symmetric-encryption 4.0.0 → 4.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/Rakefile +2 -2
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption.rb +2 -2
- data/lib/symmetric_encryption/cipher.rb +15 -18
- data/lib/symmetric_encryption/cli.rb +30 -36
- data/lib/symmetric_encryption/coerce.rb +3 -4
- data/lib/symmetric_encryption/config.rb +30 -34
- data/lib/symmetric_encryption/encoder.rb +0 -1
- data/lib/symmetric_encryption/exception.rb +0 -2
- data/lib/symmetric_encryption/extensions/active_record/base.rb +5 -2
- data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +3 -5
- data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb +0 -2
- data/lib/symmetric_encryption/generator.rb +3 -3
- data/lib/symmetric_encryption/header.rb +9 -4
- data/lib/symmetric_encryption/key.rb +3 -4
- data/lib/symmetric_encryption/keystore.rb +9 -9
- data/lib/symmetric_encryption/keystore/environment.rb +6 -7
- data/lib/symmetric_encryption/keystore/file.rb +5 -6
- data/lib/symmetric_encryption/keystore/memory.rb +2 -2
- data/lib/symmetric_encryption/railtie.rb +4 -7
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +2 -1
- data/lib/symmetric_encryption/reader.rb +28 -39
- data/lib/symmetric_encryption/symmetric_encryption.rb +10 -8
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +5 -8
- data/lib/symmetric_encryption/version.rb +2 -2
- data/lib/symmetric_encryption/writer.rb +12 -17
- data/test/active_record_test.rb +237 -200
- data/test/cipher_test.rb +12 -6
- data/test/encoder_test.rb +1 -3
- data/test/header_test.rb +0 -4
- data/test/key_test.rb +0 -2
- data/test/keystore/environment_test.rb +10 -11
- data/test/keystore/file_test.rb +9 -10
- data/test/keystore_test.rb +2 -3
- data/test/mongoid_test.rb +37 -40
- data/test/reader_test.rb +24 -32
- data/test/symmetric_encryption_test.rb +17 -18
- data/test/test_db.sqlite3 +0 -0
- data/test/writer_test.rb +0 -1
- metadata +23 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a8b4f45cc7b6dca91b1eb5d8eb5df044485d0a484f93472ce38fee62559453e8
|
4
|
+
data.tar.gz: 973376b8363032b2a71aaf840a3012cf7485d7f6b16f2ea1ebf20f622eaf56f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ae3695e636ea98bcbfe489187e26244dee6116257afdf4383a234359c201974024d3180d1ea1851edbc1798343ce1ab862fea20691a01f8eb7993b58a7206921
|
7
|
+
data.tar.gz: cbe308f3287c77c32996551b8f4ace32fd803e123e32f906ed21d65bf6d3823b19ce5459623a445a4ffd4bb1b33a0377558ad6604e98d61ae17b206d4cef1892
|
data/Rakefile
CHANGED
@@ -9,7 +9,7 @@ task :gem do
|
|
9
9
|
system 'gem build symmetric-encryption.gemspec'
|
10
10
|
end
|
11
11
|
|
12
|
-
task :
|
12
|
+
task publish: :gem do
|
13
13
|
system "git tag -a v#{SymmetricEncryption::VERSION} -m 'Tagging #{SymmetricEncryption::VERSION}'"
|
14
14
|
system 'git push --tags'
|
15
15
|
system "gem push symmetric-encryption-#{SymmetricEncryption::VERSION}.gem"
|
@@ -23,7 +23,7 @@ Rake::TestTask.new(:test) do |t|
|
|
23
23
|
end
|
24
24
|
|
25
25
|
# By default run tests against all appraisals
|
26
|
-
if !ENV[
|
26
|
+
if !ENV['APPRAISAL_INITIALIZED'] && !ENV['TRAVIS']
|
27
27
|
require 'appraisal'
|
28
28
|
task default: :appraisal
|
29
29
|
else
|
data/bin/symmetric-encryption
CHANGED
data/lib/symmetric-encryption.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require 'symmetric_encryption'
|
1
|
+
require 'symmetric_encryption'
|
data/lib/symmetric_encryption.rb
CHANGED
@@ -8,7 +8,7 @@ require 'symmetric_encryption/cipher'
|
|
8
8
|
require 'symmetric_encryption/symmetric_encryption'
|
9
9
|
require 'symmetric_encryption/exception'
|
10
10
|
|
11
|
-
|
11
|
+
# @formatter:off
|
12
12
|
module SymmetricEncryption
|
13
13
|
autoload :Coerce, 'symmetric_encryption/coerce'
|
14
14
|
autoload :Config, 'symmetric_encryption/config'
|
@@ -26,7 +26,7 @@ module SymmetricEncryption
|
|
26
26
|
autoload :ReEncryptFiles, 'symmetric_encryption/utils/re_encrypt_files'
|
27
27
|
end
|
28
28
|
end
|
29
|
-
|
29
|
+
# @formatter:on
|
30
30
|
|
31
31
|
# Add support for other libraries only if they have already been loaded
|
32
32
|
require 'symmetric_encryption/railtie' if defined?(Rails)
