crypt_keeper 0.4.2 → 0.5.0

data/.gitignore

@@ -16,3 +16,4 @@ test/tmp
 test/version_tmp
 tmp
 spec/debug.log
+spec/database.yml

data/.travis.yml

@@ -4,6 +4,11 @@ gemfile:
   - gemfiles/activerecord_3_0.gemfile
   - gemfiles/activerecord_3_1.gemfile
   - gemfiles/activerecord_3_2.gemfile
+before_script:
+  - cp spec/default.database.yml spec/database.yml
+  - psql -c 'CREATE DATABASE crypt_keeper_providers;' -U postgres
+  - psql crypt_keeper_providers -c 'CREATE EXTENSION IF NOT EXISTS pgcrypto;' -U postgres
+  - mysql -e 'CREATE DATABASE crypt_keeper_providers'
 notifications:
   email:
     recipients:
@@ -13,3 +18,9 @@ notifications:
 rvm:
   - 1.9.2
   - 1.9.3
+  - jruby
+matrix:
+  allow_failures:
+    - rvm: jruby
+env:
+ - JRUBY_OPTS=--1.9

data/README.md

@@ -15,7 +15,7 @@ is a simple class that does 3 things.
 Note: Any options defined using `crypt_keeper` will be passed to `new` as a
 hash.
 
-You can see an AES example [here](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/aes.rb).
+You can see an AES example [here](/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/aes.rb).
 
 ## Why?
 
@@ -50,18 +50,20 @@ update the content without going through the current encryptor.
 ## Creating your own encryptor
 
 Creating your own encryptor is easy. All you have to do is create a class
-under the `CryptKeeperProviders` namespace, like this:
+under the `CryptKeeper::Provider` namespace, like this:
 
 ```ruby
-module CryptKeeperProviders
-  class MyEncryptor
-    def initialize(options = {})
-    end
+module CryptKeeper
+  module Provider
+    class MyEncryptor
+      def initialize(options = {})
+      end
 
-    def encrypt(value)
-    end
+      def encrypt(value)
+      end
 
-    def decrypt(value)
+      def decrypt(value)
+      end
     end
   end
 end
@@ -81,19 +83,21 @@ end
 
 There are two included encryptors.
 
-* [AES](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/aes.rb)
+* [AES](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/aes.rb)
   * Encryption is peformed using AES-256 via OpenSSL.
 
 
-* [MySQL AES](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/mysql_aes.rb)
+* [MySQL AES](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/mysql_aes.rb)
   * Encryption is peformed MySQL's native AES functions.
+  * ActiveRecord logs are [automatically](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/log_subscriber/mysql_aes.rb)
+    filtered for you to protect senitive data from being logged.
 
 
-* [PostgreSQL PGP](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/postgres_pgp.rb).
+* [PostgreSQL PGP](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/provider/postgres_pgp.rb).
   * Encryption is performed using PostgresSQL's native [PGP functions](http://www.postgresql.org/docs/9.1/static/pgcrypto.html).
   * It requires the `pgcrypto` PostgresSQL extension:
     `CREATE EXTENSION IF NOT EXISTS pgcrypto`
-  * ActiveRecord logs are [automatically](https://github.com/jmazzi/crypt_keeper_providers/blob/master/lib/crypt_keeper_providers/postgres_pgp/log_subscriber.rb)
+  * ActiveRecord logs are [automatically](https://github.com/jmazzi/crypt_keeper/blob/master/lib/crypt_keeper/log_subscriber/postgres_pgp.rb)
     filtered for you to protect senitive data from being logged.
