symmetric-encryption 4.0.0 → 4.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/Rakefile +2 -2
- data/bin/symmetric-encryption +1 -1
- data/lib/symmetric-encryption.rb +1 -1
- data/lib/symmetric_encryption.rb +2 -2
- data/lib/symmetric_encryption/cipher.rb +15 -18
- data/lib/symmetric_encryption/cli.rb +30 -36
- data/lib/symmetric_encryption/coerce.rb +3 -4
- data/lib/symmetric_encryption/config.rb +30 -34
- data/lib/symmetric_encryption/encoder.rb +0 -1
- data/lib/symmetric_encryption/exception.rb +0 -2
- data/lib/symmetric_encryption/extensions/active_record/base.rb +5 -2
- data/lib/symmetric_encryption/extensions/mongo_mapper/plugins/encrypted_key.rb +3 -5
- data/lib/symmetric_encryption/extensions/mongoid/encrypted.rb +0 -2
- data/lib/symmetric_encryption/generator.rb +3 -3
- data/lib/symmetric_encryption/header.rb +9 -4
- data/lib/symmetric_encryption/key.rb +3 -4
- data/lib/symmetric_encryption/keystore.rb +9 -9
- data/lib/symmetric_encryption/keystore/environment.rb +6 -7
- data/lib/symmetric_encryption/keystore/file.rb +5 -6
- data/lib/symmetric_encryption/keystore/memory.rb +2 -2
- data/lib/symmetric_encryption/railtie.rb +4 -7
- data/lib/symmetric_encryption/railties/symmetric_encryption_validator.rb +2 -1
- data/lib/symmetric_encryption/reader.rb +28 -39
- data/lib/symmetric_encryption/symmetric_encryption.rb +10 -8
- data/lib/symmetric_encryption/utils/re_encrypt_files.rb +5 -8
- data/lib/symmetric_encryption/version.rb +2 -2
- data/lib/symmetric_encryption/writer.rb +12 -17
- data/test/active_record_test.rb +237 -200
- data/test/cipher_test.rb +12 -6
- data/test/encoder_test.rb +1 -3
- data/test/header_test.rb +0 -4
- data/test/key_test.rb +0 -2
- data/test/keystore/environment_test.rb +10 -11
- data/test/keystore/file_test.rb +9 -10
- data/test/keystore_test.rb +2 -3
- data/test/mongoid_test.rb +37 -40
- data/test/reader_test.rb +24 -32
- data/test/symmetric_encryption_test.rb +17 -18
- data/test/test_db.sqlite3 +0 -0
- data/test/writer_test.rb +0 -1
- metadata +23 -23
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: a8b4f45cc7b6dca91b1eb5d8eb5df044485d0a484f93472ce38fee62559453e8
|
4
|
+
data.tar.gz: 973376b8363032b2a71aaf840a3012cf7485d7f6b16f2ea1ebf20f622eaf56f0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ae3695e636ea98bcbfe489187e26244dee6116257afdf4383a234359c201974024d3180d1ea1851edbc1798343ce1ab862fea20691a01f8eb7993b58a7206921
|
7
|
+
data.tar.gz: cbe308f3287c77c32996551b8f4ace32fd803e123e32f906ed21d65bf6d3823b19ce5459623a445a4ffd4bb1b33a0377558ad6604e98d61ae17b206d4cef1892
|
data/Rakefile
CHANGED
@@ -9,7 +9,7 @@ task :gem do
|
|
9
9
|
system 'gem build symmetric-encryption.gemspec'
|
10
10
|
end
|
11
11
|
|
12
|
-
task :
|
12
|
+
task publish: :gem do
|
13
13
|
system "git tag -a v#{SymmetricEncryption::VERSION} -m 'Tagging #{SymmetricEncryption::VERSION}'"
|
14
14
|
system 'git push --tags'
|
15
15
|
system "gem push symmetric-encryption-#{SymmetricEncryption::VERSION}.gem"
|
@@ -23,7 +23,7 @@ Rake::TestTask.new(:test) do |t|
|
|
23
23
|
end
|
24
24
|
|
25
25
|
# By default run tests against all appraisals
|
26
