Class: LogStash::Codecs::RsaDecrypt

Inherits:

Base

• Object
• Base
• LogStash::Codecs::RsaDecrypt

Defined in:

lib/logstash/codecs/rsa_decrypt.rb

Instance Method Summary

• #decode(data) {|LogStash::Event.new(decrypted_data)| ... } ⇒ Object
• #initialize(params = {}) ⇒ RsaDecrypt constructor

  A new instance of RsaDecrypt.

Constructor Details

#initialize(params = {}) ⇒ RsaDecrypt

Returns a new instance of RsaDecrypt.

# File 'lib/logstash/codecs/rsa_decrypt.rb', line 16

def initialize(params={})
  super(params)
  require "openssl"
  require "base64"

  if @passphrase.to_s != ""
      @private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file), @passphrase)
  else
      @private_key = OpenSSL::PKey::RSA.new(File.read(private_key_file))
  end

  @converter = LogStash::Util::Charset.new(@charset)
  @converter.logger = @logger
end

Instance Method Details

#decode(data) {|LogStash::Event.new(decrypted_data)| ... } ⇒ Object

Yields:

• (LogStash::Event.new(decrypted_data))

# File 'lib/logstash/codecs/rsa_decrypt.rb', line 32

def decode(data)

  # Ensure the data is a string.

  data_string = @converter.convert(data)

  # Convert the string to a hash table.

  data_json = LogStash::Json.load(data_string)

  # Splitting these out for readability...

  base64_encrypted_data = data_json["encrypted_data"]
  base64_encrypted_key = data_json["encrypted_key"]
  base64_encrypted_iv = data_json["encrypted_iv"]

  # Base64 decode the data and session key (might make this optional in the future).

  encrypted_data = Base64.decode64(base64_encrypted_data)
  encrypted_key = Base64.decode64(base64_encrypted_key)
  encrypted_iv = Base64.decode64(base64_encrypted_iv)

  # Decrypt the session key with the private key.

  decrypted_key = @private_key.private_decrypt(encrypted_key)
  decrypted_iv = @private_key.private_decrypt(encrypted_iv)

  # Create the cipher from the session key.

  cipher = OpenSSL::Cipher::Cipher.new('aes-128-cbc')
  cipher.decrypt
  cipher.key = decrypted_key
  cipher.iv = decrypted_iv

  # Decript the data with the cipher.

  decrypted_json = cipher.update(encrypted_data)
  decrypted_json << cipher.final

  # Convert the decrypted_data to a hash table and return a new event.

  decrypted_data = LogStash::Json.load(decrypted_json)
  yield LogStash::Event.new(decrypted_data)

end