 
 ## Requirements

data/crypt_keeper.gemspec

@@ -17,7 +17,6 @@ Gem::Specification.new do |gem|
 
   gem.add_runtime_dependency 'activerecord',           '>= 3.0'
   gem.add_runtime_dependency 'activesupport',          '>= 3.0'
-  gem.add_runtime_dependency 'crypt_keeper_providers', '0.5.2'
   gem.add_runtime_dependency 'appraisal',              '~> 0.4.1'
 
   gem.add_development_dependency 'rspec',       '~> 2.11.0'
@@ -28,7 +27,11 @@ Gem::Specification.new do |gem|
   if RUBY_PLATFORM == 'java'
     gem.add_development_dependency 'jruby-openssl', '~> 0.7.7'
     gem.add_development_dependency 'activerecord-jdbcsqlite3-adapter'
+    gem.add_development_dependency 'activerecord-jdbcpostgresql-adapter'
+    gem.add_development_dependency 'activerecord-jdbcmysql-adapter'
   else
     gem.add_development_dependency 'sqlite3'
+    gem.add_development_dependency 'pg', '~> 0.14.0'
+    gem.add_development_dependency 'mysql2', '~> 0.3.11'
   end
 end

data/gemfiles/activerecord_3_0.gemfile.lock

@@ -5,7 +5,6 @@ PATH
       activerecord (>= 3.0)
       activesupport (>= 3.0)
       appraisal (~> 0.4.1)
-      crypt_keeper_providers (= 0.5.2)
 
 GEM
   remote: https://rubygems.org/
@@ -26,7 +25,6 @@ GEM
       rake
     arel (3.0.2)
     builder (3.0.0)
-    crypt_keeper_providers (0.5.2)
     diff-lcs (1.1.3)
     ffi (1.1.5)
     guard (1.3.2)
@@ -40,6 +38,8 @@ GEM
       rb-fsevent (~> 0.9.1)
       rb-inotify (~> 0.8.8)
     multi_json (1.3.6)
+    mysql2 (0.3.11)
+    pg (0.14.0)
     rake (0.9.2.2)
     rb-fchange (0.0.5)
       ffi
@@ -67,6 +67,8 @@ DEPENDENCIES
   crypt_keeper!
   guard (~> 1.3.0)
   guard-rspec (~> 1.2.0)
+  mysql2 (~> 0.3.11)
+  pg (~> 0.14.0)
   rake (~> 0.9.2.2)
   rspec (~> 2.11.0)
   sqlite3

data/gemfiles/activerecord_3_1.gemfile.lock

@@ -5,7 +5,6 @@ PATH
       activerecord (>= 3.0)
       activesupport (>= 3.0)
       appraisal (~> 0.4.1)
-      crypt_keeper_providers (= 0.5.2)
 
 GEM
   remote: https://rubygems.org/
@@ -26,7 +25,6 @@ GEM
       rake
     arel (3.0.2)
     builder (3.0.0)
-    crypt_keeper_providers (0.5.2)
     diff-lcs (1.1.3)
     ffi (1.1.5)
     guard (1.3.2)
@@ -40,6 +38,8 @@ GEM
       rb-fsevent (~> 0.9.1)
       rb-inotify (~> 0.8.8)
     multi_json (1.3.6)
+    mysql2 (0.3.11)
+    pg (0.14.0)
     rake (0.9.2.2)
     rb-fchange (0.0.5)
       ffi
@@ -67,6 +67,8 @@ DEPENDENCIES
   crypt_keeper!
   guard (~> 1.3.0)
   guard-rspec (~> 1.2.0)
+  mysql2 (~> 0.3.11)
+  pg (~> 0.14.0)
   rake (~> 0.9.2.2)
   rspec (~> 2.11.0)
   sqlite3

data/gemfiles/activerecord_3_2.gemfile.lock

@@ -5,7 +5,6 @@ PATH
       activerecord (>= 3.0)
       activesupport (>= 3.0)
       appraisal (~> 0.4.1)
-      crypt_keeper_providers (= 0.5.2)
 
 GEM
   remote: https://rubygems.org/
@@ -26,7 +25,6 @@ GEM
       rake
     arel (3.0.2)
     builder (3.0.0)
-    crypt_keeper_providers (0.5.2)
     diff-lcs (1.1.3)
     ffi (1.1.5)
     guard (1.3.2)
@@ -40,6 +38,8 @@ GEM
       rb-fsevent (~> 0.9.1)
       rb-inotify (~> 0.8.8)
     multi_json (1.3.6)
+    mysql2 (0.3.11)
+    pg (0.14.0)
     rake (0.9.2.2)
     rb-fchange (0.0.5)
       ffi
@@ -67,6 +67,8 @@ DEPENDENCIES
   crypt_keeper!
