class Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
Attributes
encrypted_data[R]
key[R]
Public Class Methods
new(encrypted_data, key)
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 118 def initialize(encrypted_data, key) @encrypted_data = encrypted_data @key = key end
Public Instance Methods
assert_valid_cipher!()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 160 def assert_valid_cipher! # In the future, chef may support configurable ciphers. For now, only # aes-256-cbc is supported. requested_cipher = @encrypted_data["cipher"] unless requested_cipher == ALGORITHM raise UnsupportedCipher, "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}']" end end
decrypted_data()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 140 def decrypted_data @decrypted_data ||= begin plaintext = openssl_decryptor.update(encrypted_bytes) plaintext << openssl_decryptor.final rescue OpenSSL::Cipher::CipherError => e raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect" end end
encrypted_bytes()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 132 def encrypted_bytes Base64.decode64(@encrypted_data["encrypted_data"]) end
for_decrypted_item()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 123 def for_decrypted_item FFI_Yajl::Parser.parse(decrypted_data)["json_wrapper"] rescue FFI_Yajl::ParseError # convert to a DecryptionFailure error because the most likely scenario # here is that the decryption step was unsuccessful but returned bad # data rather than raising an error. raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect" end
iv()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 136 def iv Base64.decode64(@encrypted_data["iv"]) end
openssl_decryptor()
click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 149 def openssl_decryptor @openssl_decryptor ||= begin assert_valid_cipher! d = OpenSSL::Cipher::Cipher.new(ALGORITHM) d.decrypt d.key = Digest::SHA256.digest(key) d.iv = iv d end end