summaryrefslogtreecommitdiff
path: root/lib/leap_cli/util/secret.rb
blob: a6bd7a35baf05c0654855ab9203daf6d2871c7b1 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
# encoding: utf-8
#
# A simple secret generator
#
# Uses OpenSSL random number generator instead of Ruby's rand function
#
require 'openssl'

module LeapCli; module Util
  class Secret
    CHARS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a + "_".split(//u) - "io01lO".split(//u)
    HEX = (0..9).to_a + ('a'..'f').to_a

    #
    # generate a secret with with no ambiguous characters.
    #
    # +length+ is in chars
    #
    # Only alphanumerics are allowed, in order to make these passwords work
    # for REST url calls and to allow you to easily copy and paste them.
    #
    def self.generate(length = 16)
      seed
      OpenSSL::Random.random_bytes(length).bytes.to_a.collect { |byte|
        CHARS[ byte % CHARS.length ]
      }.join
    end

    #
    # generates a hex secret, instead of an alphanumeric on.
    #
    # length is in bits
    #
    def self.generate_hex(length = 128)
      seed
      OpenSSL::Random.random_bytes(length/4).bytes.to_a.collect { |byte|
        HEX[ byte % HEX.length ]
      }.join
    end

    private

    def self.seed
      @pid ||= 0
      pid = $$
      if @pid != pid
        now = Time.now
        ary = [now.to_i, now.nsec, @pid, pid]
        OpenSSL::Random.seed(ary.to_s)
        @pid = pid
      end
    end

  end
end; end