trocla 0.2.0 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5013d3c6ab75dc39bbbb5f7c8a77b19f7b5bed1c
-  data.tar.gz: bffc23e9979133c7303c7fde6b4b7a24fe367f8b
+  metadata.gz: 6a30592b5fe0cb877e7020fb82130f82f268092f
+  data.tar.gz: 66ffb4cc0e40748893b4d5252bae9dbc0ab5ef92
 SHA512:
-  metadata.gz: 009e2b762c641a8f10be76d673a3860b98cd3dd91a27b77da5d0775c9312da26f454c1c54a039bc9011d25c6c77dd6813b87007e0a71dcab35839fb09d5a3457
-  data.tar.gz: e873f4ac50bebf1ab00eddb06b3c9cca0040783a46195391f7064cebba0b2c47648454cef391e20831c405ff6280d2354f249050eb5605452f8e1f3f5becbdc7
+  metadata.gz: fd70d9212f4e9c3edf09fd8fcc18b21cb5be10cb1bcd0a0425619d09e9d26102d86fc6a3b298cf53039396f476dc14fd1de28fe52db7285020e4f38bc3fb8717
+  data.tar.gz: 264bbb90b3ee22407c239633d2fe949e9634aab726c13cf10c2b79346ad91add53f6f98f7a8a608b98881e7d4e5d1807a6c1ce3533e65060fddef15b2d35a9ec

data/Gemfile

@@ -27,6 +27,7 @@ group :development do
     gem "rspec", "~> 2.4"
     gem "rdoc", "~> 3.8"
     gem "jeweler", "~> 1.6"
+    gem "addressable", "~> 2.3.8"
   end
   gem 'rspec-pending_for'
 end

data/README.md

@@ -69,6 +69,7 @@ Valid global options are:
 * profiles: a profile name or an array of profiles matching a profile_name in your configuration. Learn more about profiles below.
 * random: boolean - Whether we allow creation of random passwords or we expect a password to be preset. Default: true - or whatever you define in your global settings.
 * expires: An integer indicating the amount of seconds a value (e.g. password) is available. After expiration a value will not be available anymore and trying to `get` this key will return no value (nil). Meaning that calling create after expiration, would create a new password automatically. There is more about expiration in the storage backends section.
+* render: A hash providing flags for formats to render the output specifially. This is a global option, but support depends on a per format basis.
 
 Example:
 
@@ -201,9 +202,16 @@ Additional options are:
                       openssl versions have a bug with [leading dots](https://rt.openssl.org/Ticket/Display.html?id=3562) for name
                       constraints. So using them might not work everywhere as expected.
 
+Output render options are:
+
+    certonly If set to true the x509 format will return only the certificate
+    keyonly  If set to true the x509 format will return only the private key
+
 ## Installation
 
-Simply build and install the gem.
+* Debian has trocla within its sid-release: `apt-get install trocla`
+* For RHEL/CentOS 7 there is a [copr reporisotry](https://copr.fedoraproject.org/coprs/duritong/trocla/). Follow the help there to integrate the repository and install trocla.
+* Trocla is also distributed as gem: `gem install trocla`
 
 ## Configuration
 
@@ -300,6 +308,10 @@ encryption_options:
 
 ## Update & Changes
 
+### to 0.2.1
+
+1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
+
 ### to 0.2.0
 
 1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.

