RubyGems - pubnub - Versions diffs - 5.2.1 → 5.3.0 - Mend

pubnub 5.2.1 → 5.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (49) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +2 -2
data/.github/workflows/commands-handler.yml +18 -2
data/.github/workflows/run-tests.yml +27 -17
data/.github/workflows/run-validations.yml +12 -2
data/.pubnub.yml +20 -4
data/.tool-versions +1 -1
data/CHANGELOG.md +15 -0
data/Gemfile +1 -1
data/Gemfile.lock +6 -6
data/LICENSE +29 -0
data/README.md +1 -1
data/VERSION +1 -1
data/features/step_definitions/access_steps.rb +0 -2
data/features/step_definitions/crypto_steps.rb +99 -0
data/features/support/cryptor.rb +58 -0
data/features/support/hooks.rb +0 -1
data/lib/pubnub/client.rb +30 -1
data/lib/pubnub/error.rb +3 -0
data/lib/pubnub/event.rb +13 -5
data/lib/pubnub/events/add_message_action.rb +2 -2
data/lib/pubnub/events/get_message_actions.rb +1 -1
data/lib/pubnub/events/grant_token.rb +1 -1
data/lib/pubnub/events/history.rb +18 -6
data/lib/pubnub/events/publish.rb +7 -3
data/lib/pubnub/events/remove_channel_members.rb +3 -3
data/lib/pubnub/events/remove_channel_metadata.rb +1 -1
data/lib/pubnub/events/remove_memberships.rb +3 -3
data/lib/pubnub/events/remove_uuid_metadata.rb +1 -1
data/lib/pubnub/events/set_channel_members.rb +3 -3
data/lib/pubnub/events/set_channel_metadata.rb +2 -2
data/lib/pubnub/events/set_memberships.rb +3 -3
data/lib/pubnub/events/set_uuid_metadata.rb +2 -2
data/lib/pubnub/events/signal.rb +1 -1
data/lib/pubnub/events/subscribe.rb +5 -0
data/lib/pubnub/formatter.rb +22 -11
data/lib/pubnub/modules/crypto/crypto_module.rb +159 -0
data/lib/pubnub/modules/crypto/crypto_provider.rb +31 -0
data/lib/pubnub/modules/crypto/cryptor.rb +73 -0
data/lib/pubnub/modules/crypto/cryptor_header.rb +251 -0
data/lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb +67 -0
data/lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb +84 -0
data/lib/pubnub/modules/crypto/module.rb +8 -0
data/lib/pubnub/subscribe_event/formatter.rb +8 -8
data/lib/pubnub/version.rb +1 -1
data/pubnub.gemspec +2 -2
metadata +16 -5
data/LICENSE.txt +0 -30
data/lib/pubnub/crypto.rb +0 -70

data/lib/pubnub/events/history.rb CHANGED Viewed

@@ -8,6 +8,11 @@ module Pubnub
     def initialize(options, app)
       @event = :history
       @telemetry_name = :l_hist
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
     end
@@ -63,23 +68,30 @@ module Pubnub
     def decrypt_history(message, crypto)
       if @include_token || @include_meta
-        message['message'] = JSON.parse(crypto.decrypt(message['message']), quirks_mode: true)
+        encrypted_message = Base64.decode64(message['message'])
+        message['message'] = JSON.parse(crypto.decrypt(encrypted_message), quirks_mode: true)
         message
       else
-        JSON.parse(crypto.decrypt(message), quirks_mode: true)
+        encrypted_message = Base64.decode64(message)
+        JSON.parse(crypto.decrypt(encrypted_message), quirks_mode: true)
       end
     end
     def valid_envelope(parsed_response, req_res_objects)
       messages = parsed_response[0]
-      if (@cipher_key || @app.env[:cipher_key] || @cipher_key_selector || @app.env[:cipher_key_selector]) && messages
-        cipher_key = compute_cipher_key(parsed_response)
-        random_iv = compute_random_iv(parsed_response)
-        crypto = Crypto.new(cipher_key, random_iv)
+      # TODO: Uncomment code below when cryptor implementations will be added.
+      if crypto_module && messages
+        crypto = crypto_module
         messages = messages.map { |message| decrypt_history(message, crypto) }
       end
+      # if (@cipher_key || @app.env[:cipher_key] || @cipher_key_selector || @app.env[:cipher_key_selector]) && messages
+      #   cipher_key = compute_cipher_key(parsed_response)
+      #   random_iv = compute_random_iv(parsed_response)
+      #   crypto = Crypto.new(cipher_key, random_iv)
+      #   messages = messages.map { |message| decrypt_history(message, crypto) }
+      # end
       start = parsed_response[1]
       finish = parsed_response[2]

