ork-encryption 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 0d98c6c7652d8bf6ceb94c40a8f32d2dce5135fc
+  data.tar.gz: 08b286150cdc8a6582d92fa6357811d643e30b57
+SHA512:
+  metadata.gz: f10fc38e89d28c5a551013e99b3e5ffe04fb63a02a37865ae7e9add307030d871fc82eb15122171da33e9344e83b8153ab4d424da431976969e1c0151b3d7dff
+  data.tar.gz: c1ef9588c03f0abc78498ad8b5d20bb9e428f219ae8510bd9e0212483530b443af2389e832d93e2e3b9fe4429f216185768d98b3f0942ccd2bfff87944999d2c

data/README.md

@@ -0,0 +1,4 @@
+ork-encryption
+==============
+
+The ork-encryption gem provides encryption and decryption for Ork models.

data/lib/ork/cipher.rb

@@ -0,0 +1,72 @@
+require 'openssl'
+
+module Ork::Encryption
+
+  # Implements a simple object that can either
+  # encrypt or decrypt arbitrary data.
+  #
+  # Example:
+  #   cipher = Ork::Encryption::Cipher.new config_hash
+  #   cipher.encrypt stuff
+  #   cipher.decrypt stuff
+  #
+  class Cipher
+
+    # Creates a cipher that is prepared to encrypt/decrypt a blob.
+    # @param [Hash] config the key/cipher/iv needed to initialize OpenSSL
+    #
+    def initialize(config = {})
+      Cipher.validate_config @config = config
+      @cipher = OpenSSL::Cipher.new @config[:cipher]
+    end
+
+    # Validates the configuration has all the required values to
+    # encrypt and decrypt an object
+    #
+    # Note: if the configuration is invalid, an
+    # `Ork::Encryption::MissingConfig` error is raised.
+    #
+    def self.validate_config(config)
+      if config.nil? || ([:cipher, :key] - config.keys).any?
+        raise MissingConfig,
+          'Make sure to provide the full configuration to Ork::Encryption. ' +
+          'Use Ork::Encryption.init(config_hash) to set the configuration ' +
+          'or assert that Ork::Encryption::Cipher.new receives a non empty' +
+          ' hash with :cipher and :key values.'
+      end
+    end
+
+    def random_iv!
+      self.iv = @cipher.random_iv
+    end
+
+    def iv=(iv)
+      @config[:iv] = iv
+    end
+
+    # Encrypt stuff.
+    # @param [Object] blob the data to encrypt
+    def encrypt(blob)
+      initialize_cipher_for :encrypt
+      "#{@cipher.update blob}#{@cipher.final}"
+    end
+
+    # Decrypt stuff.
+    # @param [Object] blob the encrypted data to decrypt
+    def decrypt(blob)
+      initialize_cipher_for :decrypt
+      "#{@cipher.update blob}#{@cipher.final}"
+    end
+
+    private
+
+    # This sets the mode so OpenSSL knows to encrypt or decrypt, etc.
+    # @param [Symbol] mode either :encrypt or :decrypt
+    def initialize_cipher_for(mode)
+      @cipher.send mode
+      @cipher.key = @config[:key]
+      @cipher.iv  = @config[:iv]
+    end
+
+  end
+end

data/lib/ork/encryption.rb

@@ -0,0 +1,38 @@
+require_relative 'cipher'
+require_relative 'errors'
+require_relative 'serializers/json'
+
+module Ork
+  module Encryption
+    VERSION = '0.0.1'
+
+    def self.included(klass)
+      raise NotAnOrkDocument unless klass.included_modules.include? Ork::Document
+      klass.content_type Serializers::Json.content_type
+    end
+
+
+    # Initializes the module, setting a configuration and registering
+    # the serializers into Riak API.
+    #
+    def self.init(config)
+      Serializers::Json.register!
+
+      encryption_config config
+    end
+
+    # Accessor for the general Encryptor config.
+    #
+    # config - When nil, it acts like a reader.
+    #          When hash, it needs :key and :cipher
+    #
+    # Raises Ork::Encryption::MissingConfig when the config is incomplete.
+    #
+    def self.encryption_config(config = nil)
+      return @encryption_config if config.nil?
+
+      Ork::Encryption::Cipher.validate_config @encryption_config = config
+    end
+
+  end
+end

data/lib/ork/errors.rb

@@ -0,0 +1,8 @@
+module Ork
+  module Encryption
+
+    class NotAnOrkDocument < StandardError; end
+    class MissingConfig < StandardError; end
+  end
+end
+

