Class: ManageIQ::Password

Inherits:

Object

Object
ManageIQ::Password

show all

Defined in:: lib/manageiq/password.rb,
lib/manageiq/password/version.rb,
lib/manageiq/password/password_mixin.rb

Defined Under Namespace

Modules: PasswordMixin Classes: Key, PasswordError

Constant Summary collapse

REGEXP =

/v2:\{([^}]*)\}/

REGEXP_PASSWORD = for “v2:…” or its URL encoded string

/v2(:\{[^}]*\}|%3A%7B.*?%7D)/

REGEXP_START_LINE =

/^#{REGEXP}/

MASK =

'********'.freeze

VERSION =

"1.1.0".freeze

Instance Attribute Summary collapse

#encStr ⇒ Object readonly

Returns the value of attribute encStr.

Class Method Summary collapse

Instance Method Summary collapse

#decrypt(*args) ⇒ Object
#encrypt(*args) ⇒ Object
#initialize(str = nil) ⇒ Password constructor

A new instance of Password.
#recrypt(*args) ⇒ Object

Constructor Details

#initialize(str = nil) ⇒ `Password`

Returns a new instance of Password.

# File 'lib/manageiq/password.rb', line 19

def initialize(str = nil)
  return unless str

  @encStr = encrypt(str)
end

Instance Attribute Details

#encStr ⇒ `Object` (readonly)

Returns the value of attribute encStr.



17
18
19

# File 'lib/manageiq/password.rb', line 17

def encStr
  @encStr
end

Class Method Details

.decrypt(str, key = self.key) ⇒ `Object`

Raises:

(PasswordError)

# File 'lib/manageiq/password.rb', line 44

def self.decrypt(str, key = self.key)
  str = remove_erb(str)
  return str if str.nil? || str.empty?

  raise PasswordError, "cannot decrypt plaintext string" unless wrapped?(str)

  enc = unwrap(str)
  return enc if enc.nil? || enc.empty?

  begin
    key.decrypt64(enc).force_encoding('UTF-8')
  rescue
    raise PasswordError, "cannot decrypt encrypted string"
  end
end

.encrypt(str, key = self.key) ⇒ `Object`

# File 'lib/manageiq/password.rb', line 37

def self.encrypt(str, key = self.key)
  return str if str.nil?

  enc = key.encrypt64(str).delete("\n") unless str.empty?
  wrap(enc)
end

.encrypted?(str) ⇒ `Boolean`

Returns:

(Boolean)



68
69
70

# File 'lib/manageiq/password.rb', line 68

def self.encrypted?(str)
  wrapped?(remove_erb(str))
end

.generate_symmetric(filename = nil) ⇒ `Object`



128
129
130

# File 'lib/manageiq/password.rb', line 128

def self.generate_symmetric(filename = nil)
  Key.new.tap { |key| store_key_file(filename, key) if filename }
end

.key ⇒ `Object`

# File 'lib/manageiq/password.rb', line 111

def self.key
  @@key ||= load_key_file("v2_key") || begin
    key_file = File.expand_path("v2_key", key_root)
    msg = "  \#{key_file} doesn't exist!\n  On an appliance, it should be generated on boot by evmserverd.\n\n  If you're a developer, you can copy the \#{key_file}.dev to \#{key_file}.\n\n  Caution, using the developer key will allow anyone with the public developer key to decrypt the two-way\n  passwords in your database.\n  EOS\n    Kernel.warn msg\n    nil\n  end\nend\n"

.key=(key) ⇒ `Object`



107
108
109

# File 'lib/manageiq/password.rb', line 107

def self.key=(key)
  @@key = key
end

.key_root ⇒ `Object`



98
99
100

# File 'lib/manageiq/password.rb', line 98

def self.key_root
  @@key_root ||= ENV["KEY_ROOT"]
end

.key_root=(key_root) ⇒ `Object`

# File 'lib/manageiq/password.rb', line 102

def self.key_root=(key_root)
  @@key = nil
  @@key_root = key_root
end

.md5crypt(str) ⇒ `Object`

# File 'lib/manageiq/password.rb', line 72

def self.md5crypt(str)
  cmd = "openssl passwd -1 -salt \"miq\" \"#{try_decrypt(str)}\""
  `#{cmd}`.split("\n").first
end

.recrypt(str, prior_key = nil) ⇒ `Object`

# File 'lib/manageiq/password.rb', line 60

def self.recrypt(str, prior_key = nil)
  return str if str.nil?

  decrypted_str   = decrypt(str, prior_key) if prior_key rescue nil
  decrypted_str ||= decrypt(str)
  encrypt(decrypted_str)
end

.sanitize_string(s) ⇒ `Object`



81
82
83

# File 'lib/manageiq/password.rb', line 81

def self.sanitize_string(s)
  s.gsub(REGEXP_PASSWORD, MASK)
end

.sanitize_string!(s) ⇒ `Object`



85
86
87

# File 'lib/manageiq/password.rb', line 85

def self.sanitize_string!(s)
  s.gsub!(REGEXP_PASSWORD, MASK)
end

.sysprep_crypt(str) ⇒ `Object`



77
78
79

# File 'lib/manageiq/password.rb', line 77

def self.sysprep_crypt(str)
  Base64.encode64("#{try_decrypt(str)}AdministratorPassword".encode("UTF-16LE")).delete("\n")
end

.try_decrypt(str) ⇒ `Object`

# File 'lib/manageiq/password.rb', line 89

def self.try_decrypt(str)
  str = remove_erb(str)
  encrypted?(str) ? decrypt(str) : str
end

.try_encrypt(str) ⇒ `Object`



94
95
96

# File 'lib/manageiq/password.rb', line 94

def self.try_encrypt(str)
  encrypted?(str) ? str : encrypt(str)
end

Instance Method Details

#decrypt(*args) ⇒ `Object`



29
30
31

# File 'lib/manageiq/password.rb', line 29

def decrypt(*args)
  self.class.decrypt(*args)
end

#encrypt(*args) ⇒ `Object`



25
26
27

# File 'lib/manageiq/password.rb', line 25

def encrypt(*args)
  self.class.encrypt(*args)
end

#recrypt(*args) ⇒ `Object`



33
34
35

# File 'lib/manageiq/password.rb', line 33

def recrypt(*args)
  self.class.recrypt(*args)
end

Class: ManageIQ::Password

Defined Under Namespace

Constant Summary collapse

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(str = nil) ⇒ Password

Instance Attribute Details

#encStr ⇒ Object (readonly)

Class Method Details

.decrypt(str, key = self.key) ⇒ Object

.encrypt(str, key = self.key) ⇒ Object

.encrypted?(str) ⇒ Boolean

.generate_symmetric(filename = nil) ⇒ Object

.key ⇒ Object

.key=(key) ⇒ Object

.key_root ⇒ Object

.key_root=(key_root) ⇒ Object

.md5crypt(str) ⇒ Object

.recrypt(str, prior_key = nil) ⇒ Object

.sanitize_string(s) ⇒ Object

.sanitize_string!(s) ⇒ Object

.sysprep_crypt(str) ⇒ Object

.try_decrypt(str) ⇒ Object

.try_encrypt(str) ⇒ Object