embulk-filter-encrypt 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +12 -0
- data/ChangeLog +4 -0
- data/LICENSE.txt +14 -0
- data/README.md +129 -0
- data/build.gradle +94 -0
- data/config/checkstyle/checkstyle.xml +128 -0
- data/config/checkstyle/default.xml +108 -0
- data/example.csv.gz +0 -0
- data/example.yml +30 -0
- data/genkey.rb +19 -0
- data/gradle/wrapper/gradle-wrapper.jar +0 -0
- data/gradle/wrapper/gradle-wrapper.properties +6 -0
- data/gradlew +160 -0
- data/gradlew.bat +90 -0
- data/lib/embulk/filter/encrypt.rb +3 -0
- data/src/main/java/org/embulk/filter/encrypt/EncryptFilterPlugin.java +329 -0
- data/src/test/java/org/embulk/filter/encrypt/TestEncryptFilterPlugin.java +5 -0
- metadata +90 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: d7ccdad7bf5592cae007e69d377dd6d8fe729fbe
|
4
|
+
data.tar.gz: f3a74ecd872841e10d0b740b117e7525c0aa156d
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 637dcbc1f0d2ac4c261ae7a1fcd43e9620e12e3668939429b1a88a93b4ba6ab655ce7e2f04e5fc2ea5c75cf803ebad1f633bb2700964a790a5fe46a9405afbc8
|
7
|
+
data.tar.gz: 4971f179382b25ab01dbad3269d11f0b9e275d5f640262355da66157869c738025da408bd7cd395b0b95aaa5b8c36f483d85d9bdc5c572cccc55c854b07d5cb2
|
data/.gitignore
ADDED
data/ChangeLog
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
Copyright (C) 2015 Sadayuki Furuhashi
|
2
|
+
|
3
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
you may not use this file except in compliance with the License.
|
5
|
+
You may obtain a copy of the License at
|
6
|
+
|
7
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
|
9
|
+
Unless required by applicable law or agreed to in writing, software
|
10
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
See the License for the specific language governing permissions and
|
13
|
+
limitations under the License.
|
14
|
+
|
data/README.md
ADDED
@@ -0,0 +1,129 @@
|
|
1
|
+
# Encrypt filter plugin for Embulk
|
2
|
+
|
3
|
+
Converts columns using an encryption algorithm such as AES.
|
4
|
+
|
5
|
+
Encrypted data is encoded using base64. For example, if you have following input records:
|
6
|
+
|
7
|
+
id,password,comment
|
8
|
+
1,super,a
|
9
|
+
2,secret,b
|
10
|
+
|
11
|
+
You can apply encryption to password column and get following outputs:
|
12
|
+
|
13
|
+
id,password,comment
|
14
|
+
1,ayxU9lMA1iASdHGy/eAlWw==,a
|
15
|
+
2,v8ffsUOfspaqZ1KI7tPz+A==,b
|
16
|
+
|
17
|
+
## Overview
|
18
|
+
|
19
|
+
* **Plugin type**: filter
|
20
|
+
|
21
|
+
## Configuration
|
22
|
+
|
23
|
+
- **algorithm**: encryption algorithm (see below) (enum, required)
|
24
|
+
- **column_names**: names of string columns to encrypt (array of string, required)
|
25
|
+
- **key_hex**: encryption key (string, required)
|
26
|
+
- **iv_hex**: encyrption initialization vector (string, required if mode of the algorithm is CBC)
|
27
|
+
|
28
|
+
## Algorithms
|
29
|
+
|
30
|
+
Available algorithms are:
|
31
|
+
|
32
|
+
* **AES-256-CBC** (recommended)
|
33
|
+
* AES-192-CBC
|
34
|
+
* AES-128-CBC
|
35
|
+
* AES-256-ECB
|
36
|
+
* AES-192-ECB
|
37
|
+
* AES-128-ECB
|
38
|
+
|
39
|
+
AES-256-CBC is the recommended algorithm. The other algorithms are prepared for compatibility with other components (see below "Decrypting data" section).
|
40
|
+
|
41
|
+
## Generating key and iv
|
42
|
+
|
43
|
+
### Using standard PBKDF2 Password-based Encryption algorithm
|
44
|
+
|
45
|
+
PBKDF2 is a standard (PKCS #5) algorithm to generate key and iv from a password.
|
46
|
+
|
47
|
+
To generate it, you can use [genkey.rb](https://raw.githubusercontent.com/embulk/embulk-filter-encrypt/master/genkey.rb) script.
|
48
|
+
|
49
|
+
You save above text as "genkey.rb", and run it as following:
|
50
|
+
|
51
|
+
$ ruby genkey.rb AES-256-CBC "my-pass-wo-rd"
|
52
|
+
|
53
|
+
It shows key and iv as following:
|
54
|
+
|
55
|
+
key=D0867C9310D061F17ACD11EB30DE68265DCB79849BE5FB2BE157919D19BF2F42
|
56
|
+
iv =2A1D6BD59D2DB50A59364BAD3B9B6544
|
57
|
+
|
58
|
+
### Using openssl EVP_BytesToKey algorithm
|
59
|
+
|
60
|
+
You can use `openssl` EVP_BytesToKey algorithm to generate key and iv from a password. If you use AES-256-CBC cipher algorithm, you type following command:
|
61
|
+
|
62
|
+
$ echo secret | openssl enc -aes-256-cbc -a -nosalt -p
|
63
|
+
|
64
|
+
You will be asked to enter password. Then it shows key and iv:
|
65
|
+
|
66
|
+
key=DAFFED346E29C5654F54133D1FC65CCB5930071ACEAF5B64A22A11406F467DC9
|
67
|
+
iv =C92D28D70B4440DA3F0F05577ECFEE54
|
68
|
+
6aEGvMrGx7tODkPF7x5Yog==
|
69
|
+
|
70
|
+
You can copy key and iv to key_hex and iv_hex parameters.
|
71
|
+
|
72
|
+
## Decrypting data
|
73
|
+
|
74
|
+
### openssl command
|
75
|
+
|
76
|
+
You can use openssl command as following:
|
77
|
+
|
78
|
+
$ echo <encrypted value> | openssl enc -d -base64 | openssl enc -aes-256-cbc -d -K <key> -iv <iv>
|
79
|
+
|
80
|
+
For example:
|
81
|
+
|
82
|
+
$ echo 6aEGvMrGx7tODkPF7x5Yog== | openssl enc -d -base64 | openssl enc -aes-256-cbc -d -K DAFFED346E29C5654F54133D1FC65CCB5930071ACEAF5B64A22A11406F467DC9 -iv C92D28D70B4440DA3F0F05577ECFEE54
|
83
|
+
secret
|
84
|
+
|
85
|
+
### PostgreSQL
|
86
|
+
|
87
|
+
You can use PostgreSQL's `decrypt_iv` or `decrypt` function to decrypt values (provided as pgcrypto extension). If you use CBC,
|
88
|
+
|
89
|
+
decrypt_iv(decode(encrypted_column, 'base64'), decode('here_is_key_hex', 'hex'), decode('here_is_iv_hex', 'hex'), 'aes')
|
90
|
+
|
91
|
+
If you use ECB,
|
92
|
+
|
93
|
+
decrypt(decode(encrypted_column, 'base64'), decode('here_is_key_hex', 'hex'), 'aes')
|
94
|
+
|
95
|
+
<!-- This doesn't work. why?
