RubyGems - pubnub - Versions diffs - 5.2.1 → 5.3.0 - Mend

pubnub 5.2.1 → 5.3.0

Files changed (49) hide show

checksums.yaml +4 -4
data/.github/CODEOWNERS +2 -2
data/.github/workflows/commands-handler.yml +18 -2
data/.github/workflows/run-tests.yml +27 -17
data/.github/workflows/run-validations.yml +12 -2
data/.pubnub.yml +20 -4
data/.tool-versions +1 -1
data/CHANGELOG.md +15 -0
data/Gemfile +1 -1
data/Gemfile.lock +6 -6
data/LICENSE +29 -0
data/README.md +1 -1
data/VERSION +1 -1
data/features/step_definitions/access_steps.rb +0 -2
data/features/step_definitions/crypto_steps.rb +99 -0
data/features/support/cryptor.rb +58 -0
data/features/support/hooks.rb +0 -1
data/lib/pubnub/client.rb +30 -1
data/lib/pubnub/error.rb +3 -0
data/lib/pubnub/event.rb +13 -5
data/lib/pubnub/events/add_message_action.rb +2 -2
data/lib/pubnub/events/get_message_actions.rb +1 -1
data/lib/pubnub/events/grant_token.rb +1 -1
data/lib/pubnub/events/history.rb +18 -6
data/lib/pubnub/events/publish.rb +7 -3
data/lib/pubnub/events/remove_channel_members.rb +3 -3
data/lib/pubnub/events/remove_channel_metadata.rb +1 -1
data/lib/pubnub/events/remove_memberships.rb +3 -3
data/lib/pubnub/events/remove_uuid_metadata.rb +1 -1
data/lib/pubnub/events/set_channel_members.rb +3 -3
data/lib/pubnub/events/set_channel_metadata.rb +2 -2
data/lib/pubnub/events/set_memberships.rb +3 -3
data/lib/pubnub/events/set_uuid_metadata.rb +2 -2
data/lib/pubnub/events/signal.rb +1 -1
data/lib/pubnub/events/subscribe.rb +5 -0
data/lib/pubnub/formatter.rb +22 -11
data/lib/pubnub/modules/crypto/crypto_module.rb +159 -0
data/lib/pubnub/modules/crypto/crypto_provider.rb +31 -0
data/lib/pubnub/modules/crypto/cryptor.rb +73 -0
data/lib/pubnub/modules/crypto/cryptor_header.rb +251 -0
data/lib/pubnub/modules/crypto/cryptors/aes_cbc_cryptor.rb +67 -0
data/lib/pubnub/modules/crypto/cryptors/legacy_cryptor.rb +84 -0
data/lib/pubnub/modules/crypto/module.rb +8 -0
data/lib/pubnub/subscribe_event/formatter.rb +8 -8
data/lib/pubnub/version.rb +1 -1
data/pubnub.gemspec +2 -2
metadata +16 -5
data/LICENSE.txt +0 -30
data/lib/pubnub/crypto.rb +0 -70

