1 <?xml version="1.0" encoding="iso-8859-1"?>
3 PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
4 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
6 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
8 <title>Class: MCollective::SSL</title>
9 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
10 <meta http-equiv="Content-Script-Type" content="text/javascript" />
11 <link rel="stylesheet" href="../.././rdoc-style.css" type="text/css" media="screen" />
12 <script type="text/javascript">
15 function popupCode( url ) {
16 window.open(url, "Code", "resizable=yes,scrollbars=yes,toolbar=no,status=no,height=150,width=400")
19 function toggleCode( id ) {
20 if ( document.getElementById )
21 elem = document.getElementById( id );
22 else if ( document.all )
23 elem = eval( "document.all." + id );
27 elemStyle = elem.style;
29 if ( elemStyle.display != "block" ) {
30 elemStyle.display = "block"
32 elemStyle.display = "none"
38 // Make codeblocks hidden by default
39 document.writeln( "<style type=\"text/css\">div.method-source-code { display: none }</style>" )
49 <div id="classHeader">
50 <table class="header-table">
51 <tr class="top-aligned-row">
52 <td><strong>Class</strong></td>
53 <td class="class-name-in-header">MCollective::SSL</td>
55 <tr class="top-aligned-row">
56 <td><strong>In:</strong></td>
58 <a href="../../files/lib/mcollective/ssl_rb.html">
59 lib/mcollective/ssl.rb
65 <tr class="top-aligned-row">
66 <td><strong>Parent:</strong></td>
73 <!-- banner header -->
75 <div id="bodyContent">
79 <div id="contextContent">
81 <div id="description">
83 A class that assists in encrypting and decrypting data using a combination
87 <a href="Data.html">Data</a> will be AES encrypted for speed, the Key used
88 in # the AES stage will be encrypted using RSA
91 ssl = SSL.new(public_key, private_key, passphrase)
93 data = File.read("largefile.dat")
95 crypted_data = ssl.encrypt_with_private(data)
100 This will result in a hash of data like:
103 crypted = {:key => "crd4NHvG....=",
104 :data => "XWXlqN+i...=="}
107 The key and data will all be base 64 encoded already by default you can
108 pass a 2nd parameter as false to <a
109 href="SSL.html#M000378">encrypt_with_private</a> and counterparts that will
110 prevent the base 64 encoding
113 You can pass the data hash into ssl.decrypt_with_public which should return
117 There are matching methods for using a public key to encrypt data to be
118 decrypted using a private key
126 <div id="method-list">
127 <h3 class="section-bar">Methods</h3>
129 <div class="name-list">
130 <a href="#M000386">aes_decrypt</a>
131 <a href="#M000385">aes_encrypt</a>
132 <a href="#M000392">base64_decode</a>
133 <a href="#M000391">base64_decode</a>
134 <a href="#M000390">base64_encode</a>
135 <a href="#M000389">base64_encode</a>
136 <a href="#M000379">decrypt_with_private</a>
137 <a href="#M000380">decrypt_with_public</a>
138 <a href="#M000378">encrypt_with_private</a>
139 <a href="#M000377">encrypt_with_public</a>
140 <a href="#M000394">md5</a>
141 <a href="#M000393">md5</a>
142 <a href="#M000376">new</a>
143 <a href="#M000396">read_key</a>
144 <a href="#M000382">rsa_decrypt_with_private</a>
145 <a href="#M000384">rsa_decrypt_with_public</a>
146 <a href="#M000383">rsa_encrypt_with_private</a>
147 <a href="#M000381">rsa_encrypt_with_public</a>
148 <a href="#M000387">sign</a>
149 <a href="#M000395">uuid</a>
150 <a href="#M000388">verify_signature</a>
165 <div id="attribute-list">
166 <h3 class="section-bar">Attributes</h3>
168 <div class="name-list">
170 <tr class="top-aligned-row context-row">
171 <td class="context-item-name">private_key_file</td>
172 <td class="context-item-value"> [R] </td>
173 <td class="context-item-desc"></td>
175 <tr class="top-aligned-row context-row">
176 <td class="context-item-name">public_key_file</td>
177 <td class="context-item-value"> [R] </td>
178 <td class="context-item-desc"></td>
180 <tr class="top-aligned-row context-row">
181 <td class="context-item-name">ssl_cipher</td>
182 <td class="context-item-value"> [R] </td>
183 <td class="context-item-desc"></td>
191 <!-- if method_list -->
193 <h3 class="section-bar">Public Class methods</h3>
195 <div id="method-M000392" class="method-detail">
196 <a name="M000392"></a>
198 <div class="method-heading">
199 <a href="#M000392" class="method-signature">
200 <span class="method-name">base64_decode</span><span class="method-args">(string)</span>
204 <div class="method-description">
205 <p><a class="source-toggle" href="#"
206 onclick="toggleCode('M000392-source');return false;">[Source]</a></p>
207 <div class="method-source-code" id="M000392-source">
209 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 195</span>
