trocla 0.4.0 → 0.5.0

data/lib/trocla/formats/x509.rb

@@ -1,8 +1,9 @@
 require 'openssl'
+
+# Trocla::Formats::X509
 class Trocla::Formats::X509 < Trocla::Formats::Base
   expensive true
   def format(plain_password,options={})
-
     if plain_password.match(/-----BEGIN RSA PRIVATE KEY-----.*-----END RSA PRIVATE KEY-----.*-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----/m)
       # just an import, don't generate any new keys
       return plain_password
@@ -11,17 +12,17 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     cn = nil
     if options['subject']
       subject = options['subject']
-      if cna = OpenSSL::X509::Name.parse(subject).to_a.find{|e| e[0] == 'CN' }
+      if cna = OpenSSL::X509::Name.parse(subject).to_a.find { |e| e[0] == 'CN' }
         cn = cna[1]
       end
     elsif options['CN']
       subject = ''
       cn = options['CN']
-      ['C','ST','L','O','OU','CN','emailAddress'].each do |field|
+      ['C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'].each do |field|
         subject << "/#{field}=#{options[field]}" if options[field]
       end
     else
-      raise "You need to pass \"subject\" or \"CN\" as an option to use this format"
+      raise 'You need to pass "subject" or "CN" as an option to use this format'
     end
     hash = options['hash'] || 'sha2'
     sign_with = options['ca']
@@ -33,17 +34,17 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     key_usages = Array(key_usages) if key_usages
 
     altnames = if become_ca || (an = options['altnames']) && Array(an).empty?
-      []
-    else
-      # ensure that we have the CN with us, but only if it
-      # it's like a hostname.
-      # This might have to be improved.
-      if cn.include?(' ')
-        Array(an).collect { |v| "DNS:#{v}" }.join(', ')
-      else
-        (["DNS:#{cn}"] + Array(an).collect { |v| "DNS:#{v}" }).uniq.join(', ')
-      end
-    end
+                 []
+               else
+                 # ensure that we have the CN with us, but only if it
+                 # it's like a hostname.
+                 # This might have to be improved.
+                 if cn.include?(' ')
+                   Array(an).collect { |v| "DNS:#{v}" }.join(', ')
+                 else
+                   (["DNS:#{cn}"] + Array(an).collect { |v| "DNS:#{v}" }).uniq.join(', ')
+                 end
+               end
 
     begin
       key = mkkey(keysize)
@@ -55,7 +56,7 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     cert = nil
     if sign_with # certificate signed with CA
       begin
-        ca_str = trocla.get_password(sign_with,'x509')
+        ca_str = trocla.get_password(sign_with, 'x509')
         ca = OpenSSL::X509::Certificate.new(ca_str)
         cakey = OpenSSL::PKey::RSA.new(ca_str)
         caserial = getserial(sign_with)
@@ -72,8 +73,10 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
       end
 
       begin
-        cert = mkcert(caserial, request.subject, ca, request.public_key, days,
-                        altnames, key_usages, name_constraints, become_ca)
+        cert = mkcert(
+          caserial, request.subject, ca, request.public_key, days,
+          altnames, key_usages, name_constraints, become_ca
+        )
         cert.sign(cakey, signature(hash))
         addserial(sign_with, caserial)
       rescue Exception => e
@@ -82,8 +85,10 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     else # self-signed certificate
       begin
         subj = OpenSSL::X509::Name.parse(subject)
-        cert = mkcert(getserial(subj), subj, nil, key.public_key, days,
-                        altnames, key_usages, name_constraints, become_ca)
+        cert = mkcert(
+          getserial(subj), subj, nil, key.public_key, days,
+          altnames, key_usages, name_constraints, become_ca
+        )
         cert.sign(key, signature(hash))
       rescue Exception => e
         raise "Self-signed certificate #{subject} creation failed: #{e.message}"
@@ -92,7 +97,7 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     key.to_pem + cert.to_pem
   end
 
