Class: KmsRails::Core

Inherits:

Object

• Object
• KmsRails::Core

Defined in:

lib/kms_rails/core.rb

Instance Attribute Summary

• #context_key ⇒ Object readonly

  Returns the value of attribute context_key.

• #context_value ⇒ Object readonly

  Returns the value of attribute context_value.

Class Method Summary

• .from64(data_obj) ⇒ Object
• .shred_string(str) ⇒ Object
• .to64(data_obj) ⇒ Object

Instance Method Summary

• #decrypt(data_obj) ⇒ Object
• #decrypt64(data_obj) ⇒ Object
• #encrypt(data) ⇒ Object
• #encrypt64(data) ⇒ Object
• #initialize(key_id:, msgpack: false, context_key: nil, context_value: nil) ⇒ Core constructor

  A new instance of Core.

• #key_id ⇒ Object

Constructor Details

#initialize(key_id:, msgpack: false, context_key: nil, context_value: nil) ⇒ Core

Returns a new instance of Core.

# File 'lib/kms_rails/core.rb', line 11

def initialize(key_id:, msgpack: false, context_key: nil, context_value: nil)
  @base_key_id = key_id
  @context_key = context_key
  @context_value = context_value
  @msgpack = msgpack
end

Instance Attribute Details

#context_key ⇒ Object (readonly)

Returns the value of attribute context_key.

# File 'lib/kms_rails/core.rb', line 9

def context_key
  @context_key
end

#context_value ⇒ Object (readonly)

Returns the value of attribute context_value.

# File 'lib/kms_rails/core.rb', line 9

def context_value
  @context_value
end

Class Method Details

.from64(data_obj) ⇒ Object

# File 'lib/kms_rails/core.rb', line 83

def self.from64(data_obj)
  return nil if data_obj.nil?
  data_obj.map { |k,v| [k, Base64.strict_decode64(v)] }.to_h
end

.shred_string(str) ⇒ Object

# File 'lib/kms_rails/core.rb', line 73

def self.shred_string(str)
  str.force_encoding('BINARY')
  str.tr!("\0-\xff".b, "\0".b)
end

.to64(data_obj) ⇒ Object

# File 'lib/kms_rails/core.rb', line 78

def self.to64(data_obj)
  return nil if data_obj.nil?
  data_obj.map { |k,v| [k, Base64.strict_encode64(v)] }.to_h
end

Instance Method Details

#decrypt(data_obj) ⇒ Object

# File 'lib/kms_rails/core.rb', line 40

def decrypt(data_obj)
  return nil if data_obj.nil?

  decrypted = decrypt_attr(
    data_obj['blob'],
    aws_decrypt_key(data_obj['key']),
    data_obj['iv']
  )

  decrypted = MessagePack.unpack(decrypted) if @msgpack
  decrypted
end

#decrypt64(data_obj) ⇒ Object

# File 'lib/kms_rails/core.rb', line 53

def decrypt64(data_obj)
  return nil if data_obj.nil?
  decrypt( self.class.from64(data_obj) )
end

#encrypt(data) ⇒ Object

# File 'lib/kms_rails/core.rb', line 18

def encrypt(data)
  return nil if data.nil?

  data_key = aws_generate_data_key(key_id)
  data = data.to_msgpack if @msgpack
  encrypted = encrypt_attr(data, data_key.plaintext)

  self.class.shred_string(data_key.plaintext)
  data_key.plaintext = nil

  {
    'key' => data_key.ciphertext_blob,
    'iv' => encrypted[:iv],
    'blob' => encrypted[:data]
  }
end

#encrypt64(data) ⇒ Object

# File 'lib/kms_rails/core.rb', line 35

def encrypt64(data)
  return nil if data.nil?
  self.class.to64(encrypt(data))
end

#key_id ⇒ Object

# File 'lib/kms_rails/core.rb', line 58

def key_id
  case @base_key_id
  when Proc
    @base_key_id.call
  when String
    if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias
      @base_key_id
    else
      'alias/' + KmsRails.configuration.alias_prefix + @base_key_id
    end
  else
    raise RuntimeError, 'Only Proc and String arguments are supported'
  end
end