210 195: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
211 196: <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">decode64</span>(<span class="ruby-identifier">string</span>)
212 197: <span class="ruby-keyword kw">end</span>
218 <div id="method-M000390" class="method-detail">
219 <a name="M000390"></a>
221 <div class="method-heading">
222 <a href="#M000390" class="method-signature">
223 <span class="method-name">base64_encode</span><span class="method-args">(string)</span>
227 <div class="method-description">
228 <p><a class="source-toggle" href="#"
229 onclick="toggleCode('M000390-source');return false;">[Source]</a></p>
230 <div class="method-source-code" id="M000390-source">
232 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 186</span>
233 186: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
234 187: <span class="ruby-constant">Base64</span>.<span class="ruby-identifier">encode64</span>(<span class="ruby-identifier">string</span>)
235 188: <span class="ruby-keyword kw">end</span>
241 <div id="method-M000394" class="method-detail">
242 <a name="M000394"></a>
244 <div class="method-heading">
245 <a href="#M000394" class="method-signature">
246 <span class="method-name">md5</span><span class="method-args">(string)</span>
250 <div class="method-description">
251 <p><a class="source-toggle" href="#"
252 onclick="toggleCode('M000394-source');return false;">[Source]</a></p>
253 <div class="method-source-code" id="M000394-source">
255 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 203</span>
256 203: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
257 204: <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">MD5</span>.<span class="ruby-identifier">hexdigest</span>(<span class="ruby-identifier">string</span>)
258 205: <span class="ruby-keyword kw">end</span>
264 <div id="method-M000376" class="method-detail">
265 <a name="M000376"></a>
267 <div class="method-heading">
268 <a href="#M000376" class="method-signature">
269 <span class="method-name">new</span><span class="method-args">(pubkey=nil, privkey=nil, passphrase=nil, cipher=nil)</span>
273 <div class="method-description">
274 <p><a class="source-toggle" href="#"
275 onclick="toggleCode('M000376-source');return false;">[Source]</a></p>
276 <div class="method-source-code" id="M000376-source">
278 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 37</span>
279 37: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">initialize</span>(<span class="ruby-identifier">pubkey</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">privkey</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">passphrase</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">cipher</span>=<span class="ruby-keyword kw">nil</span>)
280 38: <span class="ruby-ivar">@public_key_file</span> = <span class="ruby-identifier">pubkey</span>
281 39: <span class="ruby-ivar">@private_key_file</span> = <span class="ruby-identifier">privkey</span>
283 41: <span class="ruby-ivar">@public_key</span> = <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">:public</span>, <span class="ruby-identifier">pubkey</span>)
284 42: <span class="ruby-ivar">@private_key</span> = <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">:private</span>, <span class="ruby-identifier">privkey</span>, <span class="ruby-identifier">passphrase</span>)
286 44: <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-value str">"aes-256-cbc"</span>
287 45: <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">ssl_cipher</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Config</span>.<span class="ruby-identifier">instance</span>.<span class="ruby-identifier">ssl_cipher</span>
288 46: <span class="ruby-ivar">@ssl_cipher</span> = <span class="ruby-identifier">cipher</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">cipher</span>
290 48: <span class="ruby-identifier">raise</span> <span class="ruby-node">"The supplied cipher '#{@ssl_cipher}' is not supported"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">ciphers</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-ivar">@ssl_cipher</span>)
291 49: <span class="ruby-keyword kw">end</span>
297 <div id="method-M000395" class="method-detail">
298 <a name="M000395"></a>
300 <div class="method-heading">
301 <a href="#M000395" class="method-signature">
302 <span class="method-name">uuid</span><span class="method-args">(string=nil)</span>
306 <div class="method-description">
308 Creates a RFC 4122 version 5 UUID. If string is supplied it will produce
309 repeatable UUIDs for that string else a random 128bit string will be used
313 Code used with permission from:
