Module: Pindo::AESHelper

Defined in:

lib/pindo/base/aeshelper.rb

Constant Summary

@@password_cache =

密码内存缓存，避免重复从 Keychain 获取key: keychain_name, value: password

{}

Class Method Summary

• .aes_128_ecb_decrypt(key, decrypted_string) ⇒ Object
• .aes_128_ecb_encrypt(key, encrypted_string) ⇒ Object
• .clear_password_cache ⇒ Object

  清除所有密码缓存.

• .clear_password_cache_for(keychain_name:) ⇒ Object

  清除特定 keychain_name 的密码缓存.

• .decrypt_specific_file(src_file: nil, password: nil, output_dir: nil, hash_algorithm: "MD5") ⇒ Object

  The encryption parameters in this implementations reflect the old behavior which depended on the users’ local OpenSSL version 1.0.x OpenSSL and earlier versions use MD5, 1.1.0c and newer uses SHA256, we try both before giving an error.

• .delete_password(keychain_name: nil) ⇒ Object
• .encrypt_specific_file(src_file: nil, password: nil, output_dir: nil) ⇒ Object
• .fetch_password(keychain_name: nil, test_file: nil) ⇒ String

  从 Keychain 获取密码（不使用缓存） 如果 Keychain 中不存在，则提示用户输入.

• .get_password(keychain_name:) ⇒ String

  获取密码（带内存缓存） 优先从内存缓存获取，缓存未命中时从 Keychain 读取.

• .store_password(keychain_name: nil, password: nil) ⇒ Object

Class Method Details

.aes_128_ecb_decrypt(key, decrypted_string) ⇒ Object

# File 'lib/pindo/base/aeshelper.rb', line 144

def self.aes_128_ecb_decrypt(key, decrypted_string)
  cipher = OpenSSL::Cipher.new("AES-128-ECB")
  cipher.decrypt
  cipher.key = key
  text = cipher.update(Base64.strict_decode64(decrypted_string)) + cipher.final
  return text
end

.aes_128_ecb_encrypt(key, encrypted_string) ⇒ Object

# File 'lib/pindo/base/aeshelper.rb', line 135

def self.aes_128_ecb_encrypt(key, encrypted_string)
  cipher = OpenSSL::Cipher::Cipher.new('AES-128-ECB')
  cipher.encrypt
  cipher.key = key
  txt = cipher.update(encrypted_string) << cipher.final
  content =  Base64.strict_encode64(txt)
  return content
end

.clear_password_cache ⇒ Object

清除所有密码缓存

# File 'lib/pindo/base/aeshelper.rb', line 35

def self.clear_password_cache
  @@password_cache.clear
end

.clear_password_cache_for(keychain_name:) ⇒ Object

清除特定 keychain_name 的密码缓存

Parameters:

• keychain_name (String) —

  Keychain 名称

# File 'lib/pindo/base/aeshelper.rb', line 41

def self.clear_password_cache_for(keychain_name:)
  @@password_cache.delete(keychain_name)
end

.decrypt_specific_file(src_file: nil, password: nil, output_dir: nil, hash_algorithm: "MD5") ⇒ Object

The encryption parameters in this implementations reflect the old behavior which depended on the users’ local OpenSSL version 1.0.x OpenSSL and earlier versions use MD5, 1.1.0c and newer uses SHA256, we try both before giving an error

# File 'lib/pindo/base/aeshelper.rb', line 167

def self.decrypt_specific_file(src_file: nil, password: nil, output_dir: nil, hash_algorithm: "MD5")

  begin
    destfile = File.join(output_dir, File.basename(src_file))
    e = Match::Encryption::MatchFileEncryption.new
    e.decrypt(file_path: src_file, password: password, output_path:destfile)
    return destfile
  rescue => error
      Funlog.instance.fancyinfo_error("解析文件失败: #{src_file}")
      raise Informative, error
      return nil
  end
end

.delete_password(keychain_name: nil) ⇒ Object

# File 'lib/pindo/base/aeshelper.rb', line 74

def self.delete_password(keychain_name:nil)
  server_name = ["match", keychain_name].join("_")
  # 静默删除密码，不输出 keychain 详细信息（文件描述符级别重定向）
  begin
    old_stdout = STDOUT.dup
    old_stderr = STDERR.dup
    STDOUT.reopen(File::NULL, 'w')
    STDERR.reopen(File::NULL, 'w')

