1 files changed, 70 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/message_encryptor.rb b/activesupport/lib/active_support/message_encryptor.rb
new file mode 100644
index 0000000000..347af9dc76
--- /dev/null
+++ b/activesupport/lib/active_support/message_encryptor.rb
@@ -0,0 +1,70 @@
+require 'openssl'
+
+module ActiveSupport
+  # MessageEncryptor is a simple way to encrypt values which get stored somewhere 
+  # you don't trust.
+  # 
+  # The cipher text and initialization vector are base64 encoded and returned to you.
+  #
+  # This can be used in situations similar to the MessageVerifier, but where you don't
+  # want users to be able to determine the value of the payload.
+  class MessageEncryptor
+    class InvalidMessage < StandardError; end
+    OpenSSLCipherError = OpenSSL::Cipher.const_defined?(:CipherError) ? OpenSSL::Cipher::CipherError : OpenSSL::CipherError
+
+    def initialize(secret, cipher = 'aes-256-cbc')
+      @secret = secret
+      @cipher = cipher
+    end
+    
+    def encrypt(value)
+      cipher = new_cipher
+      # Rely on OpenSSL for the initialization vector
+      iv = cipher.random_iv
+      
+      cipher.encrypt 
+      cipher.key = @secret
+      cipher.iv  = iv
+      
+      encrypted_data = cipher.update(Marshal.dump(value)) 
+      encrypted_data << cipher.final
+
+      [encrypted_data, iv].map {|v| ActiveSupport::Base64.encode64s(v)}.join("--")
+    end
+    
+    def decrypt(encrypted_message)
+      cipher = new_cipher
+      encrypted_data, iv = encrypted_message.split("--").map {|v| ActiveSupport::Base64.decode64(v)}
+      
+      cipher.decrypt
+      cipher.key = @secret
+      cipher.iv  = iv
+
+      decrypted_data = cipher.update(encrypted_data)
+      decrypted_data << cipher.final
+      
+      Marshal.load(decrypted_data)
+    rescue OpenSSLCipherError, TypeError
+      raise InvalidMessage
+    end
+    
+    def encrypt_and_sign(value)
+      verifier.generate(encrypt(value))
+    end
+    
+    def decrypt_and_verify(value)
+      decrypt(verifier.verify(value))
+    end
+    
+    
+    
+    private 
+      def new_cipher
+        OpenSSL::Cipher::Cipher.new(@cipher)
+      end
+      
+      def verifier
+        MessageVerifier.new(@secret)
+      end
+  end
+end