|
96
|
+
### MySQL
|
97
|
+
|
98
|
+
You can use MySQL's `AES_DECRYPT` function to decrypt values. If you use CBC,
|
99
|
+
|
100
|
+
AES_DECRYPT(FROM_BASE64(encrypted_column), unhex('here_is_key_hex'), unhex(here_is_iv_hex'))
|
101
|
+
|
102
|
+
If you use ECB,
|
103
|
+
|
104
|
+
AES_DECRYPT(FROM_BASE64(encrypted_column), unhex('here_is_key_hex'))
|
105
|
+
-->
|
106
|
+
|
107
|
+
<!-- not confirmed yet
|
108
|
+
### Hive
|
109
|
+
|
110
|
+
You can use Hive's `aes_decrypt(input binary, key binary)` function (available since Hive 1.3.0) to decrypt values. But because Hive doesn't support CBC, you need to use AES-256-ECB, AES-192-ECB, or AES-128-ECB. Function call is:
|
111
|
+
|
112
|
+
aes_decrypt(unbase64(encrypted_column), unhex('here_is_key_hex'))
|
113
|
+
-->
|
114
|
+
|
115
|
+
## Example
|
116
|
+
|
117
|
+
```yaml
|
118
|
+
filters:
|
119
|
+
- type: encrypt
|
120
|
+
column_names: [password, ip]
|
121
|
+
key_hex: 098F6BCD4621D373CADE4E832627B4F60A9172716AE6428409885B8B829CCB05
|
122
|
+
iv_hex: C9DD4BB33B827EB1FBA1B16A0074D460
|
123
|
+
```
|
124
|
+
|
125
|
+
## Build
|
126
|
+
|
127
|
+
```
|
128
|
+
$ ./gradlew gem # -t to watch change of files and rebuild continuously
|
129
|
+
```
|
data/build.gradle
ADDED
@@ -0,0 +1,94 @@
|
|
1
|
+
plugins {
|
2
|
+
id "com.jfrog.bintray" version "1.1"
|
3
|
+
id "com.github.jruby-gradle.base" version "0.1.5"
|
4
|
+
id "java"
|
5
|
+
id "checkstyle"
|
6
|
+
}
|
7
|
+
import com.github.jrubygradle.JRubyExec
|
8
|
+
repositories {
|
9
|
+
mavenCentral()
|
10
|
+
jcenter()
|
11
|
+
}
|
12
|
+
configurations {
|
13
|
+
provided
|
14
|
+
}
|
15
|
+
|
16
|
+
version = "0.1.0"
|
17
|
+
|
18
|
+
sourceCompatibility = 1.7
|
19
|
+
targetCompatibility = 1.7
|
20
|
+
|
21
|
+
dependencies {
|
22
|
+
compile "org.embulk:embulk-core:0.8.6"
|
23
|
+
provided "org.embulk:embulk-core:0.8.6"
|
24
|
+
// compile "YOUR_JAR_DEPENDENCY_GROUP:YOUR_JAR_DEPENDENCY_MODULE:YOUR_JAR_DEPENDENCY_VERSION"
|
25
|
+
testCompile "junit:junit:4.+"
|
26
|
+
}
|
27
|
+
|
28
|
+
task classpath(type: Copy, dependsOn: ["jar"]) {
|
29
|
+
doFirst { file("classpath").deleteDir() }
|
30
|
+
from (configurations.runtime - configurations.provided + files(jar.archivePath))
|
31
|
+
into "classpath"
|
32
|
+
}
|
33
|
+
clean { delete "classpath" }
|
34
|
+
|
35
|
+
checkstyle {
|
36
|
+
configFile = file("${project.rootDir}/config/checkstyle/checkstyle.xml")
|
37
|
+
toolVersion = '6.14.1'
|
38
|
+
}
|
39
|
+
checkstyleMain {
|
40
|
+
configFile = file("${project.rootDir}/config/checkstyle/default.xml")
|
41
|
+
ignoreFailures = true
|
42
|
+
}
|
43
|
+
checkstyleTest {
|
44
|
+
configFile = file("${project.rootDir}/config/checkstyle/default.xml")
|
45
|
+
ignoreFailures = true
|
46
|
+
}
|
47
|
+
task checkstyle(type: Checkstyle) {
|
48
|
+
classpath = sourceSets.main.output + sourceSets.test.output
|
49
|
+
source = sourceSets.main.allJava + sourceSets.test.allJava
|
50
|
+
}
|
51
|
+
|
52
|
+
task gem(type: JRubyExec, dependsOn: ["gemspec", "classpath"]) {
|
53
|
+
jrubyArgs "-rrubygems/gem_runner", "-eGem::GemRunner.new.run(ARGV)", "build"
|
54
|
+
script "${project.name}.gemspec"
|
55
|
+
doLast { ant.move(file: "${project.name}-${project.version}.gem", todir: "pkg") }
|
56
|
+
}
|
57
|
+
|
58
|
+
task gemPush(type: JRubyExec, dependsOn: ["gem"]) {
|
59
|
+
jrubyArgs "-rrubygems/gem_runner", "-eGem::GemRunner.new.run(ARGV)", "push"
|
60
|
+
script "pkg/${project.name}-${project.version}.gem"
|
61
|
+
}
|
62
|
+
|
63
|
+
task "package"(dependsOn: ["gemspec", "classpath"]) << {
|
64
|
+
println "> Build succeeded."
|
65
|
+
println "> You can run embulk with '-L ${file(".").absolutePath}' argument."
|
66
|
+
}
|
67
|
+
|
68
|
+
task gemspec {
|
69
|
+
ext.gemspecFile = file("${project.name}.gemspec")
|
70
|
+
inputs.file "build.gradle"
|
71
|
+
outputs.file gemspecFile
|
72
|
+
doLast { gemspecFile.write($/
|
73
|
+
Gem::Specification.new do |spec|
|
74
|
+
spec.name = "${project.name}"
|
75
|
+
spec.version = "${project.version}"
|
76
|
+
spec.authors = ["Sadayuki Furuhashi"]
|
77
|
+
spec.summary = %[Encrypt columns using AES]
|
78
|
+
spec.description = %[Encrypt]
|
79
|
+
spec.email = ["frsyuki@gmail.com"]
|
80
|
+
spec.licenses = ["Apache 2.0"]
|
81
|
+
spec.homepage = "https://github.com/embulk/embulk-filter-encrypt"
|
82
|
+
|
83
|
+
spec.files = `git ls-files`.split("\n") + Dir["classpath/*.jar"]
|
84
|
+
spec.test_files = spec.files.grep(%r"^(test|spec)/")
|
85
|
+
spec.require_paths = ["lib"]
|
86
|
+
|
87
|
+
#spec.add_dependency 'YOUR_GEM_DEPENDENCY', ['~> YOUR_GEM_DEPENDENCY_VERSION']
|
88
|
+
spec.add_development_dependency 'bundler', ['~> 1.0']
|
89
|
+
spec.add_development_dependency 'rake', ['>= 10.0']
|
90
|
+
end
|
91
|
+
/$)
|
92
|
+
}
|
93
|
+
}
|
94
|
+
clean { delete "${project.name}.gemspec" }
|
@@ -0,0 +1,128 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<!DOCTYPE module PUBLIC
|
3
|
+
"-//Puppy Crawl//DTD Check Configuration 1.3//EN"
|
4
|
+
"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
|
5
|
+
<module name="Checker">
|
6
|
+
<!-- https://github.com/facebook/presto/blob/master/src/checkstyle/checks.xml -->
|
7
|
+
<module name="FileTabCharacter"/>
|
8
|
+
<module name="NewlineAtEndOfFile">
|
9
|
+
<property name="lineSeparator" value="lf"/>
|
10
|
+
</module>
|
11
|
+
<module name="RegexpMultiline">
|
12
|
+
<property name="format" value="\r"/>
|
13
|
+
<property name="message" value="Line contains carriage return"/>
|
14
|
+
</module>
|
15
|
+
<module name="RegexpMultiline">
|
16
|
+
<property name="format" value=" \n"/>
|
17
|
+
<property name="message" value="Line has trailing whitespace"/>
|
18
|
+
</module>
|
19
|
+
<module name="RegexpMultiline">
|
20
|
+
<property name="format" value="\{\n\n"/>
|
21
|
+
<property name="message" value="Blank line after opening brace"/>
