Update version according to OSCI-856

[packages/precise/mcollective.git] / doc / classes / MCollective / SSL.html

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <title>Class: MCollective::SSL</title>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Content-Script-Type" content="text/javascript" />
  <link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
  <script type="text/javascript">
  // <![CDATA[

  function popupCode( url ) {
    window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
  }

  function toggleCode( id ) {
    if ( document.getElementById )
      elem = document.getElementById( id );
    else if ( document.all )
      elem = eval( "document.all." + id );
    else
      return false;

    elemStyle = elem.style;
    
    if ( elemStyle.display != "block" ) {
      elemStyle.display = "block"
    } else {
      elemStyle.display = "none"
    }

    return true;
  }
  
  // Make codeblocks hidden by default
  document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
  
  // ]]>
  </script>

</head>
<body>



    <div id="classHeader">
        <table class="header-table">
        <tr class="top-aligned-row">
          <td><strong>Class</strong></td>
          <td class="class-name-in-header">MCollective::SSL</td>
        </tr>
        <tr class="top-aligned-row">
            <td><strong>In:</strong></td>
            <td>
                <a href="../../files/lib/mcollective/ssl_rb.html">
                lib/mcollective/ssl.rb
                </a>
        <br />
            </td>
        </tr>

        <tr class="top-aligned-row">
            <td><strong>Parent:</strong></td>
            <td>
                Object
            </td>
        </tr>
        </table>
    </div>
  <!-- banner header -->

  <div id="bodyContent">



  <div id="contextContent">

    <div id="description">
      <p>
A class that assists in encrypting and decrypting data using a combination
of RSA and AES
</p>
<p>
<a href="Data.html">Data</a> will be AES encrypted for speed, the Key used
in # the AES stage will be encrypted using RSA
</p>
<pre>
  ssl = SSL.new(public_key, private_key, passphrase)

  data = File.read(&quot;largefile.dat&quot;)

  crypted_data = ssl.encrypt_with_private(data)

  pp crypted_data
</pre>
<p>
This will result in a hash of data like:
</p>
<pre>
  crypted = {:key  =&gt; &quot;crd4NHvG....=&quot;,
             :data =&gt; &quot;XWXlqN+i...==&quot;}
</pre>
<p>
The key and data will all be base 64 encoded already by default you can
pass a 2nd parameter as false to <a
href="SSL.html#M000378">encrypt_with_private</a> and counterparts that will
prevent the base 64 encoding
</p>
<p>
You can pass the data hash into ssl.decrypt_with_public which should return
your original data
</p>
<p>
There are matching methods for using a public key to encrypt data to be
decrypted using a private key
</p>

    </div>


   </div>

    <div id="method-list">
      <h3 class="section-bar">Methods</h3>

      <div class="name-list">
      <a href="#M000386">aes_decrypt</a>&nbsp;&nbsp;
      <a href="#M000385">aes_encrypt</a>&nbsp;&nbsp;
      <a href="#M000392">base64_decode</a>&nbsp;&nbsp;
      <a href="#M000391">base64_decode</a>&nbsp;&nbsp;
      <a href="#M000390">base64_encode</a>&nbsp;&nbsp;
      <a href="#M000389">base64_encode</a>&nbsp;&nbsp;
      <a href="#M000379">decrypt_with_private</a>&nbsp;&nbsp;
      <a href="#M000380">decrypt_with_public</a>&nbsp;&nbsp;
      <a href="#M000378">encrypt_with_private</a>&nbsp;&nbsp;
      <a href="#M000377">encrypt_with_public</a>&nbsp;&nbsp;
      <a href="#M000394">md5</a>&nbsp;&nbsp;
      <a href="#M000393">md5</a>&nbsp;&nbsp;
      <a href="#M000376">new</a>&nbsp;&nbsp;
      <a href="#M000396">read_key</a>&nbsp;&nbsp;
      <a href="#M000382">rsa_decrypt_with_private</a>&nbsp;&nbsp;
      <a href="#M000384">rsa_decrypt_with_public</a>&nbsp;&nbsp;
      <a href="#M000383">rsa_encrypt_with_private</a>&nbsp;&nbsp;
      <a href="#M000381">rsa_encrypt_with_public</a>&nbsp;&nbsp;
      <a href="#M000387">sign</a>&nbsp;&nbsp;
      <a href="#M000395">uuid</a>&nbsp;&nbsp;
      <a href="#M000388">verify_signature</a>&nbsp;&nbsp;
      </div>
    </div>

