24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
# File 'lib/logstash/filters/jwt_decode.rb', line 24
def filter(event)
begin
public_key = "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxvq3+W1TPTG2vl86PQJy\nG+ePJG2NSwURBV/MtHrg0ScS4dpvgs3z5bz55jqYdsLe461RVxYOzHLa1bJKqIuu\nxVFhIfDFDDJ4vHKukBopybJz2qflDoi2k6D22gGXAFO/EQrX8duoVbBCxwj1VJp7\nLj8l4MO+3Hu4HTyuiMH5O91l0O6GK8O4iyfp8KSHXKqly1luEZlyINH9wLKGSVyY\ndPs0hAFz3AIRb6XNbx7wVRocijaO56bioDqyuyjdid8HHSDnv4ibPkcciKhsXvOJ\n7AZaqvKT5iRlTbeo+tSXI8ahsFdXiYVvFHFsyQwpBkWgqhao3II9RJe5EQcq5DIp\ntjPGyQn6GLrBzN/YHh8gimBSFSLkobPJsISB9z5iFibUfoJ8BxVZrQ13x5GSc7wn\nLoRa2GmEkxoJGClHG5bFZyRe2yPMvK8b8lBGk4/7va34jcgkzblTp2voBHy02xfz\nVl8uRtGdgDRUjBkHaf5VWaEjyuroqyaFsHrP2ooEEbEuEwC/jKUdZhUPblZYAija\nrwg4zh9HehSqHPdAYYa26KA6cmEGmXHKKtH+18cc1VfMRiKSAL1/hnR1P6zRuSCs\nWVuX/oZJ0CWMtnC4+E2DWv/oGgG1C9xnYSgOwUiV+bQV5hFUCyyHxPB8BTPQqE1X\naE/qEUay+gZGFjv0qCm2JrsCAwEAAQ==\n-----END PUBLIC KEY-----\n"
matchStr = @match.gsub("Bearer ", "")
rsa_public_key = OpenSSL::PKey::RSA.new(public_key)
if not @key
decoded_token = JWT.decode event.get(matchStr), nil, false
else
decoded_token = JWT.decode event.get(matchStr), rsa_public_key, true, { algorithm: 'RS512' }
end
@extract_fields.each do |k, v|
event.set(k , getValueFromDecodedToken(v, decoded_token[1]))
end
rescue JWT::ExpiredSignature => e
event.set("JWT_PARSER_ERROR","ExpiredSignature #{e}")
rescue JWT::VerificationError => e
event.set("JWT_PARSER_ERROR","VerificationError #{e}")
rescue JWT::ImmatureSignature => e
event.set("JWT_PARSER_ERROR","ImmatureSignature #{e}")
rescue JWT::InvalidIssuerError => e
event.set("JWT_PARSER_ERROR","InvalidIssuerError #{e}")
rescue JWT::InvalidAudError => e
event.set("JWT_PARSER_ERROR","InvalidAudError #{e}")
rescue JWT::InvalidJtiError => e
event.set("JWT_PARSER_ERROR","InvalidJtiError #{e}")
rescue JWT::InvalidIatError => e
event.set("JWT_PARSER_ERROR","InvalidIatError #{e}")
rescue JWT::InvalidSubError => e
event.set("JWT_PARSER_ERROR","InvalidSubError #{e}")
rescue JWT::DecodeError => e
event.set("JWT_PARSER_ERROR", "DecodeError #{e} ")
end
filter_matched(event)
end
|