mack-encryption 0.8.1 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/gems/ezcrypto-0.7/lib/active_crypto.rb +313 -0
- data/lib/gems/ezcrypto-0.7/lib/ezcrypto.rb +592 -0
- data/lib/gems/ezcrypto-0.7/lib/ezsig.rb +535 -0
- data/lib/gems/ezcrypto-0.7/lib/trusted.pem +2304 -0
- data/lib/gems.rb +18 -0
- data/lib/mack-encryption.rb +3 -0
- metadata +20 -16
@@ -0,0 +1,313 @@
|
|
1
|
+
require "ezcrypto.rb"
|
2
|
+
module ActiveCrypto # :nodoc:
|
3
|
+
|
4
|
+
def self.append_features(base) #:nodoc:
|
5
|
+
super
|
6
|
+
base.extend(ClassMethods)
|
7
|
+
end
|
8
|
+
|
9
|
+
=begin rdoc
|
10
|
+
|
11
|
+
Usage is very simple. You will generally only need the two class methods listed here in your ActiveRecord class model.
|
12
|
+
|
13
|
+
== License
|
14
|
+
|
15
|
+
ActiveCrypto and EzCrypto are released under the MIT license.
|
16
|
+
|
17
|
+
|
18
|
+
== Support
|
19
|
+
|
20
|
+
To contact the author, send mail to pelleb@gmail.com
|
21
|
+
|
22
|
+
Also see my blogs at:
|
23
|
+
http://stakeventures.com and
|
24
|
+
http://neubia.com
|
25
|
+
|
26
|
+
This project was based on code used in my project StakeItOut, where you can securely share web services with your partners.
|
27
|
+
https://stakeitout.com
|
28
|
+
|
29
|
+
(C) 2005 Pelle Braendgaard
|
30
|
+
|
31
|
+
=end
|
32
|
+
module ClassMethods
|
33
|
+
@@session_keys={}
|
34
|
+
|
35
|
+
=begin rdoc
|
36
|
+
Turn encryption on for this record. List all encrypted attributes
|
37
|
+
|
38
|
+
class Document < ActiveRecord::Base
|
39
|
+
encrypt :title,:body
|
40
|
+
end
|
41
|
+
|
42
|
+
Include optional option :key, to specify an external KeyHolder, which holds the key used for encrypting and decrypting:
|
43
|
+
|
44
|
+
class Document < ActiveRecord::Base
|
45
|
+
belongs_to :user
|
46
|
+
encrypt :title,:body,:key=>:user
|
47
|
+
end
|
48
|
+
|
49
|
+
=end
|
50
|
+
def encrypt(*attributes)
|
51
|
+
include ActiveCrypto::Encrypted
|
52
|
+
before_save :encrypt_attributes
|
53
|
+
after_save :decrypt_attributes
|
54
|
+
options=attributes.last.is_a?(Hash) ? attributes.pop : {}
|
55
|
+
keyholder
|
56
|
+
if options and options[:key]
|
57
|
+
module_eval <<-"end;"
|
58
|
+
def session_key
|
59
|
+
(send :#{options[:key]} ).send :session_key
|
60
|
+
end
|
61
|
+
@@external_key=true
|
62
|
+
end;
|
63
|
+
end
|
64
|
+
self.encrypted_attributes=attributes
|
65
|
+
end
|
66
|
+
|
67
|
+
=begin rdoc
|
68
|
+
Creates support in this class for holding a key. Adds the following methods:
|
69
|
+
|
70
|
+
* enter_password(password,salt="onetwothree")
|
71
|
+
* set_session_key(key)
|
72
|
+
* session_key
|
73
|
+
|
74
|
+
Use it as follows:
|
75
|
+
|
76
|
+
class User < ActiveRecord::Base
|
77
|
+
has_many :documents
|
78
|
+
keyholder
|
79
|
+
end
|
80
|
+
|
81
|
+
=end
|
82
|
+
def keyholder()
|
83
|
+
include ActiveCrypto::AssociationKeyHolder
|
84
|
+
after_create :save_session_key
|
85
|
+
end
|
86
|
+
|
87
|
+
=begin rdoc
|
88
|
+
Clears the session_key array. Generally this is handled automatically as a filter in ActionController. Only use these if you need to
|
89
|
+
do something out of the ordinary.
