Skip to content

Allow usage of base64url encoding / Issue #34 #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
lucabelluccini wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Allow usage of base64url encoding / Issue #34 #45

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
1acc306
Allow usage of base64url encoding / Issue #34
lucabelluccini Oct 11, 2018
b5cdcb2
Update spec/filters/fingerprint_spec.rb
lucabelluccini Apr 13, 2022
ae1d2c2
Merge branch 'main' into issue/34
lucabelluccini Apr 13, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions docs/index.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|=======================================================================
|Setting |Input type|Required
| <<plugins-{type}s-{plugin}-base64encode>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-base64url>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-concatenate_sources>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-concatenate_all_fields>> |<<boolean,boolean>>|No
| <<plugins-{type}s-{plugin}-key>> |<<string,string>>|No
Expand All @@ -63,6 +64,15 @@ filter plugins.
When set to `true`, the `SHA1`, `SHA256`, `SHA384`, `SHA512` and `MD5` fingerprint methods will produce
base64 encoded rather than hex encoded strings.

[id="plugins-{type}s-{plugin}-base64url"]
===== `base64url`

* Value type is <<boolean,boolean>>
* Default value is `false`

Requires `base64encode` to be set to `true`.
When set to `true`, the base64url variant will be used, as described in [RFC4648 section 5](https://tools.ietf.org/html/rfc4648#section-5).

[id="plugins-{type}s-{plugin}-concatenate_sources"]
===== `concatenate_sources`

Expand Down
17 changes: 15 additions & 2 deletions lib/logstash/filters/fingerprint.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
# base64 encoded rather than hex encoded strings.
config :base64encode, :validate => :boolean, :default => false

# When set to `true`, the base64url encoder https://tools.ietf.org/html/rfc4648 is used.
# Requires `base64encode` to be enabled.
config :base64url, :validate => :boolean, :default => false

# The fingerprint method to use.
#
# If set to `SHA1`, `SHA256`, `SHA384`, `SHA512`, or `MD5` and a key is set,
Expand Down Expand Up @@ -156,14 +160,23 @@ def fingerprint_openssl(data)
# in JRuby 1.7.11 outputs as ASCII-8BIT
if @key.nil?
if @base64encode
@digest.base64digest(data.to_s).force_encoding(Encoding::UTF_8)
if @base64url
# Borrowed by Base64 implementation
@digest.base64digest(data.to_s).tr("+/", "-_").force_encoding(Encoding::UTF_8)
else
@digest.base64digest(data.to_s).force_encoding(Encoding::UTF_8)
end
else
@digest.hexdigest(data.to_s).force_encoding(Encoding::UTF_8)
end
else
if @base64encode
hash = OpenSSL::HMAC.digest(@digest, @key, data.to_s)
Base64.strict_encode64(hash).force_encoding(Encoding::UTF_8)
if @base64url
Base64.urlsafe_encode64(hash).force_encoding(Encoding::UTF_8)
else
Base64.strict_encode64(hash).force_encoding(Encoding::UTF_8)
end
else
OpenSSL::HMAC.hexdigest(@digest, @key, data.to_s).force_encoding(Encoding::UTF_8)
end
Expand Down
35 changes: 35 additions & 0 deletions spec/filters/fingerprint_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,23 @@
end
end

describe "fingerprint string with SHA1 algorithm and base64url encoding" do
Copy link

@kesslerm kesslerm Apr 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be SHA256 here

Copy link
Author

@lucabelluccini lucabelluccini Apr 13, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @kesslerm

config <<-CONFIG
filter {
fingerprint {
source => ["clientip"]
method => 'SHA256'
base64encode => true
base64url => true
}
}
CONFIG

sample("clientip" => "123.123.123.123") do
insist { subject.get("fingerprint") } == "TavKshB2bjXwPncSDmmG1ubUdSsqn_IpgLklPQJggNg="
end
end

describe "fingerprint string with SHA1 HMAC algorithm and base64 encoding" do
config <<-CONFIG
filter {
Expand All @@ -116,6 +133,24 @@
end
end

describe "fingerprint string with SHA1 HMAC algorithm and base64url encoding" do
config <<-CONFIG
filter {
fingerprint {
source => ["clientip"]
key => "longencryptionkey"
method => 'SHA1'
base64encode => true
base64url => true
}
}
CONFIG

sample("clientip" => "123.123.123.123") do
insist { subject.get("fingerprint") } == "_cYKzEdz3FrFaf-3j8uTyWMHl_Q="
end
end

describe "fingerprint string with SHA256 algorithm" do
config <<-CONFIG
filter {
Expand Down