  </div>


    <!-- if includes -->

    <div id="section">





    <div id="attribute-list">
      <h3 class="section-bar">Attributes</h3>

      <div class="name-list">
        <table>
        <tr class="top-aligned-row context-row">
          <td class="context-item-name">private_key_file</td>
          <td class="context-item-value">&nbsp;[R]&nbsp;</td>
          <td class="context-item-desc"></td>
        </tr>
        <tr class="top-aligned-row context-row">
          <td class="context-item-name">public_key_file</td>
          <td class="context-item-value">&nbsp;[R]&nbsp;</td>
          <td class="context-item-desc"></td>
        </tr>
        <tr class="top-aligned-row context-row">
          <td class="context-item-name">ssl_cipher</td>
          <td class="context-item-value">&nbsp;[R]&nbsp;</td>
          <td class="context-item-desc"></td>
        </tr>
        </table>
      </div>
    </div>
      


    <!-- if method_list -->
    <div id="methods">
      <h3 class="section-bar">Public Class methods</h3>

      <div id="method-M000392" class="method-detail">
        <a name="M000392"></a>

        <div class="method-heading">
          <a href="#M000392" class="method-signature">
          <span class="method-name">base64_decode</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000392-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000392-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 195</span>
195:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
196:       <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-identifier">string</span>)
197:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000390" class="method-detail">
        <a name="M000390"></a>

        <div class="method-heading">
          <a href="#M000390" class="method-signature">
          <span class="method-name">base64_encode</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000390-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000390-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 186</span>
186:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
187:       <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">encode64</span>(<span class="ruby-identifier">string</span>)
188:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000394" class="method-detail">
        <a name="M000394"></a>

        <div class="method-heading">
          <a href="#M000394" class="method-signature">
          <span class="method-name">md5</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000394-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000394-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 203</span>
203:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
204:       <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">string</span>)
205:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000376" class="method-detail">
        <a name="M000376"></a>

        <div class="method-heading">
          <a href="#M000376" class="method-signature">
          <span class="method-name">new</span><span class="method-args">(pubkey=nil, privkey=nil, passphrase=nil, cipher=nil)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000376-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000376-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 37</span>
37:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">pubkey</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">privkey</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">passphrase</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">cipher</span>=<span class="ruby-keyword kw">nil</span>)
38:       <span class="ruby-ivar">@public_key_file</span> = <span class="ruby-identifier">pubkey</span>
39:       <span class="ruby-ivar">@private_key_file</span> = <span class="ruby-identifier">privkey</span>
40: 
41:       <span class="ruby-ivar">@public_key</span>  = <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">:public</span>, <span class="ruby-identifier">pubkey</span>)
42:       <span class="ruby-ivar">@private_key</span> = <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">:private</span>, <span class="ruby-identifier">privkey</span>, <span class="ruby-identifier">passphrase</span>)
43: 
44:       <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-value str">&quot;aes-256-cbc&quot;</span>
45:       <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">ssl_cipher</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">ssl_cipher</span>
46:       <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-identifier">cipher</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">cipher</span>
47: 
48:       <span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;The supplied cipher '#{@ssl_cipher}' is not supported&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">ciphers</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-ivar">@ssl_cipher</span>)
49:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000395" class="method-detail">
        <a name="M000395"></a>

