Class: Secretmgr::Secret

Inherits:
Object
  • Object
show all
Includes:
RSpec::Matchers
Defined in:
lib/secretmgr/secret.rb

Constant Summary collapse

RSA_KEY_SIZE = 
2048
FORMAT_FILE = 
"format.txt".freeze
SSH_DIR = 
".ssh".freeze
RSA_PRIVATE_FILE = 
"id_rsa_no".freeze
RSA_PUBLIC_PEM_FILE = 
"id_rsa_no.pub.pem".freeze
SETTING_FILE = 
"setting.yml".freeze
SECRET_FILE = 
"secret.yml".freeze
DEFAULT_PUBLIC_KEYFILE = 
".ssh/id_rsa.pub".freeze
DEFAULT_PRIVATE_KEYFILE = 
".ssh/id_rsa".freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(setting, home_pn, secret_dir_pn, ope, default_public_keyfile_pn, default_private_keyfile_pn, public_keyfile_pn: nil, private_keyfile_pn: nil) ⇒ Secret

Returns a new instance of Secret.



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
# File 'lib/secretmgr/secret.rb', line 19

def initialize(setting, home_pn, secret_dir_pn, ope,
               default_public_keyfile_pn,
               default_private_keyfile_pn,
               public_keyfile_pn: nil,
               private_keyfile_pn: nil)
  # p "Secret.initialize public_keyfile_pn=#{public_keyfile_pn}"
  # p "Secret.initialize private_keyfile_pn~#{private_keyfile_pn}"
  @mode = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
  @setting = setting
  # p "Secret.new secret_dir_pn=#{secret_dir_pn}"
  @secret_dir_pn = secret_dir_pn
  @secret_dir_pn = Pathname.new(@secret_dir_pn) unless @secret_dir_pn.instance_of?(Pathname)
  # p "@Secret.new secret_dir_pn=#{@secret_dir_pn}"

  @home_pn = home_pn
  @format_config = Config.new(@secret_dir_pn, FORMAT_FILE)

  @private_key = nil
  @public_key = nil
  @private_key = create_private_key(private_keyfile_pn) if private_keyfile_pn
  @public_key = create_public_key(public_keyfile_pn) if public_keyfile_pn

  @valid = false

  if @private_key.nil? && @public_key.nil?
    case ope
    when "setup"
      # @public_key, @private_key = create_keyfiles()
      @rsa_key, @public_key, @public_key_str, @private_key, @private_key_str = create_keyfiles
      default_public_keyfile_pn ||= @setting.get("default_public_keyfile_pn")
      default_private_keyfile_pn ||= @setting.get("default_private_keyfile_pn")
      output_public_key(default_public_keyfile_pn)
      output_private_key(default_private_keyfile_pn)
      @setting.set("default_public_keyfile_pn", default_public_keyfile_pn)
      @setting.set("default_private_keyfile_pn", default_private_keyfile_pn)
      @setting.save
    else
      default_public_keyfile_pn = @setting.get("default_public_keyfile_pn")
      default_private_keyfile_pn = @setting.get("default_private_keyfile_pn")
      @private_key = create_private_key(default_private_keyfile_pn)
      @public_key = create_public_key(default_public_keyfile_pn)
    end
  end
  @valid = true
end

Instance Attribute Details

#private_keyObject (readonly)

Returns the value of attribute private_key.



17
18
19
 
# File 'lib/secretmgr/secret.rb', line 17

def private_key
  @private_key
end

#private_keyfile_pnObject (readonly)

Returns the value of attribute private_keyfile_pn.



17
18
19
 
# File 'lib/secretmgr/secret.rb', line 17

def private_keyfile_pn
  @private_keyfile_pn
end

#public_keyObject (readonly)

Returns the value of attribute public_key.



17
18
19
 
# File 'lib/secretmgr/secret.rb', line 17

def public_key
  @public_key
end

#public_keyfile_pnObject (readonly)

Returns the value of attribute public_keyfile_pn.



