trocla 0.2.0 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/README.md +13 -1
- data/ext/redhat/rubygem-trocla.spec +114 -0
- data/lib/VERSION +1 -1
- data/lib/trocla/formats/x509.rb +14 -6
- data/lib/trocla/formats.rb +3 -0
- data/lib/trocla.rb +18 -7
- data/spec/trocla/formats/x509_spec.rb +11 -0
- data/trocla.gemspec +4 -3
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a30592b5fe0cb877e7020fb82130f82f268092f
|
4
|
+
data.tar.gz: 66ffb4cc0e40748893b4d5252bae9dbc0ab5ef92
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fd70d9212f4e9c3edf09fd8fcc18b21cb5be10cb1bcd0a0425619d09e9d26102d86fc6a3b298cf53039396f476dc14fd1de28fe52db7285020e4f38bc3fb8717
|
7
|
+
data.tar.gz: 264bbb90b3ee22407c239633d2fe949e9634aab726c13cf10c2b79346ad91add53f6f98f7a8a608b98881e7d4e5d1807a6c1ce3533e65060fddef15b2d35a9ec
|
data/Gemfile
CHANGED
data/README.md
CHANGED
@@ -69,6 +69,7 @@ Valid global options are:
|
|
69
69
|
* profiles: a profile name or an array of profiles matching a profile_name in your configuration. Learn more about profiles below.
|
70
70
|
* random: boolean - Whether we allow creation of random passwords or we expect a password to be preset. Default: true - or whatever you define in your global settings.
|
71
71
|
* expires: An integer indicating the amount of seconds a value (e.g. password) is available. After expiration a value will not be available anymore and trying to `get` this key will return no value (nil). Meaning that calling create after expiration, would create a new password automatically. There is more about expiration in the storage backends section.
|
72
|
+
* render: A hash providing flags for formats to render the output specifially. This is a global option, but support depends on a per format basis.
|
72
73
|
|
73
74
|
Example:
|
74
75
|
|
@@ -201,9 +202,16 @@ Additional options are:
|
|
201
202
|
openssl versions have a bug with [leading dots](https://rt.openssl.org/Ticket/Display.html?id=3562) for name
|
202
203
|
constraints. So using them might not work everywhere as expected.
|
203
204
|
|
205
|
+
Output render options are:
|
206
|
+
|
207
|
+
certonly If set to true the x509 format will return only the certificate
|
208
|
+
keyonly If set to true the x509 format will return only the private key
|
209
|
+
|
204
210
|
## Installation
|
205
211
|
|
206
|
-
|
212
|
+
* Debian has trocla within its sid-release: `apt-get install trocla`
|
213
|
+
* For RHEL/CentOS 7 there is a [copr reporisotry](https://copr.fedoraproject.org/coprs/duritong/trocla/). Follow the help there to integrate the repository and install trocla.
|
214
|
+
* Trocla is also distributed as gem: `gem install trocla`
|
207
215
|
|
208
216
|
## Configuration
|
209
217
|
|
@@ -300,6 +308,10 @@ encryption_options:
|
|
300
308
|
|
301
309
|
## Update & Changes
|
302
310
|
|
311
|
+
### to 0.2.1
|
312
|
+
|
313
|
+
1. New Feature: Introduce a way to render specific formats, mainly this allows you to control the output of a specific format. See the x509 format for more information.
|
314
|
+
|
303
315
|
### to 0.2.0
|
304
316
|
|
305
317
|
1. New feature profiles: Introduce profiles to make it easy to have a default set of properties. See the profiles section for more information.
