Finance::Bank::Cahoot::CredentialsProvider::CryptFile - Credentials provider for encrypted stored data

Finance-Bank-Cahoot documentation

Contained in the Finance-Bank-Cahoot distribution.

Index

NAME
SYNOPSIS
DESCRIPTION
METHODS
AUTHOR
LICENSE AND COPYRIGHT

Code Index:

package Finance::Bank::Cahoot::CredentialsProvider::CryptFile
- _init
- get
__END__
EOF

NAME

 Finance::Bank::Cahoot::CredentialsProvider::CryptFile - Credentials provider for encrypted stored data

SYNOPSIS

  my $credentials = Finance::Bank::Cahoot::CredentialsProvider::CrpytFile->new(
     credentials => [qw(account password)],
     options => {key => 'verysecret', keyfile => '/etc/cahoot'});

DESCRIPTION

Provides a credentials provider that uses credentials stored in an encrypted file. Each credential is available with its own access method of the same name. All methods may be optionally supplied a character offset in the credentials value (first character is 0).

METHODS

new

Create a new instance of a static data credentials provider.

credentials is an array ref of all the credentials types available via the credentials provider.

options a hash ref of options for the credentials provider.

key Is the text passphrase for encrypting/decrypting the credentials store.

keyfile is an optional path to the credentials store. The default store is $HOME/.cahoot.

fallback is the name of a Finance::Bank::Cahoot::CredentialsProvider credentials provider to use for any credentials that are not present in the encrypted store. Newly discovered credentials and encrypted and written back to the store.

fallback_options is a hash ref that is passed to the fallback credentials provider's constructor as options.

  my $provider =
    Finance::Bank::Cahoot::CredentialsProvider::CryptFile->new(
      credentials => [qw(account username password)],
      options => { key => 'verysecret',
		   keyfile => '/etc/cahoot,
		   fallback => 'Constant',
		   fallback_options => { account => '12345678',
			 		 username => 'acmeuser',
				 	 password => 'secret' } });

get

Returns a credential value whose name is passed as the first parameter. An optional character offset (0 is the first character) may also be provided.

  my $password_char = $provider->password(5);

AUTHOR

Jon Connell <jon@figsandfudge.com>

LICENSE AND COPYRIGHT

This module takes its inspiration from Finance::Bank::Natwest by Jody Belka. The crypto access routes are heavily borrowed from Finance::Bank::Wachovia by Jim Gariv.

Copyright 2004 Jim Garvin Copyright 2007 by Jon Connell

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

Finance-Bank-Cahoot documentation

Contained in the Finance-Bank-Cahoot distribution.

# Copyright (c) 2007 Jon Connell.
# All Rights Reserved.
#
# This program is free software; you can redistribute it and/or
# modify it under the same terms as Perl itself.

package Finance::Bank::Cahoot::CredentialsProvider::CryptFile;
use base qw(Finance::Bank::Cahoot::CredentialsProvider);

use strict;
use warnings 'all';
use vars qw($VERSION);

$VERSION = '1.07';

use Carp qw(croak);
use Crypt::CBC;
use English '-no_match_vars';
use File::Slurp qw(slurp);
use IO::File;

sub _init
{
  my ($self, $options) = @_;

  croak 'No key provided' if not defined $options->{key};
  my $cipher = Crypt::CBC->new(-key    => $options->{key},
			       -cipher => 'DES_PP');
  my $keyfile = $options->{keyfile};
  $keyfile = $ENV{HOME}.'/.cahoot' if not defined $keyfile;

  if (-e $keyfile) {
    my $fh = new IO::File $keyfile, 'r'
      or croak "Can't open $keyfile for reading: $OS_ERROR";
    my $data = slurp $fh;
    my $plaintext = $cipher->decrypt($data);
    for (split /\n/, $plaintext) {
      my ($k, $v) = split /\t/;
      $self->{$k} = $v;
    }
    $fh->close;
  }

  if (defined $options->{fallback}) {
    my $fallback_class = 'Finance::Bank::Cahoot::CredentialsProvider::'.$options->{fallback};
    eval "use $fallback_class"; ## no critic
    croak 'Invalid fallback provider '.$options->{fallback} if $EVAL_ERROR;

    my $fallback_args = { credentials => $self->{_credentials},
			  options => $options->{fallback_options} };
    eval "\$self->{_fallback} = $fallback_class->new(\%{\$fallback_args})"; ## no critic
    croak 'Fallback provider '.$options->{fallback}.' failed to initialise' if $EVAL_ERROR;
  }

  my $do_update = 0;
  foreach my $credential (@{$self->{_credentials}}) {
    if (not defined $self->{$credential}) {
      croak 'No fallback provider given and '.$credential.' is not in keyfile'
	if not defined $self->{_fallback};
      $self->{$credential} = $self->{_fallback}->$credential;
      $do_update = 1;
    }
  }

  if ($do_update) {
    my $fh = new IO::File $keyfile, 'w'
      or croak "Can't open $keyfile for writing: $OS_ERROR";

    my @ciphers;
    foreach my $credential (@{$self->{_credentials}}) {
      push @ciphers, $credential."\t".$self->{$credential};
    }
    my $ciphertext = $cipher->encrypt(join "\n", @ciphers);
    $fh->print($ciphertext);
    $fh->close;
  }
  return $self;
}

sub get
{
  my ($self, $credential, $offset) = @_;
  return substr $self->{$credential}, $offset, 1
    if defined $offset;
  return $self->{$credential};
}

1;

__END__