secure_yaml 1.0.4 → 1.1.0

data/README.md

@@ -71,4 +71,17 @@ decrypted_yaml = SecureYaml::load(File.open('database.yml'))
 decrypted_yaml = SecureYaml::load(File.open('database.yml'), 'NEW_SECRET_KEY_PROPERTY_NAME')
 ```
 
+### Customising decryption
+
+The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
+However, if you wish to, you can specify your own custom decryption:
+
+```ruby
+require 'secure_yaml'
+
+decrypted_yaml = SecureYaml::load(File.open('database.yml')) do |secret_key, encrypted_data|
+  "decrypt data here from #{secret_key} and #{encrypted_data}"
+end
+```
+
 

data/lib/secure_yaml.rb

@@ -1,4 +1,5 @@
 require 'secure_yaml/loader'
+require 'secure_yaml/cipher'
 
 module SecureYaml
 
@@ -6,16 +7,34 @@ module SecureYaml
 
   DEFAULT_SECRET_KEY_PROP_NAME = 'PROPERTIES_ENCRYPTION_PASSWORD'
 
-  def self.load(yaml_file, secret_key_prop_name = DEFAULT_SECRET_KEY_PROP_NAME)
-    SecureYaml::Loader.new(secret_key(secret_key_prop_name)).load(yaml_file)
+  def self.load(yaml_file, secret_key_prop_name = DEFAULT_SECRET_KEY_PROP_NAME, &decryption_block)
+    decryption_algorithm = block_given? ? custom_decryption_algorithm(decryption_block) : Cipher.new
+
+    yaml_loader(decryption_algorithm, retrieve_secret_key(secret_key_prop_name)).load(yaml_file)
   end
 
   private
 
-  def self.secret_key(secret_key_prop_name)
+  def self.retrieve_secret_key(secret_key_prop_name)
     secret_key = ENV[secret_key_prop_name]
     raise "#{secret_key_prop_name} env property not found" if secret_key.nil?
     secret_key
   end
 
+  def self.custom_decryption_algorithm(decryption_block)
+    Class.new {
+      def initialize(decryption_block)
+        @decryption_block = decryption_block
+      end
+
+      def decrypt(secret_key, encrypted_data)
+        @decryption_block.call(secret_key, encrypted_data)
+      end
+    }.new(decryption_block)
+  end
+
+  def self.yaml_loader(decryption_algorithm, secret_key)
+    Loader.new(YamlDecrypter.new(decryption_algorithm, secret_key))
+  end
+
 end

data/lib/secure_yaml/cli/property_encryption_application.rb

@@ -11,7 +11,7 @@ module SecureYaml
       secret_key = command_line_args[0]
       plain_text = command_line_args[1]
 
-      puts "#{SecureYaml::ENCRYPTED_PROPERTY_WRAPPER_ID}(#{SecureYaml::Cipher.new.encrypt(secret_key, plain_text)})"
+      puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
     end
 
   end

data/lib/secure_yaml/loader.rb

@@ -4,12 +4,12 @@ module SecureYaml
 
   class Loader
 
-    def initialize(secret_key)
-      @decrypter = YamlDecrypter.new(secret_key)
+    def initialize(yaml_decrypter)
+      @yaml_decrypter = yaml_decrypter
     end
 
     def load(yaml_file)
-      @decrypter.decrypt(YAML::load(yaml_file))
+      @yaml_decrypter.decrypt(YAML::load(yaml_file))
     end
 
   end

data/lib/secure_yaml/version.rb

@@ -1,5 +1,5 @@
 module SecureYaml
 
-  VERSION = "1.0.4"
+  VERSION = "1.1.0"
 
 end

data/lib/secure_yaml/yaml_decrypter.rb

@@ -1,12 +1,11 @@
 require 'yaml'
-require 'secure_yaml/cipher'
 
 module SecureYaml
 
   class YamlDecrypter
 
-    def initialize(secret_key, cipher = Cipher.new)
-      @cipher = cipher
+    def initialize(decryption_algorithm, secret_key)
+      @decryption_algorithm = decryption_algorithm
       @secret_key = secret_key
     end
 
@@ -15,7 +14,7 @@ module SecureYaml
         when Hash
           yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
         when String
-          yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@cipher.decrypt(@secret_key, $1)}
+          yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@decryption_algorithm.decrypt(@secret_key, $1)}
         else
           yaml
       end

data/spec/secure_yaml/loader_spec.rb

@@ -6,14 +6,13 @@ describe 'Loader' do
     @encrypted_yaml = {:prop => 'encrypted'}
     @decrypted_yaml = {:prop => 'decrytped'}
     @decrypter = double(SecureYaml::YamlDecrypter)
-    SecureYaml::YamlDecrypter.stub(:new).and_return(@decrypter)
   end
 
   it 'should load decrypted yaml file' do
     YAML.stub(:load).and_return(@encrypted_yaml)
     @decrypter.stub(:decrypt).with(@encrypted_yaml).and_return(@decrypted_yaml)
 
-    yaml = SecureYaml::Loader.new('').load(double(File))
+    yaml = SecureYaml::Loader.new(@decrypter).load(double(File))
 
     yaml.should == @decrypted_yaml
   end

data/spec/secure_yaml/yaml_decrypter_spec.rb

@@ -5,7 +5,7 @@ describe 'Yaml decrypter' do
   before(:each) do
     @secret_key = 'abc12345678'
     @cipher = double(SecureYaml::Cipher)
-    @decrypter = SecureYaml::YamlDecrypter.new(@secret_key, @cipher)
+    @decrypter = SecureYaml::YamlDecrypter.new(@cipher, @secret_key)
     @decrypted_result = 'decrypted data'
     @plain_text = 'some plain text'
   end

data/spec/secure_yaml_spec.rb

@@ -7,7 +7,7 @@ describe 'SecureYaml' do
     @yaml = {:prop => 'test'}
     loader = double(SecureYaml::Loader)
     loader.stub(:load).and_return(@yaml)
-    SecureYaml::Loader.stub(:new).with(@secret_key).and_return(loader)
+    SecureYaml::Loader.stub(:new).and_return(loader)
   end
 
   it 'should load decrypted yaml file' do
@@ -34,4 +34,14 @@ describe 'SecureYaml' do
     yaml.should == @yaml
   end
 
+  it 'should allow use of custom decryption algorithm' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+
+    yaml = SecureYaml::load(double(File)) do |secret_key, encrypted_data|
+      "decrypt data here from #{secret_key} and #{encrypted_data}"
+    end
+
+    yaml.should == @yaml
+  end
+
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_yaml
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.1.0
   prerelease: 
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-07-20 00:00:00.000000000 Z
+date: 2012-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec