RubyGems - ubiq-security - Versions diffs - 1.0.0 → 1.0.1 - Mend

ubiq-security 1.0.0 → 1.0.1

Files changed (11) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 20d4dacbe17d8162ab7d308069b82e2b54b89cf7a7253763919742ef350597e3
-  data.tar.gz: 370015b19528bc6a81678e3b0f7f270b0524b6309f23dc6087d04256edad1e27
+  metadata.gz: a7988726fc44204d81c5fd65b343c14d34ff24e2fc6883b6fed4acdfc71afb98
+  data.tar.gz: c22cc110f282e5b93dd42fe49be499a1dff208d6fce0726329499a5b0b0fb93a
 SHA512:
-  metadata.gz: 7ed8203d50dbe828d649af7decc40f300f1b2b5d74e912db9119e84444c840dc45a8fcc1c8e0b3fa49a8d7a6ebf73fbb9ce935e7244c1669d9d072af61674c52
-  data.tar.gz: ddd4e2690d2d47a737fda60d53524d9b57eec456410f14f5e4a56cb61e447e632f6c7a70bc0cc2dfc5126b95191df739dd6484089e07e6126f2d848989b28841
+  metadata.gz: 91e17a9b5b5d52dc2f107585884bdda8e3a12cf2e405329b5204835ac28a9dd416bd044fc0fb530e6b43382d1ec6ecc9b0b9771b4317744fcfef6ae7bd9b9757
+  data.tar.gz: a428124dc92b6b956a8f5be93d19e00bc4541144894b73f3ee692f6db22bb8514e2be77f8977b140ed04f8f0ed3504d20523c5bec1d5f08399dda4654218afcc

data/README.md CHANGED

@@ -7,7 +7,7 @@ to encrypt and decrypt data
 ## Documentation
-See the [Ruby API docs](https://ubiqsecurity.com/docs/api?lang=ruby).
+See the [Ruby API docs][apidocs].
@@ -78,8 +78,7 @@ credentials = Credentials(access_key_id = "...", secret_signing_key = "...", sec
 ### Encrypt a simple block of data
-Pass credentials and data into the encryption function.  The encrypted data
-will be returned.
+Pass credentials and data into the encryption function.  The encrypted data will be returned.
 ```ruby
@@ -92,8 +91,7 @@ encrypted_data = encrypt(credentials, plaintext_data)
 ### Decrypt a simple block of data
-Pass credentials and encrypted data into the decryption function.  The plaintext data
-will be returned.
+Pass credentials and encrypted data into the decryption function.  The plaintext data will be returned.
 ```ruby
 require "ubiq-security"
@@ -183,6 +181,6 @@ BLOCK_SIZE = 1024 * 1024
 [gem]: https://rubygems.org/gems/uniq-security
 [dashboard]:https://dev.ubiqsecurity.com/docs/dashboard
 [credentials]:https://dev.ubiqsecurity.com/docs/how-to-create-api-keys
+[apidocs]:https://dev.ubiqsecurity.com/docs/api

data/lib/ubiq-security.rb CHANGED

@@ -13,10 +13,9 @@
 #
 #     https://ubiqsecurity.com/legal
-require "ubiq/version"
-require "ubiq/encrypt"
-require "ubiq/decrypt"
-require "ubiq/credentials"
+# frozen_string_literal: true
+require 'ubiq/version'
+require 'ubiq/encrypt'
+require 'ubiq/decrypt'
+require 'ubiq/credentials'