data/lib/pubnub/events/publish.rb CHANGED Viewed

@@ -10,6 +10,11 @@ module Pubnub
     def initialize(options, app)
       @event = :publish
       @telemetry_name = :l_pub
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
       @sequence_number = sequence_number!
       @origination_time_token = @app.generate_ortt
@@ -25,9 +30,8 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::Publish') { "Fired event #{self.class}" }
       if @compressed
-        compressed_body = Formatter.format_message(@message, @cipher_key, @random_iv, false)
+        compressed_body = Formatter.format_message(@message, @crypto_module, false)
         response = send_request(compressed_body)
       else
         response = send_request
@@ -72,7 +76,7 @@ module Pubnub
         '0',
         Formatter.format_channel(@channel, true),
         '0',
-        Formatter.format_message(@message, @cipher_key, @random_iv)
+        Formatter.format_message(@message, @crypto_module)
       ]
       rpath.pop if @compressed

data/lib/pubnub/events/remove_channel_members.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Pubnub
         { uuid: { id: member } }
       end
-      body = Formatter.format_message({ delete: members }, "", @random_iv, false)
+      body = Formatter.format_message({ delete: members }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -83,11 +83,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       members = parsed_response['data'].map { |channel_member|
         member = Hash.new
-        channel_member.each{ |k,v| member[k.to_sym] = v }
+        channel_member.each { |k, v| member[k.to_sym] = v }
         unless member[:uuid].nil?
           uuid_metadata = Hash.new
-          member[:uuid].each{ |k,v| uuid_metadata[k.to_sym] = v }
+          member[:uuid].each { |k, v| uuid_metadata[k.to_sym] = v }
           uuid_metadata[:updated] = Date._parse(uuid_metadata[:updated]) unless uuid_metadata[:updated].nil?
           member[:uuid] = uuid_metadata
         end

data/lib/pubnub/events/remove_channel_metadata.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::RemoveChannelMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@data, "", @random_iv, false)
+      body = Formatter.format_message(@data, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))

data/lib/pubnub/events/remove_memberships.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Pubnub
         { channel: { id: membership } }
       end
-      body = Formatter.format_message({ delete: memberships }, "", @random_iv, false)
+      body = Formatter.format_message({ delete: memberships }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -83,11 +83,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       memberships = parsed_response['data'].map { |uuid_membership|
         membership = Hash.new
-        uuid_membership.each{ |k,v| membership[k.to_sym] = v }
+        uuid_membership.each { |k, v| membership[k.to_sym] = v }
         unless membership[:channel].nil?
           channel_metadata = Hash.new
-          membership[:channel].each{ |k,v| channel_metadata[k.to_sym] = v }
+          membership[:channel].each { |k, v| channel_metadata[k.to_sym] = v }
           channel_metadata[:updated] = Date._parse(channel_metadata[:updated]) unless channel_metadata[:updated].nil?
           membership[:channel] = channel_metadata
         end

data/lib/pubnub/events/remove_uuid_metadata.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::RemoveUuidMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@data, "", @random_iv, false)
+      body = Formatter.format_message(@data, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))

data/lib/pubnub/events/set_channel_members.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module Pubnub
         member_object
       end
-      body = Formatter.format_message({ set: members }, "", @random_iv, false)
+      body = Formatter.format_message({ set: members }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -86,11 +86,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       members = parsed_response['data'].map { |channel_member|
         member = Hash.new
-        channel_member.each{ |k,v| member[k.to_sym] = v }
+        channel_member.each { |k, v| member[k.to_sym] = v }
         unless member[:uuid].nil?
           uuid_metadata = Hash.new
-          member[:uuid].each{ |k,v| uuid_metadata[k.to_sym] = v }
+          member[:uuid].each { |k, v| uuid_metadata[k.to_sym] = v }
           uuid_metadata[:updated] = Date._parse(uuid_metadata[:updated]) unless uuid_metadata[:updated].nil?
           member[:uuid] = uuid_metadata
         end

