Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use official rubocop hook #14

Merged
merged 1 commit into from May 9, 2022
Merged

use official rubocop hook #14

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
8 changes: 2 additions & 6 deletions .pre-commit-config.yaml
View file
Open in desktop
Expand Up @@ -5,11 +5,7 @@ repos:
- id: trailing-whitespace
- id: end-of-file-fixer
- id: check-yaml
- repo: local
- repo: https://github.com/rubocop/rubocop
rev: v1.29.0
hooks:
- id: rubocop
name: rubocop
entry: rubocop --auto-correct
types: [ruby]
language: ruby
additional_dependencies: ['rubocop:0.63.1']
10 changes: 8 additions & 2 deletions .rubocop.yml
View file
Open in desktop
@@ -1,3 +1,11 @@
AllCops:
NewCops: enable
TargetRubyVersion: '2.6'

Layout:
Metrics/LineLength:
IgnoreCopDirectives: true

Metrics/AbcSize:
Max: 30
Metrics/BlockLength:
Expand All @@ -6,7 +14,5 @@ Metrics/CyclomaticComplexity:
Max: 10
Metrics/MethodLength:
Max: 30
Metrics/LineLength:
IgnoreCopDirectives: true
Style/Documentation:
Enabled: false
2 changes: 2 additions & 0 deletions Gemfile
View file
Open in desktop
@@ -1,3 +1,5 @@
# frozen_string_literal: true

source 'https://rubygems.org/'

gem 'fernet', '>=2'
Expand Down
4 changes: 4 additions & 0 deletions hiera-eyaml-sshagent.gemspec
View file
Open in desktop
@@ -1,3 +1,5 @@
# frozen_string_literal: true

lib = File.expand_path('lib', __dir__)
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
require 'hiera/backend/eyaml/encryptors/sshagent/version'
Expand All @@ -15,6 +17,8 @@ Gem::Specification.new do |gem|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
gem.require_paths = ['lib']

gem.required_ruby_version = '>=2.6'
gem.add_dependency('fernet', '>=2')
gem.add_dependency('hiera-eyaml', '>=1.3.8')
gem.metadata['rubygems_mfa_required'] = 'true'
end
34 changes: 14 additions & 20 deletions lib/hiera/backend/eyaml/encryptors/sshagent.rb
View file
Open in desktop
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'base64'
require 'json'
require 'socket'
Expand All @@ -12,13 +14,13 @@ module Encryptors
class SSHAgent < Encryptor
self.tag = 'SSHAGENT'

SSH2_AGENTC_REQUEST_IDENTITIES = "\x0b".freeze
SSH2_AGENT_IDENTITIES_ANSWER = "\x0c".freeze
SSH2_AGENTC_SIGN_REQUEST = "\x0d".freeze
SSH2_AGENT_SIGN_RESPONSE = "\x0e".freeze
SSH2_AGENTC_REQUEST_IDENTITIES = "\x0b"
SSH2_AGENT_IDENTITIES_ANSWER = "\x0c"
SSH2_AGENTC_SIGN_REQUEST = "\x0d"
SSH2_AGENT_SIGN_RESPONSE = "\x0e"

def self.read_u32(sock)
sock.read(4).unpack('L>')[0]
sock.read(4).unpack1('L>')
end

def self.read_s(sock)
Expand All @@ -39,9 +41,7 @@ def self.sign(sock, key_blob, challenge)
sock.write(encode_s(request))

sio = StringIO.new(read_s(sock))
if sio.read(1) != SSH2_AGENT_SIGN_RESPONSE
raise 'Expected SSH2_AGENT_SIGN_RESPONSE'
end
raise 'Expected SSH2_AGENT_SIGN_RESPONSE' if sio.read(1) != SSH2_AGENT_SIGN_RESPONSE

sio = StringIO.new(read_s(sio))
raise 'Expected ssh-rsa' if read_s(sio) != 'ssh-rsa'
Expand All @@ -53,9 +53,7 @@ def self.get_key_blob(sock, keyid)
sock.write(encode_s(SSH2_AGENTC_REQUEST_IDENTITIES))

sio = StringIO.new(read_s(sock))
if sio.read(1) != SSH2_AGENT_IDENTITIES_ANSWER
raise 'expected SSH2_AGENT_IDENTITIES_ANSWER'
end
raise 'expected SSH2_AGENT_IDENTITIES_ANSWER' if sio.read(1) != SSH2_AGENT_IDENTITIES_ANSWER

(0...read_u32(sio)).each do
key_blob = read_s(sio)
Expand All @@ -65,9 +63,7 @@ def self.get_key_blob(sock, keyid)
end

class Encrypted
attr_reader :challenge
attr_reader :salt
attr_reader :payload
attr_reader :challenge, :salt, :payload

def initialize(challenge, salt, payload)
@challenge = challenge
Expand All @@ -93,7 +89,7 @@ def self.from_dct(dct)
end

def self.get_key(keyid, challenge, salt)
signature_blob = Socket.unix(ENV['SSH_AUTH_SOCK']) do |sock|
signature_blob = Socket.unix(ENV.fetch('SSH_AUTH_SOCK', nil)) do |sock|
key_blob = get_key_blob(sock, keyid)
break sign(sock, key_blob, challenge)
end
Expand All @@ -103,7 +99,7 @@ def self.get_key(keyid, challenge, salt)
salt,
100_000,
32,
OpenSSL::Digest::SHA256.new
OpenSSL::Digest.new('SHA256')
)
Base64.encode64(kdf)
end
Expand All @@ -130,9 +126,7 @@ def self.decrypt_contents(keyid, contents)

def self.keyid
keyid = option :keyid
if keyid.nil? || keyid.empty?
raise ArgumentError, 'No keyid configured!'
end
raise ArgumentError, 'No keyid configured!' if keyid.nil? || keyid.empty?

keyid
end
Expand All @@ -147,7 +141,7 @@ def self.decrypt(ciphertext)
end

def self.create_keys
STDERR.puts 'This encryptor does not support creation of keys'
warn 'This encryptor does not support creation of keys'
end
end
end
Expand Down
2 changes: 2 additions & 0 deletions lib/hiera/backend/eyaml/encryptors/sshagent/eyaml_init.rb
View file
Open in desktop
@@ -1,3 +1,5 @@
# frozen_string_literal: true

require 'hiera/backend/eyaml/encryptors/sshagent'

Hiera::Backend::Eyaml::Encryptors::SSHAgent.register
4 changes: 3 additions & 1 deletion lib/hiera/backend/eyaml/encryptors/sshagent/version.rb
View file
Open in desktop
@@ -1,9 +1,11 @@
# frozen_string_literal: true

class Hiera
module Backend
module Eyaml
module Encryptors
module SSHAgent
VERSION = '0.1'.freeze
VERSION = '0.1'
end
end
end
Expand Down