Class: WatchList::Secure

Inherits:

Object

• Object
• WatchList::Secure

Defined in:

lib/watch_list/secure.rb

Constant Summary

CIPHER_NAME =

'AES-256-CBC'

Class Method Summary

• .decrypt(pass, salt, encrypted) ⇒ Object
• .decrypt_if_possible(value) ⇒ Object
• .encrypt(pass, salt, data) ⇒ Object
• .encrypted_value?(value) ⇒ Boolean
• .get_pass_salt_from_git(options = {}) ⇒ Object
• .git_decrypt(data) ⇒ Object
• .git_encrypt(data) ⇒ Object
• .git_encryptable? ⇒ Boolean
• .set_key_iv(pass, salt, cipher) ⇒ Object

Class Method Details

.decrypt(pass, salt, encrypted) ⇒ Object

# File 'lib/watch_list/secure.rb', line 23

def decrypt(pass, salt, encrypted)
  encrypted = Base64.strict_decode64(encrypted)
  cipher = OpenSSL::Cipher.new(CIPHER_NAME)
  cipher.decrypt
  set_key_iv(pass, salt, cipher)
  cipher.update(encrypted) + cipher.final
end

.decrypt_if_possible(value) ⇒ Object

# File 'lib/watch_list/secure.rb', line 61

def decrypt_if_possible(value)
  if git_encryptable? and encrypted_value?(value)
    git_decrypt(value)
  else
    value
  end
end

.encrypt(pass, salt, data) ⇒ Object

# File 'lib/watch_list/secure.rb', line 15

def encrypt(pass, salt, data)
  cipher = OpenSSL::Cipher.new(CIPHER_NAME)
  cipher.encrypt
  set_key_iv(pass, salt, cipher)
  encrypted = cipher.update(data) + cipher.final
  Base64.strict_encode64(encrypted)
end

.encrypted_value?(value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/watch_list/secure.rb', line 57

def encrypted_value?(value)
  value.kind_of?(Hash) and value.has_key?(:secure)
end

.get_pass_salt_from_git(options = {}) ⇒ Object

# File 'lib/watch_list/secure.rb', line 40

def get_pass_salt_from_git(options = {})
  pass = `git config watch-list.pass`.strip
  salt = `git config watch-list.salt`.strip

  if options[:validate]
    raise 'cannot get "watch-list.pass" from git config' if pass.empty?
    raise 'cannot get "watch-list.salt" from git config' if salt.empty?
  end

  [pass, salt]
end

.git_decrypt(data) ⇒ Object

# File 'lib/watch_list/secure.rb', line 10

def git_decrypt(data)
  pass, salt = get_pass_salt_from_git(:validate => true)
  decrypt(pass, salt, data.fetch(:secure))
end

.git_encrypt(data) ⇒ Object

# File 'lib/watch_list/secure.rb', line 5

def git_encrypt(data)
  pass, salt = get_pass_salt_from_git(:validate => true)
  {:secure => encrypt(pass, salt, data)}
end

.git_encryptable? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/watch_list/secure.rb', line 52

def git_encryptable?
  pass, salt = get_pass_salt_from_git
  not pass.empty? and not salt.empty?
end

.set_key_iv(pass, salt, cipher) ⇒ Object

# File 'lib/watch_list/secure.rb', line 31

def set_key_iv(pass, salt, cipher)
  salt = Base64.strict_decode64(salt)
  key_iv = OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, salt, 2000, cipher.key_len + cipher.iv_len)
  key = key_iv[0, cipher.key_len]
  iv = key_iv[cipher.key_len, cipher.iv_len]
  cipher.key = key
  cipher.iv = iv
end