   guard (~> 1.3.0)
   guard-rspec (~> 1.2.0)
+  mysql2 (~> 0.3.11)
+  pg (~> 0.14.0)
   rake (~> 0.9.2.2)
   rspec (~> 2.11.0)
   sqlite3

data/lib/crypt_keeper.rb

@@ -1,10 +1,15 @@
+require 'active_record'
+
 require 'crypt_keeper/version'
 require 'crypt_keeper/model'
-require 'active_record'
+
+require 'crypt_keeper/provider/aes'
+require 'crypt_keeper/provider/mysql_aes'
+require 'crypt_keeper/provider/postgres_pgp'
 
 module CryptKeeper
 end
 
-ActiveSupport.on_load(:active_record) do
+ActiveSupport.on_load :active_record do
   include CryptKeeper::Model
 end

data/lib/crypt_keeper/log_subscriber/mysql_aes.rb

@@ -0,0 +1,29 @@
+require 'active_support/concern'
+require 'active_support/lazy_load_hooks'
+
+module CryptKeeper
+  module LogSubscriber
+    module MysqlAes
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method_chain :sql, :mysql_aes
+      end
+
+      # Public: Prevents sensitive data from being logged
+      def sql_with_mysql_aes(event)
+        filter = /(aes_(encrypt|decrypt))\(((.|\n)*?)\)/i
+
+        event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
+          "#{$1}([FILTERED])"
+        end
+
+        sql_without_mysql_aes(event)
+      end
+    end
+  end
+end
+
+ActiveSupport.on_load :active_record do
+  ActiveRecord::LogSubscriber.send :include, CryptKeeper::LogSubscriber::MysqlAes
+end

data/lib/crypt_keeper/log_subscriber/postgres_pgp.rb

@@ -0,0 +1,29 @@
+require 'active_support/concern'
+require 'active_support/lazy_load_hooks'
+
+module CryptKeeper
+  module LogSubscriber
+    module PostgresPgp
+      extend ActiveSupport::Concern
+
+      included do
+        alias_method_chain :sql, :postgres_pgp
+      end
+
+      # Public: Prevents sensitive data from being logged
+      def sql_with_postgres_pgp(event)
+        filter = /(pgp_sym_(encrypt|decrypt))\(((.|\n)*?)\)/i
+
+        event.payload[:sql] = event.payload[:sql].gsub(filter) do |_|
+          "#{$1}([FILTERED])"
+        end
+
+        sql_without_postgres_pgp(event)
+      end
+    end
+  end
+end
+
+ActiveSupport.on_load :active_record do
+  ActiveRecord::LogSubscriber.send :include, CryptKeeper::LogSubscriber::PostgresPgp
+end

data/lib/crypt_keeper/model.rb

@@ -1,6 +1,5 @@
 require 'active_support/concern'
 require 'active_support/core_ext/array/extract_options'
-require 'crypt_keeper_providers'
 
 module CryptKeeper
   module Model
@@ -11,14 +10,18 @@ module CryptKeeper
     # Private: Encrypt each crypt_keeper_fields
     def encrypt_callback
       crypt_keeper_fields.each do |field|
-        self[field] = self.class.encrypt read_attribute(field)
+        if !self[field].nil?
+          self[field] = self.class.encrypt read_attribute(field)
+        end
       end
     end
 
     # Private: Decrypt each crypt_keeper_fields
     def decrypt_callback
       crypt_keeper_fields.each do |field|
-        self[field] = self.class.decrypt read_attribute(field)
+        if !self[field].nil?
