fluent-plugin-jwt-filter 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/fluent-plugin-jwt-filter.gemspec +1 -1
- data/lib/fluent/plugin/filter_jwt.rb +19 -9
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1af7d2c7c4a08f9bae0730f0e62077fa214c992f
|
|
4
|
+
data.tar.gz: 33666b0325507dedbba84ac5ddf9f5c77c14e779
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7c1b772d19757be80751095ab0b81596a5b701ea24f720d991ae2f500487f57e39ae5508073ed42b63e0d01a8336dd0870fa7b35f7c016ff850fffec3f71c31
|
|
7
|
+
data.tar.gz: 80a4f3571e1dd99b3fccfc5898837e2bbb0059dc4fbc2fb89fcc02ec6db79b2dc4d784b32ef28dcde96b12bdad0ce221a565f0ffe75a9a0331164f648d2b9424
|
|
@@ -7,13 +7,18 @@ module Fluent
|
|
|
7
7
|
# Currently symmetric key is not supported in JSON Web Key (TODO)
|
|
8
8
|
#
|
|
9
9
|
# Example encrypted JSON message is as follows:
|
|
10
|
-
# {
|
|
11
|
-
#
|
|
12
|
-
#
|
|
13
|
-
#
|
|
14
|
-
#
|
|
15
|
-
#
|
|
10
|
+
# {"jwe_encrypted":
|
|
11
|
+
# {
|
|
12
|
+
# "protected": "eyJlbmMiOiJBMTI4R0NNIiwiYWxnIjoiUlNBMV81In0",
|
|
13
|
+
# "encrypted_key": "P8dKW8KE5nJm7s9GDENrcSW2iNw0Fo4FqDxRwyr6JSGCPCwjc_agoEq7O8xhWX_WoRZin90ORPP1oO5_kavTIcppnRcmquxm1jhQtKk77-HN9Efo7DQf3yfgdnD7xv-M1I_rCPeHVFm33BNB6TIhCo1fUfhEUM8GjjC8PLFFwOcDUNf1vw1-WjUqMhUf-b45s6CHhYdpDqzs7GYuovDo0LMeFeBSc4Xntw_vWPMeHxsuVyuZpDHUQm-dX5wnmQ4UhZPzEhkkVJw1oz2uTMjcl6mi1bucKGy1zNaGN-JEhg5_2QgijqTxRtJgOBlVtHLJ5HABT4tI6-v06M3dPryz5w",
|
|
14
|
+
# "iv": "xYk2s_39pHvLBZy3",
|
|
15
|
+
# "ciphertext": "taCQAMBZtKgQfh5LaWs",
|
|
16
|
+
# "tag": "nbWyhG82A-eCJMvdhbrSJw"
|
|
17
|
+
# }
|
|
16
18
|
# }
|
|
19
|
+
#
|
|
20
|
+
# If some attributes added to the contents during the transfer,
|
|
21
|
+
# the decrypted contents are merged into the modified hash.
|
|
17
22
|
class JwtFilter < Filter
|
|
18
23
|
# Register this filter as "jwt"
|
|
19
24
|
Plugin.register_filter("jwt", self)
|
|
@@ -79,7 +84,9 @@ module Fluent
|
|
|
79
84
|
# encryption
|
|
80
85
|
jwe.encrypt!(@jwk_pub.to_key)
|
|
81
86
|
# output the result in JSON format
|
|
82
|
-
jwe.as_json
|
|
87
|
+
output = {jwe_encrypted: jwe.as_json}
|
|
88
|
+
$log.debug output
|
|
89
|
+
output
|
|
83
90
|
rescue Exception => e
|
|
84
91
|
$log.error "Error", :error => e.to_s
|
|
85
92
|
$log.debug_backtrace(e.backtrace)
|
|
@@ -89,9 +96,12 @@ module Fluent
|
|
|
89
96
|
def decrypt(record)
|
|
90
97
|
begin
|
|
91
98
|
# decrypt JSON format cipher data
|
|
92
|
-
jwe_dec = JSON::JWE.decode_json_serialized(record, @jwk.to_key)
|
|
99
|
+
jwe_dec = JSON::JWE.decode_json_serialized(record["jwe_encrypted"], @jwk.to_key)
|
|
93
100
|
$log.debug jwe_dec.plain_text
|
|
94
|
-
|
|
101
|
+
# merge decrypted contents into original contents without jwe_encrypted
|
|
102
|
+
output = record.select {|k| k != "jwe_encrypted"}.merge(JSON.parse(jwe_dec.plain_text))
|
|
103
|
+
$log.debug output
|
|
104
|
+
output
|
|
95
105
|
rescue JSON::ParserError => e
|
|
96
106
|
$log.error "Message parse error", :error => e.to_s
|
|
97
107
|
$log.debug_backtrace(e.backtrace)
|