Class: ManageIQ::Password

Inherits:

Object

• Object
• ManageIQ::Password

Defined in:

lib/manageiq/password.rb,
lib/manageiq/password/version.rb,
lib/manageiq/password/password_mixin.rb

Defined Under Namespace

Modules: PasswordMixin Classes: Key, PasswordError

Constant Summary

REGEXP =

/v2:\{([^}]*)\}/

REGEXP_PASSWORD =

for “v2:…” or its URL encoded string

/v2(:\{[^}]*\}|%3A%7B.*?%7D)/

REGEXP_START_LINE =

/^#{REGEXP}/

MASK =

'********'.freeze

VERSION =

"1.0.0".freeze

Instance Attribute Summary

• #encStr ⇒ Object readonly

  Returns the value of attribute encStr.

Class Method Summary

• .decrypt(*args) ⇒ Object
• .encrypt(*args) ⇒ Object
• .encrypted?(str) ⇒ Boolean
• .generate_symmetric(filename = nil) ⇒ Object
• .key ⇒ Object
• .key=(key) ⇒ Object
• .key_root ⇒ Object
• .key_root=(key_root) ⇒ Object
• .md5crypt(str) ⇒ Object
• .recrypt(*args) ⇒ Object
• .sanitize_string(s) ⇒ Object
• .sanitize_string!(s) ⇒ Object
• .sysprep_crypt(str) ⇒ Object
• .try_decrypt(str) ⇒ Object
• .try_encrypt(str) ⇒ Object

Instance Method Summary

• #decrypt(str, key = self.class.key) ⇒ Object
• #encrypt(str, key = self.class.key) ⇒ Object
• #initialize(str = nil) ⇒ Password constructor

  A new instance of Password.

• #recrypt(str, prior_key = nil) ⇒ Object

Constructor Details

#initialize(str = nil) ⇒ Password

Returns a new instance of Password.

# File 'lib/manageiq/password.rb', line 19

def initialize(str = nil)
  return unless str

  @encStr = encrypt(str)
end

Instance Attribute Details

#encStr ⇒ Object (readonly)

Returns the value of attribute encStr.

# File 'lib/manageiq/password.rb', line 17

def encStr
  @encStr
end

Class Method Details

.decrypt(*args) ⇒ Object

# File 'lib/manageiq/password.rb', line 55

def self.decrypt(*args)
  new.decrypt(*args)
end

.encrypt(*args) ⇒ Object

# File 'lib/manageiq/password.rb', line 51

def self.encrypt(*args)
  new.encrypt(*args)
end

.encrypted?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/manageiq/password.rb', line 63

def self.encrypted?(str)
  return false if str.nil? || str.empty?
  !!unwrap(str)
end

.generate_symmetric(filename = nil) ⇒ Object

# File 'lib/manageiq/password.rb', line 123

def self.generate_symmetric(filename = nil)
  Key.new.tap { |key| store_key_file(filename, key) if filename }
end

.key ⇒ Object

# File 'lib/manageiq/password.rb', line 106

def self.key
  @@key ||= load_key_file("v2_key") || begin
    key_file = File.expand_path("v2_key", key_root)
    msg = <<-EOS
  #{key_file} doesn't exist!
  On an appliance, it should be generated on boot by evmserverd.

  If you're a developer, you can copy the #{key_file}.dev to #{key_file}.

  Caution, using the developer key will allow anyone with the public developer key to decrypt the two-way
  passwords in your database.
  EOS
    Kernel.warn msg
    nil
  end
end

.key=(key) ⇒ Object

# File 'lib/manageiq/password.rb', line 102

def self.key=(key)
  @@key = key
end

.key_root ⇒ Object

# File 'lib/manageiq/password.rb', line 93

def self.key_root
  @@key_root ||= ENV["KEY_ROOT"]
end

.key_root=(key_root) ⇒ Object

# File 'lib/manageiq/password.rb', line 97

def self.key_root=(key_root)
  @@key = nil
  @@key_root = key_root
end

.md5crypt(str) ⇒ Object

# File 'lib/manageiq/password.rb', line 68

def self.md5crypt(str)
  cmd = "openssl passwd -1 -salt \"miq\" \"#{try_decrypt(str)}\""
  `#{cmd}`.split("\n").first
end

.recrypt(*args) ⇒ Object

# File 'lib/manageiq/password.rb', line 59

def self.recrypt(*args)
  new.recrypt(*args)
end

.sanitize_string(s) ⇒ Object

# File 'lib/manageiq/password.rb', line 77

def self.sanitize_string(s)
  s.gsub(REGEXP_PASSWORD, MASK)
end

.sanitize_string!(s) ⇒ Object

# File 'lib/manageiq/password.rb', line 81

def self.sanitize_string!(s)
  s.gsub!(REGEXP_PASSWORD, MASK)
end

.sysprep_crypt(str) ⇒ Object

# File 'lib/manageiq/password.rb', line 73

def self.sysprep_crypt(str)
  Base64.encode64("#{try_decrypt(str)}AdministratorPassword".encode("UTF-16LE")).delete("\n")
end

.try_decrypt(str) ⇒ Object

# File 'lib/manageiq/password.rb', line 85

def self.try_decrypt(str)
  encrypted?(str) ? decrypt(str) : str
end

.try_encrypt(str) ⇒ Object

# File 'lib/manageiq/password.rb', line 89

def self.try_encrypt(str)
  encrypted?(str) ? str : encrypt(str)
end

Instance Method Details

#decrypt(str, key = self.class.key) ⇒ Object

# File 'lib/manageiq/password.rb', line 32

def decrypt(str, key = self.class.key)
  enc = self.class.unwrap(str)
  return enc if enc.nil? || enc.empty?

  begin
    key.decrypt64(enc).force_encoding('UTF-8')
  rescue
    raise PasswordError, "cannot decrypt encrypted string"
  end
end

#encrypt(str, key = self.class.key) ⇒ Object

# File 'lib/manageiq/password.rb', line 25

def encrypt(str, key = self.class.key)
  return str if str.nil?

  enc = key.encrypt64(str).delete("\n") unless str.empty?
  self.class.wrap(enc)
end

#recrypt(str, prior_key = nil) ⇒ Object

# File 'lib/manageiq/password.rb', line 43

def recrypt(str, prior_key = nil)
  return str if str.nil?

  decrypted_str   = decrypt(str, prior_key) if prior_key rescue nil
  decrypted_str ||= decrypt(str)
  encrypt(decrypted_str)
end