|
@@ -13,10 +13,10 @@ module SymmetricEncryption
|
|
13
13
|
|
14
14
|
# Returns [Cipher] from a cipher config instance.
|
15
15
|
def self.from_config(cipher_name: 'aes-256-cbc',
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
16
|
+
version: 0,
|
17
|
+
always_add_header: true,
|
18
|
+
encoding: :base64strict,
|
19
|
+
**config)
|
20
20
|
|
21
21
|
Key.migrate_config!(config)
|
22
22
|
key = Key.from_config(cipher_name: cipher_name, **config)
|
@@ -84,7 +84,7 @@ module SymmetricEncryption
|
|
84
84
|
@version = version.to_i
|
85
85
|
@always_add_header = always_add_header
|
86
86
|
|
87
|
-
raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) ||
|
87
|
+
raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) || @version.negative?
|
88
88
|
end
|
89
89
|
|
90
90
|
# Change the encoding
|
@@ -136,7 +136,7 @@ module SymmetricEncryption
|
|
136
136
|
str = str.to_s
|
137
137
|
return str if str.empty?
|
138
138
|
encrypted = binary_encrypt(str, random_iv: random_iv, compress: compress, header: header)
|
139
|
-
|
139
|
+
encode(encrypted)
|
140
140
|
end
|
141
141
|
|
142
142
|
# Decode and Decrypt string
|
@@ -157,16 +157,14 @@ module SymmetricEncryption
|
|
157
157
|
# is thread-safe and can be called concurrently by multiple threads with
|
158
158
|
# the same instance of Cipher
|
159
159
|
def decrypt(str)
|
160
|
-
decoded =
|
160
|
+
decoded = decode(str)
|
161
161
|
return unless decoded
|
162
162
|
|
163
163
|
return decoded if decoded.empty?
|
164
164
|
decrypted = binary_decrypt(decoded)
|
165
165
|
|
166
166
|
# Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
|
167
|
-
unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
|
168
|
-
decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
169
|
-
end
|
167
|
+
decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
|
170
168
|
|
171
169
|
decrypted
|
172
170
|
end
|
@@ -249,7 +247,7 @@ module SymmetricEncryption
|
|
249
247
|
return string if string.empty?
|
250
248
|
|
251
249
|
# Header required when adding a random_iv or compressing
|
252
|
-
header = Header.new(version: version, compress: compress) if
|
250
|
+
header = Header.new(version: version, compress: compress) if header || random_iv || compress
|
253
251
|
|
254
252
|
# Creates a new OpenSSL::Cipher with every call so that this call is thread-safe.
|
255
253
|
openssl_cipher = ::OpenSSL::Cipher.new(cipher_name)
|
@@ -260,8 +258,8 @@ module SymmetricEncryption
|
|
260
258
|
if header
|
261
259
|
if random_iv
|
262
260
|
openssl_cipher.iv = header.iv = openssl_cipher.random_iv
|
263
|
-
elsif
|
264
|
-
openssl_cipher.iv =
|
261
|
+
elsif iv
|
262
|
+
openssl_cipher.iv = iv
|
265
263
|
end
|
266
264
|
header.to_s + openssl_cipher.update(compress ? Zlib::Deflate.deflate(string) : string)
|
267
265
|
else
|
@@ -307,12 +305,12 @@ module SymmetricEncryption
|
|
307
305
|
return str if str.empty?
