ripple-encryption 0.0.3 → 0.0.4

data/.gitignore

@@ -0,0 +1,3 @@
+.DS_Store
+*.swp
+coverage

data/Gemfile

@@ -1,13 +1,12 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in ripple-contrib.gemspec
 gemspec
 
 gem 'riak-client', '~> 1.1.1'
 gem 'ripple', :git => 'git://github.com/basho/ripple.git', :ref => '913806aa2942db5a3b61d1432d2c9be200338f50'
 
 group :development, :test do
-  gem 'linecache19', :git => 'git://github.com/mark-moseley/linecache'
-  gem 'ruby-debug-base19x', '~> 0.11.30.pre4'
-  gem "ruby-debug19", "0.11.6"
+  gem 'ruby-prof'
+  gem 'simplecov'
+  gem 'debugger'
 end

data/Gemfile.lock

@@ -9,17 +9,11 @@ GIT
       riak-client (~> 1.1.0)
       tzinfo
 
-GIT
-  remote: git://github.com/mark-moseley/linecache
-  revision: 869c6a65155068415925067e480741bd0a71527e
-  specs:
-    linecache19 (0.5.12)
-      ruby_core_source (>= 0.1.4)
-
 PATH
   remote: .
   specs:
-    ripple-encryption (0.0.3)
+    ripple-encryption (0.0.4)
+      rake
       riak-client
       ripple
 
@@ -32,49 +26,43 @@ GEM
     activesupport (3.2.12)
       i18n (~> 0.6)
       multi_json (~> 1.0)
-    archive-tar-minitar (0.5.2)
     beefcake (0.3.7)
     builder (3.0.4)
     columnize (0.3.6)
+    debugger (1.6.0)
+      columnize (>= 0.3.1)
+      debugger-linecache (~> 1.2.0)
+      debugger-ruby_core_source (~> 1.2.1)
+    debugger-linecache (1.2.0)
+    debugger-ruby_core_source (1.2.2)
     i18n (0.6.4)
     innertube (1.0.2)
     mini_shoulda (0.5.0)
       minitest (> 2.1.0)
     minitest (3.3.0)
     multi_json (1.6.1)
-    rake (0.9.2.2)
+    rake (10.0.3)
     riak-client (1.1.1)
       beefcake (~> 0.3.7)
       builder (>= 2.1.2)
       i18n (>= 0.4.0)
       innertube (~> 1.0.2)
       multi_json (~> 1.0)
-    ruby-debug-base19 (0.11.25)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby_core_source (>= 0.1.4)
-    ruby-debug-base19x (0.11.30.pre10)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      rake (>= 0.8.1)
-      ruby_core_source (>= 0.1.4)
-    ruby-debug19 (0.11.6)
-      columnize (>= 0.3.1)
-      linecache19 (>= 0.5.11)
-      ruby-debug-base19 (>= 0.11.19)
-    ruby_core_source (0.1.5)
-      archive-tar-minitar (>= 0.5.2)
+    ruby-prof (0.12.1)
+    simplecov (0.7.1)
+      multi_json (~> 1.0)
+      simplecov-html (~> 0.7.1)
+    simplecov-html (0.7.1)
     tzinfo (0.3.35)
 
 PLATFORMS
   ruby
 
 DEPENDENCIES
-  linecache19!
+  debugger
   mini_shoulda
-  rake
   riak-client (~> 1.1.1)
   ripple!
   ripple-encryption!
-  ruby-debug-base19x (~> 0.11.30.pre4)
-  ruby-debug19 (= 0.11.6)
+  ruby-prof
+  simplecov

data/README.md

@@ -1,7 +1,6 @@
 # Ripple::Encryption
 
-The ripple-encryption gem provides encryption and decryption for Ripple documents.
-[riak-ruby](https://github.com/basho/riak-ruby-client) [ripple](https://github.com/basho/ripple)
+The ripple-encryption gem provides encryption and decryption for Ripple documents.  This gem's primary dependencies are [riak-ruby](https://github.com/basho/riak-ruby-client) and [ripple](https://github.com/basho/ripple).
 
 
 ## Installation
@@ -29,7 +28,8 @@ which makes the actual calls to OpenSSL.
 
 JsonDocument stores the encrypted data wrapped in JSON encapsulation so
 that you can still introspect the Riak object and see which version of
-this gem was used to encrypt it.
+this gem was used to encrypt it.  As of version 0.0.4, this is now the only
+supported serialization format for JSON data.
 
 There is also a Rake file to convert between encrypted and decrypted
 JSON objects.
@@ -58,6 +58,21 @@ Adjust the 'test/fixtures/ripple.yml' to point to a test riak database.
 
     bundle exec rake
 
+## Compatibility Matrix
+
+This gem stores serialized encryption objects into Riak.  The serialization
+format is versioned; and where possible incrementally transitioned from one
+version to another.  Currently; only the ```JsonSerializer``` supports this
+type of incremental transition with the support matrix below.
+
+| version  | First | Last    |
+| -------- | ----- | ------- |
+| v1       | 0.0.1 | 0.0.3   |
+| v2       | 0.0.2 | current |
+
+The ```BinarySerializer``` does not support incremental format transition but
+does make the version and iv available for external code to support this.
+
 ## Contributing
 
 1. Fork it

data/lib/ripple-encryption.rb

@@ -8,3 +8,4 @@ end
 
 # Include all of the support files.
 FileList[File.expand_path(File.join('..','ripple-encryption','*.rb'),__FILE__)].each{|f| require f}
+FileList[File.expand_path(File.join('..','ripple-encryption/types','*.rb'),__FILE__)].each{|f| require f}

data/lib/ripple-encryption/activation.rb

@@ -8,68 +8,71 @@ module Ripple
     # serialized form before it is stored in Riak.  You must register
     # a serializer that will perform the encryption.
     # @see Serializer
-      extend ActiveSupport::Concern
+    extend ActiveSupport::Concern
 
-      @@is_activated = false
+    @@is_activated = false
 
-      included do
-        @@encrypted_content_type = self.encrypted_content_type = 'application/x-json-encrypted'
-      end
+    included do
+      # This sets the default encrypted serializer to JSON
+      # (ActiveSupport friendly at the cost of more bytes)
+      @@encrypted_content_type = self.encrypted_content_type = Ripple::Encryption::JsonSerializer::REGISTER_KEY
+    end
 
-      module ClassMethods
-        # @return [String] the content type to be used to indicate the
-        #     proper encryption scheme. Defaults to 'application/x-json-encrypted'
-        attr_accessor :encrypted_content_type
-      end
+    module ClassMethods
+      # @return [String] the content type to be used to indicate the
+      #     proper encryption scheme. Defaults to 'application/x-json-encrypted'
+      attr_accessor :encrypted_content_type
+    end
 
-      # Overrides the internal method to set the content-type to be
-      # encrypted.
-      def update_robject
-        super
-        if @@is_activated
-          robject.content_type = @@encrypted_content_type
-        end
-      end
+    # Overrides the internal method to set the content-type to be
+    # encrypted using the default encrypted serializer.
+    def update_robject
+      super
+      robject.content_type = @@encrypted_content_type if Ripple::Encryption.activated?
+    end
 
-      def self.activate(path)
-        encryptor = nil
-        unless Riak::Serializers['application/x-json-encrypted']
-          begin
-            config = YAML.load_file(path)[ENV['RACK_ENV']]
-            encryptor = Ripple::Encryption::Serializer.new(OpenSSL::Cipher.new(config['cipher']), 'application/x-json-encrypted', path)
-          rescue Exception => e
-            handle_invalid_encryption_config(e.message, e.backtrace)
-          end
-          encryptor.key = config['key'] if config['key']
-          encryptor.iv = config['iv'] if config['iv']
-          Riak::Serializers['application/x-json-encrypted'] = encryptor
-          @@is_activated = true
-        end
-        encryptor
+    def self.activate(path)
+      primary_encryptor = nil
+      [Ripple::Encryption::JsonSerializer, Ripple::Encryption::BinarySerializer].each do |serializer|
+        encryptor = self.load_serializer(serializer, path)
+        primary_encryptor if serializer == Ripple::Encryption::JsonSerializer
       end
+      primary_encryptor
+    end
+
+    def self.activated?
+      @@is_activated
+    end
+
+    private
 
