Commit required for rake build - use PKCS7 instead of RSA

.gitignore

@@ -2,4 +2,4 @@
 *.iml
 *.gradle
 keys/*.pem
-pkg/*/lib
+pkg/

Gemfile

@@ -0,0 +1,5 @@
+source 'https://rubygems.org/'
+
+gem 'highline'
+gem 'trollop'
+

Gemfile.lock

@@ -0,0 +1,12 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    highline (1.6.19)
+    trollop (2.0)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  highline
+  trollop

Rakefile

@@ -1,20 +1 @@
-require 'rubygems'
-require 'rake/gempackagetask'
-
-spec = Gem::Specification.new do |gem|
-    gem.name = "hiera-eyaml"
-    gem.version = "1.0.0"
-    gem.summary = "OpenSSL Encryption backend for Hiera"
-    gem.email = "[email protected]"
-    gem.author = "Tom Paulton"
-    gem.homepage = "http://github.com/TomPaulton/hiera-eyaml"
-    gem.description = "Hiera backend for decrypting encrypted yaml properties"
-    gem.require_path = "lib"
-    gem.files = FileList["lib/**/*"].to_a
-    gem.add_dependency('hiera', '>=0.2.0')
-end
-
-Rake::GemPackageTask.new(spec) do |pkg|
-    pkg.need_tar = true
-end
-
+require "bundler/gem_tasks"

bin/eyaml

@@ -0,0 +1,95 @@
+#!/usr/bin/env ruby
+
+require 'openssl'
+require 'base64'
+require 'trollop'
+require 'highline'
+
+options = Trollop::options do
+
+  version "Hiera-eyaml version " + Hiera::Backend::Eyaml::VERSION.to_s
+  banner <<-EOS
+Hiera-eyaml is a backend for Hiera which provides OpenSSL encryption/decryption for Hiera properties
+
+Usage:
+  hiera-eyaml [options] [string-to-encrypt]
+  EOS
+
+  opt :createkeys, "Create public and private keys for use encrypting properties", :short => 'c'
+  opt :password, "Encrypt a password entered on the terminal", :short => 'p'
+  opt :file, "Encrypt a file instead of a string", :short => 'f', :type => :string
+  opt :private_key, "Filename of the private_key", :type => :string
+  opt :public_key, "Filename of the public_key", :type => :string
+  opt :encrypt, "Encrypt something", :short => 'e'
+  opt :decrypt, "Decrypt something", :short => 'e'
+end
+
+Trollop::die "You cannot specify --encrypt and --decrypt" if options[:encrypt] and options[:decrypt]
+
+# Defaults
+options[:private_key_filename] ||= "keys/private_key.pem"
+options[:public_key_filename] ||= "keys/public_key.pem"
+options[:string] = ARGV.join(' ')
+
+if options[:password]
+  password = ask("Enter password: ") {|q| q.echo = "*" }
+  options[:string] = password
+end
+
+if options[:createkeys]
+  key = OpenSSL::Pkey::RSA.new(2048)
+  open( private_key_filename, "w" ) do |io|
+    io.write(key.to_pem)
+  end
+  puts "#{private_key_filename} created."
+  open( public_key_filename, "w" ) do |io|
+    io.write(key.public_key.to_pem)
+  end
+  puts "#{public_key_filename} created."
+  exit
+end
+
+if options[:encrypt]
+
+  plaintext = nil
+  plaintext = options[:string] if options[:string]
+  plaintext = File.read( options[:file] ) if options[:file]
+
+  if plaintext.nil?
+    puts "Specify a string or --file to encrypt something. See --help for more usage instructions."
+    exit
+  end
+
+  public_key_pem = File.read( public_key_filename )
+  public_key = OpenSSL::X509::Certificate.new( public_key_pem )
+
+  cipher = OpenSSL::Cipher::AES.new(256, :CBC)
+  ciphertext = OpenSSL::PKCS7::encrypt([public_key], plaintext, cipher, OpenSSL::PKCS7::BINARY).to_pem
+
+  puts "#{ciphertext}"
+  exit
+
+end
+
+if options[:decrypt]
+
+  ciphertext = nil
+  ciphertext = options[:string] if options[:string]
+  ciphertext = File.read( options[:file] ) if options[:file]
+
+  if ciphertext.nil?
+    puts "Specify a string or --file to decrypt something. See --help for more usage instructions."
+    exit
+  end
+
+  private_key_path = "./privatekey.pem"
+  private_key_pem = File.read( private_key_path )
+  private_key = OpenSSL::PKey::RSA.new( private_key_pem )
+
+  pkcs7 = OpenSSL::PKCS7.new( ciphertext )
+
+  plaintext = pkcs7.decrypt(private_key, public_key)
+  puts "#{plaintext}"
+  exit
+
+end

hiera-eyaml.gemspec

@@ -0,0 +1,21 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hiera/backend/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "hiera-eyaml"
+  gem.version       = Hiera::Backend::Eyaml::VERSION
+  gem.description   = "Hiera backend for decrypting encrypted yaml properties"
+  gem.summary       = "OpenSSL Encryption backend for Hiera"
+  gem.email         = "[email protected]"
+  gem.author        = "Tom Paulton"
+
+  gem.homepage      = "http://github.com/TomPaulton/hiera-eyaml"
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+
+  gem.add_dependency('trollop', '>2.0')
+end

hiera-eyaml/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

hiera-eyaml/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in hiera-eyaml.gemspec
+gemspec

hiera-eyaml/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2013 Geoff Meakin
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

hiera-eyaml/README.md

@@ -0,0 +1,29 @@
+# Hiera::Eyaml
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'hiera-eyaml'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install hiera-eyaml
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

hiera-eyaml/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

hiera-eyaml/hiera-eyaml.gemspec

@@ -0,0 +1,19 @@
+# -*- encoding: utf-8 -*-
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'hiera-eyaml/version'
+
+Gem::Specification.new do |gem|
+  gem.name          = "hiera-eyaml"
+  gem.version       = Hiera::Eyaml::VERSION
+  gem.authors       = ["Geoff Meakin"]
+  gem.email         = ["[email protected]"]
+  gem.description   = %q{TODO: Write a gem description}
+  gem.summary       = %q{TODO: Write a gem summary}
+  gem.homepage      = ""
+
+  gem.files         = `git ls-files`.split($/)
+  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
+  gem.require_paths = ["lib"]
+end

hiera-eyaml/lib/hiera-eyaml.rb

@@ -0,0 +1,7 @@
+require "hiera-eyaml/version"
+
+module Hiera
+  module Eyaml
+    # Your code goes here...
+  end
+end

hiera-eyaml/lib/hiera-eyaml/version.rb

@@ -0,0 +1,5 @@
+module Hiera
+  module Eyaml
+    VERSION = "0.0.1"
+  end
+end

lib/hiera/backend/version.rb

@@ -0,0 +1,7 @@
+module Hiera
+  module Backend
+    module Eyaml
+      VERSION = "0.0.1"
+    end
+  end
+end