+          self[field] = self.class.decrypt read_attribute(field)
+        end
       end
     end
 
@@ -68,7 +71,7 @@ module CryptKeeper
 
       # Private: The encryptor class
       def encryptor_klass
-        @encryptor_klass ||= "CryptKeeperProviders::#{crypt_keeper_encryptor.to_s.camelize}".constantize
+        @encryptor_klass ||= "CryptKeeper::Provider::#{crypt_keeper_encryptor.to_s.camelize}".constantize
       end
 
       # Private: Ensure that the encryptor responds to new

data/lib/crypt_keeper/provider/aes.rb

@@ -0,0 +1,53 @@
+require 'digest/sha2'
+require 'openssl'
+require 'base64'
+
+module CryptKeeper
+  module Provider
+    class Aes
+      SEPARATOR = ":crypt_keeper:"
+
+      # Public: The encryption key
+      attr_accessor :key
+
+      # Public: An instance of  OpenSSL::Cipher::Cipher
+      attr_accessor :aes
+
+      # Public: Initializes the class
+      #
+      #   options - A hash of options. :key is required
+      def initialize(options = {})
+        @aes         = ::OpenSSL::Cipher::Cipher.new("AES-256-CBC")
+        @aes.padding = 1
+
+        key = options.fetch(:key) do
+          raise ArgumentError, "Missing :key"
+        end
+
+        @key = Digest::SHA256.digest(key)
+      end
+
+      # Public: Encrypt a string
+      #
+      # Returns a string
+      def encrypt(value)
+        aes.encrypt
+        aes.key = key
+        iv      = rand.to_s
+        aes.iv  = iv
+        Base64::encode64("#{iv}#{SEPARATOR}#{aes.update(value.to_s) + aes.final}")
+      end
+
+      # Public: Decrypt a string
+      #
+      # Returns a string
+      def decrypt(value)
+        iv, value = Base64::decode64(value.to_s).split(SEPARATOR)
+        aes.decrypt
+        aes.key = key
+        aes.iv  = iv
+        aes.update(value) + aes.final
+      end
+    end
+  end
+end

data/lib/crypt_keeper/provider/mysql_aes.rb

@@ -0,0 +1,40 @@
+require 'crypt_keeper/log_subscriber/mysql_aes'
+
+module CryptKeeper
+  module Provider
+    class MysqlAes
+      attr_accessor :key
+
+      # Public: Initializes the encryptor
+      #
+      #  options - A hash, :key is required
+      def initialize(options = {})
+        @key = options.fetch(:key) do
+          raise ArgumentError, "Missing :key"
+        end
+      end
+
+      # Public: Encrypts a string
+      #
+      # Returns an encrypted string
+      def encrypt(value)
+        escape_and_execute_sql(["SELECT AES_ENCRYPT(?, ?)", value, key]).first
+      end
+
+      # Public: Decrypts a string
+      #
+      # Returns a plaintext string
+      def decrypt(value)
+        escape_and_execute_sql(["SELECT AES_DECRYPT(?, ?)", value, key]).first
+      end
+
+      private
+
+      # Private: Sanitize an sql query and then execute it
+      def escape_and_execute_sql(query)
+        query = ::ActiveRecord::Base.send :sanitize_sql_array, query
+        ::ActiveRecord::Base.connection.execute(query).first
+      end
+    end
+  end
+end

data/lib/crypt_keeper/provider/postgres_pgp.rb

@@ -0,0 +1,40 @@
+require 'crypt_keeper/log_subscriber/postgres_pgp'
+
+module CryptKeeper
+  module Provider
+    class PostgresPgp
+      attr_accessor :key
+
+      # Public: Initializes the encryptor
+      #
+      #  options - A hash, :key is required
+      def initialize(options = {})
+        @key = options.fetch(:key) do
+          raise ArgumentError, "Missing :key"
+        end
+      end
+
+      # Public: Encrypts a string
+      #
+      # Returns an encrypted string
+      def encrypt(value)
+        escape_and_execute_sql(["SELECT pgp_sym_encrypt(?, ?)", value, key])['pgp_sym_encrypt']
+      end
+
+      # Public: Decrypts a string
+      #
+      # Returns a plaintext string
+      def decrypt(value)