316 https://github.com/kwilczynski/puppet-functions/blob/master/lib/puppet/parser/functions/uuid.rb
318 <p><a class="source-toggle" href="#"
319 onclick="toggleCode('M000395-source');return false;">[Source]</a></p>
320 <div class="method-source-code" id="M000395-source">
322 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 213</span>
323 213: <span class="ruby-keyword kw">def</span> <span class="ruby-keyword kw">self</span>.<span class="ruby-identifier">uuid</span>(<span class="ruby-identifier">string</span>=<span class="ruby-keyword kw">nil</span>)
324 214: <span class="ruby-identifier">string</span> <span class="ruby-operator">||=</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Random</span>.<span class="ruby-identifier">random_bytes</span>(<span class="ruby-value">16</span>).<span class="ruby-identifier">unpack</span>(<span class="ruby-value str">'H*'</span>).<span class="ruby-identifier">shift</span>
326 216: <span class="ruby-identifier">uuid_name_space_dns</span> = <span class="ruby-value str">"\x6b\xa7\xb8\x10\x9d\xad\x11\xd1\x80\xb4\x00\xc0\x4f\xd4\x30\xc8"</span>
328 218: <span class="ruby-identifier">sha1</span> = <span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>
329 219: <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">uuid_name_space_dns</span>)
330 220: <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">string</span>)
332 222: <span class="ruby-comment cmt"># first 16 bytes..</span>
333 223: <span class="ruby-identifier">bytes</span> = <span class="ruby-identifier">sha1</span>.<span class="ruby-identifier">digest</span>[<span class="ruby-value">0</span>, <span class="ruby-value">16</span>].<span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">to_a</span>
335 225: <span class="ruby-comment cmt"># version 5 adjustments</span>
336 226: <span class="ruby-identifier">bytes</span>[<span class="ruby-value">6</span>] <span class="ruby-operator">&=</span> <span class="ruby-value">0x0f</span>
337 227: <span class="ruby-identifier">bytes</span>[<span class="ruby-value">6</span>] <span class="ruby-operator">|=</span> <span class="ruby-value">0x50</span>
339 229: <span class="ruby-comment cmt"># variant is DCE 1.1</span>
340 230: <span class="ruby-identifier">bytes</span>[<span class="ruby-value">8</span>] <span class="ruby-operator">&=</span> <span class="ruby-value">0x3f</span>
341 231: <span class="ruby-identifier">bytes</span>[<span class="ruby-value">8</span>] <span class="ruby-operator">|=</span> <span class="ruby-value">0x80</span>
343 233: <span class="ruby-identifier">bytes</span> = [<span class="ruby-value">4</span>, <span class="ruby-value">2</span>, <span class="ruby-value">2</span>, <span class="ruby-value">2</span>, <span class="ruby-value">6</span>].<span class="ruby-identifier">collect</span> <span class="ruby-keyword kw">do</span> <span class="ruby-operator">|</span><span class="ruby-identifier">i</span><span class="ruby-operator">|</span>
344 234: <span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">slice!</span>(<span class="ruby-value">0</span>, <span class="ruby-identifier">i</span>).<span class="ruby-identifier">pack</span>(<span class="ruby-value str">'C*'</span>).<span class="ruby-identifier">unpack</span>(<span class="ruby-value str">'H*'</span>)
345 235: <span class="ruby-keyword kw">end</span>
347 237: <span class="ruby-identifier">bytes</span>.<span class="ruby-identifier">join</span>(<span class="ruby-value str">'-'</span>)
348 238: <span class="ruby-keyword kw">end</span>
354 <h3 class="section-bar">Public Instance methods</h3>
356 <div id="method-M000386" class="method-detail">
357 <a name="M000386"></a>
359 <div class="method-heading">
360 <a href="#M000386" class="method-signature">
361 <span class="method-name">aes_decrypt</span><span class="method-args">(key, crypt_string)</span>
365 <div class="method-description">
367 decrypts a string given key, iv and data
369 <p><a class="source-toggle" href="#"
370 onclick="toggleCode('M000386-source');return false;">[Source]</a></p>
371 <div class="method-source-code" id="M000386-source">
373 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 158</span>
374 158: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypt_string</span>)
375 159: <span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">ssl_cipher</span>)
377 161: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">decrypt</span>
378 162: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span>
379 163: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">pkcs5_keyivgen</span>(<span class="ruby-identifier">key</span>)