    Security::InternetPassword.delete(server:server_name)
  ensure
    STDOUT.reopen(old_stdout)
    STDERR.reopen(old_stderr)
    old_stdout.close
    old_stderr.close
  end
rescue => e
  # 忽略错误（密码可能不存在）
end

.encrypt_specific_file(src_file: nil, password: nil, output_dir: nil) ⇒ Object

# File 'lib/pindo/base/aeshelper.rb', line 153

def self.encrypt_specific_file(src_file: nil, password: nil, output_dir: nil)
  UI.user_error!("No password supplied") if password.to_s.strip.length == 0

  destfile = File.join(output_dir, File.basename(src_file))
  e = Match::Encryption::MatchFileEncryption.new
  e.encrypt(file_path: src_file, password: password, output_path:destfile)
  return destfile
rescue error
  puts path
  raise Informative, error
end

.fetch_password(keychain_name: nil, test_file: nil) ⇒ String

从 Keychain 获取密码（不使用缓存）如果 Keychain 中不存在，则提示用户输入

Parameters:

• keychain_name (String) (defaults to: nil) —

  Keychain 名称

• test_file (String, nil) (defaults to: nil) —

  测试文件（可选）

Returns:

• (String) —

  密码

# File 'lib/pindo/base/aeshelper.rb', line 54

def self.fetch_password(keychain_name:nil, test_file:nil)
  # password = ENV["MATCH_PASSWORD"]

  server_name = ["match", keychain_name].join("_")

  item = Security::InternetPassword.find(server: server_name)

  password = item.password if item

  unless password
      puts "\e[33m[DEBUG] Keychain中未找到密码，需要用户输入: #{server_name}\e[0m" if ENV['PINDO_DEBUG']
      password = FastlaneCore::Helper.ask_password(message: "请输入证书仓库的加密密码: ", confirm: true)
      puts "\e[33m[DEBUG] 用户输入密码成功，等待验证后保存到Keychain\e[0m" if ENV['PINDO_DEBUG']
  else
      puts "\e[32m[DEBUG] 从Keychain获取密码成功: #{server_name}\e[0m" if ENV['PINDO_DEBUG']
  end

  return password
end

.get_password(keychain_name:) ⇒ String

获取密码（带内存缓存）优先从内存缓存获取，缓存未命中时从 Keychain 读取

Parameters:

• keychain_name (String) —

  Keychain 名称

Returns:

• (String) —

  密码

# File 'lib/pindo/base/aeshelper.rb', line 23

def self.get_password(keychain_name:)
  unless @@password_cache[keychain_name]
    puts "\e[33m[DEBUG] 密码缓存中未找到，从 Keychain 获取: #{keychain_name}\e[0m" if ENV['PINDO_DEBUG']
    @@password_cache[keychain_name] = fetch_password(keychain_name: keychain_name)
    puts "\e[32m[DEBUG] 密码已缓存: #{keychain_name}\e[0m" if ENV['PINDO_DEBUG']
  else
    puts "\e[32m[DEBUG] 从密码缓存获取: #{keychain_name}\e[0m" if ENV['PINDO_DEBUG']
  end
  @@password_cache[keychain_name]
end

.store_password(keychain_name: nil, password: nil) ⇒ Object

# File 'lib/pindo/base/aeshelper.rb', line 94

def self.store_password(keychain_name:nil, password:nil)
  server_name = ["match", keychain_name].join("_")

  # 先检查密码是否已存在，如果存在则无需重复保存
  begin
    item = Security::InternetPassword.find(server: server_name)
    if item && item.password == password
      puts "\e[33m[DEBUG] 密码已存在于Keychain，跳过保存: #{server_name}\e[0m" if ENV['PINDO_DEBUG']
      return
    end
  rescue => e
    # 密码不存在，继续保存流程
  end

  # 静默操作，避免输出错误信息（文件描述符级别重定向）
  begin
    old_stdout = STDOUT.dup
    old_stderr = STDERR.dup
    STDOUT.reopen(File::NULL, 'w')
    STDERR.reopen(File::NULL, 'w')

    # 先尝试删除旧密码（如果存在但不同）
    begin
      Security::InternetPassword.delete(server:server_name)
    rescue => e
      # 忽略删除错误（密码可能不存在）
    end

    # 添加新密码
    Security::InternetPassword.add(server_name, "", password)
  ensure
    STDOUT.reopen(old_stdout)
    STDERR.reopen(old_stderr)
    old_stdout.close
    old_stderr.close
  end
rescue => e
  # 忽略错误，不影响主流程
end