|
22
|
+
</module>
|
23
|
+
<module name="RegexpMultiline">
|
24
|
+
<property name="format" value="\n\n\s*\}"/>
|
25
|
+
<property name="message" value="Blank line before closing brace"/>
|
26
|
+
</module>
|
27
|
+
<module name="RegexpMultiline">
|
28
|
+
<property name="format" value="\n\n\n"/>
|
29
|
+
<property name="message" value="Multiple consecutive blank lines"/>
|
30
|
+
</module>
|
31
|
+
<module name="RegexpMultiline">
|
32
|
+
<property name="format" value="\n\n\Z"/>
|
33
|
+
<property name="message" value="Blank line before end of file"/>
|
34
|
+
</module>
|
35
|
+
<module name="RegexpMultiline">
|
36
|
+
<property name="format" value="Preconditions\.checkNotNull"/>
|
37
|
+
<property name="message" value="Use of checkNotNull"/>
|
38
|
+
</module>
|
39
|
+
|
40
|
+
<module name="TreeWalker">
|
41
|
+
<module name="EmptyBlock">
|
42
|
+
<property name="option" value="text"/>
|
43
|
+
<property name="tokens" value="
|
44
|
+
LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_IF,
|
45
|
+
LITERAL_FOR, LITERAL_TRY, LITERAL_WHILE, INSTANCE_INIT, STATIC_INIT"/>
|
46
|
+
</module>
|
47
|
+
<module name="EmptyStatement"/>
|
48
|
+
<module name="EmptyForInitializerPad"/>
|
49
|
+
<module name="EmptyForIteratorPad">
|
50
|
+
<property name="option" value="space"/>
|
51
|
+
</module>
|
52
|
+
<module name="MethodParamPad">
|
53
|
+
<property name="allowLineBreaks" value="true"/>
|
54
|
+
<property name="option" value="nospace"/>
|
55
|
+
</module>
|
56
|
+
<module name="ParenPad"/>
|
57
|
+
<module name="TypecastParenPad"/>
|
58
|
+
<module name="NeedBraces"/>
|
59
|
+
<module name="LeftCurly">
|
60
|
+
<property name="option" value="nl"/>
|
61
|
+
<property name="tokens" value="CLASS_DEF, CTOR_DEF, INTERFACE_DEF, METHOD_DEF"/>
|
62
|
+
</module>
|
63
|
+
<module name="LeftCurly">
|
64
|
+
<property name="option" value="eol"/>
|
65
|
+
<property name="tokens" value="
|
66
|
+
LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_FOR,
|
67
|
+
LITERAL_IF, LITERAL_SWITCH, LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE"/>
|
68
|
+
</module>
|
69
|
+
<module name="RightCurly">
|
70
|
+
<property name="option" value="alone"/>
|
71
|
+
</module>
|
72
|
+
<module name="GenericWhitespace"/>
|
73
|
+
<module name="WhitespaceAfter"/>
|
74
|
+
<module name="NoWhitespaceBefore"/>
|
75
|
+
|
76
|
+
<module name="UpperEll"/>
|
77
|
+
<module name="DefaultComesLast"/>
|
78
|
+
<module name="ArrayTypeStyle"/>
|
79
|
+
<module name="MultipleVariableDeclarations"/>
|
80
|
+
<module name="ModifierOrder"/>
|
81
|
+
<module name="OneStatementPerLine"/>
|
82
|
+
<module name="StringLiteralEquality"/>
|
83
|
+
<module name="MutableException"/>
|
84
|
+
<module name="EqualsHashCode"/>
|
85
|
+
<module name="InnerAssignment"/>
|
86
|
+
<module name="InterfaceIsType"/>
|
87
|
+
<module name="HideUtilityClassConstructor"/>
|
88
|
+
|
89
|
+
<module name="MemberName"/>
|
90
|
+
<module name="LocalVariableName"/>
|
91
|
+
<module name="LocalFinalVariableName"/>
|
92
|
+
<module name="TypeName"/>
|
93
|
+
<module name="PackageName"/>
|
94
|
+
<module name="ParameterName"/>
|
95
|
+
<module name="StaticVariableName"/>
|
96
|
+
<module name="ClassTypeParameterName">
|
97
|
+
<property name="format" value="^[A-Z][0-9]?$"/>
|
98
|
+
</module>
|
99
|
+
<module name="MethodTypeParameterName">
|
100
|
+
<property name="format" value="^[A-Z][0-9]?$"/>
|
101
|
+
</module>
|
102
|
+
|
103
|
+
<module name="AvoidStarImport"/>
|
104
|
+
<module name="RedundantImport"/>
|
105
|
+
<module name="UnusedImports"/>
|
106
|
+
<module name="ImportOrder">
|
107
|
+
<property name="groups" value="*,javax,java"/>
|
108
|
+
<property name="separated" value="true"/>
|
109
|
+
<property name="option" value="bottom"/>
|
110
|
+
<property name="sortStaticImportsAlphabetically" value="true"/>
|
111
|
+
</module>
|
112
|
+
|
113
|
+
<module name="WhitespaceAround">
|
114
|
+
<property name="allowEmptyConstructors" value="true"/>
|
115
|
+
<property name="allowEmptyMethods" value="true"/>
|
116
|
+
<property name="ignoreEnhancedForColon" value="false"/>
|
117
|
+
<property name="tokens" value="
|
118
|
+
ASSIGN, BAND, BAND_ASSIGN, BOR, BOR_ASSIGN, BSR, BSR_ASSIGN,
|
119
|
+
BXOR, BXOR_ASSIGN, COLON, DIV, DIV_ASSIGN, EQUAL, GE, GT, LAND, LE,
|
120
|
+
LITERAL_ASSERT, LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE,
|
121
|
+
LITERAL_FINALLY, LITERAL_FOR, LITERAL_IF, LITERAL_RETURN,
|
122
|
+
LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE,
|
123
|
+
LOR, LT, MINUS, MINUS_ASSIGN, MOD, MOD_ASSIGN, NOT_EQUAL,
|
124
|
+
PLUS, PLUS_ASSIGN, QUESTION, SL, SLIST, SL_ASSIGN, SR, SR_ASSIGN,
|
125
|
+
STAR, STAR_ASSIGN, TYPE_EXTENSION_AND"/>
|
126
|
+
</module>
|
127
|
+
</module>
|
128
|
+
</module>
|
@@ -0,0 +1,108 @@
|
|
1
|
+
<?xml version="1.0" encoding="UTF-8"?>
|
2
|
+
<!DOCTYPE module PUBLIC
|
3
|
+
"-//Puppy Crawl//DTD Check Configuration 1.3//EN"
|
4
|
+
"http://www.puppycrawl.com/dtds/configuration_1_3.dtd">
|
5
|
+
<!--
|
6
|
+
This is a subset of ./checkstyle.xml which allows some loose styles
|
7
|
+
-->
|
8
|
+
<module name="Checker">
|
9
|
+
<module name="FileTabCharacter"/>
|
10
|
+
<module name="NewlineAtEndOfFile">
|
11
|
+
<property name="lineSeparator" value="lf"/>
|
12
|
+
</module>
|
13
|
+
<module name="RegexpMultiline">
|
14
|
+
<property name="format" value="\r"/>
|
15
|
+
<property name="message" value="Line contains carriage return"/>
|
16
|
+
</module>
|
17
|
+
<module name="RegexpMultiline">
|
18
|
+
<property name="format" value=" \n"/>
|
19
|
+
<property name="message" value="Line has trailing whitespace"/>
|
20
|
+
</module>
|
21
|
+
<module name="RegexpMultiline">
|
22
|
+
<property name="format" value="\n\n\n"/>
|
23
|
+
<property name="message" value="Multiple consecutive blank lines"/>
|
24
|
+
</module>
|
25
|
+