data/lib/pubnub/events/set_channel_metadata.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::SetChannelMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@metadata, "", @random_iv, false)
+      body = Formatter.format_message(@metadata, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -60,7 +60,7 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       data = parsed_response['data']
       metadata = Hash.new
-      data.each{ |k,v| metadata[k.to_sym] = v }
+      data.each { |k, v| metadata[k.to_sym] = v }
       metadata[:updated] = Date._parse(metadata[:updated]) unless metadata[:updated].nil?
       Pubnub::Envelope.new(

data/lib/pubnub/events/set_memberships.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module Pubnub
         membership_object
       end
-      body = Formatter.format_message({ set: memberships }, "", @random_iv, false)
+      body = Formatter.format_message({ set: memberships }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -86,11 +86,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       memberships = parsed_response['data'].map { |uuid_membership|
         membership = Hash.new
-        uuid_membership.each{ |k,v| membership[k.to_sym] = v }
+        uuid_membership.each { |k, v| membership[k.to_sym] = v }
         unless membership[:channel].nil?
           channel_metadata = Hash.new
-          membership[:channel].each{ |k,v| channel_metadata[k.to_sym] = v }
+          membership[:channel].each { |k, v| channel_metadata[k.to_sym] = v }
           channel_metadata[:updated] = Date._parse(channel_metadata[:updated]) unless channel_metadata[:updated].nil?
           membership[:channel] = channel_metadata
         end

data/lib/pubnub/events/set_uuid_metadata.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::SetUuidMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@metadata, "", @random_iv, false)
+      body = Formatter.format_message(@metadata, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -61,7 +61,7 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       data = parsed_response['data']
       metadata = Hash.new
-      data.each{ |k,v| metadata[k.to_sym] = v }
+      data.each { |k, v| metadata[k.to_sym] = v }
       metadata[:updated] = Date._parse(metadata[:updated]) unless metadata[:updated].nil?
       Pubnub::Envelope.new(

data/lib/pubnub/events/signal.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module Pubnub
         '0',
         Formatter.format_channel(@channel, true),
         '0',
-        Formatter.format_message(@message, @cipher_key, @random_iv)
+        Formatter.format_message(@message, @crypto_module)
       ].join('/')
     end

data/lib/pubnub/events/subscribe.rb CHANGED Viewed

@@ -8,6 +8,11 @@ module Pubnub
     def initialize(options, app)
       @event = :subscribe
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
       app.apply_state(self)
     end

data/lib/pubnub/formatter.rb CHANGED Viewed

@@ -41,17 +41,28 @@ module Pubnub
         end
       end
-      # Transforms message to json and encode it
-      def format_message(message, cipher_key = "", use_random_iv = false, uri_escape = true)
-        if cipher_key && !cipher_key.empty?
-          pc = Pubnub::Crypto.new(cipher_key, use_random_iv)
-          message = pc.encrypt(message).to_json
-          message = Addressable::URI.escape(message) if uri_escape
-        else
-          message = message.to_json
-          message = Formatter.encode(message) if uri_escape
+      # TODO: Uncomment code below when cryptor implementations will be added.
+      # Transforms message to json and encode it.
+      #
+      # @param message [Hash, String, Integer, Boolean] Message data which
+      #   should be formatted.
+      # @param crypto [Crypto::CryptoProvider, nil] Crypto which should be used to
+      #   encrypt message data.
+      # @param uri_escape [Boolean, nil] Whether formatted message should escape
+      #   to be used as part of URI or not.
+      # @return [String, nil] Formatted message data.
+      def format_message(message, crypto = nil, uri_escape = true)
+        json_message = message.to_json
+        if crypto
+          encrypted_data = crypto&.encrypt(json_message)
+          json_message = Base64.strict_encode64(encrypted_data).to_json unless encrypted_data.nil?
+        end
+        if uri_escape
+          json_message = Formatter.encode(json_message) if crypto.nil?
+          json_message = Addressable::URI.escape(json_message).to_s unless crypto.nil?
         end
-        message
+        json_message
       end
       # Quite lazy way, but good enough for current usage
@@ -100,7 +111,7 @@ module Pubnub
       # Parses string to JSON
       def parse_json(string)
         [JSON.parse(string), nil]
-      rescue JSON::ParserError => _error
+      rescue JSON::ParserError => _e
         [nil, JSON::ParserError]
       end

