1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# frozen_string_literal: true
module Gitlab
class EncryptedConfiguration
delegate :[], :fetch, to: :config
delegate_missing_to :options
attr_reader :content_path, :key, :previous_keys
CIPHER = "aes-256-gcm"
SALT = "GitLabEncryptedConfigSalt"
class MissingKeyError < RuntimeError
def initialize(msg = "Missing encryption key to encrypt/decrypt file with.")
super
end
end
class InvalidConfigError < RuntimeError
def initialize(msg = "Content was not a valid yml config file")
super
end
end
def self.generate_key(base_key)
# Because the salt is static, we want uniqueness to be coming from the base_key
# Error if the base_key is empty or suspiciously short
raise 'Base key too small' if base_key.blank? || base_key.length < 16
ActiveSupport::KeyGenerator.new(base_key).generate_key(SALT, ActiveSupport::MessageEncryptor.key_len(CIPHER))
end
def initialize(content_path: nil, base_key: nil, previous_keys: [])
@content_path = Pathname.new(content_path).yield_self { |path| path.symlink? ? path.realpath : path } if content_path
@key = self.class.generate_key(base_key) if base_key
@previous_keys = previous_keys
end
def active?
content_path&.exist?
end
def read
if active?
decrypt(content_path.binread)
else
""
end
end
def write(contents)
# ensure contents are valid to deserialize before write
deserialize(contents)
temp_file = Tempfile.new(File.basename(content_path), File.dirname(content_path))
File.open(temp_file.path, 'wb') do |file|
file.write(encrypt(contents))
end
FileUtils.mv(temp_file.path, content_path)
ensure
temp_file&.unlink
end
def config
return @config if @config
contents = deserialize(read)
raise InvalidConfigError unless contents.is_a?(Hash)
@config = contents.deep_symbolize_keys
end
def change(&block)
writing(read, &block)
end
private
def writing(contents)
updated_contents = yield contents
write(updated_contents) if updated_contents != contents
end
def encrypt(contents)
handle_missing_key!
encryptor.encrypt_and_sign(contents)
end
def decrypt(contents)
handle_missing_key!
encryptor.decrypt_and_verify(contents)
end
def encryptor
return @encryptor if @encryptor
@encryptor = ActiveSupport::MessageEncryptor.new(key, cipher: CIPHER)
# Allow fallback to previous keys
@previous_keys.each do |key|
@encryptor.rotate(self.class.generate_key(key))
end
@encryptor
end
def options
# Allows top level keys to be referenced using dot syntax
@options ||= ActiveSupport::InheritableOptions.new(config)
end
def deserialize(contents)
YAML.safe_load(contents, permitted_classes: [Symbol]).presence || {}
end
def handle_missing_key!
raise MissingKeyError if @key.nil?
end
end
end
|