data/lib/pubnub/events/history.rb CHANGED Viewed

@@ -8,6 +8,11 @@ module Pubnub
     def initialize(options, app)
       @event = :history
       @telemetry_name = :l_hist
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
     end
@@ -63,23 +68,30 @@ module Pubnub
     def decrypt_history(message, crypto)
       if @include_token || @include_meta
-        message['message'] = JSON.parse(crypto.decrypt(message['message']), quirks_mode: true)
+        encrypted_message = Base64.decode64(message['message'])
+        message['message'] = JSON.parse(crypto.decrypt(encrypted_message), quirks_mode: true)
         message
       else
-        JSON.parse(crypto.decrypt(message), quirks_mode: true)
+        encrypted_message = Base64.decode64(message)
+        JSON.parse(crypto.decrypt(encrypted_message), quirks_mode: true)
       end
     end
     def valid_envelope(parsed_response, req_res_objects)
       messages = parsed_response[0]
-      if (@cipher_key || @app.env[:cipher_key] || @cipher_key_selector || @app.env[:cipher_key_selector]) && messages
-        cipher_key = compute_cipher_key(parsed_response)
-        random_iv = compute_random_iv(parsed_response)
-        crypto = Crypto.new(cipher_key, random_iv)
+      # TODO: Uncomment code below when cryptor implementations will be added.
+      if crypto_module && messages
+        crypto = crypto_module
         messages = messages.map { |message| decrypt_history(message, crypto) }
       end
+      # if (@cipher_key || @app.env[:cipher_key] || @cipher_key_selector || @app.env[:cipher_key_selector]) && messages
+      #   cipher_key = compute_cipher_key(parsed_response)
+      #   random_iv = compute_random_iv(parsed_response)
+      #   crypto = Crypto.new(cipher_key, random_iv)
+      #   messages = messages.map { |message| decrypt_history(message, crypto) }
+      # end
       start = parsed_response[1]
       finish = parsed_response[2]

data/lib/pubnub/events/publish.rb CHANGED Viewed

@@ -10,6 +10,11 @@ module Pubnub
     def initialize(options, app)
       @event = :publish
       @telemetry_name = :l_pub
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
       @sequence_number = sequence_number!
       @origination_time_token = @app.generate_ortt
@@ -25,9 +30,8 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::Publish') { "Fired event #{self.class}" }
       if @compressed
-        compressed_body = Formatter.format_message(@message, @cipher_key, @random_iv, false)
+        compressed_body = Formatter.format_message(@message, @crypto_module, false)
         response = send_request(compressed_body)
       else
         response = send_request
@@ -72,7 +76,7 @@ module Pubnub
         '0',
         Formatter.format_channel(@channel, true),
         '0',
-        Formatter.format_message(@message, @cipher_key, @random_iv)
+        Formatter.format_message(@message, @crypto_module)
       ]
       rpath.pop if @compressed

data/lib/pubnub/events/remove_channel_members.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Pubnub
         { uuid: { id: member } }
       end
-      body = Formatter.format_message({ delete: members }, "", @random_iv, false)
+      body = Formatter.format_message({ delete: members }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -83,11 +83,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       members = parsed_response['data'].map { |channel_member|
         member = Hash.new
-        channel_member.each{ |k,v| member[k.to_sym] = v }
+        channel_member.each { |k, v| member[k.to_sym] = v }
         unless member[:uuid].nil?
           uuid_metadata = Hash.new
-          member[:uuid].each{ |k,v| uuid_metadata[k.to_sym] = v }
+          member[:uuid].each { |k, v| uuid_metadata[k.to_sym] = v }
           uuid_metadata[:updated] = Date._parse(uuid_metadata[:updated]) unless uuid_metadata[:updated].nil?
           member[:uuid] = uuid_metadata
         end

data/lib/pubnub/events/remove_channel_metadata.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::RemoveChannelMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@data, "", @random_iv, false)
+      body = Formatter.format_message(@data, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))

data/lib/pubnub/events/remove_memberships.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module Pubnub
         { channel: { id: membership } }
       end
-      body = Formatter.format_message({ delete: memberships }, "", @random_iv, false)
+      body = Formatter.format_message({ delete: memberships }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -83,11 +83,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       memberships = parsed_response['data'].map { |uuid_membership|
         membership = Hash.new
-        uuid_membership.each{ |k,v| membership[k.to_sym] = v }
+        uuid_membership.each { |k, v| membership[k.to_sym] = v }
         unless membership[:channel].nil?
           channel_metadata = Hash.new
-          membership[:channel].each{ |k,v| channel_metadata[k.to_sym] = v }
+          membership[:channel].each { |k, v| channel_metadata[k.to_sym] = v }
           channel_metadata[:updated] = Date._parse(channel_metadata[:updated]) unless channel_metadata[:updated].nil?
           membership[:channel] = channel_metadata
         end