|
308
306
|
|
309
307
|
offset = header.parse(str)
|
310
|
-
data = offset
|
308
|
+
data = offset.positive? ? str[offset..-1] : str
|
311
309
|
|
312
310
|
openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || cipher_name)
|
313
311
|
openssl_cipher.decrypt
|
314
312
|
openssl_cipher.key = header.key || @key
|
315
|
-
if iv =
|
313
|
+
if (iv = header.iv || @iv)
|
316
314
|
openssl_cipher.iv = iv
|
317
315
|
end
|
318
316
|
result = openssl_cipher.update(data)
|
@@ -322,12 +320,12 @@ module SymmetricEncryption
|
|
322
320
|
|
323
321
|
# Returns the magic header after applying the encoding in this cipher
|
324
322
|
def encoded_magic_header
|
325
|
-
@encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).
|
323
|
+
@encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).delete('=').strip
|
326
324
|
end
|
327
325
|
|
328
326
|
# Returns [String] object represented as a string, filtering out the key
|
329
327
|
def inspect
|
330
|
-
"#<#{self.class}:0x#{
|
328
|
+
"#<#{self.class}:0x#{__id__.to_s(16)} @key=\"[FILTERED]\" @iv=#{iv.inspect} @cipher_name=#{cipher_name.inspect}, @version=#{version.inspect}, @encoding=#{encoding.inspect}, @always_add_header=#{always_add_header.inspect}>"
|
331
329
|
end
|
332
330
|
|
333
331
|
# DEPRECATED
|
@@ -350,6 +348,5 @@ module SymmetricEncryption
|
|
350
348
|
private
|
351
349
|
|
352
350
|
attr_reader :key
|
353
|
-
|
354
351
|
end
|
355
352
|
end
|
@@ -8,7 +8,7 @@ module SymmetricEncryption
|
|
8
8
|
:environments, :cipher_name, :rolling_deploy, :rotate_keys, :rotate_kek, :prompt, :show_version,
|
9
9
|
:cleanup_keys, :activate_key, :migrate
|
10
10
|
|
11
|
-
KEYSTORES = [
|
11
|
+
KEYSTORES = %i[heroku environment file].freeze
|
12
12
|
|
13
13
|
def self.run!(argv)
|
14
14
|
new(argv).run!
|
@@ -16,7 +16,7 @@ module SymmetricEncryption
|
|
16
16
|
|
17
17
|
def initialize(argv)
|
18
18
|
@version = current_version
|
19
|
-
@environment = ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
19
|
+
@environment = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
20
20
|
@config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
|
21
21
|
@app_name = 'symmetric-encryption'
|
22
22
|
@key_path = '/etc/symmetric-encryption'
|
@@ -28,7 +28,7 @@ module SymmetricEncryption
|
|
28
28
|
|
29
29
|
if argv.empty?
|
30
30
|
puts parser
|
31
|
-
exit
|
31
|
+
exit(-10)
|
32
32
|
end
|
33
33
|
parser.parse!(argv)
|
34
34
|
end
|
@@ -71,17 +71,17 @@ module SymmetricEncryption
|
|
71
71
|
|
72
72
|
def parser
|
73
73
|
@parser ||= OptionParser.new do |opts|
|
74
|
-
opts.banner =
|
75
|
-
Symmetric Encryption v#{VERSION}
|
74
|
+
opts.banner = <<~BANNER
|
75
|
+
Symmetric Encryption v#{VERSION}
|
76
76
|
|
77
|
-
|
77
|
+
For more information, see: https://rocketjob.github.io/symmetric-encryption/
|
78
78
|
|
79
|
-
|
80
|
-
|
81
|
-
|
79
|
+
Note:
|
80
|
+
It is recommended to backup the current configuration file, or place it in version control before running
|
81
|
+
the configuration manipulation commands below.
