Class: ManageIQ::Password
- Inherits:
-
Object
- Object
- ManageIQ::Password
show all
- Defined in:
- lib/manageiq/password.rb,
lib/manageiq/password/version.rb,
lib/manageiq/password/password_mixin.rb
Defined Under Namespace
Modules: PasswordMixin
Classes: Key, PasswordError
Constant Summary
collapse
- CURRENT_VERSION =
"2"
- REGEXP =
/v([0-2]):\{([^}]*)\}/- REGEXP_PASSWORD =
for “v2:…” or its URL encoded string
/v[0-2](:\{[^}]*\}|%3A%7B.*?%7D)/- REGEXP_START_LINE =
/^#{REGEXP}/- MASK =
'********'.freeze
- VERSION =
"0.2.1".freeze
Instance Attribute Summary collapse
Class Method Summary
collapse
Instance Method Summary
collapse
Constructor Details
#initialize(str = nil) ⇒ Password
Returns a new instance of Password.
19
20
21
22
23
|
# File 'lib/manageiq/password.rb', line 19
def initialize(str = nil)
return unless str
@encStr = encrypt(str)
end
|
Instance Attribute Details
#encStr ⇒ Object
Returns the value of attribute encStr.
17
18
19
|
# File 'lib/manageiq/password.rb', line 17
def encStr
@encStr
end
|
Class Method Details
.add_legacy_key(filename, type = "alt") ⇒ Object
164
165
166
167
168
|
# File 'lib/manageiq/password.rb', line 164
def self.add_legacy_key(filename, type = "alt")
key = load_key_file(filename, type != :v0)
keys[type.to_s] = key if key
key
end
|
.all_keys ⇒ Object
136
137
138
|
# File 'lib/manageiq/password.rb', line 136
def self.all_keys
keys.values
end
|
.clear_keys ⇒ Object
132
133
134
|
# File 'lib/manageiq/password.rb', line 132
def self.clear_keys
@@all_keys = nil
end
|
.decrypt(str) ⇒ Object
71
72
73
|
# File 'lib/manageiq/password.rb', line 71
def self.decrypt(str)
new.decrypt(str)
end
|
.encrypt(str) ⇒ Object
67
68
69
|
# File 'lib/manageiq/password.rb', line 67
def self.encrypt(str)
new.encrypt(str) if str
end
|
.encrypted?(str) ⇒ Boolean
75
76
77
|
# File 'lib/manageiq/password.rb', line 75
def self.encrypted?(str)
!!split(str).first
end
|
.generate_symmetric(filename = nil) ⇒ Object
175
176
177
|
# File 'lib/manageiq/password.rb', line 175
def self.generate_symmetric(filename = nil)
Key.new.tap { |key| store_key_file(filename, key) if filename }
end
|
.key_root ⇒ Object
123
124
125
|
# File 'lib/manageiq/password.rb', line 123
def self.key_root
@@key_root ||= ENV["KEY_ROOT"]
end
|
.key_root=(key_root) ⇒ Object
127
128
129
130
|
# File 'lib/manageiq/password.rb', line 127
def self.key_root=(key_root)
clear_keys
@@key_root = key_root
end
|
.keys ⇒ Object
140
141
142
|
# File 'lib/manageiq/password.rb', line 140
def self.keys
@@all_keys ||= {"v2" => load_v2_key}.delete_if { |_n, v| v.nil? }
end
|
.load_v2_key ⇒ Object
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
# File 'lib/manageiq/password.rb', line 148
def self.load_v2_key
load_key_file("v2_key") || begin
key_file = File.expand_path("v2_key", key_root)
msg = <<-EOS
#{key_file} doesn't exist!
On an appliance, it should be generated on boot by evmserverd.
If you're a developer, you can copy the #{key_file}.dev to #{key_file}.
Caution, using the developer key will allow anyone with the public developer key to decrypt the two-way
passwords in your database.
EOS
Kernel.warn msg
end
end
|
.md5crypt(str) ⇒ Object
79
80
81
82
|
# File 'lib/manageiq/password.rb', line 79
def self.md5crypt(str)
cmd = "openssl passwd -1 -salt \"miq\" \"#{try_decrypt(str)}\""
`#{cmd}`.split("\n").first
end
|
.sanitize_string(s) ⇒ Object
88
89
90
|
# File 'lib/manageiq/password.rb', line 88
def self.sanitize_string(s)
s.gsub(REGEXP_PASSWORD, MASK)
end
|
.sanitize_string!(s) ⇒ Object
92
93
94
|
# File 'lib/manageiq/password.rb', line 92
def self.sanitize_string!(s)
s.gsub!(REGEXP_PASSWORD, MASK)
end
|
.split(encrypted_str) ⇒ Object
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# File 'lib/manageiq/password.rb', line 105
def self.split(encrypted_str)
if encrypted_str.nil? || encrypted_str.empty?
[nil, encrypted_str]
else
if encrypted_str =~ REGEXP_START_LINE
[$1, $2]
elsif legacy = (encrypted_str)
if legacy =~ REGEXP_START_LINE
[$1, $2]
else
["0", legacy]
end
else
[nil, encrypted_str]
end
end
end
|
.sysprep_crypt(str) ⇒ Object
84
85
86
|
# File 'lib/manageiq/password.rb', line 84
def self.sysprep_crypt(str)
Base64.encode64("#{try_decrypt(str)}AdministratorPassword".encode("UTF-16LE")).delete("\n")
end
|
.try_decrypt(str) ⇒ Object
96
97
98
|
# File 'lib/manageiq/password.rb', line 96
def self.try_decrypt(str)
encrypted?(str) ? decrypt(str) : str
end
|
.try_encrypt(str) ⇒ Object
100
101
102
|
# File 'lib/manageiq/password.rb', line 100
def self.try_encrypt(str)
encrypted?(str) ? str : encrypt(str)
end
|
.v2_key ⇒ Object
144
145
146
|
# File 'lib/manageiq/password.rb', line 144
def self.v2_key
keys["v2"]
end
|
.v2_key=(key) ⇒ Object
171
172
173
|
# File 'lib/manageiq/password.rb', line 171
def self.v2_key=(key)
(@@all_keys ||= {})["v2"] = key
end
|
Instance Method Details
#decrypt(str, legacy = false) ⇒ Object
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
# File 'lib/manageiq/password.rb', line 30
def decrypt(str, legacy = false)
if str.nil? || str.empty?
str
else
ver, enc = self.class.split(str)
return "" if enc.empty?
ver ||= "0" key_name = (ver == "2" && legacy) ? "alt" : "v#{ver}"
begin
self.class.keys[key_name].decrypt64(enc).force_encoding('UTF-8')
rescue
raise PasswordError, "can not decrypt v#{ver}_key encrypted string"
end
end
end
|
#encrypt(str, ver = "v2", key = self.class.keys[ver]) ⇒ Object
25
26
27
28
|
# File 'lib/manageiq/password.rb', line 25
def encrypt(str, ver = "v2", key = self.class.keys[ver])
value = key.encrypt64(str).delete("\n") unless str.nil? || str.empty?
"#{ver}:{#{value}}"
end
|
#recrypt(str) ⇒ Object
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
|
# File 'lib/manageiq/password.rb', line 48
def recrypt(str)
return str if str.nil? || str.empty?
decrypted_str =
begin
decrypt(str, self.class.keys["alt"])
rescue
source_version = self.class.split(str).first || "0"
if source_version == "0" return str
elsif source_version == "2" decrypt(str)
else
raise
end
end
encrypt(decrypted_str)
end
|