|
-
if !ENV[
|
26
|
+
if !ENV['APPRAISAL_INITIALIZED'] && !ENV['TRAVIS']
|
27
27
|
require 'appraisal'
|
28
28
|
task default: :appraisal
|
29
29
|
else
|
data/bin/symmetric-encryption
CHANGED
data/lib/symmetric-encryption.rb
CHANGED
@@ -1 +1 @@
|
|
1
|
-
require 'symmetric_encryption'
|
1
|
+
require 'symmetric_encryption'
|
data/lib/symmetric_encryption.rb
CHANGED
@@ -8,7 +8,7 @@ require 'symmetric_encryption/cipher'
|
|
8
8
|
require 'symmetric_encryption/symmetric_encryption'
|
9
9
|
require 'symmetric_encryption/exception'
|
10
10
|
|
11
|
-
|
11
|
+
# @formatter:off
|
12
12
|
module SymmetricEncryption
|
13
13
|
autoload :Coerce, 'symmetric_encryption/coerce'
|
14
14
|
autoload :Config, 'symmetric_encryption/config'
|
@@ -26,7 +26,7 @@ module SymmetricEncryption
|
|
26
26
|
autoload :ReEncryptFiles, 'symmetric_encryption/utils/re_encrypt_files'
|
27
27
|
end
|
28
28
|
end
|
29
|
-
|
29
|
+
# @formatter:on
|
30
30
|
|
31
31
|
# Add support for other libraries only if they have already been loaded
|
32
32
|
require 'symmetric_encryption/railtie' if defined?(Rails)
|
@@ -13,10 +13,10 @@ module SymmetricEncryption
|
|
13
13
|
|
14
14
|
# Returns [Cipher] from a cipher config instance.
|
15
15
|
def self.from_config(cipher_name: 'aes-256-cbc',
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
16
|
+
version: 0,
|
17
|
+
always_add_header: true,
|
18
|
+
encoding: :base64strict,
|
19
|
+
**config)
|
20
20
|
|
21
21
|
Key.migrate_config!(config)
|
22
22
|
key = Key.from_config(cipher_name: cipher_name, **config)
|
@@ -84,7 +84,7 @@ module SymmetricEncryption
|
|
84
84
|
@version = version.to_i
|
85
85
|
@always_add_header = always_add_header
|
86
86
|
|
87
|
-
raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) ||
|
87
|
+
raise(ArgumentError, "Cipher version has a valid range of 0 to 255. #{@version} is too high, or negative") if (@version > 255) || @version.negative?
|
88
88
|
end
|
89
89
|
|
90
90
|
# Change the encoding
|
@@ -136,7 +136,7 @@ module SymmetricEncryption
|
|
136
136
|
str = str.to_s
|
137
137
|
return str if str.empty?
|
138
138
|
encrypted = binary_encrypt(str, random_iv: random_iv, compress: compress, header: header)
|
139
|
-
|
139
|
+
encode(encrypted)
|
140
140
|
end
|
141
141
|
|
142
142
|
# Decode and Decrypt string
|
@@ -157,16 +157,14 @@ module SymmetricEncryption
|
|
157
157
|
# is thread-safe and can be called concurrently by multiple threads with
|
158
158
|
# the same instance of Cipher
|
159
159
|
def decrypt(str)
|
160
|
-
decoded =
|
160
|
+
decoded = decode(str)
|
161
161
|
return unless decoded
|
162
162
|
|
163
163
|
return decoded if decoded.empty?
|
164
164
|
decrypted = binary_decrypt(decoded)
|
165
165
|
|
166
166
|
# Try to force result to UTF-8 encoding, but if it is not valid, force it back to Binary
|
167
|
-
unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
|
168
|
-
decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING)
|
169
|
-
end
|
167
|
+
decrypted.force_encoding(SymmetricEncryption::BINARY_ENCODING) unless decrypted.force_encoding(SymmetricEncryption::UTF8_ENCODING).valid_encoding?
