fluent-plugin-aes-forward 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 2638e8e8e4b855dcf519924f0637a3f17c00ad8d
+  data.tar.gz: e0dff996a87812b92ff3b595214faac78b5f12aa
+SHA512:
+  metadata.gz: bf97f4d5981e9e231d209bddd225f48be6688da2b9a04e77211866780e1d01805e90d4281dcdb686e4f631c8a60a436feff29b51c2f0eee7d1aef72a464c14d6
+  data.tar.gz: a2e92c6cbe1d8b48e4420e15280d9a8ec170c0d3ae019812d7f263be36a053b68d31590e11a67176c9e12ad7418f378c96bdc512a236da1a1b7968cc7139a398

data/.gitignore

@@ -0,0 +1,18 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp
+vendor/

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-aes-forward.gemspec
+gemspec

data/README.md

@@ -0,0 +1,25 @@
+# Fluent AES forward plugin
+
+- This plugin is encrypt data at AES while transfer data.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'fluent-plugin-aes-forward'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install fluent-plugin-aes-forward
+
+# License
+
+[Apache License Version 2.0](http://www.apache.org/licenses/LICENSE-2.0)
+
+# Copyright
+
+Copyright (c) 2013 Aiming Inc.

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |test|
+  test.libs << "lib" << "test"
+  test.pattern = "test/**/test_*.rb"
+  test.verbose = true
+end
+
+task default: :test

data/fluent-plugin-aes-forward.gemspec

@@ -0,0 +1,24 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-aes-forward"
+  spec.version       = "0.0.1"
+  spec.authors       = ["futoase"]
+  spec.email         = ["futoase@gmail.com"]
+  spec.description   = %q{fluent plugin aes forward}
+  spec.summary       = %q{This plugin is encrypt data at AES while transfer data.}
+  spec.homepage      = "https://github.com/aiming/fluent-plugin-aes-forward"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+
+  spec.add_dependency "fluentd"
+end

data/lib/fluent/plugin/in_aes_forward.rb

@@ -0,0 +1,56 @@
+require "fluent/plugin/in_forward"
+require "openssl"
+require "base64"
+
+module Fluent
+  class AESForwardInput < ForwardInput
+    Fluent::Plugin.register_input('aes_forward', self)
+
+    config_param :key, :string, default: ""
+    config_param :iv, :string, default: ""
+
+    def decrypt_data(record)
+      decipher = OpenSSL::Cipher::AES.new(256, :CBC).decrypt
+      decipher.key = @key
+      decipher.iv = @iv
+      decipher.update(Base64.decode64(record)) + decipher.final
+    end
+
+    def on_message(msg)
+      if msg.nil?
+        # for future TCP heartbeat_request
+        return
+      end
+
+      # TODO format error
+      tag = msg[0].to_s
+      entries = decrypt_data(msg[1])
+
+      if entries.class == String
+        # PackedForward
+        es = MessagePackEventStream.new(entries, @cached_unpacker)
+        Engine.emit_stream(tag, es)
+
+      elsif entries.class == Array
+        # Forward
+        es = MultiEventStream.new
+        entries.each {|e|
+          record = e[1]
+          next if record.nil?
+          time = e[0].to_i
+          time = (now ||= Engine.now) if time == 0
+          es.add(time, record)
+        }
+        Engine.emit_stream(tag, es)
+
+      else
+        # Message
+        record = msg[2]
+        return if record.nil?
+        time = msg[1]
+        time = Engine.now if time == 0
+        Engine.emit(tag, time, record)
+      end
+    end
+  end
+end