17
18
19
 
# File 'lib/secretmgr/secret.rb', line 17

def public_keyfile_pn
  @public_keyfile_pn
end

#validObject (readonly)

Returns the value of attribute valid.



17
18
19
 
# File 'lib/secretmgr/secret.rb', line 17

def valid
  @valid
end

Instance Method Details

#create_keyfilesObject 



214
215
216
217
218
219
220
221
222
223
224
225
226
 
# File 'lib/secretmgr/secret.rb', line 214

def create_keyfiles
  rsa_key = OpenSSL::PKey::RSA.new(RSA_KEY_SIZE)
  # 秘密鍵を生成
  private_key = rsa_key
  private_key_str = rsa_key.to_pem

  # 公開鍵を生成
  public_key = rsa_key.public_key
  public_key_str = public_key.to_pem

  Loggerxs.debug "############## create_keyfiles public_key=#{public_key}"
  [rsa_key, public_key, public_key_str, private_key, private_key_str]
end

#create_private_key(private_keyfile_pn) ⇒ Object 



89
90
91
92
93
94
95
96
97
98
99
100
 
# File 'lib/secretmgr/secret.rb', line 89

def create_private_key(private_keyfile_pn)
  key_obj = nil
  private_key = nil
  Loggerxs.debug "20 private_keyfile_pn=#{private_keyfile_pn}"
  private_key = File.read(private_keyfile_pn) if private_keyfile_pn.exist?
  unless private_key.nil?
    # 鍵をOpenSSLのオブジェクトにする
    key_obj = OpenSSL::PKey::RSA.new(private_key)
    Loggerxs.debug "23 private_key="
  end
  key_obj
end

#create_public_key(public_keyfile_pn) ⇒ Object 



70
71
72
73
74
75
76
77
78
79
80
81
82
 
# File 'lib/secretmgr/secret.rb', line 70

def create_public_key(public_keyfile_pn)
  key_obj = nil
  pub_key = nil
  pub_key = File.read(public_keyfile_pn) if public_keyfile_pn.exist?
  Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"

  unless pub_key.nil?
    # 鍵をOpenSSLのオブジェクトにする
    key_obj = OpenSSL::PKey::RSA.new(pub_key)
    Loggerxs.debug "3 key_obj="
  end
  key_obj
end

#decrypt_with_common_key(encrypted_data, key, ivalue) ⇒ Object 



203
204
205
206
207
208
209
210
211
212
 
# File 'lib/secretmgr/secret.rb', line 203

def decrypt_with_common_key(encrypted_data, key, ivalue)
  decx = OpenSSL::Cipher.new(CIPHER_NAME)
  decx.decrypt
  decx.key = key
  decx.iv = ivalue
  data = decx.update(encrypted_data)
  final_data = decx.final
  decrypted_data = data + final_data
  decrypted_data.force_encoding("UTF-8")
end

#decrypt_with_private_key(base64_text) ⇒ Object 



167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/secretmgr/secret.rb', line 167

def decrypt_with_private_key(base64_text)
  key = nil
  if @private_key.nil?
    return nil if @rsa_key.nil?

    key = @rsa_key
  else
    key = @private_key
  end
  return unless key

  plain_text = Base64.decode64(base64_text)
  #         p "decrypt_with_private_key base64_text.size=#{base64_text.size}"
  #         p "decrypt_with_private_key base64_text=#{base64_text}"
  #         p "decrypt_with_private_key @private_key=#{@private_key}"
  #         p "decrypt_with_private_key @rsa_key=#{@rsa_key}"
  #         p "decrypt_with_private_key key=#{key}"
  #         p "decrypt_with_private_key plain_text.size=#{plain_text.size}"
  key.private_decrypt(
    plain_text,
    @mode
  )
end