|
170
168
|
|
171
169
|
decrypted
|
172
170
|
end
|
@@ -249,7 +247,7 @@ module SymmetricEncryption
|
|
249
247
|
return string if string.empty?
|
250
248
|
|
251
249
|
# Header required when adding a random_iv or compressing
|
252
|
-
header = Header.new(version: version, compress: compress) if
|
250
|
+
header = Header.new(version: version, compress: compress) if header || random_iv || compress
|
253
251
|
|
254
252
|
# Creates a new OpenSSL::Cipher with every call so that this call is thread-safe.
|
255
253
|
openssl_cipher = ::OpenSSL::Cipher.new(cipher_name)
|
@@ -260,8 +258,8 @@ module SymmetricEncryption
|
|
260
258
|
if header
|
261
259
|
if random_iv
|
262
260
|
openssl_cipher.iv = header.iv = openssl_cipher.random_iv
|
263
|
-
elsif
|
264
|
-
openssl_cipher.iv =
|
261
|
+
elsif iv
|
262
|
+
openssl_cipher.iv = iv
|
265
263
|
end
|
266
264
|
header.to_s + openssl_cipher.update(compress ? Zlib::Deflate.deflate(string) : string)
|
267
265
|
else
|
@@ -307,12 +305,12 @@ module SymmetricEncryption
|
|
307
305
|
return str if str.empty?
|
308
306
|
|
309
307
|
offset = header.parse(str)
|
310
|
-
data = offset
|
308
|
+
data = offset.positive? ? str[offset..-1] : str
|
311
309
|
|
312
310
|
openssl_cipher = ::OpenSSL::Cipher.new(header.cipher_name || cipher_name)
|
313
311
|
openssl_cipher.decrypt
|
314
312
|
openssl_cipher.key = header.key || @key
|
315
|
-
if iv =
|
313
|
+
if (iv = header.iv || @iv)
|
316
314
|
openssl_cipher.iv = iv
|
317
315
|
end
|
318
316
|
result = openssl_cipher.update(data)
|
@@ -322,12 +320,12 @@ module SymmetricEncryption
|
|
322
320
|
|
323
321
|
# Returns the magic header after applying the encoding in this cipher
|
324
322
|
def encoded_magic_header
|
325
|
-
@encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).
|
323
|
+
@encoded_magic_header ||= encoder.encode(SymmetricEncryption::Header::MAGIC_HEADER).delete('=').strip
|
326
324
|
end
|
327
325
|
|
328
326
|
# Returns [String] object represented as a string, filtering out the key
|
329
327
|
def inspect
|
330
|
-
"#<#{self.class}:0x#{
|
328
|
+
"#<#{self.class}:0x#{__id__.to_s(16)} @key=\"[FILTERED]\" @iv=#{iv.inspect} @cipher_name=#{cipher_name.inspect}, @version=#{version.inspect}, @encoding=#{encoding.inspect}, @always_add_header=#{always_add_header.inspect}>"
|
331
329
|
end
|
332
330
|
|
333
331
|
# DEPRECATED
|
@@ -350,6 +348,5 @@ module SymmetricEncryption
|
|
350
348
|
private
|
351
349
|
|
352
350
|
attr_reader :key
|
353
|
-
|
354
351
|
end
|
355
352
|
end
|
@@ -8,7 +8,7 @@ module SymmetricEncryption
|
|
8
8
|
:environments, :cipher_name, :rolling_deploy, :rotate_keys, :rotate_kek, :prompt, :show_version,
|
9
9
|
:cleanup_keys, :activate_key, :migrate
|
10
10
|
|
11
|
-
KEYSTORES = [
|
11
|
+
KEYSTORES = %i[heroku environment file].freeze
|
12
12
|
|
13
13
|
def self.run!(argv)
|
14
14
|
new(argv).run!
