Class: SecureDataBag::Item::Encryptor

Inherits:

Object

• Object
• SecureDataBag::Item::Encryptor

Defined in:

lib/secure_data_bag/encryptor.rb

Instance Attribute Summary

• #encoded_fields ⇒ Object readonly

  Returns the value of attribute encoded_fields.

• #encryption ⇒ Object readonly

  Returns the value of attribute encryption.

• #key ⇒ Object readonly

  Returns the value of attribute key.

• #unencrypted_hash ⇒ Object readonly

  Returns the value of attribute unencrypted_hash.

Instance Method Summary

• #encrypt_hash(hash) ⇒ Object
• #encrypt_value(value) ⇒ Object
• #encrypted_hash ⇒ Object
• #for_encrypted_item ⇒ Object
• #initialize(unencrypted_hash, encryption, key) ⇒ Encryptor constructor

  A new instance of Encryptor.

• #normalize_value(value) ⇒ Object
• #openssl_encryptor ⇒ Object
• #serialize_value(value) ⇒ Object

Constructor Details

#initialize(unencrypted_hash, encryption, key) ⇒ Encryptor

Returns a new instance of Encryptor.

# File 'lib/secure_data_bag/encryptor.rb', line 11

def initialize(unencrypted_hash, encryption, key)
  @encryption = encryption
  @unencrypted_hash = unencrypted_hash
  @encoded_fields = []
  @key = key
end

Instance Attribute Details

#encoded_fields ⇒ Object (readonly)

Returns the value of attribute encoded_fields.

# File 'lib/secure_data_bag/encryptor.rb', line 27

def encoded_fields
  @encoded_fields
end

#encryption ⇒ Object (readonly)

Returns the value of attribute encryption.

# File 'lib/secure_data_bag/encryptor.rb', line 28

def encryption
  @encryption
end

#key ⇒ Object (readonly)

Returns the value of attribute key.

# File 'lib/secure_data_bag/encryptor.rb', line 29

def key
  @key
end

#unencrypted_hash ⇒ Object (readonly)

Returns the value of attribute unencrypted_hash.

# File 'lib/secure_data_bag/encryptor.rb', line 26

def unencrypted_hash
  @unencrypted_hash
end

Instance Method Details

#encrypt_hash(hash) ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 37

def encrypt_hash(hash)
  hash.each do |k,v|
    if encryption[:encoded_fields].include?(k)
      v = encrypt_value(v)
      encoded_fields << k
    elsif v.is_a? Hash
      v = encrypt_hash(v)
    end
    hash[k] = v
  end
  hash
end

#encrypt_value(value) ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 50

def encrypt_value(value)
  value = normalize_value(value)

  if not value.nil? and not value.empty?
    value = openssl_encryptor.update(value)
    value << openssl_encryptor.final
    @openssl_encryptor = nil
    value = Base64.encode64(value)
  end

  value
end

#encrypted_hash ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 31

def encrypted_hash
  @encrypted_data ||= begin
    encrypt_hash(unencrypted_hash.dup) 
  end
end

#for_encrypted_item ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 18

def for_encrypted_item
  data = encrypted_hash
  encryption_hash = encryption.dup
  encryption_hash[:iv] = Base64.encode64(encryption_hash[:iv] || "")
  encryption_hash[:encoded_fields] = encoded_fields.uniq
  data.merge({encryption:encryption_hash})
end

#normalize_value(value) ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 63

def normalize_value(value)
  if [Hash,Array].any? {|c| value.is_a? c}
    serialize_value(value)
  else 
    value.to_s
  end
end

#openssl_encryptor ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 75

def openssl_encryptor
  @openssl_encryptor ||= begin
    encryptor = OpenSSL::Cipher::Cipher.new(encryption[:cipher])
    encryptor.encrypt
    encryption[:iv] ||= encryptor.random_iv
    encryptor.iv = encryption[:iv]
    encryptor.key = Digest::SHA256.digest(key)
    encryptor
  end
end

#serialize_value(value) ⇒ Object

# File 'lib/secure_data_bag/encryptor.rb', line 71

def serialize_value(value)
  Yajl::Encoder.encode(:json_wrapper => value)
end