data/lib/fluent/plugin/out_aes_forward.rb

@@ -0,0 +1,63 @@
+require "fluent/plugin/out_forward"
+require "fluent/plugin/buf_memory"
+require "base64"
+require "openssl"
+
+module Fluent
+
+  MemoryBufferChunk.class_eval do
+    def encrypt!(key, iv)
+      cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+      cipher.key = key
+      cipher.iv = iv
+      cipher.encrypt
+      @data = Base64.encode64(cipher.update(@data) + cipher.final)
+    end
+  end
+
+  class AESForwardOutput < ForwardOutput
+    Fluent::Plugin.register_output('aes_forward', self)
+
+    config_param :key, :string, default: ""
+    config_param :iv, :string, default: ""
+
+    def send_data(node, tag, chunk)
+      sock = connect(node)
+      begin
+        opt = [1, @send_timeout.to_i].pack('I!I!')  # { int l_onoff; int l_linger; }
+        sock.setsockopt(Socket::SOL_SOCKET, Socket::SO_LINGER, opt)
+
+        opt = [@send_timeout.to_i, 0].pack('L!L!')  # struct timeval
+        sock.setsockopt(Socket::SOL_SOCKET, Socket::SO_SNDTIMEO, opt)
+
+        # beginArray(2)
+        sock.write FORWARD_HEADER
+
+        # writeRaw(tag)
+        sock.write tag.to_msgpack  # tag
+
+        chunk.encrypt!(@key, @iv)
+
+        # beginRaw(size)
+        sz = chunk.size
+        #if sz < 32
+        #  # FixRaw
+        #  sock.write [0xa0 | sz].pack('C')
+        #elsif sz < 65536
+        #  # raw 16
+        #  sock.write [0xda, sz].pack('Cn')
+        #else
+        # raw 32
+        sock.write [0xdb, sz].pack('CN')
+        #end
+
+        # writeRawBody(packed_es)
+        chunk.write_to(sock)
+
+        node.heartbeat(false)
+      ensure
+        sock.close
+      end
+    end
+  end
+end

data/test/helper.rb

@@ -0,0 +1,21 @@
+require 'bundler'
+
+Bundler.setup(:default, :test)
+Bundler.require(:default, :test)
+
+require 'fluent/test'
+require 'test/unit'
+
+$:.unshift(File.join(File.dirname(__FILE__), '../lib'))
+$:.unshift(File.dirname(__FILE__))
+
+def unused_port
+  s = TCPServer.open(0)
+  port = s.addr[1]
+  s.close
+  port
+end
+
+require 'base64'
+require 'fluent/plugin/in_aes_forward'
+require 'fluent/plugin/out_aes_forward'

