travis-encrypt 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 3cc5b08f7b744a0d65048a30fbc106574ca09020
+  data.tar.gz: d305be5fa49e303584418c5f848f6a3a333808a7
+SHA512:
+  metadata.gz: cd83823e74a711d52dd0e2631f32a0124a38bd6758eb39b76943b4a0f23db04ae8422637b2615f38fa606b4855679f89b1e8a59dd1f0cd24209e1983f772eda3
+  data.tar.gz: 7daf90258525aaadabb554da5ed37702117b02e756a98065a7f6125c69ee442be9b8d08971f57195c1236f6658f75f15fc714ee9bba2f37e5c40e9cda02c09f7

data/Gemfile

@@ -0,0 +1,7 @@
+source 'https://rubygems.org'
+
+ruby '2.2.2'
+
+group :test do
+  gem 'rspec'
+end

data/Gemfile.lock

@@ -0,0 +1,23 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    diff-lcs (1.2.5)
+    rspec (3.3.0)
+      rspec-core (~> 3.3.0)
+      rspec-expectations (~> 3.3.0)
+      rspec-mocks (~> 3.3.0)
+    rspec-core (3.3.2)
+      rspec-support (~> 3.3.0)
+    rspec-expectations (3.3.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-mocks (3.3.2)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.3.0)
+    rspec-support (3.3.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  rspec

data/lib/travis/encrypt.rb

@@ -0,0 +1,27 @@
+require 'securerandom'
+require 'base64'
+require 'travis/encrypt/decryptor'
+require 'travis/encrypt/encryptor'
+require 'travis/encrypt/helpers'
+
+module Travis
+  module Encrypt
+    PREFIX = '--ENCR--'
+
+    class << self
+      attr_accessor :key
+
+      def setup(config)
+        self.key = config[:key]
+      end
+
+      def encrypt(string, options)
+        Encryptor.new(string, { key: key }.merge(options)).apply
+      end
+
+      def decrypt(string, options)
+        Decryptor.new(string, { key: key }.merge(options)).apply
+      end
+    end
+  end
+end

data/lib/travis/encrypt/common.rb

@@ -0,0 +1,33 @@
+module Travis
+  module Encrypt
+    module Common
+      def create_aes(mode = :encrypt, key, iv)
+        aes = OpenSSL::Cipher::AES.new(256, :CBC)
+        aes.send(mode)
+        aes.key = key
+        aes.iv  = iv
+        aes
+      end
+
+      def create_iv
+        SecureRandom.hex(8)
+      end
+
+      def add_iv(string, iv)
+        "#{string}#{iv}"
+      end
+
+      def extract_iv(string)
+        [string[-16..-1], string[0..-17]]
+      end
+
+      def encode(str)
+        Base64.strict_encode64(str)
+      end
+
+      def decode(str)
+        Base64.strict_decode64(str)
+      end
+    end
+  end
+end

data/lib/travis/encrypt/decryptor.rb

@@ -0,0 +1,49 @@
+require 'travis/encrypt/common'
+
+module Travis
+  module Encrypt
+    class Decryptor
+      include Common
+
+      attr_reader :string, :key, :options
+
+      def initialize(string, options)
+        @string  = string
+        @key     = options[:key] || fail("Need to pass a key")
+        @options = options || {}
+      end
+
+      def apply?
+        string && (!use_prefix? || prefix_used?)
+      end
+
+      def apply
+        apply? ? decrypt : string
+      end
+
+      private
+
+        def use_prefix?
+          !!options[:use_prefix]
+        end
+
+        def prefix_used?
+          string[0..7] == PREFIX
+        end
+
+        def decrypt
+          string   = self.string
+          string   = string[8..-1] if prefix_used?
+          decoded  = decode(string.to_s)
+          iv, string = extract_iv(decoded)
+
+          # A nil iv most likely means that the decoded string was not encrypted
+          # to begin with, so we return the plain string.
+          return string if iv.nil?
+
+          aes = create_aes(:decrypt, key.to_s, iv)
+          aes.update(string) + aes.final
+        end
+    end
+  end
+end