data/lib/pubnub/events/remove_uuid_metadata.rb CHANGED Viewed

@@ -17,7 +17,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::RemoveUuidMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@data, "", @random_iv, false)
+      body = Formatter.format_message(@data, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))

data/lib/pubnub/events/set_channel_members.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module Pubnub
         member_object
       end
-      body = Formatter.format_message({ set: members }, "", @random_iv, false)
+      body = Formatter.format_message({ set: members }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -86,11 +86,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       members = parsed_response['data'].map { |channel_member|
         member = Hash.new
-        channel_member.each{ |k,v| member[k.to_sym] = v }
+        channel_member.each { |k, v| member[k.to_sym] = v }
         unless member[:uuid].nil?
           uuid_metadata = Hash.new
-          member[:uuid].each{ |k,v| uuid_metadata[k.to_sym] = v }
+          member[:uuid].each { |k, v| uuid_metadata[k.to_sym] = v }
           uuid_metadata[:updated] = Date._parse(uuid_metadata[:updated]) unless uuid_metadata[:updated].nil?
           member[:uuid] = uuid_metadata
         end

data/lib/pubnub/events/set_channel_metadata.rb CHANGED Viewed

@@ -27,7 +27,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::SetChannelMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@metadata, "", @random_iv, false)
+      body = Formatter.format_message(@metadata, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -60,7 +60,7 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       data = parsed_response['data']
       metadata = Hash.new
-      data.each{ |k,v| metadata[k.to_sym] = v }
+      data.each { |k, v| metadata[k.to_sym] = v }
       metadata[:updated] = Date._parse(metadata[:updated]) unless metadata[:updated].nil?
       Pubnub::Envelope.new(

data/lib/pubnub/events/set_memberships.rb CHANGED Viewed

@@ -45,7 +45,7 @@ module Pubnub
         membership_object
       end
-      body = Formatter.format_message({ set: memberships }, "", @random_iv, false)
+      body = Formatter.format_message({ set: memberships }, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -86,11 +86,11 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       memberships = parsed_response['data'].map { |uuid_membership|
         membership = Hash.new
-        uuid_membership.each{ |k,v| membership[k.to_sym] = v }
+        uuid_membership.each { |k, v| membership[k.to_sym] = v }
         unless membership[:channel].nil?
           channel_metadata = Hash.new
-          membership[:channel].each{ |k,v| channel_metadata[k.to_sym] = v }
+          membership[:channel].each { |k, v| channel_metadata[k.to_sym] = v }
           channel_metadata[:updated] = Date._parse(channel_metadata[:updated]) unless channel_metadata[:updated].nil?
           membership[:channel] = channel_metadata
         end

data/lib/pubnub/events/set_uuid_metadata.rb CHANGED Viewed

@@ -28,7 +28,7 @@ module Pubnub
     def fire
       Pubnub.logger.debug('Pubnub::SetUuidMetadata') { "Fired event #{self.class}" }
-      body = Formatter.format_message(@metadata, "", @random_iv, false)
+      body = Formatter.format_message(@metadata, nil, false)
       response = send_request(body)
       envelopes = fire_callbacks(handle(response, uri))
@@ -61,7 +61,7 @@ module Pubnub
     def valid_envelope(parsed_response, req_res_objects)
       data = parsed_response['data']
       metadata = Hash.new
-      data.each{ |k,v| metadata[k.to_sym] = v }
+      data.each { |k, v| metadata[k.to_sym] = v }
       metadata[:updated] = Date._parse(metadata[:updated]) unless metadata[:updated].nil?
       Pubnub::Envelope.new(

data/lib/pubnub/events/signal.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module Pubnub
         '0',
         Formatter.format_channel(@channel, true),
         '0',
-        Formatter.format_message(@message, @cipher_key, @random_iv)
+        Formatter.format_message(@message, @crypto_module)
       ].join('/')
     end

