aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/leap_cli/config/macros.rb11
-rw-r--r--lib/leap_cli/util/secret.rb34
2 files changed, 36 insertions, 9 deletions
diff --git a/lib/leap_cli/config/macros.rb b/lib/leap_cli/config/macros.rb
index 5f90894..b2ad942 100644
--- a/lib/leap_cli/config/macros.rb
+++ b/lib/leap_cli/config/macros.rb
@@ -116,11 +116,22 @@ module LeapCli; module Config
#
# manager.export_secrets should be called later to capture any newly generated secrets.
#
+ # +length+ is the character length of the generated password.
+ #
def secret(name, length=32)
@manager.secrets.set(name, Util::Secret.generate(length))
end
#
+ # inserts an hexidecimal secret string, generating it if needed.
+ #
+ # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4)
+ #
+ def hex_secret(name, bit_length=128)
+ @manager.secrets.set(name, Util::Secret.generate_hex(bit_length))
+ end
+
+ #
# return a fingerprint for a x509 certificate
#
def fingerprint(filename)
diff --git a/lib/leap_cli/util/secret.rb b/lib/leap_cli/util/secret.rb
index 691065f..47a050e 100644
--- a/lib/leap_cli/util/secret.rb
+++ b/lib/leap_cli/util/secret.rb
@@ -1,20 +1,23 @@
#
-# A simple alphanumeric secret generator, with no ambiguous characters.
-#
-# Only alphanumerics are allowed, in order to make these passwords work
-# for REST url calls and to allow you to easily copy and paste them.
+# A simple secret generator
#
# Uses OpenSSL random number generator instead of Ruby's rand function
#
-
require 'openssl'
module LeapCli; module Util
-
class Secret
-
CHARS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a + "_".split(//u) - "io01lO".split(//u)
-
+ HEX = (0..9).to_a + ('a'..'f').to_a
+
+ #
+ # generate a secret with with no ambiguous characters.
+ #
+ # +length+ is in chars
+ #
+ # Only alphanumerics are allowed, in order to make these passwords work
+ # for REST url calls and to allow you to easily copy and paste them.
+ #
def self.generate(length = 16)
seed
OpenSSL::Random.random_bytes(length).bytes.to_a.collect { |byte|
@@ -22,6 +25,20 @@ module LeapCli; module Util
}.join
end
+ #
+ # generates a hex secret, instead of an alphanumeric on.
+ #
+ # length is in bits
+ #
+ def self.generate_hex(length = 128)
+ seed
+ OpenSSL::Random.random_bytes(length/4).bytes.to_a.collect { |byte|
+ HEX[ byte % HEX.length ]
+ }.join
+ end
+
+ private
+
def self.seed
@pid ||= 0
pid = $$
@@ -33,5 +50,4 @@ module LeapCli; module Util
end
end
-
end; end