data/ext/redhat/rubygem-trocla.spec

@@ -0,0 +1,114 @@
+# Generated from trocla-0.1.2.gem by gem2rpm -*- rpm-spec -*-
+%global gem_name trocla
+
+Name: rubygem-%{gem_name}
+Version: 0.2.0
+Release: 1%{?dist}
+Summary: Trocla a simple password generator and storage
+Group: Development/Languages
+License: GPLv3
+URL: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
+Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
+Requires: rubygem-moneta
+Requires: rubygem-bcrypt
+Requires: rubygem-highline
+BuildRequires: rubygem-moneta = 0.7.20
+BuildRequires: rubygem-bcrypt
+BuildRequires: rubygem-highline
+BuildRequires: ruby(release)
+BuildRequires: rubygems-devel
+BuildRequires: ruby
+# BuildRequires: rubygem(mocha)
+# BuildRequires: rubygem(rspec) => 2.4
+# BuildRequires: rubygem(rspec) < 3
+# BuildRequires: rubygem(jeweler) => 1.6
+# BuildRequires: rubygem(jeweler) < 2
+BuildArch: noarch
+
+%description
+Trocla helps you to generate random passwords and to store them in various
+formats (plain, MD5, bcrypt) for later retrival.
+
+
+%package doc
+Summary: Documentation for %{name}
+Group: Documentation
+Requires: %{name} = %{version}-%{release}
+BuildArch: noarch
+
+%description doc
+Documentation for %{name}.
+
+%prep
+gem unpack %{SOURCE0}
+
+%setup -q -D -T -n  %{gem_name}-%{version}
+
+gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
+
+%build
+# Create the gem as gem install only works on a gem file
+gem build %{gem_name}.gemspec
+
+# %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
+# by default, so that we can move it into the buildroot in %%install
+%gem_install
+
+%install
+mkdir -p %{buildroot}%{gem_dir}
+cp -a .%{gem_dir}/* \
+        %{buildroot}%{gem_dir}/
+
+
+mkdir -p %{buildroot}%{_bindir}
+mkdir -p %{buildroot}%{_sysconfdir}
+mkdir -p %{buildroot}/%{_sharedstatedir}/%{gem_name}
+touch %{buildroot}/%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+cp -pa .%{_bindir}/* \
+        %{buildroot}%{_bindir}/
+
+chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
+
+cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
+---
+adapter: :YAML
+adapter_options:
+      :file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
+EOF
+
+# Run the test suite
+%check
+pushd .%{gem_instdir}
+
+popd
+
+%files
+%dir %{gem_instdir}
+%{_bindir}/trocla
+%{gem_instdir}/.rspec
+%exclude %{gem_instdir}/.travis.yml
+%exclude %{gem_instdir}/.rspec
+%license %{gem_instdir}/LICENSE.txt
+%{gem_instdir}/bin
+%{gem_libdir}
+%exclude %{gem_cache}
+%{gem_spec}
+%config(noreplace) %{_sysconfdir}/%{gem_name}rc.yaml
+%dir %attr(755, root, root) %{_sharedstatedir}/%{gem_name}
+%config(noreplace) %attr(660, root, root) %{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
+
+%files doc
+%doc %{gem_docdir}
+%doc %{gem_instdir}/.document
+%{gem_instdir}/Gemfile
+%doc %{gem_instdir}/README.md
+%{gem_instdir}/Rakefile
+%{gem_instdir}/spec
+%{gem_instdir}/trocla.gemspec
+
+%changelog
+* Mon Dec 21 2015 mh - 0.2.0-1
+- Release of v0.2.0
+* Sun Jun 21 2015 mh - 0.1.2-1
+- Initial package

data/lib/VERSION

@@ -1,4 +1,4 @@
 major:0
 minor:2
-patch:0
+patch:1
 build:

data/lib/trocla/formats/x509.rb

@@ -49,6 +49,7 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
       raise "Private key for #{subject} creation failed: #{e.message}"
     end
 
+    cert = nil
     if sign_with # certificate signed with CA
       begin
         ca_str = trocla.get_password(sign_with,'x509')
@@ -68,14 +69,12 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
       end
 
       begin
-        csr_cert = mkcert(caserial, request.subject, ca, request.public_key, days, altnames, name_constraints, become_ca)
-        csr_cert.sign(cakey, signature(hash))
+        cert = mkcert(caserial, request.subject, ca, request.public_key, days, altnames, name_constraints, become_ca)
+        cert.sign(cakey, signature(hash))
         addserial(sign_with, caserial)
       rescue Exception => e
         raise "Certificate #{subject} signing failed: #{e.message}"
       end
-
-      key.to_pem + csr_cert.to_pem
     else # self-signed certificate
       begin
         subj = OpenSSL::X509::Name.parse(subject)
@@ -84,12 +83,21 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
       rescue Exception => e
         raise "Self-signed certificate #{subject} creation failed: #{e.message}"
       end
+    end
+    key.to_pem + cert.to_pem
+  end
 
-      key.to_pem + cert.to_pem
+  def render(output,render_options={})
+    if render_options['keyonly']
+      OpenSSL::PKey::RSA.new(output).to_pem
+    elsif render_options['certonly']
+      OpenSSL::X509::Certificate.new(output).to_pem
+    else
+      super(output,render_options)
     end
   end
-  private
 