-  def render(output,render_options={})
+  def render(output, render_options = {})
     if render_options['keyonly']
       OpenSSL::PKey::RSA.new(output).to_pem
     elsif render_options['certonly']
@@ -100,26 +105,26 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     elsif render_options['publickeyonly']
       OpenSSL::PKey::RSA.new(output).public_key.to_pem
     else
-      super(output,render_options)
+      super(output, render_options)
     end
   end
 
   private
-  # nice help: https://gist.github.com/mitfik/1922961
 
+  # nice help: https://gist.github.com/mitfik/1922961
   def signature(hash = 'sha2')
     if hash == 'sha1'
-        OpenSSL::Digest::SHA1.new
+      OpenSSL::Digest::SHA1.new
     elsif hash == 'sha224'
-        OpenSSL::Digest::SHA224.new
+      OpenSSL::Digest::SHA224.new
     elsif hash == 'sha2' || hash == 'sha256'
-        OpenSSL::Digest::SHA256.new
+      OpenSSL::Digest::SHA256.new
     elsif hash == 'sha384'
-        OpenSSL::Digest::SHA384.new
+      OpenSSL::Digest::SHA384.new
     elsif hash == 'sha512'
-        OpenSSL::Digest::SHA512.new
+      OpenSSL::Digest::SHA512.new
     else
-        raise "Unrecognized hash: #{hash}"
+      raise "Unrecognized hash: #{hash}"
     end
   end
 
@@ -127,7 +132,7 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     OpenSSL::PKey::RSA.generate(len)
   end
 
-  def mkreq(subject,public_key)
+  def mkreq(subject, public_key)
     request = OpenSSL::X509::Request.new
     request.subject = subject
     request.public_key = public_key
@@ -135,9 +140,9 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     request
   end
 
-  def mkcert(serial,subject,issuer,public_key,days,altnames, key_usages = nil, name_constraints = [], become_ca = false)
+  def mkcert(serial, subject, issuer, public_key, days, altnames, key_usages = nil, name_constraints = [], become_ca = false)
     cert = OpenSSL::X509::Certificate.new
-    issuer = cert if issuer == nil
+    issuer = cert if issuer.nil?
     cert.subject = subject
     cert.issuer = issuer.subject
     cert.not_before = Time.now
@@ -149,36 +154,36 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
     ef = OpenSSL::X509::ExtensionFactory.new
     ef.subject_certificate = cert
     ef.issuer_certificate = issuer
-    cert.extensions = [ ef.create_extension("subjectKeyIdentifier", "hash") ]
+    cert.extensions = [ef.create_extension('subjectKeyIdentifier', 'hash')]
 
     if become_ca
-      cert.add_extension ef.create_extension("basicConstraints","CA:TRUE", true)
+      cert.add_extension ef.create_extension('basicConstraints', 'CA:TRUE', true)
       unless (ku = key_usages || ca_key_usages).empty?
-        cert.add_extension ef.create_extension("keyUsage", ku.join(', '), true)
+        cert.add_extension ef.create_extension('keyUsage', ku.join(', '), true)
       end
       if name_constraints && !name_constraints.empty?
-        cert.add_extension ef.create_extension("nameConstraints","permitted;DNS:#{name_constraints.join(',permitted;DNS:')}",true)
+        cert.add_extension ef.create_extension('nameConstraints', "permitted;DNS:#{name_constraints.join(',permitted;DNS:')}", true)
       end
     else
-      cert.add_extension ef.create_extension("subjectAltName", altnames, true) unless altnames.empty?
-      cert.add_extension ef.create_extension("basicConstraints","CA:FALSE", true)
+      cert.add_extension ef.create_extension('subjectAltName', altnames, true) unless altnames.empty?
+      cert.add_extension ef.create_extension('basicConstraints', 'CA:FALSE', true)
       unless (ku = key_usages || cert_key_usages).empty?
-        cert.add_extension ef.create_extension("keyUsage", ku.join(', '), true)
+        cert.add_extension ef.create_extension('keyUsage', ku.join(', '), true)
       end
     end
-    cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+    cert.add_extension ef.create_extension('authorityKeyIdentifier', 'keyid:always,issuer:always')
 
     cert
   end
 
   def getserial(ca)
-    newser = Trocla::Util.random_str(20,'hexadecimal').to_i(16)
+    newser = Trocla::Util.random_str(20, 'hexadecimal').to_i(16)
     all_serials(ca).include?(newser) ? getserial(ca) : newser
   end
 
   def all_serials(ca)
-    if allser = trocla.get_password("#{ca}_all_serials",'plain')
-      YAML.load(allser)
+    if allser = trocla.get_password("#{ca}_all_serials", 'plain')
+      YAML.safe_load(allser)
     else
       []
     end
@@ -186,14 +191,17 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
 
   def addserial(ca,serial)
     serials = all_serials(ca) << serial
-    trocla.set_password("#{ca}_all_serials",'plain',YAML.dump(serials))
+    trocla.set_password("#{ca}_all_serials", 'plain', YAML.dump(serials))
   end
 