data/lib/ork/serializers/json.rb

@@ -0,0 +1,59 @@
+module Ork::Encryption
+  module Serializers
+
+    # Implements the {Riak::Serializer} API for the purpose of
+    # encrypting/decrypting Ork documents as JSON.
+    #
+    # @see Encryption
+    class Json
+
+      # The Content-Type of the internal format
+      def self.content_type
+        'application/x-json-encrypted'
+      end
+
+      # Register the serializer into Riak
+      def self.register!
+        Riak::Serializers[content_type] = self
+      end
+
+      # Serializes and encrypts the Ruby hash using the assigned
+      # cipher and Content-Type.
+      #
+      # data - Hash representing persisted_data to serialize/encrypt.
+      #
+      def self.dump(data)
+        json_attributes = data.to_json(Riak.json_options)
+
+        encrypted_object = {
+          iv:      Base64.encode64(cipher.random_iv!),
+          data:    Base64.encode64(cipher.encrypt json_attributes),
+          version: Ork::Encryption::VERSION
+        }
+
+        encrypted_object.to_json(Riak.json_options)
+      end
+
+      # Decrypts and deserializes the blob using the assigned cipher
+      # and Content-Type.
+      #
+      # blob - String of the original content from Riak
+      #
+      def self.load(blob)
+        encrypted_object = Riak::JSON.parse(blob)
+        cipher.iv = Base64.decode64 encrypted_object['iv']
+        decoded_data = Base64.decode64 encrypted_object['data']
+
+        # this serializer now only supports the v2 (0.0.2 - 0.0.4) format
+        Riak::JSON.parse(cipher.decrypt decoded_data)
+      end
+
+      private
+
+      def self.cipher
+        @cipher ||= Cipher.new(Ork::Encryption.encryption_config)
+      end
+
+    end
+  end
+end

data/ork-encryption.gemspec

@@ -0,0 +1,28 @@
+Gem::Specification.new do |s|
+  s.name        = 'ork-encryption'
+  s.version     = '0.0.1'
+  s.date        = Time.now.strftime('%Y-%m-%d')
+  s.summary     = 'Ruby modeling layer for Riak.'
+  s.summary     = 'A simple encryption library for Ork::Documents stored in riak.'
+  s.description = 'Ork is a small Ruby modeling layer for Riak, inspired by Ohm.'
+  s.description = 'Encrypt documents persisted on Riak DB. Inspired in ripple-encryption'
+  s.authors     = ['Emiliano Mancuso']
+  s.email       = ['emiliano.mancuso@gmail.com']
+  s.homepage    = 'http://github.com/emancu/ork-encryption'
+  s.license     = 'MIT'
+
+  s.files = Dir[
+    'README.md',
+    'rakefile',
+    'lib/**/*.rb',
+    '*.gemspec'
+  ]
+  s.test_files = Dir['test/*.*']
+
+  s.add_dependency 'riak-client'
+  s.add_dependency 'ork', "~> 0.1.1"
+  s.add_development_dependency 'protest'
+  s.add_development_dependency 'mocha'
+  s.add_development_dependency 'coveralls'
+end
+

data/rakefile

@@ -0,0 +1,10 @@
+task :default => :test
+
+ENV['ORK_RIAK_URL'] ||= 'http://localhost:8098'
+
+desc 'Run tests'
+task :test do
+  require File.expand_path("./test/helper", File.dirname(__FILE__))
+
+  Dir["test/**/*_test.rb"].each { |file| load file }
+end

data/test/cipher_test.rb

@@ -0,0 +1,39 @@
+require_relative 'helper'
+
+Protest.describe 'Ork::Encryption::Cipher' do
+  setup do
+    config     = {
+      cipher: 'AES-256-CBC',
+      key:    'fantasticobscurekeygoesherenowty',
+      iv:     'an_iv_really_easy'
+    }
+
+    @cipher = Ork::Encryption::Cipher.new config
+    @text = "This is some nifty text."
+    # this is the example text encrypted (binary string literals use UTF-8 in ruby 2.0
+    @blob = "\xCA\x0F\x80\x9D&)lU\x97h\xC9\xAD\x16+\xBC\xAAQ\xD9\xC7C\x8F\xD7\xEFDoRoS\x0E\xEC\xD3\xA6"
+    @blob = @blob.force_encoding('ASCII-8BIT')
+  end
+
+  test "convert text to an encrypted blob" do
+    assert_equal @blob, @cipher.encrypt(@text), "Encryption failed."
+  end
+
+  test "convert encrypted blob to text" do
+    assert_equal @text, @cipher.decrypt(@blob), "Decryption failed."
+  end
+
+  context "With missing parameter" do
+    test "raise an error if key is missing" do
+      assert_raise Ork::Encryption::MissingConfig do
+        Ork::Encryption::Cipher.new(iv: 'iv', cipher: 'AES-256-CBC')
+      end
+    end
+
+    test "raise an error if cipher is missing" do
+      assert_raise Ork::Encryption::MissingConfig do
+        Ork::Encryption::Cipher.new(key: 'key')
+      end
+    end
+  end
+end