380 164: <span class="ruby-identifier">decrypted_data</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">crypt_string</span>) <span class="ruby-operator">+</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">final</span>
381 165: <span class="ruby-keyword kw">end</span>
387 <div id="method-M000385" class="method-detail">
388 <a name="M000385"></a>
390 <div class="method-heading">
391 <a href="#M000385" class="method-signature">
392 <span class="method-name">aes_encrypt</span><span class="method-args">(plain_string)</span>
396 <div class="method-description">
398 encrypts a string, returns a hash of key, iv and data
400 <p><a class="source-toggle" href="#"
401 onclick="toggleCode('M000385-source');return false;">[Source]</a></p>
402 <div class="method-source-code" id="M000385-source">
404 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 144</span>
405 144: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
406 145: <span class="ruby-identifier">cipher</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span><span class="ruby-operator">::</span><span class="ruby-constant">Cipher</span>.<span class="ruby-identifier">new</span>(<span class="ruby-identifier">ssl_cipher</span>)
407 146: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">encrypt</span>
409 148: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">random_key</span>
411 150: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">key</span> = <span class="ruby-identifier">key</span>
412 151: <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">pkcs5_keyivgen</span>(<span class="ruby-identifier">key</span>)
413 152: <span class="ruby-identifier">encrypted_data</span> = <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">update</span>(<span class="ruby-identifier">plain_string</span>) <span class="ruby-operator">+</span> <span class="ruby-identifier">cipher</span>.<span class="ruby-identifier">final</span>
415 154: {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">encrypted_data</span>}
416 155: <span class="ruby-keyword kw">end</span>
422 <div id="method-M000391" class="method-detail">
423 <a name="M000391"></a>
425 <div class="method-heading">
426 <a href="#M000391" class="method-signature">
427 <span class="method-name">base64_decode</span><span class="method-args">(string)</span>
431 <div class="method-description">
433 base 64 decode a string
435 <p><a class="source-toggle" href="#"
436 onclick="toggleCode('M000391-source');return false;">[Source]</a></p>
437 <div class="method-source-code" id="M000391-source">
439 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 191</span>
440 191: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
441 192: <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">string</span>)
442 193: <span class="ruby-keyword kw">end</span>
448 <div id="method-M000389" class="method-detail">
449 <a name="M000389"></a>
451 <div class="method-heading">
452 <a href="#M000389" class="method-signature">
453 <span class="method-name">base64_encode</span><span class="method-args">(string)</span>
457 <div class="method-description">
459 base 64 encode a string
461 <p><a class="source-toggle" href="#"
462 onclick="toggleCode('M000389-source');return false;">[Source]</a></p>
463 <div class="method-source-code" id="M000389-source">
465 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 182</span>
466 182: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
467 183: <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">string</span>)
468 184: <span class="ruby-keyword kw">end</span>
474 <div id="method-M000379" class="method-detail">
475 <a name="M000379"></a>
477 <div class="method-heading">
478 <a href="#M000379" class="method-signature">
479 <span class="method-name">decrypt_with_private</span><span class="method-args">(crypted, base64=true)</span>
483 <div class="method-description">
485 Decrypts data, expects a hash as create with crypt_with_public
487 <p><a class="source-toggle" href="#"
488 onclick="toggleCode('M000379-source');return false;">[Source]</a></p>
489 <div class="method-source-code" id="M000379-source">
491 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 88</span>
492 88: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decrypt_with_private</span>(<span class="ruby-identifier">crypted</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
493 89: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"Crypted data should include a key"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:key</span>)
494 90: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"Crypted data should include data"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:data</span>)
496 92: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
497 93: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
