class Chef::EncryptedDataBagItem::Decryptor::Version0Decryptor

Attributes

encrypted_data[R]
key[R]

Public Class Methods

new(encrypted_data, key) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 76
def initialize(encrypted_data, key)
  @encrypted_data = encrypted_data
  @key = key
end

Public Instance Methods

algorithm() click to toggle source

Returns the used decryption algorithm

# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 82
def algorithm
  ALGORITHM
end
decrypted_data() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 90
def decrypted_data
  @decrypted_data ||=
    begin
      plaintext = openssl_decryptor.update(encrypted_bytes)
      plaintext << openssl_decryptor.final
    rescue OpenSSL::Cipher::CipherError => e
      # if the key length is less than 255 characters, and it contains slashes, we think it may be a path.
      raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{(@key.length < 255 && @key.include?('/')) ? 'You may need to use --secret-file rather than --secret.' : ''}"
    end
end
encrypted_bytes() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 101
def encrypted_bytes
  Base64.decode64(@encrypted_data)
end
for_decrypted_item() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 86
def for_decrypted_item
  YAML.load(decrypted_data)
end
openssl_decryptor() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 105
def openssl_decryptor
  @openssl_decryptor ||=
    begin
      d = OpenSSL::Cipher.new(algorithm)
      d.decrypt
      d.pkcs5_keyivgen(key)
      d
    end
end