        <div class="method-heading">
          <a href="#M000395" class="method-signature">
          <span class="method-name">uuid</span><span class="method-args">(string=nil)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Creates a RFC 4122 version 5 UUID. If string is supplied it will produce
repeatable UUIDs for that string else a random 128bit string will be used
from OpenSSL::BN
</p>
<p>
Code used with permission from:
</p>
<pre>
   https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/uuid.rb
</pre>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000395-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000395-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 213</span>
213:     <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">uuid</span>(<span class="ruby-identifier">string</span>=<span class="ruby-keyword kw">nil</span>)
214:       <span class="ruby-identifier">string</span> <span class="ruby-operator">||=</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">random_bytes</span>(<span class="ruby-value">16</span>).<span class="ruby-identifier">unpack</span>(<span class="ruby-value str">'H*'</span>).<span class="ruby-identifier">shift</span>
215: 
216:       <span class="ruby-identifier">uuid_name_space_dns</span> = <span class="ruby-value str">&quot;\x6b\xa7\xb8\x10\x9d\xad\x11\xd1\x80\xb4\x00\xc0\x4f\xd4\x30\xc8&quot;</span>
217: 
218:       <span class="ruby-identifier">sha1</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>
219:       <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">uuid_name_space_dns</span>)
220:       <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">string</span>)
221: 
222:       <span class="ruby-comment cmt"># first 16 bytes..</span>
223:       <span class="ruby-identifier">bytes</span> = <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">digest</span>[<span class="ruby-value">0</span>, <span class="ruby-value">16</span>].<span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">to_a</span>
224: 
225:       <span class="ruby-comment cmt"># version 5 adjustments</span>
226:       <span class="ruby-identifier">bytes</span>[<span class="ruby-value">6</span>] <span class="ruby-operator">&amp;=</span> <span class="ruby-value">0x0f</span>
227:       <span class="ruby-identifier">bytes</span>[<span class="ruby-value">6</span>] <span class="ruby-operator">|=</span> <span class="ruby-value">0x50</span>
228: 
229:       <span class="ruby-comment cmt"># variant is DCE 1.1</span>
230:       <span class="ruby-identifier">bytes</span>[<span class="ruby-value">8</span>] <span class="ruby-operator">&amp;=</span> <span class="ruby-value">0x3f</span>
231:       <span class="ruby-identifier">bytes</span>[<span class="ruby-value">8</span>] <span class="ruby-operator">|=</span> <span class="ruby-value">0x80</span>
232: 
233:       <span class="ruby-identifier">bytes</span> = [<span class="ruby-value">4</span>, <span class="ruby-value">2</span>, <span class="ruby-value">2</span>, <span class="ruby-value">2</span>, <span class="ruby-value">6</span>].<span class="ruby-identifier">collect</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">i</span><span class="ruby-operator">|</span>
234:         <span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">slice!</span>(<span class="ruby-value">0</span>, <span class="ruby-identifier">i</span>).<span class="ruby-identifier">pack</span>(<span class="ruby-value str">'C*'</span>).<span class="ruby-identifier">unpack</span>(<span class="ruby-value str">'H*'</span>)
235:       <span class="ruby-keyword kw">end</span>
236: 
237:       <span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">'-'</span>)
238:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <h3 class="section-bar">Public Instance methods</h3>

      <div id="method-M000386" class="method-detail">
        <a name="M000386"></a>

        <div class="method-heading">
          <a href="#M000386" class="method-signature">
          <span class="method-name">aes_decrypt</span><span class="method-args">(key, crypt_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
decrypts a string given key, iv and data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000386-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000386-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 158</span>
158:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypt_string</span>)
159:       <span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">ssl_cipher</span>)
160: 
161:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">decrypt</span>
162:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span>
163:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">pkcs5_keyivgen</span>(<span class="ruby-identifier">key</span>)
164:       <span class="ruby-identifier">decrypted_data</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">crypt_string</span>) <span class="ruby-operator">+</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">final</span>
165:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000385" class="method-detail">
        <a name="M000385"></a>