#encrypt_and_copy(src_pn, relative_path, key, ivx) ⇒ Object 



155
156
157
158
159
160
161
162
163
164
165
 
# File 'lib/secretmgr/secret.rb', line 155

def encrypt_and_copy(src_pn, relative_path, key, ivx)
  dest_pn = @secret_dir_pn + relative_path
  return unless src_pn.exist? && src_pn.file?

  dest_parent_pn = dest_pn.parent
  dest_parent_pn.mkpath

  plaintext = File.read(src_pn)
  encrypted_text = encrypt_with_common_key(plaintext, key, ivx)
  File.write(dest_pn, encrypted_text)
end

#encrypt_with_common_key(plaintext, key, ivalue) ⇒ Object

引数 plaintext を暗号化した結果を返す



192
193
194
195
196
197
198
199
200
201
 
# File 'lib/secretmgr/secret.rb', line 192

def encrypt_with_common_key(plaintext, key, ivalue)
  encx = OpenSSL::Cipher.new(CIPHER_NAME)
  encx.encrypt
  encx.key = key
  encx.iv = ivalue
  # str に与えた文字列を暗号化します。
  encrypted_text = encx.update(plaintext) + encx.final

  Base64.encode64(encrypted_text)
end

#encrypt_with_public_key(data) ⇒ Object 



127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
 
# File 'lib/secretmgr/secret.rb', line 127

def encrypt_with_public_key(data)
  key = nil
  if @public_key.nil?
    return nil if @rsa_key.nil?

    key = @rsa_key
  else
    key = @public_key
  end
  return unless key

  # p "data.size=#{data.size}"
  ecrypted_text = key.public_encrypt(
    data,
    @mode
  )
  Base64.encode64(ecrypted_text)
  #         # p "base64_test.size=#{base64_text.size}"
  #         #
  #         decrypted_text = @private_key_2.private_decrypt(
  #           ecrypted_text,
  #           @mode
  #         )
  #
  #         # p "decrypted_text.size=#{decrypted_text.size}"
  #         # p "decrypted_text=#{decrypted_text}"
end

#encrypted_secret_file_pnObject 



123
124
125
 
# File 'lib/secretmgr/secret.rb', line 123

def encrypted_secret_file_pn
  @secret_dir_pn + SECRET_FILE
end

#encrypted_setting_file_pnObject 



119
120
121
 
# File 'lib/secretmgr/secret.rb', line 119

def encrypted_setting_file_pn
  @secret_dir_pn + SETTING_FILE
end

#file_format(target, sub_target) ⇒ Object 



102
103
104
 
# File 'lib/secretmgr/secret.rb', line 102

def file_format(target, sub_target)
  @format_config.file_format(target, sub_target)
end

#get_file_path(dirs) ⇒ Object 



106
107
108
 
# File 'lib/secretmgr/secret.rb', line 106

def get_file_path(dirs)
  @format_config.get_file_path(@secret_dir_pn, dirs)
end

#make_pair_file_pn(file_pn, ext) ⇒ Object 



110
111
112
113
114
115
116
117
 
# File 'lib/secretmgr/secret.rb', line 110

def make_pair_file_pn(file_pn, ext)
  basename = file_pn.basename
  extname = basename.extname
  return nil if extname == ext

  basename = file_pn.basename(".*")
  @secret_dir_pn + %(#{basename}.#{ext})
end

#output_private_key(private_keyfile_pn) ⇒ Object 



84
85
86
87
 
# File 'lib/secretmgr/secret.rb', line 84

def output_private_key(private_keyfile_pn)
  File.write(private_keyfile_pn, @private_key_str)
  Loggerxs.debug "0 private_keyfile_pn=#{private_keyfile_pn}"
end

#output_public_key(public_keyfile_pn) ⇒ Object 



65
66
67
68
 
# File 'lib/secretmgr/secret.rb', line 65

def output_public_key(public_keyfile_pn)
  File.write(public_keyfile_pn, @public_key_str)
  Loggerxs.debug "0 public_keyfile_pn=#{public_keyfile_pn}"
end