<module name="RegexpMultiline">
|
26
|
+
<property name="format" value="\n\n\Z"/>
|
27
|
+
<property name="message" value="Blank line before end of file"/>
|
28
|
+
</module>
|
29
|
+
|
30
|
+
<module name="TreeWalker">
|
31
|
+
<module name="EmptyBlock">
|
32
|
+
<property name="option" value="text"/>
|
33
|
+
<property name="tokens" value="
|
34
|
+
LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_IF,
|
35
|
+
LITERAL_FOR, LITERAL_TRY, LITERAL_WHILE, INSTANCE_INIT, STATIC_INIT"/>
|
36
|
+
</module>
|
37
|
+
<module name="EmptyStatement"/>
|
38
|
+
<module name="EmptyForInitializerPad"/>
|
39
|
+
<module name="EmptyForIteratorPad">
|
40
|
+
<property name="option" value="space"/>
|
41
|
+
</module>
|
42
|
+
<module name="MethodParamPad">
|
43
|
+
<property name="allowLineBreaks" value="true"/>
|
44
|
+
<property name="option" value="nospace"/>
|
45
|
+
</module>
|
46
|
+
<module name="ParenPad"/>
|
47
|
+
<module name="TypecastParenPad"/>
|
48
|
+
<module name="NeedBraces"/>
|
49
|
+
<module name="LeftCurly">
|
50
|
+
<property name="option" value="nl"/>
|
51
|
+
<property name="tokens" value="CLASS_DEF, CTOR_DEF, INTERFACE_DEF, METHOD_DEF"/>
|
52
|
+
</module>
|
53
|
+
<module name="LeftCurly">
|
54
|
+
<property name="option" value="eol"/>
|
55
|
+
<property name="tokens" value="
|
56
|
+
LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE, LITERAL_FINALLY, LITERAL_FOR,
|
57
|
+
LITERAL_IF, LITERAL_SWITCH, LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE"/>
|
58
|
+
</module>
|
59
|
+
<module name="RightCurly">
|
60
|
+
<property name="option" value="alone"/>
|
61
|
+
</module>
|
62
|
+
<module name="GenericWhitespace"/>
|
63
|
+
<module name="WhitespaceAfter"/>
|
64
|
+
<module name="NoWhitespaceBefore"/>
|
65
|
+
|
66
|
+
<module name="UpperEll"/>
|
67
|
+
<module name="DefaultComesLast"/>
|
68
|
+
<module name="ArrayTypeStyle"/>
|
69
|
+
<module name="MultipleVariableDeclarations"/>
|
70
|
+
<module name="ModifierOrder"/>
|
71
|
+
<module name="OneStatementPerLine"/>
|
72
|
+
<module name="StringLiteralEquality"/>
|
73
|
+
<module name="MutableException"/>
|
74
|
+
<module name="EqualsHashCode"/>
|
75
|
+
<module name="InnerAssignment"/>
|
76
|
+
<module name="InterfaceIsType"/>
|
77
|
+
<module name="HideUtilityClassConstructor"/>
|
78
|
+
|
79
|
+
<module name="MemberName"/>
|
80
|
+
<module name="LocalVariableName"/>
|
81
|
+
<module name="LocalFinalVariableName"/>
|
82
|
+
<module name="TypeName"/>
|
83
|
+
<module name="PackageName"/>
|
84
|
+
<module name="ParameterName"/>
|
85
|
+
<module name="StaticVariableName"/>
|
86
|
+
<module name="ClassTypeParameterName">
|
87
|
+
<property name="format" value="^[A-Z][0-9]?$"/>
|
88
|
+
</module>
|
89
|
+
<module name="MethodTypeParameterName">
|
90
|
+
<property name="format" value="^[A-Z][0-9]?$"/>
|
91
|
+
</module>
|
92
|
+
|
93
|
+
<module name="WhitespaceAround">
|
94
|
+
<property name="allowEmptyConstructors" value="true"/>
|
95
|
+
<property name="allowEmptyMethods" value="true"/>
|
96
|
+
<property name="ignoreEnhancedForColon" value="false"/>
|
97
|
+
<property name="tokens" value="
|
98
|
+
ASSIGN, BAND, BAND_ASSIGN, BOR, BOR_ASSIGN, BSR, BSR_ASSIGN,
|
99
|
+
BXOR, BXOR_ASSIGN, COLON, DIV, DIV_ASSIGN, EQUAL, GE, GT, LAND, LE,
|
100
|
+
LITERAL_ASSERT, LITERAL_CATCH, LITERAL_DO, LITERAL_ELSE,
|
101
|
+
LITERAL_FINALLY, LITERAL_FOR, LITERAL_IF, LITERAL_RETURN,
|
102
|
+
LITERAL_SYNCHRONIZED, LITERAL_TRY, LITERAL_WHILE,
|
103
|
+
LOR, LT, MINUS, MINUS_ASSIGN, MOD, MOD_ASSIGN, NOT_EQUAL,
|
104
|
+
PLUS, PLUS_ASSIGN, QUESTION, SL, SLIST, SL_ASSIGN, SR, SR_ASSIGN,
|
105
|
+
STAR, STAR_ASSIGN, TYPE_EXTENSION_AND"/>
|
106
|
+
</module>
|
107
|
+
</module>
|
108
|
+
</module>
|
data/example.csv.gz
ADDED
Binary file
|
data/example.yml
ADDED
@@ -0,0 +1,30 @@
|
|
1
|
+
in:
|
2
|
+
type: file
|
3
|
+
path_prefix: example.csv.gz
|
4
|
+
decoders:
|
5
|
+
- {type: gzip}
|
6
|
+
parser:
|
7
|
+
charset: UTF-8
|
8
|
+
newline: CRLF
|
9
|
+
type: csv
|
10
|
+
delimiter: ','
|
11
|
+
quote: '"'
|
12
|
+
escape: '"'
|
13
|
+
trim_if_not_quoted: false
|
14
|
+
skip_header_lines: 1
|
15
|
+
allow_extra_columns: false
|
16
|
+
allow_optional_columns: false
|
17
|
+
columns:
|
18
|
+
- {name: id, type: long}
|
19
|
+
- {name: account, type: long}
|
20
|
+
- {name: time, type: timestamp, format: '%Y-%m-%d %H:%M:%S'}
|
21
|
+
- {name: purchase, type: timestamp, format: '%Y%m%d'}
|
22
|
+
- {name: comment, type: string}
|
23
|
+
filters:
|
24
|
+
- type: encrypt
|
25
|
+
algorithm: AES-256-CBC
|
26
|
+
key_hex: EBD94058365DBC518E794FB4A2B7E11C1DE5796FC81E280624D3F583B8A900C6
|
27
|
+
iv_hex: 2297945158ED983BD4B967C4B37B663B
|
28
|
+
column_names: [comment]
|
29
|
+
out:
|
30
|
+
type: stdout
|
data/genkey.rb
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
#/usr/bin/env ruby
|
2
|
+
require 'openssl'
|
3
|
+
|
4
|
+
if ARGV.length != 2
|
5
|
+
puts "Usage: #{$0} <algorithm> <password>"
|
6
|
+
exit 1
|
7
|
+
end
|
8
|
+
|
9
|
+
cipher = OpenSSL::Cipher.new ARGV[0]
|
10
|
+
password = ARGV[1]
|
11
|
+
|
12
|
+
cipher.encrypt
|
13
|
+
iv = cipher.random_iv
|
14
|
+
salt = OpenSSL::Random.random_bytes(16)
|
15
|
+
key = OpenSSL::PKCS5.pbkdf2_hmac(password, salt, 20000, cipher.key_len, OpenSSL::Digest::SHA256.new)
|
16
|
+
|
17
|
+
puts "key=#{key.unpack('H*')[0].upcase}"
|
18
|
+
puts "iv =#{iv.unpack('H*')[0].upcase}"
|
19
|
+
|
Binary file
|
data/gradlew
ADDED
@@ -0,0 +1,160 @@
|
|
1
|
+
#!/usr/bin/env bash
|
2
|
+
|
3
|
+
##############################################################################
|
4
|
+
##
|
5
|
+
## Gradle start up script for UN*X
|
6
|
+
##
|
7
|
+
##############################################################################
|
8
|
+
|
9
|
+
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
10
|
+
DEFAULT_JVM_OPTS=""
|
11
|
+
|
12
|
+
APP_NAME="Gradle"
