src/aegis/src/aegis.erl - couchdb - Git at Google

 % Licensed under the Apache License, Version 2.0 (the "License"); you may not
 % use this file except in compliance with the License. You may obtain a copy of
 % the License at
 %
 %   http://www.apache.org/licenses/LICENSE-2.0
 %
 % Unless required by applicable law or agreed to in writing, software
 % distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 % WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 % License for the specific language governing permissions and limitations under
 % the License.

 -module(aegis).
 -include_lib("fabric/include/fabric2.hrl").

 -define(WRAPPED_KEY, {?DB_AEGIS, 1}).

 -export([
     key_manager/0,
     init_db/2,
     open_db/1,
     get_db_info/1,

     decrypt/2,
     decrypt/3,
     encrypt/3,
     wrap_fold_fun/2
 ]).

 key_manager() ->
     ?AEGIS_KEY_MANAGER.

 init_db(#{} = Db, Options) ->
     Db#{
         is_encrypted => aegis_server:init_db(Db, Options)
     }.

 open_db(#{} = Db) ->
     Db#{
         is_encrypted => aegis_server:open_db(Db)
     }.

 get_db_info(#{is_encrypted := IsEncrypted} = Db) ->
     KeyManagerInfo =
         case erlang:function_exported(?AEGIS_KEY_MANAGER, get_db_info, 1) of
             true ->
                 ?AEGIS_KEY_MANAGER:get_db_info(Db);
             false ->
                 []
         end,
     [{enabled, IsEncrypted}, {key_manager, {KeyManagerInfo}}].

 encrypt(#{} = _Db, _Key, <<>>) ->
     <<>>;
 encrypt(#{is_encrypted := false}, _Key, Value) when is_binary(Value) ->
     Value;
 encrypt(#{is_encrypted := true} = Db, Key, Value) when
     is_binary(Key), is_binary(Value)
 ->
     aegis_server:encrypt(Db, Key, Value).

 decrypt(#{} = Db, Rows) when is_list(Rows) ->
     lists:map(
         fun({Key, Value}) ->
             {Key, decrypt(Db, Key, Value)}
         end,
         Rows
     ).

 decrypt(#{} = _Db, _Key, <<>>) ->
     <<>>;
 decrypt(#{is_encrypted := false}, _Key, Value) when is_binary(Value) ->
     Value;
 decrypt(#{is_encrypted := true} = Db, Key, Value) when
     is_binary(Key), is_binary(Value)
 ->
     aegis_server:decrypt(Db, Key, Value).

 wrap_fold_fun(Db, Fun) when is_function(Fun, 2) ->
     fun({Key, Value}, Acc) ->
         Fun({Key, decrypt(Db, Key, Value)}, Acc)
     end.
	% Licensed under the Apache License, Version 2.0 (the "License"); you may not
	% use this file except in compliance with the License. You may obtain a copy of
	% the License at
	%
	% http://www.apache.org/licenses/LICENSE-2.0
	%
	% Unless required by applicable law or agreed to in writing, software
	% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
	% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
	% License for the specific language governing permissions and limitations under
	% the License.

	-module(aegis).
	-include_lib("fabric/include/fabric2.hrl").

	-define(WRAPPED_KEY, {?DB_AEGIS, 1}).

	-export([
	key_manager/0,
	init_db/2,
	open_db/1,
	get_db_info/1,

	decrypt/2,
	decrypt/3,
	encrypt/3,
	wrap_fold_fun/2
	]).

	key_manager() ->
	?AEGIS_KEY_MANAGER.

	init_db(#{} = Db, Options) ->
	Db#{
	is_encrypted => aegis_server:init_db(Db, Options)
	}.

	open_db(#{} = Db) ->
	Db#{
	is_encrypted => aegis_server:open_db(Db)
	}.

	get_db_info(#{is_encrypted := IsEncrypted} = Db) ->
	KeyManagerInfo =
	case erlang:function_exported(?AEGIS_KEY_MANAGER, get_db_info, 1) of
	true ->
	?AEGIS_KEY_MANAGER:get_db_info(Db);
	false ->
	[]
	end,
	[{enabled, IsEncrypted}, {key_manager, {KeyManagerInfo}}].

	encrypt(#{} = _Db, _Key, <<>>) ->
	<<>>;
	encrypt(#{is_encrypted := false}, _Key, Value) when is_binary(Value) ->
	Value;
	encrypt(#{is_encrypted := true} = Db, Key, Value) when
	is_binary(Key), is_binary(Value)
	->
	aegis_server:encrypt(Db, Key, Value).

	decrypt(#{} = Db, Rows) when is_list(Rows) ->
	lists:map(
	fun({Key, Value}) ->
	{Key, decrypt(Db, Key, Value)}
	end,
	Rows
	).

	decrypt(#{} = _Db, _Key, <<>>) ->
	<<>>;
	decrypt(#{is_encrypted := false}, _Key, Value) when is_binary(Value) ->
	Value;
	decrypt(#{is_encrypted := true} = Db, Key, Value) when
	is_binary(Key), is_binary(Value)
	->
	aegis_server:decrypt(Db, Key, Value).

	wrap_fold_fun(Db, Fun) when is_function(Fun, 2) ->
	fun({Key, Value}, Acc) ->
	Fun({Key, decrypt(Db, Key, Value)}, Acc)
	end.