data/test/test_in_aes_forward.rb

@@ -0,0 +1,133 @@
+require_relative 'helper'
+
+class InAESForwardTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  PORT = unused_port
+  KEY = "hogehogehogehogehogehogehogehoge"
+  IV = "mogemogemogemogemogemogemogemoge"
+  CONFIG = %[
+    key  #{KEY}
+    iv   #{IV}
+    port #{PORT}
+    bind 127.0.0.1
+  ]
+
+  def create_driver(conf=CONFIG)
+    Fluent::Test::InputTestDriver.new(Fluent::AESForwardInput).configure(conf)
+  end
+
+  def test_configure
+    d = create_driver
+    assert_equal PORT, d.instance.port
+    assert_equal '127.0.0.1', d.instance.bind
+  end
+
+  def connect
+    TCPSocket.new('127.0.0.1', PORT)
+  end
+
+  def encrypt_data(data)
+    cipher = OpenSSL::Cipher::AES.new(256, :CBC).encrypt
+    cipher.key = KEY
+    cipher.iv = IV
+    Base64.encode64(cipher.update(Marshal.dump(data)) + cipher.final)
+  end
+
+  def test_time
+    d = create_driver
+
+    time = Time.parse("2011-01-02 13:14:15 UTC").to_i
+    Fluent::Engine.now = time
+
+    d.expect_emit "tag1", time, { "a" => 1 }
+    d.expect_emit "tag2", time, { "a" => 2 }
+
+    d.run do
+      d.expected_emits.each do |tag, time, record|
+        send_data [tag, 0, record].map { |x| encrypt_data(x) }.to_msgpack
+      end
+      sleep 0.5
+    end
+  end
+
+  def test_message
+    d = create_driver
+
+    time = Time.parse("2011-01-02 13:14:15 UTC").to_i
+
+    d.expect_emit "tag1", time, { "a" => 1 }
+    d.expect_emit "tag2", time, { "a" => 2 }
+
+    d.run do
+      d.expected_emits.each do |tag, time, record|
+        send_data [tag, time, record].map { |x| encrypt_data(x) }.to_msgpack
+      end
+      sleep 0.5
+    end
+  end
+
+  def test_forward
+    d = create_driver
+
+    time = Time.parse("2011-01-02 13:14:15 UTC").to_i
+
+    d.expect_emit "tag1", time, { "a" => 1 }
+    d.expect_emit "tag1", time, { "a" => 2 }
+
+    d.run do
+      entries = []
+      d.expected_emits.each do |tag, time, record|
+        entries << [time, record]
+      end
+      send_data ["tag1", entries].map { |x| encrypt_data(x) }.to_msgpack
+      sleep 0.5
+    end
+  end
+
+  def test_packed_forward
+    d = create_driver
+
+    time = Time.parse("2011-01-02 13:14:15 UTC").to_i
+
+    d.expect_emit "tag1", time, { "a" => 1 }
+    d.expect_emit "tag1", time, { "a" => 2 }
+
+    d.run do
+      entries = ''
+      d.expected_emits.each do |tag, time, record|
+        [time, record].to_msgpack(entries)
+      end
+      send_data ["tag1", entries].map { |x| encrypt_data(x) }.to_msgpack
+      sleep 0.5
+    end
+  end
+
+  def test_message_json
+    d = create_driver
+
+    time = Time.parse("2011-01-02 13:14:15 UTC").to_i
+
+    d.expect_emit "tag1", time, { "a" => 1 }
+    d.expect_emit "tag2", time, { "a" => 2 }
+
+    d.run do
+      d.expected_emits.each do |tag, time, record|
+        send_data [tag, time, record].map { |x| encrypt_data(x) }.to_json
+      end
+      sleep 0.5
+    end
+  end
+
+  def send_data(data)
+    io = connect
+    begin
+      io.write data
+    ensure
+      io.close
+    end
+  end
+
+end

data/test/test_out_aes_forward.rb

@@ -0,0 +1,45 @@
+require "openssl"
+
+class AESForwardOutputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    send_timeout 51
+    key  hogehogehogehogehogehogehogehoge
+    iv   mogemogemogemogemogemogemogemoge
+    <server>
+      name test
+      host 127.0.0.1
+      port 13999
+    </server>
+  ]
+
+  def create_driver(conf=CONFIG)
+    Fluent::Test::OutputTestDriver.new(Fluent::AESForwardOutput) do
+      def write(chunk)
+        chunk.read
+      end
+    end.configure(conf)
+  end
+  
+  def test_configure
+    d = create_driver
+    nodes = d.instance.nodes
+    assert_equal 51, d.instance.send_timeout
+    assert_equal :udp, d.instance.heartbeat_type
+    assert_equal 1, nodes.length
+    node = nodes.first
+    assert_equal "test", node.name
+    assert_equal '127.0.0.1', node.host
+    assert_equal 13999, node.port
+  end
+
+  def test_configure_tcp_heartbeat
+    d = create_driver(CONFIG + "\nheartbeat_type tcp")
+    assert_equal :tcp, d.instance.heartbeat_type
+  end
+
+
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-aes-forward
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- futoase
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-12-12 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: fluent plugin aes forward
+email:
+- futoase@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
+- README.md
+- Rakefile
+- fluent-plugin-aes-forward.gemspec
+- lib/fluent/plugin/in_aes_forward.rb
+- lib/fluent/plugin/out_aes_forward.rb
+- test/helper.rb
+- test/test_in_aes_forward.rb
+- test/test_out_aes_forward.rb
+homepage: https://github.com/aiming/fluent-plugin-aes-forward
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.3
+signing_key: 
+specification_version: 4
+summary: This plugin is encrypt data at AES while transfer data.
+test_files:
+- test/helper.rb
+- test/test_in_aes_forward.rb
+- test/test_out_aes_forward.rb