fluent-plugin-jwt-filter 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: c1a845ef248b3483055373fe08f0983fc53722c9
4
+ data.tar.gz: bb38737a51bbff5dd75c89bf64aa370a564ec73b
5
+ SHA512:
6
+ metadata.gz: 3f7141152a8eb55f6cdb876cd11cf6c9de7aa8f537f40349ecdece86675f75ff41b5301cd6efb78b53440ee5ff534332afea3ca3244eac23f6d9c7e446e26dce
7
+ data.tar.gz: 24fdd23f753ac3783a92b657ca1579913741bf6e54298e803541d363f1f857b95fa89e630c0ccb245a37ad8fb025f451355d7f6b253af8f45235ad56ab6a2853
@@ -0,0 +1,36 @@
1
+ *.gem
2
+ *.rbc
3
+ /.config
4
+ /coverage/
5
+ /InstalledFiles
6
+ /pkg/
7
+ /spec/reports/
8
+ /spec/examples.txt
9
+ /test/tmp/
10
+ /test/version_tmp/
11
+ /tmp/
12
+
13
+ ## Specific to RubyMotion:
14
+ .dat*
15
+ .repl_history
16
+ build/
17
+
18
+ ## Documentation cache and generated files:
19
+ /.yardoc/
20
+ /_yardoc/
21
+ /doc/
22
+ /rdoc/
23
+
24
+ ## Environment normalization:
25
+ /.bundle/
26
+ /vendor/bundle
27
+ /lib/bundler/man/
28
+
29
+ # for a library or gem, you might want to ignore these files since the code is
30
+ # intended to run in multiple environments; otherwise, check them in:
31
+ # Gemfile.lock
32
+ # .ruby-version
33
+ # .ruby-gemset
34
+
35
+ # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
36
+ .rvmrc
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in fluent-plugin-mqtt-io.gemspec
4
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ The MIT License (MIT)
2
+
3
+ Copyright (c) 2016 Toyokazu Akiyama
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,93 @@
1
+ # Fluent::Plugin::Jwt::Filter
2
+
3
+ Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key). This plugin uses [json-jwt](https://github.com/nov/json-jwt) to encrypt/decrypt messages.
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'fluent-plugin-jwt-filter'
10
+
11
+ And then execute:
12
+
13
+ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ gem install fluent-plugin-jwt-filter
18
+
19
+ ## Usage
20
+
21
+ fluent-plugin-jwt-filter provides encrypt and decrypt of messages.
22
+
23
+ <filter test>
24
+ @type jwt
25
+ method encrypt
26
+ </filter>
27
+
28
+ Encrypt/Decrypt can be selected by **method** option.
29
+
30
+ ### Encryption
31
+
32
+ In the following example, input from in_tail plugin is encrypted by jwt-filter and then outputted by out_forward plugin.
33
+
34
+ <source>
35
+ @type tail
36
+ path /tmp/test.log
37
+ pos_file /tmp/test.log.pos
38
+ tag test
39
+ format json
40
+ </source>
41
+
42
+ <filter test>
43
+ @type jwt
44
+ method encrypt
45
+ </filter>
46
+
47
+ <match test>
48
+ @type forward
49
+ <server>
50
+ host ::1
51
+ port 24224
52
+ </server>
53
+ </match>
54
+
55
+ For encryption, the following options are available.
56
+
57
+ - **jwk_pub_file**: is a file name which records public key of JSON Web Key (JWK). JWK public and private key can be easily generated by [jwk_tool](https://github.com/toyokazu/jwk-tool).
58
+ - **block_cipher_alg**: is an algorithm to encrypt the contents. Block cipher is used for encryption and symmetric key of block cipher is encrypted by key encryption algorithm. Currently json-jwt supports A128GCM, A256GCM, A128CBC-HS256 and A256CBC-HS512 (default A128GCM and require "ruby > 2.0.0").
59
+ - **key_encryption_alg**: is an algorithm to encrypt block cipher encryption key. Basically public key algorithm is assumed. If JWK is created as symmetric key, this option is not required (default RSA1_5).
60
+
61
+ <filter test>
62
+ @type jwt
63
+ jwk_pub_file fluent/key.pub
64
+ block_cipher_alg A128GCM
65
+ key_encryption_alg RSA1_5
66
+ </filter>
67
+
68
+
69
+ ### Decryption
70
+
71
+ In the following example, input from in_forward plugin is decrypted by jwt-filter and then outputted by out_stdout plugin.
