Chris@1494: # Redmine - project management software Chris@1494: # Copyright (C) 2006-2014 Jean-Philippe Lang Chris@1494: # Chris@1494: # This program is free software; you can redistribute it and/or Chris@1494: # modify it under the terms of the GNU General Public License Chris@1494: # as published by the Free Software Foundation; either version 2 Chris@1494: # of the License, or (at your option) any later version. Chris@1494: # Chris@1494: # This program is distributed in the hope that it will be useful, Chris@1494: # but WITHOUT ANY WARRANTY; without even the implied warranty of Chris@1494: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the Chris@1494: # GNU General Public License for more details. Chris@1494: # Chris@1494: # You should have received a copy of the GNU General Public License Chris@1494: # along with this program; if not, write to the Free Software Chris@1494: # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Chris@1494: Chris@1494: module Redmine Chris@1494: module Ciphering Chris@1494: def self.included(base) Chris@1494: base.extend ClassMethods Chris@1494: end Chris@1494: Chris@1494: class << self Chris@1494: def encrypt_text(text) Chris@1494: if cipher_key.blank? || text.blank? Chris@1494: text Chris@1494: else Chris@1494: c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") Chris@1494: iv = c.random_iv Chris@1494: c.encrypt Chris@1494: c.key = cipher_key Chris@1494: c.iv = iv Chris@1494: e = c.update(text.to_s) Chris@1494: e << c.final Chris@1494: "aes-256-cbc:" + [e, iv].map {|v| Base64.encode64(v).strip}.join('--') Chris@1494: end Chris@1494: end Chris@1494: Chris@1494: def decrypt_text(text) Chris@1494: if text && match = text.match(/\Aaes-256-cbc:(.+)\Z/) Chris@1494: if cipher_key.blank? Chris@1494: logger.error "Attempt to decrypt a ciphered text with no cipher key configured in config/configuration.yml" if logger Chris@1494: return text Chris@1494: end Chris@1494: text = match[1] Chris@1494: c = OpenSSL::Cipher::Cipher.new("aes-256-cbc") Chris@1494: e, iv = text.split("--").map {|s| Base64.decode64(s)} Chris@1494: c.decrypt Chris@1494: c.key = cipher_key Chris@1494: c.iv = iv Chris@1494: d = c.update(e) Chris@1494: d << c.final Chris@1494: else Chris@1494: text Chris@1494: end Chris@1494: end Chris@1494: Chris@1494: def cipher_key Chris@1494: key = Redmine::Configuration['database_cipher_key'].to_s Chris@1494: key.blank? ? nil : Digest::SHA256.hexdigest(key) Chris@1494: end Chris@1494: Chris@1494: def logger Chris@1494: Rails.logger Chris@1494: end Chris@1494: end Chris@1494: Chris@1494: module ClassMethods Chris@1494: def encrypt_all(attribute) Chris@1494: transaction do Chris@1494: all.each do |object| Chris@1494: clear = object.send(attribute) Chris@1494: object.send "#{attribute}=", clear Chris@1494: raise(ActiveRecord::Rollback) unless object.save(:validation => false) Chris@1494: end Chris@1494: end ? true : false Chris@1494: end Chris@1494: Chris@1494: def decrypt_all(attribute) Chris@1494: transaction do Chris@1494: all.each do |object| Chris@1494: clear = object.send(attribute) Chris@1494: object.send :write_attribute, attribute, clear Chris@1494: raise(ActiveRecord::Rollback) unless object.save(:validation => false) Chris@1494: end Chris@1494: end Chris@1494: end ? true : false Chris@1494: end Chris@1494: Chris@1494: private Chris@1494: Chris@1494: # Returns the value of the given ciphered attribute Chris@1494: def read_ciphered_attribute(attribute) Chris@1494: Redmine::Ciphering.decrypt_text(read_attribute(attribute)) Chris@1494: end Chris@1494: Chris@1494: # Sets the value of the given ciphered attribute Chris@1494: def write_ciphered_attribute(attribute, value) Chris@1494: write_attribute(attribute, Redmine::Ciphering.encrypt_text(value)) Chris@1494: end Chris@1494: end Chris@1494: end