module Sequel::Plugins::ColumnEncryption::ClassMethods

Attributes

column_encryption_metadata[R]

A hash with column symbol keys and ColumnEncryptionMetadata values for each encrypted column.

Private Instance Methods

_encrypt_column(column, opts) { || ... } click to toggle source

Setup encryption for the given column.

# File lib/sequel/plugins/column_encryption.rb, line 630
def _encrypt_column(column, opts)
  cryptor ||= if defined?(yield)
    dsl = ColumnDSL.new
    yield dsl
    Cryptor.new(dsl.keys)
  else
    column_encryption_cryptor
  end

  encrypt_method, search_prefixes_method, search_type = case searchable = opts[:searchable]
  when nil, false
    [:encrypt, nil, Cryptor::NOT_SEARCHABLE] 
  when true
    [:searchable_encrypt, :search_prefixes, Cryptor::SEARCHABLE] 
  when :case_insensitive
    [:case_insensitive_searchable_encrypt, :lowercase_search_prefixes, Cryptor::LOWERCASE_SEARCHABLE] 
  else
    raise Error, "invalid :searchable option for encrypted column: #{searchable.inspect}"
  end

  if searchable && opts[:search_both]
    search_prefixes_method = :regular_and_lowercase_search_prefixes
  end

  # Setup the callables used in the metadata.
  encryptor = cryptor.method(encrypt_method)
  decryptor = cryptor.method(:decrypt)
  data_searcher = cryptor.method(search_prefixes_method) if search_prefixes_method
  key_searcher = lambda{cryptor.current_key_prefix(search_type)}

  if format = opts[:format]
    if format.is_a?(Symbol)
      unless format = Sequel.synchronize{Serialization::REGISTERED_FORMATS[format]}
        raise(Error, "Unsupported serialization format: #{format} (valid formats: #{Sequel.synchronize{Serialization::REGISTERED_FORMATS.keys}.inspect})")
      end
    end

    # If a custom serialization format is used, override the
    # callables to handle serialization and deserialization.
    serializer, deserializer = format
    enc, dec, data_s = encryptor, decryptor, data_searcher
    encryptor = lambda do |data|
      enc.call(serializer.call(data))
    end
    decryptor = lambda do |data|
      deserializer.call(dec.call(data))
    end
    data_searcher = lambda do |data|
      data_s.call(serializer.call(data))
    end
  end

  # Setup the setter and getter methods to do encryption and decryption using
  # the serialization plugin.
  serialize_attributes([encryptor, decryptor], column)

  column_encryption_metadata[column] = ColumnEncryptionMetadata.new(encryptor, decryptor, data_searcher, key_searcher).freeze

  nil
end
column_encryption_cryptor() click to toggle source

The default Cryptor to use for encrypted columns. This is only overridden if per-column keys are used.

# File lib/sequel/plugins/column_encryption.rb, line 625
def column_encryption_cryptor
  @column_encryption_cryptor ||= Cryptor.new(@column_encryption_keys)
end