72
+
73
+ <source>
74
+ @type forward
75
+ port 24224
76
+ bind ::1
77
+ </source>
78
+
79
+ <filter test>
80
+ @type jwt
81
+ method decrypt
82
+ </filter>
83
+
84
+ <match test>
85
+ type stdout
86
+ </match>
87
+
88
+ For decryption, the following options are available.
89
+
90
+ config_param :method, :string, :default => "encrypt"
91
+ config_param :jwk_file, :string, :default => "key"
92
+
93
+ - **jwk_file**: is a file name which records private key of JSON Web Key (JWK). As already mentioned in Encryption section, JWK public and private key can be easily generated by [jwk_tool](https://github.com/toyokazu/jwk-tool).
@@ -0,0 +1,10 @@
1
+ require "bundler/gem_tasks"
2
+ require "rake/testtask"
3
+
4
+ Rake::TestTask.new(:test) do |t|
5
+ t.libs << "test"
6
+ t.libs << "lib"
7
+ t.test_files = FileList['test/**/*_test.rb']
8
+ end
9
+
10
+ task :default => :test
@@ -0,0 +1,28 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+
5
+ Gem::Specification.new do |spec|
6
+ spec.name = "fluent-plugin-jwt-filter"
7
+ spec.version = "0.0.1"
8
+ spec.authors = ["Toyokazu Akiyama"]
9
+ spec.email = ["toyokazu@gmail.com"]
10
+
11
+ spec.summary = %q{Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)}
12
+ spec.description = %q{Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)}
13
+ spec.homepage = "https://github.com/toyokazu/fluent-plugin-jwt-formatter"
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.gsub(/images\/[\w\.]+\n/, "").split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.required_ruby_version = '>= 2.0.0'
22
+
23
+ spec.add_dependency 'fluentd', '>= 0.10.0'
24
+ spec.add_runtime_dependency("json-jwt", [">= 1.5.2"])
25
+
26
+ spec.add_development_dependency "bundler", "~> 1.10"
27
+ spec.add_development_dependency "rake", "~> 10.0"
28
+ end
@@ -0,0 +1,104 @@
1
+ require 'json/jwt'
2
+ module Fluent
3
+ # JwtFilter
4
+ # Encrypt/Decript JSON message using JSON Web Token Technology
5
+ # For encryption, JSON Web Key (public) is used
6
+ # For decryption, JSON Web Key (private) is used
7
+ # Currently symmetric key is not supported in JSON Web Key (TODO)
8
+ #
9
+ # Example encrypted JSON message is as follows:
10
+ # {
11
+ # "protected": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBMV81In0",
12
+ # "encrypted_key": "P8dKW8KE5nJm7s9GDENrcSW2iNw0Fo4FqDxRwyr6JSGCPCwjc_agoEq7O8xhWX_WoRZin90ORPP1oO5_kavTIcppnRcmquxm1jhQtKk77-HN9Efo7DQf3yfgdnD7xv-M1I_rCPeHVFm33BNB6TIhCo1fUfhEUM8GjjC8PLFFwOcDUNf1vw1-WjUqMhUf-b45s6CHhYdpDqzs7GYuovDo0LMeFeBSc4Xntw_vWPMeHxsuVyuZpDHUQm-dX5wnmQ4UhZPzEhkkVJw1oz2uTMjcl6mi1bucKGy1zNaGN-JEhg5_2QgijqTxRtJgOBlVtHLJ5HABT4tI6-v06M3dPryz5w",
13
+ # "iv": "xYk2s_39pHvLBZy3",
14
+ # "ciphertext": "taCQAMBZtKgQfh5LaWs",
15
+ # "tag": "nbWyhG82A-eCJMvdhbrSJw"
16
+ # }
17
+ class JwtFilter < Filter
18
+ # Register this filter as "jwt"
19
+ Plugin.register_filter("jwt", self)
20
+
21
+ config_param :method, :string, :default => "encrypt"
22
+ config_param :jwk_file, :string, :default => "key"
23
+ config_param :jwk_pub_file, :string, :default => "key.pub"
24
+ config_param :block_cipher_alg, :string, :default => "A128GCM"
25
+ config_param :key_encryption_alg, :string, :default => "RSA1_5"
26
+
27
+ def not_supported_error
28
+ $log.error "JwtFilter: Not supported method is specified"
29
+ end
30
+
31
+ # This method is called after config_params have read configuration parameters
32
+ def configure(conf)
33
+ super
34
+ begin
35
+ case @method
36
+ when "encrypt"
37
+ # read public key from file
38
+ @jwk_pub = JSON::JWK.new(JSON.parse(open(@jwk_pub_file).read))
39
+ when "decrypt"
40
+ # read private key from file
41
+ @jwk = JSON::JWK.new(JSON.parse(open(@jwk_file).read))
42
+ else
43
+ not_supported_error
44
+ end
45
+ rescue JSON::ParserError => e
46
+ $log.error "JSON Web Key parse error", :error => e.to_s
47
+ $log.debug_backtrace(e.backtrace)
48
+ end
49
+ end
50
+
51
+ def start
52
+ super
53
+ end
54
+
55
+ def shutdown
56
+ super
57
+ end
58
+
59
+ def filter(tag, time, record)
60
+ case @method
61
+ when "encrypt"
62
+ encrypt(record)
63
+ when "decrypt"
64
+ decrypt(record)
65
+ else
66
+ not_supported_error
67
+ end
68
+ end
69
+
70
+ # This is the method that formats the data output.
