Class: LogStash::Filters::Cipher

Inherits:

Base

Object
Base
LogStash::Filters::Cipher

show all

Defined in:: lib/logstash/filters/cipher.rb

Overview

This filter parses a source and apply a cipher or decipher before storing it in the target.

Instance Method Summary collapse

Instance Method Details

#filter(event) ⇒ `Object`

# File 'lib/logstash/filters/cipher.rb', line 124

def filter(event)
  


  #If decrypt or encrypt fails, we keep it it intact.
  begin

    if (event.get(@source).nil? || event.get(@source).empty?)
      @logger.debug("Event to filter, event 'source' field: " + @source + " was null(nil) or blank, doing nothing")
      return
    end

    #@logger.debug("Event to filter", :event => event)
    data = event.get(@source)
    if @mode == "decrypt"
      data =  Base64.strict_decode64(data) if @base64 == true
      @random_iv = data.byteslice(0,@iv_random_length)
      data = data.byteslice(@iv_random_length..data.length)
    end

    if @mode == "encrypt"
      @random_iv = OpenSSL::Random.random_bytes(@iv_random_length)
    end

    @cipher.iv = @random_iv

    result = @cipher.update(data) + @cipher.final

    if @mode == "encrypt"

      # if we have a random_iv, prepend that to the crypted result
      if !@random_iv.nil?
        result = @random_iv + result
      end

      result =  Base64.strict_encode64(result).encode("utf-8") if @base64 == true
    end

  rescue => e
    @logger.warn("Exception catch on cipher filter", :event => event, :error => e)

    # force a re-initialize on error to be safe
    init_cipher

  else
    @total_cipher_uses += 1

    result = result.force_encoding("utf-8") if @mode == "decrypt"

    event.set(@target, result)

    #Is it necessary to add 'if !result.nil?' ? exception have been already catched.
    #In doubt, I keep it.
    filter_matched(event) if !result.nil?

    if !@max_cipher_reuse.nil? and @total_cipher_uses >= @max_cipher_reuse
      @logger.debug("max_cipher_reuse["+@max_cipher_reuse.to_s+"] reached, total_cipher_uses = "+@total_cipher_uses.to_s)
      init_cipher
    end

  end
end

#init_cipher ⇒ `Object`

def filter

# File 'lib/logstash/filters/cipher.rb', line 187

def init_cipher

  if !@cipher.nil?
    @cipher.reset
    @cipher = nil
  end

  @cipher = OpenSSL::Cipher.new(@algorithm)

  @total_cipher_uses = 0

  if @mode == "encrypt"
    @cipher.encrypt
  elsif @mode == "decrypt"
    @cipher.decrypt
  else
    @logger.error("Invalid cipher mode. Valid values are \"encrypt\" or \"decrypt\"", :mode => @mode)
    raise "Bad configuration, aborting."
  end

  if @key.length != @key_size
    @logger.debug("key length is " + @key.length.to_s + ", padding it to " + @key_size.to_s + " with '" + @key_pad.to_s + "'")
    @key = @key[0,@key_size].ljust(@key_size,@key_pad)
  end

  @cipher.key = @key

  @cipher.padding = @cipher_padding if @cipher_padding

  @logger.debug("Cipher initialisation done", :mode => @mode, :key => @key, :iv_random_length => @iv_random_length, :iv_random => @iv_random, :cipher_padding => @cipher_padding)
end

#register ⇒ `Object`

# File 'lib/logstash/filters/cipher.rb', line 118

def register
  require 'base64' if @base64
  init_cipher
end

Class: LogStash::Filters::Cipher

Overview

Instance Method Summary collapse

Instance Method Details

#filter(event) ⇒ Object

#init_cipher ⇒ Object

#register ⇒ Object

#filter(event) ⇒ `Object`

#init_cipher ⇒ `Object`

#register ⇒ `Object`