+        escape_and_execute_sql(["SELECT pgp_sym_decrypt(?, ?)", value, key])['pgp_sym_decrypt']
+      end
+
+      private
+
+      # Private: Sanitize an sql query and then execute it
+      def escape_and_execute_sql(query)
+        query = ::ActiveRecord::Base.send :sanitize_sql_array, query
+        ::ActiveRecord::Base.connection.execute(query).first
+      end
+    end
+  end
+end

data/lib/crypt_keeper/version.rb

@@ -1,3 +1,3 @@
 module CryptKeeper
-  VERSION = "0.4.2"
+  VERSION = "0.5.0"
 end

data/spec/default.database.yml

@@ -0,0 +1,16 @@
+postgres:
+  adapter: postgresql
+  encoding: utf8
+  reconnect: false
+  database: crypt_keeper_providers
+  pool: 5
+  username: postgres
+  password:
+mysql:
+  adapter: mysql2
+  encoding: utf8
+  reconnect: false
+  database: crypt_keeper_providers
+  pool: 5
+  username: root
+  password:

data/spec/log_subscriber/mysql_aes.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+module CryptKeeperProviders
+  describe MysqlAesLogSubscriber do
+    use_postgres
+
+    subject { ::ActiveRecord::LogSubscriber.new }
+
+    let(:input_query) do
+      "SELECT AES_ENCRYPT('encrypt_value', 'encrypt_key'), AES_ENCRYPT('decrypt_value', 'decrypt_key') FROM DUAL;"
+    end
+
+    let(:output_query) do
+      "SELECT AES_ENCRYPT([FILTERED]), AES_DECRYPT([FILTERED]) FROM DUAL;"
+    end
+
+    it "filters mysql aes functions" do
+      subject.should_receive(:sql_without_mysql_aes) do |event|
+        event.payload[:sql].should == output_query
+      end
+
+      subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: output_query }))
+    end
+  end
+end

data/spec/log_subscriber/postgres_pgp.rb

@@ -0,0 +1,25 @@
+require 'spec_helper'
+
+module CryptKeeperProviders
+  describe PostgresPgpLogSubscriber do
+    use_postgres
+
+    subject { ::ActiveRecord::LogSubscriber.new }
+
+    let(:input_query) do
+      "SELECT pgp_sym_encrypt('encrypt_value', 'encrypt_key'), pgp_sym_decrypt('decrypt_value', 'decrypt_key') FROM DUAL;"
+    end
+
+    let(:output_query) do
+      "SELECT pgp_sym_encrypt([FILTERED]), pgp_sym_decrypt([FILTERED]) FROM DUAL;"
+    end
+
+    it "filters pgp functions" do
+      subject.should_receive(:sql_without_postgres_pgp) do |event|
+        event.payload[:sql].should == output_query
+      end
+
+      subject.sql(ActiveSupport::Notifications::Event.new(:sql, 1, 1, 1, { sql: output_query }))
+    end
+  end
+end

data/spec/model_spec.rb

@@ -2,7 +2,10 @@ require 'spec_helper'
 
 module CryptKeeper
   describe Model do
+    use_sqlite
+
     subject { SensitiveData }
+
     describe "#crypt_keeper" do
       after(:each) do
         subject.instance_variable_set(:@encryptor_klass, nil)
@@ -29,7 +32,7 @@ module CryptKeeper
 
         it "should accept class name (as string) for encryptor option" do
           subject.crypt_keeper :storage, :secret, key1: 1, key2: 2, encryptor: "FakeEncryptor"
-          subject.send(:encryptor_klass).should == CryptKeeperProviders::FakeEncryptor
+          subject.send(:encryptor_klass).should == CryptKeeper::Provider::FakeEncryptor
 
           subject.instance_variable_set(:@encryptor_klass, nil)
         end
@@ -53,6 +56,13 @@ module CryptKeeper
           subject.save!
           subject.storage.should == cipher_text
         end
+
+        it "should not encrypt nil" do
+          subject.storage = nil
+          subject.stub :decrypt_callback
+          subject.save!
+          subject.storage.should be_nil
+        end
       end
 
       describe "#decrypt" do
@@ -62,6 +72,13 @@ module CryptKeeper
           subject.save!
           subject.storage.should == plain_text
         end
+
+        it "should not decrypt nil" do
+          subject.storage = nil
+          subject.stub :encrypt_callback
+          subject.save!
