moving data from https://bitbucket.org/legion-io/legion-crypt.git

.gitignore

@@ -0,0 +1,15 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+/legion/.idea/
+/.idea/
+*.key
+# rspec failure tracking
+.rspec_status
+legionio.key

.rubocop.yml

@@ -0,0 +1,26 @@
+Layout/LineLength:
+  Max: 140
+Metrics/MethodLength:
+  Max: 50
+Metrics/ClassLength:
+  Max: 1500
+Metrics/BlockLength:
+  Max: 50
+Metrics/CyclomaticComplexity:
+  Max: 14
+Metrics/AbcSize:
+  Max: 17
+Metrics/PerceivedComplexity:
+  Max: 16
+Naming/MethodParameterName:
+  Enabled: false
+Style/Documentation:
+  Enabled: false
+AllCops:
+  TargetRubyVersion: 2.6
+  NewCops: enable
+  SuggestExtensions: false
+Style/FrozenStringLiteralComment:
+  Enabled: false
+Gemspec/RequiredRubyVersion:
+  Enabled: false

CHANGELOG.md

@@ -0,0 +1,4 @@
+# Legion::Crypt
+
+## v1.2.0
+Moving from BitBucket to GitHub inside the Optum org. All git history is reset from this point on

CONTRIBUTING.md

@@ -15,10 +15,11 @@ We track our work using Issues in GitHub. Feel free to open up your own issue to
 ## Coding Standards
 
 We have some general guidelines towards contributing to this project.
+Please run RSpec and Rubocop while developing code for LegionIO
 
 ### Languages
 
-*Lua*
+*Ruby*
 
 ## Pull Requests
 

Gemfile

@@ -0,0 +1,10 @@
+source 'https://rubygems.org'
+
+gemspec
+group :test do
+  gem 'rake'
+  gem 'rspec'
+  gem 'rspec_junit_formatter'
+  gem 'rubocop'
+  gem 'simplecov'
+end

README.md

@@ -1,31 +1,56 @@
-# Welcome to your new OSS project
+Legion::Crypt
+=====
 
-This project currently has the base documentation files required.  Replace this
-file with your own README.md.
+Legion::Crypt is the class responsible for encryption, managing secrets and connecting with Vault
 
-## Files included
+Supported Ruby versions and implementations
+------------------------------------------------
 
-**CODE_OF_CONDUCT.md**
+Legion::Crypt should work identically on:
 
-Use without changes
+* JRuby 9.2+
+* Ruby 2.4+
 
-**INDIVIDUAL_CONTRIBUTOR_LICENSE.md**
 
-Use without changes
+Installation and Usage
+------------------------
 
-**CONTRIBUTING.md**
+You can verify your installation using this piece of code:
 
-This file has some portions that are required and others that can be customized.
-Customize the Coding Standards section to mention the languages used by your project.
-Feel free to add any rules and requirements that you would like people to follow
-when contributing to your project.
+```bash
+gem install legion-crypt
+```
 
-**NOTICE.txt**
+```ruby
+require 'legion/crypt'
 
-This file is needed if your project is licensed under the Apache 2.0 license.  
-If you are using this license, fill it out according to the prompts.  Otherwise,
-delete this file.
+Legion::Crypt.start
+Legion::Crypt.encrypt('this is my string')
+Legion::Crypt.decrypt(message)
+```
 
-## Additional Repo Updates
+Settings
+----------
 
-Make sure that you have a project description and appropriate repository topics.
+```json
+{
+  "vault": {
+    "enabled": false,
+    "protocol": "http",
+    "address": "localhost",
+    "port": 8200,
+    "token": null,
+    "connected": false
+  },
+  "cs_encrypt_ready": false,
+  "dynamic_keys": true,
+  "cluster_secret": null,
+  "save_private_key": false,
+  "read_private_key": false
+}
+```
+
+Authors
+----------
+
+* [Matthew Iverson](https://github.com/Esity) - current maintainer

