Class: Aspera::Keychain::EncryptedHash

Inherits:

Object

• Object
• Aspera::Keychain::EncryptedHash

Defined in:

lib/aspera/keychain/encrypted_hash.rb

Overview

Manage secrets in a simple Hash

Constant Summary

CIPHER_NAME =

'aes-256-cbc'

CONTENT_KEYS =

i[label username password url description].freeze

Instance Method Summary

• #delete(label:) ⇒ Object
• #get(label:, exception: true) ⇒ Object
• #initialize(path, current_password) ⇒ EncryptedHash constructor

  A new instance of EncryptedHash.

• #list ⇒ Object
• #password=(new_password) ⇒ Object
• #save ⇒ Object
• #set(options) ⇒ Object

Constructor Details

#initialize(path, current_password) ⇒ EncryptedHash

Returns a new instance of EncryptedHash.

# File 'lib/aspera/keychain/encrypted_hash.rb', line 14

def initialize(path, current_password)
  @path = path
  self.password = current_password
  raise 'path to vault file shall be String' unless @path.is_a?(String)
  @all_secrets = File.exist?(@path) ? YAML.load_stream(@cipher.decrypt(File.read(@path))).first : {}
end

Instance Method Details

#delete(label:) ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 56

def delete(label:)
  @all_secrets.delete(label)
  save
end

#get(label:, exception: true) ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 61

def get(label:, exception: true)
  raise "Label not found: #{label}" unless @all_secrets.key?(label) || !exception
  result = @all_secrets[label].clone
  result[:label] = label if result.is_a?(Hash)
  return result
end

#list ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 45

def list
  result = []
  @all_secrets.each do |label, values|
    normal = values.symbolize_keys
    normal[:label] = label
    CONTENT_KEYS.each{|k|normal[k] = '' unless normal.key?(k)}
    result.push(normal)
  end
  return result
end

#password=(new_password) ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 21

def password=(new_password)
  # number of bits in second position
  key_bytes = CIPHER_NAME.split('-')[1].to_i / Environment::BITS_PER_BYTE
  # derive key from passphrase, add trailing zeros
  key = "#{new_password}#{"\x0" * key_bytes}"[0..(key_bytes - 1)]
  Log.log.debug{"key=[#{key}],#{key.length}"}
  SymmetricEncryption.cipher = @cipher = SymmetricEncryption::Cipher.new(cipher_name: CIPHER_NAME, key: key, encoding: :none)
end

#save ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 30

def save
  File.write(@path, @cipher.encrypt(YAML.dump(@all_secrets)), encoding: 'BINARY')
end

#set(options) ⇒ Object

# File 'lib/aspera/keychain/encrypted_hash.rb', line 34

def set(options)
  raise 'options shall be Hash' unless options.is_a?(Hash)
  unsupported = options.keys - CONTENT_KEYS
  options.each_value {|v| raise 'value must be String' unless v.is_a?(String)}
  raise "unsupported options: #{unsupported}" unless unsupported.empty?
  label = options.delete(:label)
  raise "secret #{label} already exist, delete first" if @all_secrets.key?(label)
  @all_secrets[label] = options.symbolize_keys
  save
end