Class: KmsEncrypted::Clients::Google

Inherits:
Base
  • Object
show all
Defined in:
lib/kms_encrypted/clients/google.rb

Instance Attribute Summary collapse

Attributes inherited from Base

#key_id

Instance Method Summary collapse

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from KmsEncrypted::Clients::Base

Instance Attribute Details

#last_key_versionObject (readonly)

Returns the value of attribute last_key_version.



4
5
6
 
# File 'lib/kms_encrypted/clients/google.rb', line 4

def last_key_version
  @last_key_version
end

Instance Method Details

#decrypt(ciphertext, context: nil) ⇒ Object 



28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/kms_encrypted/clients/google.rb', line 28

def decrypt(ciphertext, context: nil)
  options = {
    ciphertext: ciphertext
  }
  options[:additional_authenticated_data] = generate_context(context) if context

  # ensure namespace gets loaded
  client = KmsEncrypted.google_client

  if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
    request = ::Google::Apis::CloudkmsV1::DecryptRequest.new(**options)
    begin
      client.decrypt_crypto_key(key_id, request).plaintext
    rescue ::Google::Apis::ClientError => e
      decryption_failed! if e.message.include?("Decryption failed")
      raise e
    end
  else
    options[:name] = key_id
    begin
      client.decrypt(**options).plaintext
    rescue ::Google::Cloud::InvalidArgumentError => e
      decryption_failed! if e.message.include?("Decryption failed")
      raise e
    end
  end
end

#encrypt(plaintext, context: nil) ⇒ Object 



6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
 
# File 'lib/kms_encrypted/clients/google.rb', line 6

def encrypt(plaintext, context: nil)
  options = {
    plaintext: plaintext
  }
  options[:additional_authenticated_data] = generate_context(context) if context

  # ensure namespace gets loaded
  client = KmsEncrypted.google_client

  if defined?(::Google::Apis::CloudkmsV1::CloudKMSService) && KmsEncrypted.google_client.is_a?(::Google::Apis::CloudkmsV1::CloudKMSService)
    request = ::Google::Apis::CloudkmsV1::EncryptRequest.new(**options)
    response = client.encrypt_crypto_key(key_id, request)
    @last_key_version = response.name
    response.ciphertext
  else
    options[:name] = key_id
    response = client.encrypt(**options)
    @last_key_version = response.name
    response.ciphertext
  end
end