data/lib/ubiq/algo.rb CHANGED

@@ -14,56 +14,60 @@
 #     https://ubiqsecurity.com/legal
 #
-require "active_support/all"
+# frozen_string_literal: true
+require 'active_support/all'
 require 'openssl'
 module Ubiq
+  # Class to provide some basic information mapping between an
+  # encryption algorithm name and the cooresponding
+  # key size, initialization vector length, and tag
+  class Algo
+    def set_algo
+      @algorithm = {
+        'aes-256-gcm' => {
+          id: 0,
+          algorithm: OpenSSL::Cipher::AES256,
+          mode: OpenSSL::Cipher::AES256.new(:GCM),
+          key_length: 32,
+          iv_length: 12,
+          tag_length: 16
+        }
+      }
+    end
-class Algo
+    def get_algo(name)
+      set_algo[name]
+    end
-  def set_algo
-    @algorithm = {
-      "aes-256-gcm"=>{
-        id:0,
-        algorithm: OpenSSL::Cipher::AES256,
-        mode: OpenSSL::Cipher::AES256.new(:GCM),
-        key_length: 32,
-        iv_length: 12,
-        tag_length: 16
-      },
-    }
-  end
+    def encryptor(obj, key, iv = nil)
+      # key : A byte string containing the key to be used with this encryption
+      # If the caller specifies the initialization vector, it must be
+      # the correct length and, if so, will be used. If it is not
+      # specified, the function will generate a new one
-  def get_algo(name)
-    set_algo[name]
-  end
+      raise RuntimeError, 'Invalid key length' if key.length != obj[:key_length]
-  def encryptor(obj,key, iv=nil)
-    # key : A byte string containing the key to be used with this encryption
-    # If the caller specifies the initialization vector, it must be
-    # the correct length and, if so, will be used. If it is not
-    # specified, the function will generate a new one
+      raise RuntimeError, 'Invalid initialization vector length' if !iv.nil? && iv.length != obj[:iv_length]
-    cipher = obj[:mode]
-    raise RuntimeError, 'Invalid key length' if key.length != obj[:key_length]
+      cipher = obj[:mode]
+      cipher.encrypt
+      cipher.key = key
+      iv = cipher.random_iv
+      return cipher, iv
+    end
-    raise RuntimeError, 'Invalid initialization vector length' if (iv!= nil and iv.length != obj[:iv_length])
-    cipher.encrypt
-    cipher.key = key
-    iv = cipher.random_iv
-    return cipher, iv
-  end
+    def decryptor(obj, key, iv)
+      raise RuntimeError, 'Invalid key length' if key.length != obj[:key_length]
-  def decryptor(obj, key, iv)
-    cipher = obj[:mode]
-    raise RuntimeError, 'Invalid key length' if key.length != obj[:key_length]
+      raise RuntimeError, 'Invalid initialization vector length' if !iv.nil? && iv.length != obj[:iv_length]
-    raise RuntimeError, 'Invalid initialization vector length' if (iv!= nil and iv.length != obj[:iv_length])
-    cipher = obj[:mode]
-    cipher.decrypt
-    cipher.key = key
-    cipher.iv = iv
-    return cipher
+      cipher = obj[:mode]
+      cipher.decrypt
+      cipher.key = key
+      cipher.iv = iv
+      return cipher
+    end
   end
 end
-end