|
@@ -0,0 +1,114 @@
|
|
1
|
+
# Generated from trocla-0.1.2.gem by gem2rpm -*- rpm-spec -*-
|
2
|
+
%global gem_name trocla
|
3
|
+
|
4
|
+
Name: rubygem-%{gem_name}
|
5
|
+
Version: 0.2.0
|
6
|
+
Release: 1%{?dist}
|
7
|
+
Summary: Trocla a simple password generator and storage
|
8
|
+
Group: Development/Languages
|
9
|
+
License: GPLv3
|
10
|
+
URL: https://tech.immerda.ch/2011/12/trocla-get-hashed-passwords-out-of-puppet-manifests/
|
11
|
+
Source0: https://rubygems.org/gems/%{gem_name}-%{version}.gem
|
12
|
+
Requires: rubygem-moneta
|
13
|
+
Requires: rubygem-bcrypt
|
14
|
+
Requires: rubygem-highline
|
15
|
+
BuildRequires: rubygem-moneta = 0.7.20
|
16
|
+
BuildRequires: rubygem-bcrypt
|
17
|
+
BuildRequires: rubygem-highline
|
18
|
+
BuildRequires: ruby(release)
|
19
|
+
BuildRequires: rubygems-devel
|
20
|
+
BuildRequires: ruby
|
21
|
+
# BuildRequires: rubygem(mocha)
|
22
|
+
# BuildRequires: rubygem(rspec) => 2.4
|
23
|
+
# BuildRequires: rubygem(rspec) < 3
|
24
|
+
# BuildRequires: rubygem(jeweler) => 1.6
|
25
|
+
# BuildRequires: rubygem(jeweler) < 2
|
26
|
+
BuildArch: noarch
|
27
|
+
|
28
|
+
%description
|
29
|
+
Trocla helps you to generate random passwords and to store them in various
|
30
|
+
formats (plain, MD5, bcrypt) for later retrival.
|
31
|
+
|
32
|
+
|
33
|
+
%package doc
|
34
|
+
Summary: Documentation for %{name}
|
35
|
+
Group: Documentation
|
36
|
+
Requires: %{name} = %{version}-%{release}
|
37
|
+
BuildArch: noarch
|
38
|
+
|
39
|
+
%description doc
|
40
|
+
Documentation for %{name}.
|
41
|
+
|
42
|
+
%prep
|
43
|
+
gem unpack %{SOURCE0}
|
44
|
+
|
45
|
+
%setup -q -D -T -n %{gem_name}-%{version}
|
46
|
+
|
47
|
+
gem spec %{SOURCE0} -l --ruby > %{gem_name}.gemspec
|
48
|
+
|
49
|
+
%build
|
50
|
+
# Create the gem as gem install only works on a gem file
|
51
|
+
gem build %{gem_name}.gemspec
|
52
|
+
|
53
|
+
# %%gem_install compiles any C extensions and installs the gem into ./%%gem_dir
|
54
|
+
# by default, so that we can move it into the buildroot in %%install
|
55
|
+
%gem_install
|
56
|
+
|
57
|
+
%install
|
58
|
+
mkdir -p %{buildroot}%{gem_dir}
|
59
|
+
cp -a .%{gem_dir}/* \
|
60
|
+
%{buildroot}%{gem_dir}/
|
61
|
+
|
62
|
+
|
63
|
+
mkdir -p %{buildroot}%{_bindir}
|
64
|
+
mkdir -p %{buildroot}%{_sysconfdir}
|
65
|
+
mkdir -p %{buildroot}/%{_sharedstatedir}/%{gem_name}
|
66
|
+
touch %{buildroot}/%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
|
67
|
+
|
68
|
+
cp -pa .%{_bindir}/* \
|
69
|
+
%{buildroot}%{_bindir}/
|
70
|
+
|
71
|
+
chmod a+x %{buildroot}%{gem_instdir}/bin/%{gem_name}
|
72
|
+
|
73
|
+
cat <<EOF > %{buildroot}/%{_sysconfdir}/%{gem_name}rc.yaml
|
74
|
+
---
|
75
|
+
adapter: :YAML
|
76
|
+
adapter_options:
|
77
|
+
:file: '%{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml'
|
78
|
+
EOF
|
79
|
+
|
80
|
+
# Run the test suite
|
81
|
+
%check
|
82
|
+
pushd .%{gem_instdir}
|
83
|
+
|
84
|
+
popd
