Class: SecureDataBag::SecureDataBagItem::Decryptor

Inherits:

Object

• Object
• SecureDataBag::SecureDataBagItem::Decryptor

Defined in:

lib/secure_data_bag/decryptor.rb

Instance Attribute Summary

• #encrypted_hash ⇒ Object readonly

  Returns the value of attribute encrypted_hash.

• #encryption ⇒ Object readonly

  Returns the value of attribute encryption.

• #key ⇒ Object readonly

  Returns the value of attribute key.

Instance Method Summary

• #decrypt_hash(hash) ⇒ Object
• #decrypt_value(value) ⇒ Object
• #decrypted_hash ⇒ Object
• #decryption_error(e = nil) ⇒ Object
• #for_decrypted_item ⇒ Object
• #initialize(encrypted_hash, encryption, key) ⇒ Decryptor constructor

  A new instance of Decryptor.

• #iv ⇒ Object
• #openssl_decryptor ⇒ Object

Constructor Details

#initialize(encrypted_hash, encryption, key) ⇒ Decryptor

Returns a new instance of Decryptor.

# File 'lib/secure_data_bag/decryptor.rb', line 15

def initialize(encrypted_hash, encryption, key)
  @encryption = encryption
  @encrypted_hash = encrypted_hash
  @key = key
end

Instance Attribute Details

#encrypted_hash ⇒ Object (readonly)

Returns the value of attribute encrypted_hash.

# File 'lib/secure_data_bag/decryptor.rb', line 13

def encrypted_hash
  @encrypted_hash
end

#encryption ⇒ Object (readonly)

Returns the value of attribute encryption.

# File 'lib/secure_data_bag/decryptor.rb', line 12

def encryption
  @encryption
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/secure_data_bag/decryptor.rb', line 11

def key
  @key
end

Instance Method Details

#decrypt_hash(hash) ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 46

def decrypt_hash(hash)
  hash.each do |k,v|
    if encryption[:encoded_fields].include?(k)
      v = decrypt_value(v)
    elsif v.is_a? Hash
      v = decrypt_hash(v)
    end
    hash[k] = v
  end
  hash
end

#decrypt_value(value) ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 58

def decrypt_value(value)
  if value.is_a? String and not value.empty?
    value = Base64.decode64(value)
    value = openssl_decryptor.update(value)
    value << openssl_decryptor.final

    if value.include? "json_wrapper"
      value = Yajl::Parser.parse(value)["json_wrapper"]
    end
    @openssl_decryptor = nil
  end
  value
end

#decrypted_hash ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 40

def decrypted_hash
  @decrypted_hash ||= begin
    decrypt_hash(encrypted_hash.dup)
  end
end

#decryption_error(e = nil) ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 26

def decryption_error(e=nil)
  msg = "Error decrypting data bag value"
  msg << ": '#{e.message}'" if e
  msg << ". Most likely the provided key is incorrect"
  msg
end

#for_decrypted_item ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 21

def for_decrypted_item
  pp "decrypted_hash"
  decrypted_hash
end

#iv ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 33

def iv
  @iv ||= begin
    iv_string = encryption[:iv]
    Base64.decode64(iv_string)
  end
end

#openssl_decryptor ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 72

def openssl_decryptor
  @openssl_decryptor ||= begin
    d = OpenSSL::Cipher::Cipher.new(encryption[:cipher])
    d.decrypt
    d.key = Digest::SHA256.digest(key)
    d.iv = iv
    d
  end
end