   def cert_key_usages
     ['nonRepudiation', 'digitalSignature', 'keyEncipherment']
   end
+
   def ca_key_usages
-    ['keyCertSign', 'cRLSign', 'nonRepudiation',
-      'digitalSignature', 'keyEncipherment' ]
+    [
+      'keyCertSign', 'cRLSign', 'nonRepudiation',
+      'digitalSignature', 'keyEncipherment'
+    ]
   end
 end

data/lib/trocla/formats.rb

@@ -1,13 +1,19 @@
-class Trocla::Formats
+# frozen_string_literal: true
 
+# Trocla::Formats
+class Trocla::Formats
+  # Base
   class Base
     attr_reader :trocla
+
     def initialize(trocla)
       @trocla = trocla
     end
-    def render(output,render_options={})
+
+    def render(output, render_options = {})
       output
     end
+
     def expensive?
       self.class.expensive?
     end
@@ -15,6 +21,7 @@ class Trocla::Formats
       def expensive(is_expensive)
         @expensive = is_expensive
       end
+
       def expensive?
         @expensive == true
       end
@@ -27,7 +34,9 @@ class Trocla::Formats
     end
 
     def all
-      Dir[File.expand_path(File.join(File.dirname(__FILE__),'formats','*.rb'))].collect{|f| File.basename(f,'.rb').downcase }
+      Dir[File.expand_path(
+        File.join(File.dirname(__FILE__), 'formats', '*.rb')
+      )].collect { |f| File.basename(f, '.rb').downcase }
     end
 
     def available?(format)
@@ -35,10 +44,11 @@ class Trocla::Formats
     end
 
     private
+
     def formats
       @@formats ||= Hash.new do |hash, format|
         format = format.downcase
-        if File.exists?(path(format))
+        if File.exist?(path(format))
           require "trocla/formats/#{format}"
           hash[format] = (eval "Trocla::Formats::#{format.capitalize}")
         else
@@ -48,7 +58,7 @@ class Trocla::Formats
     end
 
     def path(format)
-      File.expand_path(File.join(File.dirname(__FILE__),'formats',"#{format}.rb"))
+      File.expand_path(File.join(File.dirname(__FILE__), 'formats', "#{format}.rb"))
     end
   end
 end

data/lib/trocla/store.rb

@@ -1,7 +1,8 @@
 # implements the default store behavior
 class Trocla::Store
   attr_reader :store_config, :trocla
-  def initialize(config,trocla)
+
+  def initialize(config, trocla)
     @store_config = config
     @trocla = trocla
   end
@@ -9,14 +10,13 @@ class Trocla::Store
   # closes the store
   # when called do whatever "closes" your
   # store, e.g. close database connections.
-  def close
-  end
+  def close; end
 
   # should return value for key & format
   # returns nil if nothing or a nil value
   # was found.
   # If a key is expired it must return nil.
-  def get(key,format)
+  def get(key, format)
     raise 'not implemented'
   end
 
@@ -33,11 +33,11 @@ class Trocla::Store
   # amount of seconds a key can live with.
   # This mechanism is expected to be
   # be implemented by the backend.
-  def set(key,format,value,options={})
+  def set(key, format, value, options = {})
     if format == 'plain'
-      set_plain(key,value,options)
+      set_plain(key, value, options)
     else
-      set_format(key,format,value,options)
+      set_format(key, format, value, options)
     end
   end
 
@@ -46,30 +46,31 @@ class Trocla::Store
   # returns value of format or hash of
   # format => value # if everything is
   # deleted.
-  def delete(key,format=nil)
-    format.nil? ? (delete_all(key)||{}) : delete_format(key,format)
+  def delete(key, format = nil)
+    format.nil? ? (delete_all(key) || {}) : delete_format(key, format)
   end
 
   # returns all formats for a key
-  def formats(key)
+  def formats(_)
     raise 'not implemented'
   end
 
   # def searches for a key
-  def search(key)
+  def search(_)
     raise 'not implemented'
   end
 
   private
+
   # sets a new plain value
   # *must* invalidate all
   # other formats
-  def set_plain(key,value,options)
+  def set_plain(key, value, options)
     raise 'not implemented'
   end
 
   # sets a value of a format
-  def set_format(key,format,value,options)
+  def set_format(key, format, value, options)
     raise 'not implemented'
   end
 
@@ -77,14 +78,14 @@ class Trocla::Store
   # and returns a hash with all
   # formats and values
   # or nil if nothing is found
-  def delete_all(key)
+  def delete_all(_)
     raise 'not implemented'
   end
 