+          subject.storage.should be_nil
+        end
       end
 
       describe "Encrypt & Decrypt" do

data/spec/provider/aes_spec.rb

@@ -0,0 +1,45 @@
+require 'spec_helper'
+
+module CryptKeeper
+  module Provider
+    describe Aes do
+      subject { Aes.new(key: 'cake') }
+
+      describe "#initialize" do
+        let(:hexed_key) do
+          Digest::SHA256.digest('cake')
+        end
+
+        it "should extract the key and digest it" do
+          subject.key.should == hexed_key
+        end
+
+        it "should raise an exception with a missing key" do
+          expect { Aes.new }.to raise_error(ArgumentError, "Missing :key")
+        end
+      end
+
+      describe "#encrypt" do
+        let(:encrypted) do
+          subject.encrypt 'string'
+        end
+
+        it "should encrypt the string" do
+          encrypted.should_not == 'string'
+          encrypted.should_not be_nil
+          encrypted.should_not be_empty
+        end
+      end
+
+      describe "#decrypt" do
+        let(:decrypted) do
+          subject.decrypt "MC41MDk5MjI2NjgxMDI1MDI2OmNyeXB0X2tlZXBlcjpPI/8dCqWXDMVj7Jqs\nuwf/\n"
+        end
+
+        it "should decrypt the string" do
+          decrypted.should == 'string'
+        end
+      end
+    end
+  end
+end

data/spec/provider/mysql_aes_spec.rb

@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+module CryptKeeper
+  module Provider
+    describe MysqlAes do
+      use_mysql
+
+      let(:plain_text) { 'test' }
+
+      # MySQL stores AES encrypted strings in binary which you can't paste
+      # into a spec :). This is a Base64 encoded string of 'test' AES encrypted
+      # by AES_ENCRYPT()
+      let(:cipher_text) do
+        Base64.decode64 "nbKOoWn8kvAw9k/C2Mex6Q==\n"
+      end
+
+      subject { MysqlAes.new key: 'candy' }
+
+      its(:key) { should == 'candy' }
+
+      describe "#initialize" do
+        it "should raise an exception with a missing key" do
+          expect { MysqlAes.new }.to raise_error(ArgumentError, "Missing :key")
+        end
+      end
+
+      describe "#encrypt" do
+        it "should encrypt the string" do
+          subject.encrypt(plain_text).should_not == plain_text
+          subject.encrypt(plain_text).should_not be_empty
+        end
+      end
+
+      describe "#decrypt" do
+        it "should decrypt the string" do
+          subject.decrypt(cipher_text).should == plain_text
+        end
+      end
+    end
+  end
+end

data/spec/provider/postgres_pgp_spec.rb

@@ -0,0 +1,35 @@
+require 'spec_helper'
+
+module CryptKeeper
+  module Provider
+    describe PostgresPgp do
+      use_postgres
+
+      let(:cipher_text) { '\\xc30d0407030283b15f71b6a7d0296cd23501bd2c8fe3c7a56005ff4619527c4291509a78c77a6758cddd2a14acbde589fa10b3e0686865182d3beadaf237b9f928e7ba1810b8' }
+      let(:plain_text) { 'test' }
+
+      subject { PostgresPgp.new key: 'candy' }
+
+      its(:key) { should == 'candy' }
+
+      describe "#initialize" do
+        it "should raise an exception with a missing key" do
+          expect { PostgresPgp.new }.to raise_error(ArgumentError, "Missing :key")
+        end
+      end
+
+      describe "#encrypt" do
+        it "should encrypt the string" do
+          subject.encrypt(plain_text).should_not == plain_text
+          subject.encrypt(plain_text).should_not be_empty
+        end
+      end
+
+      describe "#decrypt" do
+        it "should decrypt the string" do
+          subject.decrypt(cipher_text).should == plain_text
+        end
+      end
+    end
+  end
+end

data/spec/support/active_record.rb

@@ -1,16 +1,50 @@
 require 'active_record'
 require 'logger'
 
-ActiveRecord::Base.establish_connection(:adapter => 'sqlite3', :database => ':memory:')
-ActiveRecord::Base.logger       = Logger.new SPEC_ROOT.join('debug.log').to_s
-ActiveRecord::Migration.verbose = false
-
-ActiveRecord::Schema.define do
-  create_table :sensitive_data, :force => true do |t|
-    t.column :name, :string
-    t.column :storage, :text
-    t.column :secret, :text
+::ActiveRecord::Base.logger = Logger.new SPEC_ROOT.join('debug.log').to_s
+::ActiveRecord::Migration.verbose = false
+
+module CryptKeeper
+  class SensitiveData < ActiveRecord::Base; end
+
+  module ConnectionHelpers
+
+    def use_postgres
+      before :all do
+        ::ActiveRecord::Base.clear_active_connections!
+        config = YAML.load_file SPEC_ROOT.join('database.yml')
+        ::ActiveRecord::Base.establish_connection(config['postgres'])
+      end
+    end
+
+    def use_mysql
+      before :all do
+        ::ActiveRecord::Base.clear_active_connections!
+        config = YAML.load_file SPEC_ROOT.join('database.yml')
+        ::ActiveRecord::Base.establish_connection(config['mysql'])
+      end
+    end
+
+    def use_sqlite
+      before :all do
+        ::ActiveRecord::Base.clear_active_connections!