-      def self.activated
-        @@is_activated
+    def self.load_serializer(serializer_class, path)
+      begin
+        config = YAML.load_file(path)[ENV['RACK_ENV']]
+        encryptor = serializer_class.new(OpenSSL::Cipher.new(config['cipher']), path)
+      rescue Exception => e
+        handle_invalid_encryption_config(e)
+      ensure
+        @@is_activated = false
       end
+      encryptor.key = config['key'] if config['key']
+      encryptor.iv = config['iv'] if config['iv']
+      Riak::Serializers[serializer_class::REGISTER_KEY] = encryptor
+      @@is_activated = true
+      encryptor
+    end
 
   end
 end
 
-def handle_invalid_encryption_config(msg, trace)
-  puts <<eos
+def handle_invalid_encryption_config(exception)
+  raise Ripple::Encryption::ConfigError, <<eos
 
     The file "config/encryption.yml" is missing or incorrect. You will
     need to create this file and populate it with a valid cipher,
     initialization vector and secret key.
 
     An example is provided in "config/encryption.yml.example".
-eos
-
-  puts "Error Message: " + msg
-  puts "Error Trace:"
-  trace.each do |line|
-    puts line
-  end
 
-  exit 1
+eos
 end

data/lib/ripple-encryption/config.rb

@@ -2,9 +2,6 @@ require 'openssl'
 
 module Ripple
   module Encryption
-    # Generic error class for Config
-    class ConfigError < StandardError; end
-
     # Handles the configuration information for the Encryptor.
     #
     # Example usage:
@@ -24,8 +21,8 @@ module Ripple
       end
 
       # Return either the default initialization vector, or create a new one.
-      def activate
-        @config['iv'] ||= OpenSSL::Random.random_bytes(16)
+      def generate_new_iv
+        @config['iv'] = OpenSSL::Random.random_bytes(16)
       end
 
       def validate_path(path)

data/lib/ripple-encryption/encryptor.rb

@@ -1,8 +1,5 @@
 module Ripple
   module Encryption
-    # Generic error class for Encryptor
-    class EncryptorConfigError < StandardError; end
-
     # Implements a simple object that can either encrypt or decrypt arbitrary data.
     #
     # Example usage:

data/lib/ripple-encryption/errors.rb

@@ -0,0 +1,12 @@
+module Ripple
+  module Encryption
+  	# reserved for general config lookup errors
+  	class ConfigError < StandardError; end
+
+  	# reserved for specific encryptor (openssl) config related errors
+  	class EncryptorConfigError < StandardError; end
+
+  	# reserved for issues decrypting & deserializing JSON
+  	class EncryptedJsonDocumentError < StandardError; end
+  end
+end

data/lib/ripple-encryption/types/binary_document.rb

@@ -0,0 +1,25 @@
+module Ripple
+  module Encryption
+    # Implements an encapsulation in BINARY for encrypted Ripple documents.
+    #
+    # Example usage:
+    #     Ripple::Encryption::BinaryDocument.new(config, @document).encrypt
+    class BinaryDocument
+      # Creates an object that is prepared to encrypt its contents.
+      # @param [String] data object to store
+      def initialize(config, data)
+        config.generate_new_iv
+        @config = config
+        @data = data
+        @encryptor = Ripple::Encryption::Encryptor.new @config.to_h
+      end
+
+      # Converts the data into the encrypted format
+      def encrypt
+        @config.generate_new_iv
+        encrypted_data = @encryptor.encrypt @data
+        {:version => Ripple::Encryption::VERSION, :iv => Base64.encode64(@config.to_h['iv']), :data => encrypted_data}
+      end
+    end
+  end
+end