data/lib/pubnub/events/subscribe.rb CHANGED Viewed

@@ -8,6 +8,11 @@ module Pubnub
     def initialize(options, app)
       @event = :subscribe
+      # Override crypto module if custom cipher key has been used.
+      random_iv = options.key?(:random_iv) ? options[:random_iv] : true
+      options[:crypto_module] = Crypto::CryptoModule.new_legacy(options[:cipher_key], random_iv) if options[:cipher_key]
       super
       app.apply_state(self)
     end

data/lib/pubnub/formatter.rb CHANGED Viewed

@@ -41,17 +41,28 @@ module Pubnub
         end
       end
-      # Transforms message to json and encode it
-      def format_message(message, cipher_key = "", use_random_iv = false, uri_escape = true)
-        if cipher_key && !cipher_key.empty?
-          pc = Pubnub::Crypto.new(cipher_key, use_random_iv)
-          message = pc.encrypt(message).to_json
-          message = Addressable::URI.escape(message) if uri_escape
-        else
-          message = message.to_json
-          message = Formatter.encode(message) if uri_escape
+      # TODO: Uncomment code below when cryptor implementations will be added.
+      # Transforms message to json and encode it.
+      #
+      # @param message [Hash, String, Integer, Boolean] Message data which
+      #   should be formatted.
+      # @param crypto [Crypto::CryptoProvider, nil] Crypto which should be used to
+      #   encrypt message data.
+      # @param uri_escape [Boolean, nil] Whether formatted message should escape
+      #   to be used as part of URI or not.
+      # @return [String, nil] Formatted message data.
+      def format_message(message, crypto = nil, uri_escape = true)
+        json_message = message.to_json
+        if crypto
+          encrypted_data = crypto&.encrypt(json_message)
+          json_message = Base64.strict_encode64(encrypted_data).to_json unless encrypted_data.nil?
+        end
+        if uri_escape
+          json_message = Formatter.encode(json_message) if crypto.nil?
+          json_message = Addressable::URI.escape(json_message).to_s unless crypto.nil?
         end
-        message
+        json_message
       end
       # Quite lazy way, but good enough for current usage
@@ -100,7 +111,7 @@ module Pubnub
       # Parses string to JSON
       def parse_json(string)
         [JSON.parse(string), nil]
-      rescue JSON::ParserError => _error
+      rescue JSON::ParserError => _e
         [nil, JSON::ParserError]
       end

