Module: Chef::EncryptedDataBagItem::Decryptor

Extended by:
Assertions
Defined in:
lib/chef/encrypted_data_bag_item/decryptor.rb

Overview

=== Decryptor For backwards compatibility, Chef implements decryption/deserialization for older encrypted data bag item formats in addition to the current version. Each decryption/deserialization strategy is implemented as a class in this namespace. For convenience the factory method +Decryptor.for()+ can be used to create an instance of the appropriate strategy for the given encrypted data bag value.

Defined Under Namespace

Classes: Version0Decryptor, Version1Decryptor, Version2Decryptor, Version3Decryptor

Class Method Summary collapse

Methods included from Assertions

assert_aead_requirements_met!, assert_format_version_acceptable!, assert_requirements_met!, assert_valid_cipher!

Class Method Details

.for(encrypted_value, key) ⇒ Object

Detects the encrypted data bag item format version and instantiates a decryptor object for that version. Call #for_decrypted_item on the resulting object to decrypt and deserialize it.


44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 44

def self.for(encrypted_value, key)
  format_version = format_version_of(encrypted_value)
  assert_format_version_acceptable!(format_version)
  case format_version
  when 3
    Version3Decryptor.new(encrypted_value, key)
  when 2
    Version2Decryptor.new(encrypted_value, key)
  when 1
    Version1Decryptor.new(encrypted_value, key)
  when 0
    Version0Decryptor.new(encrypted_value, key)
  else
    raise UnsupportedEncryptedDataBagItemFormat,
      "This version of chef does not support encrypted data bag item format version '#{format_version}'"
  end
end

.format_version_of(encrypted_value) ⇒ Object


62
63
64
65
66
67
68
# File 'lib/chef/encrypted_data_bag_item/decryptor.rb', line 62

def self.format_version_of(encrypted_value)
  if encrypted_value.respond_to?(:key?)
    encrypted_value["version"]
  else
    0
  end
end