vault-tree 0.1.0

data/features/steps/exceptions.steps.rb

@@ -0,0 +1,103 @@
+Given(/^a valid blank contract$/) do
+  contract_path = VaultTree::PathHelpers.reference_contract
+  @contract_json = File.read(contract_path)
+end
+
+When(/^I attempt fill a vault without providing a master passphrase$/) do
+  begin
+    @contract = VaultTree::Contract.new(@contract_json)
+    @contract = @contract.close_vault('alice_contract_secret')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^a MissingPassphrase exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::MissingPassphrase)
+end
+
+Given(/^the broken contract$/) do
+  contract_path = VaultTree::PathHelpers.broken_contract
+  @contract_json = File.read(contract_path)
+  @contract = VaultTree::Contract.new(@contract_json, master_passphrase: 'TEST_USER', external_data: {})
+end
+
+When(/^I attempt fill a vault with External Data that does not exists$/) do
+  begin
+    @contract = @contract.close_vault('missing_external_data_vault')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^a MissingExternalData exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::MissingExternalData)
+end
+
+When(/^I attempt fill a vault with my Master Password$/) do
+  begin
+    @contract = @contract.close_vault('fill_with_master_pass_vault')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^a FillAttemptMasterPassword exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::FillAttemptMasterPassword)
+end
+
+When(/^I attempt to open an empty vault$/) do
+  begin
+    @contents = @contract.retrieve_contents('empty_vault')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^an EmptyVault exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::EmptyVault)
+end
+
+When(/^I attempt to open a vault that does not exists$/) do
+  begin
+    @contents = @contract.retrieve_contents('non_existant_vault')
+  rescue => e
+    @exception = e
+  end
+end
+
+When(/^I attempt to close a vault that does not exists$/) do
+  begin
+    @contents = @contract.close_vault('non_existant_vault')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^a VaultDoesNotExist exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::VaultDoesNotExist)
+end
+
+When(/^I attempt fill a vault with an unsupported Keyword$/) do
+  begin
+    @contract = @contract.close_vault('unsupported_keyword')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^an UnsupportedKeyword exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::UnsupportedKeyword)
+end
+
+When(/^I attempt to fill with an encryption key without first establishing the decryption key$/) do
+  begin
+    @contract = @contract.close_vault('orphaned_public_key')
+  rescue => e
+    @exception = e
+  end
+end
+
+Then(/^a MissingPartnerDecryptionKey exception is raised$/) do
+  @exception.should be_an_instance_of(VaultTree::Exceptions::MissingPartnerDecryptionKey)
+end

data/features/support/env.rb

@@ -0,0 +1 @@
+require_relative '../../lib/vault-tree'

data/features/world.rb

@@ -0,0 +1,3 @@
+module VaultTreeWorld
+end
+World(VaultTreeWorld)

data/lib/vault-tree.rb

@@ -0,0 +1,7 @@
+# require_relative - Ruby > 1.9 method
+# require_rel - 'gem require_all' helper method to require all relative
+
+require_relative 'vault-tree/config/dependencies'
+require_relative 'vault-tree/config/path_helpers'
+require_relative 'vault-tree/config/string'
+require_relative 'vault-tree/config/lib'

data/lib/vault-tree/config/dependencies.rb

@@ -0,0 +1,4 @@
+# encoding: utf-8
+require 'json'
+require 'rbnacl'
+require 'require_all'

data/lib/vault-tree/config/lib.rb

@@ -0,0 +1,2 @@
+lib = VaultTree::PathHelpers.lib_dir
+require_all "#{lib}/**/*.rb"

data/lib/vault-tree/config/path_helpers.rb

@@ -0,0 +1,49 @@
+module VaultTree
+  module PathHelpers
+    extend self
+
+    def current_dir
+      File.dirname(__FILE__)
+    end 
+
+    def walk_to_root
+      '../../../'
+    end 
+
+    def project_dir
+      File.expand_path(project_dir_rel)
+    end
+
+    def project_dir_rel
+      File.join(current_dir,walk_to_root)
+    end
+
+    def app_dir
+      lib_dir
+    end
+
+    def lib_dir
+     "#{project_dir}/lib"
+    end
+
+    def fixtures_dir
+      "#{project_dir}/spec/support/fixtures"
+    end
+
+    def reference_contract
+      "#{fixtures_dir}/reference_contract.1.0.0.json"
+    end
+
+    def broken_contract
+      "#{fixtures_dir}/broken_contract.json"
+    end
+
+    def blank_simple_test_contract
+      "#{fixtures_dir}/blank_simple_test_contract.json"
+    end
+
+    def simple_test_contract
+      "#{fixtures_dir}/simple_test_contract.json"
+    end
+  end
+end

data/lib/vault-tree/config/string.rb

@@ -0,0 +1,25 @@
+class String
+  def compress
+    gsub("\n", '').squeeze(' ').strip
+  end
+
+  def extract_ancestor_id
+    self.gsub(/(CONTENTS\[\')|(\'\])/,'').strip
+  end
+
+  def checksum
+    Digest::SHA1.hexdigest(self)
+  end
+
+  def non_empty?
+    ! self.empty?
+  end
+
+  def camelize
+    self.split("_").each {|s| s.capitalize! }.join("")
+  end
+
+  def has_ancestor?
+    self.include? 'CONTENTS'
+  end
+end

