13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
# File 'lib/kms_rails/active_record.rb', line 13
def kms_attr(field, key_id:, retain: false, msgpack: false, context_key: nil, context_value: nil)
include InstanceMethods
real_field = "#{field}_enc"
enc = Core.new(key_id: key_id, msgpack: msgpack, context_key: context_key, context_value: context_value)
define_method "#{field}=" do |data|
raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
raise RuntimeError, "Field '#{real_field}' must exist to store encrypted data" unless self.class.column_names.include?(real_field)
if data.blank? clear_retained(field)
self[real_field] = nil
return
end
set_retained(field, data) if retain
encrypted_data = enc.encrypt(data)
data = nil
store_hash(field, encrypted_data)
end
define_method "#{real_field}" do
raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
raise RuntimeError, "Field '#{real_field}' must exist to retrieve encrypted data" unless self.class.column_names.include?(real_field)
Core.to64( get_hash(field) )
end
define_method "#{field}" do
raise RuntimeError, "Field '#{field}' must not be a real column, '#{real_field}' is the real column" if self.class.column_names.include?(field.to_s)
raise RuntimeError, "Field '#{real_field}' must exist to retrieve decrypted data" unless self.class.column_names.include?(real_field)
hash = get_hash(field)
return nil unless hash
if retain && (plaintext = get_retained(field))
plaintext
else
plaintext = enc.decrypt(hash)
set_retained(field, plaintext) if retain
plaintext
end
end
define_method "#{field}_clear" do
clear_retained(field)
end
end
|