Sha256: 7b0ec67de5fa47d917ace4053676cf93459191c2b0496e20fa3462c884d2703d
Contents?: true
Size: 1.68 KB
Versions: 3
Compression:
Stored size: 1.68 KB
Contents
require 'openssl'
require 'net/http'
require 'muchkeys/configuration'
require 'muchkeys/errors'
class MuchKeys::Secret
CIPHER_SUITE = "AES-256-CFB"
class << self
# the path that clues MuchKeys that this path contains secrets
def secrets_path_hint
MuchKeys.configuration.secrets_hint || "secrets/"
end
def encrypt_string(val, public_key)
cipher = OpenSSL::Cipher.new CIPHER_SUITE
cert = OpenSSL::X509::Certificate.new File.read(public_key)
OpenSSL::PKCS7::encrypt([cert], val, cipher, OpenSSL::PKCS7::BINARY)
end
# turn a key_name into a SSL cert file name by convention
def certfile_name(key_name)
key_parts = key_name.match /(.*)\/#{secrets_path_hint}(.*)/
raise MuchKeys::InvalidKey, "#{key_name} doesn't look like a secret" if key_parts.nil?
key_base = key_parts[1].gsub(/^git\//, "")
MuchKeys.configuration.public_key || "#{ENV['HOME']}/.keys/#{key_base}.pem"
end
def is_secret?(key_name)
key_name.match(/\/#{secrets_path_hint}/) != nil
end
def auto_certificates_exist_for_key?(key)
file_exists?(secret_adapter.certfile_name(key))
end
def decrypt_string(val, public_key, private_key)
cert = OpenSSL::X509::Certificate.new(read_ssl_key(public_key))
key = OpenSSL::PKey::RSA.new(read_ssl_key(private_key))
OpenSSL::PKCS7.new(val).decrypt(key, cert)
end
private
def read_ssl_key(file_name)
File.read file_name
end
# Why would we even do this? For stubbing.
def file_exists?(path)
File.exist? path
end
def key_validator
MuchKeys::KeyValidator
end
def secret_adapter
MuchKeys::Secret
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| muchkeys-0.3.7 | lib/muchkeys/secret.rb |
| muchkeys-0.3.6 | lib/muchkeys/secret.rb |
| muchkeys-0.3.3 | lib/muchkeys/secret.rb |