#
# manager.export_secrets should be called later to capture any newly generated secrets.
#
+ # +length+ is the character length of the generated password.
+ #
def secret(name, length=32)
@manager.secrets.set(name, Util::Secret.generate(length))
end
+ #
+ # inserts an hexidecimal secret string, generating it if needed.
+ #
+ # +bit_length+ is the bits in the secret, (ie length of resulting hex string will be bit_length/4)
+ #
+ def hex_secret(name, bit_length=128)
+ @manager.secrets.set(name, Util::Secret.generate_hex(bit_length))
+ end
+
#
# return a fingerprint for a x509 certificate
#
#
-# A simple alphanumeric secret generator, with no ambiguous characters.
-#
-# Only alphanumerics are allowed, in order to make these passwords work
-# for REST url calls and to allow you to easily copy and paste them.
+# A simple secret generator
#
# Uses OpenSSL random number generator instead of Ruby's rand function
#
-
require 'openssl'
module LeapCli; module Util
-
class Secret
-
CHARS = ('A'..'Z').to_a + ('a'..'z').to_a + ('0'..'9').to_a + "_".split(//u) - "io01lO".split(//u)
-
+ HEX = (0..9).to_a + ('a'..'f').to_a
+
+ #
+ # generate a secret with with no ambiguous characters.
+ #
+ # +length+ is in chars
+ #
+ # Only alphanumerics are allowed, in order to make these passwords work
+ # for REST url calls and to allow you to easily copy and paste them.
+ #
def self.generate(length = 16)
seed
OpenSSL::Random.random_bytes(length).bytes.to_a.collect { |byte|
}.join
end
+ #
+ # generates a hex secret, instead of an alphanumeric on.
+ #
+ # length is in bits
+ #
+ def self.generate_hex(length = 128)
+ seed
+ OpenSSL::Random.random_bytes(length/4).bytes.to_a.collect { |byte|
+ HEX[ byte % HEX.length ]
+ }.join
+ end
+
+ private
+
def self.seed
@pid ||= 0
pid = $$
end
end
-
end; end
projects / leap / leap_cli.git / commitdiff