|
85
|
+
|
86
|
+
%files
|
87
|
+
%dir %{gem_instdir}
|
88
|
+
%{_bindir}/trocla
|
89
|
+
%{gem_instdir}/.rspec
|
90
|
+
%exclude %{gem_instdir}/.travis.yml
|
91
|
+
%exclude %{gem_instdir}/.rspec
|
92
|
+
%license %{gem_instdir}/LICENSE.txt
|
93
|
+
%{gem_instdir}/bin
|
94
|
+
%{gem_libdir}
|
95
|
+
%exclude %{gem_cache}
|
96
|
+
%{gem_spec}
|
97
|
+
%config(noreplace) %{_sysconfdir}/%{gem_name}rc.yaml
|
98
|
+
%dir %attr(755, root, root) %{_sharedstatedir}/%{gem_name}
|
99
|
+
%config(noreplace) %attr(660, root, root) %{_sharedstatedir}/%{gem_name}/%{gem_name}_data.yaml
|
100
|
+
|
101
|
+
%files doc
|
102
|
+
%doc %{gem_docdir}
|
103
|
+
%doc %{gem_instdir}/.document
|
104
|
+
%{gem_instdir}/Gemfile
|
105
|
+
%doc %{gem_instdir}/README.md
|
106
|
+
%{gem_instdir}/Rakefile
|
107
|
+
%{gem_instdir}/spec
|
108
|
+
%{gem_instdir}/trocla.gemspec
|
109
|
+
|
110
|
+
%changelog
|
111
|
+
* Mon Dec 21 2015 mh - 0.2.0-1
|
112
|
+
- Release of v0.2.0
|
113
|
+
* Sun Jun 21 2015 mh - 0.1.2-1
|
114
|
+
- Initial package
|
data/lib/VERSION
CHANGED
data/lib/trocla/formats/x509.rb
CHANGED
@@ -49,6 +49,7 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
|
|
49
49
|
raise "Private key for #{subject} creation failed: #{e.message}"
|
50
50
|
end
|
51
51
|
|
52
|
+
cert = nil
|
52
53
|
if sign_with # certificate signed with CA
|
53
54
|
begin
|
54
55
|
ca_str = trocla.get_password(sign_with,'x509')
|
@@ -68,14 +69,12 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
|
|
68
69
|
end
|
69
70
|
|
70
71
|
begin
|
71
|
-
|
72
|
-
|
72
|
+
cert = mkcert(caserial, request.subject, ca, request.public_key, days, altnames, name_constraints, become_ca)
|
73
|
+
cert.sign(cakey, signature(hash))
|
73
74
|
addserial(sign_with, caserial)
|
74
75
|
rescue Exception => e
|
75
76
|
raise "Certificate #{subject} signing failed: #{e.message}"
|
76
77
|
end
|
77
|
-
|
78
|
-
key.to_pem + csr_cert.to_pem
|
79
78
|
else # self-signed certificate
|
80
79
|
begin
|
81
80
|
subj = OpenSSL::X509::Name.parse(subject)
|
@@ -84,12 +83,21 @@ class Trocla::Formats::X509 < Trocla::Formats::Base
|
|
84
83
|
rescue Exception => e
|
85
84
|
raise "Self-signed certificate #{subject} creation failed: #{e.message}"
|
86
85
|
end
|
86
|
+
end
|
87
|
+
key.to_pem + cert.to_pem
|
88
|
+
end
|
87
89
|
|
88
|
-
|
90
|
+
def render(output,render_options={})
|
91
|
+
if render_options['keyonly']
|
92
|
+
OpenSSL::PKey::RSA.new(output).to_pem
|
93
|
+
elsif render_options['certonly']
|
94
|
+
OpenSSL::X509::Certificate.new(output).to_pem
|
95
|
+
else
|
96
|
+
super(output,render_options)
|
89
97
|
end
|
90
98
|
end
|
91
|
-
private
|
92
99
|
|
100
|
+
private
|
93
101
|
# nice help: https://gist.github.com/mitfik/1922961
|
94
102
|
|
95
103
|
def signature(hash = 'sha2')
|
data/lib/trocla/formats.rb
CHANGED
data/lib/trocla.rb
CHANGED
@@ -35,11 +35,14 @@ class Trocla
|
|
35
35
|
elsif !options['random'] && plain_pwd.nil?