data/lib/ripple-encryption/types/binary_serializer.rb

@@ -0,0 +1,61 @@
+module Ripple
+  module Encryption
+    # Implements the {Riak::Serializer} API for the purpose of
+    # encrypting/decrypting Ripple documents as raw binary.
+    #
+    # Example usage:
+    #     path = File.join(ROOT_DIR,'config','encryption.yml')
+    #     
+    #     ::Riak::Serializers['application/x-binary-encrypted'] = Ripple::Encryption::BinarySerializer.new
+    #     (
+    #       OpenSSL::Cipher.new(config['cipher']), path
+    #     )
+    #
+    #     class MyDocument
+    #       include Ripple::Document
+    #       include Ripple::Encryption
+    #     end
+    #
+    # @see Encryption
+    class BinarySerializer
+      REGISTER_KEY = 'application/x-binary-encrypted'
+
+      # @return [OpenSSL::Cipher, OpenSSL::PKey::*] the cipher used to encrypt the object
+      attr_accessor :cipher
+
+      # Cipher-specific settings
+      # @see OpenSSL::Cipher
+      attr_accessor :key, :iv, :key_length, :padding
+
+      # Creates a serializer using the provided cipher and internal
+      # content type. Be sure to set the {#key}, {#iv}, {#key_length},
+      # {#padding} as appropriate for the cipher before attempting
+      # (de-)serialization.
+      # @param [OpenSSL::Cipher] cipher the desired
+      #     encryption/decryption algorithm
+      # @param [String] path the File location of 'encryption.yml'
+      #     private key file
+      def initialize(cipher, path)
+        @cipher, @content_type = cipher, REGISTER_KEY
+        @config = Ripple::Encryption::Config.new(path)
+      end
+
+      # Serializes and encrypts the Ruby object using the assigned
+      # cipher and Content-Type.
+      # @param [Object] object the Ruby object to serialize/encrypt
+      # @return [String] the serialized, encrypted form of the object
+      def dump(object)
+        BinaryDocument.new(@config, object).encrypt
+      end
+
+      # Decrypts and deserializes the blob using the assigned cipher
+      # and Content-Type.
+      # @param [String] blob the original content from Riak
+      # @return [Object] the decrypted and deserialized object
+      def load(object)
+        # this serializer now only supports the v2 (0.0.2 - 0.0.4) format
+        return EncryptedBinaryDocument.new(@config, object).decrypt
+      end
+    end
+  end
+end

data/lib/ripple-encryption/types/encrypted_binary_document.rb

@@ -0,0 +1,26 @@
+module Ripple
+  module Encryption
+    # Interprets a encapsulation in BINARY for encrypted Ripple documents.
+    #
+    # Example usage:
+    #     Ripple::Encryption::EncryptedBinaryDocument.new(@document).encrypt
+    class EncryptedBinaryDocument
+      # Creates an object that is prepared to decrypt its contents.
+      # @param [Hash] data that was stored in Riak, has keys (:version, :iv, :data)
+      def initialize(config, data)
+        @config = config.to_h.clone
+        @data = data
+        raise(EncryptedJsonDocumentError, "Missing 'iv' for decryption") unless @data[:iv]
+        iv = Base64.decode64 @data[:iv]
+        @config.merge!('iv' => iv)
+
+        @decryptor = Ripple::Encryption::Encryptor.new @config
+      end
+
+      # Returns the original data from the stored encrypted format
+      def decrypt
+        @decryptor.decrypt @data[:data]
+      end
+    end
+  end
+end

data/lib/ripple-encryption/{encrypted_json_document.rb → types/encrypted_json_document.rb}

@@ -1,12 +1,9 @@
 module Ripple
   module Encryption
-    # Generic error class for Encryptor
-    class EncryptedJsonDocumentError < StandardError; end
-
     # Interprets a encapsulation in JSON for encrypted Ripple documents.
     #
     # Example usage:
-    #     Ripple::Encryption::JsonDocument.new(@document).encrypt
+    #     Ripple::Encryption::EncryptedJsonDocument.new(@document).encrypt
     class EncryptedJsonDocument
       # Creates an object that is prepared to decrypt its contents.
       # @param [String] data json string that was stored in Riak

data/lib/ripple-encryption/{json_document.rb → types/json_document.rb}

@@ -3,21 +3,22 @@ module Ripple
     # Implements an encapsulation in JSON for encrypted Ripple documents.
     #
     # Example usage:
-    #     Ripple::Encryption::JsonDocument.new(@document).encrypt
+    #     Ripple::Encryption::JsonDocument.new(config, @document).encrypt
     class JsonDocument
       # Creates an object that is prepared to encrypt its contents.
       # @param [String] data object to store
       def initialize(config, data)
-        config.activate
-        @config = config.to_h
+        config.generate_new_iv
+        @config = config
         @data = JSON.dump(data)
-        @encryptor = Ripple::Encryption::Encryptor.new @config
+        @encryptor = Ripple::Encryption::Encryptor.new @config.to_h
       end
 
