    end
+
+    # Performs encryption on before_validation Active Record callback
+    def before_validation(model)
+      return if model.send(@attr_name).blank?
+      model.send("crypted_#{@attr_name}=", SymmetricSentry.encrypt_to_base64(model.send(@attr_name)))
+    end
+  
+    def after_save(model)
+      model.send("#{@attr_name}=", nil)
+    end
+  end
+end

data/sentry.gemspec

@@ -0,0 +1,82 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = "stderr-sentry"
+  s.version = "0.5.4"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Josh Fenio"]
+  s.date = %q{2010-04-02}
+  s.description = %q{Asymmetric / Symmetric encryption of active record fields}
+  s.email = %q{stderr@truedat.org}
+  s.extra_rdoc_files = [
+    "README"
+  ]
+  s.files = [
+    ".gemspec",
+     ".gitignore",
+     "CHANGELOG",
+     "MIT-LICENSE",
+     "README",
+     "RUNNING_UNIT_TESTS",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/active_record/sentry.rb",
+     "lib/sentry.rb",
+     "lib/sentry/asymmetric_sentry.rb",
+     "lib/sentry/asymmetric_sentry_callback.rb",
+     "lib/sentry/sha_sentry.rb",
+     "lib/sentry/symmetric_sentry.rb",
+     "lib/sentry/symmetric_sentry_callback.rb",
+     "sentry.gemspec",
+     "tasks/sentry.rake",
+     "test/abstract_unit.rb",
+     "test/asymmetric_sentry_callback_test.rb",
+     "test/asymmetric_sentry_test.rb",
+     "test/database.yml",
+     "test/fixtures/user.rb",
+     "test/fixtures/users.yml",
+     "test/keys/encrypted_private",
+     "test/keys/encrypted_public",
+     "test/keys/private",
+     "test/keys/public",
+     "test/rsa_key_test.rb",
+     "test/schema.rb",
+     "test/sha_sentry_test.rb",
+     "test/symmetric_sentry_callback_test.rb",
+     "test/symmetric_sentry_test.rb",
+     "test/tests.rb"
+  ]
+  s.homepage = %q{http://github.com/pivotal/sentry}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{Asymmetric encryption of active record fields}
+  s.test_files = [
+    "test/abstract_unit.rb",
+     "test/asymmetric_sentry_callback_test.rb",
+     "test/asymmetric_sentry_test.rb",
+     "test/fixtures/user.rb",
+     "test/rsa_key_test.rb",
+     "test/schema.rb",
+     "test/sha_sentry_test.rb",
+     "test/symmetric_sentry_callback_test.rb",
+     "test/symmetric_sentry_test.rb",
+     "test/tests.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end
+

data/tasks/sentry.rake

@@ -0,0 +1,9 @@
+require 'sentry'
+
+desc "Creates a private/public key for asymmetric encryption:  rake sentry_key PUB=/path/to/public.key PRIV=/path/to/priv.key [KEY=secret]"
+task :sentry_key do
+  Sentry::AsymmetricSentry.save_random_rsa_key(
+    ENV['PRIV'] || 'private.key', 
+    ENV['PUB']  || 'public.key', 
+    :key => ENV['KEY'])
+end