        <div class="method-heading">
          <a href="#M000385" class="method-signature">
          <span class="method-name">aes_encrypt</span><span class="method-args">(plain_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
encrypts a string, returns a hash of key, iv and data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000385-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000385-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 144</span>
144:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
145:       <span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">ssl_cipher</span>)
146:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">encrypt</span>
147: 
148:       <span class="ruby-identifier">key</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">random_key</span>
149: 
150:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span>
151:       <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">pkcs5_keyivgen</span>(<span class="ruby-identifier">key</span>)
152:       <span class="ruby-identifier">encrypted_data</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">plain_string</span>) <span class="ruby-operator">+</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">final</span>
153: 
154:       {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">encrypted_data</span>}
155:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000391" class="method-detail">
        <a name="M000391"></a>

        <div class="method-heading">
          <a href="#M000391" class="method-signature">
          <span class="method-name">base64_decode</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
base 64 decode a string
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000391-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000391-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 191</span>
191:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
192:       <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
193:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000389" class="method-detail">
        <a name="M000389"></a>

        <div class="method-heading">
          <a href="#M000389" class="method-signature">
          <span class="method-name">base64_encode</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
base 64 encode a string
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000389-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000389-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 182</span>
182:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
183:       <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
184:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000379" class="method-detail">
        <a name="M000379"></a>

        <div class="method-heading">
          <a href="#M000379" class="method-signature">
          <span class="method-name">decrypt_with_private</span><span class="method-args">(crypted, base64=true)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Decrypts data, expects a hash as create with crypt_with_public
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000379-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000379-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 88</span>
88:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decrypt_with_private</span>(<span class="ruby-identifier">crypted</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
89:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;Crypted data should include a key&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:key</span>)
90:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;Crypted data should include data&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:data</span>)
91: 
92:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
93:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
94:         <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]))
95:       <span class="ruby-keyword kw">else</span>
96:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
97:         <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
98:       <span class="ruby-keyword kw">end</span>
99:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000380" class="method-detail">
        <a name="M000380"></a>

        <div class="method-heading">
          <a href="#M000380" class="method-signature">
          <span class="method-name">decrypt_with_public</span><span class="method-args">(crypted, base64=true)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Decrypts data, expects a hash as create with crypt_with_private
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000380-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000380-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 102</span>
102:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decrypt_with_public</span>(<span class="ruby-identifier">crypted</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
103:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;Crypted data should include a key&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:key</span>)
104:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;Crypted data should include data&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:data</span>)
105: 
106:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
107:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
108:         <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]))
109:       <span class="ruby-keyword kw">else</span>
110:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
111:         <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
112:       <span class="ruby-keyword kw">end</span>
113:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000378" class="method-detail">
        <a name="M000378"></a>

        <div class="method-heading">
          <a href="#M000378" class="method-signature">
          <span class="method-name">encrypt_with_private</span><span class="method-args">(plain_text, base64=true)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Encrypts supplied data using AES and then encrypts using RSA the key and IV
</p>
<p>
Return a hash with everything optionally base 64 encoded
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000378-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000378-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 73</span>
73:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encrypt_with_private</span>(<span class="ruby-identifier">plain_text</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
74:       <span class="ruby-identifier">crypted</span> = <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_text</span>)
75: 
76:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
77:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
78:         <span class="ruby-identifier">data</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
79:       <span class="ruby-keyword kw">else</span>
80:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
81:         <span class="ruby-identifier">data</span> = <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]
82:       <span class="ruby-keyword kw">end</span>
83: 
84:       {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">data</span>}
85:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000377" class="method-detail">
        <a name="M000377"></a>

