class ConfigParser
Constants
- ENCRYPTED_FORMAT
- PLACEHOLDER
- STANZA
The environment to use, defined within the encryption config
- WIDTH
The line width of the YAML file before line-wrapping occurs
Public Class Methods
decrypt_config(enc_path, config_path)
click to toggle source
Returns a hash containing the decrypted details from a config file.
# File lib/sourcefire/utilities/config_parser.rb, line 132 def self.decrypt_config(enc_path, config_path) SymmetricEncryption.load!(enc_path, STANZA) return YAML.load(ERB.new(File.new(config_path).read).result) end
encrypt_config(enc_path, config_path)
click to toggle source
# File lib/sourcefire/utilities/config_parser.rb, line 105 def self.encrypt_config(enc_path, config_path) SymmetricEncryption.load!(enc_path, STANZA) # Read the config in as an array of strings f = File.open(config_path) config_lines = f.readlines f.close # Define the regex that can find relevant fields regex = /^(?<label>\s*:?\w*(passw|pwd|user|usr)\w*:?\s)(?<value>.*)$/ # Line by line, write the line to file, encrypting sensitive fields File.open(config_path, 'w+') do |f| config_lines.each do |l| matches = l.match(regex) # Encrypt fields with username/password labels that are in plaintext unless matches.nil? || matches['value'].include?('SymmetricEncryption') l = "#{matches['label']}#{encrypt_field(matches['value'])}" end f.puts l end end end
encrypt_field(value)
click to toggle source
# File lib/sourcefire/utilities/config_parser.rb, line 35 def self.encrypt_field(value) encrypted_value = SymmetricEncryption.encrypt value ENCRYPTED_FORMAT % encrypted_value end
generate_keys(enc_path, config_path)
click to toggle source
Generates the RSA key, associated files and directories.
# File lib/sourcefire/utilities/config_parser.rb, line 52 def self.generate_keys(enc_path, config_path) settings = YAML.load_file(enc_path) key = settings[STANZA]['private_rsa_key'] # Recognise an existing key return unless (key.nil? || key == '') # Generate a new RSA key and store the details new_rsa_key = SymmetricEncryption::KeyEncryptionKey.generate settings[STANZA]['private_rsa_key'] = new_rsa_key save_config(settings, enc_path) # Populate the placeholder values within the config populate_ciphers(enc_path, config_path) # Need to create a folder (specified by the user) to store the key files dir = File.dirname(settings[STANZA]['ciphers'].first['key_filename']) begin unless File.directory?(dir) || PLACEHOLDER.include?(dir) puts "Creating folder: #{dir}" FileUtils::mkdir_p dir end rescue Exception => e msg = "Unable to create the folders used to store encryption details.\n"\ 'Please ensure the user has permissions to create folders in the ' \ "path specified in the encryption config: #{enc_path}\n" handle_error(msg, e) end SymmetricEncryption.generate_symmetric_key_files(enc_path, STANZA) end
get_config(config_path, enc_path=nil)
click to toggle source
Encrypts a configuration file and returns the unencrypted hash.
# File lib/sourcefire/utilities/config_parser.rb, line 15 def self.get_config(config_path, enc_path=nil) # Try to load a path from the provided config custom_enc_path = get_enc_directory(config_path) enc_path = custom_enc_path unless custom_enc_path.nil? enc_path = File.expand_path(enc_path, __FILE__) config_path = File.expand_path(config_path) generate_keys(enc_path, config_path) encrypt_config(enc_path, config_path) decrypt_config(enc_path, config_path) end
get_enc_directory(config_path)
click to toggle source
Retrieves the custom directory of the encryption config
# File lib/sourcefire/utilities/config_parser.rb, line 41 def self.get_enc_directory(config_path) settings = YAML.load_file(config_path) return nil if settings[:encryption_options].nil? enc_dir = settings[:encryption_options][:directory] return nil if (enc_dir.nil? || enc_dir == '') File.expand_path(enc_dir, __FILE__) end
handle_error(message, error)
click to toggle source
# File lib/sourcefire/utilities/config_parser.rb, line 137 def self.handle_error(message, error) puts message raise error end
populate_ciphers(enc_path, config_path)
click to toggle source
Replace placeholder values for the key and iv file paths, placing them in the config folder by default.
# File lib/sourcefire/utilities/config_parser.rb, line 87 def self.populate_ciphers(enc_path, config_path) settings = YAML.load_file(enc_path) ciphers = settings[STANZA]['ciphers'].first config_folder = File.dirname(config_path) config_name = File.basename(config_path, File.extname(config_path)) %w(key iv).each do |file| label = "#{file}_filename" file_path = ciphers[label] next unless file_path.include? PLACEHOLDER filename = ".#{config_name}.#{file}" ciphers[label] = File.join(config_folder, filename) end save_config(settings, enc_path) end
save_config(config_details, config_path)
click to toggle source
Writes the YAML to file with custom formatting options
# File lib/sourcefire/utilities/config_parser.rb, line 30 def self.save_config(config_details, config_path) yaml = config_details.to_yaml(line_width: WIDTH) File.open(config_path, 'w') {|f| f.write yaml } end