+        ::ActiveRecord::Base.establish_connection(:adapter => 'sqlite3',
+                                                  :database => ':memory:')
+
+        ::ActiveRecord::Schema.define do
+          create_table :sensitive_data, :force => true do |t|
+            t.column :name, :string
+            t.column :storage, :text
+            t.column :secret, :text
+          end
+        end
+      end
+    end
+
   end
 end
 
-class SensitiveData < ActiveRecord::Base; end
+
+RSpec.configure do |config|
+  config.extend CryptKeeper::ConnectionHelpers
+end

data/spec/support/encryptors.rb

@@ -1,26 +1,29 @@
 # A fake class that does no encryption
-module CryptKeeperProviders
-  class FakeEncryptor
-    def initialize(*args)
+module CryptKeeper
+  module Provider
+    class FakeEncryptor
+      def initialize(*args)
+      end
     end
   end
 end
 
 # This class embeds the passphrase in the beginning of the string
 # and then reverses the 'plaintext'
-module CryptKeeperProviders
-  class Encryptor
-    def initialize(options = {})
-      @passphrase = options[:passphrase]
-    end
+module CryptKeeper
+  module Provider
+    class Encryptor
+      def initialize(options = {})
+        @passphrase = options[:passphrase]
+      end
 
-    def encrypt(data)
-      @passphrase + data.reverse
-    end
+      def encrypt(data)
+        @passphrase + data.reverse
+      end
 
-    def decrypt(data)
-      data.sub(/^#{@passphrase}/, '').reverse
+      def decrypt(data)
+        data.sub(/^#{@passphrase}/, '').reverse
+      end
     end
   end
 end
-

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: crypt_keeper
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-08-31 00:00:00.000000000 Z
+date: 2012-09-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activerecord
@@ -43,22 +43,6 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: crypt_keeper_providers
-  requirement: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.5.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    none: false
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.5.2
 - !ruby/object:Gem::Dependency
   name: appraisal
   requirement: !ruby/object:Gem::Requirement
@@ -155,6 +139,38 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: pg
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: mysql2
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.11
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.11
 description: Transparent encryption for ActiveRecord that isn't over-engineered
 email:
 - jmazzi@gmail.com
@@ -179,9 +195,20 @@ files:
 - gemfiles/activerecord_3_2.gemfile
 - gemfiles/activerecord_3_2.gemfile.lock
 - lib/crypt_keeper.rb
+- lib/crypt_keeper/log_subscriber/mysql_aes.rb
+- lib/crypt_keeper/log_subscriber/postgres_pgp.rb
 - lib/crypt_keeper/model.rb
+- lib/crypt_keeper/provider/aes.rb
+- lib/crypt_keeper/provider/mysql_aes.rb
+- lib/crypt_keeper/provider/postgres_pgp.rb
 - lib/crypt_keeper/version.rb
+- spec/default.database.yml
+- spec/log_subscriber/mysql_aes.rb
+- spec/log_subscriber/postgres_pgp.rb
 - spec/model_spec.rb
+- spec/provider/aes_spec.rb
+- spec/provider/mysql_aes_spec.rb
+- spec/provider/postgres_pgp_spec.rb
 - spec/spec_helper.rb
 - spec/support/active_record.rb
 - spec/support/encryptors.rb
@@ -199,7 +226,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3079739714190142337
+      hash: 777875145635862709
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
@@ -208,7 +235,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
       segments:
       - 0
-      hash: 3079739714190142337
+      hash: 777875145635862709
 requirements: []
 rubyforge_project: 
 rubygems_version: 1.8.23
@@ -216,7 +243,13 @@ signing_key:
 specification_version: 3
 summary: Transparent encryption for ActiveRecord that isn't over-engineered
 test_files:
+- spec/default.database.yml
+- spec/log_subscriber/mysql_aes.rb
+- spec/log_subscriber/postgres_pgp.rb
 - spec/model_spec.rb
+- spec/provider/aes_spec.rb
+- spec/provider/mysql_aes_spec.rb
+- spec/provider/postgres_pgp_spec.rb
 - spec/spec_helper.rb
 - spec/support/active_record.rb
 - spec/support/encryptors.rb