|
@@ -16,7 +16,7 @@ module SymmetricEncryption
|
|
16
16
|
|
17
17
|
def initialize(argv)
|
18
18
|
@version = current_version
|
19
|
-
@environment = ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
19
|
+
@environment = ENV['SYMMETRIC_ENCRYPTION_ENV'] || ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
20
20
|
@config_file_path = File.expand_path(ENV['SYMMETRIC_ENCRYPTION_CONFIG'] || 'config/symmetric-encryption.yml')
|
21
21
|
@app_name = 'symmetric-encryption'
|
22
22
|
@key_path = '/etc/symmetric-encryption'
|
@@ -28,7 +28,7 @@ module SymmetricEncryption
|
|
28
28
|
|
29
29
|
if argv.empty?
|
30
30
|
puts parser
|
31
|
-
exit
|
31
|
+
exit(-10)
|
32
32
|
end
|
33
33
|
parser.parse!(argv)
|
34
34
|
end
|
@@ -71,17 +71,17 @@ module SymmetricEncryption
|
|
71
71
|
|
72
72
|
def parser
|
73
73
|
@parser ||= OptionParser.new do |opts|
|
74
|
-
opts.banner =
|
75
|
-
Symmetric Encryption v#{VERSION}
|
74
|
+
opts.banner = <<~BANNER
|
75
|
+
Symmetric Encryption v#{VERSION}
|
76
76
|
|
77
|
-
|
77
|
+
For more information, see: https://rocketjob.github.io/symmetric-encryption/
|
78
78
|
|
79
|
-
|
80
|
-
|
81
|
-
|
79
|
+
Note:
|
80
|
+
It is recommended to backup the current configuration file, or place it in version control before running
|
81
|
+
the configuration manipulation commands below.
|
82
82
|
|
83
|
-
symmetric-encryption [options]
|
84
|
-
BANNER
|
83
|
+
symmetric-encryption [options]
|
84
|
+
BANNER
|
85
85
|
|
86
86
|
opts.on '-e', '--encrypt [FILE_NAME]', 'Encrypt a file, or read from stdin if no file name is supplied.' do |file_name|
|
87
87
|
@encrypt = file_name || STDIN
|
@@ -103,7 +103,7 @@ BANNER
|
|
103
103
|
@compress = true
|
104
104
|
end
|
105
105
|
|
106
|
-
opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
106
|
+
opts.on '-E', '--env ENVIRONMENT', "Environment to use in the config file. Default: SYMMETRIC_ENCRYPTION_ENV || RACK_ENV || RAILS_ENV || 'development'" do |environment|
|
107
107
|
@environment = environment
|
108
108
|
end
|
109
109
|
|
@@ -116,7 +116,7 @@ BANNER
|
|
116
116
|
end
|
117
117
|
|
118
118
|
opts.on '-r', '--re-encrypt [PATTERN]', 'ReEncrypt all files matching the pattern. Default: "**/*.{yml,rb}"' do |pattern|
|
119
|
-
@re_encrypt = pattern ||
|
119
|
+
@re_encrypt = pattern || '**/*.{yml,rb}'
|
120
120
|
end
|
121
121
|
|
122
122
|
opts.on '-n', '--new-password [SIZE]', 'Generate a new random password using only characters that are URL-safe base64. Default size is 22.' do |size|
|
@@ -139,11 +139,11 @@ BANNER
|
|
139
139
|
@app_name = name
|
140
140
|
end
|
141
141
|
|
142
|
-
opts.on '-S', '--environments ENVIRONMENTS',
|
142
|
+
opts.on '-S', '--environments ENVIRONMENTS', 'Comma separated list of environments for which to generate the config file. Default: development,test,release,production' do |environments|
|
143
143
|
@environments = environments.split(',').collect(&:strip).collect(&:to_sym)
|
144
144
|
end
|
145
145
|
|
146
|
-
opts.on '-C', '--cipher-name NAME',
|
146
|
+
opts.on '-C', '--cipher-name NAME', 'Name of the cipher to use when generating a new config file, or when rotating keys. Default: aes-256-cbc' do |name|
|
147
147
|
@cipher_name = name
|
148
148
|
end
|
149
149
|
|
@@ -167,7 +167,7 @@ BANNER
|
|
167
167
|
@cleanup_keys = true
|
168
168
|
end
|
169
169
|
|
170
|
-
opts.on '-V', '--key-version NUMBER',
|
170
|
+
opts.on '-V', '--key-version NUMBER', 'Encryption key version to use when encrypting or re-encrypting. Default: (Current global version).' do |number|
|
171
171
|
@version = number.to_i
|
172
172
|
end
|
173
173
|
|
@@ -185,7 +185,6 @@ BANNER
|
|
185
185
|
puts opts
|
186
186
|
exit
|
187
187
|
end
|
188
|
-
|
189
188
|
end
|
190
189
|
end
|
191
190
|
|
@@ -199,8 +198,8 @@ BANNER
|
|
199
198
|
|
200
199
|
def generate_new_config
|
201
200
|
config_file_does_not_exist!