data/lib/pubnub/modules/crypto/crypto_module.rb ADDED Viewed

@@ -0,0 +1,159 @@
+module Pubnub
+  module Crypto
+    # Crypto module for data processing.
+    #
+    # The PubNub client uses a module to encrypt and decrypt sent data in a way
+    # that's compatible with previous versions (if additional cryptors have been
+    # registered).
+    class CryptoModule < CryptoProvider
+      # AES-CBC cryptor based module.
+      #
+      # Data <i>encryption</i> and <i>decryption</i> will be done by default
+      # using the <i>AesCbcCryptor</i>. In addition to the <i>AesCbcCryptor</i>
+      # for data <i>decryption</i>, the <i>LegacyCryptor</i> will be registered
+      # for backward-compatibility.
+      #
+      # @param cipher_key [String] Key for data encryption and decryption.
+      # @param use_random_iv [Boolean] Whether random IV should be used for data
+      #   decryption.
+      #
+      # @raise [ArgumentError] If the <i>cipher_key</i> is missing or empty.
+      def self.new_aes_cbc(cipher_key, use_random_iv)
+        if cipher_key.nil? || cipher_key.empty?
+          raise ArgumentError, {
+            message: '\'cipher_key\' is missing or empty.'
+          }
+        end
+        CryptoModule.new AesCbcCryptor.new(cipher_key), [LegacyCryptor.new(cipher_key, use_random_iv)]
+      end
+      # Legacy AES-CBC cryptor based module.
+      #
+      # Data <i>encryption</i> and <i>decryption</i> will be done by default
+      # using the <i>LegacyCrypto</i>. In addition to the <i>LegacyCrypto</i>
+      # for data <i>decryption</i>, the <i>AesCbcCryptor</i> will be registered
+      # for future-compatibility (which will help with gradual application
+      # updates).
+      #
+      # @param cipher_key [String] Key for data encryption and decryption.
+      # @param use_random_iv [Boolean] Whether random IV should be used for data
+      #   decryption.
+      #
+      # @raise [ArgumentError] If the <i>cipher_key</i> is missing or empty.
+      def self.new_legacy(cipher_key, use_random_iv)
+        if cipher_key.nil? || cipher_key.empty?
+          raise ArgumentError, {
+            message: '\'cipher_key\' is missing or empty.'
+          }
+        end
+        CryptoModule.new LegacyCryptor.new(cipher_key, use_random_iv), [AesCbcCryptor.new(cipher_key)]
+      end
+      # Create crypto module.
+      #
+      # @param default [Cryptor] Default cryptor used to encrypt and decrypt
+      #   data.
+      # @param cryptors [Array<Cryptor>, nil] Additional cryptors which will be
+      #   used to decrypt data encrypted by previously used cryptors.
+      def initialize(default, cryptors)
+        if default.nil?
+          raise ArgumentError, {
+            message: '\'default\' cryptor required for data encryption.'
+          }
+        end
+        @default = default
+        @cryptors = cryptors&.each_with_object({}) do |value, hash|
+          hash[value.identifier] = value
+        end || {}
+        super()
+      end
+      def encrypt(data)
+        # Encrypting provided data.
+        encrypted_data = default_cryptor.encrypt(data)
+        return nil if encrypted_data.nil?
+        payload = Crypto::CryptorHeader.new(default_cryptor.identifier, encrypted_data.metadata).to_s
+        payload << encrypted_data.metadata unless encrypted_data.metadata.nil?
+        payload << encrypted_data.data
+      end
+      def decrypt(data)
+        if data.nil? || data.empty?
+          puts 'Pubnub :: DECRYPTION ERROR: Empty data for decryption'
+          return nil
+        end
+        header = Crypto::CryptorHeader.parse(data)
+        return nil if header.nil?
+        cryptor_identifier = header.identifier || '\x00\x00\x00\x00'
+        cryptor = cryptor cryptor_identifier
+        # Check whether there is a cryptor to decrypt data or not.
+        if cryptor.nil?
+          identifier = header.identifier || 'UNKN'
+          raise UnknownCryptorError, {
+            message: "Decrypting data created by unknown cryptor. Please make sure to register
+#{identifier} or update SDK."
+          }
+        end
+        encrypted_data = data[header.length..-1]
+        metadata = metadata encrypted_data, header.data_size
+        # Check whether there is still some data for processing or not.
+        return nil if encrypted_data.nil? || encrypted_data.empty?
+        cryptor.decrypt(EncryptedData.new(encrypted_data, metadata))
+      end
+      private
+      # Cryptor used by the module by default to encrypt data.
+      #
+      # @return [Cryptor] Default cryptor used to encrypt and decrypt data.
+      def default_cryptor
+        @default
+      end
+      # Additional cryptors that can be used to decrypt data if the
+      # <i>default_cryptor</i> can't.
+      #
+      # @return [Hash<String, Cryptor>] Map of Cryptor to their identifiers.
+      def additional_cryptors
+        @cryptors
+      end
+      # Extract metadata information from source data.
+      #
+      # @param data [String, nil] Encrypted data from which cryptor metadata
+      #   should be extracted.
+      # @param size [Integer] Size of cryptor-defined data.
+      # @return [String, nil] Extracted metadata or <i>nil</i> in case if
+      #   <i>size</i> is <b>0</b>.
+      def metadata(data, size)
+        return nil if !data || !size.positive?
+        data&.slice!(0..(size - 1))
+      end
+      # Find cryptor with a specified identifier.
+      #
+      # Data decryption can only be done with registered cryptors. An identifier
+      # in the cryptor data header is used to identify a suitable cryptor.
+      #
+      # @param identifier [String] A unicode cryptor identifier.
+      # @return [Cryptor, nil] Target cryptor or `nil` in case there is none
+      #   with the specified identifier.
+      def cryptor(identifier)
+        return default_cryptor if default_cryptor.identifier == identifier
+        additional_cryptors.fetch(identifier, nil)
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/crypto_provider.rb ADDED Viewed

