Method: DaffyLib::CachingEncryptor.zt_decrypt

Defined in:: lib/daffy_lib/caching_encryptor.rb

.zt_decrypt(*args, &block) ⇒ `Object`

# File 'lib/daffy_lib/caching_encryptor.rb', line 40

def self.zt_decrypt(*args, &block)
  value, expires_in, cmk_key_id = validate_decrypt_params(*args)

  ciphertext_info = JSON.parse(value, symbolize_names: true)

  # Call the legacy decrypt function if there is no key_guid present
  return legacy_decrypt(*args, block) unless ciphertext_info.key?(:key_guid)

  key_guid = ciphertext_info[:key_guid]
  ciphertext = Base64.decode64(ciphertext_info[:data])
  nonce = Base64.decode64(ciphertext_info[:nonce])

  key_info = DaffyLib::EncryptionKey.find_by!(guid: key_guid)

  kms = DaffyLib::KeyManagementService.new(key_info.partition_guid, expires_in, cmk_key_id)
  plaintext_key = kms.retrieve_plaintext_key(key_info)

  PorkyLib::Symmetric.instance.decrypt_with_key(
    ciphertext,
    plaintext_key,
    nonce
  ).plaintext
rescue JSON::JSONError => e
  Rails.logger.error("JSON parse error on decryption: #{e.message}")

  raise DecryptionFailedException
rescue ActiveRecord::RecordNotFound => e
  Rails.logger.error("Failed to find encryption key for guid #{key_guid} on decrypt: #{e.message}")

  raise DecryptionFailedException
rescue DaffyLib::KeyManagementService::KeyManagementServiceException => e
  Rails.logger.error("KeyManagementService exception on decrypt: #{e.message}")

  raise DecryptionFailedException
rescue RbNaCl::CryptoError, RbNaCl::LengthError => e
  Rails.logger.error("RbNaCl exception on decrypt: #{e.message}")

  raise DecryptionFailedException
end

Method: DaffyLib::CachingEncryptor.zt_decrypt

.zt_decrypt(*args, &block) ⇒ Object

.zt_decrypt(*args, &block) ⇒ `Object`