class Heroku::Bouncer::Lockbox
Public Class Methods
generate_hmac(data, key)
click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 51 def self.generate_hmac(data, key) ::OpenSSL::HMAC.hexdigest(::OpenSSL::Digest::SHA1.new, key, data) end
new(key)
click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 5 def initialize(key) @key = key end
Public Instance Methods
lock(str)
click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 9 def lock(str) aes = cipher.encrypt aes.key = @key.size > 32 ? @key[0..31] : @key iv = ::OpenSSL::Random.random_bytes(aes.iv_len) aes.iv = iv [iv + (aes.update(str) << aes.final)].pack('m0') end
unlock(str)
click to toggle source
decrypts string. returns nil if an error occurs
returns nil if openssl raises an error during decryption (data manipulation, key change, implementation change), or if the text to decrypt is too short to possibly be good aes data.
# File lib/heroku/bouncer/lockbox.rb, line 22 def unlock(str) str = str.unpack('m0').first aes = cipher.decrypt aes.key = @key.size > 32 ? @key[0..31] : @key iv = str[0, aes.iv_len] aes.iv = iv crypted_text = str[aes.iv_len..-1] return nil if crypted_text.nil? || iv.nil? aes.update(crypted_text) << aes.final rescue nil end
Private Instance Methods
cipher()
click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 37 def cipher # OpenSSL::Cipher::Cipher is deprecated for Ruby >= 2.4 # https://ruby.github.io/openssl/OpenSSL/Cipher/Cipher.html if ruby_two_point_four_or_above? ::OpenSSL::Cipher.new('aes-256-cbc') else ::OpenSSL::Cipher::Cipher.new('aes-256-cbc') end end
ruby_two_point_four_or_above?()
click to toggle source
# File lib/heroku/bouncer/lockbox.rb, line 47 def ruby_two_point_four_or_above? ::RUBY_VERSION.to_f >= 2.4 end