       # Converts the data into the encrypted format
       def encrypt
+        @config.generate_new_iv
         encrypted_data = @encryptor.encrypt @data
-        JSON.dump({:version => Ripple::Encryption::VERSION, :iv => Base64.encode64(@config['iv']), :data => Base64.encode64(encrypted_data)})
+        JSON.dump({:version => Ripple::Encryption::VERSION, :iv => Base64.encode64(@config.to_h['iv']), :data => Base64.encode64(encrypted_data)})
       end
     end
   end

data/lib/ripple-encryption/types/json_serializer.rb

@@ -0,0 +1,65 @@
+module Ripple
+  module Encryption
+    # Implements the {Riak::Serializer} API for the purpose of
+    # encrypting/decrypting Ripple documents as JSON.
+    #
+    # Example usage:
+    #     path = File.join(ROOT_DIR,'config','encryption.yml')
+    #     
+    #     ::Riak::Serializers['application/x-json-encrypted'] = Ripple::Encryption::JsonSerializer.new
+    #     (
+    #       OpenSSL::Cipher.new(config['cipher']), path
+    #     )
+    #
+    #     class MyDocument
+    #       include Ripple::Document
+    #       include Ripple::Encryption
+    #     end
+    #
+    # @see Encryption
+    class JsonSerializer
+      REGISTER_KEY = 'application/x-json-encrypted'
+
+      # @return [String] The Content-Type of the internal format,
+      #      generally "application/json"
+      attr_accessor :content_type
+
+      # @return [OpenSSL::Cipher, OpenSSL::PKey::*] the cipher used to encrypt the object
+      attr_accessor :cipher
+
+      # Cipher-specific settings
+      # @see OpenSSL::Cipher
+      attr_accessor :key, :iv, :key_length, :padding
+
+      # Creates a serializer using the provided cipher and internal
+      # content type. Be sure to set the {#key}, {#iv}, {#key_length},
+      # {#padding} as appropriate for the cipher before attempting
+      # (de-)serialization.
+      # @param [OpenSSL::Cipher] cipher the desired
+      #     encryption/decryption algorithm
+      # @param [String] path the File location of 'encryption.yml'
+      #     private key file
+      def initialize(cipher, path)
+        @cipher, @content_type = cipher, REGISTER_KEY
+        @config = Ripple::Encryption::Config.new(path)
+      end
+
+      # Serializes and encrypts the Ruby object using the assigned
+      # cipher and Content-Type.
+      # @param [Object] object the Ruby object to serialize/encrypt
+      # @return [String] the serialized, encrypted form of the object
+      def dump(object)
+        JsonDocument.new(@config, object).encrypt
+      end
+
+      # Decrypts and deserializes the blob using the assigned cipher
+      # and Content-Type.
+      # @param [String] blob the original content from Riak
+      # @return [Object] the decrypted and deserialized object
+      def load(object)
+        # this serializer now only supports the v2 (0.0.2 - 0.0.4) format
+        return EncryptedJsonDocument.new(@config, object).decrypt
+      end
+    end
+  end
+end

data/lib/ripple-encryption/version.rb

@@ -1,5 +1,5 @@
 module Ripple
   module Encryption
-    VERSION = "0.0.3"
+    VERSION = "0.0.4"
   end
 end

data/ripple-encryption.gemspec

@@ -17,8 +17,11 @@ Gem::Specification.new do |gem|
 
   gem.add_dependency 'riak-client'
   gem.add_dependency 'ripple'
+  gem.add_dependency 'rake'
 
