Class: ActiveRecord::Encryption::Properties

Inherits:
Object
  • Object
show all
Defined in:
activerecord/lib/active_record/encryption/properties.rb

Overview

This is a wrapper for a hash of encryption properties. It is used by Key (public tags) and Message (headers).

Since properties are serialized in messages, it is important for storage efficiency to keep their keys as short as possible. It defines accessors for common properties that will keep these keys very short while exposing a readable name.

message.headers.encrypted_data_key # instead of message.headers[:k]

See Properties#DEFAULT_PROPERTIES, Key, Message

Constant Summary collapse

ALLOWED_VALUE_CLASSES =
[String, ActiveRecord::Encryption::Message, Numeric, TrueClass, FalseClass, Symbol, NilClass]
DEFAULT_PROPERTIES =

For each entry it generates an accessor exposing the full name

{
  encrypted_data_key: "k",
  encrypted_data_key_id: "i",
  compressed: "c",
  iv: "iv",
  auth_tag: "at",
  encoding: "e"
}

Instance Method Summary collapse

Constructor Details

#initialize(initial_properties = {}) ⇒ Properties

Returns a new instance of Properties.


42
43
44
45
# File 'activerecord/lib/active_record/encryption/properties.rb', line 42

def initialize(initial_properties = {})
  @data = {}
  add(initial_properties)
end

Instance Method Details

#[]=(key, value) ⇒ Object

Set a value for a given key

It will raise an EncryptedContentIntegrity if the value exists


50
51
52
53
54
# File 'activerecord/lib/active_record/encryption/properties.rb', line 50

def []=(key, value)
  raise Errors::EncryptedContentIntegrity, "Properties can't be overridden: #{key}" if key?(key)
  validate_value_type(value)
  data[key] = value
end

#add(other_properties) ⇒ Object


62
63
64
65
66
# File 'activerecord/lib/active_record/encryption/properties.rb', line 62

def add(other_properties)
  other_properties.each do |key, value|
    self[key.to_sym] = value
  end
end

#to_hObject


68
69
70
# File 'activerecord/lib/active_record/encryption/properties.rb', line 68

def to_h
  data
end

#validate_value_type(value) ⇒ Object


56
57
58
59
60
# File 'activerecord/lib/active_record/encryption/properties.rb', line 56

def validate_value_type(value)
  unless ALLOWED_VALUE_CLASSES.find { |klass| value.is_a?(klass) }
    raise ActiveRecord::Encryption::Errors::ForbiddenClass, "Can't store a #{value.class}, only properties of type #{ALLOWED_VALUE_CLASSES.inspect} are allowed"
  end
end