        <div class="method-heading">
          <a href="#M000377" class="method-signature">
          <span class="method-name">encrypt_with_public</span><span class="method-args">(plain_text, base64=true)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Encrypts supplied data using AES and then encrypts using RSA the key and IV
</p>
<p>
Return a hash with everything optionally base 64 encoded
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000377-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000377-source">
<pre>
    <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 55</span>
55:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encrypt_with_public</span>(<span class="ruby-identifier">plain_text</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
56:       <span class="ruby-identifier">crypted</span> = <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_text</span>)
57: 
58:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
59:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
60:         <span class="ruby-identifier">data</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
61:       <span class="ruby-keyword kw">else</span>
62:         <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
63:         <span class="ruby-identifier">data</span> = <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]
64:       <span class="ruby-keyword kw">end</span>
65: 
66:       {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">&gt;</span> <span class="ruby-identifier">data</span>}
67:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000393" class="method-detail">
        <a name="M000393"></a>

        <div class="method-heading">
          <a href="#M000393" class="method-signature">
          <span class="method-name">md5</span><span class="method-args">(string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000393-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000393-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 199</span>
199:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
200:       <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
201:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000396" class="method-detail">
        <a name="M000396"></a>

        <div class="method-heading">
          <a href="#M000396" class="method-signature">
          <span class="method-name">read_key</span><span class="method-args">(type, key=nil, passphrase=nil)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Reads either a :public or :private key from disk, uses an optional
passphrase to read the private key
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000396-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000396-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 242</span>
242:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">key</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">passphrase</span>=<span class="ruby-keyword kw">nil</span>)
243:       <span class="ruby-keyword kw">return</span> <span class="ruby-identifier">key</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">key</span>.<span class="ruby-identifier">nil?</span>
244: 
245:       <span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;Could not find key #{key}&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exist?</span>(<span class="ruby-identifier">key</span>)
246:       <span class="ruby-identifier">raise</span> <span class="ruby-node">&quot;#{type} key file '#{key}' is empty&quot;</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">zero?</span>(<span class="ruby-identifier">key</span>)
247: 
248:       <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">:public</span>
249:         <span class="ruby-keyword kw">begin</span>
250:           <span class="ruby-identifier">key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>))
251:         <span class="ruby-keyword kw">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>
252:           <span class="ruby-identifier">key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>)).<span class="ruby-identifier">public_key</span>
253:         <span class="ruby-keyword kw">end</span>
254: 
255:         <span class="ruby-comment cmt"># Ruby &lt; 1.9.3 had a bug where it does not correctly clear the</span>
256:         <span class="ruby-comment cmt"># queue of errors while reading a key.  It tries various ways</span>
257:         <span class="ruby-comment cmt"># to read the key and each failing attempt pushes an error onto</span>
258:         <span class="ruby-comment cmt"># the queue.  With pubkeys only the 3rd attempt pass leaving 2</span>
259:         <span class="ruby-comment cmt"># stale errors on the error queue.</span>
260:         <span class="ruby-comment cmt">#</span>
261:         <span class="ruby-comment cmt"># In 1.9.3 they fixed this by simply discarding the errors after</span>
262:         <span class="ruby-comment cmt"># every attempt.  So we simulate this fix here for older rubies</span>
263:         <span class="ruby-comment cmt"># as without it we get SSL_read errors from the Stomp+TLS sessions</span>
264:         <span class="ruby-comment cmt">#</span>
265:         <span class="ruby-comment cmt"># We do this only on 1.8 relying on 1.9.3 to do the right thing</span>
266:         <span class="ruby-comment cmt"># and we do not support 1.9 less than 1.9.3</span>
267:         <span class="ruby-comment cmt">#</span>
268:         <span class="ruby-comment cmt"># See  http://bugs.ruby-lang.org/issues/4550</span>
269:         <span class="ruby-constant">OpenSSL</span>.<span class="ruby-identifier">errors</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">ruby_version</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp re">/^1.8/</span>
270: 
271:         <span class="ruby-keyword kw">return</span> <span class="ruby-identifier">key</span>
272:       <span class="ruby-keyword kw">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">:private</span>
273:         <span class="ruby-keyword kw">return</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>), <span class="ruby-identifier">passphrase</span>)
274:       <span class="ruby-keyword kw">else</span>
275:         <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;Can only load :public or :private keys&quot;</span>
276:       <span class="ruby-keyword kw">end</span>
277:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000382" class="method-detail">
        <a name="M000382"></a>