|
90
|
+
=end
|
91
|
+
def clear_session_keys() #:nodoc:
|
92
|
+
@@session_keys.clear
|
93
|
+
end
|
94
|
+
|
95
|
+
=begin rdoc
|
96
|
+
Sets the session_keys array. Only use these if you need to
|
97
|
+
do something out of the ordinary, as it is handled
|
98
|
+
=end
|
99
|
+
def session_keys=(keys) #:nodoc:
|
100
|
+
@@session_keys=keys
|
101
|
+
end
|
102
|
+
|
103
|
+
def session_keys() #:nodoc:
|
104
|
+
@@session_keys
|
105
|
+
end
|
106
|
+
|
107
|
+
end
|
108
|
+
|
109
|
+
=begin rdoc
|
110
|
+
This module handles all standard key management features.
|
111
|
+
=end
|
112
|
+
module KeyHolder
|
113
|
+
|
114
|
+
=begin rdoc
|
115
|
+
Creates a key for object based on given password and an optional salt.
|
116
|
+
=end
|
117
|
+
def enter_password(password,salt="onetwothree")
|
118
|
+
set_session_key(EzCrypto::Key.with_password(password, salt))
|
119
|
+
end
|
120
|
+
|
121
|
+
=begin rdoc
|
122
|
+
Decodes the Base64 encoded key and uses it as it's session key
|
123
|
+
=end
|
124
|
+
def set_encoded_key(enc)
|
125
|
+
set_session_key(EzCrypto::Key.decode(enc))
|
126
|
+
end
|
127
|
+
=begin rdoc
|
128
|
+
Sets a session key for the object. This should be a EzCrypto::Key instance.
|
129
|
+
=end
|
130
|
+
def set_session_key(key)
|
131
|
+
@session_key=key
|
132
|
+
self.decrypt_attributes if self.class.include? Encrypted
|
133
|
+
end
|
134
|
+
|
135
|
+
=begin rdoc
|
136
|
+
Returns the session_key
|
137
|
+
=end
|
138
|
+
def session_key
|
139
|
+
@session_key
|
140
|
+
end
|
141
|
+
|
142
|
+
end
|
143
|
+
|
144
|
+
module AssociationKeyHolder
|
145
|
+
include ActiveCrypto::KeyHolder
|
146
|
+
|
147
|
+
|
148
|
+
def save_session_key
|
149
|
+
ActiveRecord::Base.session_keys[session_key_id]=@session_key if @session_key
|
150
|
+
end
|
151
|
+
=begin rdoc
|
152
|
+
Sets a session key for the object. This should be a EzCrypto::Key instance.
|
153
|
+
=end
|
154
|
+
def set_session_key(key)
|
155
|
+
if self.new_record?
|
156
|
+
@session_key=key
|
157
|
+
else
|
158
|
+
ActiveRecord::Base.session_keys[session_key_id]=key
|
159
|
+
end
|
160
|
+
decrypt_attributes if self.class.include? Encrypted #if respond_to?(:decrypt_attributes)
|
161
|
+
|
162
|
+
end
|
163
|
+
|
164
|
+
=begin rdoc
|
165
|
+
Returns the session_key
|
166
|
+
=end
|
167
|
+
def session_key
|
168
|
+
if self.new_record?
|
169
|
+
@session_key
|
170
|
+
else
|
171
|
+
ActiveRecord::Base.session_keys[session_key_id]
|
172
|
+
end
|
173
|
+
end
|
174
|
+
|
175
|
+
|
176
|
+
|
177
|
+
def session_key_id
|
178
|
+
"#{self.class.to_s}:#{id}"
|
179
|
+
end
|
180
|
+
|
181
|
+
end
|
182
|
+
|
183
|
+
module Encrypted #:nodoc:
|
184
|
+
def self.append_features(base) #:nodoc:
|
185
|
+
super
|
186
|
+
base.extend ClassAccessors
|
187
|
+
end
|
188
|
+
|
189
|
+
module ClassAccessors
|
190
|
+
def encrypted_attributes
|
191
|
+
@encrypted_attributes||=[]
|
192
|
+
end
|
193
|
+
|
194
|
+
def encrypted_attributes=(attrs)
|
195
|
+
@encrypted_attributes=attrs
|
196
|
+
end
|
197
|
+
|
198
|
+
end
|
199
|
+
|
200
|
+
protected
|
201
|
+
|
202
|
+
def encrypt_attributes
|
203
|
+
if !is_encrypted?