data/lib/pubnub/modules/crypto/crypto_module.rb ADDED Viewed

@@ -0,0 +1,159 @@
+module Pubnub
+  module Crypto
+    # Crypto module for data processing.
+    #
+    # The PubNub client uses a module to encrypt and decrypt sent data in a way
+    # that's compatible with previous versions (if additional cryptors have been
+    # registered).
+    class CryptoModule < CryptoProvider
+      # AES-CBC cryptor based module.
+      #
+      # Data <i>encryption</i> and <i>decryption</i> will be done by default
+      # using the <i>AesCbcCryptor</i>. In addition to the <i>AesCbcCryptor</i>
+      # for data <i>decryption</i>, the <i>LegacyCryptor</i> will be registered
+      # for backward-compatibility.
+      #
+      # @param cipher_key [String] Key for data encryption and decryption.
+      # @param use_random_iv [Boolean] Whether random IV should be used for data
+      #   decryption.
+      #
+      # @raise [ArgumentError] If the <i>cipher_key</i> is missing or empty.
+      def self.new_aes_cbc(cipher_key, use_random_iv)
+        if cipher_key.nil? || cipher_key.empty?
+          raise ArgumentError, {
+            message: '\'cipher_key\' is missing or empty.'
+          }
+        end
+        CryptoModule.new AesCbcCryptor.new(cipher_key), [LegacyCryptor.new(cipher_key, use_random_iv)]
+      end
+      # Legacy AES-CBC cryptor based module.
+      #
+      # Data <i>encryption</i> and <i>decryption</i> will be done by default
+      # using the <i>LegacyCrypto</i>. In addition to the <i>LegacyCrypto</i>
+      # for data <i>decryption</i>, the <i>AesCbcCryptor</i> will be registered
+      # for future-compatibility (which will help with gradual application
+      # updates).
+      #
+      # @param cipher_key [String] Key for data encryption and decryption.
+      # @param use_random_iv [Boolean] Whether random IV should be used for data
+      #   decryption.
+      #
+      # @raise [ArgumentError] If the <i>cipher_key</i> is missing or empty.
+      def self.new_legacy(cipher_key, use_random_iv)
+        if cipher_key.nil? || cipher_key.empty?
+          raise ArgumentError, {
+            message: '\'cipher_key\' is missing or empty.'
+          }
+        end
+        CryptoModule.new LegacyCryptor.new(cipher_key, use_random_iv), [AesCbcCryptor.new(cipher_key)]
+      end
+      # Create crypto module.
+      #
+      # @param default [Cryptor] Default cryptor used to encrypt and decrypt
+      #   data.
+      # @param cryptors [Array<Cryptor>, nil] Additional cryptors which will be
+      #   used to decrypt data encrypted by previously used cryptors.
+      def initialize(default, cryptors)
+        if default.nil?
+          raise ArgumentError, {
+            message: '\'default\' cryptor required for data encryption.'
+          }
+        end
+        @default = default
+        @cryptors = cryptors&.each_with_object({}) do |value, hash|
+          hash[value.identifier] = value
+        end || {}
+        super()
+      end
+      def encrypt(data)
+        # Encrypting provided data.
+        encrypted_data = default_cryptor.encrypt(data)
+        return nil if encrypted_data.nil?
+        payload = Crypto::CryptorHeader.new(default_cryptor.identifier, encrypted_data.metadata).to_s
+        payload << encrypted_data.metadata unless encrypted_data.metadata.nil?
+        payload << encrypted_data.data
+      end
+      def decrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: DECRYPTION ERROR: Empty data for decryption'
+          return nil
+        end
+        header = Crypto::CryptorHeader.parse(data)
+        return nil if header.nil?
+        cryptor_identifier = header.identifier || '\x00\x00\x00\x00'
+        cryptor = cryptor cryptor_identifier
+        # Check whether there is a cryptor to decrypt data or not.
+        if cryptor.nil?
+          identifier = header.identifier || 'UNKN'
+          raise UnknownCryptorError, {
+            message: "Decrypting data created by unknown cryptor. Please make sure to register
+#{identifier} or update SDK."
+          }
+        end
+        encrypted_data = data[header.length..-1]
+        metadata = metadata encrypted_data, header.data_size
+        # Check whether there is still some data for processing or not.
+        return nil if encrypted_data.nil? || encrypted_data.empty?
+        cryptor.decrypt(EncryptedData.new(encrypted_data, metadata))
+      end
+      private
+      # Cryptor used by the module by default to encrypt data.
+      #
+      # @return [Cryptor] Default cryptor used to encrypt and decrypt data.
+      def default_cryptor
+        @default
+      end
+      # Additional cryptors that can be used to decrypt data if the
+      # <i>default_cryptor</i> can't.
+      #
+      # @return [Hash<String, Cryptor>] Map of Cryptor to their identifiers.
+      def additional_cryptors
