diff options
| -rw-r--r-- | lib/leap_cli/config/macros.rb | 11 | ||||
| -rw-r--r-- | lib/leap_cli/util/secret.rb | 34 |
2 files changed, 36 insertions, 9 deletions
diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb index 5f90894..b2ad942 100644 --- a/lib/leap_cli/config/macros.rb +++ b/lib/leap_cli/config/macros.rb @@ -116,11 +116,22 @@ module LeapCli; module Config # # manager.export_secrets should be called later to capture any newly generated secrets. # + # +length+ is the character length of the generated password. + # def secret(name, length=32) @manager.secrets.set(name, Util::Secret.generate(length)) end # + # inserts an hexidecimal secret string, generating it if needed. + # + # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4) + # + def hex_secret(name, bit_length=128) + @manager.secrets.set(name, Util::Secret.generate_hex(bit_length)) + end + + # # return a fingerprint for a x509 certificate # def fingerprint(filename) diff --git a/lib/leap_cli/util/secret.rb b/lib/leap_cli/util/secret.rb index 691065f..47a050e 100644 --- a/lib/leap_cli/util/secret.rb +++ b/lib/leap_cli/util/secret.rb @@ -1,20 +1,23 @@ # -# A simple alphanumeric secret generator, with no ambiguous characters. -# -# Only alphanumerics are allowed, in order to make these passwords work -# for REST url calls and to allow you to easily copy and paste them. +# A simple secret generator # # Uses OpenSSL random number generator instead of Ruby's rand function # - require 'openssl' module LeapCli; module Util - class Secret - CHARS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a + "_".split(//u) - "io01lO".split(//u) - + HEX = (0..9).to_a + ('a'..'f').to_a + + # + # generate a secret with with no ambiguous characters. + # + # +length+ is in chars + # + # Only alphanumerics are allowed, in order to make these passwords work + # for REST url calls and to allow you to easily copy and paste them. + # def self.generate(length = 16) seed OpenSSL::Random.random_bytes(length).bytes.to_a.collect { |byte| @@ -22,6 +25,20 @@ module LeapCli; module Util }.join end + # + # generates a hex secret, instead of an alphanumeric on. + # + # length is in bits + # + def self.generate_hex(length = 128) + seed + OpenSSL::Random.random_bytes(length/4).bytes.to_a.collect { |byte| + HEX[ byte % HEX.length ] + }.join + end + + private + def self.seed @pid ||= 0 pid = $$ @@ -33,5 +50,4 @@ module LeapCli; module Util end end - end; end |