|
202
|
-
self.environments ||= %i
|
203
|
-
cfg
|
201
|
+
self.environments ||= %i[development test release production]
|
202
|
+
cfg =
|
204
203
|
if keystore == :file
|
205
204
|
SymmetricEncryption::Keystore::File.new_config(
|
206
205
|
key_path: key_path,
|
@@ -208,7 +207,7 @@ BANNER
|
|
208
207
|
environments: environments,
|
209
208
|
cipher_name: cipher_name
|
210
209
|
)
|
211
|
-
elsif [
|
210
|
+
elsif %i[heroku environment].include?(keystore)
|
212
211
|
SymmetricEncryption::Keystore::Environment.new_config(
|
213
212
|
app_name: app_name,
|
214
213
|
environments: environments,
|
@@ -216,7 +215,7 @@ BANNER
|
|
216
215
|
)
|
217
216
|
else
|
218
217
|
puts "Invalid keystore option: #{keystore}, must be one of #{KEYSTORES.join(', ')}"
|
219
|
-
exit
|
218
|
+
exit(-3)
|
220
219
|
end
|
221
220
|
Config.write_file(config_file_path, cfg)
|
222
221
|
puts "New configuration file created at: #{config_file_path}"
|
@@ -246,11 +245,10 @@ BANNER
|
|
246
245
|
config = Config.read_file(config_file_path)
|
247
246
|
config.each_pair do |env, cfg|
|
248
247
|
next if environments && !environments.include?(env.to_sym)
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
end
|
248
|
+
next unless ciphers = cfg[:ciphers]
|
249
|
+
highest = ciphers.max_by { |i| i[:version] }
|
250
|
+
ciphers.clear
|
251
|
+
ciphers << highest
|
254
252
|
end
|
255
253
|
|
256
254
|
Config.write_file(config_file_path, config)
|
@@ -261,11 +259,10 @@ BANNER
|
|
261
259
|
config = Config.read_file(config_file_path)
|
262
260
|
config.each_pair do |env, cfg|
|
263
261
|
next if environments && !environments.include?(env.to_sym)
|
264
|
-
|
265
|
-
|
266
|
-
|
267
|
-
|
268
|
-
end
|
262
|
+
next unless ciphers = cfg[:ciphers]
|
263
|
+
highest = ciphers.max_by { |i| i[:version] }
|
264
|
+
ciphers.delete(highest)
|
265
|
+
ciphers.unshift(highest)
|
269
266
|
end
|
270
267
|
|
271
268
|
Config.write_file(config_file_path, config)
|
@@ -309,9 +306,7 @@ BANNER
|
|
309
306
|
value1 = HighLine.new.ask('Enter the value to encrypt:') { |q| q.echo = '*' }
|
310
307
|
value2 = HighLine.new.ask('Re-enter the value to encrypt:') { |q| q.echo = '*' }
|
311
308
|
|
312
|
-
if value1 != value2
|
313
|
-
puts('Values do not match, please try again')
|
314
|
-
end
|
309
|
+
puts('Values do not match, please try again') if value1 != value2
|
315
310
|
end
|
316
311
|
|
317
312
|
encrypted = SymmetricEncryption.cipher(version).encrypt(value1, compress: compress)
|
@@ -336,8 +331,7 @@ BANNER
|
|
336
331
|
def config_file_does_not_exist!