498 94: <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]))
499 95: <span class="ruby-keyword kw">else</span>
500 96: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
501 97: <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
502 98: <span class="ruby-keyword kw">end</span>
503 99: <span class="ruby-keyword kw">end</span>
509 <div id="method-M000380" class="method-detail">
510 <a name="M000380"></a>
512 <div class="method-heading">
513 <a href="#M000380" class="method-signature">
514 <span class="method-name">decrypt_with_public</span><span class="method-args">(crypted, base64=true)</span>
518 <div class="method-description">
520 Decrypts data, expects a hash as create with crypt_with_private
522 <p><a class="source-toggle" href="#"
523 onclick="toggleCode('M000380-source');return false;">[Source]</a></p>
524 <div class="method-source-code" id="M000380-source">
526 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 102</span>
527 102: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">decrypt_with_public</span>(<span class="ruby-identifier">crypted</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
528 103: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"Crypted data should include a key"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:key</span>)
529 104: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"Crypted data should include data"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-identifier">crypted</span>.<span class="ruby-identifier">include?</span>(<span class="ruby-identifier">:data</span>)
531 106: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
532 107: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
533 108: <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]))
534 109: <span class="ruby-keyword kw">else</span>
535 110: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
536 111: <span class="ruby-identifier">aes_decrypt</span>(<span class="ruby-identifier">key</span>, <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
537 112: <span class="ruby-keyword kw">end</span>
538 113: <span class="ruby-keyword kw">end</span>
544 <div id="method-M000378" class="method-detail">
545 <a name="M000378"></a>
547 <div class="method-heading">
548 <a href="#M000378" class="method-signature">
549 <span class="method-name">encrypt_with_private</span><span class="method-args">(plain_text, base64=true)</span>
553 <div class="method-description">
555 Encrypts supplied data using AES and then encrypts using RSA the key and IV
558 Return a hash with everything optionally base 64 encoded
560 <p><a class="source-toggle" href="#"
561 onclick="toggleCode('M000378-source');return false;">[Source]</a></p>
562 <div class="method-source-code" id="M000378-source">
564 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 73</span>
565 73: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encrypt_with_private</span>(<span class="ruby-identifier">plain_text</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
566 74: <span class="ruby-identifier">crypted</span> = <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_text</span>)
568 76: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
569 77: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
570 78: <span class="ruby-identifier">data</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
571 79: <span class="ruby-keyword kw">else</span>
572 80: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
573 81: <span class="ruby-identifier">data</span> = <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]
574 82: <span class="ruby-keyword kw">end</span>
576 84: {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">data</span>}
577 85: <span class="ruby-keyword kw">end</span>
583 <div id="method-M000377" class="method-detail">
584 <a name="M000377"></a>
586 <div class="method-heading">
587 <a href="#M000377" class="method-signature">
588 <span class="method-name">encrypt_with_public</span><span class="method-args">(plain_text, base64=true)</span>
592 <div class="method-description">
594 Encrypts supplied data using AES and then encrypts using RSA the key and IV
597 Return a hash with everything optionally base 64 encoded
599 <p><a class="source-toggle" href="#"
600 onclick="toggleCode('M000377-source');return false;">[Source]</a></p>
601 <div class="method-source-code" id="M000377-source">
603 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 55</span>
604 55: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">encrypt_with_public</span>(<span class="ruby-identifier">plain_text</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">true</span>)