|
82
82
|
|
83
|
-
symmetric-encryption [options]
|
84
|
-
BANNER
|
83
|
+
symmetric-encryption [options]
|
84
|
+
BANNER
|
85
85
|
|
86
86
|
opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
|
87
87
|
@encrypt = file_name || STDIN
|
@@ -103,7 +103,7 @@ BANNER
|
|
103
103
|
@compress = true
|
104
104
|
end
|
105
105
|
|
106
|
-
opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
106
|
+
opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
107
107
|
@environment = environment
|
108
108
|
end
|
109
109
|
|
@@ -116,7 +116,7 @@ BANNER
|
|
116
116
|
end
|
117
117
|
|
118
118
|
opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
|
119
|
-
@re_encrypt = pattern ||
|
119
|
+
@re_encrypt = pattern || '**/*.{yml,rb}'
|
120
120
|
end
|
121
121
|
|
122
122
|
opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
|
@@ -139,11 +139,11 @@ BANNER
|
|
139
139
|
@app_name = name
|
140
140
|
end
|
141
141
|
|
142
|
-
opts.on '-S', '--environments ENVIRONMENTS',
|
142
|
+
opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
|
143
143
|
@environments = environments.split(',').collect(&:strip).collect(&:to_sym)
|
144
144
|
end
|
145
145
|
|
146
|
-
opts.on '-C', '--cipher-name NAME',
|
146
|
+
opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
|
147
147
|
@cipher_name = name
|
148
148
|
end
|
149
149
|
|
@@ -167,7 +167,7 @@ BANNER
|
|
167
167
|
@cleanup_keys = true
|
168
168
|
end
|
169
169
|
|
170
|
-
opts.on '-V', '--key-version NUMBER',
|
170
|
+
opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
|
171
171
|
@version = number.to_i
|
172
172
|
end
|
173
173
|
|
@@ -185,7 +185,6 @@ BANNER
|
|
185
185
|
puts opts
|
186
186
|
exit
|
187
187
|
end
|
188
|
-
|
189
188
|
end
|
190
189
|
end
|
191
190
|
|
@@ -199,8 +198,8 @@ BANNER
|
|
199
198
|
|
200
199
|
def generate_new_config
|
201
200
|
config_file_does_not_exist!
|
202
|
-
self.environments ||= %i
|
203
|
-
cfg
|
201
|
+
self.environments ||= %i[development test release production]
|
202
|
+
cfg =
|
204
203
|
if keystore == :file
|
205
204
|
SymmetricEncryption::Keystore::File.new_config(
|
206
205
|
key_path: key_path,
|
@@ -208,7 +207,7 @@ BANNER
|
|
208
207
|
environments: environments,
|
209
208
|
cipher_name: cipher_name
|
210
209
|
)
|
211
|
-
elsif [
|
210
|
+
elsif %i[heroku environment].include?(keystore)
|
212
211
|
SymmetricEncryption::Keystore::Environment.new_config(
|
213
212
|
app_name: app_name,
|
214
213
|
environments: environments,
|
@@ -216,7 +215,7 @@ BANNER
|
|
216
215
|
)
|
217
216
|
else
|
218
217
|
puts "Invalid keystore option: #{keystore}, must be one of #{KEYSTORES.join(', ')}"
|
219
|
-
exit
|
218
|
+
exit(-3)
|
220
219
|
end
|
221
220
|
Config.write_file(config_file_path, cfg)
|
222
221
|
puts "New configuration file created at: #{config_file_path}"
|
@@ -246,11 +245,10 @@ BANNER
|
|
246
245
|
config = Config.read_file(config_file_path)
|
247
246
|
config.each_pair do |env, cfg|
|
248
247
|
next if environments && !environments.include?(env.to_sym)
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
end
|
248
|
+
next unless ciphers = cfg[:ciphers]
|
249
|
+
highest = ciphers.max_by { |i| i[:version] }
|
250
|
+
ciphers.clear
|
251
|
+
ciphers << highest
|
254
252
|
end
|
255
253
|
|
256
254
|
Config.write_file(config_file_path, config)
|
@@ -261,11 +259,10 @@ BANNER
|
|
261
259
|
config = Config.read_file(config_file_path)
|
262
260
|
config.each_pair do |env, cfg|
|
263
261
|
next if environments && !environments.include?(env.to_sym)
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
end
|
262
|
+
next unless ciphers = cfg[:ciphers]
|
263
|
+
highest = ciphers.max_by { |i| i[:version] }
|
264
|
+
ciphers.delete(highest)
|
265
|
+
ciphers.unshift(highest)
|
269
266
|
end
|
270
267
|
|
271
268
|
Config.write_file(config_file_path, config)
|
@@ -309,9 +306,7 @@ BANNER
|
|
309
306
|
value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
|
310
307
|
value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
|
311
308
|
|
312
|
-
if value1 != value2
|
313
|
-
puts('Values do not match, please try again')
|
314
|
-
end
|
309
|
+
puts('Values do not match, please try again') if value1 != value2
|
315
310
|
end
|
316
311
|
|
317
312
|
encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
|
@@ -336,8 +331,7 @@ BANNER
|
|
336
331
|
def config_file_does_not_exist!