data/test/abstract_unit.rb

@@ -0,0 +1,44 @@
+$:.unshift(File.dirname(__FILE__) + '/../lib')
+
+require 'rubygems'
+require 'test/unit'
+require 'active_record'
+require 'active_record/fixtures'
+require 'active_support/test_case'
+#require 'active_support/binding_of_caller'
+#require 'active_support/breakpoint'
+require "#{File.dirname(__FILE__)}/../lib/sentry"
+
+config_location = File.dirname(__FILE__) + '/database.yml'
+
+config = YAML::load(IO.read(config_location))
+ActiveRecord::Base.logger = Logger.new(File.dirname(__FILE__) + "/debug.log")
+ActiveRecord::Base.establish_connection(config[ENV['DB'] || 'mysql'])
+ActiveRecord::Base.configurations["test"] = "lolcatz"
+
+load(File.dirname(__FILE__) + "/schema.rb")
+
+class ActiveSupport::TestCase #:nodoc:
+  include ActiveRecord::TestFixtures
+  #def create_fixtures(*table_names)
+  #  if block_given?
+  #    Fixtures.create_fixtures(ActiveSupport::TestCase.fixture_path, table_names) { yield }
+  #  else
+  #    Fixtures.create_fixtures(ActiveSupport::TestCase.fixture_path, table_names)
+  #  end
+  #end
+
+  self.use_instantiated_fixtures  = false
+  self.use_transactional_fixtures = true
+end
+
+def create_fixtures(*table_names, &block)
+  Fixtures.create_fixtures(ActiveSupport::TestCase.fixture_path, table_names, {}, &block)
+end
+
+
+
+ActiveSupport::TestCase.fixture_path = File.dirname(__FILE__) + "/fixtures/"
+ActiveSupport::TestCase.use_instantiated_fixtures = true
+ActiveSupport::TestCase.use_transactional_fixtures = (ENV['AR_TX_FIXTURES'] == "yes")
+$LOAD_PATH.unshift(ActiveSupport::TestCase.fixture_path)

data/test/asymmetric_sentry_callback_test.rb

@@ -0,0 +1,122 @@
+require 'abstract_unit'
+require 'fixtures/user'
+
+class AsymmetricSentryCallbackTest < ActiveSupport::TestCase
+  fixtures :users
+
+  def setup
+    super
+    @str = 'sentry'
+    @key = 'secret'
+    @public_key_file = File.dirname(__FILE__) + '/keys/public'
+    @private_key_file = File.dirname(__FILE__) + '/keys/private'
+    @encrypted_public_key_file = File.dirname(__FILE__) + '/keys/encrypted_public'
+    @encrypted_private_key_file = File.dirname(__FILE__) + '/keys/encrypted_private'
+
+    @orig = 'sentry'
+    Sentry::AsymmetricSentry.default_public_key_file = @public_key_file
+    Sentry::AsymmetricSentry.default_private_key_file = @private_key_file
+    Sentry::SymmetricSentry.default_key = @key
+  end
+
+  def teardown
+    super
+    Sentry.default_key = nil
+  end
+
+  def test_encryption_should_use_default_key_when_present
+    use_encrypted_keys
+
+    assert_nil users(:user_2).creditcard
+    Sentry.default_key = @key
+
+    assert_equal @orig, users(:user_2).creditcard
+  end
+
+  def test_encrypt_for_sentry
+    assert_not_nil User.encrypt_for_sentry("hello")
+  end
+
+  def test_encryption_with_random_padding
+    # system works with unsaved record
+    u = User.new :login => 'jones'
+    u.creditcard = @orig
+    assert_equal @orig, u.creditcard
+    u.save!
+
+    # reload after save and check the decrypt works
+    u = User.find(u.id)
+    assert_equal @orig, u.creditcard
+    original_crypttext = u.crypted_creditcard
+
+    # set to same plaintext
+    u.creditcard = @orig
+    u.save!
+    
+    # expect different crypttext (due to random padding) 
+    assert_not_equal original_crypttext, u.crypted_creditcard
+  end
+
+  def test_should_handle_nils
+    u = User.create :login => 'john'
+    u.creditcard = nil
+    assert u.save
+    assert u.crypted_creditcard.nil?
+    assert u.creditcard.nil?
+  end
+
+  def test_should_encrypt_creditcard
+    u = User.create :login => 'jones'
+    u.creditcard = @orig
+    assert u.save
+    assert !u.crypted_creditcard.empty?
+  end
+
+  def test_should_deal_with_before_typecast
+    u = User.create :login => 'jones'
+    u.creditcard = "123123"
+    assert_equal "123123", u.creditcard_before_type_cast
+    assert u.save
+    u.reload
+    assert_equal "123123", u.creditcard_before_type_cast
+  end
+
+  def test_should_decrypt_creditcard
+    assert_equal @orig, users(:user_1).creditcard
+  end
+
+  def test_should_not_decrypt_encrypted_creditcard_with_invalid_key
+    assert_nil users(:user_2).creditcard
+    assert_nil users(:user_2).creditcard(@key)
+    use_encrypted_keys
+    assert_nil users(:user_1).creditcard
+  end
+
+  def test_should_not_decrypt_encrypted_creditcard
+    use_encrypted_keys
+    assert_nil users(:user_2).creditcard
+    assert_nil users(:user_2).creditcard('other secret')
+  end
+
+  def test_do_encryption
+    use_encrypted_keys
+  end
+
+  def test_should_encrypt_encrypted_creditcard
+    use_encrypted_keys
+    u = User.create :login => 'jones'
+    u.creditcard = @orig
+    assert u.save
+    assert !u.crypted_creditcard.empty?
+  end
+
+  def test_should_decrypt_encrypted_creditcard
+    use_encrypted_keys
+    assert_equal @orig, users(:user_2).creditcard(@key)
+  end
+
+  def use_encrypted_keys
+    Sentry::AsymmetricSentry.default_public_key_file = @encrypted_public_key_file
+    Sentry::AsymmetricSentry.default_private_key_file = @encrypted_private_key_file
+  end
+end