data/lib/vault-tree/contract/close_validator.rb

@@ -0,0 +1,35 @@
+module VaultTree
+  class CloseValidator
+    attr_reader :vault
+
+    def initialize(vault)
+      @vault = vault
+    end
+
+    def validate!
+      confirm_valid_fill_keyword
+      validate_external_data
+      true
+    end
+
+    private
+
+    def confirm_valid_fill_keyword
+      raise Exceptions::FillAttemptMasterPassword if vault.fill_with == 'MASTER_PASSPHRASE'
+    end
+
+    def validate_external_data
+      if external_data_required? && external_data_missing?
+        raise Exceptions::MissingExternalData
+      end
+    end
+
+    def external_data_required?
+      vault.fill_with == 'EXTERNAL_DATA'
+    end
+
+    def external_data_missing?
+      vault.contract.external_data(vault.id).nil?
+    end
+  end
+end

data/lib/vault-tree/contract/contract.rb

@@ -0,0 +1,85 @@
+module VaultTree
+  class Contract
+    attr_reader :json
+
+    def initialize(json, params = {})
+      @json = json
+      @master_passphrase = params[:master_passphrase]
+      @external_data = params[:external_data]
+    end
+
+    def close_vault(id)
+      validate_vault(id)
+      update_vaults vault(id).close
+      self
+    end
+
+    def retrieve_contents(id)
+      validate_vault(id)
+      vault(id).retrieve_contents
+    end
+
+    def vault_closed?(id)
+      non_empty_contents?(id)
+    end
+
+    def header
+      contract["header"]
+    end
+
+    def vaults
+      contract["vaults"]
+    end
+
+    def vault(id)
+      id.nil? ? NullVault.new : Vault.new(id, vaults[id], self)
+    end
+
+    def update_vaults(vault)
+      @contract["vaults"][vault.id] = vault.properties unless vault.kind_of?(NullVault)
+    end
+
+    def as_json
+      ContractPresenter.new(self).as_json
+    end
+
+    def master_passphrase
+      validate_passphrase
+      @master_passphrase
+    end
+
+    def external_data(id)
+      @external_data[id]
+    end
+
+    private
+
+    def passphrase_present?
+      !! @master_passphrase 
+    end
+
+    def valid_id?(id)
+      id.nil? || vaults.include?(id)
+    end
+
+    def non_empty_contents?(id)
+      ! empty_contents?(id)
+    end
+
+    def empty_contents?(id)
+      vaults[id]['contents'].nil? || vaults[id]['contents'].empty?
+    end
+
+    def contract
+      @contract ||= Support::JSON.decode(json)
+    end
+
+    def validate_vault(id)
+      raise Exceptions::VaultDoesNotExist unless valid_id?(id)
+    end
+
+    def validate_passphrase
+      raise Exceptions::MissingPassphrase unless passphrase_present?
+    end
+  end
+end

data/lib/vault-tree/contract/contract_presenter.rb

@@ -0,0 +1,27 @@
+module VaultTree
+  class ContractPresenter
+    attr_reader :contract
+
+    def initialize(contract)
+      @contract = contract
+    end
+
+    def as_json
+      JSON.pretty_generate(contract_hash)
+    end
+
+    private
+
+    def contract_hash
+      {header: contract_header, vaults: contract_vaults}
+    end
+
+    def contract_header
+      contract.header
+    end
+
+    def contract_vaults
+      contract.vaults
+    end
+  end
+end

data/lib/vault-tree/contract/doorman.rb

@@ -0,0 +1,112 @@
+module VaultTree
+  class Vault
+    class Doorman
+      attr_reader :vault
+
+      def initialize(vault)
+        @vault = vault
+      end
+
+      def locked_contents
+        CloseValidator.new(vault).validate!
+        already_locked? ? contents : ciphertext_contents
+      end
+
+      def unlocked_contents
+        OpenValidator.new(vault).validate!
+        plaintext_contents
+      end
+
+      private
+
+      def ciphertext_contents
+        shared_locking_key? ? asymmetric_ciphertext : symmetric_ciphertext
+      end
+
+      def plaintext_contents
+        shared_unlocking_key? ? asymmetric_plaintext : symmetric_plaintext
+      end
+
+      def asymmetric_ciphertext
+        asymmetric_cipher.encrypt(public_key: locking_public_key, secret_key: locking_secret_key, plain_text: filler)
+      end
+
+      def asymmetric_plaintext
+        asymmetric_cipher.decrypt(public_key: unlocking_public_key, secret_key: unlocking_secret_key, cipher_text: contents)
+      end
+
+      def symmetric_ciphertext
+        symmetric_cipher.encrypt(key: locking_key, plain_text: filler)
+      end
+
+      def symmetric_plaintext
+        symmetric_cipher.decrypt(key: unlocking_key, cipher_text: contents)
+      end
+
+      def locking_key
+        vault.locking_key
+      end
+
+      def unlocking_key
+        vault.unlocking_key
+      end
+
+      def locking_public_key
+        locking_key_pair.public_key
+      end
+
+      def locking_secret_key
+        locking_key_pair.secret_key
+      end
+
+      def unlocking_public_key
+        unlocking_key_pair.public_key
+      end
+
+      def unlocking_secret_key
+        unlocking_key_pair.secret_key
+      end
+
+      def locking_key_pair 
+        vault.locking_key if shared_locking_key?
+      end
+
+      def unlocking_key_pair 
+        vault.unlocking_key if shared_unlocking_key?
+      end
+
+      def empty?
+        vault.empty?
+      end
+
+      def already_locked?
+        ! empty?
+      end
+
+      def filler
+        vault.filler
+      end
+
+      def contents
+        vault.contents
+      end
+
+      def shared_locking_key?
+        vault.lock_with =~ /SHARED_KEY/
+      end
+
+      def shared_unlocking_key?
+        vault.unlock_with =~ /SHARED_KEY/
+      end
+
+      def asymmetric_cipher
+        LockSmith::AsymmetricCipher.new
+      end
+
+      def symmetric_cipher
+        LockSmith::SymmetricCipher.new
+      end
+
+    end
+  end
+end