   # deletes the value of the passed
   # key & format and returns the
   # value.
-  def delete_format(key,format)
+  def delete_format(key, format)
     raise 'not implemented'
   end
 end

data/lib/trocla/stores/memory.rb

@@ -1,12 +1,13 @@
 # a simple in memory store just as an example
 class Trocla::Stores::Memory < Trocla::Store
   attr_reader :memory
-  def initialize(config,trocla)
-    super(config,trocla)
+
+  def initialize(config, trocla)
+    super(config, trocla)
     @memory = Hash.new({})
   end
 
-  def get(key,format)
+  def get(key, format)
     unless expired?(key)
       memory[key][format]
     else
@@ -14,9 +15,10 @@ class Trocla::Stores::Memory < Trocla::Store
       nil
     end
   end
-  def set(key,format,value,options={})
-    super(key,format,value,options)
-    set_expires(key,options['expires'])
+
+  def set(key, format, value, options = {})
+    super(key, format, value, options)
+    set_expires(key, options['expires'])
   end
 
   def formats(key)
@@ -29,25 +31,29 @@ class Trocla::Stores::Memory < Trocla::Store
   end
 
   private
-  def set_plain(key,value,options)
+
+  def set_plain(key, value, _)
     memory[key] = { 'plain' => value }
   end
 
-  def set_format(key,format,value,options)
+  def set_format(key, format, value, _)
     memory[key].merge!({ format => value })
   end
 
   def delete_all(key)
     memory.delete(key)
   end
-  def delete_format(key,format)
+
+  def delete_format(key, format)
     old_val = (h = memory[key]).delete(format)
     h.empty? ? memory.delete(key) : memory[key] = h
     set_expires(key,nil)
     old_val
   end
+
   private
-  def set_expires(key,expires)
+
+  def set_expires(key, expires)
     expires = memory[key]['_expires'] if expires.nil?
     if expires && expires > 0
       memory[key]['_expires'] = expires
@@ -57,6 +63,7 @@ class Trocla::Stores::Memory < Trocla::Store
       memory[key].delete('_expires_at')
     end
   end
+
   def expired?(key)
     memory.key?(key) &&
       (a = memory[key]['_expires_at']).is_a?(Time) && \

data/lib/trocla/stores/moneta.rb

@@ -1,20 +1,22 @@
 # the default moneta based store
 class Trocla::Stores::Moneta < Trocla::Store
   attr_reader :moneta
-  def initialize(config,trocla)
-    super(config,trocla)
+
+  def initialize(config, trocla)
+    super(config, trocla)
     require 'moneta'
     # load expire support by default
-    adapter_options = { :expires => true }.merge(
-                          store_config['adapter_options']||{})
-    @moneta = Moneta.new(store_config['adapter'],adapter_options)
+    adapter_options = {
+      :expires => true
+    }.merge(store_config['adapter_options'] || {})
+    @moneta = Moneta.new(store_config['adapter'], adapter_options)
   end
 
   def close
     moneta.close
   end
 
-  def get(key,format)
+  def get(key, format)
     moneta.fetch(key, {})[format]
   end
 
@@ -25,14 +27,16 @@ class Trocla::Stores::Moneta < Trocla::Store
 
   def search(key)
     raise 'The search option is not available for any adapter other than Sequel or YAML' unless store_config['adapter'] == :Sequel || store_config['adapter'] == :YAML
+
     r = search_keys(key)
     r.empty? ? nil : r
   end
 
   private
-  def set_plain(key,value,options)
+
+  def set_plain(key, value, options)
     h = { 'plain' => value }
-    mo = moneta_options(key,options)
+    mo = moneta_options(key, options)
     if options['expires'] && options['expires'] > 0
       h['_expires'] = options['expires']
     else
@@ -40,24 +44,28 @@ class Trocla::Stores::Moneta < Trocla::Store
       # expires if nothing is set.
       mo[:expires] = false
     end
-    moneta.store(key,h,mo)
+    moneta.store(key, h, mo)
   end
 
-  def set_format(key,format,value,options)
-    moneta.store(key,
-                 moneta.fetch(key,{}).merge({ format => value }),
-                 moneta_options(key,options))
+  def set_format(key, format, value, options)
+    moneta.store(
+      key,
+      moneta.fetch(key, {}).merge({ format => value }),
+      moneta_options(key, options)
+    )
   end
 
