Class: Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
Instance Attribute Summary collapse
Instance Method Summary
collapse
#algorithm
Methods included from Assertions
#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!
Constructor Details
#initialize(encrypted_data, key) ⇒ Version1Decryptor
Returns a new instance of Version1Decryptor.
119
120
121
122
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 119
def initialize(encrypted_data, key)
@encrypted_data = encrypted_data
@key = key
end
|
Instance Attribute Details
#encrypted_data ⇒ Object
Returns the value of attribute encrypted_data.
116
117
118
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 116
def encrypted_data
@encrypted_data
end
|
#key ⇒ Object
Returns the value of attribute key.
117
118
119
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 117
def key
@key
end
|
Instance Method Details
#decrypted_data ⇒ Object
141
142
143
144
145
146
147
148
149
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 141
def decrypted_data
@decrypted_data ||= begin
plaintext = openssl_decryptor.update(encrypted_bytes)
plaintext << openssl_decryptor.final
rescue OpenSSL::Cipher::CipherError => e
raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{ ( @key.length < 255 && @key.include?('/')) ? 'You may need to use --secret-file rather than --secret.' : '' }"
end
end
|
#encrypted_bytes ⇒ Object
133
134
135
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 133
def encrypted_bytes
Base64.decode64(@encrypted_data["encrypted_data"])
end
|
#for_decrypted_item ⇒ Object
124
125
126
127
128
129
130
131
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 124
def for_decrypted_item
Chef::JSONCompat.parse(decrypted_data)["json_wrapper"]
rescue Chef::Exceptions::JSON::ParseError
raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
end
|
#iv ⇒ Object
137
138
139
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 137
def iv
Base64.decode64(@encrypted_data["iv"])
end
|
#openssl_decryptor ⇒ Object
151
152
153
154
155
156
157
158
159
160
161
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 151
def openssl_decryptor
@openssl_decryptor ||= begin
assert_valid_cipher!(@encrypted_data["cipher"], algorithm)
d = OpenSSL::Cipher.new(algorithm)
d.decrypt
d.key = OpenSSL::Digest::SHA256.digest(key)
d.iv = iv
d
end
end
|