|
13
|
+
APP_BASE_NAME=`basename "$0"`
|
14
|
+
|
15
|
+
# Use the maximum available, or set MAX_FD != -1 to use that value.
|
16
|
+
MAX_FD="maximum"
|
17
|
+
|
18
|
+
warn ( ) {
|
19
|
+
echo "$*"
|
20
|
+
}
|
21
|
+
|
22
|
+
die ( ) {
|
23
|
+
echo
|
24
|
+
echo "$*"
|
25
|
+
echo
|
26
|
+
exit 1
|
27
|
+
}
|
28
|
+
|
29
|
+
# OS specific support (must be 'true' or 'false').
|
30
|
+
cygwin=false
|
31
|
+
msys=false
|
32
|
+
darwin=false
|
33
|
+
case "`uname`" in
|
34
|
+
CYGWIN* )
|
35
|
+
cygwin=true
|
36
|
+
;;
|
37
|
+
Darwin* )
|
38
|
+
darwin=true
|
39
|
+
;;
|
40
|
+
MINGW* )
|
41
|
+
msys=true
|
42
|
+
;;
|
43
|
+
esac
|
44
|
+
|
45
|
+
# Attempt to set APP_HOME
|
46
|
+
# Resolve links: $0 may be a link
|
47
|
+
PRG="$0"
|
48
|
+
# Need this for relative symlinks.
|
49
|
+
while [ -h "$PRG" ] ; do
|
50
|
+
ls=`ls -ld "$PRG"`
|
51
|
+
link=`expr "$ls" : '.*-> \(.*\)$'`
|
52
|
+
if expr "$link" : '/.*' > /dev/null; then
|
53
|
+
PRG="$link"
|
54
|
+
else
|
55
|
+
PRG=`dirname "$PRG"`"/$link"
|
56
|
+
fi
|
57
|
+
done
|
58
|
+
SAVED="`pwd`"
|
59
|
+
cd "`dirname \"$PRG\"`/" >/dev/null
|
60
|
+
APP_HOME="`pwd -P`"
|
61
|
+
cd "$SAVED" >/dev/null
|
62
|
+
|
63
|
+
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
|
64
|
+
|
65
|
+
# Determine the Java command to use to start the JVM.
|
66
|
+
if [ -n "$JAVA_HOME" ] ; then
|
67
|
+
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
|
68
|
+
# IBM's JDK on AIX uses strange locations for the executables
|
69
|
+
JAVACMD="$JAVA_HOME/jre/sh/java"
|
70
|
+
else
|
71
|
+
JAVACMD="$JAVA_HOME/bin/java"
|
72
|
+
fi
|
73
|
+
if [ ! -x "$JAVACMD" ] ; then
|
74
|
+
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
|
75
|
+
|
76
|
+
Please set the JAVA_HOME variable in your environment to match the
|
77
|
+
location of your Java installation."
|
78
|
+
fi
|
79
|
+
else
|
80
|
+
JAVACMD="java"
|
81
|
+
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
82
|
+
|
83
|
+
Please set the JAVA_HOME variable in your environment to match the
|
84
|
+
location of your Java installation."
|
85
|
+
fi
|
86
|
+
|
87
|
+
# Increase the maximum file descriptors if we can.
|
88
|
+
if [ "$cygwin" = "false" -a "$darwin" = "false" ] ; then
|
89
|
+
MAX_FD_LIMIT=`ulimit -H -n`
|
90
|
+
if [ $? -eq 0 ] ; then
|
91
|
+
if [ "$MAX_FD" = "maximum" -o "$MAX_FD" = "max" ] ; then
|
92
|
+
MAX_FD="$MAX_FD_LIMIT"
|
93
|
+
fi
|
94
|
+
ulimit -n $MAX_FD
|
95
|
+
if [ $? -ne 0 ] ; then
|
96
|
+
warn "Could not set maximum file descriptor limit: $MAX_FD"
|
97
|
+
fi
|
98
|
+
else
|
99
|
+
warn "Could not query maximum file descriptor limit: $MAX_FD_LIMIT"
|
100
|
+
fi
|
101
|
+
fi
|
102
|
+
|
103
|
+
# For Darwin, add options to specify how the application appears in the dock
|
104
|
+
if $darwin; then
|
105
|
+
GRADLE_OPTS="$GRADLE_OPTS \"-Xdock:name=$APP_NAME\" \"-Xdock:icon=$APP_HOME/media/gradle.icns\""
|
106
|
+
fi
|
107
|
+
|
108
|
+
# For Cygwin, switch paths to Windows format before running java
|
109
|
+
if $cygwin ; then
|
110
|
+
APP_HOME=`cygpath --path --mixed "$APP_HOME"`
|
111
|
+
CLASSPATH=`cygpath --path --mixed "$CLASSPATH"`
|
112
|
+
JAVACMD=`cygpath --unix "$JAVACMD"`
|
113
|
+
|
114
|
+
# We build the pattern for arguments to be converted via cygpath
|
115
|
+
ROOTDIRSRAW=`find -L / -maxdepth 1 -mindepth 1 -type d 2>/dev/null`
|
116
|
+
SEP=""
|
117
|
+
for dir in $ROOTDIRSRAW ; do
|
118
|
+
ROOTDIRS="$ROOTDIRS$SEP$dir"
|
119
|
+
SEP="|"
|
120
|
+
done
|
121
|
+
OURCYGPATTERN="(^($ROOTDIRS))"
|
122
|
+
# Add a user-defined pattern to the cygpath arguments
|
123
|
+
if [ "$GRADLE_CYGPATTERN" != "" ] ; then
|
124
|
+
OURCYGPATTERN="$OURCYGPATTERN|($GRADLE_CYGPATTERN)"
|
125
|
+
fi
|
126
|
+
# Now convert the arguments - kludge to limit ourselves to /bin/sh
|
127
|
+
i=0
|
128
|
+
for arg in "$@" ; do
|
129
|
+
CHECK=`echo "$arg"|egrep -c "$OURCYGPATTERN" -`
|
130
|
+
CHECK2=`echo "$arg"|egrep -c "^-"` ### Determine if an option
|
131
|
+
|
132
|
+
if [ $CHECK -ne 0 ] && [ $CHECK2 -eq 0 ] ; then ### Added a condition
|
133
|
+
eval `echo args$i`=`cygpath --path --ignore --mixed "$arg"`
|
134
|
+
else
|
135
|
+
eval `echo args$i`="\"$arg\""
|
136
|
+
fi
|
137
|
+
i=$((i+1))
|
138
|
+
done
|
139
|
+
case $i in
|
140
|
+
(0) set -- ;;
|
141
|
+
(1) set -- "$args0" ;;
|
142
|
+
(2) set -- "$args0" "$args1" ;;
|
143
|
+
(3) set -- "$args0" "$args1" "$args2" ;;
|
144
|
+
(4) set -- "$args0" "$args1" "$args2" "$args3" ;;
|
145
|
+
(5) set -- "$args0" "$args1" "$args2" "$args3" "$args4" ;;
|
146
|
+
(6) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" ;;
|
147
|
+
(7) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" ;;
|
148
|
+
(8) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" ;;
|
149
|
+
(9) set -- "$args0" "$args1" "$args2" "$args3" "$args4" "$args5" "$args6" "$args7" "$args8" ;;
|
150
|
+
esac
|
151
|
+
fi
|
152
|
+
|
153
|
+
# Split up the JVM_OPTS And GRADLE_OPTS values into an array, following the shell quoting and substitution rules
|
154
|
+
function splitJvmOpts() {
|
155
|
+
JVM_OPTS=("$@")
|
156
|
+
}
|
157
|
+
eval splitJvmOpts $DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS
|
158
|
+
JVM_OPTS[${#JVM_OPTS[*]}]="-Dorg.gradle.appname=$APP_BASE_NAME"
|
159
|
+
|
160
|
+
exec "$JAVACMD" "${JVM_OPTS[@]}" -classpath "$CLASSPATH" org.gradle.wrapper.GradleWrapperMain "$@"
|
data/gradlew.bat
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
@if "%DEBUG%" == "" @echo off
|
2
|
+
@rem ##########################################################################
|
3
|
+
@rem
|
4
|
+
@rem Gradle startup script for Windows
|
5
|
+
@rem
|
6
|
+
@rem ##########################################################################
|
7
|
+
|
8
|
+
@rem Set local scope for the variables with windows NT shell
|
9
|
+
if "%OS%"=="Windows_NT" setlocal
|
10
|
+
|
11
|
+
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
|
12
|
+
set DEFAULT_JVM_OPTS=
|
13
|
+
|
14
|
+
set DIRNAME=%~dp0
|
15
|
+
if "%DIRNAME%" == "" set DIRNAME=.
