Class: ConfigParser

Inherits:
Object
  • Object
show all
Defined in:
lib/nexpose_ticketing/utilities/config_parser.rb

Constant Summary collapse

ENCRYPTED_FORMAT = 
'<%%= SymmetricEncryption.try_decrypt "%s" %%>'
PLACEHOLDER = 
'<absolute/path/to/filename>'
STANZA =

The environment to use, defined within the encryption config

'production'
WIDTH =

The line width of the YAML file before line-wrapping occurs

120

Class Method Summary collapse

Class Method Details

.decrypt_config(enc_path, config_path) ⇒ Object

Returns a hash containing the decrypted details from a config file.



132
133
134
135
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 132

def self.decrypt_config(enc_path, config_path)
  SymmetricEncryption.load!(enc_path, STANZA)
  return YAML.load(ERB.new(File.new(config_path).read).result)
end

.encrypt_config(enc_path, config_path) ⇒ Object 



105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 105

def self.encrypt_config(enc_path, config_path)
  SymmetricEncryption.load!(enc_path, STANZA)

  # Read the config in as an array of strings
  f = File.open(config_path)
  config_lines = f.readlines
  f.close

  # Define the regex that can find relevant fields
  regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/

  # Line by line, write the line to file, encrypting sensitive fields
  File.open(config_path, 'w+') do |f|
    config_lines.each do |l|
      matches = l.match(regex)

      # Encrypt fields with username/password labels that are in plaintext
      unless matches.nil? || matches['value'].include?('SymmetricEncryption')
        l = "#{matches['label']}#{encrypt_field(matches['value'])}"
      end

      f.puts l
    end
  end
end

.encrypt_field(value) ⇒ Object 



35
36
37
38
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 35

def self.encrypt_field(value)
  encrypted_value = SymmetricEncryption.encrypt value
  ENCRYPTED_FORMAT % encrypted_value
end

.generate_keys(enc_path, config_path) ⇒ Object

Generates the RSA key, associated files and directories.



52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 52

def self.generate_keys(enc_path, config_path)
  settings = YAML.load_file(enc_path)
  key = settings[STANZA]['private_rsa_key']

  # Recognise an existing key
  return unless (key.nil? || key == '')

  # Generate a new RSA key and store the details
  new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate
  settings[STANZA]['private_rsa_key'] = new_rsa_key
  save_config(settings, enc_path)

  # Populate the placeholder values within the config
  populate_ciphers(enc_path, config_path)

  # Need to create a folder (specified by the user) to store the key files
  dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename'])

  begin
    unless File.directory?(dir) || PLACEHOLDER.include?(dir)
      puts "Creating folder: #{dir}"
      FileUtils::mkdir_p dir
    end
  rescue Exception => e
    msg = "Unable to create the folders used to store encryption details.\n"\
          'Please ensure the user has permissions to create folders in the ' \
          "path specified in the  encryption config: #{enc_path}\n"
    handle_error(msg, e)
  end

  SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA)
end

.get_config(config_path, enc_path = nil) ⇒ Object

Encrypts a configuration file and returns the unencrypted hash.



15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 15

def self.get_config(config_path, enc_path=nil)
  # Try to load a path from the provided config
  custom_enc_path = get_enc_directory(config_path)
  enc_path = custom_enc_path unless custom_enc_path.nil?

  enc_path = File.expand_path(enc_path, __FILE__)
  config_path = File.expand_path(config_path)


  generate_keys(enc_path, config_path)
  encrypt_config(enc_path, config_path)
  decrypt_config(enc_path, config_path)
end

.get_enc_directory(config_path) ⇒ Object

Retrieves the custom directory of the encryption config



41
42
43
44
45
46
47
48
49
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 41

def self.get_enc_directory(config_path)
  settings = YAML.load_file(config_path)
  return nil if settings[:encryption_options].nil?

  enc_dir = settings[:encryption_options][:directory]
  return nil if (enc_dir.nil? || enc_dir == '')

  File.expand_path(enc_dir, __FILE__)
end

.handle_error(message, error) ⇒ Object 



137
138
139
140
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 137

def self.handle_error(message, error)
  puts message
  raise error
end

.populate_ciphers(enc_path, config_path) ⇒ Object

Replace placeholder values for the key and iv file paths, placing them in the config folder by default.



87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 87

def self.populate_ciphers(enc_path, config_path)
  settings = YAML.load_file(enc_path)
  ciphers = settings[STANZA]['ciphers'].first
  config_folder = File.dirname(config_path)
  config_name = File.basename(config_path, File.extname(config_path))

  %w(key iv).each do |file|
    label = "#{file}_filename"
    file_path = ciphers[label]
    next unless file_path.include? PLACEHOLDER

    filename = ".#{config_name}.#{file}"
    ciphers[label] = File.join(config_folder, filename)
  end

  save_config(settings, enc_path)
end

.save_config(config_details, config_path) ⇒ Object

Writes the YAML to file with custom formatting options



30
31
32
33
 
# File 'lib/nexpose_ticketing/utilities/config_parser.rb', line 30

def self.save_config(config_details, config_path)
  yaml = config_details.to_yaml(line_width: WIDTH)
  File.open(config_path, 'w') {|f| f.write yaml }
end