605 56: <span class="ruby-identifier">crypted</span> = <span class="ruby-identifier">aes_encrypt</span>(<span class="ruby-identifier">plain_text</span>)
607 58: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
608 59: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>]))
609 60: <span class="ruby-identifier">data</span> = <span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>])
610 61: <span class="ruby-keyword kw">else</span>
611 62: <span class="ruby-identifier">key</span> = <span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:key</span>])
612 63: <span class="ruby-identifier">data</span> = <span class="ruby-identifier">crypted</span>[<span class="ruby-identifier">:data</span>]
613 64: <span class="ruby-keyword kw">end</span>
615 66: {<span class="ruby-identifier">:key</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">key</span>, <span class="ruby-identifier">:data</span> =<span class="ruby-operator">></span> <span class="ruby-identifier">data</span>}
616 67: <span class="ruby-keyword kw">end</span>
622 <div id="method-M000393" class="method-detail">
623 <a name="M000393"></a>
625 <div class="method-heading">
626 <a href="#M000393" class="method-signature">
627 <span class="method-name">md5</span><span class="method-args">(string)</span>
631 <div class="method-description">
632 <p><a class="source-toggle" href="#"
633 onclick="toggleCode('M000393-source');return false;">[Source]</a></p>
634 <div class="method-source-code" id="M000393-source">
636 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 199</span>
637 199: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
638 200: <span class="ruby-constant">SSL</span>.<span class="ruby-identifier">md5</span>(<span class="ruby-identifier">string</span>)
639 201: <span class="ruby-keyword kw">end</span>
645 <div id="method-M000396" class="method-detail">
646 <a name="M000396"></a>
648 <div class="method-heading">
649 <a href="#M000396" class="method-signature">
650 <span class="method-name">read_key</span><span class="method-args">(type, key=nil, passphrase=nil)</span>
654 <div class="method-description">
656 Reads either a :public or :private key from disk, uses an optional
657 passphrase to read the private key
659 <p><a class="source-toggle" href="#"
660 onclick="toggleCode('M000396-source');return false;">[Source]</a></p>
661 <div class="method-source-code" id="M000396-source">
663 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 242</span>
664 242: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">read_key</span>(<span class="ruby-identifier">type</span>, <span class="ruby-identifier">key</span>=<span class="ruby-keyword kw">nil</span>, <span class="ruby-identifier">passphrase</span>=<span class="ruby-keyword kw">nil</span>)
665 243: <span class="ruby-keyword kw">return</span> <span class="ruby-identifier">key</span> <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">key</span>.<span class="ruby-identifier">nil?</span>
667 245: <span class="ruby-identifier">raise</span> <span class="ruby-node">"Could not find key #{key}"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">exist?</span>(<span class="ruby-identifier">key</span>)
668 246: <span class="ruby-identifier">raise</span> <span class="ruby-node">"#{type} key file '#{key}' is empty"</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">File</span>.<span class="ruby-identifier">zero?</span>(<span class="ruby-identifier">key</span>)
670 248: <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">:public</span>
671 249: <span class="ruby-keyword kw">begin</span>
672 250: <span class="ruby-identifier">key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>))
673 251: <span class="ruby-keyword kw">rescue</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSAError</span>
674 252: <span class="ruby-identifier">key</span> = <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">X509</span><span class="ruby-operator">::</span><span class="ruby-constant">Certificate</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>)).<span class="ruby-identifier">public_key</span>
675 253: <span class="ruby-keyword kw">end</span>
677 255: <span class="ruby-comment cmt"># Ruby < 1.9.3 had a bug where it does not correctly clear the</span>
678 256: <span class="ruby-comment cmt"># queue of errors while reading a key. It tries various ways</span>
679 257: <span class="ruby-comment cmt"># to read the key and each failing attempt pushes an error onto</span>
680 258: <span class="ruby-comment cmt"># the queue. With pubkeys only the 3rd attempt pass leaving 2</span>
681 259: <span class="ruby-comment cmt"># stale errors on the error queue.</span>
682 260: <span class="ruby-comment cmt">#</span>