        <div class="method-heading">
          <a href="#M000382" class="method-signature">
          <span class="method-name">rsa_decrypt_with_private</span><span class="method-args">(crypt_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Use the private key to RSA decrypt data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000382-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000382-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 123</span>
123:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">crypt_string</span>)
124:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;No private key set&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@private_key</span>
125: 
126:       <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">private_decrypt</span>(<span class="ruby-identifier">crypt_string</span>)
127:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000384" class="method-detail">
        <a name="M000384"></a>

        <div class="method-heading">
          <a href="#M000384" class="method-signature">
          <span class="method-name">rsa_decrypt_with_public</span><span class="method-args">(crypt_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Use the public key to RSA decrypt data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000384-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000384-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 137</span>
137:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">crypt_string</span>)
138:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;No public key set&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@public_key</span>
139: 
140:       <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">public_decrypt</span>(<span class="ruby-identifier">crypt_string</span>)
141:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000383" class="method-detail">
        <a name="M000383"></a>

        <div class="method-heading">
          <a href="#M000383" class="method-signature">
          <span class="method-name">rsa_encrypt_with_private</span><span class="method-args">(plain_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Use the private key to RSA encrypt data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000383-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000383-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 130</span>
130:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">plain_string</span>)
131:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;No private key set&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@private_key</span>
132: 
133:       <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">private_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
134:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000381" class="method-detail">
        <a name="M000381"></a>

        <div class="method-heading">
          <a href="#M000381" class="method-signature">
          <span class="method-name">rsa_encrypt_with_public</span><span class="method-args">(plain_string)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Use the public key to RSA encrypt data
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000381-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000381-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 116</span>
116:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">plain_string</span>)
117:       <span class="ruby-identifier">raise</span> <span class="ruby-value str">&quot;No public key set&quot;</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@public_key</span>
118: 
119:       <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">public_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
120:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000387" class="method-detail">
        <a name="M000387"></a>

        <div class="method-heading">
          <a href="#M000387" class="method-signature">
          <span class="method-name">sign</span><span class="method-args">(string, base64=false)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Signs a string using the private key
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000387-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000387-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 168</span>
168:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">sign</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">false</span>)
169:       <span class="ruby-identifier">sig</span> = <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>, <span class="ruby-identifier">string</span>)
170: 
171:       <span class="ruby-identifier">base64</span> <span class="ruby-value">? </span><span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">sig</span>) <span class="ruby-operator">:</span> <span class="ruby-identifier">sig</span>
172:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>

      <div id="method-M000388" class="method-detail">
        <a name="M000388"></a>

        <div class="method-heading">
          <a href="#M000388" class="method-signature">
          <span class="method-name">verify_signature</span><span class="method-args">(signature, string, base64=false)</span>
          </a>
        </div>
      
        <div class="method-description">
          <p>
Using the public key verifies that a string was signed using the private
key
</p>
          <p><a class="source-toggle" href="#"
            onclick="toggleCode('M000388-source');return false;">[Source]</a></p>
          <div class="method-source-code" id="M000388-source">
<pre>
     <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 175</span>
175:     <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">verify_signature</span>(<span class="ruby-identifier">signature</span>, <span class="ruby-identifier">string</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">false</span>)
176:       <span class="ruby-identifier">signature</span> = <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">signature</span>) <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
177: 
178:       <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">string</span>)
179:     <span class="ruby-keyword kw">end</span>
</pre>
          </div>
        </div>
      </div>


    </div>


  </div>


<div id="validator-badges">
  <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>
</div>

</body>
</html>