|
337
332
|
return unless File.exist?(config_file_path)
|
338
333
|
puts "\nConfiguration file already exists, please move or rename: #{config_file_path}\n\n"
|
339
|
-
exit
|
334
|
+
exit(-1)
|
340
335
|
end
|
341
|
-
|
342
336
|
end
|
343
337
|
end
|
@@ -9,7 +9,7 @@ module SymmetricEncryption
|
|
9
9
|
datetime: DateTime,
|
10
10
|
time: Time,
|
11
11
|
date: Date
|
12
|
-
}
|
12
|
+
}.freeze
|
13
13
|
|
14
14
|
# Coerce given value into given type
|
15
15
|
# Does not coerce json or yaml values
|
@@ -42,7 +42,7 @@ module SymmetricEncryption
|
|
42
42
|
when :yaml
|
43
43
|
YAML.load(value)
|
44
44
|
else
|
45
|
-
|
45
|
+
coerce(value, type, String)
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
@@ -60,7 +60,7 @@ module SymmetricEncryption
|
|
60
60
|
when :yaml
|
61
61
|
value.to_yaml
|
62
62
|
else
|
63
|
-
|
63
|
+
coerce(value, :string, coercion_type(type, value))
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
@@ -72,6 +72,5 @@ module SymmetricEncryption
|
|
72
72
|
TYPE_MAP[symbol]
|
73
73
|
end
|
74
74
|
end
|
75
|
-
|
76
75
|
end
|
77
76
|
end
|
@@ -29,7 +29,7 @@ module SymmetricEncryption
|
|
29
29
|
def self.read_file(file_name)
|
30
30
|
config = YAML.load(ERB.new(File.new(file_name).read).result)
|
31
31
|
config = deep_symbolize_keys(config)
|
32
|
-
config.each_pair { |
|
32
|
+
config.each_pair { |_env, cfg| SymmetricEncryption::Config.send(:migrate_old_formats!, cfg) }
|
33
33
|
config
|
34
34
|
end
|
35
35
|
|
@@ -50,14 +50,12 @@ module SymmetricEncryption
|
|
50
50
|
#
|
51
51
|
# See: `.load!` for parameters.
|
52
52
|
def initialize(file_name: nil, env: nil)
|
53
|
-
|
54
|
-
env = defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
55
|
-
end
|
53
|
+
env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
56
54
|
|
57
55
|
unless file_name
|
58
56
|
root = defined?(Rails) ? Rails.root : '.'
|
59
57
|
file_name =
|
60
|
-
if env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG']
|
58
|
+
if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
|
61
59
|
File.expand_path(env_var)
|
62
60
|
else
|
63
61
|
File.join(root, 'config', 'symmetric-encryption.yml')
|
@@ -73,11 +71,12 @@ module SymmetricEncryption
|
|
73
71
|
def config
|
74
72
|
@config ||= begin
|
75
73
|
raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
self.class.
