class Heroku::Bouncer::Lockbox

Public Class Methods

generate_hmac(data, key) click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 51
def self.generate_hmac(data, key)
  ::OpenSSL::HMAC.hexdigest(::OpenSSL::Digest::SHA1.new, key, data)
end
new(key) click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 5
def initialize(key)
  @key = key
end

Public Instance Methods

lock(str) click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 9
def lock(str)
  aes = cipher.encrypt
  aes.key = @key.size > 32 ? @key[0..31] : @key
  iv = ::OpenSSL::Random.random_bytes(aes.iv_len)
  aes.iv = iv
  [iv + (aes.update(str) << aes.final)].pack('m0')
end
unlock(str) click to toggle source

decrypts string. returns nil if an error occurs

returns nil if openssl raises an error during decryption (data manipulation, key change, implementation change), or if the text to decrypt is too short to possibly be good aes data.

# File lib/heroku/bouncer/lockbox.rb, line 22
def unlock(str)
  str = str.unpack('m0').first
  aes = cipher.decrypt
  aes.key = @key.size > 32 ? @key[0..31] : @key
  iv = str[0, aes.iv_len]
  aes.iv = iv
  crypted_text = str[aes.iv_len..-1]
  return nil if crypted_text.nil? || iv.nil?
  aes.update(crypted_text) << aes.final
rescue
  nil
end

Private Instance Methods

cipher() click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 37
def cipher
  # OpenSSL::Cipher::Cipher is deprecated for Ruby >= 2.4
  # https://ruby.github.io/openssl/OpenSSL/Cipher/Cipher.html
  if ruby_two_point_four_or_above?
    ::OpenSSL::Cipher.new('aes-256-cbc')
  else
    ::OpenSSL::Cipher::Cipher.new('aes-256-cbc')
  end
end
ruby_two_point_four_or_above?() click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 47
def ruby_two_point_four_or_above?
  ::RUBY_VERSION.to_f >= 2.4
end