relishable 0.41 → 0.42
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Gemfile.lock +1 -4
- data/lib/relish/encryption_helper.rb +6 -43
- data/lib/relish/version.rb +1 -1
- metadata +3 -17
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: a7ece5b74f66230cf5ef4fd68c652dbeebf3bc894d09bf004765945d733b3f27
|
|
4
|
+
data.tar.gz: a3028612eac4152e34c1b994a3e77d135c275e85fb046125d59f789a0a582fa5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ec1455df37960ac4291fd79d9a7f2aedd9e8f9f5cb12678fb59482a2428b5816fbd8eaa4b679b4ed43811418a63d20434631458957a52e806e6320c3e7297144
|
|
7
|
+
data.tar.gz: 110ec2a41c0341a95ed4e61cebb8f3e31f0c984fd40c0bff35b0a8f6b5041d7a4fa18ca94bc04540d59edda35ad67bf185cf54b11b1ea2acbe5c0c46a377ba64
|
data/Gemfile.lock
CHANGED
|
@@ -1,10 +1,9 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
relishable (0.
|
|
4
|
+
relishable (0.42)
|
|
5
5
|
fernet (~> 2.3)
|
|
6
6
|
fog-aws (~> 0.8.0)
|
|
7
|
-
legacy-fernet (~> 1.6.3)
|
|
8
7
|
net-ssh (~> 3.0.2)
|
|
9
8
|
|
|
10
9
|
GEM
|
|
@@ -37,8 +36,6 @@ GEM
|
|
|
37
36
|
nokogiri (>= 1.5.11, < 2.0.0)
|
|
38
37
|
formatador (0.2.5)
|
|
39
38
|
ipaddress (0.8.3)
|
|
40
|
-
legacy-fernet (1.6.4)
|
|
41
|
-
multi_json (~> 1.0)
|
|
42
39
|
method_source (0.9.1)
|
|
43
40
|
mini_portile2 (2.3.0)
|
|
44
41
|
multi_json (1.13.1)
|
|
@@ -1,5 +1,4 @@
|
|
|
1
1
|
require "relish/release"
|
|
2
|
-
require "fernet/legacy"
|
|
3
2
|
require "fernet"
|
|
4
3
|
require "openssl"
|
|
5
4
|
|
|
@@ -8,27 +7,19 @@ class RelishDecryptionFailed < RuntimeError; end
|
|
|
8
7
|
class Relish
|
|
9
8
|
class EncryptionHelper
|
|
10
9
|
|
|
11
|
-
LEGACY_MATCHER = /.+?\|.+?\|.+?/.freeze
|
|
12
|
-
|
|
13
10
|
def initialize(static_secret, secrets)
|
|
14
11
|
@static_secret = static_secret
|
|
15
12
|
@secrets = secrets
|
|
16
13
|
end
|
|
17
14
|
|
|
18
|
-
def encrypt(
|
|
19
|
-
|
|
20
|
-
end
|
|
21
|
-
|
|
22
|
-
def legacy_encrypt(key, value)
|
|
23
|
-
Fernet::Legacy.generate(hmac_secrets.first) do |gen|
|
|
24
|
-
gen.data = { key => value }
|
|
25
|
-
end
|
|
15
|
+
def encrypt(value)
|
|
16
|
+
Fernet.generate(hmac_secrets.first[0, 32], value)
|
|
26
17
|
end
|
|
27
18
|
|
|
28
|
-
def decrypt(
|
|
19
|
+
def decrypt(token)
|
|
29
20
|
plain = nil
|
|
30
21
|
hmac_secrets.each do |secret|
|
|
31
|
-
plain = decrypt_with_secret(secret, token
|
|
22
|
+
plain = decrypt_with_secret(secret, token)
|
|
32
23
|
break if plain
|
|
33
24
|
end
|
|
34
25
|
raise RelishDecryptionFailed unless plain
|
|
@@ -43,46 +34,18 @@ class Relish
|
|
|
43
34
|
|
|
44
35
|
protected
|
|
45
36
|
|
|
46
|
-
def current_encrypt(value)
|
|
47
|
-
Fernet.generate(hmac_secrets.first[0, 32], value)
|
|
48
|
-
end
|
|
49
|
-
|
|
50
|
-
def legacy?(token)
|
|
51
|
-
!!(token =~ LEGACY_MATCHER)
|
|
52
|
-
end
|
|
53
|
-
|
|
54
37
|
def hmac_secrets
|
|
55
38
|
@hmac_secrets ||= @secrets.map do |secret|
|
|
56
39
|
OpenSSL::HMAC.hexdigest('sha256', @static_secret, secret)
|
|
57
40
|
end
|
|
58
41
|
end
|
|
59
42
|
|
|
60
|
-
def
|
|
61
|
-
verifier = Fernet::Legacy.verifier(secret, token)
|
|
62
|
-
verifier.enforce_ttl = false
|
|
63
|
-
verifier.verify_token(token)
|
|
64
|
-
return nil unless verifier.valid?