   # Test Dependencies
-  gem.add_development_dependency 'rake'
+  gem.add_development_dependency 'simplecov'
   gem.add_development_dependency 'mini_shoulda'
+  gem.add_development_dependency 'ruby-prof'
+  gem.add_development_dependency 'debugger'
 end

data/test/helper.rb

@@ -1,6 +1,15 @@
 $LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..'))
 $LOAD_PATH.unshift(File.dirname(__FILE__))
 
+require 'rake'
+
+require 'simplecov'
+SimpleCov.start do
+  project_name "Basho - Ripple Encryption"
+
+  add_filter "/test/"
+end
+
 require 'minitest/autorun'
 require 'mini_shoulda'
 

data/test/test_binary_document.rb

@@ -0,0 +1,53 @@
+require 'helper'
+
+class TestJsonDocument < MiniTest::Spec
+  context "Ripple::Encryption::BinaryDocument" do
+    setup do
+      # # get some encryption going
+      @config = Ripple::Encryption::Config.new ENV['ENCRYPTION']
+      encryptor = Ripple::Encryption::Encryptor.new @config.to_h
+
+      # this is the data package that we want
+      @document = "some data goes here"
+
+      # this is how we want that data package to actually be stored
+      encrypted_value = encryptor.encrypt @document
+      @encrypted_document = {:version => Ripple::Encryption::VERSION, :iv => Base64.encode64(@config.to_h['iv']), :data => encrypted_value}
+    end
+
+    should "convert a document to our desired BINARY format" do
+      decrypted_document = Ripple::Encryption::EncryptedBinaryDocument.new(@config, @encrypted_document).decrypt
+      assert_equal @document, decrypted_document, 'Decrypted BINARY document does not match original'
+    end
+  end
+
+  context "Ripple::Encryption::BinaryDocument with no initialization vector" do
+    setup do
+      # this is the data package that we want
+      @document = "some data goes here"
+
+      # rig a BinaryDocument without an iv
+      @config        = Ripple::Encryption::Config.new File.expand_path(File.join('..','fixtures','encryption_no_iv.yml'),__FILE__)
+      @binary_document = Ripple::Encryption::BinaryDocument.new(@config, @document)
+    end
+
+    should "convert a document to our desired BINARY format and back again" do
+      encrypted_document = @binary_document.encrypt
+      assert_equal @document, Ripple::Encryption::EncryptedBinaryDocument.new(@config, encrypted_document).decrypt, 'Did not get the BINARY format expected.'
+    end
+  end
+
+  context "Ripple::Encryption::BinarySerializer" do
+    setup do
+      # this is not the default serializer; so we must test independently
+      @document = "a binary file of sorts"
+      @serializer = Riak::Serializers[Ripple::Encryption::BinarySerializer::REGISTER_KEY]
+    end
+
+    should 'dump & load' do
+      encrypted_document = @serializer.dump @document
+      result = @serializer.load encrypted_document
+      assert_equal @document, result
+    end
+  end
+end

data/test/test_encryptor.rb

@@ -1,6 +1,21 @@
 require 'helper'
 
 class TestEncryptor < MiniTest::Spec
+  context "Ripple::Encryption Activate" do
+    should "raise error if acivate using bad config path" do
+      begin
+        assert_raises Ripple::Encryption::ConfigError do                                                                                                                                          
+          Riak::Serializers['application/x-json-encrypted'] = nil
+          Ripple::Encryption.activate 'bad_path'
+        end
+      ensure
+        assert_equal false, Ripple::Encryption.activated?
+        Ripple::Encryption.activate ENV['ENCRYPTION']
+        assert_equal true, Ripple::Encryption.activated?
+      end
+    end
+  end
+
   context "Ripple::Encryption::Encryptor" do
     setup do
       config     = Ripple::Encryption::Config.new ENV['ENCRYPTION']

data/test/test_json_document.rb

@@ -16,11 +16,17 @@ class TestJsonDocument < MiniTest::Spec
     end
 
     should "convert a document to our desired JSON format" do
-      assert_equal @encrypted_document, Ripple::Encryption::JsonDocument.new(@config, @document).encrypt, 'Did not get the JSON format expected.'
-    end
+      another_encrypted_document = Ripple::Encryption::JsonDocument.new(@config, @document).encrypt
+
+      assert another_encrypted_document != @encrypted_document, "Documents have same cipher text, iv may not be unique"
+
+      assert (JSON.parse another_encrypted_document).has_key?('version'), 'Did not have a version attribute'
+      assert (JSON.parse another_encrypted_document).has_key?('iv'), 'Did not have a iv attribute'
+      assert (JSON.parse another_encrypted_document).has_key?('data'), 'Did not have a data attribute'
+
+      decrypted_document = Ripple::Encryption::EncryptedJsonDocument.new(@config, @encrypted_document).decrypt
 