data/lib/ubiq/auth.rb CHANGED

@@ -13,87 +13,88 @@
 #
 #     https://ubiqsecurity.com/legal
 #
-require "active_support/all"
-module Ubiq
+# frozen_string_literal: true
+require 'active_support/all'
-class Auth
+module Ubiq
   # HTTP Authentication for the Ubiq Platform
   # This module implements HTTP authentication for the Ubiq platform
   # via message signing as described by the IETF httpbis-message-signatures
   # draft specification.
-  def self.build_headers(papi, sapi, endpoint, query, host, http_method)
-    # This function calculates the signature for the message, adding the Signature header
-    # to contain the data. Certain HTTP headers are required for
-    # signature calculation and will be added by this code as
-    # necessary. The constructed headers object is returned
-    # the '(request-target)' is part of the signed data.
-    # it's value is 'http_method path?query'
-    reqt = "#{http_method} #{endpoint}"
-    # The time at which the signature was created expressed as the unix epoch
-    created = Time.now.to_i
-    # the Digest header is always included/overridden by
-    # this code. it is a hash of the body of the http message
-    # and is always present even if the body is empty
-    hash_sha512 = OpenSSL::Digest::SHA512.new
-    hash_sha512 << JSON.dump(query)
-    digest = 'SHA-512='+Base64.strict_encode64(hash_sha512.digest)
-    # Initialize the headers object to be returned via this method
-    all_headers = {}
-    # The content type of request
-    all_headers['content-type'] = 'application/json'
-    # The request target calculated above(reqt)
-    all_headers['(request-target)'] = reqt
-    # The date and time in GMT format
-    all_headers['date'] = get_date
-    # The host specified by the caller
-    all_headers['host'] = get_host(host)
-    all_headers['(created)'] = created
-    all_headers['digest'] = digest
-    headers = ['content-type', 'date', 'host', '(created)', '(request-target)', 'digest']
-    # include the specified headers in the hmac calculation. each
-    # header is of the form 'header_name: header value\n'
-    # included headers are also added to an ordered list of headers
-    # which is included in the message
-    hmac = OpenSSL::HMAC.new(sapi, OpenSSL::Digest::SHA512.new)
-    headers.each do |header|
-      if all_headers.key?(header)
-        hmac << "#{header}: #{all_headers[header]}\n"
+  class Auth
+    def self.build_headers(papi, sapi, endpoint, query, host, http_method)
+      # This function calculates the signature for the message, adding the Signature header
+      # to contain the data. Certain HTTP headers are required for
+      # signature calculation and will be added by this code as
+      # necessary. The constructed headers object is returned
+      # the '(request-target)' is part of the signed data.
+      # it's value is 'http_method path?query'
+      reqt = "#{http_method} #{endpoint}"
+      # The time at which the signature was created expressed as the unix epoch
+      created = Time.now.to_i
+      # the Digest header is always included/overridden by
+      # this code. it is a hash of the body of the http message
+      # and is always present even if the body is empty
+      hash_sha512 = OpenSSL::Digest::SHA512.new
+      hash_sha512 << JSON.dump(query)
+      digest = 'SHA-512=' + Base64.strict_encode64(hash_sha512.digest)
+      # Initialize the headers object to be returned via this method
+      all_headers = {}
+      # The content type of request
+      all_headers['content-type'] = 'application/json'
+      # The request target calculated above(reqt)
+      all_headers['(request-target)'] = reqt
+      # The date and time in GMT format
+      all_headers['date'] = get_date
+      # The host specified by the caller
+      all_headers['host'] = get_host(host)
+      all_headers['(created)'] = created
+      all_headers['digest'] = digest
+      headers = ['content-type', 'date', 'host', '(created)', '(request-target)', 'digest']
+      # include the specified headers in the hmac calculation. each
+      # header is of the form 'header_name: header value\n'
+      # included headers are also added to an ordered list of headers
+      # which is included in the message
+      hmac = OpenSSL::HMAC.new(sapi, OpenSSL::Digest::SHA512.new)
+      headers.each do |header|
+        if all_headers.key?(header)
+          hmac << "#{header}: #{all_headers[header]}\n"
+        end
       end
-    end
-    all_headers.delete('(created)')
-    all_headers.delete('(request-target)')
-    all_headers.delete('host')
-    # Build the Signature header itself
-    all_headers['signature']  = 'keyId="' + papi + '"'
-    all_headers['signature'] += ', algorithm="hmac-sha512"'
-    all_headers['signature'] += ', created=' + created.to_s
-    all_headers['signature'] += ', headers="' + headers.join(" ") + '"'
-    all_headers['signature'] += ', signature="'
-    all_headers['signature'] += Base64.strict_encode64(hmac.digest)
-    all_headers['signature'] += '"'
-    return all_headers
-  end
+      all_headers.delete('(created)')
+      all_headers.delete('(request-target)')
+      all_headers.delete('host')
+      # Build the Signature header itself
+      all_headers['signature']  = 'keyId="' + papi + '"'
+      all_headers['signature'] += ', algorithm="hmac-sha512"'
+      all_headers['signature'] += ', created=' + created.to_s
+      all_headers['signature'] += ', headers="' + headers.join(' ') + '"'
+      all_headers['signature'] += ', signature="'
+      all_headers['signature'] += Base64.strict_encode64(hmac.digest)
+      all_headers['signature'] += '"'
+      return all_headers
+    end
-  def self.get_host(host)
-    uri = URI(host)
-    return "#{uri.hostname}:#{uri.port}"
-  end
+    def self.get_host(host)
+      uri = URI(host)
+      return "#{uri.hostname}:#{uri.port}"
+    end
-  def self.get_date
-    DateTime.now.in_time_zone('GMT').strftime("%a, %d %b %Y") + " " + DateTime.now.in_time_zone('GMT').strftime("%H:%M:%S") + " GMT"
+    def self.get_date
+      DateTime.now.in_time_zone('GMT').strftime('%a, %d %b %Y') + ' ' +
+        DateTime.now.in_time_zone('GMT').strftime('%H:%M:%S') + ' GMT'
+    end
   end
-end
 end

