Class: Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor
- Inherits:
-
Version1Decryptor
- Object
- Version0Decryptor
- Version1Decryptor
- Chef::EncryptedDataBagItem::Decryptor::Version2Decryptor
- Defined in:
- lib/chef/encrypted_data_bag_item/decryptor.rb
Instance Attribute Summary
Attributes inherited from Version1Decryptor
Attributes inherited from Version0Decryptor
Instance Method Summary collapse
Methods inherited from Version1Decryptor
#encrypted_bytes, #for_decrypted_item, #initialize, #iv, #openssl_decryptor
Methods inherited from Version0Decryptor
#algorithm, #encrypted_bytes, #for_decrypted_item, #initialize, #openssl_decryptor
Methods included from Assertions
#assert_aead_requirements_met!, #assert_format_version_acceptable!, #assert_requirements_met!, #assert_valid_cipher!
Constructor Details
This class inherits a constructor from Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor
Instance Method Details
#decrypted_data ⇒ Object
171 172 173 174 |
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 171 def decrypted_data validate_hmac! unless @decrypted_data super end |
#validate_hmac! ⇒ Object
176 177 178 179 180 181 182 183 184 185 |
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 176 def validate_hmac! digest = OpenSSL::Digest.new("sha256") raw_hmac = OpenSSL::HMAC.digest(digest, key, @encrypted_data["encrypted_data"]) if candidate_hmac_matches?(raw_hmac) true else raise DecryptionFailure, "Error decrypting data bag value: invalid hmac. Most likely the provided key is incorrect" end end |