fluent-plugin-jwt-filter 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: c1a845ef248b3483055373fe08f0983fc53722c9
+  data.tar.gz: bb38737a51bbff5dd75c89bf64aa370a564ec73b
+SHA512:
+  metadata.gz: 3f7141152a8eb55f6cdb876cd11cf6c9de7aa8f537f40349ecdece86675f75ff41b5301cd6efb78b53440ee5ff534332afea3ca3244eac23f6d9c7e446e26dce
+  data.tar.gz: 24fdd23f753ac3783a92b657ca1579913741bf6e54298e803541d363f1f857b95fa89e630c0ccb245a37ad8fb025f451355d7f6b253af8f45235ad56ab6a2853

data/.gitignore

@@ -0,0 +1,36 @@
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/spec/examples.txt
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalization:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-mqtt-io.gemspec
+gemspec

data/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016 Toyokazu Akiyama
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,93 @@
+# Fluent::Plugin::Jwt::Filter
+
+Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key). This plugin uses [json-jwt](https://github.com/nov/json-jwt) to encrypt/decrypt messages.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'fluent-plugin-jwt-filter'
+
+And then execute:
+
+    bundle
+
+Or install it yourself as:
+
+    gem install fluent-plugin-jwt-filter
+
+## Usage
+
+fluent-plugin-jwt-filter provides encrypt and decrypt of messages.
+
+    <filter test>
+      @type jwt
+      method encrypt
+    </filter>
+
+Encrypt/Decrypt can be selected by **method** option.
+
+### Encryption
+
+In the following example, input from in_tail plugin is encrypted by jwt-filter and then outputted by out_forward plugin.
+
+    <source>
+      @type tail
+      path /tmp/test.log
+      pos_file /tmp/test.log.pos
+      tag test
+      format json
+    </source>
+
+    <filter test>
+      @type jwt
+      method encrypt
+    </filter>
+
+    <match test>
+      @type forward
+      <server>
+        host ::1
+        port 24224
+      </server>
+    </match>
+
+For encryption, the following options are available.
+
+- **jwk_pub_file**: is a file name which records public key of JSON Web Key (JWK). JWK public and private key can be easily generated by [jwk_tool](https://github.com/toyokazu/jwk-tool).
+- **block_cipher_alg**: is an algorithm to encrypt the contents. Block cipher is used for encryption and symmetric key of block cipher is encrypted by key encryption algorithm. Currently json-jwt supports A128GCM, A256GCM, A128CBC-HS256 and A256CBC-HS512 (default A128GCM and require "ruby > 2.0.0").
+- **key_encryption_alg**: is an algorithm to encrypt block cipher encryption key. Basically public key algorithm is assumed. If JWK is created as symmetric key, this option is not required (default RSA1_5).
+
+    <filter test>
+      @type jwt
+      jwk_pub_file fluent/key.pub
+      block_cipher_alg A128GCM
+      key_encryption_alg RSA1_5
+    </filter>
+
+
+### Decryption
+
+In the following example, input from in_forward plugin is decrypted by jwt-filter and then outputted by out_stdout plugin.
+
+    <source>
+      @type forward
+      port 24224
+      bind ::1
+    </source>
+
+    <filter test>
+      @type jwt
+      method decrypt
+    </filter>
+
+    <match test>
+      type stdout
+    </match>
+
+For decryption, the following options are available.
+
+config_param :method, :string, :default => "encrypt"
+config_param :jwk_file, :string, :default => "key"
+
+- **jwk_file**: is a file name which records private key of JSON Web Key (JWK). As already mentioned in Encryption section, JWK public and private key can be easily generated by [jwk_tool](https://github.com/toyokazu/jwk-tool).

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+require "rake/testtask"
+
+Rake::TestTask.new(:test) do |t|
+  t.libs << "test"
+  t.libs << "lib"
+  t.test_files = FileList['test/**/*_test.rb']
+end
+
+task :default => :test

data/fluent-plugin-jwt-filter.gemspec

@@ -0,0 +1,28 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-jwt-filter"
+  spec.version       = "0.0.1"
+  spec.authors       = ["Toyokazu Akiyama"]
+  spec.email         = ["toyokazu@gmail.com"]
+
+  spec.summary       = %q{Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)}
+  spec.description   = %q{Fluent Filter plugin for encrypting and decrypting messages using JSON Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)}
+  spec.homepage      = "https://github.com/toyokazu/fluent-plugin-jwt-formatter"
+  spec.license       = "MIT"
+
+  spec.files         = `git ls-files`.gsub(/images\/[\w\.]+\n/, "").split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.required_ruby_version = '>= 2.0.0'
+
+  spec.add_dependency 'fluentd', '>= 0.10.0'
+  spec.add_runtime_dependency("json-jwt", [">= 1.5.2"])
+
+  spec.add_development_dependency "bundler", "~> 1.10"
+  spec.add_development_dependency "rake", "~> 10.0"
+end