data/lib/ubiq/credentials.rb CHANGED

@@ -13,93 +13,103 @@
 #
 #     https://ubiqsecurity.com/legal
 #
+# frozen_string_literal: true
 require 'configparser'
 require 'rb-readline'
 require 'byebug'
 module Ubiq
+  # Access Credentials used by the library to validate service calls
+  class CredentialsInfo
+    def initialize(access_key_id, secret_signing_key, secret_crypto_access_key, host)
+      @access_key_id = access_key_id
+      @secret_signing_key = secret_signing_key
+      @secret_crypto_access_key = secret_crypto_access_key
+      @host = host
+    end
-class CredentialsInfo
-  def initialize(access_key_id, secret_signing_key, secret_crypto_access_key, host)
-    @access_key_id = access_key_id
-    @secret_signing_key = secret_signing_key
-    @secret_crypto_access_key = secret_crypto_access_key
-    @host = host
-  end
-  def set_attributes
-    return OpenStruct.new(access_key_id: @access_key_id, secret_signing_key: @secret_signing_key, secret_crypto_access_key: @secret_crypto_access_key, host: @host)
-  end
-end
-class ConfigCredentials < CredentialsInfo
-  def initialize(config_file, profile)
-    # If config file is not found
-    if config_file != nil and !File.exists?(config_file)
-      raise RuntimeError, "Unable to open config file #{config_file} or contains missing values"
+    def set_attributes
+      return OpenStruct.new(
+        access_key_id: @access_key_id,
+        secret_signing_key: @secret_signing_key,
+        secret_crypto_access_key: @secret_crypto_access_key,
+        host: @host
+        )
     end
+  end
-    if config_file == nil
-      config_file = "~/.ubiq/credentials"
+  # Class to load a credentials file or the default
+  # and read the credentials from either a supplied
+  # profile or use the default
+  class ConfigCredentials < CredentialsInfo
+    def initialize(config_file, profile)
+      # If config file is not found
+      if !config_file.nil? && !File.exist?(config_file)
+        raise RuntimeError, "Unable to open config file #{config_file} or contains missing values"
+      end
+      if config_file.nil?
+        config_file = '~/.ubiq/credentials'
+      end
+      # If config file is found
+      if File.exist?(File.expand_path(config_file))
+        @creds = load_config_file(config_file, profile)
+      end
     end
-    # If config file is found
-    if File.exists?(File.expand_path(config_file))
-      @creds = load_config_file(config_file, profile)
+    def get_attributes
+      return @creds
     end
-  end
-  def get_attributes
-    return @creds
-  end
+    def load_config_file(file, profile)
+      config = ConfigParser.new(File.expand_path(file))
-  def load_config_file(file, profile)
-    config = ConfigParser.new(File.expand_path(file))
+      # Create empty dictionaries for the default and supplied profile
+      p = {}
+      d = {}
-    # Create empty dictionaries for the default and supplied profile
-    p = {}
-    d = {}
+      # get the default profile if there is one
+      if config['default'].present?
+        d = config['default']
+      end