-    should "interpret our JSON format into a document" do
-      assert_equal @document, Ripple::Encryption::EncryptedJsonDocument.new(@config, @encrypted_document).decrypt, 'Did not get the JSON format expected.'
+      assert_equal @document, decrypted_document, 'Decrypted JSON document does not match original'
     end
   end
 

data/test/test_ripple.rb

@@ -14,14 +14,12 @@ class TestRipple < MiniTest::Spec
       assert_equal 'here is some new data', read_doc.message
     end
 
-    should "write the ripple document raw confirmation" do
+    should "write the current version of Ripple::Encrpytion" do
       document = TestDocument.new
       document.message = 'here is some new data'
       document.save
-      expected_data = 'VpQTfX23xKdMK4Kprp/xgwDh4UFFSYC8q4OeOhK2zPn0l5huFO+vsoBrq8pT\nd5Z3EdgPx3k8VpL0QNH1FM6m4g==\n'
-      expected_doc_data = "{\"version\":\"#{Ripple::Encryption::VERSION}\",\"iv\":\"ABYLnUHWE/fIwE2gKYC6hg==\\n\",\"data\":\"#{expected_data}\"}"
       raw_data = `curl -s http://#{Ripple.config[:host]}:#{Ripple.config[:http_port]}/buckets/#{TestDocument.bucket_name}/keys/#{document.key}`
-      assert_equal expected_doc_data, raw_data
+      assert_equal Ripple::Encryption::VERSION, (JSON.parse raw_data)['version']
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ripple-encryption
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.4
   prerelease: 
 platform: ruby
 authors:
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-03-03 00:00:00.000000000 Z
+date: 2013-07-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: riak-client
@@ -46,6 +46,22 @@ dependencies:
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
   requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
@@ -76,6 +92,38 @@ dependencies:
     - - ! '>='
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: ruby-prof
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: debugger
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Easily encrypt data at rest with minimal changes to existing ripple models.
 email:
 - rsecrist@basho.com
@@ -84,6 +132,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- .gitignore
 - Gemfile
 - Gemfile.lock
 - LICENSE
@@ -95,10 +144,14 @@ files:
 - lib/ripple-encryption.rb
 - lib/ripple-encryption/activation.rb
 - lib/ripple-encryption/config.rb
-- lib/ripple-encryption/encrypted_json_document.rb
 - lib/ripple-encryption/encryptor.rb
-- lib/ripple-encryption/json_document.rb
-- lib/ripple-encryption/serializer.rb
+- lib/ripple-encryption/errors.rb
+- lib/ripple-encryption/types/binary_document.rb
+- lib/ripple-encryption/types/binary_serializer.rb
+- lib/ripple-encryption/types/encrypted_binary_document.rb
+- lib/ripple-encryption/types/encrypted_json_document.rb
+- lib/ripple-encryption/types/json_document.rb
+- lib/ripple-encryption/types/json_serializer.rb
 - lib/ripple-encryption/version.rb
 - ripple-encryption.gemspec
 - test/fixtures/encryption.yml
@@ -110,6 +163,7 @@ files:
 - test/fixtures/test_document/v1_doc.riak
 - test/fixtures/test_document/v2_doc.riak
 - test/helper.rb
+- test/test_binary_document.rb
 - test/test_config.rb
 - test/test_encryptor.rb
 - test/test_json_document.rb
@@ -149,6 +203,7 @@ test_files:
 - test/fixtures/test_document/v1_doc.riak
 - test/fixtures/test_document/v2_doc.riak
 - test/helper.rb
+- test/test_binary_document.rb
 - test/test_config.rb
 - test/test_encryptor.rb
 - test/test_json_document.rb