|
337
332
|
return unless File.exist?(config_file_path)
|
338
333
|
puts "\nConfiguration file already exists, please move or rename: #{config_file_path}\n\n"
|
339
|
-
exit
|
334
|
+
exit(-1)
|
340
335
|
end
|
341
|
-
|
342
336
|
end
|
343
337
|
end
|
@@ -9,7 +9,7 @@ module SymmetricEncryption
|
|
9
9
|
datetime: DateTime,
|
10
10
|
time: Time,
|
11
11
|
date: Date
|
12
|
-
}
|
12
|
+
}.freeze
|
13
13
|
|
14
14
|
# Coerce given value into given type
|
15
15
|
# Does not coerce json or yaml values
|
@@ -42,7 +42,7 @@ module SymmetricEncryption
|
|
42
42
|
when :yaml
|
43
43
|
YAML.load(value)
|
44
44
|
else
|
45
|
-
|
45
|
+
coerce(value, type, String)
|
46
46
|
end
|
47
47
|
end
|
48
48
|
|
@@ -60,7 +60,7 @@ module SymmetricEncryption
|
|
60
60
|
when :yaml
|
61
61
|
value.to_yaml
|
62
62
|
else
|
63
|
-
|
63
|
+
coerce(value, :string, coercion_type(type, value))
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
@@ -72,6 +72,5 @@ module SymmetricEncryption
|
|
72
72
|
TYPE_MAP[symbol]
|
73
73
|
end
|
74
74
|
end
|
75
|
-
|
76
75
|
end
|
77
76
|
end
|
@@ -29,7 +29,7 @@ module SymmetricEncryption
|
|
29
29
|
def self.read_file(file_name)
|
30
30
|
config = YAML.load(ERB.new(File.new(file_name).read).result)
|
31
31
|
config = deep_symbolize_keys(config)
|
32
|
-
config.each_pair { |
|
32
|
+
config.each_pair { |_env, cfg| SymmetricEncryption::Config.send(:migrate_old_formats!, cfg) }
|
33
33
|
config
|
34
34
|
end
|
35
35
|
|
@@ -50,14 +50,12 @@ module SymmetricEncryption
|
|
50
50
|
#
|
51
51
|
# See: `.load!` for parameters.
|
52
52
|
def initialize(file_name: nil, env: nil)
|
53
|
-
|
54
|
-
env = defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
55
|
-
end
|
53
|
+
env ||= defined?(Rails) ? Rails.env : ENV['RACK_ENV'] || ENV['RAILS_ENV'] || 'development'
|
56
54
|
|
57
55
|
unless file_name
|
58
56
|
root = defined?(Rails) ? Rails.root : '.'
|
59
57
|
file_name =
|
60
|
-
if env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG']
|
58
|
+
if (env_var = ENV['SYMMETRIC_ENCRYPTION_CONFIG'])
|
61
59
|
File.expand_path(env_var)
|
62
60
|
else
|
63
61
|
File.join(root, 'config', 'symmetric-encryption.yml')
|
@@ -73,11 +71,12 @@ module SymmetricEncryption
|
|
73
71
|
def config
|
74
72
|
@config ||= begin
|
75
73
|
raise(ConfigError, "Cannot find config file: #{file_name}") unless File.exist?(file_name)
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
self.class.
|
74
|
+
|
75
|
+
env_config = YAML.load(ERB.new(File.new(file_name).read).result)[env]
|
76
|
+
raise(ConfigError, "Cannot find environment: #{env} in config file: #{file_name}") unless env_config
|
77
|
+
|
78
|
+
env_config = self.class.send(:deep_symbolize_keys, env_config)
|
79
|
+
self.class.send(:migrate_old_formats!, env_config)
|
81
80
|
end
|
82
81
|
end
|
83
82
|
|
@@ -86,49 +85,49 @@ module SymmetricEncryption
|
|
86
85
|
@ciphers ||= config[:ciphers].collect { |cipher_config| Cipher.from_config(cipher_config) }
