Class: Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
Instance Attribute Summary collapse
Instance Method Summary
collapse
#algorithm
Methods included from Assertions
#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!
Constructor Details
#initialize(encrypted_data, key) ⇒ Version1Decryptor
Returns a new instance of Version1Decryptor.
121
122
123
124
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 121
def initialize(encrypted_data, key)
@encrypted_data = encrypted_data
@key = key
end
|
Instance Attribute Details
#encrypted_data ⇒ Object
Returns the value of attribute encrypted_data.
118
119
120
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 118
def encrypted_data
@encrypted_data
end
|
#key ⇒ Object
Returns the value of attribute key.
119
120
121
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 119
def key
@key
end
|
Instance Method Details
#decrypted_data ⇒ Object
143
144
145
146
147
148
149
150
151
152
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 143
def decrypted_data
@decrypted_data ||=
begin
plaintext = openssl_decryptor.update(encrypted_bytes)
plaintext << openssl_decryptor.final
rescue OpenSSL::Cipher::CipherError => e
raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{( @key.length < 255 && @key.include?("/")) ? "You may need to use --secret-file rather than --secret." : ""}"
end
end
|
#encrypted_bytes ⇒ Object
135
136
137
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 135
def encrypted_bytes
Base64.decode64(@encrypted_data["encrypted_data"])
end
|
#for_decrypted_item ⇒ Object
126
127
128
129
130
131
132
133
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 126
def for_decrypted_item
Chef::JSONCompat.parse(decrypted_data)["json_wrapper"]
rescue Chef::Exceptions::JSON::ParseError
raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
end
|
#iv ⇒ Object
139
140
141
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 139
def iv
Base64.decode64(@encrypted_data["iv"])
end
|
#openssl_decryptor ⇒ Object
154
155
156
157
158
159
160
161
162
163
164
165
|
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 154
def openssl_decryptor
@openssl_decryptor ||=
begin
assert_valid_cipher!(@encrypted_data["cipher"], algorithm)
d = OpenSSL::Cipher.new(algorithm)
d.decrypt
d.key = OpenSSL::Digest::SHA256.digest(key)
d.iv = iv
d
end
end
|