data/lib/travis/encrypt/encryptor.rb

@@ -0,0 +1,41 @@
+require 'travis/encrypt/common'
+
+module Travis
+  module Encrypt
+    class Encryptor
+      include Common
+
+      attr_reader :string, :key, :options
+
+      def initialize(string, options)
+        @string  = string
+        @key     = options[:key] || fail("Need to pass a key")
+        @options = options || {}
+      end
+
+      def apply?
+        !!string && !string.empty? && !options[:disable] # TODO ask piotr
+      end
+
+      def apply
+        apply? ? encrypt : string
+      end
+
+      private
+
+        def encrypt
+          iv     = create_iv
+          aes    = create_aes(:encrypt, key.to_s, iv)
+          string = aes.update(self.string) + aes.final
+          string = add_iv(string, iv)
+          string = encode(string)
+          string = "#{PREFIX}#{string}" if use_prefix?
+          string
+        end
+
+        def use_prefix?
+          options.key?(:use_prefix) ? !!options[:use_prefix] : true
+        end
+    end
+  end
+end

data/lib/travis/encrypt/helpers.rb

@@ -0,0 +1,18 @@
+require 'travis/encrypt/helpers/active_record'
+require 'travis/encrypt/helpers/sequel'
+
+module Travis
+  module Encrypt
+    module Helpers
+      def encrypt(string, options = {})
+        options[:key] ||= Encrypt.key
+        Encrypt.encrypt(string, options)
+      end
+
+      def decrypt(string, options = {})
+        options[:key] ||= Encrypt.key
+        Encrypt.decrypt(string, options)
+      end
+    end
+  end
+end

data/lib/travis/encrypt/helpers/active_record.rb

@@ -0,0 +1,13 @@
+require 'travis/encrypt/helpers/common'
+
+module Travis
+  module Encrypt
+    module Helpers
+      module ActiveRecord
+        def self.included(base)
+          base.extend(Common::ClassMethods)
+        end
+      end
+    end
+  end
+end

data/lib/travis/encrypt/helpers/common.rb

@@ -0,0 +1,30 @@
+module Travis
+  module Encrypt
+    module Helpers
+      module Common
+        module ClassMethods
+          def attr_encrypted(*names)
+            options = names.last.is_a?(Hash) ? names.pop : {}
+            define_encrypted_accessors(names, options)
+          end
+
+          def define_encrypted_accessors(names, options)
+            names.each do |name|
+              define_encrypted_accessor(name, options)
+            end
+          end
+
+          def define_encrypted_accessor(name, options)
+            define_method(name) do
+              Encrypt.decrypt(self[name], options)
+            end
+
+            define_method(:"#{name}=") do |string|
+              self[name] = Encrypt.encrypt(string, options)
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/travis/encrypt/helpers/sequel.rb

@@ -0,0 +1,31 @@
+require 'travis/encrypt/helpers/common'
+
+module Travis
+  module Encrypt
+    module Helpers
+      module Sequel
+        module ClassMethods
+          def attr_encrypted(*names)
+            options = names.last.is_a?(Hash) ? names.pop : {}
+            super
+            define_encrypted_values(names, options)
+          end
+
+          def define_encrypted_values(names, options)
+            define_method(:values) do
+              super().inject({}) do |values, (name, value)|
+                value = Encrypt.decrypt(value, options) if names.include?(name)
+                values.merge(name => value)
+              end
+            end
+          end
+        end
+
+        def self.included(base)
+          base.extend(Common::ClassMethods)
+          base.extend(ClassMethods)
+        end
+      end
+    end
+  end
+end

data/lib/travis/encrypt/version.rb

@@ -0,0 +1,5 @@
+module Travis
+  module Encrypt
+    VERSION = '0.0.1'
+  end
+end

