Module: LogStash::Inputs::AkamaiSiem::Base::EdgeGrid

Defined in:

lib/logstash/inputs/akamai_siem/edge_grid.rb

Overview

:nodoc:

Constant Summary

KEY =

'Authorization'

Instance Attribute Summary

• #headers ⇒ Hash readonly

  Unencoded HTTP header key/value pairs.

Class Method Summary

• .included(base) ⇒ Object

Instance Method Summary

• #base64_hmac_sha256(data, key) ⇒ Object

  rubocop:disable Naming/VariableNumber.

• #base64_sha256(data) ⇒ Object
• #canonicalize_headers(request) ⇒ Object

  Returns the @headers_to_sign in normalized form.

• #eg_timestamp ⇒ Object

  returns the current time in the format understood by Edgegrid.

• #initialize(*a) ⇒ Object
• #make_auth_header(request, timestamp, nonce) ⇒ Object

  rubocop:disable Style/StringConcatenation Returns the computed Authorization header for the given request, timestamp and nonce.

• #make_content_hash(request) ⇒ Object

  Returns a hash of the HTTP POST body.

• #make_data_to_sign(request, auth_header) ⇒ Object

  Returns a string with all data that will be signed.

• #make_signing_key(timestamp) ⇒ Object

  Creates a signing key based on the secret and timestamp.

• #new_nonce ⇒ Object

  returns a new nonce (unique identifier).

• #sign_request(request, timestamp, auth_header) ⇒ Object

  Returns a signature of the given request, timestamp and auth_header.

Instance Attribute Details

#headers ⇒ Hash (readonly)

Returns unencoded HTTP header key/value pairs.

Returns:

• (Hash) —

  unencoded HTTP header key/value pairs.

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 20

def headers
  @headers
end

Class Method Details

.included(base) ⇒ Object

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 5

def self.included(base)
  fail ArgumentError unless base <= LogStash::PluginMixins::HttpClient::Implementation

  require 'logstash/plugin_mixins/normalize_config_support'
  base.include(LogStash::PluginMixins::NormalizeConfigSupport)

  ###### settings for akamai edge grid ######
  base.config :client_secret, validate: :string, require: true
  base.config :base_url, validate: :string, require: true
  base.config :access_token, validate: :string, require: true
  base.config :client_token, validate: :string, require: true

end

Instance Method Details

#base64_hmac_sha256(data, key) ⇒ Object

rubocop:disable Naming/VariableNumber

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 115

def base64_hmac_sha256(data, key)
  Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), key, data)).strip
end

#base64_sha256(data) ⇒ Object

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 119

def base64_sha256(data)
  Base64.encode64(OpenSSL::Digest.new('SHA256').digest(data)).strip
end

#canonicalize_headers(request) ⇒ Object

Returns the @headers_to_sign in normalized form

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 44

def canonicalize_headers(request)
  @headers_to_sign.select do |header|
    request.key?(header)
  end.map do |header|
    "#{header.downcase}:#{request[header].strip.gsub(/\s+/, ' ')}"
  end.join("\t")
end

#eg_timestamp ⇒ Object

returns the current time in the format understood by Edgegrid

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 86

def eg_timestamp
  Time.now.utc.strftime('%Y%m%dT%H:%M:%S+0000')
end

#initialize(*a) ⇒ Object

Raises:

• (LogStash::ConfigurationError)

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 24

def initialize(*a)
  super
  settings = a.first
  @client_token = settings['client_token']
  @client_secret = settings['client_secret']
  @access_token = settings['access_token']
  @headers = LogStash::Inputs::AkamaiSiem::Headers.new

  raise LogStash::ConfigurationError, "Invalid URL #{base_url}" unless URI::DEFAULT_PARSER.regexp[:ABS_URI].match(settings['base_url'])

  @headers_to_sign ||= []
  @max_body ||= 2048
end

#make_auth_header(request, timestamp, nonce) ⇒ Object

rubocop:disable Style/StringConcatenation Returns the computed Authorization header for the given request, timestamp and nonce

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 97

def make_auth_header(request, timestamp, nonce)
  header = [
    'client_token' => @client_token,
    'access_token' => @access_token,
    'timestamp' => timestamp,
    'nonce' => nonce
  ].map do |kvp|
    kvp.keys.map { |k| "#{k}=#{kvp[k]}" }
  end.join(';') + ';'

  auth_header = "EG1-HMAC-SHA256 #{header}"

  "#{auth_header}signature=#{sign_request(request, timestamp, auth_header)}"
end

#make_content_hash(request) ⇒ Object

Returns a hash of the HTTP POST body

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 53

def make_content_hash(request)
  if (request.http_method == :post) && request.body && request.body.length.positive?
    body = request.body
    body = body[0..@max_body - 1] if body.length > @max_body

    return base64_sha256(body)
  end
  ''
end

#make_data_to_sign(request, auth_header) ⇒ Object

Returns a string with all data that will be signed

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 64

def make_data_to_sign(request, auth_header)
  url = request.url
  [
    request.http_method.to_s.upcase,
    url.scheme,
    url.host,
    url.request_uri,
    canonicalize_headers(request),
    make_content_hash(request),
    auth_header
  ].join("\t")
end

#make_signing_key(timestamp) ⇒ Object

Creates a signing key based on the secret and timestamp

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 39

def make_signing_key(timestamp)
  base64_hmac_sha256(timestamp, @client_secret)
end

#new_nonce ⇒ Object

returns a new nonce (unique identifier)

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 91

def new_nonce
  SecureRandom.uuid
end

#sign_request(request, timestamp, auth_header) ⇒ Object

Returns a signature of the given request, timestamp and auth_header

# File 'lib/logstash/inputs/akamai_siem/edge_grid.rb', line 78

def sign_request(request, timestamp, auth_header)
  base64_hmac_sha256(
    make_data_to_sign(request, auth_header),
    make_signing_key(timestamp)
  )
end