Class: SecureDataBag::Item::Decryptor

Inherits:

Object

• Object
• SecureDataBag::Item::Decryptor

Defined in:

lib/secure_data_bag/decryptor.rb

Defined Under Namespace

Classes: DecryptionFailure

Instance Attribute Summary

• #encrypted_hash ⇒ Object readonly

  Returns the value of attribute encrypted_hash.

• #encryption ⇒ Object readonly

  Returns the value of attribute encryption.

• #key ⇒ Object readonly

  Returns the value of attribute key.

Instance Method Summary

• #decrypt_hash(hash) ⇒ Object
• #decrypt_value(value) ⇒ Object
• #decrypted_hash ⇒ Object
• #for_decrypted_item ⇒ Object
• #initialize(encrypted_hash, encryption, key) ⇒ Decryptor constructor

  A new instance of Decryptor.

• #iv ⇒ Object
• #openssl_decryptor ⇒ Object

Constructor Details

#initialize(encrypted_hash, encryption, key) ⇒ Decryptor

Returns a new instance of Decryptor.

# File 'lib/secure_data_bag/decryptor.rb', line 14

def initialize(encrypted_hash, encryption, key)
  @encryption = encryption
  @encrypted_hash = encrypted_hash
  @key = key
  @iv = nil
end

Instance Attribute Details

#encrypted_hash ⇒ Object (readonly)

Returns the value of attribute encrypted_hash.

# File 'lib/secure_data_bag/decryptor.rb', line 25

def encrypted_hash
  @encrypted_hash
end

#encryption ⇒ Object (readonly)

Returns the value of attribute encryption.

# File 'lib/secure_data_bag/decryptor.rb', line 26

def encryption
  @encryption
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/secure_data_bag/decryptor.rb', line 27

def key
  @key
end

Instance Method Details

#decrypt_hash(hash) ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 42

def decrypt_hash(hash)
  hash.each do |k,v|
    if encryption[:encoded_fields].include?(k)
      begin
        v = decrypt_value(v)
      rescue Yajl::ParseError
        raise DecryptionFailure, 
          "Error decrypting data bag value for #{k}."
      rescue OpenSSL::Cipher::CipherError => e
        raise DecryptionFailure, 
          "Error decrypting data bag value for #{k}: #{e.message}"
      end
    elsif v.is_a? Hash
      v = decrypt_hash(v)
    end
    hash[k] = v
  end
  hash
end

#decrypt_value(value) ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 62

def decrypt_value(value)
  if value.is_a? String and not value.empty?
    value = Base64.decode64(value)
    value = openssl_decryptor.update(value)
    value << openssl_decryptor.final

    if value.include? "json_wrapper"
      value = Yajl::Parser.parse(value)["json_wrapper"]
    end
    @openssl_decryptor = nil
  end
  value
end

#decrypted_hash ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 36

def decrypted_hash
  @decrypted_hash ||= begin
    decrypt_hash(encrypted_hash.dup)
  end
end

#for_decrypted_item ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 21

def for_decrypted_item
  decrypted_hash
end

#iv ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 29

def iv
  @iv ||= begin
    iv_string = encryption[:iv]
    Base64.decode64(iv_string)
  end
end

#openssl_decryptor ⇒ Object

# File 'lib/secure_data_bag/decryptor.rb', line 76

def openssl_decryptor
  @openssl_decryptor ||= begin
    d = OpenSSL::Cipher::Cipher.new(encryption[:cipher])
    d.decrypt
    d.key = Digest::SHA256.digest(key)
    d.iv = iv
    d
  end
end