Nifi加密json [英] Nifi Encrypt json

问题描述

我想使用 nifi 来加密 json 中的属性而不是密钥，因为我想将数据上传到 mongodb 服务器.有没有办法做到这一点?对于该项目，我使用 Twitter 数据作为概念证明.到目前为止，我已经使用 EvaluateJsonPath 处理器只提取了推文的文本，我可以加密这个文本，但是生成的 json 不再有密钥.Nifi 可以重新创建一个将密钥附加到我提取的属性的 json 吗?有没有更好的方法来做到这一点?

I would like to use nifi to encrypt the attributes in a json but not the keys as I would like to upload the data to a mongodb server. Is there a way to do this? For the project I an using twitter data as a proof of concept. So far I have used the EvaluateJsonPath processor to extract only the text of the tweet, and I can encrypt this text, however the resulting json no longer has a key. Can Nifi recreate a json that attaches a key to this attribute that I extracted? Is there a better way to do this?

推荐答案

遗憾的是，现有的 Apache NiFi 处理器并不能很好地支持此工作流程.您可能会设计一个工作流，将 JSON 内容拆分为属性，将每个属性拆分为单个流文件的内容，加密该内容，将流文件合并回来，然后通过 UpdateAttribute<将现在加密的内容重组为一个属性/代码>.

Unfortunately, this workflow isn't well supported by existing Apache NiFi processors. You could probably fashion a workflow that split the JSON content into attributes, split each attribute into the content of an individual flowfile, encrypted that content, merged the flowfiles back, and reconstituted the now-encrypted content into a attributes via UpdateAttribute.

我为新的 NiFi 处理器创建了一个 Jira更简单.在可用之前，我的建议是使用 ExecuteScript 处理器来实现这一点.我提供了一个 模板 和一个示例，您可以将其直接导入您的 NiFi 实例并连接到你的流量.下面提供了 ExecuteScript 处理器的主体(您可以看到我如何初始化 AES/GCM 密码，并将算法、密钥和 IV 更改为您想要的值).

I have created a Jira for a new NiFi processor to make this much simpler. My recommendation until such time as that is available is to use the ExecuteScript processor to achieve this. I have provided a template with an example, which you can import directly into your NiFi instance and connect to your flow. The body of the ExecuteScript processor is provided below (you can see how I initialized the AES/GCM cipher, and change the algorithm, key, and IV to your desired values).

import javax.crypto.Cipher
import javax.crypto.SecretKey
import javax.crypto.spec.IvParameterSpec
import javax.crypto.spec.SecretKeySpec
import java.nio.charset.StandardCharsets

FlowFile flowFile = session.get()

if (!flowFile) {
    return
}

try {
    // Get the raw values of the attributes
    String normalAttribute = flowFile.getAttribute('Normal Attribute')
    String sensitiveAttribute = flowFile.getAttribute('Sensitive Attribute')

    // Instantiate an encryption cipher
    // Lots of additional code could go here to generate a random key, derive a key from a password, read from a file or keyring, etc.
    String keyHex = "0123456789ABCDEFFEDCBA9876543210" // * 2 for 256-bit encryption
    SecretKey key = new SecretKeySpec(keyHex.getBytes(StandardCharsets.UTF_8), "AES")
    IvParameterSpec iv = new IvParameterSpec(keyHex[0..<16].getBytes(StandardCharsets.UTF_8))

    Cipher aesGcmEncCipher = Cipher.getInstance("AES/GCM/NoPadding", "BC")
    aesGcmEncCipher.init(Cipher.ENCRYPT_MODE, key, iv)

    String encryptedNormalAttribute = Base64.encoder.encodeToString(aesGcmEncCipher.doFinal(normalAttribute.bytes))
    String encryptedSensitiveAttribute = Base64.encoder.encodeToString(aesGcmEncCipher.doFinal(sensitiveAttribute.bytes))

    // Add a new attribute with the encrypted normal attribute
    flowFile = session.putAttribute(flowFile, 'Normal Attribute (encrypted)', encryptedNormalAttribute)

    // Replace the sensitive attribute inline with the cipher text
    flowFile = session.putAttribute(flowFile, 'Sensitive Attribute', encryptedSensitiveAttribute)
    session.transfer(flowFile, REL_SUCCESS)
} catch (Exception e) {
    log.error("There was an error encrypting the attributes: ${e.getMessage()}")
    session.transfer(flowFile, REL_FAILURE)
}

这篇关于Nifi加密json的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！