data/lib/ripple-encryption/serializer.rb

@@ -1,117 +0,0 @@
-module Ripple
-  module Encryption
-    # Implements the {Riak::Serializer} API for the purpose of
-    # encrypting/decrypting Ripple documents.
-    #
-    # Example usage:
-    #     ::Riak::Serializers['application/x-json-encrypted'] = EncryptedSerializer.new(OpenSSL::Cipher.new("AES-256"))
-    #     class MyDocument
-    #       include Ripple::Document
-    #       include Riak::Encryption
-    #     end
-    #
-    # @see Encryption
-    class Serializer
-      # @return [String] The Content-Type of the internal format,
-      #      generally "application/json"
-      attr_accessor :content_type
-
-      # @return [OpenSSL::Cipher, OpenSSL::PKey::*] the cipher used to encrypt the object
-      attr_accessor :cipher
-
-      # Cipher-specific settings
-      # @see OpenSSL::Cipher
-      attr_accessor :key, :iv, :key_length, :padding
-
-      # Serialization Options
-      # @return [true, false] Is the encrypted text also base64 encoded?
-      attr_accessor :base64
-
-      # Creates a serializer using the provided cipher and internal
-      # content type. Be sure to set the {#key}, {#iv}, {#key_length},
-      # {#padding} as appropriate for the cipher before attempting
-      # (de-)serialization.
-      # @param [OpenSSL::Cipher] cipher the desired
-      #     encryption/decryption algorithm
-      # @param [String] content_type the Content-Type of the
-      #     unencrypted contents
-      def initialize(cipher, content_type='application/json', path)
-        @cipher, @content_type = cipher, content_type
-        @config = Ripple::Encryption::Config.new(path)
-      end
-
-      # Serializes and encrypts the Ruby object using the assigned
-      # cipher and Content-Type.
-      # @param [Object] object the Ruby object to serialize/encrypt
-      # @return [String] the serialized, encrypted form of the object
-      def dump(object)
-        JsonDocument.new(@config, object).encrypt
-      end
-
-      # Decrypts and deserializes the blob using the assigned cipher
-      # and Content-Type.
-      # @param [String] blob the original content from Riak
-      # @return [Object] the decrypted and deserialized object
-      def load(object)
-        # try the v1 way first
-        begin
-          internal = decrypt(object)
-          return ::Riak::Serializers.deserialize('application/json', internal)
-        # if that doesn't work, try the v2 way
-        rescue OpenSSL::Cipher::CipherError, MultiJson::DecodeError
-          return EncryptedJsonDocument.new(@config, object).decrypt
-        end
-      end
-
-      private
-
-      # generates a new iv each call unless a static (less secure)
-      # iv is used.
-      def encrypt(object)
-        old_version = '0.0.1'
-        result = ''
-        if cipher.respond_to?(:iv=) and @iv == nil
-          iv = OpenSSL::Random.random_bytes(cipher.iv_len)
-          cipher.iv = iv
-          result << old_version << iv
-        end
-
-        if cipher.respond_to?(:public_encrypt)
-          result << cipher.public_encrypt(object)
-        else
-          cipher_setup :encrypt
-          result << cipher.update(object) << cipher.final
-          cipher.reset
-        end
-        return result
-      end
-
-      def decrypt(cipher_text)
-        old_version = '0.0.1'
-
-        if cipher.respond_to?(:iv=) and @iv == nil
-          version = cipher_text.slice(0, old_version.length)
-          cipher.iv = cipher_text.slice(old_version.length, cipher.iv_len)
-          cipher_text = cipher_text.slice(old_version.length + cipher.iv_len, cipher_text.length)
-        end
-
-        if cipher.respond_to?(:private_decrypt)
-          cipher.private_decrypt(cipher_text)
-        else
-          cipher_setup :decrypt
-          result = cipher.update(cipher_text) << cipher.final
-          cipher.reset
-          result
-        end
-      end
-
-      def cipher_setup(mode)
-        cipher.send mode
-        cipher.key        = key        if key
-        cipher.iv         = iv         if iv
-        cipher.key_length = key_length if key_length
-        cipher.padding    = padding    if padding
-      end
-    end
-  end
-end