+        @cryptors
+      end
+      # Extract metadata information from source data.
+      #
+      # @param data [String, nil] Encrypted data from which cryptor metadata
+      #   should be extracted.
+      # @param size [Integer] Size of cryptor-defined data.
+      # @return [String, nil] Extracted metadata or <i>nil</i> in case if
+      #   <i>size</i> is <b>0</b>.
+      def metadata(data, size)
+        return nil if !data || !size.positive?
+        data&.slice!(0..(size - 1))
+      end
+      # Find cryptor with a specified identifier.
+      #
+      # Data decryption can only be done with registered cryptors. An identifier
+      # in the cryptor data header is used to identify a suitable cryptor.
+      #
+      # @param identifier [String] A unicode cryptor identifier.
+      # @return [Cryptor, nil] Target cryptor or `nil` in case there is none
+      #   with the specified identifier.
+      def cryptor(identifier)
+        return default_cryptor if default_cryptor.identifier == identifier
+        additional_cryptors.fetch(identifier, nil)
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/crypto_provider.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Pubnub
+  module Crypto
+    # Base class which is used to implement a module that can be used to
+    # configure <b>PubNub</b> client or for manual data encryption and
+    # decryption.
+    class CryptoProvider
+      # Encrypt provided data.
+      #
+      # @param data [String] Source data for encryption.
+      # @return [String, nil] Encrypted data or <i>nil</i> in case of encryption
+      #   error.
+      def encrypt(data)
+        raise NotImplementedError, 'Subclass should provide "encrypt" method implementation.'
+      end
+      # Decrypt provided data.
+      #
+      # @param data [String] Encrypted data for decryption.
+      # @return [String, nil] Decrypted data or <i>nil</i> in case of decryption
+      #   error.
+      #
+      # @raise [UnknownCryptorError] If the <i>cryptor</i> for data processing is
+      #   not registered.
+      def decrypt(data)
+        raise NotImplementedError, 'Subclass should provide "decrypt" method implementation.'
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/cryptor.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+module Pubnub
+  module Crypto
+    # Encrypted data representation object.
+    #
+    # Objects contain both encrypted data and additional data created by cryptor
+    # that will be required to decrypt the data.
+    class EncryptedData
+      # Cryptor may provide here any information which will be useful when data
+      # should be decrypted.
+      #
+      # For example <i>metadata</i> may contain:
+      # * initialization vector
+      # * cipher key identifier
+      # * encrypted <i>data</i> length
+      #
+      # @return [String, nil] Cryptor-defined information.
+      attr_reader :metadata
+      # Encrypted data.
+      #
+      # @return [String] Encrypted data.
+      attr_reader :data
+      # Create encrypted data object.
+      #
+      # An object used to keep track of the results of data encryption and the
+      # additional data the <i>cryptor</i> needs to handle it later.
+      #
+      # @param data [String] Outcome of successful cryptor <i>encrypt</i> method
+      #   call.
+      # @param  metadata [String, nil] Additional information is provided by
+      #   <i>cryptor</i> so that encrypted data can be handled later.
+      def initialize(data, metadata = nil)
+        @data = data
+        @metadata = metadata
+      end
+    end
+    # Base class which is used to implement cryptor that should be used with
+    # <i>CryptorProvider</i> implementation for data encryption and decryption.
+    class Cryptor
+      # Identifier will be encoded into cryptor data header and passed along
+      # with encrypted <i>data</i> and <i>metadata</i>.
+      #
+      # The identifier <b>must</b> be 4 bytes long.
+      #
+      # @return [String] Unique cryptor identifier.
+      def identifier
+        raise NotImplementedError, 'Subclass should provide "identifier" method implementation.'
+      end
+      # Encrypt provided data.
+      #
+      # @param data [String] Source data for encryption.
+      # @return [EncryptedData, nil] Encrypted data or <i>nil</i> in case of
+      #   encryption error.
+      def encrypt(data)
+        raise NotImplementedError, 'Subclass should provide "encrypt" method implementation.'
+      end
+      # Decrypt provided data.
+      #
+      # @param data [EncryptedData] Encrypted data for decryption.
+      # @return [String, nil] Decrypted data or <i>nil</i> in case of decryption
+      #   error.
+      def decrypt(data)
+        raise NotImplementedError, 'Subclass should provide "decrypt" method implementation.'
+      end
+    end
+  end
+end