data/test/asymmetric_sentry_test.rb

@@ -0,0 +1,97 @@
+require 'abstract_unit'
+
+class AsymmetricSentryTest < Test::Unit::TestCase
+  def setup
+    Sentry::AsymmetricSentry.default_public_key_file = nil
+    Sentry::AsymmetricSentry.default_private_key_file = nil
+    @str = 'sentry'
+    @key = 'secret'
+    @public_key_file = File.dirname(__FILE__) + '/keys/public'
+    @private_key_file = File.dirname(__FILE__) + '/keys/private'
+    @encrypted_public_key_file = File.dirname(__FILE__) + '/keys/encrypted_public'
+    @encrypted_private_key_file = File.dirname(__FILE__) + '/keys/encrypted_private'
+    @sentry = Sentry::AsymmetricSentry.new
+
+    @orig = 'sentry'
+    @data = "vYfMxtVB8ezXmQKSNqTC9sPgi8TbsYRxWd7DVbpprzyuEdZ7gftJ/0IXsbXm\nXCU08bTAl0uEFm7dau+eJMXEJg==\n"
+    @encrypted_data = "q2obYAITmK93ylzVS01mJx1jSlnmylMX15nFpb4uKesVgnqvtzBRHZ/SK+Nm\nEzceIoAcJc3DHosVa4VUE/aK/A==\n"
+  end
+
+  def test_should_decrypt_files
+    set_key_files @public_key_file, @private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@data)
+  end
+
+  def test_should_decrypt_files_with_encrypted_key
+    set_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_read_key_files
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_key_files @public_key_file, @private_key_file
+  end
+
+  def test_should_read_encrypted_key_files
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_key_files @encrypted_public_key_file, @encrypted_private_key_file
+  end
+
+  def test_should_decrypt_files_with_default_key
+    set_default_key_files @public_key_file, @private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@data)
+  end
+
+  def test_should_decrypt_files_with_default_encrypted_key
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, @sentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_decrypt_block_by_block_for_large_data
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    large_data = "asdf" * 2048
+    encrypted = @sentry.encrypt_large_to_base64(large_data)
+    assert_not_equal large_data, encrypted
+    assert_equal large_data, @sentry.decrypt_large_from_base64(encrypted, @key)
+  end
+
+  def test_should_decrypt_files_with_default_key_using_class_method
+    set_default_key_files @public_key_file, @private_key_file
+    assert_equal @orig, Sentry::AsymmetricSentry.decrypt_from_base64(@data)
+  end
+
+  def test_should_decrypt_files_with_default_encrypted_key_using_class_method
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+    assert_equal @orig, Sentry::AsymmetricSentry.decrypt_from_base64(@encrypted_data, @key)
+  end
+
+  def test_should_read_key_files_with_default_key
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_default_key_files @public_key_file, @private_key_file
+  end
+
+  def test_should_read_encrypted_key_files_with_default_key
+    assert !@sentry.public?
+    assert !@sentry.private?
+    set_default_key_files @encrypted_public_key_file, @encrypted_private_key_file
+  end
+
+  private
+
+  def set_key_files(public_key, private_key)
+    @sentry.public_key_file = public_key
+    @sentry.private_key_file = private_key
+    assert @sentry.private?
+    assert @sentry.public?
+  end
+
+  def set_default_key_files(public_key, private_key)
+    Sentry::AsymmetricSentry.default_public_key_file = public_key
+    Sentry::AsymmetricSentry.default_private_key_file = private_key
+    assert @sentry.private?
+    assert @sentry.public?
+  end
+end