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+To be added

legion-crypt.gemspec

@@ -0,0 +1,32 @@
+# frozen_string_literal: true
+
+require_relative 'lib/legion/crypt/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'legion-crypt'
+  spec.version       = Legion::Crypt::VERSION
+  spec.authors       = ['Esity']
+  spec.email         = %w[matthewdiverson@gmail.com ruby@optum.com]
+  spec.summary       = 'Handles requests for encrypt, decrypting, connecting to Vault, among other things'
+  spec.description   = 'A gem used by the LegionIO framework for encryption'
+  spec.homepage      = 'https://github.com/Optum/legion-crypt'
+  spec.license       = 'Apache-2.0'
+  spec.require_paths = ['lib']
+  spec.required_ruby_version = '>= 2.4'
+  spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.test_files        = spec.files.select { |p| p =~ %r{^test/.*_test.rb} }
+  spec.extra_rdoc_files  = %w[README.md LICENSE CHANGELOG.md]
+  spec.metadata = {
+    'bug_tracker_uri' => 'https://github.com/Optum/legion-crypt/issues',
+    'changelog_uri' => 'https://github.com/Optum/legion-crypt/src/main/CHANGELOG.md',
+    'documentation_uri' => 'https://github.com/Optum/legion-crypt',
+    'homepage_uri' => 'https://github.com/Optum/LegionIO',
+    'source_code_uri' => 'https://github.com/Optum/legion-crypt',
+    'wiki_uri' => 'https://github.com/Optum/legion-crypt/wiki'
+  }
+
+  spec.add_dependency 'vault', '>= 0.15.0'
+
+  spec.add_development_dependency 'legion-logging'
+  spec.add_development_dependency 'legion-settings'
+end

lib/legion/crypt.rb

@@ -0,0 +1,40 @@
+require 'openssl'
+require 'base64'
+require 'legion/crypt/version'
+require 'legion/crypt/settings'
+require 'legion/crypt/cipher'
+
+module Legion
+  module Crypt
+    class << self
+      attr_reader :sessions
+
+      include Legion::Crypt::Cipher
+
+      unless Gem::Specification.find_by_name('vault').nil?
+        require 'legion/crypt/vault'
+        include Legion::Crypt::Vault
+      end
+
+      def start
+        Legion::Logging.debug 'Legion::Crypt is running start'
+        ::File.write('./legionio.key', private_key) if settings[:save_private_key]
+
+        connect_vault unless settings[:vault][:token].nil?
+      end
+
+      def settings
+        if Legion.const_defined?('Settings')
+          Legion::Settings[:crypt]
+        else
+          Legion::Crypt::Settings.default
+        end
+      end
+
+      def shutdown
+        shutdown_renewer
+        close_sessions
+      end
+    end
+  end
+end

lib/legion/crypt/cipher.rb

@@ -0,0 +1,54 @@
+require 'securerandom'
+require 'legion/crypt/cluster_secret'
+
+module Legion
+  module Crypt
+    module Cipher
+      include Legion::Crypt::ClusterSecret
+
+      def encrypt(message)
+        cipher = OpenSSL::Cipher.new('aes-256-cbc')
+        cipher.encrypt
+        cipher.key = cs
+        iv = cipher.random_iv
+        { enciphered_message: Base64.encode64(cipher.update(message) + cipher.final), iv: Base64.encode64(iv) }
+      end
+
+      def decrypt(message, iv)
+        until cs.is_a?(String) || Legion::Settings[:client][:shutting_down]
+          Legion::Logging.debug('sleeping Legion::Crypt.decrypt due to CS not being set')
+          sleep(0.5)
+        end
+
+        decipher = OpenSSL::Cipher.new('aes-256-cbc')
+        decipher.decrypt
+        decipher.key = cs
+        decipher.iv = Base64.decode64(iv)
+        message = Base64.decode64(message)
+        decipher.update(message) + decipher.final
+      end
+
+      def encrypt_from_keypair(message:, pub_key: public_key)
+        rsa_public_key = OpenSSL::PKey::RSA.new(pub_key)
+
+        Base64.encode64(rsa_public_key.public_encrypt(message))
+      end
+
+      def decrypt_from_keypair(message:, **_opts)
+        private_key.private_decrypt(Base64.decode64(message))
+      end
+
+      def public_key
+        @public_key ||= private_key.public_key.to_s
+      end
+
+      def private_key
+        @private_key ||= if Legion::Settings[:crypt][:read_private_key] && File.exist?('./legionio.key')
+                           OpenSSL::PKey::RSA.new File.read './legionio.key'
+                         else
+                           OpenSSL::PKey::RSA.new 2048
+                         end
+      end
+    end
+  end
+end