|
36
36
|
raise "Password must be present as plaintext if you don't want a random password"
|
37
37
|
end
|
38
|
-
set_password(key,
|
38
|
+
set_password(key,
|
39
|
+
format,
|
40
|
+
self.formats(format).format(plain_pwd,options),
|
41
|
+
options)
|
39
42
|
end
|
40
43
|
|
41
|
-
def get_password(key, format)
|
42
|
-
decrypt(store.get(key,format))
|
44
|
+
def get_password(key, format, options={})
|
45
|
+
render(format,decrypt(store.get(key,format)),options)
|
43
46
|
end
|
44
47
|
|
45
48
|
def reset_password(key,format,options={})
|
@@ -47,20 +50,20 @@ class Trocla
|
|
47
50
|
password(key,format,options)
|
48
51
|
end
|
49
52
|
|
50
|
-
def delete_password(key,format=nil)
|
53
|
+
def delete_password(key,format=nil,options={})
|
51
54
|
v = store.delete(key,format)
|
52
55
|
if v.is_a?(Hash)
|
53
56
|
Hash[*v.map do |f,encrypted_value|
|
54
|
-
[f,decrypt(encrypted_value)]
|
57
|
+
[f,render(format,decrypt(encrypted_value),options)]
|
55
58
|
end.flatten]
|
56
59
|
else
|
57
|
-
decrypt(v)
|
60
|
+
render(format,decrypt(v),options)
|
58
61
|
end
|
59
62
|
end
|
60
63
|
|
61
64
|
def set_password(key,format,password,options={})
|
62
65
|
store.set(key,format,encrypt(password),options)
|
63
|
-
password
|
66
|
+
render(format,password,options)
|
64
67
|
end
|
65
68
|
|
66
69
|
def formats(format)
|
@@ -116,6 +119,14 @@ class Trocla
|
|
116
119
|
encryption.decrypt(value)
|
117
120
|
end
|
118
121
|
|
122
|
+
def render(format,output,options={})
|
123
|
+
if format && output && f=self.formats(format)
|
124
|
+
f.render(output,options['render']||{})
|
125
|
+
else
|
126
|
+
output
|
127
|
+
end
|
128
|
+
end
|
129
|
+
|
119
130
|
def default_config
|
120
131
|
require 'yaml'
|
121
132
|
YAML.load(File.read(File.expand_path(File.join(File.dirname(__FILE__),'trocla','default_config.yaml'))))
|
@@ -90,6 +90,17 @@ describe "Trocla::Format::X509" do
|
|
90
90
|
expect(ku).not_to match(/CRL Sign/)
|
91
91
|
end
|
92
92
|
|
93
|
+
it 'supports fetching only the key' do
|
94
|
+
cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'keyonly' => true }))
|
95
|
+
expect(cert_str).not_to match(/-----BEGIN CERTIFICATE-----/)
|
96
|
+
expect(cert_str).to match(/-----BEGIN RSA PRIVATE KEY-----/)
|
97
|
+
end
|
98
|
+
it 'supports fetching only the cert' do
|
99
|
+
cert_str = @trocla.password('mycert', 'x509', cert_options.merge('render' => {'certonly' => true }))
|
100
|
+
expect(cert_str).to match(/-----BEGIN CERTIFICATE-----/)
|
101
|
+
expect(cert_str).not_to match(/-----BEGIN RSA PRIVATE KEY-----/)
|
102
|
+
end
|
103
|
+
|
93
104
|
it 'does not simply increment the serial' do
|
94
105
|
cert_str = @trocla.password('mycert', 'x509', cert_options)
|
95
106
|
cert1 = OpenSSL::X509::Certificate.new(cert_str)
|
data/trocla.gemspec
CHANGED
@@ -2,16 +2,16 @@
|
|
2
2
|
# DO NOT EDIT THIS FILE DIRECTLY
|
3
3
|
# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
|
4
4
|
# -*- encoding: utf-8 -*-
|
5
|
-
# stub: trocla 0.2.
|
5
|
+
# stub: trocla 0.2.1 ruby lib
|
6
6
|
|
7
7
|
Gem::Specification.new do |s|
|
8
8
|
s.name = "trocla"
|
9
|
-
s.version = "0.2.
|
9
|
+
s.version = "0.2.1"
|
10
10
|
|
11
11
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
12
12
|
s.require_paths = ["lib"]
|
13
13
|
s.authors = ["mh"]
|
14
|
-
s.date = "
|
14
|
+
s.date = "2016-01-27"
|
15
15
|
s.description = "Trocla helps you to generate random passwords and to store them in various formats (plain, MD5, bcrypt) for later retrival."
|
16
16
|
s.email = "mh+trocla@immerda.ch"
|
17
17
|
s.executables = ["trocla"]
|
@@ -28,6 +28,7 @@ Gem::Specification.new do |s|
|
|
28
28
|
"README.md",
|
29
29
|
"Rakefile",
|
30
30
|
"bin/trocla",
|
31
|
+
"ext/redhat/rubygem-trocla.spec",
|
31
32
|
"lib/VERSION",
|
32
33
|
"lib/trocla.rb",
|
33
34
|
"lib/trocla/default_config.yaml",
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: trocla
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- mh
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2016-01-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: moneta
|
@@ -126,6 +126,7 @@ files:
|
|
126
126
|
- README.md
|
127
127
|
- Rakefile
|
128
128
|
- bin/trocla
|
129
|
+
- ext/redhat/rubygem-trocla.spec
|
129
130
|
- lib/VERSION
|
130
131
|
- lib/trocla.rb
|
131
132
|
- lib/trocla/default_config.yaml
|