|
87
86
|
end
|
88
87
|
|
89
|
-
private
|
90
|
-
|
91
88
|
# Iterate through the Hash symbolizing all keys.
|
92
|
-
def self.deep_symbolize_keys(
|
93
|
-
case
|
89
|
+
def self.deep_symbolize_keys(object)
|
90
|
+
case object
|
94
91
|
when Hash
|
95
92
|
result = {}
|
96
|
-
|
93
|
+
object.each_pair do |key, value|
|
97
94
|
key = key.to_sym if key.is_a?(String)
|
98
95
|
result[key] = deep_symbolize_keys(value)
|
99
96
|
end
|
100
97
|
result
|
101
98
|
when Array
|
102
|
-
|
99
|
+
object.collect { |i| deep_symbolize_keys(i) }
|
103
100
|
else
|
104
|
-
|
101
|
+
object
|
105
102
|
end
|
106
103
|
end
|
104
|
+
private_class_method :deep_symbolize_keys
|
107
105
|
|
108
106
|
# Iterate through the Hash symbolizing all keys.
|
109
|
-
def self.deep_stringify_keys(
|
110
|
-
case
|
107
|
+
def self.deep_stringify_keys(object)
|
108
|
+
case object
|
111
109
|
when Hash
|
112
110
|
result = {}
|
113
|
-
|
111
|
+
object.each_pair do |key, value|
|
114
112
|
key = key.to_s if key.is_a?(Symbol)
|
115
113
|
result[key] = deep_stringify_keys(value)
|
116
114
|
end
|
117
115
|
result
|
118
116
|
when Array
|
119
|
-
|
117
|
+
object.collect { |i| deep_stringify_keys(i) }
|
120
118
|
else
|
121
|
-
|
119
|
+
object
|
122
120
|
end
|
123
121
|
end
|
122
|
+
private_class_method :deep_stringify_keys
|
124
123
|
|
125
124
|
# Migrate old configuration format for this environment
|
126
125
|
def self.migrate_old_formats!(config)
|
127
126
|
# Inline single cipher before :ciphers
|
128
|
-
unless config.
|
129
|
-
|
130
|
-
config.keys.each { |key|
|
131
|
-
config[:ciphers] = [
|
127
|
+
unless config.key?(:ciphers)
|
128
|
+
inline_cipher = {}
|
129
|
+
config.keys.each { |key| inline_cipher[key] = config.delete(key) }
|
130
|
+
config[:ciphers] = [inline_cipher]
|
132
131
|
end
|
133
132
|
|
134
133
|
# Copy Old :private_rsa_key into each ciphers config
|
@@ -140,26 +139,23 @@ module SymmetricEncryption
|
|
140
139
|
|
141
140
|
# Old :cipher_name
|
142
141
|
config[:ciphers].each do |cipher|
|
143
|
-
if old_key_name_cipher = cipher.delete(:cipher)
|
142
|
+
if (old_key_name_cipher = cipher.delete(:cipher))
|
144
143
|
cipher[:cipher_name] = old_key_name_cipher
|
145
144
|
end
|
146
145
|
|
147
146
|
# Only temporarily used during v4 Beta process
|
148
|
-
if cipher[:key_encrypting_key].is_a?(String)
|
149
|
-
cipher[:private_rsa_key] = cipher.delete(:key_encrypting_key)
|
150
|
-
end
|
147
|
+
cipher[:private_rsa_key] = cipher.delete(:key_encrypting_key) if cipher[:key_encrypting_key].is_a?(String)
|
151
148
|
|
152
149
|
# Check for a prior env var in encrypted key
|
153
150
|
# Example:
|
154
151
|
# encrypted_key: <%= ENV['VAR'] %>
|
155
|
-
if cipher.
|
152
|
+
if cipher.key?(:encrypted_key) && cipher[:encrypted_key].nil?
|
156
153
|
cipher[:key_env_var] = :placeholder
|
157
|
-
puts
|
154
|
+
puts 'WARNING: :encrypted_key resolved to nil. Please see the migrated config file for the new option :key_env_var.'
|
158
155
|
end
|
159
|
-
|
160
156
|
end
|
161
157
|
config
|
162
158
|
end
|
163
|
-
|
159
|
+
private_class_method :migrate_old_formats!
|
164
160
|
end
|
165
161
|
end
|