eve/fileinfo: split record creation from writing

Split the building of the fileinfo record from the writing
of the record so the building can be called from other code.
Specifically the new filestore output which uses fileinfo
records as the metadata.

src/output-json-file.c

@@ -78,19 +78,12 @@ typedef struct JsonFileLogThread_ {
     MemBuffer *buffer;
 } JsonFileLogThread;
 
-/**
- *  \internal
- *  \brief Write meta data on a single line json record
- */
-static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
+json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff)
 {
     json_t *js = CreateJSONHeader((Packet *)p, 0, "fileinfo"); //TODO const
     json_t *hjs = NULL;
     if (unlikely(js == NULL))
-        return;
-
-    /* reset */
-    MemBufferReset(aft->buffer);
+        return NULL;
 
     switch (p->flow->alproto) {
         case ALPROTO_HTTP:
@@ -124,7 +117,7 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
     json_t *fjs = json_object();
     if (unlikely(fjs == NULL)) {
         json_decref(js);
-        return;
+        return NULL;
     }
 
     char *s = BytesToString(ff->name, ff->name_len);
@@ -158,15 +151,6 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
                 }
                 json_object_set_new(fjs, "sha1", json_string(str));
             }
-            if (ff->flags & FILE_SHA256) {
-                size_t x;
-                int i;
-                char str[256];
-                for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
-                    i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
-                }
-                json_object_set_new(fjs, "sha256", json_string(str));
-            }
 #endif
             break;
         case FILE_STATE_TRUNCATED:
@@ -179,6 +163,19 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
             json_object_set_new(fjs, "state", json_string("UNKNOWN"));
             break;
     }
+
+#ifdef HAVE_NSS
+    if (ff->flags & FILE_SHA256) {
+        size_t x;
+        int i;
+        char str[256];
+        for (i = 0, x = 0; x < sizeof(ff->sha256); x++) {
+            i += snprintf(&str[i], 255-i, "%02x", ff->sha256[x]);
+        }
+        json_object_set_new(fjs, "sha256", json_string(str));
+    }
+#endif
+
     json_object_set_new(fjs, "stored",
                         (ff->flags & FILE_STORED) ? json_true() : json_false());
     if (ff->flags & FILE_STORED) {
@@ -189,20 +186,23 @@ static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const F
 
     /* originally just 'file', but due to bug 1127 naming it fileinfo */
     json_object_set_new(js, "fileinfo", fjs);
-    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer);
-    json_object_del(js, "fileinfo");
 
-    switch (p->flow->alproto) {
-        case ALPROTO_HTTP:
-            json_object_del(js, "http");
-            break;
-        case ALPROTO_SMTP:
-            json_object_del(js, "smtp");
-            json_object_del(js, "email");
-            break;
+    return js;
+}
+
+/**
+ *  \internal
+ *  \brief Write meta data on a single line json record
+ */
+static void FileWriteJsonRecord(JsonFileLogThread *aft, const Packet *p, const File *ff)
+{
+    json_t *js = JsonBuildFileInfoRecord(p, ff);
+    if (unlikely(js == NULL)) {
+        return;
     }
 
-    json_object_clear(js);
+    MemBufferReset(aft->buffer);
+    OutputJSONBuffer(js, aft->filelog_ctx->file_ctx, &aft->buffer);
     json_decref(js);
 }
 

src/output-json-file.h

@@ -26,4 +26,8 @@
 
 void JsonFileLogRegister(void);
 
+#ifdef HAVE_LIBJANSSON
+json_t *JsonBuildFileInfoRecord(const Packet *p, const File *ff);
+#endif
+
 #endif /* __OUTPUT_JSON_FILE_H__ */