Class: SfnParameters::Safe::Ssl

Inherits:

SfnParameters::Safe

• Object
• SfnParameters::Safe
• SfnParameters::Safe::Ssl

Defined in:

lib/sfn-parameters/safe/ssl.rb

Overview

OpenSSL based Safe implementation

Constant Summary

DEFAULT_CIPHER =

Default cipher

"AES-256-CBC"

CRYPT_ITER =

Maximum computation iteration length

10000

CRYPT_KEY_LENGTH =

Default length of generated key

32

Instance Attribute Summary

Attributes inherited from SfnParameters::Safe

#arguments

Instance Method Summary

• #initialize(*_) ⇒ self constructor

  Create OpenSSL backed safe.

• #lock(value) ⇒ Hash

  Lock a given value for storage.

• #unlock(value) ⇒ String

  Unlock a given value for access.

Methods inherited from SfnParameters::Safe

build

Constructor Details

#initialize(*_) ⇒ self

Create OpenSSL backed safe

Parameters:

• args (Hash)
• :args (Hash) —

  a customizable set of options

# File 'lib/sfn-parameters/safe/ssl.rb', line 26

def initialize(*_)
  super
  unless arguments[:salt]
    arguments[:salt] = OpenSSL::Random.random_bytes(16)
  end
  unless arguments[:key]
    raise ArgumentError.new "Required `:key` argument unset for `Safe::Ssl`!"
  end
end

Instance Method Details

#lock(value) ⇒ Hash

Lock a given value for storage

Parameters:

• value (String) —

  value to lock

Returns:

• (Hash) —

  locked content in form :content

# File 'lib/sfn-parameters/safe/ssl.rb', line 40

def lock(value)
  cipher = build(arguments[:salt])
  new_iv = cipher.random_iv
  cipher.iv = new_iv
  result = cipher.update(value) + cipher.final
  Smash.new(
    :iv => Base64.urlsafe_encode64(new_iv),
    :cipher => arguments.fetch(:cipher, DEFAULT_CIPHER),
    :content => Base64.urlsafe_encode64(result),
    :salt => Base64.urlsafe_encode64(arguments[:salt]),
    :sfn_parameters_lock => Bogo::Utility.snake(self.class.name.split("::").last),
  )
end

#unlock(value) ⇒ String

Unlock a given value for access

Parameters:

• value (Hash) —

  content to unlock

• :value (Hash) —

  a customizable set of options

Returns:

• (String)

# File 'lib/sfn-parameters/safe/ssl.rb', line 61

def unlock(value)
  value = value.to_smash
  [:content, :iv, :salt].each do |key|
    unless value[key]
      raise ArgumentError.new("Missing required information `#{key}`")
    end
  end
  o_cipher = arguments[:cipher]
  arguments[:cipher] = value[:cipher] if value[:cipher]
  cipher = build(
    Base64.urlsafe_decode64(value[:salt]),
    Base64.urlsafe_decode64(value[:iv])
  )
  arguments[:cipher] = o_cipher
  string = Base64.urlsafe_decode64(value[:content])
  cipher.update(string) + cipher.final
end