+  private
   # nice help: https://gist.github.com/mitfik/1922961
 
   def signature(hash = 'sha2')

data/lib/trocla/formats.rb

@@ -5,6 +5,9 @@ class Trocla::Formats
     def initialize(trocla)
       @trocla = trocla
     end
+    def render(output,render_options={})
+      output
+    end
   end
 
   class << self

data/lib/trocla.rb

@@ -35,11 +35,14 @@ class Trocla
     elsif !options['random'] && plain_pwd.nil?
       raise "Password must be present as plaintext if you don't want a random password"
     end
-    set_password(key,format,self.formats(format).format(plain_pwd,options),options)
+    set_password(key,
+      format,
+      self.formats(format).format(plain_pwd,options),
+      options)
   end
 
-  def get_password(key, format)
-    decrypt(store.get(key,format))
+  def get_password(key, format, options={})
+    render(format,decrypt(store.get(key,format)),options)
   end
 
   def reset_password(key,format,options={})
@@ -47,20 +50,20 @@ class Trocla
     password(key,format,options)
   end
 
-  def delete_password(key,format=nil)
+  def delete_password(key,format=nil,options={})
     v = store.delete(key,format)
     if v.is_a?(Hash)
       Hash[*v.map do |f,encrypted_value|
-        [f,decrypt(encrypted_value)]
+        [f,render(format,decrypt(encrypted_value),options)]
       end.flatten]
     else
-      decrypt(v)
+      render(format,decrypt(v),options)
     end
   end
 
   def set_password(key,format,password,options={})
     store.set(key,format,encrypt(password),options)
-    password
+    render(format,password,options)
   end
 
   def formats(format)
@@ -116,6 +119,14 @@ class Trocla
     encryption.decrypt(value)
   end
 
+  def render(format,output,options={})
+    if format && output && f=self.formats(format)
+      f.render(output,options['render']||{})
+    else
+      output
+    end
+  end
+
   def default_config
     require 'yaml'
     YAML.load(File.read(File.expand_path(File.join(File.dirname(__FILE__),'trocla','default_config.yaml'))))

data/spec/trocla/formats/x509_spec.rb

@@ -90,6 +90,17 @@ describe "Trocla::Format::X509" do
       expect(ku).not_to match(/CRL Sign/)
     end
 
+    it 'supports fetching only the key' do
+      cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'keyonly' => true }))
+      expect(cert_str).not_to match(/-----BEGIN CERTIFICATE-----/)
+      expect(cert_str).to match(/-----BEGIN RSA PRIVATE KEY-----/)
+    end
+    it 'supports fetching only the cert' do
+      cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'certonly' => true }))
+      expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)
+      expect(cert_str).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
+    end
+
     it 'does not simply increment the serial' do
       cert_str = @trocla.password('mycert', 'x509', cert_options)
       cert1 = OpenSSL::X509::Certificate.new(cert_str)

data/trocla.gemspec

@@ -2,16 +2,16 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
-# stub: trocla 0.2.0 ruby lib
+# stub: trocla 0.2.1 ruby lib
 
 Gem::Specification.new do |s|
   s.name = "trocla"
-  s.version = "0.2.0"
+  s.version = "0.2.1"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.require_paths = ["lib"]
   s.authors = ["mh"]
-  s.date = "2015-12-21"
+  s.date = "2016-01-27"
   s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival."
   s.email = "mh+trocla@immerda.ch"
   s.executables = ["trocla"]
@@ -28,6 +28,7 @@ Gem::Specification.new do |s|
     "README.md",
     "Rakefile",
     "bin/trocla",
+    "ext/redhat/rubygem-trocla.spec",
     "lib/VERSION",
     "lib/trocla.rb",
     "lib/trocla/default_config.yaml",

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: trocla
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1
 platform: ruby
 authors:
 - mh
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-12-21 00:00:00.000000000 Z
+date: 2016-01-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: moneta
@@ -126,6 +126,7 @@ files:
 - README.md
 - Rakefile
 - bin/trocla
+- ext/redhat/rubygem-trocla.spec
 - lib/VERSION
 - lib/trocla.rb
 - lib/trocla/default_config.yaml