From 12a5c8eb46f7757164483c09a743d3c4f338720f Mon Sep 17 00:00:00 2001 From: Dev Mohanty Date: Mon, 17 Feb 2014 16:49:49 -0500 Subject: [PATCH] Created ASM::Cipher ruby module This module retrieves encrypted string bytes from db for given id and decrypts it using AES. It was created to duplicate the encryption logic used by the ASM GUI code. A database.yaml file is required at /etc/puppetlabs/puppet/database.yaml for db configuration. Usage: ASM::Cipher.decrypt_string('my_encrypted_string_id') --- lib/asm/asm_cipher.rb | 29 +++++++++++++++++++++++++++++ lib/asm/util.rb | 4 +++- 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 lib/asm/asm_cipher.rb diff --git a/lib/asm/asm_cipher.rb b/lib/asm/asm_cipher.rb new file mode 100644 index 00000000..c11dda6b --- /dev/null +++ b/lib/asm/asm_cipher.rb @@ -0,0 +1,29 @@ +require "asm" +require "asm/util" +require "sequel" +require "aescrypt" +db_conf = YAML.load_file(ASM::Util::DATABASE_CONF) +if RUBY_PLATFORM == "java" + require 'jdbc/postgres' + Jdbc::Postgres.load_driver + DB = Sequel.connect("jdbc:postgresql://#{db_conf['host']}/encryptionmgr?user=#{db_conf['username']}&password=#{db_conf['password']}") +else + require "pg" + DB = Sequel.connect("postgres://#{db_conf['username']}:#{db_conf['password']}@#{db_conf['host']}:#{db_conf['port']}/encryptionmgr") +end + +module ASM::Cipher + def self.decrypt_string(id) + e_string = get_string(id) + e_key = get_key(e_string[:encryptionmethodid]) + d_string = AESCrypt.decrypt_data(Base64.decode64(e_string[:encrypteddata]),Base64.decode64(e_key[:bytes]),nil,"AES-128-CBC") + d_string.slice!(0,16) + d_string + end + def self.get_string(id) + DB["SELECT * FROM encryptedstring WHERE id = ?", id].first + end + def self.get_key(key_id) + DB["SELECT bytes FROM encryptionkey WHERE id = (SELECT key_id FROM encryptionmethod WHERE id = ?)", key_id].first + end +end diff --git a/lib/asm/util.rb b/lib/asm/util.rb index 0f711abd..e67f34bd 100644 --- a/lib/asm/util.rb +++ b/lib/asm/util.rb @@ -14,7 +14,9 @@ module Util NETWORKS_RA_URL='http://localhost:9080/VirtualServices/Network' CHASSIS_RA_URL='http://localhost:9080/ChassisRA/Chassis' # TODO: give razor user access to this directory - DEVICE_CONF_DIR='/etc/puppetlabs/puppet/devices' + PUPPET_CONF_DIR='/etc/puppetlabs/puppet' + DEVICE_CONF_DIR="#{PUPPET_CONF_DIR}/devices" + DATABASE_CONF="#{PUPPET_CONF_DIR}/database.yaml" # See spec/fixtures/asm_server_m620.json for sample response # # cert_name is in format devicetype-servicetag