class Ansible::Vault::FileReader

A class for reading the data encoded in an Ansible vault file.

@!attribute [r] body

The encoded body of the file.

@!attribute [r] header

The header of the file, not currently used.

@!attribute [r] path

The path of the file being read.

Attributes

body[R]
header[R]
path[R]

Public Class Methods

new(path) click to toggle source
# File lib/ansible/vault/file_reader.rb, line 14
def initialize(path)
  @path = path
  ::File.open(path, 'r') { |f|
    @header, *body = f.readlines.map(&:chomp)
    @body = Array(body).join
  }
end

Public Instance Methods

ciphertext() click to toggle source

Extracts and decodes the ciphertext from the file body

@return [String] The raw binary representation of the ciphertext

# File lib/ansible/vault/file_reader.rb, line 25
def ciphertext
  return @ciphertext if defined?(@ciphertext)
  decode_body
  @ciphertext
end
encrypted?() click to toggle source

Indicates if the file is in the encrypted format or not

@return [Boolean]

# File lib/ansible/vault/file_reader.rb, line 52
def encrypted?
  decode_body unless defined?(@salt)
  # The header not matching is a dead giveaway that the file isn't what
  # we're expecting. That, however, probably isn't enough so we'll check
  # the HMAC for presence and length since it's very unlikely that
  # decoding the file body will result in multiple chunks AND the second
  # one being the correct length for a SHA256 HMAC.
  @header == FILE_HEADER && !@hmac.nil? && @hmac.bytesize == 64
end
hmac() click to toggle source

Extracts the HMAC value from the file body

@return [String] The hex representation of the HMAC

# File lib/ansible/vault/file_reader.rb, line 34
def hmac
  return @hmac if defined?(@hmac)
  decode_body
  @hmac
end
salt() click to toggle source

Extracts and decodes the salt from the file body

@return [String] The raw binary representation of the salt

# File lib/ansible/vault/file_reader.rb, line 43
def salt
  return @salt if defined?(@salt)
  decode_body
  @salt
end

Private Instance Methods

decode_body() click to toggle source
# File lib/ansible/vault/file_reader.rb, line 64
def decode_body
  salt, @hmac, ciphertext = BinASCII.unhexlify(@body).split("\n", 3)
  @ciphertext = BinASCII.unhexlify(ciphertext)
  @salt = BinASCII.unhexlify(salt)
end