|
16
|
+
set APP_BASE_NAME=%~n0
|
17
|
+
set APP_HOME=%DIRNAME%
|
18
|
+
|
19
|
+
@rem Find java.exe
|
20
|
+
if defined JAVA_HOME goto findJavaFromJavaHome
|
21
|
+
|
22
|
+
set JAVA_EXE=java.exe
|
23
|
+
%JAVA_EXE% -version >NUL 2>&1
|
24
|
+
if "%ERRORLEVEL%" == "0" goto init
|
25
|
+
|
26
|
+
echo.
|
27
|
+
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
|
28
|
+
echo.
|
29
|
+
echo Please set the JAVA_HOME variable in your environment to match the
|
30
|
+
echo location of your Java installation.
|
31
|
+
|
32
|
+
goto fail
|
33
|
+
|
34
|
+
:findJavaFromJavaHome
|
35
|
+
set JAVA_HOME=%JAVA_HOME:"=%
|
36
|
+
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
|
37
|
+
|
38
|
+
if exist "%JAVA_EXE%" goto init
|
39
|
+
|
40
|
+
echo.
|
41
|
+
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
|
42
|
+
echo.
|
43
|
+
echo Please set the JAVA_HOME variable in your environment to match the
|
44
|
+
echo location of your Java installation.
|
45
|
+
|
46
|
+
goto fail
|
47
|
+
|
48
|
+
:init
|
49
|
+
@rem Get command-line arguments, handling Windowz variants
|
50
|
+
|
51
|
+
if not "%OS%" == "Windows_NT" goto win9xME_args
|
52
|
+
if "%@eval[2+2]" == "4" goto 4NT_args
|
53
|
+
|
54
|
+
:win9xME_args
|
55
|
+
@rem Slurp the command line arguments.
|
56
|
+
set CMD_LINE_ARGS=
|
57
|
+
set _SKIP=2
|
58
|
+
|
59
|
+
:win9xME_args_slurp
|
60
|
+
if "x%~1" == "x" goto execute
|
61
|
+
|
62
|
+
set CMD_LINE_ARGS=%*
|
63
|
+
goto execute
|
64
|
+
|
65
|
+
:4NT_args
|
66
|
+
@rem Get arguments from the 4NT Shell from JP Software
|
67
|
+
set CMD_LINE_ARGS=%$
|
68
|
+
|
69
|
+
:execute
|
70
|
+
@rem Setup the command line
|
71
|
+
|
72
|
+
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
|
73
|
+
|
74
|
+
@rem Execute Gradle
|
75
|
+
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %CMD_LINE_ARGS%
|
76
|
+
|
77
|
+
:end
|
78
|
+
@rem End local scope for the variables with windows NT shell
|
79
|
+
if "%ERRORLEVEL%"=="0" goto mainEnd
|
80
|
+
|
81
|
+
:fail
|
82
|
+
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
|
83
|
+
rem the _cmd.exe /c_ return code!
|
84
|
+
if not "" == "%GRADLE_EXIT_CONSOLE%" exit 1
|
85
|
+
exit /b 1
|
86
|
+
|
87
|
+
:mainEnd
|
88
|
+
if "%OS%"=="Windows_NT" endlocal
|
89
|
+
|
90
|
+
:omega
|
@@ -0,0 +1,329 @@
|
|
1
|
+
package org.embulk.filter.encrypt;
|
2
|
+
|
3
|
+
import java.util.List;
|
4
|
+
import java.util.Set;
|
5
|
+
import java.util.HashSet;
|
6
|
+
import java.util.EnumSet;
|
7
|
+
import javax.crypto.Cipher;
|
8
|
+
import javax.crypto.SecretKey;
|
9
|
+
import javax.crypto.SecretKeyFactory;
|
10
|
+
import javax.crypto.spec.SecretKeySpec;
|
11
|
+
import javax.crypto.spec.IvParameterSpec;
|
12
|
+
import javax.crypto.spec.PBEKeySpec;
|
13
|
+
import javax.crypto.NoSuchPaddingException;
|
14
|
+
import javax.crypto.BadPaddingException;
|
15
|
+
import javax.crypto.IllegalBlockSizeException;
|
16
|
+
import java.security.AlgorithmParameters;
|
17
|
+
import java.security.InvalidKeyException;
|
18
|
+
import java.security.NoSuchAlgorithmException;
|
19
|
+
import java.security.InvalidAlgorithmParameterException;
|
20
|
+
import java.security.spec.KeySpec;
|
21
|
+
import com.fasterxml.jackson.annotation.JsonCreator;
|
22
|
+
import com.fasterxml.jackson.annotation.JsonValue;
|
23
|
+
import com.google.common.base.Optional;
|
24
|
+
import com.google.common.io.BaseEncoding;
|
25
|
+
import org.embulk.config.Config;
|
26
|
+
import org.embulk.config.ConfigDefault;
|
27
|
+
import org.embulk.config.ConfigDiff;
|
28
|
+
import org.embulk.config.ConfigSource;
|
29
|
+
import org.embulk.config.Task;
|
30
|
+
import org.embulk.config.TaskSource;
|
31
|
+
import org.embulk.config.ConfigException;
|
32
|
+
import org.embulk.spi.Column;
|
33
|
+
import org.embulk.spi.DataException;
|
34
|
+
import org.embulk.spi.ColumnVisitor;
|
35
|
+
import org.embulk.spi.type.StringType;
|
36
|
+
import org.embulk.spi.Exec;
|
37
|
+
import org.embulk.spi.FilterPlugin;
|
38
|
+
import org.embulk.spi.Page;
|
39
|
+
import org.embulk.spi.PageBuilder;
|
40
|
+
import org.embulk.spi.PageReader;
|
41
|
+
import org.embulk.spi.PageOutput;
|
42
|
+
import org.embulk.spi.Schema;
|
43
|
+
import org.embulk.spi.time.Timestamp;
|
44
|
+
import static java.nio.charset.StandardCharsets.UTF_8;
|
45
|
+
|
46
|
+
public class EncryptFilterPlugin
|
47
|
+
implements FilterPlugin
|
48
|
+
{
|
49
|
+
public static enum Algorithm
|
50
|
+
{
|
51
|
+
AES_256_CBC("AES/CBC/PKCS5Padding", "AES", 256, true, "AES", "AES-256", "AES-256-CBC"),
|
52
|
+
AES_192_CBC("AES/CBC/PKCS5Padding", "AES", 192, true, "AES", "AES-192", "AES-192-CBC"),
|
53
|
+
AES_128_CBC("AES/CBC/PKCS5Padding", "AES", 128, true, "AES", "AES-128", "AES-128-CBC"),
|
54
|
+
AES_256_ECB("AES/ECB/PKCS5Padding", "AES", 256, false, "AES", "AES-256", "AES-256-ECB"),
|
55
|
+
AES_192_ECB("AES/ECB/PKCS5Padding", "AES", 192, false, "AES", "AES-192", "AES-192-ECB"),
|
56
|
+
AES_128_ECB("AES/ECB/PKCS5Padding", "AES", 128, false, "AES", "AES-128", "AES-128-ECB"),
|
57
|
+
;
|
58
|
+
|
59
|
+
private final String javaName;
|
60
|
+
private final String javaKeySpecName;
|
61
|
+
private final int keyLength;
|
62
|
+
private final boolean useIv;
|
63
|
+
private String[] displayNames;
|
64
|
+
|
65
|
+