|
|
65
|
-
verifier.data[key]
|
|
66
|
-
rescue OpenSSL::Cipher::CipherError
|
|
67
|
-
# Certain combinations of keys and encrypted data cause decryption with an
|
|
68
|
-
# incorrect key to succeed (no CipherError) but produce garbage data which
|
|
69
|
-
# cannot be decoded into JSON, and thus fail with a ParseError instead.
|
|
70
|
-
rescue MultiJson::ParseError
|
|
71
|
-
end
|
|
72
|
-
|
|
73
|
-
def current_decrypt(secret, token)
|
|
43
|
+
def decrypt_with_secret(secret, token)
|
|
74
44
|
verifier = Fernet.verifier(secret[0, 32], token)
|
|
75
45
|
verifier.enforce_ttl = false
|
|
76
46
|
return nil unless verifier.valid?
|
|
77
|
-
verifier.message
|
|
78
|
-
end
|
|
79
47
|
|
|
80
|
-
|
|
81
|
-
if legacy?(token)
|
|
82
|
-
legacy_decrypt(secret, token, key)
|
|
83
|
-
else
|
|
84
|
-
current_decrypt(secret, token)
|
|
85
|
-
end
|
|
48
|
+
verifier.message
|
|
86
49
|
end
|
|
87
50
|
end
|
|
88
51
|
end
|
data/lib/relish/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: relishable
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: '0.
|
|
4
|
+
version: '0.42'
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mark Fine
|
|
@@ -11,7 +11,7 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date:
|
|
14
|
+
date: 2019-01-04 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
17
|
name: fog-aws
|
|
@@ -27,20 +27,6 @@ dependencies:
|
|
|
27
27
|
- - "~>"
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
29
|
version: 0.8.0
|
|
30
|
-
- !ruby/object:Gem::Dependency
|
|
31
|
-
name: legacy-fernet
|
|
32
|
-
requirement: !ruby/object:Gem::Requirement
|
|
33
|
-
requirements:
|
|
34
|
-
- - "~>"
|
|
35
|
-
- !ruby/object:Gem::Version
|
|
36
|
-
version: 1.6.3
|
|
37
|
-
type: :runtime
|
|
38
|
-
prerelease: false
|
|
39
|
-
version_requirements: !ruby/object:Gem::Requirement
|
|
40
|
-
requirements:
|
|
41
|
-
- - "~>"
|
|
42
|
-
- !ruby/object:Gem::Version
|
|
43
|
-
version: 1.6.3
|
|
44
30
|
- !ruby/object:Gem::Dependency
|
|
45
31
|
name: fernet
|
|
46
32
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -176,7 +162,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
176
162
|
version: '0'
|
|
177
163
|
requirements: []
|
|
178
164
|
rubyforge_project:
|
|
179
|
-
rubygems_version: 2.
|
|
165
|
+
rubygems_version: 2.7.6
|
|
180
166
|
signing_key:
|
|
181
167
|
specification_version: 4
|
|
182
168
|
summary: releases
|