Class: AuthKeys

Inherits:

Object

• Object
• AuthKeys

Defined in:

lib/auth_keys.rb

Class Method Summary

• .[](key) ⇒ Object
• .decrypt ⇒ Object
• .decrypt_data(data, pass) ⇒ Object
• .decrypt_data_by_privkey(data) ⇒ Object
• .encrypt ⇒ Object
• .encrypt_data(data, pass) ⇒ Object
• .encrypt_data_by_pubkey(data) ⇒ Object
• .get(key) ⇒ Object
• .is_encrypted?(str) ⇒ Boolean
• .is_salted?(str) ⇒ Boolean
• .KEY_PATH ⇒ Object
• .keys ⇒ Object
• .load ⇒ Object
• .MASTER_KEY ⇒ Object
• .master_key_data ⇒ Object
• .read ⇒ Object
• .rsautil ⇒ Object
• .save(content) ⇒ Object

Class Method Details

.[](key) ⇒ Object

# File 'lib/auth_keys.rb', line 97

def [](key)
    self.get(key)
end

.decrypt ⇒ Object

# File 'lib/auth_keys.rb', line 23

def decrypt()
    data = self.read
    return unless is_encrypted?(data)
    data = data.force_encoding("ASCII-8BIT")
    data = self.decrypt_data(data,self.master_key_data)
    self.save(data)
end

.decrypt_data(data, pass) ⇒ Object

# File 'lib/auth_keys.rb', line 30

def decrypt_data(data,pass)
    data = data.force_encoding("ASCII-8BIT")
    salt = data[8,8]
    data = data[16, data.size]
    cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
    cipher.decrypt
    cipher.pkcs5_keyivgen(pass, salt, 1 )
    cipher.update(data) + cipher.final
end

.decrypt_data_by_privkey(data) ⇒ Object

# File 'lib/auth_keys.rb', line 45

def decrypt_data_by_privkey(data)
    self.rsautil.private_decrypt(data)
end

.encrypt ⇒ Object

# File 'lib/auth_keys.rb', line 16

def encrypt()
    data = self.read
    return  if is_encrypted?(data)

    data = self.encrypt_data(data,self.master_key_data)
    save(data)
end

.encrypt_data(data, pass) ⇒ Object

# File 'lib/auth_keys.rb', line 7

def encrypt_data(data,pass)
    cipher = OpenSSL::Cipher::Cipher.new("AES-256-CBC")
    salt = OpenSSL::Random.random_bytes(8)
    cipher.encrypt
    cipher.pkcs5_keyivgen(pass, salt, 1)
    data = cipher.update(data) + cipher.final
    ## salted
    data = "Salted__" + salt + data
end

.encrypt_data_by_pubkey(data) ⇒ Object

# File 'lib/auth_keys.rb', line 42

def encrypt_data_by_pubkey(data)
    self.rsautil.public_encrypt(data)
end

.get(key) ⇒ Object

# File 'lib/auth_keys.rb', line 89

def get(key)
    hash = self.load
    if key.class == Regexp then
        key = self.keys.find{|e| e=~key}
        return nil unless key
    end
    hash.key?(key) ? hash[key] : nil ;
end

.is_encrypted?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/auth_keys.rb', line 52

def is_encrypted?(str)
    return true if self.is_salted?(str)
    # check encrypt by trying to treat as  UTF-8 String
    begin
        str.split("")
        return false
    rescue => e
        return true
    end
end

.is_salted?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/auth_keys.rb', line 49

def is_salted?(str)
    /Salted__/ === str[0,8]
end

.KEY_PATH ⇒ Object

# File 'lib/auth_keys.rb', line 5

def KEY_PATH ; ENV["KEY_PATH"] ||  "~/.auth_keys" end

.keys ⇒ Object

# File 'lib/auth_keys.rb', line 100

def keys
    self.load.keys
end

.load ⇒ Object

# File 'lib/auth_keys.rb', line 75

def load()
    content = self.read
    content = self.decrypt_data(content,self.master_key_data) if is_encrypted?(content)
    array = content
                .split("\n")
                .reject{|e| e.strip =~/^#/}
                .map(&:split).map{|e| [e[0],[   e[1],e[2]  ] ] }
    password_table = Hash[array]
end

.MASTER_KEY ⇒ Object

# File 'lib/auth_keys.rb', line 6

def MASTER_KEY ;  ENV["MASTER_KEY"] ||  "~/.ssh/id_rsa" end

.master_key_data ⇒ Object

# File 'lib/auth_keys.rb', line 62

def master_key_data
    path = File.expand_path(self.MASTER_KEY)
    raise unless File.exists?(path)
    open(path).read
end

.read ⇒ Object

# File 'lib/auth_keys.rb', line 84

def read()
    path = File.expand_path(self.KEY_PATH)
    raise unless File.exists?(path)
    content = open(path).read
end

.rsautil ⇒ Object

# File 'lib/auth_keys.rb', line 39

def rsautil
    OpenSSL::PKey::RSA.new(self.master_key_data)
end

.save(content) ⇒ Object

# File 'lib/auth_keys.rb', line 67

def save(content)
    path = File.expand_path(self.KEY_PATH)
    raise "#{path} not found." unless File.exists?(path)
    open(path, "w"){|f|
        f.write content
    }
end