data/test/database.yml

@@ -0,0 +1,18 @@
+sqlite:
+  :adapter: sqlite
+  :dbfile: sentry_plugin.sqlite.db
+sqlite3:
+  :adapter: sqlite3
+  :dbfile: sentry_plugin.sqlite3.db
+postgresql:
+  :adapter: postgresql
+  :username: postgres
+  :password: postgres
+  :database: sentry_plugin_test
+  :min_messages: ERROR
+mysql:
+  :adapter: mysql
+  :host: localhost
+  :username: root
+  :password: password
+  :database: sentry_plugin_test

data/test/fixtures/user.rb

@@ -0,0 +1,26 @@
+class User < ActiveRecord::Base
+  #define_read_methods
+  asymmetrically_encrypts :creditcard
+  
+  #def self.validates_password
+  #  validates_presence_of :password
+  #  validates_presence_of :password, :on => :create
+  #  validates_length_of :password, :in => 4..40
+  #end
+end
+
+#class ShaUser < User
+#  validates_password
+#  validates_confirmation_of :password
+#  generates_crypted :password # sha is used by default
+#end
+#
+#class DangerousUser < User # no password confirmation
+## validates_password
+#  generates_crypted :password
+#end
+#
+#class SymmetricUser < User
+#  validates_password
+#  generates_crypted :password, :mode => :symmetric
+#end

data/test/fixtures/users.yml

@@ -0,0 +1,9 @@
+user_1:
+  id: 1
+  login: bob
+  password: "0XlmUuNpE2k=\n"
+  creditcard: "CBUI2TcYh/ATRB7fYpDBb0t1ifOWPb5jfpO2M8Zy9D/8Gua6/uA+ILHwKtGY\nOgrooPYSxwpBzEZoH18mXqJE7yk=\n"  # "sentry" with 8 characters of prepadding
+user_2:
+  id: 2
+  login: fred
+  creditcard: "CEUx1Ufxi7leQVp0xHhMWKqBcvrb0p3VvX5rqJBXSwddH+Alscs73TEX8Ctn\n9WnV5Ii8txpa20UfM3h5msLpm20=\n"  # "sentry" with 8 different characters of prepadding

data/test/keys/encrypted_private

@@ -0,0 +1,12 @@
+OBNa1q8kbx8pyZZjIpr/pZV0oulE2czh5JlPW/13XsBvoz+A2zxA9gchhi6c
+3yvfqgcZdojcsep+IiTqeg3gOPB2xNbedpP1lm+9tEfgdb9r1CLzRcURh7Hg
+ufWgyEkS0lloz/YLy4hg9YDKetFNF9fnrk3xVwZPwFVuk4l/Unw1FTXLHsrq
+KG27cR8mvNOow4bk4LVhk/avFSM85m3ITySEnyJsQQDzsI/RrWcQ7Js+8Ynv
+esN51E/T0CYtkMEne2zSaD5qUTJlQ7Qtn4UUeZkpYjn4xQZPxw4OjL6zofg7
+lsqElSv1/qP3QI8aKcQQklVsHRc5AgsxOFX4J6g6lo4kOGOwn0Ex8IRDfOej
+pq4SUDh9IXz+6FBieQrObB/xEsKysVwRSzXre6ObHlPFsigg5ekFPyCv5ZTz
+0iP8+xe/FJRrYdR3r3F5pRkOy0pw9EqlrLjmOx3/fgxhLq8FWmcSBbH3h3SG
+GkJlfHNjF77FTJjnHKzRS+5VpdW4IHbsjL+NlI1z9Ol//czYvSGv85NdJvkq
+PmH3o0+uYdwY5PeSMOPV21nJ3dwiKlm5IMFasL3C5yVJNVTVZTS7vWdcgZ4U
+XfWQ9Y266ibbqXPluv4nxt1+kgjxmPbjPdYrlB5t7a2+unzT3oE3f4VGOG+k
+YqFg0ErHN+fu