class Chef::EncryptedDataBagItem::Decryptor::Version1Decryptor

Attributes

encrypted_data[R]
key[R]

Public Class Methods

new(encrypted_data, key) click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 119
def initialize(encrypted_data, key)
  @encrypted_data = encrypted_data
  @key = key
end

Public Instance Methods

decrypted_data() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 141
def decrypted_data
  @decrypted_data ||= begin
    plaintext = openssl_decryptor.update(encrypted_bytes)
    plaintext << openssl_decryptor.final
  rescue OpenSSL::Cipher::CipherError => e
    # if the key length is less than 255 characters, and it contains slashes, we think it may be a path.
    raise DecryptionFailure, "Error decrypting data bag value: '#{e.message}'. Most likely the provided key is incorrect. #{( @key.length < 255 && @key.include?('/')) ? 'You may need to use --secret-file rather than --secret.' : ''}"
  end
end
encrypted_bytes() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 133
def encrypted_bytes
  Base64.decode64(@encrypted_data["encrypted_data"])
end
for_decrypted_item() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 124
def for_decrypted_item
  Chef::JSONCompat.parse(decrypted_data)["json_wrapper"]
rescue Chef::Exceptions::JSON::ParseError
  # convert to a DecryptionFailure error because the most likely scenario
  # here is that the decryption step was unsuccessful but returned bad
  # data rather than raising an error.
  raise DecryptionFailure, "Error decrypting data bag value. Most likely the provided key is incorrect"
end
iv() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 137
def iv
  Base64.decode64(@encrypted_data["iv"])
end
openssl_decryptor() click to toggle source
# File lib/chef/encrypted_data_bag_item/decryptor.rb, line 151
def openssl_decryptor
  @openssl_decryptor ||= begin
    assert_valid_cipher!(@encrypted_data["cipher"], algorithm)
    d = OpenSSL::Cipher.new(algorithm)
    d.decrypt
    # We must set key before iv: https://bugs.ruby-lang.org/issues/8221
    d.key = OpenSSL::Digest::SHA256.digest(key)
    d.iv = iv
    d
  end
end