71
+ def encrypt(record)
72
+ begin
73
+ # encrypt JSON format record
74
+ jwe = JSON::JWE.new(record.to_json)
75
+ # choose block cipher algorithm
76
+ jwe.enc = @block_cipher_alg.to_sym
77
+ # choose cipher algorithm for encrypting block cipher key (symmetric cipher key)
78
+ jwe.alg = @key_encryption_alg.to_sym
79
+ # encryption
80
+ jwe.encrypt!(@jwk_pub.to_key)
81
+ # output the result in JSON format
82
+ jwe.as_json
83
+ rescue Exception => e
84
+ $log.error "Error", :error => e.to_s
85
+ $log.debug_backtrace(e.backtrace)
86
+ end
87
+ end
88
+
89
+ def decrypt(record)
90
+ begin
91
+ # decrypt JSON format cipher data
92
+ jwe_dec = JSON::JWE.decode_json_serialized(record, @jwk.to_key)
93
+ $log.debug jwe_dec.plain_text
94
+ JSON.parse(jwe_dec.plain_text)
95
+ rescue JSON::ParserError => e
96
+ $log.error "Message parse error", :error => e.to_s
97
+ $log.debug_backtrace(e.backtrace)
98
+ rescue Exception => e
99
+ $log.error "Error", :error => e.to_s
100
+ $log.debug_backtrace(e.backtrace)
101
+ end
102
+ end
103
+ end
104
+ end
metadata ADDED
@@ -0,0 +1,109 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fluent-plugin-jwt-filter
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ platform: ruby
6
+ authors:
7
+ - Toyokazu Akiyama
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2016-03-05 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 0.10.0
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - ">="
25
+ - !ruby/object:Gem::Version
26
+ version: 0.10.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: json-jwt
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - ">="
32
+ - !ruby/object:Gem::Version
33
+ version: 1.5.2
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: 1.5.2
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.10'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.10'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ description: Fluent Filter plugin for encrypting and decrypting messages using JSON
70
+ Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)
71
+ email:
72
+ - toyokazu@gmail.com
73
+ executables: []
74
+ extensions: []
75
+ extra_rdoc_files: []
76
+ files:
77
+ - ".gitignore"
78
+ - Gemfile
79
+ - LICENSE
80
+ - README.md
81
+ - Rakefile
82
+ - fluent-plugin-jwt-filter.gemspec
83
+ - lib/fluent/plugin/filter_jwt.rb
84
+ homepage: https://github.com/toyokazu/fluent-plugin-jwt-formatter
85
+ licenses:
86
+ - MIT
87
+ metadata: {}
88
+ post_install_message:
89
+ rdoc_options: []
90
+ require_paths:
91
+ - lib
92
+ required_ruby_version: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: 2.0.0
97
+ required_rubygems_version: !ruby/object:Gem::Requirement
98
+ requirements:
99
+ - - ">="
100
+ - !ruby/object:Gem::Version
101
+ version: '0'
102
+ requirements: []
103
+ rubyforge_project:
104
+ rubygems_version: 2.4.5.1
105
+ signing_key:
106
+ specification_version: 4
107
+ summary: Fluent Filter plugin for encrypting and decrypting messages using JSON Web
108
+ Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)
109
+ test_files: []