|
74
|
+
|
75
|
+
env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
|
76
|
+
raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
|
77
|
+
|
78
|
+
env_config = self.class.send(:deep_symbolize_keys, env_config)
|
79
|
+
self.class.send(:migrate_old_formats!, env_config)
|
81
80
|
end
|
82
81
|
end
|
83
82
|
|
@@ -86,49 +85,49 @@ module SymmetricEncryption
|
|
86
85
|
@ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(cipher_config) }
|
87
86
|
end
|
88
87
|
|
89
|
-
private
|
90
|
-
|
91
88
|
# Iterate through the Hash symbolizing all keys.
|
92
|
-
def self.deep_symbolize_keys(
|
93
|
-
case
|
89
|
+
def self.deep_symbolize_keys(object)
|
90
|
+
case object
|
94
91
|
when Hash
|
95
92
|
result = {}
|
96
|
-
|
93
|
+
object.each_pair do |key, value|
|
97
94
|
key = key.to_sym if key.is_a?(String)
|
98
95
|
result[key] = deep_symbolize_keys(value)
|
99
96
|
end
|
100
97
|
result
|
101
98
|
when Array
|
102
|
-
|
99
|
+
object.collect { |i| deep_symbolize_keys(i) }
|
103
100
|
else
|
104
|
-
|
101
|
+
object
|
105
102
|
end
|
106
103
|
end
|
104
|
+
private_class_method :deep_symbolize_keys
|
107
105
|
|
108
106
|
# Iterate through the Hash symbolizing all keys.
|
109
|
-
def self.deep_stringify_keys(
|
110
|
-
case
|
107
|
+
def self.deep_stringify_keys(object)
|
108
|
+
case object
|
111
109
|
when Hash
|
112
110
|
result = {}
|
113
|
-
|
111
|
+
object.each_pair do |key, value|
|
114
112
|
key = key.to_s if key.is_a?(Symbol)
|
115
113
|
result[key] = deep_stringify_keys(value)
|
116
114
|
end
|
117
115
|
result
|
118
116
|
when Array
|
119
|
-
|
117
|
+
object.collect { |i| deep_stringify_keys(i) }
|
120
118
|
else
|
121
|
-
|
119
|
+
object
|
122
120
|
end
|
123
121
|
end
|
122
|
+
private_class_method :deep_stringify_keys
|
124
123
|
|
125
124
|
# Migrate old configuration format for this environment
|
126
125
|
def self.migrate_old_formats!(config)
|
127
126
|
# Inline single cipher before :ciphers
|
128
|
-
unless config.
|
129
|
-
|
130
|
-
config.keys.each { |key|
|
131
|
-
config[:ciphers] = [
|
127
|
+
unless config.key?(:ciphers)
|
128
|
+
inline_cipher = {}
|
129
|
+
config.keys.each { |key| inline_cipher[key] = config.delete(key) }
|
130
|
+
config[:ciphers] = [inline_cipher]
|
132
131
|
end
|
133
132
|
|
134
133
|
# Copy Old :private_rsa_key into each ciphers config
|
@@ -140,26 +139,23 @@ module SymmetricEncryption
|
|
140
139
|
|
141
140
|
# Old :cipher_name
|
142
141
|
config[:ciphers].each do |cipher|
|
143
|
-
if old_key_name_cipher = cipher.delete(:cipher)
|
142
|
+
if (old_key_name_cipher = cipher.delete(:cipher))
|
144
143
|
cipher[:cipher_name] = old_key_name_cipher
|
145
144
|
end
|
146
145
|
|
147
146
|
# Only temporarily used during v4 Beta process
|
148
|
-
if cipher[:key_encrypting_key].is_a?(String)
|
149
|
-
cipher[:private_rsa_key] = cipher.delete(:key_encrypting_key)
|
150
|
-
end
|
147
|
+
cipher[:private_rsa_key] = cipher.delete(:key_encrypting_key) if cipher[:key_encrypting_key].is_a?(String)
|
151
148
|
|
152
149
|
# Check for a prior env var in encrypted key
|
153
150
|
# Example:
|
154
151
|
# encrypted_key: <%= ENV['VAR'] %>
|
155
|
-
if cipher.
|
152
|
+
if cipher.key?(:encrypted_key) && cipher[:encrypted_key].nil?
|
156
153
|
cipher[:key_env_var] = :placeholder
|
157
|
-
puts
|
154
|
+
puts 'WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var.'
|
158
155
|
end
|
159
|
-
|
160
156
|
end
|
161
157
|
config
|
162
158
|
end
|
163
|
-
|
159
|
+
private_class_method :migrate_old_formats!
|
164
160
|
end
|
165
161
|
end
|