data/lib/fluent/plugin/filter_jwt.rb

@@ -0,0 +1,104 @@
+require 'json/jwt'
+module Fluent
+  # JwtFilter
+  # Encrypt/Decript JSON message using JSON Web Token Technology
+  # For encryption, JSON Web Key (public) is used
+  # For decryption, JSON Web Key (private) is used
+  # Currently symmetric key is not supported in JSON Web Key (TODO)
+  #
+  # Example encrypted JSON message is as follows:
+  # {
+  #   "protected": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBMV81In0",
+  #   "encrypted_key": "P8dKW8KE5nJm7s9GDENrcSW2iNw0Fo4FqDxRwyr6JSGCPCwjc_agoEq7O8xhWX_WoRZin90ORPP1oO5_kavTIcppnRcmquxm1jhQtKk77-HN9Efo7DQf3yfgdnD7xv-M1I_rCPeHVFm33BNB6TIhCo1fUfhEUM8GjjC8PLFFwOcDUNf1vw1-WjUqMhUf-b45s6CHhYdpDqzs7GYuovDo0LMeFeBSc4Xntw_vWPMeHxsuVyuZpDHUQm-dX5wnmQ4UhZPzEhkkVJw1oz2uTMjcl6mi1bucKGy1zNaGN-JEhg5_2QgijqTxRtJgOBlVtHLJ5HABT4tI6-v06M3dPryz5w",
+  #   "iv": "xYk2s_39pHvLBZy3",
+  #   "ciphertext": "taCQAMBZtKgQfh5LaWs",
+  #   "tag": "nbWyhG82A-eCJMvdhbrSJw"
+  # }
+  class JwtFilter < Filter
+    # Register this filter as "jwt"
+    Plugin.register_filter("jwt", self)
+
+    config_param :method, :string, :default => "encrypt"
+    config_param :jwk_file, :string, :default => "key"
+    config_param :jwk_pub_file, :string, :default => "key.pub"
+    config_param :block_cipher_alg, :string, :default => "A128GCM"
+    config_param :key_encryption_alg, :string, :default => "RSA1_5"
+
+    def not_supported_error
+      $log.error "JwtFilter: Not supported method is specified"
+    end
+
+    # This method is called after config_params have read configuration parameters
+    def configure(conf)
+      super
+      begin
+        case @method
+        when "encrypt"
+          # read public key from file
+          @jwk_pub = JSON::JWK.new(JSON.parse(open(@jwk_pub_file).read))
+        when "decrypt"
+          # read private key from file
+          @jwk = JSON::JWK.new(JSON.parse(open(@jwk_file).read))
+        else
+          not_supported_error
+        end
+      rescue JSON::ParserError => e
+        $log.error "JSON Web Key parse error", :error => e.to_s
+        $log.debug_backtrace(e.backtrace)
+      end
+    end
+
+    def start
+      super
+    end
+
+    def shutdown
+      super
+    end
+
+    def filter(tag, time, record)
+      case @method
+      when "encrypt"
+        encrypt(record)
+      when "decrypt"
+        decrypt(record)
+      else
+        not_supported_error
+      end
+    end
+
+    # This is the method that formats the data output.
+    def encrypt(record)
+      begin
+        # encrypt JSON format record
+        jwe = JSON::JWE.new(record.to_json)
+        # choose block cipher algorithm
+        jwe.enc = @block_cipher_alg.to_sym
+        # choose cipher algorithm for encrypting block cipher key (symmetric cipher key)
+        jwe.alg = @key_encryption_alg.to_sym
+        # encryption
+        jwe.encrypt!(@jwk_pub.to_key)
+        # output the result in JSON format
+        jwe.as_json
+      rescue Exception => e
+        $log.error "Error", :error => e.to_s
+        $log.debug_backtrace(e.backtrace)
+      end
+    end
+
+    def decrypt(record)
+      begin
+        # decrypt JSON format cipher data
+        jwe_dec = JSON::JWE.decode_json_serialized(record, @jwk.to_key)
+        $log.debug jwe_dec.plain_text
+        JSON.parse(jwe_dec.plain_text)
+      rescue JSON::ParserError => e
+        $log.error "Message parse error", :error => e.to_s
+        $log.debug_backtrace(e.backtrace)
+      rescue Exception => e
+        $log.error "Error", :error => e.to_s
+        $log.debug_backtrace(e.backtrace)
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,109 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-jwt-filter
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Toyokazu Akiyama
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-03-05 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.0
+- !ruby/object:Gem::Dependency
+  name: json-jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.10'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Fluent Filter plugin for encrypting and decrypting messages using JSON
+  Web Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)
+email:
+- toyokazu@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- fluent-plugin-jwt-filter.gemspec
+- lib/fluent/plugin/filter_jwt.rb
+homepage: https://github.com/toyokazu/fluent-plugin-jwt-formatter
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Fluent Filter plugin for encrypting and decrypting messages using JSON Web
+  Token technology (JSON Web Encryption, JSON Web Signature and JSON Web Key)
+test_files: []