Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Newer
Older
100644 103 lines (85 sloc) 2.948 kB
2dbda2a @spikex Bare bones version
authored
1 require 'openssl'
2 require 'base64'
3
b722c82 @spikex Initial public version
authored
4 require 'strongbox/lock'
5
4214543 @spikex Initial setup
authored
6 module Strongbox
7
ca1216d @spikex Bump for validation fix
authored
8 VERSION = "0.7.2"
2dbda2a @spikex Bare bones version
authored
9
b722c82 @spikex Initial public version
authored
10 RSA_PKCS1_PADDING = OpenSSL::PKey::RSA::PKCS1_PADDING
11 RSA_SSLV23_PADDING = OpenSSL::PKey::RSA::SSLV23_PADDING
12 RSA_NO_PADDING = OpenSSL::PKey::RSA::NO_PADDING
13 RSA_PKCS1_OAEP_PADDING = OpenSSL::PKey::RSA::PKCS1_OAEP_PADDING
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
14
4214543 @spikex Initial setup
authored
15 class << self
b722c82 @spikex Initial public version
authored
16 # Provides for setting the default options for Strongbox
2dbda2a @spikex Bare bones version
authored
17 def options
18 @options ||= {
19 :base64 => false,
20 :symmetric => :always,
b722c82 @spikex Initial public version
authored
21 :padding => RSA_PKCS1_PADDING,
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
22 :symmetric_cipher => 'aes-256-cbc',
046bd7e @hron Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
23 :ensure_required_columns => true,
24 :deferred_encryption => false
2dbda2a @spikex Bare bones version
authored
25 }
26 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
27
2dbda2a @spikex Bare bones version
authored
28 def included base #:nodoc:
29 base.extend ClassMethods
11bcd7f @spikex Fix class_attribute regression with older version of Rails.
authored
30 if base.respond_to?(:class_attribute)
31 base.class_attribute :lock_options
32 end
2dbda2a @spikex Bare bones version
authored
33 end
4214543 @spikex Initial setup
authored
34 end
35
2dbda2a @spikex Bare bones version
authored
36 class StrongboxError < StandardError #:nodoc:
37 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
38
4214543 @spikex Initial setup
authored
39 module ClassMethods
b722c82 @spikex Initial public version
authored
40 # +encrypt_with_public_key+ gives the class it is called on an attribute that
41 # when assigned is automatically encrypted using a public key. This allows the
42 # unattended encryption of data, without exposing the information need to decrypt
43 # it (as would be the case when using symmetric key encryption alone). Small
44 # amounts of data may be encrypted directly with the public key. Larger data is
45 # encrypted using symmetric encryption. The encrypted data is stored in the
46 # database column of the same name as the attibute. If symmetric encryption is
47 # used (the default) additional column are need to store the generated password
48 # and IV.
511d411 @oleander Adding comments to encrypt_with_public_key
oleander authored
49 #
50 # Last argument should be the options hash
51 # Argument 0..-2 contains columns to be encrypted
63eeacd @oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
52 def encrypt_with_public_key(*args)
2dbda2a @spikex Bare bones version
authored
53 include InstanceMethods
aa70c44 @spikex Version bump
authored
54
63eeacd @oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
55 options = args.delete_at(-1) || {}
aa70c44 @spikex Version bump
authored
56
63eeacd @oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
57 unless options.is_a?(Hash)
58 args.push(options)
59 options = {}
60 end
aa70c44 @spikex Version bump
authored
61
63eeacd @oleander encrypt_with_public_key should be able to handle multiply columns
oleander authored
62 if args.one?
63 name = args.first
64 else
65 return args.each { |name| encrypt_with_public_key(name, options) }
66 end
aa70c44 @spikex Version bump
authored
67
5f6c7fe @spikex Fix for class_inheritable_attribute deprecation in Rails 3.1
authored
68 if respond_to?(:class_attribute)
69 self.lock_options = {} if lock_options.nil?
70 else
71 class_inheritable_reader :lock_options
72 write_inheritable_attribute(:lock_options, {}) if lock_options.nil?
73 end
000cd09 @spikex Fix: only one attribute could be encrypted
authored
74
75 lock_options[name] = options.symbolize_keys.reverse_merge Strongbox.options
2dbda2a @spikex Bare bones version
authored
76 define_method name do
000cd09 @spikex Fix: only one attribute could be encrypted
authored
77 lock_for(name)
2dbda2a @spikex Bare bones version
authored
78 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
79
2dbda2a @spikex Bare bones version
authored
80 define_method "#{name}=" do | plaintext |
046bd7e @hron Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
81 lock_for(name).content plaintext
2dbda2a @spikex Bare bones version
authored
82 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
83
046bd7e @hron Introduce deferred encryption to allow easily use of dynamic keys.
hron authored
84 if lock_options[name][:deferred_encryption]
85 before_save do
86 lock_for(name).encrypt!
87 end
88 end
2dbda2a @spikex Bare bones version
authored
89 end
4214543 @spikex Initial setup
authored
90 end
850bd70 Optionally allow disabling of Lock#ensure_required_columns.
Jason Whittle authored
91
4214543 @spikex Initial setup
authored
92 module InstanceMethods
000cd09 @spikex Fix: only one attribute could be encrypted
authored
93 def lock_for name
94 @_locks ||= {}
95 @_locks[name] ||= Lock.new(name, self, self.class.lock_options[name])
96 end
4214543 @spikex Initial setup
authored
97 end
98 end
2dbda2a @spikex Bare bones version
authored
99
100 if Object.const_defined?("ActiveRecord")
101 ActiveRecord::Base.send(:include, Strongbox)
102 end
Something went wrong with that request. Please try again.