|
204
|
+
self.class.encrypted_attributes.each do |key|
|
205
|
+
value=read_attribute(key)
|
206
|
+
write_attribute(key,_encrypt(value)) if value
|
207
|
+
end
|
208
|
+
@is_encrypted=true
|
209
|
+
end
|
210
|
+
true
|
211
|
+
end
|
212
|
+
|
213
|
+
def decrypt_attributes
|
214
|
+
if is_encrypted?
|
215
|
+
self.class.encrypted_attributes.each do |key|
|
216
|
+
value=read_attribute(key)
|
217
|
+
write_attribute(key,_decrypt(value)) if value
|
218
|
+
end
|
219
|
+
@is_encrypted=false
|
220
|
+
end
|
221
|
+
true
|
222
|
+
end
|
223
|
+
|
224
|
+
def after_find
|
225
|
+
@is_encrypted=true
|
226
|
+
decrypt_attributes unless session_key.nil?
|
227
|
+
end
|
228
|
+
|
229
|
+
private
|
230
|
+
def is_encrypted?
|
231
|
+
@is_encrypted
|
232
|
+
end
|
233
|
+
|
234
|
+
def _decrypt(data)
|
235
|
+
if session_key.nil?
|
236
|
+
raise MissingKeyError
|
237
|
+
else
|
238
|
+
if data
|
239
|
+
session_key.decrypt(data)
|
240
|
+
else
|
241
|
+
nil
|
242
|
+
end
|
243
|
+
end
|
244
|
+
end
|
245
|
+
|
246
|
+
def _encrypt(data)
|
247
|
+
if session_key.nil?
|
248
|
+
raise MissingKeyError
|
249
|
+
else
|
250
|
+
if data
|
251
|
+
session_key.encrypt(data)
|
252
|
+
else
|
253
|
+
nil
|
254
|
+
end
|
255
|
+
end
|
256
|
+
end
|
257
|
+
|
258
|
+
end
|
259
|
+
|
260
|
+
|
261
|
+
module ActionController # :nodoc:
|
262
|
+
=begin rdoc
|
263
|
+
This includes some basic support in the ActionController for handling session keys. It creates two filters one before the action and one after.
|
264
|
+
These do the following:
|
265
|
+
|
266
|
+
If the users session already has a 'session_keys' value it loads it into the ActiveRecord::Base.session_keys class field. If not it
|
267
|
+
clears any existing session_keys.
|
268
|
+
|
269
|
+
Leaving the action it stores any session_keys in the corresponding session variable.
|
270
|
+
|
271
|
+
These filters are automatically enabled. You do not have to do anything.
|
272
|
+
|
273
|
+
To manually clear the session keys call clear_session_keys. This should be done for example as part of a session log off action.
|
274
|
+
=end
|
275
|
+
def self.append_features(base) #:nodoc:
|
276
|
+
super
|
277
|
+
base.send :prepend_before_filter, :load_session_keys
|
278
|
+
base.send :prepend_after_filter, :save_session_keys
|
279
|
+
end
|
280
|
+
|
281
|
+
=begin rdoc
|
282
|
+
Clears the session keys. Call this when a user logs of.
|
283
|
+
=end
|
284
|
+
def clear_session_keys
|
285
|
+
ActiveRecord::Base.clear_session_keys
|
286
|
+
end
|
287
|
+
|
288
|
+
|
289
|
+
private
|
290
|
+
def load_session_keys
|
291
|
+
if session['session_keys']
|
292
|
+
ActiveRecord::Base.session_keys=session['session_keys']
|
293
|
+
else
|
294
|
+
ActiveRecord::Base.clear_session_keys
|
295
|
+
end
|
296
|
+
end
|
297
|
+
|
298
|
+
def save_session_keys
|
299
|
+
if ActiveRecord::Base.session_keys.size>0
|
300
|
+
session['session_keys']=ActiveRecord::Base.session_keys
|
301
|
+
else
|
302
|
+
session['session_keys']=nil
|
303
|
+
end
|
304
|
+
end
|
305
|
+
|
306
|
+
|
307
|
+
end
|
308
|
+
|
309
|
+
class MissingKeyError < RuntimeError
|
310
|
+
end
|
311
|
+
end
|
312
|
+
ActiveRecord::Base.send :include, ActiveCrypto
|
313
|
+
ActionController::Base.send :include, ActiveCrypto::ActionController
|