Class: Dapp::Kube::Secret

Inherits:

Object

• Object
• Dapp::Kube::Secret

Defined in:

lib/dapp/kube/secret.rb

Defined Under Namespace

Classes: Error, ExtractionError, InvalidKeyError

Instance Attribute Summary

• #key ⇒ Object readonly

  Returns the value of attribute key.

Class Method Summary

• ._binary_to_hex(key) ⇒ Object
• ._hex_to_binary(key) ⇒ Object
• ._openssl_cipher ⇒ Object
• ._validate_key!(key) ⇒ Object
• .generate_key ⇒ Object

Instance Method Summary

• #extract(hexdata) ⇒ Object
• #generate(value) ⇒ Object
• #initialize(key) ⇒ Secret constructor

  A new instance of Secret.

Constructor Details

#initialize(key) ⇒ Secret

Returns a new instance of Secret.

# File 'lib/dapp/kube/secret.rb', line 6

def initialize(key)
  self.class._validate_key!(key)
  @key = key
end

Instance Attribute Details

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/dapp/kube/secret.rb', line 4

def key
  @key
end

Class Method Details

._binary_to_hex(key) ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 65

def _binary_to_hex(key)
  key.unpack('H*').first
end

._hex_to_binary(key) ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 61

def _hex_to_binary(key)
  [key].pack('H*')
end

._openssl_cipher ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 57

def _openssl_cipher
  OpenSSL::Cipher::AES.new(128, :CBC)
end

._validate_key!(key) ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 69

def _validate_key!(key)
  # Требуется 128 битный ключ — это 16 байт.
  # Ключ закодирован в hex кодировке для пользователя.
  # 2 hex символа на 1 байт в hex кодировке.
  # Поэтому требуется длина ключа в hex кодировке в 32 символа.
  if key.bytesize < 32
    raise InvalidKeyError, code: :key_length_too_short, data: {required_size: 32}
  end
end

.generate_key ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 53

def generate_key
  _binary_to_hex _openssl_cipher.random_key
end

Instance Method Details

#extract(hexdata) ⇒ Object

Raises:

• (ExtractionError)

# File 'lib/dapp/kube/secret.rb', line 23

def extract(hexdata)
  data = self.class._hex_to_binary hexdata.to_s

  iv_size = data.unpack('S').first
  data = data.byteslice(2..-1)
  raise ExtractionError, code: :bad_data, data: {data: hexdata} unless data

  iv = data.byteslice(0, iv_size)
  data = data.byteslice(iv_size..-1)
  raise ExtractionError, code: :bad_data, data: {data: hexdata} unless data

  decipher = self.class._openssl_cipher
  decipher.decrypt
  decipher.key = self.class._hex_to_binary(key)

  begin
    decipher.iv = iv
  rescue OpenSSL::Cipher::CipherError
    raise ExtractionError, code: :bad_data, data: {data: hexdata}
  end

  begin
    value = decipher.update(data) + decipher.final
  rescue OpenSSL::Cipher::CipherError
    raise ExtractionError, code: :bad_data, data: {data: hexdata}
  end
  value.force_encoding('utf-8')
end

#generate(value) ⇒ Object

# File 'lib/dapp/kube/secret.rb', line 11

def generate(value)
  cipher = self.class._openssl_cipher
  cipher.encrypt
  cipher.key = self.class._hex_to_binary key
  iv = cipher.random_iv

  iv_size_prefix = [iv.bytesize].pack('S')
  encrypted = cipher.update(value.to_s) + cipher.final

  self.class._binary_to_hex "#{iv_size_prefix}#{iv}#{encrypted}"
end