data/spec/encrypt_spec.rb

@@ -0,0 +1,21 @@
+describe Travis::Encrypt do
+  include described_class::Helpers
+
+  let(:string)    { 'travis' }
+  let(:encrypted) { encrypt(string, options) }
+  let(:decrypted) { decrypt(encrypted, options) }
+  let(:options)   { { key: 'abcd' * 8 } }
+
+  it 'can decrypt an encrypted string' do
+    expect(decrypted).to eql(string)
+  end
+
+  it 'prefixes the encrypted string by default' do
+    expect(encrypted[0..7]).to eql(Travis::Encrypt::PREFIX)
+  end
+
+  it 'does not prefix the encrypted string when opted out' do
+    options[:use_prefix] = false
+    expect(encrypted[0..7]).to_not eql(described_class::PREFIX)
+  end
+end

data/spec/helpers_spec.rb

@@ -0,0 +1,45 @@
+describe Travis::Encrypt::Helpers do
+  subject { const.new }
+  before  { Travis::Encrypt.key = 'abcd' * 8 }
+
+  shared_examples_for 'attributes' do
+    it 'encrypts an attribute' do
+      subject.attr = 'bar'
+      expect(subject.to_h.values.first[0..7]).to eql(Travis::Encrypt::PREFIX)
+    end
+
+    it 'decrypts an encrypted attribute' do
+      subject.attr = 'bar'
+      expect(subject.attr).to eql('bar')
+    end
+  end
+
+  describe described_class::ActiveRecord do
+    let(:const) do
+      Struct.new(:attr) do
+        include Travis::Encrypt::Helpers::ActiveRecord
+        attr_encrypted :attr
+      end
+    end
+
+    include_examples 'attributes'
+  end
+
+  describe described_class::Sequel do
+    let(:const) do
+      Struct.new(:attr) do
+        # Sequel's values method returns a hash of attributes
+        include Module.new { def values; to_h; end }
+        include Travis::Encrypt::Helpers::Sequel
+        attr_encrypted :attr
+      end
+    end
+
+    include_examples 'attributes'
+
+    it 'decrypts an encrypted value' do
+      subject.attr = 'bar'
+      expect(subject.values).to eql(attr: 'bar')
+    end
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'travis/encrypt'

data/travis-encrypt.gemspec

@@ -0,0 +1,19 @@
+# encoding: utf-8
+
+$:.unshift File.expand_path('../lib', __FILE__)
+require 'travis/encrypt/version'
+
+Gem::Specification.new do |s|
+  s.name         = "travis-encrypt"
+  s.version      = Travis::Encrypt::VERSION
+  s.authors      = ["Travis CI"]
+  s.email        = "contact@travis-ci.org"
+  s.homepage     = "https://github.com/travis-ci/travis-encrypt"
+  s.summary      = "Travis CI encryption support"
+  s.description  = "#{s.summary}."
+  s.license      = "MIT"
+
+  s.files        = Dir['{bin/**/*,lib/**/*,spec/**/*,[A-Z]*}']
+  s.platform     = Gem::Platform::RUBY
+  s.require_path = 'lib'
+end

metadata

@@ -0,0 +1,59 @@
+--- !ruby/object:Gem::Specification
+name: travis-encrypt
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Travis CI
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2015-08-26 00:00:00.000000000 Z
+dependencies: []
+description: Travis CI encryption support.
+email: contact@travis-ci.org
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- lib/travis/encrypt.rb
+- lib/travis/encrypt/common.rb
+- lib/travis/encrypt/decryptor.rb
+- lib/travis/encrypt/encryptor.rb
+- lib/travis/encrypt/helpers.rb
+- lib/travis/encrypt/helpers/active_record.rb
+- lib/travis/encrypt/helpers/common.rb
+- lib/travis/encrypt/helpers/sequel.rb
+- lib/travis/encrypt/version.rb
+- spec/encrypt_spec.rb
+- spec/helpers_spec.rb
+- spec/spec_helper.rb
+- travis-encrypt.gemspec
+homepage: https://github.com/travis-ci/travis-encrypt
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Travis CI encryption support
+test_files: []
+has_rdoc: