Class: TFA::SecureStorage

Inherits:

Object

• Object
• TFA::SecureStorage

Defined in:

lib/tfa/secure_storage.rb

Instance Method Summary

• #decrypt! ⇒ Object
• #encrypt!(algorithm = "AES-256-CBC") ⇒ Object
• #encrypted? ⇒ Boolean
• #initialize(original, passphrase_request) ⇒ SecureStorage constructor

  A new instance of SecureStorage.

Constructor Details

#initialize(original, passphrase_request) ⇒ SecureStorage

Returns a new instance of SecureStorage.

# File 'lib/tfa/secure_storage.rb', line 3

def initialize(original, passphrase_request)
  @original = original
  @passphrase_request = passphrase_request
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(name, *args, &block) ⇒ Object (private)

# File 'lib/tfa/secure_storage.rb', line 42

def method_missing(name, *args, &block)
  super unless @original.respond_to?(name)

  was_encrypted = encrypted?
  if was_encrypted
    encrypted_content = IO.read(@original.path)
    decrypt!
    original_sha256 = Digest::SHA256.file(@original.path)
  end
  result = @original.public_send(name, *args, &block)
  if was_encrypted
    new_sha256 = Digest::SHA256.file(@original.path)

    if original_sha256 == new_sha256
      IO.write(@original.path, encrypted_content)
    else
      encrypt!
    end
  end
  result
end

Instance Method Details

#decrypt! ⇒ Object

# File 'lib/tfa/secure_storage.rb', line 22

def decrypt!
  data = JSON.parse(IO.read(@original.path), symbolize_names: true)
  decipher = OpenSSL::Cipher.new(data[:algorithm])
  decipher.decrypt
  decipher.key = digest
  decipher.iv = Base64.decode64(data[:iv])
  plain_text = decipher.update(Base64.decode64(data[:cipher_text]))
  IO.write(@original.path, plain_text + decipher.final)
end

#encrypt!(algorithm = "AES-256-CBC") ⇒ Object

# File 'lib/tfa/secure_storage.rb', line 8

def encrypt!(algorithm = "AES-256-CBC")
  cipher = OpenSSL::Cipher.new(algorithm)
  cipher.encrypt
  cipher.key = digest
  cipher.iv = iv = cipher.random_iv
  plain_text = IO.read(@original.path)
  json = JSON.generate(
    algorithm: algorithm,
    iv: Base64.encode64(iv),
    cipher_text: Base64.encode64(cipher.update(plain_text) + cipher.final),
  )
  IO.write(@original.path, json)
end

#encrypted? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/tfa/secure_storage.rb', line 32

def encrypted?
  return false unless File.exist?(@original.path)
  JSON.parse(IO.read(@original.path))
  true
rescue JSON::ParserError
  false
end