@@ -0,0 +1,31 @@
+# frozen_string_literal: true
+module Pubnub
+  module Crypto
+    # Base class which is used to implement a module that can be used to
+    # configure <b>PubNub</b> client or for manual data encryption and
+    # decryption.
+    class CryptoProvider
+      # Encrypt provided data.
+      #
+      # @param data [String] Source data for encryption.
+      # @return [String, nil] Encrypted data or <i>nil</i> in case of encryption
+      #   error.
+      def encrypt(data)
+        raise NotImplementedError, 'Subclass should provide "encrypt" method implementation.'
+      end
+      # Decrypt provided data.
+      #
+      # @param data [String] Encrypted data for decryption.
+      # @return [String, nil] Decrypted data or <i>nil</i> in case of decryption
+      #   error.
+      #
+      # @raise [UnknownCryptorError] If the <i>cryptor</i> for data processing is
+      #   not registered.
+      def decrypt(data)
+        raise NotImplementedError, 'Subclass should provide "decrypt" method implementation.'
+      end
+    end
+  end
+end

data/lib/pubnub/modules/crypto/cryptor.rb ADDED Viewed

@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+module Pubnub
+  module Crypto
+    # Encrypted data representation object.
+    #
+    # Objects contain both encrypted data and additional data created by cryptor
+    # that will be required to decrypt the data.
+    class EncryptedData
+      # Cryptor may provide here any information which will be useful when data
+      # should be decrypted.
+      #
+      # For example <i>metadata</i> may contain:
+      # * initialization vector
+      # * cipher key identifier
+      # * encrypted <i>data</i> length
+      #
+      # @return [String, nil] Cryptor-defined information.
+      attr_reader :metadata
+      # Encrypted data.
+      #
+      # @return [String] Encrypted data.
+      attr_reader :data
+      # Create encrypted data object.
+      #
+      # An object used to keep track of the results of data encryption and the
+      # additional data the <i>cryptor</i> needs to handle it later.
+      #
+      # @param data [String] Outcome of successful cryptor <i>encrypt</i> method
+      #   call.
+      # @param  metadata [String, nil] Additional information is provided by
+      #   <i>cryptor</i> so that encrypted data can be handled later.
+      def initialize(data, metadata = nil)
+        @data = data
+        @metadata = metadata
+      end
+    end
+    # Base class which is used to implement cryptor that should be used with
+    # <i>CryptorProvider</i> implementation for data encryption and decryption.
+    class Cryptor
+      # Identifier will be encoded into cryptor data header and passed along
+      # with encrypted <i>data</i> and <i>metadata</i>.
+      #
+      # The identifier <b>must</b> be 4 bytes long.
+      #
+      # @return [String] Unique cryptor identifier.
+      def identifier
+        raise NotImplementedError, 'Subclass should provide "identifier" method implementation.'
+      end
+      # Encrypt provided data.
+      #
+      # @param data [String] Source data for encryption.
+      # @return [EncryptedData, nil] Encrypted data or <i>nil</i> in case of
+      #   encryption error.
+      def encrypt(data)
+        raise NotImplementedError, 'Subclass should provide "encrypt" method implementation.'
+      end
+      # Decrypt provided data.
+      #
+      # @param data [EncryptedData] Encrypted data for decryption.
+      # @return [String, nil] Decrypted data or <i>nil</i> in case of decryption
+      #   error.
+      def decrypt(data)
+        raise NotImplementedError, 'Subclass should provide "decrypt" method implementation.'
+      end
+    end
+  end
+end