Class: Desviar::EncryptedItem::Decryptor::Version1Decryptor
- Inherits:
-
Object
- Object
- Desviar::EncryptedItem::Decryptor::Version1Decryptor
- Defined in:
- lib/encrypt.rb
Direct Known Subclasses
Instance Attribute Summary collapse
-
#encrypted_data ⇒ Object
readonly
Returns the value of attribute encrypted_data.
-
#key ⇒ Object
readonly
Returns the value of attribute key.
Instance Method Summary collapse
- #assert_valid_cipher! ⇒ Object
- #decrypted_data ⇒ Object
- #encrypted_bytes ⇒ Object
- #for_decrypted_item ⇒ Object
-
#initialize(encrypted_data, key) ⇒ Version1Decryptor
constructor
A new instance of Version1Decryptor.
- #iv ⇒ Object
- #openssl_decryptor ⇒ Object
Constructor Details
#initialize(encrypted_data, key) ⇒ Version1Decryptor
Returns a new instance of Version1Decryptor.
231 232 233 234 |
# File 'lib/encrypt.rb', line 231 def initialize(encrypted_data, key) @encrypted_data = encrypted_data @key = key end |
Instance Attribute Details
#encrypted_data ⇒ Object (readonly)
Returns the value of attribute encrypted_data.
228 229 230 |
# File 'lib/encrypt.rb', line 228 def encrypted_data @encrypted_data end |
#key ⇒ Object (readonly)
Returns the value of attribute key.
229 230 231 |
# File 'lib/encrypt.rb', line 229 def key @key end |
Instance Method Details
#assert_valid_cipher! ⇒ Object
273 274 275 276 277 278 279 280 281 |
# File 'lib/encrypt.rb', line 273 def assert_valid_cipher! # In the future, chef may support configurable ciphers. For now, only # aes-256-cbc is supported. requested_cipher = @encrypted_data["cipher"] unless requested_cipher == ALGORITHM raise UnsupportedCipher, "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}']" end end |
#decrypted_data ⇒ Object
253 254 255 256 257 258 259 260 |
# File 'lib/encrypt.rb', line 253 def decrypted_data @decrypted_data ||= begin plaintext = openssl_decryptor.update(encrypted_bytes) plaintext << openssl_decryptor.final rescue OpenSSL::Cipher::CipherError => e raise DecryptionFailure, "Error decrypting data bag value: '#{e.}'. Most likely the provided key is incorrect" end end |
#encrypted_bytes ⇒ Object
245 246 247 |
# File 'lib/encrypt.rb', line 245 def encrypted_bytes Base64.decode64(@encrypted_data["encrypted_data"]) end |
#for_decrypted_item ⇒ Object
236 237 238 239 240 241 242 243 |
# File 'lib/encrypt.rb', line 236 def for_decrypted_item Yajl::Parser.parse(decrypted_data)["json_wrapper"] rescue Yajl::ParseError # convert to a DecryptionFailure error because the most likely scenario # here is that the decryption step was unsuccessful but returned bad # data rather than raising an error. raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect" end |
#iv ⇒ Object
249 250 251 |
# File 'lib/encrypt.rb', line 249 def iv Base64.decode64(@encrypted_data["iv"]) end |
#openssl_decryptor ⇒ Object
262 263 264 265 266 267 268 269 270 271 |
# File 'lib/encrypt.rb', line 262 def openssl_decryptor @openssl_decryptor ||= begin assert_valid_cipher! d = OpenSSL::Cipher::Cipher.new(ALGORITHM) d.decrypt d.key = Digest::SHA256.digest(key) d.iv = iv d end end |