683 261: <span class="ruby-comment cmt"># In 1.9.3 they fixed this by simply discarding the errors after</span>
684 262: <span class="ruby-comment cmt"># every attempt. So we simulate this fix here for older rubies</span>
685 263: <span class="ruby-comment cmt"># as without it we get SSL_read errors from the Stomp+TLS sessions</span>
686 264: <span class="ruby-comment cmt">#</span>
687 265: <span class="ruby-comment cmt"># We do this only on 1.8 relying on 1.9.3 to do the right thing</span>
688 266: <span class="ruby-comment cmt"># and we do not support 1.9 less than 1.9.3</span>
689 267: <span class="ruby-comment cmt">#</span>
690 268: <span class="ruby-comment cmt"># See http://bugs.ruby-lang.org/issues/4550</span>
691 269: <span class="ruby-constant">OpenSSL</span>.<span class="ruby-identifier">errors</span> <span class="ruby-keyword kw">if</span> <span class="ruby-constant">Util</span>.<span class="ruby-identifier">ruby_version</span> <span class="ruby-operator">=~</span> <span class="ruby-regexp re">/^1.8/</span>
693 271: <span class="ruby-keyword kw">return</span> <span class="ruby-identifier">key</span>
694 272: <span class="ruby-keyword kw">elsif</span> <span class="ruby-identifier">type</span> <span class="ruby-operator">==</span> <span class="ruby-identifier">:private</span>
695 273: <span class="ruby-keyword kw">return</span> <span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">PKey</span><span class="ruby-operator">::</span><span class="ruby-constant">RSA</span>.<span class="ruby-identifier">new</span>(<span class="ruby-constant">File</span>.<span class="ruby-identifier">read</span>(<span class="ruby-identifier">key</span>), <span class="ruby-identifier">passphrase</span>)
696 274: <span class="ruby-keyword kw">else</span>
697 275: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"Can only load :public or :private keys"</span>
698 276: <span class="ruby-keyword kw">end</span>
699 277: <span class="ruby-keyword kw">end</span>
705 <div id="method-M000382" class="method-detail">
706 <a name="M000382"></a>
708 <div class="method-heading">
709 <a href="#M000382" class="method-signature">
710 <span class="method-name">rsa_decrypt_with_private</span><span class="method-args">(crypt_string)</span>
714 <div class="method-description">
716 Use the private key to RSA decrypt data
718 <p><a class="source-toggle" href="#"
719 onclick="toggleCode('M000382-source');return false;">[Source]</a></p>
720 <div class="method-source-code" id="M000382-source">
722 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 123</span>
723 123: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_decrypt_with_private</span>(<span class="ruby-identifier">crypt_string</span>)
724 124: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"No private key set"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@private_key</span>
726 126: <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">private_decrypt</span>(<span class="ruby-identifier">crypt_string</span>)
727 127: <span class="ruby-keyword kw">end</span>
733 <div id="method-M000384" class="method-detail">
734 <a name="M000384"></a>
736 <div class="method-heading">
737 <a href="#M000384" class="method-signature">
738 <span class="method-name">rsa_decrypt_with_public</span><span class="method-args">(crypt_string)</span>
742 <div class="method-description">
744 Use the public key to RSA decrypt data
746 <p><a class="source-toggle" href="#"
747 onclick="toggleCode('M000384-source');return false;">[Source]</a></p>
748 <div class="method-source-code" id="M000384-source">
750 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 137</span>
751 137: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_decrypt_with_public</span>(<span class="ruby-identifier">crypt_string</span>)
752 138: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"No public key set"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@public_key</span>
754 140: <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">public_decrypt</span>(<span class="ruby-identifier">crypt_string</span>)
755 141: <span class="ruby-keyword kw">end</span>
761 <div id="method-M000383" class="method-detail">
762 <a name="M000383"></a>
764 <div class="method-heading">
765 <a href="#M000383" class="method-signature">
766 <span class="method-name">rsa_encrypt_with_private</span><span class="method-args">(plain_string)</span>
770 <div class="method-description">
772 Use the private key to RSA encrypt data
774 <p><a class="source-toggle" href="#"
775 onclick="toggleCode('M000383-source');return false;">[Source]</a></p>
776 <div class="method-source-code" id="M000383-source">
778 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 130</span>
