Class: Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor

Inherits:
Object
  • Object
show all
Defined in:
lib/chef/encrypted_data_bag_item/decryptor.rb

Direct Known Subclasses

Version2Decryptor

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(encrypted_data, key) ⇒ Version1Decryptor

Returns a new instance of Version1Decryptor.



118
119
120
121
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 118

def initialize(encrypted_data, key)
  @encrypted_data = encrypted_data
  @key = key
end

Instance Attribute Details

#encrypted_dataObject (readonly)

Returns the value of attribute encrypted_data.



115
116
117
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 115

def encrypted_data
  @encrypted_data
end

#keyObject (readonly)

Returns the value of attribute key.



116
117
118
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 116

def key
  @key
end

Instance Method Details

#assert_valid_cipher!Object 



160
161
162
163
164
165
166
167
168
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 160

def assert_valid_cipher!
  # In the future, chef may support configurable ciphers. For now, only
  # aes-256-cbc is supported.
  requested_cipher = @encrypted_data["cipher"]
  unless requested_cipher == ALGORITHM
    raise UnsupportedCipher,
      "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}']"
  end
end

#decrypted_dataObject 



140
141
142
143
144
145
146
147
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 140

def decrypted_data
  @decrypted_data ||= begin
    plaintext = openssl_decryptor.update(encrypted_bytes)
    plaintext << openssl_decryptor.final
  rescue OpenSSL::Cipher::CipherError => e
    raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect"
  end
end

#encrypted_bytesObject 



132
133
134
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 132

def encrypted_bytes
  Base64.decode64(@encrypted_data["encrypted_data"])
end

#for_decrypted_itemObject 



123
124
125
126
127
128
129
130
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 123

def for_decrypted_item
  FFI_Yajl::Parser.parse(decrypted_data)["json_wrapper"]
rescue FFI_Yajl::ParseError
  # convert to a DecryptionFailure error because the most likely scenario
  # here is that the decryption step was unsuccessful but returned bad
  # data rather than raising an error.
  raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
end

#ivObject 



136
137
138
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 136

def iv
  Base64.decode64(@encrypted_data["iv"])
end

#openssl_decryptorObject 



149
150
151
152
153
154
155
156
157
158
 
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 149

def openssl_decryptor
  @openssl_decryptor ||= begin
    assert_valid_cipher!
    d = OpenSSL::Cipher::Cipher.new(ALGORITHM)
    d.decrypt
    d.key = Digest::SHA256.digest(key)
    d.iv = iv
    d
  end
end