Class: KmsRails::Core
- Inherits:
-
Object
- Object
- KmsRails::Core
- Defined in:
- lib/kms_rails/core.rb
Instance Attribute Summary collapse
-
#context_key ⇒ Object
readonly
Returns the value of attribute context_key.
-
#context_value ⇒ Object
readonly
Returns the value of attribute context_value.
Class Method Summary collapse
Instance Method Summary collapse
- #decrypt(data_obj) ⇒ Object
- #decrypt64(data_obj) ⇒ Object
- #encrypt(data) ⇒ Object
- #encrypt64(data) ⇒ Object
-
#initialize(key_id:, msgpack: false, context_key: nil, context_value: nil) ⇒ Core
constructor
A new instance of Core.
- #key_id ⇒ Object
Constructor Details
#initialize(key_id:, msgpack: false, context_key: nil, context_value: nil) ⇒ Core
Returns a new instance of Core.
11 12 13 14 15 16 |
# File 'lib/kms_rails/core.rb', line 11 def initialize(key_id:, msgpack: false, context_key: nil, context_value: nil) @base_key_id = key_id @context_key = context_key @context_value = context_value @msgpack = msgpack end |
Instance Attribute Details
#context_key ⇒ Object (readonly)
Returns the value of attribute context_key.
9 10 11 |
# File 'lib/kms_rails/core.rb', line 9 def context_key @context_key end |
#context_value ⇒ Object (readonly)
Returns the value of attribute context_value.
9 10 11 |
# File 'lib/kms_rails/core.rb', line 9 def context_value @context_value end |
Class Method Details
.from64(data_obj) ⇒ Object
83 84 85 86 |
# File 'lib/kms_rails/core.rb', line 83 def self.from64(data_obj) return nil if data_obj.nil? data_obj.map { |k,v| [k, Base64.strict_decode64(v)] }.to_h end |
.shred_string(str) ⇒ Object
73 74 75 76 |
# File 'lib/kms_rails/core.rb', line 73 def self.shred_string(str) str.force_encoding('BINARY') str.tr!("\0-\xff".b, "\0".b) end |
.to64(data_obj) ⇒ Object
78 79 80 81 |
# File 'lib/kms_rails/core.rb', line 78 def self.to64(data_obj) return nil if data_obj.nil? data_obj.map { |k,v| [k, Base64.strict_encode64(v)] }.to_h end |
Instance Method Details
#decrypt(data_obj) ⇒ Object
40 41 42 43 44 45 46 47 48 49 50 51 |
# File 'lib/kms_rails/core.rb', line 40 def decrypt(data_obj) return nil if data_obj.nil? decrypted = decrypt_attr( data_obj['blob'], aws_decrypt_key(data_obj['key']), data_obj['iv'] ) decrypted = MessagePack.unpack(decrypted) if @msgpack decrypted end |
#decrypt64(data_obj) ⇒ Object
53 54 55 56 |
# File 'lib/kms_rails/core.rb', line 53 def decrypt64(data_obj) return nil if data_obj.nil? decrypt( self.class.from64(data_obj) ) end |
#encrypt(data) ⇒ Object
18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# File 'lib/kms_rails/core.rb', line 18 def encrypt(data) return nil if data.nil? data_key = aws_generate_data_key(key_id) data = data.to_msgpack if @msgpack encrypted = encrypt_attr(data, data_key.plaintext) self.class.shred_string(data_key.plaintext) data_key.plaintext = nil { 'key' => data_key.ciphertext_blob, 'iv' => encrypted[:iv], 'blob' => encrypted[:data] } end |
#encrypt64(data) ⇒ Object
35 36 37 38 |
# File 'lib/kms_rails/core.rb', line 35 def encrypt64(data) return nil if data.nil? self.class.to64(encrypt(data)) end |
#key_id ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/kms_rails/core.rb', line 58 def key_id case @base_key_id when Proc @base_key_id.call when String if @base_key_id =~ /\A\w{8}-\w{4}-\w{4}-\w{4}-\w{12}\z/ || @base_key_id.start_with?('alias/') # if UUID or direct alias @base_key_id else 'alias/' + KmsRails.configuration.alias_prefix + @base_key_id end else raise RuntimeError, 'Only Proc and String arguments are supported' end end |