779 130: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_encrypt_with_private</span>(<span class="ruby-identifier">plain_string</span>)
780 131: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"No private key set"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@private_key</span>
782 133: <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">private_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
783 134: <span class="ruby-keyword kw">end</span>
789 <div id="method-M000381" class="method-detail">
790 <a name="M000381"></a>
792 <div class="method-heading">
793 <a href="#M000381" class="method-signature">
794 <span class="method-name">rsa_encrypt_with_public</span><span class="method-args">(plain_string)</span>
798 <div class="method-description">
800 Use the public key to RSA encrypt data
802 <p><a class="source-toggle" href="#"
803 onclick="toggleCode('M000381-source');return false;">[Source]</a></p>
804 <div class="method-source-code" id="M000381-source">
806 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 116</span>
807 116: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">rsa_encrypt_with_public</span>(<span class="ruby-identifier">plain_string</span>)
808 117: <span class="ruby-identifier">raise</span> <span class="ruby-value str">"No public key set"</span> <span class="ruby-keyword kw">unless</span> <span class="ruby-ivar">@public_key</span>
810 119: <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">public_encrypt</span>(<span class="ruby-identifier">plain_string</span>)
811 120: <span class="ruby-keyword kw">end</span>
817 <div id="method-M000387" class="method-detail">
818 <a name="M000387"></a>
820 <div class="method-heading">
821 <a href="#M000387" class="method-signature">
822 <span class="method-name">sign</span><span class="method-args">(string, base64=false)</span>
826 <div class="method-description">
828 Signs a string using the private key
830 <p><a class="source-toggle" href="#"
831 onclick="toggleCode('M000387-source');return false;">[Source]</a></p>
832 <div class="method-source-code" id="M000387-source">
834 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 168</span>
835 168: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">sign</span>(<span class="ruby-identifier">string</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">false</span>)
836 169: <span class="ruby-identifier">sig</span> = <span class="ruby-ivar">@private_key</span>.<span class="ruby-identifier">sign</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>, <span class="ruby-identifier">string</span>)
838 171: <span class="ruby-identifier">base64</span> <span class="ruby-value">? </span><span class="ruby-identifier">base64_encode</span>(<span class="ruby-identifier">sig</span>) <span class="ruby-operator">:</span> <span class="ruby-identifier">sig</span>
839 172: <span class="ruby-keyword kw">end</span>
845 <div id="method-M000388" class="method-detail">
846 <a name="M000388"></a>
848 <div class="method-heading">
849 <a href="#M000388" class="method-signature">
850 <span class="method-name">verify_signature</span><span class="method-args">(signature, string, base64=false)</span>
854 <div class="method-description">
856 Using the public key verifies that a string was signed using the private
859 <p><a class="source-toggle" href="#"
860 onclick="toggleCode('M000388-source');return false;">[Source]</a></p>
861 <div class="method-source-code" id="M000388-source">
863 <span class="ruby-comment cmt"># File lib/mcollective/ssl.rb, line 175</span>
864 175: <span class="ruby-keyword kw">def</span> <span class="ruby-identifier">verify_signature</span>(<span class="ruby-identifier">signature</span>, <span class="ruby-identifier">string</span>, <span class="ruby-identifier">base64</span>=<span class="ruby-keyword kw">false</span>)
865 176: <span class="ruby-identifier">signature</span> = <span class="ruby-identifier">base64_decode</span>(<span class="ruby-identifier">signature</span>) <span class="ruby-keyword kw">if</span> <span class="ruby-identifier">base64</span>
867 178: <span class="ruby-ivar">@public_key</span>.<span class="ruby-identifier">verify</span>(<span class="ruby-constant">OpenSSL</span><span class="ruby-operator">::</span><span class="ruby-constant">Digest</span><span class="ruby-operator">::</span><span class="ruby-constant">SHA1</span>.<span class="ruby-identifier">new</span>, <span class="ruby-identifier">signature</span>, <span class="ruby-identifier">string</span>)
868 179: <span class="ruby-keyword kw">end</span>
881 <div id="validator-badges">
882 <p><small><a href="http://validator.w3.org/check/referer">[Validate]</a></small></p>