   def delete_all(key)
     moneta.delete(key)
   end
-  def delete_format(key,format)
-    old_val = (h = moneta.fetch(key,{})).delete(format)
-    h.empty? ? moneta.delete(key) : moneta.store(key,h,moneta_options(key,{}))
+
+  def delete_format(key, format)
+    old_val = (h = moneta.fetch(key, {})).delete(format)
+    h.empty? ? moneta.delete(key) : moneta.store(key, h, moneta_options(key, {}))
     old_val
   end
-  def moneta_options(key,options)
+
+  def moneta_options(key, options)
     res = {}
     if options.key?('expires')
       res[:expires] = options['expires']
@@ -66,11 +74,13 @@ class Trocla::Stores::Moneta < Trocla::Store
     end
     res
   end
+
   def search_keys(key)
-    _moneta = Moneta.new(store_config['adapter'], (store_config['adapter_options']||{}).merge({ :expires => false }))
+    _moneta = Moneta.new(store_config['adapter'], (store_config['adapter_options'] || {}).merge({ :expires => false }))
     a = []
+
     if store_config['adapter'] == :Sequel
-      keys = _moneta.adapter.backend[:trocla].select_order_map {from_base64(:k)}
+      keys = _moneta.adapter.backend[:trocla].select_order_map { from_base64(:k) }
     elsif store_config['adapter'] == :YAML
       keys = _moneta.adapter.backend.transaction(true) { _moneta.adapter.backend.roots }
     end

data/lib/trocla/stores/vault.rb

@@ -1,18 +1,19 @@
 # the default vault based store
 class Trocla::Stores::Vault < Trocla::Store
-  attr_reader :vault, :mount
-  def initialize(config,trocla)
-    super(config,trocla)
+  attr_reader :vault, :mount, :destroy
+
+  def initialize(config, trocla)
+    super(config, trocla)
     require 'vault'
     @mount = (config.delete(:mount) || 'kv')
+    @destroy = (config.delete(:destroy) || false)
     # load expire support by default
     @vault = Vault::Client.new(config)
   end
 
-  def close
-  end
+  def close; end
 
-  def get(key,format)
+  def get(key, format)
     read(key)[format.to_sym]
   end
 
@@ -20,31 +21,58 @@ class Trocla::Stores::Vault < Trocla::Store
     read(key).keys
   end
 
+  def search(key)
+    arr = key.split('/')
+    regexp = Regexp.new(arr.pop(1)[0].to_s)
+    path = arr.join('/')
+    list = vault.kv(mount).list(path)
+    list.map! do |l|
+      if regexp.match(l)
+        path.empty? ? l : [path, l].join('/')
+      end
+    end
+    list.compact
+  end
+
   private
+
   def read(key)
     k = vault.kv(mount).read(key)
     k.nil? ? {} : k.data
   end
 
-  def write(key, value)
+  def write(key, value, options = {})
+    vault.kv(mount).write_metadata(key, convert_metadata(options)) unless options.empty?
     vault.kv(mount).write(key, value)
   end
 
-  def set_plain(key,value,options)
-    set_format(key,'plain',value,options)
+  def set_plain(key, value, options)
+    set_format(key, 'plain', value, options)
   end
 
-  def set_format(key,format,value,options)
-    write(key, read(key).merge({format.to_sym => value}))
+  def set_format(key, format, value, options)
+    write(
+      key,
+      read(key).merge({ format.to_sym => value }),
+      options
+    )
   end
 
   def delete_all(key)
-    vault.kv(mount).delete(key)
+    destroy ? vault.kv(mount).destroy(key) : vault.kv(mount).delete(key)
   end
 
-  def delete_format(key,format)
+  def delete_format(key, format)
     old = read(key)
-    write(key, old.reject { |k,v| k == format.to_sym })
+    new = old.reject { |k, _| k == format.to_sym }
+    new.empty? ? delete_all(key) : write(key, new)
     old[format.to_sym]
   end
+
+  def convert_metadata(metadatas)
+    metadatas.transform_keys!(&:to_sym)
+    metadatas[:delete_version_after] = metadatas.delete(:expire) if metadatas[:expire]
+    %i[random profiles expires length].each { |k| metadatas.delete(k) }
+    metadatas
+  end
 end

data/lib/trocla/stores.rb

@@ -7,7 +7,7 @@ class Trocla::Stores
     end
 
     def all
-      @all ||= Dir[ path '*' ].collect do |store|
+      @all ||= Dir[path '*'].collect do |store|
         File.basename(store, '.rb').downcase
       end
     end
@@ -17,10 +17,11 @@ class Trocla::Stores
     end
 
     private
+
     def stores
       @@stores ||= Hash.new do |hash, store|
         store = store.to_s.downcase
-        if File.exists?(path(store))
+        if File.exist?(path(store))
           require "trocla/stores/#{store}"
           class_name = "Trocla::Stores::#{store.capitalize}"
           hash[store] = (eval class_name)