private Algorithm(String javaName, String javaKeySpecName, int keyLength, boolean useIv, String... displayNames)
|
66
|
+
{
|
67
|
+
this.javaName = javaName;
|
68
|
+
this.javaKeySpecName = javaKeySpecName;
|
69
|
+
this.keyLength = keyLength;
|
70
|
+
this.useIv = useIv;
|
71
|
+
this.displayNames = displayNames;
|
72
|
+
}
|
73
|
+
|
74
|
+
public String getJavaName()
|
75
|
+
{
|
76
|
+
return javaName;
|
77
|
+
}
|
78
|
+
|
79
|
+
public String getJavaKeySpecName()
|
80
|
+
{
|
81
|
+
return javaKeySpecName;
|
82
|
+
}
|
83
|
+
|
84
|
+
public int getKeyLength()
|
85
|
+
{
|
86
|
+
return keyLength;
|
87
|
+
}
|
88
|
+
|
89
|
+
public boolean useIv()
|
90
|
+
{
|
91
|
+
return useIv;
|
92
|
+
}
|
93
|
+
|
94
|
+
@JsonCreator
|
95
|
+
public static Algorithm fromName(String name)
|
96
|
+
{
|
97
|
+
for (Algorithm algo : EnumSet.allOf(Algorithm.class)) {
|
98
|
+
for (String n : algo.displayNames) {
|
99
|
+
if (n.equals(name)) {
|
100
|
+
return algo;
|
101
|
+
}
|
102
|
+
}
|
103
|
+
}
|
104
|
+
throw new ConfigException("Unsupported algorithm '" + name + "'. Supported algorithms are AES-256-CBC, AES-192-CBC, AES-128-CBC.");
|
105
|
+
}
|
106
|
+
|
107
|
+
@JsonValue
|
108
|
+
@Override
|
109
|
+
public String toString()
|
110
|
+
{
|
111
|
+
return displayNames[displayNames.length - 1];
|
112
|
+
}
|
113
|
+
}
|
114
|
+
|
115
|
+
public interface PluginTask
|
116
|
+
extends Task
|
117
|
+
{
|
118
|
+
@Config("algorithm")
|
119
|
+
public Algorithm getAlgorithm();
|
120
|
+
|
121
|
+
@Config("key_hex")
|
122
|
+
@ConfigDefault("null")
|
123
|
+
public Optional<String> getKeyHex();
|
124
|
+
|
125
|
+
@Config("iv_hex")
|
126
|
+
@ConfigDefault("null")
|
127
|
+
public Optional<String> getIvHex();
|
128
|
+
|
129
|
+
@Config("column_names")
|
130
|
+
public List<String> getColumnNames();
|
131
|
+
}
|
132
|
+
|
133
|
+
@Override
|
134
|
+
public void transaction(ConfigSource config, Schema inputSchema,
|
135
|
+
FilterPlugin.Control control)
|
136
|
+
{
|
137
|
+
PluginTask task = config.loadConfig(PluginTask.class);
|
138
|
+
|
139
|
+
if (!task.getKeyHex().isPresent()) {
|
140
|
+
}
|
141
|
+
else if (task.getAlgorithm().useIv() && !task.getIvHex().isPresent()) {
|
142
|
+
throw new ConfigException("Algorithm '" + task.getAlgorithm() + "' requires initialization vector. Please generate one and set it to iv_hex option.");
|
143
|
+
}
|
144
|
+
else if (!task.getAlgorithm().useIv() && task.getIvHex().isPresent()) {
|
145
|
+
throw new ConfigException("Algorithm '" + task.getAlgorithm() + "' doesn't use initialization vector. Please remove iv_hex option.");
|
146
|
+
}
|
147
|
+
|
148
|
+
// validate configuration
|
149
|
+
try {
|
150
|
+
getCipher(Cipher.ENCRYPT_MODE, task);
|
151
|
+
}
|
152
|
+
catch (Exception ex) {
|
153
|
+
throw new ConfigException(ex);
|
154
|
+
}
|
155
|
+
|
156
|
+
// validate column_names
|
157
|
+
for (String name : task.getColumnNames()) {
|
158
|
+
inputSchema.lookupColumn(name);
|
159
|
+
}
|
160
|
+
|
161
|
+
control.run(task.dump(), inputSchema);
|
162
|
+
}
|
163
|
+
|
164
|
+
private Cipher getCipher(int mode, PluginTask task)
|
165
|
+
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, NoSuchPaddingException, InvalidKeyException
|
166
|
+
{
|
167
|
+
Algorithm algo = task.getAlgorithm();
|
168
|
+
|
169
|
+
byte[] keyData = BaseEncoding.base16().decode(task.getKeyHex().get());
|
170
|
+
SecretKeySpec key = new SecretKeySpec(keyData, algo.getJavaKeySpecName());
|
171
|
+
|
172
|
+
if (algo.useIv()) {
|
173
|
+
byte[] ivData = BaseEncoding.base16().decode(task.getIvHex().get());
|
174
|
+
IvParameterSpec iv = new IvParameterSpec(ivData);
|
175
|
+
|
176
|
+
Cipher cipher = Cipher.getInstance(algo.getJavaName());
|
177
|
+
cipher.init(mode, key, iv);
|
178
|
+
return cipher;
|
179
|
+
}
|
180
|
+
else {
|
181
|
+
Cipher cipher = Cipher.getInstance(algo.getJavaName());
|
182
|
+
cipher.init(mode, key);
|
183
|
+
return cipher;
|
184
|
+
}
|
185
|
+
}
|
186
|
+
|
187
|
+
@Override
|
188
|
+
public PageOutput open(TaskSource taskSource, final Schema inputSchema,
|
189
|
+
final Schema outputSchema, final PageOutput output)
|
190
|
+
{
|
191
|
+
PluginTask task = taskSource.loadTask(PluginTask.class);
|
192
|
+
|
193
|
+
final Cipher cipher;
|
194
|
+
try {
|
195
|
+
cipher = getCipher(Cipher.ENCRYPT_MODE, task);
|
196
|
+
}
|
197
|
+
catch (Exception ex) {
|
198
|
+
throw new ConfigException(ex);
|
199
|
+
}
|
200
|
+
|
201
|
+
final int[] targetColumns = new int[task.getColumnNames().size()];
|
202
|
+
int i = 0;
|
203
|
+
for (String name : task.getColumnNames()) {
|
204
|
+
targetColumns[i++] = inputSchema.lookupColumn(name).getIndex();
|
205
|
+
}
|
206
|
+
|
207
|
+
return new PageOutput() {
|
208
|
+
private final PageReader pageReader = new PageReader(inputSchema);
|
209
|
+
private final PageBuilder pageBuilder = new PageBuilder(Exec.getBufferAllocator(), outputSchema, output);
|
210
|
+
private final BaseEncoding base64 = BaseEncoding.base64();
|
211
|
+
|
212
|
+
@Override
|
213
|
+
public void finish()
|
214
|
+
{
|
215
|
+
pageBuilder.finish();
|
216
|
+
}
|
217
|
+
|
218
|
+
@Override
|
219
|
+
public void close()
|
220
|
+
{
|
221
|
+
pageBuilder.close();
|
222
|
+
}
|
223
|
+
|
224
|
+
private boolean isTargetColumn(Column c)
|
225
|
+
{
|
226
|
+
for (int i = 0; i < targetColumns.length; i++) {
|
227
|
+
