Sha256: 233581601df33dd5d5deafc4c2de564fc8e3d2ec5aa3e15f31a14235f6b86b91
Contents?: true
Size: 1.76 KB
Versions: 2
Compression:
Stored size: 1.76 KB
Contents
require 'active_support/core_ext/module/delegation'
require 'openssl'
require 'net/http'
class Muchkeys::Secret
CIPHER_SUITE = "AES-256-CFB"
attr_accessor :app_client
delegate :config, to: :app_client
def initialize(app_client)
@app_client = app_client
end
# the path that clues Muchkeys that this path contains secrets
def secrets_path_hint
config.secrets_hint || "secrets"
end
def encrypt_string(val, public_key)
cipher = OpenSSL::Cipher.new CIPHER_SUITE
cert = OpenSSL::X509::Certificate.new File.read(public_key)
OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY)
end
# turn a key_name into a SSL cert file name by convention
def certfile_name(key_name)
key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/
# FIXME this already checked in the secretes validator, we don't need to
# check it again
raise Muchkeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil?
key_base = key_parts[1].gsub(/^git\//, "")
config.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem"
end
def is_secret?(key_name)
key_name.match(/\/#{secrets_path_hint}/) != nil
end
def auto_certificates_exist_for_key?(key)
file_exists?(certfile_name(key))
end
def decrypt_string(val, public_key = nil, private_key = nil)
cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key))
key = OpenSSL::PKey::RSA.new(read_ssl_key(private_key))
OpenSSL::PKCS7.new(val).decrypt(key, cert)
end
private
def read_ssl_key(file_name)
File.read(file_name)
end
# Why would we even do this? For stubbing.
def file_exists?(path)
File.exist?(path)
end
def key_validator
Muchkeys::KeyValidator
end
def secret_adapter
Muchkeys::Secret
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| muchkeys-0.7.1 | lib/muchkeys/secret.rb |
| muchkeys-0.7.0 | lib/muchkeys/secret.rb |