Merge branch 'master' of git@github.com:rails/rails

2 files changed, 70 insertions, 0 deletions

diff --git a/activesupport/lib/active_support.rb b/activesupport/lib/active_support.rb
index 08d9ff1fe8..f4b804801f 100644
--- a/activesupport/lib/active_support.rb
+++ b/activesupport/lib/active_support.rb
@@ -37,6 +37,7 @@ module ActiveSupport
   autoload :Gzip, 'active_support/gzip'
   autoload :Inflector, 'active_support/inflector'
   autoload :Memoizable, 'active_support/memoizable'
+  autoload :MessageEncryptor, 'active_support/message_encryptor'
   autoload :MessageVerifier, 'active_support/message_verifier'
   autoload :Multibyte, 'active_support/multibyte'
   autoload :OptionMerger, 'active_support/option_merger'
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
new file mode 100644
index 0000000000..de2b4bee76
--- /dev/null
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -0,0 +1,69 @@
+require 'openssl'
+
+module ActiveSupport
+  # MessageEncryptor is a simple way to encrypt values which get stored somewhere 
+  # you don't trust.
+  # 
+  # The cipher text and initialization vector are base64 encoded and returned to you.
+  #
+  # This can be used in situations similar to the MessageVerifier, but where you don't
+  # want users to be able to determine the value of the payload.
+  class MessageEncryptor
+    class InvalidMessage < StandardError; end
+    
+    def initialize(secret, cipher = 'aes-256-cbc')
+      @secret = secret
+      @cipher = cipher
+    end
+    
+    def encrypt(value)
+      cipher = new_cipher
+      # Rely on OpenSSL for the initialization vector
+      iv = cipher.random_iv
+      
+      cipher.encrypt 
+      cipher.key = @secret
+      cipher.iv  = iv
+      
+      encrypted_data = cipher.update(Marshal.dump(value)) 
+      encrypted_data << cipher.final
+
+      [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
+    end
+    
+    def decrypt(encrypted_message)
+      cipher = new_cipher
+      encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)}
+      
+      cipher.decrypt
+      cipher.key = @secret
+      cipher.iv  = iv
+
+      decrypted_data = cipher.update(encrypted_data)
+      decrypted_data << cipher.final
+      
+      Marshal.load(decrypted_data)
+    rescue OpenSSL::CipherError, TypeError
+      raise InvalidMessage
+    end
+    
+    def encrypt_and_sign(value)
+      verifier.generate(encrypt(value))
+    end
+    
+    def decrypt_and_verify(value)
+      decrypt(verifier.verify(value))
+    end
+    
+    
+    
+    private 
+      def new_cipher
+        OpenSSL::Cipher::Cipher.new(@cipher)
+      end
+      
+      def verifier
+        MessageVerifier.new(@secret)
+      end
+  end
+end
\ No newline at end of file