data/test/encrypt_test.rb

@@ -0,0 +1,115 @@
+require_relative 'helper'
+require 'mocha/api'
+# require 'json'
+
+include(Mocha::API)
+
+
+class Event
+  include Ork::Document
+  include Ork::Encryption
+
+  attribute :name
+end
+
+config_hash = {
+  cipher: 'AES-256-CBC',
+  key:    'fantasticobscurekeygoesherenowty'
+}
+
+Protest.describe 'Ork::Encryption' do
+  context 'include Ork::Encryption' do
+    test 'raise an error if it is not a Ork::Document' do
+      assert_raise Ork::Encryption::NotAnOrkDocument do
+        class NotADocument
+          include Ork::Encryption
+        end
+      end
+    end
+
+    test 'set @content_type' do
+      assert_equal 'application/x-json-encrypted', Event.content_type
+    end
+  end
+
+  context 'init' do
+    test 'register the serializers on Riak API' do
+      assert_equal Ork::Encryption::Serializers::Json,
+                   Riak::Serializers['application/x-json-encrypted']
+    end
+
+    test 'raise an error if config is invalid' do
+      assert_raise Ork::Encryption::MissingConfig do
+        Ork::Encryption.init(cipher: 'AES-256-CBC')
+      end
+    end
+
+    test 'encryption_config is set with the same config of Ork::Encryption' do
+      Ork::Encryption.init config_hash
+
+      assert_equal config_hash, Ork::Encryption.encryption_config
+    end
+  end
+
+  context 'encrypt / decrypt' do
+    Ork::Encryption.init config_hash
+
+    class Event
+      include Ork::Encryption # reload module
+    end
+
+    setup do
+      @iv = 'an_iv_really_easy'
+      OpenSSL::Cipher.any_instance.stubs(:random_iv).returns(@iv)
+
+      cipher = Ork::Encryption::Cipher.new(config_hash)
+      cipher.random_iv!
+
+      @event = Event.create name: 'Encryption'
+      @attributes = {'name' => 'Encryption', '_type' => 'Event'}
+      @json_attributes = JSON.dump @attributes
+      @encrypted_attributes = cipher.encrypt @json_attributes
+
+      @raw_data = raw_data_from_riak @event
+      @raw_data = JSON.parse @raw_data
+    end
+
+    teardown do
+      OpenSSL::Cipher.any_instance.unstub(:random_iv)
+    end
+
+    test 'saving the object stores attributes encoded in Base64' do
+      assert_equal Base64.encode64(@encrypted_attributes), @raw_data['data']
+    end
+
+    test 'saving the object stores the encrypted attributes' do
+      assert_equal @encrypted_attributes, Base64.decode64(@raw_data['data'])
+    end
+
+    test 'the IV is stored with the encrypted data' do
+      assert_equal Base64.encode64(@iv), @raw_data['iv']
+    end
+
+    test 'the IV is stored with the encrypted data' do
+      assert_equal @iv, Base64.decode64(@raw_data['iv'])
+    end
+
+    test 'the VERSION of Ork::Encryption is stored with the encrypted data' do
+      assert_equal Ork::Encryption::VERSION, @raw_data['version']
+    end
+
+    test 'loading an object decrypts the attributes' do
+      assert_equal({name: 'Encryption'}, Event[@event.id].attributes)
+    end
+
+    private
+
+    def raw_data_from_riak(object)
+      url = "#{ENV['ORK_RIAK_URL']}" +
+            "/buckets/#{object.class.bucket_name}/keys/#{object.id}"
+
+      `curl -s -XGET #{url}`
+    end
+
+  end
+end

data/test/helper.rb

@@ -0,0 +1,23 @@
+$LOAD_PATH.unshift(File.expand_path(File.dirname(__FILE__) + "/../lib"))
+
+require 'coveralls'
+Coveralls.wear!
+
+SimpleCov.start do
+  project_name "Ork-Encryptor"
+  command_name "Protest"
+
+  add_filter "/test/"
+end
+
+require "rubygems"
+require "protest"
+require "ork"
+require 'ork/encryption'
+
+Riak.disable_list_keys_warnings = true
+Protest.report_with(:progress)
+
+def deny(condition, message="Expected condition to be unsatisfied")
+  assert !condition, message
+end

metadata

@@ -0,0 +1,127 @@
+--- !ruby/object:Gem::Specification
+name: ork-encryption
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Emiliano Mancuso
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-11-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: riak-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: ork
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: protest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Encrypt documents persisted on Riak DB. Inspired in ripple-encryption
+email:
+- emiliano.mancuso@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- README.md
+- rakefile
+- lib/ork/cipher.rb
+- lib/ork/encryption.rb
+- lib/ork/errors.rb
+- lib/ork/serializers/json.rb
+- ork-encryption.gemspec
+- test/cipher_test.rb
+- test/encrypt_test.rb
+- test/helper.rb
+homepage: http://github.com/emancu/ork-encryption
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.1.9
+signing_key: 
+specification_version: 4
+summary: A simple encryption library for Ork::Documents stored in riak.
+test_files:
+- test/cipher_test.rb
+- test/encrypt_test.rb
+- test/helper.rb