Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 103 lines (85 sloc) 2.948 kb
2dbda2a Spike Ilacqua Bare bones version
authored
1 require 'openssl'
2 require 'base64'
3
b722c82 Spike Ilacqua Initial public version
authored
4 require 'strongbox/lock'
5
4214543 Spike Ilacqua Initial setup
authored
6 module Strongbox
7
aa70c44 Spike Ilacqua Version bump
authored
8 VERSION = "0.7.1"
2dbda2a Spike Ilacqua Bare bones version
authored
9
b722c82 Spike Ilacqua Initial public version
authored
10 RSA_PKCS1_PADDING = OpenSSL::PKey::RSA::PKCS1_PADDING
11 RSA_SSLV23_PADDING = OpenSSL::PKey::RSA::SSLV23_PADDING
12 RSA_NO_PADDING = OpenSSL::PKey::RSA::NO_PADDING
13 RSA_PKCS1_OAEP_PADDING = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
14
4214543 Spike Ilacqua Initial setup
authored
15 class << self
b722c82 Spike Ilacqua Initial public version
authored
16 # Provides for setting the default options for Strongbox
2dbda2a Spike Ilacqua Bare bones version
authored
17 def options
18 @options ||= {
19 :base64 => false,
20 :symmetric => :always,
b722c82 Spike Ilacqua Initial public version
authored
21 :padding => RSA_PKCS1_PADDING,
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
22 :symmetric_cipher => 'aes-256-cbc',
046bd7e Aleksei Gusev Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
23 :ensure_required_columns => true,
24 :deferred_encryption => false
2dbda2a Spike Ilacqua Bare bones version
authored
25 }
26 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
27
2dbda2a Spike Ilacqua Bare bones version
authored
28 def included base #:nodoc:
29 base.extend ClassMethods
11bcd7f Spike Ilacqua Fix class_attribute regression with older version of Rails.
authored
30 if base.respond_to?(:class_attribute)
31 base.class_attribute :lock_options
32 end
2dbda2a Spike Ilacqua Bare bones version
authored
33 end
4214543 Spike Ilacqua Initial setup
authored
34 end
35
2dbda2a Spike Ilacqua Bare bones version
authored
36 class StrongboxError < StandardError #:nodoc:
37 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
38
4214543 Spike Ilacqua Initial setup
authored
39 module ClassMethods
b722c82 Spike Ilacqua Initial public version
authored
40 # +encrypt_with_public_key+ gives the class it is called on an attribute that
41 # when assigned is automatically encrypted using a public key. This allows the
42 # unattended encryption of data, without exposing the information need to decrypt
43 # it (as would be the case when using symmetric key encryption alone). Small
44 # amounts of data may be encrypted directly with the public key. Larger data is
45 # encrypted using symmetric encryption. The encrypted data is stored in the
46 # database column of the same name as the attibute. If symmetric encryption is
47 # used (the default) additional column are need to store the generated password
48 # and IV.
511d411 Linus Oleander Adding comments to encrypt_with_public_key
oleander authored
49 #
50 # Last argument should be the options hash
51 # Argument 0..-2 contains columns to be encrypted
63eeacd Linus Oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
52 def encrypt_with_public_key(*args)
2dbda2a Spike Ilacqua Bare bones version
authored
53 include InstanceMethods
aa70c44 Spike Ilacqua Version bump
authored
54
63eeacd Linus Oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
55 options = args.delete_at(-1) || {}
aa70c44 Spike Ilacqua Version bump
authored
56
63eeacd Linus Oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
57 unless options.is_a?(Hash)
58 args.push(options)
59 options = {}
60 end
aa70c44 Spike Ilacqua Version bump
authored
61
63eeacd Linus Oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
62 if args.one?
63 name = args.first
64 else
65 return args.each { |name| encrypt_with_public_key(name, options) }
66 end
aa70c44 Spike Ilacqua Version bump
authored
67
5f6c7fe Spike Ilacqua Fix for class_inheritable_attribute deprecation in Rails 3.1
authored
68 if respond_to?(:class_attribute)
69 self.lock_options = {} if lock_options.nil?
70 else
71 class_inheritable_reader :lock_options
72 write_inheritable_attribute(:lock_options, {}) if lock_options.nil?
73 end
000cd09 Spike Ilacqua Fix: only one attribute could be encrypted
authored
74
75 lock_options[name] = options.symbolize_keys.reverse_merge Strongbox.options
2dbda2a Spike Ilacqua Bare bones version
authored
76 define_method name do
000cd09 Spike Ilacqua Fix: only one attribute could be encrypted
authored
77 lock_for(name)
2dbda2a Spike Ilacqua Bare bones version
authored
78 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
79
2dbda2a Spike Ilacqua Bare bones version
authored
80 define_method "#{name}=" do | plaintext |
046bd7e Aleksei Gusev Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
81 lock_for(name).content plaintext
2dbda2a Spike Ilacqua Bare bones version
authored
82 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
83
046bd7e Aleksei Gusev Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
84 if lock_options[name][:deferred_encryption]
85 before_save do
86 lock_for(name).encrypt!
87 end
88 end
2dbda2a Spike Ilacqua Bare bones version
authored
89 end
4214543 Spike Ilacqua Initial setup
authored
90 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
91
4214543 Spike Ilacqua Initial setup
authored
92 module InstanceMethods
000cd09 Spike Ilacqua Fix: only one attribute could be encrypted
authored
93 def lock_for name
94 @_locks ||= {}
95 @_locks[name] ||= Lock.new(name, self, self.class.lock_options[name])
96 end
4214543 Spike Ilacqua Initial setup
authored
97 end
98 end
2dbda2a Spike Ilacqua Bare bones version
authored
99
100 if Object.const_defined?("ActiveRecord")
101 ActiveRecord::Base.send(:include, Strongbox)
102 end
Something went wrong with that request. Please try again.