-    # get the default profile if there is one
-    if config['default'].present?
-      d = config['default']
-    end
+      # get the supplied profile if there is one
+      if config[profile].present?
+        p = config[profile]
+      end
-    # get the supplied profile if there is one
-    if config[profile].present?
-      p = config[profile]
-    end
+      # Use given profile if it is available, otherwise use default.
+      access_key_id = p.key?('ACCESS_KEY_ID') ? p['ACCESS_KEY_ID'] : d['ACCESS_KEY_ID']
+      secret_signing_key = p.key?('SECRET_SIGNING_KEY') ? p['SECRET_SIGNING_KEY'] : d['SECRET_SIGNING_KEY']
+      secret_crypto_access_key = p.key?('SECRET_CRYPTO_ACCESS_KEY') ? p['SECRET_CRYPTO_ACCESS_KEY'] : d['SECRET_CRYPTO_ACCESS_KEY']
+      host = p.key?('SERVER') ? p['SERVER'] : d['SERVER']
-    # Use given profile if it is available, otherwise use default.
-    access_key_id = p.key?('ACCESS_KEY_ID') ? p['ACCESS_KEY_ID'] : d['ACCESS_KEY_ID']
-    secret_signing_key = p.key?('SECRET_SIGNING_KEY') ? p['SECRET_SIGNING_KEY'] : d['SECRET_SIGNING_KEY']
-    secret_crypto_access_key = p.key?('SECRET_CRYPTO_ACCESS_KEY') ? p['SECRET_CRYPTO_ACCESS_KEY'] : d['SECRET_CRYPTO_ACCESS_KEY']
-    host = p.key?('SERVER') ? p['SERVER'] : d['SERVER']
+      # If the provided host does not contain http protocol then add to it
+      if !host.include?('http://') && !host.include?('https://')
+        host = 'https://' + host
+      end
-    # If the provided host does not contain http protocol then add to it
-    if !host.include?('http://') and !host.include?('https://')
-      host = 'https://' + host
+      return CredentialsInfo.new(access_key_id, secret_signing_key, secret_crypto_access_key, host).set_attributes
     end
-    return CredentialsInfo.new(access_key_id, secret_signing_key, secret_crypto_access_key, host).set_attributes
   end
-end
-class Credentials < CredentialsInfo
-  def initialize(papi, sapi, srsa, host)
-    @access_key_id = papi.present? ? papi : ENV['UBIQ_ACCESS_KEY_ID']
-    @secret_signing_key = sapi.present? ? sapi : ENV['UBIQ_SECRET_SIGNING_KEY']
-    @secret_crypto_access_key = srsa.present? ? srsa : ENV['UBIQ_SECRET_CRYPTO_ACCESS_KEY']
-    @host = host.present? ? host : ENV['UBIQ_SERVER']
-  end
+  # Class where the credentials can be explicitly set or
+  # will use the Environment variables instead
+  class Credentials < CredentialsInfo
+    def initialize(papi, sapi, srsa, host)
+      @access_key_id = papi.present? ? papi : ENV['UBIQ_ACCESS_KEY_ID']
+      @secret_signing_key = sapi.present? ? sapi : ENV['UBIQ_SECRET_SIGNING_KEY']
+      @secret_crypto_access_key = srsa.present? ? srsa : ENV['UBIQ_SECRET_CRYPTO_ACCESS_KEY']
+      @host = host.present? ? host : ENV['UBIQ_SERVER']
+    end
-  @creds = CredentialsInfo.new(@access_key_id, @secret_signing_key, @secret_crypto_access_key, @host).set_attributes
+    @creds = CredentialsInfo.new(@access_key_id, @secret_signing_key, @secret_crypto_access_key, @host).set_attributes
-  def get_attributes
-    return @creds
+    def get_attributes
+      return @creds
+    end
   end
 end
-end