Module: Chef::EncryptedDataBagItem::Assertions

Included in:
Decryptor, Decryptor::Version0Decryptor, Encryptor::Version1Encryptor, Encryptor::Version3Encryptor
Defined in:
lib/chef/encrypted_data_bag_item/assertions.rb,
lib/chef/encrypted_data_bag_item/encrypted_data_bag_item_assertions.rb

Instance Method Summary collapse

Instance Method Details

#assert_aead_requirements_met!(algorithm) ⇒ Object



46
47
48
49
50
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 46

def assert_aead_requirements_met!(algorithm)
  unless OpenSSL::Cipher.ciphers.include?(algorithm)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support"
  end
end

#assert_format_version_acceptable!(format_version) ⇒ Object



29
30
31
32
33
34
35
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 29

def assert_format_version_acceptable!(format_version)
  unless format_version.is_a?(Integer) && format_version >= Chef::Config[:data_bag_decrypt_minimum_version]
    raise UnacceptableEncryptedDataBagItemFormat,
      "The encrypted data bag item has format version `#{format_version}', " +
        "but the config setting 'data_bag_decrypt_minimum_version' requires version `#{Chef::Config[:data_bag_decrypt_minimum_version]}'"
  end
end

#assert_requirements_met!Object



26
27
28
29
30
31
32
33
# File 'lib/chef/encrypted_data_bag_item/encrypted_data_bag_item_assertions.rb', line 26

def assert_requirements_met!
  unless OpenSSL::Cipher.method_defined?(:auth_data=)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires Ruby >= 2.0"
  end
  unless OpenSSL::Cipher.ciphers.include?(algorithm)
    raise EncryptedDataBagRequirementsFailure, "The used Encrypted Data Bags version requires an OpenSSL version with \"#{algorithm}\" algorithm support"
  end
end

#assert_valid_cipher!(requested_cipher, algorithm) ⇒ Object



37
38
39
40
41
42
43
44
# File 'lib/chef/encrypted_data_bag_item/assertions.rb', line 37

def assert_valid_cipher!(requested_cipher, algorithm)
  # In the future, chef may support configurable ciphers. For now, only
  # aes-256-cbc and aes-256-gcm are supported.
  unless requested_cipher == algorithm
    raise UnsupportedCipher,
      "Cipher '#{requested_cipher}' is not supported by this version of Chef. Available ciphers: ['#{ALGORITHM}', '#{AEAD_ALGORITHM}']"
  end
end