RubyGems - secure_yaml - Versions diffs - 1.0.4 → 1.1.0 - Mend

secure_yaml 1.0.4 → 1.1.0

Files changed (10) hide show

data/README.md CHANGED

@@ -71,4 +71,17 @@ decrypted_yaml = SecureYaml::load(File.open('database.yml'))
 decrypted_yaml = SecureYaml::load(File.open('database.yml'), 'NEW_SECRET_KEY_PROPERTY_NAME')
 ```
+### Customising decryption
+The default decryption method applied by this library when loading a YAML file is [AES-256-CFB](http://en.wikipedia.org/wiki/Advanced_Encryption_Standard).
+However, if you wish to, you can specify your own custom decryption:
+```ruby
+require 'secure_yaml'
+decrypted_yaml = SecureYaml::load(File.open('database.yml')) do |secret_key, encrypted_data|
+  "decrypt data here from #{secret_key} and #{encrypted_data}"
+end
+```

data/lib/secure_yaml.rb CHANGED

@@ -1,4 +1,5 @@
 require 'secure_yaml/loader'
+require 'secure_yaml/cipher'
 module SecureYaml
@@ -6,16 +7,34 @@ module SecureYaml
   DEFAULT_SECRET_KEY_PROP_NAME = 'PROPERTIES_ENCRYPTION_PASSWORD'
-  def self.load(yaml_file, secret_key_prop_name = DEFAULT_SECRET_KEY_PROP_NAME)
-    SecureYaml::Loader.new(secret_key(secret_key_prop_name)).load(yaml_file)
+  def self.load(yaml_file, secret_key_prop_name = DEFAULT_SECRET_KEY_PROP_NAME, &decryption_block)
+    decryption_algorithm = block_given? ? custom_decryption_algorithm(decryption_block) : Cipher.new
+    yaml_loader(decryption_algorithm, retrieve_secret_key(secret_key_prop_name)).load(yaml_file)
   end
   private
-  def self.secret_key(secret_key_prop_name)
+  def self.retrieve_secret_key(secret_key_prop_name)
     secret_key = ENV[secret_key_prop_name]
     raise "#{secret_key_prop_name} env property not found" if secret_key.nil?
     secret_key
   end
+  def self.custom_decryption_algorithm(decryption_block)
+    Class.new {
+      def initialize(decryption_block)
+        @decryption_block = decryption_block
+      end
+      def decrypt(secret_key, encrypted_data)
+        @decryption_block.call(secret_key, encrypted_data)
+      end
+    }.new(decryption_block)
+  end
+  def self.yaml_loader(decryption_algorithm, secret_key)
+    Loader.new(YamlDecrypter.new(decryption_algorithm, secret_key))
+  end
 end

@@ -11,7 +11,7 @@ module SecureYaml
       secret_key = command_line_args[0]
       plain_text = command_line_args[1]
-      puts "#{SecureYaml::ENCRYPTED_PROPERTY_WRAPPER_ID}(#{SecureYaml::Cipher.new.encrypt(secret_key, plain_text)})"
+      puts "#{ENCRYPTED_PROPERTY_WRAPPER_ID}(#{Cipher.new.encrypt(secret_key, plain_text)})"
     end
   end

data/lib/secure_yaml/loader.rb CHANGED

@@ -4,12 +4,12 @@ module SecureYaml
   class Loader
-    def initialize(secret_key)
-      @decrypter = YamlDecrypter.new(secret_key)
+    def initialize(yaml_decrypter)
+      @yaml_decrypter = yaml_decrypter
     end
     def load(yaml_file)
-      @decrypter.decrypt(YAML::load(yaml_file))
+      @yaml_decrypter.decrypt(YAML::load(yaml_file))
     end
   end

@@ -1,5 +1,5 @@
 module SecureYaml
-  VERSION = "1.0.4"
+  VERSION = "1.1.0"
 end

@@ -1,12 +1,11 @@
 require 'yaml'
-require 'secure_yaml/cipher'
 module SecureYaml
   class YamlDecrypter
-    def initialize(secret_key, cipher = Cipher.new)
-      @cipher = cipher
+    def initialize(decryption_algorithm, secret_key)
+      @decryption_algorithm = decryption_algorithm
       @secret_key = secret_key
     end
@@ -15,7 +14,7 @@ module SecureYaml
         when Hash
           yaml.inject({}) {|new_hash, (key, value)| new_hash[key] = decrypt(value); new_hash}
         when String
-          yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@cipher.decrypt(@secret_key, $1)}
+          yaml.gsub(/^#{ENCRYPTED_PROPERTY_WRAPPER_ID}\((.*)\)$/) {@decryption_algorithm.decrypt(@secret_key, $1)}
         else
           yaml
       end

@@ -6,14 +6,13 @@ describe 'Loader' do
     @encrypted_yaml = {:prop => 'encrypted'}
     @decrypted_yaml = {:prop => 'decrytped'}
     @decrypter = double(SecureYaml::YamlDecrypter)
-    SecureYaml::YamlDecrypter.stub(:new).and_return(@decrypter)
   end
   it 'should load decrypted yaml file' do
     YAML.stub(:load).and_return(@encrypted_yaml)
     @decrypter.stub(:decrypt).with(@encrypted_yaml).and_return(@decrypted_yaml)
-    yaml = SecureYaml::Loader.new('').load(double(File))
+    yaml = SecureYaml::Loader.new(@decrypter).load(double(File))
     yaml.should == @decrypted_yaml
   end

@@ -5,7 +5,7 @@ describe 'Yaml decrypter' do
   before(:each) do
     @secret_key = 'abc12345678'
     @cipher = double(SecureYaml::Cipher)
-    @decrypter = SecureYaml::YamlDecrypter.new(@secret_key, @cipher)
+    @decrypter = SecureYaml::YamlDecrypter.new(@cipher, @secret_key)
     @decrypted_result = 'decrypted data'
     @plain_text = 'some plain text'
   end

data/spec/secure_yaml_spec.rb CHANGED

@@ -7,7 +7,7 @@ describe 'SecureYaml' do
     @yaml = {:prop => 'test'}
     loader = double(SecureYaml::Loader)
     loader.stub(:load).and_return(@yaml)
-    SecureYaml::Loader.stub(:new).with(@secret_key).and_return(loader)
+    SecureYaml::Loader.stub(:new).and_return(loader)
   end
   it 'should load decrypted yaml file' do
@@ -34,4 +34,14 @@ describe 'SecureYaml' do
     yaml.should == @yaml
   end
+  it 'should allow use of custom decryption algorithm' do
+    ENV[SecureYaml::DEFAULT_SECRET_KEY_PROP_NAME] = @secret_key
+    yaml = SecureYaml::load(double(File)) do |secret_key, encrypted_data|
+      "decrypt data here from #{secret_key} and #{encrypted_data}"
+    end
+    yaml.should == @yaml
+  end
 end

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: secure_yaml
 version: !ruby/object:Gem::Version
-  version: 1.0.4
+  version: 1.1.0
   prerelease:
 platform: ruby
 authors:
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-07-20 00:00:00.000000000 Z
+date: 2012-08-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec