portunus 0.3.3 → 0.3.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2aa50f7bc5907aacbac1982677a022d4e65f9d10720de1f8517ed43d09801335
-  data.tar.gz: f2dd61e18d64adcc6665fecae50ab6c0cbc88198aa9f34a8a62294196e995a1f
+  metadata.gz: 8b21fe1e0d1e035b9b1c63090614ccd35441c67c1eac178eaec02577b609ace9
+  data.tar.gz: e4a7c519d2d9a246f78a7090baaef0c59749af0505e899b06aa5ac1b8829adfa
 SHA512:
-  metadata.gz: bfd40c8e8504ec44f2d357467127e8fd3fb3086690cc7ea22ad9d5bdb4556406982f25ac3a2370017a35e5f61b6b9f78bf3a5fd1590f148c9cad998a566105cc
-  data.tar.gz: e7d211c5a9892e98c5c40d9dbf615f58b22883ad1a7785e79c27aed725d0bf0c6e57e45052fe1a7869d8518c4ede736bcde4b78fe0ee8a119b71652a2d5f2adf
+  metadata.gz: 70f75238d178f9a3dd7c00958b09b65dd94295cd2b606e77168f6813552b86a4b814d34753952d692f6effdb5f313859947218dcf4be7cd6d490206cd1cf80b5
+  data.tar.gz: df93281691c7c368aed0008b55b79331da5ef2721c2a6b64d1392613d1aa5a43b14309b631f5f4ea94be277d411dce51b0fa87d491bcdcc384537b81a332e073

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    portunus (0.3.1)
+    portunus (0.3.8)
       openssl (>= 2.1.0)
       rails (>= 5.0.0)
 
@@ -79,7 +79,6 @@ GEM
       activesupport (>= 4.2.0)
     i18n (1.8.2)
       concurrent-ruby (~> 1.0)
-    ipaddr (1.2.2)
     json (2.3.0)
     loofah (2.4.0)
       crass (~> 1.0.2)
@@ -97,7 +96,6 @@ GEM
     nokogiri (1.10.9)
       mini_portile2 (~> 2.4.0)
     openssl (2.1.2)
-      ipaddr
     pry (0.12.2)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
@@ -185,3 +183,6 @@ DEPENDENCIES
   rspec
   simplecov (~> 0.17.1)
   sqlite3
+
+BUNDLED WITH
+   2.1.4

data/lib/portunus/rotators/dek.rb

@@ -12,20 +12,30 @@ module Portunus
       def rotate
         encryptable = data_encryption_key.encryptable
 
-        encryptable.class.encrypted_fields_list.map do |field_name|
-          field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
+        if encryptable.blank?
+          Rails.logger.debug("Dek id: #{data_encryption_key.id} is missing it's encryptable... deleting")
+          data_encryption_key.destroy
+          return true
         end
 
-        data_encryption_key.encrypted_key = new_encrypted_key
-
-        field_value_map.map do |field_name, value|
-          encryptable.send("#{field_name}=".to_sym, value)
-        end
+        Rails.logger.debug(
+          "Rotating Encryptable: #{encryptable.class}, id: #{encryptable.id}"
+        )
 
         ActiveRecord::Base.transaction do
+          encryptable.class.encrypted_fields_list.map do |field_name|
+            field_value_map[field_name.to_sym] = encryptable.send(field_name.to_sym)
+          end
+
+          data_encryption_key.update(encrypted_key: new_encrypted_key)
+          encryptable.data_encryption_key.reload
+
+          field_value_map.map do |field_name, value|
+            encryptable.send("#{field_name}=".to_sym, value)
+          end
+
           encryptable.save
-          data_encryption_key.last_dek_rotation = DateTime.now
-          data_encryption_key.save
+          data_encryption_key.update(last_dek_rotation: DateTime.now)
         end
 
         true

data/lib/portunus/rotators/kek.rb

@@ -35,7 +35,7 @@ module Portunus
       end
 
       def wrapped_current_master_key
-        [data_encryption_key.master_keyname]
+        [data_encryption_key.master_keyname.to_sym]
       end
 
       def master_keys

data/lib/portunus/tasks/rotate_keys.rake

@@ -1,12 +1,16 @@
 namespace :portunus do
   desc "Rotate KEK keys, reencrypt the deks"
   task rotate_keks: :environment do
-    scope = ::Portunus::DataEncryptionKey.
-      where(
-        "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null", 
-        ::Portunus.configuration.max_key_duration,
-        ::Portunus.configuration.max_key_duration
-      )
+    if ENV["FORCE"] == "true"
+      scope = ::Portunus::DataEncryptionKey.all
+    else
+      scope = ::Portunus::DataEncryptionKey.
+        where(
+          "last_kek_rotation < ? or (created_at < ? and last_kek_rotation is null)", 
+          DateTime.now - ::Portunus.configuration.max_key_duration,
+          DateTime.now - ::Portunus.configuration.max_key_duration
+        )
+    end
 
     scope.in_batches do |relation|
       relation.map do |encryption_key|
@@ -22,9 +26,9 @@ namespace :portunus do
     else
       scope = ::Portunus::DataEncryptionKey.
         where(
-          "last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null", 
-          ::Portunus.configuration.max_key_duration,
-          ::Portunus.configuration.max_key_duration
+          "last_dek_rotation < ? or (created_at < ? and last_dek_rotation is null)", 
+          DateTime.now - ::Portunus.configuration.max_key_duration,
+          DateTime.now - ::Portunus.configuration.max_key_duration
         )
     end
     scope.in_batches do |relation|

data/lib/portunus/version.rb

@@ -1,3 +1,3 @@
 module Portunus
-  VERSION = "0.3.3"
+  VERSION = "0.3.8"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: portunus
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.3.8
 platform: ruby
 authors:
 - Colin Petruno
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-03-26 00:00:00.000000000 Z
+date: 2020-08-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -234,8 +234,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6.2
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: DEK and KEK Encryption for Rails