if (c.getIndex() == targetColumns[i]) {
|
228
|
+
return true;
|
229
|
+
}
|
230
|
+
}
|
231
|
+
return false;
|
232
|
+
}
|
233
|
+
|
234
|
+
@Override
|
235
|
+
public void add(Page page)
|
236
|
+
{
|
237
|
+
pageReader.setPage(page);
|
238
|
+
|
239
|
+
while (pageReader.nextRecord()) {
|
240
|
+
inputSchema.visitColumns(new ColumnVisitor() {
|
241
|
+
@Override
|
242
|
+
public void booleanColumn(Column column)
|
243
|
+
{
|
244
|
+
if (pageReader.isNull(column)) {
|
245
|
+
pageBuilder.setNull(column);
|
246
|
+
}
|
247
|
+
else {
|
248
|
+
pageBuilder.setBoolean(column, pageReader.getBoolean(column));
|
249
|
+
}
|
250
|
+
}
|
251
|
+
|
252
|
+
@Override
|
253
|
+
public void longColumn(Column column)
|
254
|
+
{
|
255
|
+
if (pageReader.isNull(column)) {
|
256
|
+
pageBuilder.setNull(column);
|
257
|
+
}
|
258
|
+
else {
|
259
|
+
pageBuilder.setLong(column, pageReader.getLong(column));
|
260
|
+
}
|
261
|
+
}
|
262
|
+
|
263
|
+
@Override
|
264
|
+
public void doubleColumn(Column column)
|
265
|
+
{
|
266
|
+
if (pageReader.isNull(column)) {
|
267
|
+
pageBuilder.setNull(column);
|
268
|
+
}
|
269
|
+
else {
|
270
|
+
pageBuilder.setDouble(column, pageReader.getDouble(column));
|
271
|
+
}
|
272
|
+
}
|
273
|
+
|
274
|
+
@Override
|
275
|
+
public void stringColumn(Column column)
|
276
|
+
{
|
277
|
+
if (pageReader.isNull(column)) {
|
278
|
+
pageBuilder.setNull(column);
|
279
|
+
}
|
280
|
+
else if (isTargetColumn(column)) {
|
281
|
+
String orig = pageReader.getString(column);
|
282
|
+
byte[] encrypted;
|
283
|
+
try {
|
284
|
+
encrypted = cipher.doFinal(orig.getBytes(UTF_8));
|
285
|
+
}
|
286
|
+
catch (BadPaddingException ex) {
|
287
|
+
// this must not happen because PKCS5Padding is always enabled
|
288
|
+
throw new DataException(ex);
|
289
|
+
}
|
290
|
+
catch (IllegalBlockSizeException ex) {
|
291
|
+
// this must not happen because always doFinal is called
|
292
|
+
throw new DataException(ex);
|
293
|
+
}
|
294
|
+
String encoded = base64.encode(encrypted);
|
295
|
+
pageBuilder.setString(column, encoded);
|
296
|
+
}
|
297
|
+
else {
|
298
|
+
pageBuilder.setString(column, pageReader.getString(column));
|
299
|
+
}
|
300
|
+
}
|
301
|
+
|
302
|
+
@Override
|
303
|
+
public void timestampColumn(Column column)
|
304
|
+
{
|
305
|
+
if (pageReader.isNull(column)) {
|
306
|
+
pageBuilder.setNull(column);
|
307
|
+
}
|
308
|
+
else {
|
309
|
+
pageBuilder.setTimestamp(column, pageReader.getTimestamp(column));
|
310
|
+
}
|
311
|
+
}
|
312
|
+
|
313
|
+
@Override
|
314
|
+
public void jsonColumn(Column column)
|
315
|
+
{
|
316
|
+
if (pageReader.isNull(column)) {
|
317
|
+
pageBuilder.setNull(column);
|
318
|
+
}
|
319
|
+
else {
|
320
|
+
pageBuilder.setJson(column, pageReader.getJson(column));
|
321
|
+
}
|
322
|
+
}
|
323
|
+
});
|
324
|
+
pageBuilder.addRecord();
|
325
|
+
}
|
326
|
+
}
|
327
|
+
};
|
328
|
+
}
|
329
|
+
}
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: embulk-filter-encrypt
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Sadayuki Furuhashi
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-03-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
version_requirements: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.0'
|
20
|
+
requirement: !ruby/object:Gem::Requirement
|
21
|
+
requirements:
|
22
|
+
- - ~>
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: '1.0'
|
25
|
+
prerelease: false
|
26
|
+
type: :development
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
version_requirements: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '10.0'
|
34
|
+
requirement: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - '>='
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '10.0'
|
39
|
+
prerelease: false
|
40
|
+
type: :development
|
41
|
+
description: Encrypt
|
42
|
+
email:
|
43
|
+
- frsyuki@gmail.com
|
44
|
+
executables: []
|
45
|
+
extensions: []
|
46
|
+
extra_rdoc_files: []
|
47
|
+
files:
|
48
|
+
- .gitignore
|
49
|
+
- ChangeLog
|
50
|
+
- LICENSE.txt
|
51
|
+
- README.md
|
52
|
+
- build.gradle
|
53
|
+
- config/checkstyle/checkstyle.xml
|
54
|
+
- config/checkstyle/default.xml
|
55
|
+
- example.csv.gz
|
56
|
+
- example.yml
|
57
|
+
- genkey.rb
|
58
|
+
- gradle/wrapper/gradle-wrapper.jar
|
59
|
+
- gradle/wrapper/gradle-wrapper.properties
|
60
|
+
- gradlew
|
61
|
+
- gradlew.bat
|
62
|
+
- lib/embulk/filter/encrypt.rb
|
63
|
+
- src/main/java/org/embulk/filter/encrypt/EncryptFilterPlugin.java
|
64
|
+
- src/test/java/org/embulk/filter/encrypt/TestEncryptFilterPlugin.java
|
65
|
+
- classpath/embulk-filter-encrypt-0.1.0.jar
|
66
|
+
homepage: https://github.com/embulk/embulk-filter-encrypt
|
67
|
+
licenses:
|
68
|
+
- Apache 2.0
|
69
|
+
metadata: {}
|
70
|
+
post_install_message:
|
71
|
+
rdoc_options: []
|
72
|
+
require_paths:
|
73
|
+
- lib
|
74
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - '>='
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
version: '0'
|
79
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
80
|
+
requirements:
|
81
|
+
- - '>='
|
82
|
+
- !ruby/object:Gem::Version
|
83
|
+
version: '0'
|
84
|
+
requirements: []
|
85
|
+
rubyforge_project:
|
86
|
+
rubygems_version: 2.1.9
|
87
|
+
signing_key:
|
88
|
+
specification_version: 4
|
89
|
+
summary: Encrypt columns using AES
|
90
|
+
test_files: []
|