fluent-plugin-ssl-check 2.3.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ab7b3def2e942f92cf1b8a1fa46f4c7bafe50fbee692334736e19574849e9911
-  data.tar.gz: 5083966b749ba1407cdce60b33f8952dce4b300c5bd7e33496e1b1e02ae0814a
+  metadata.gz: 32576d289dd8aa0e769f4e4aaa975cbc0517d3d25a70506f5ef478572ca7cf89
+  data.tar.gz: ac1682153f0c68ed33aec0ad1334776425d542369fa0285a6c306dc1892c72e2
 SHA512:
-  metadata.gz: fe0d1bd834d8831a510df5754cb488d2e543fbca465bf3b344312b92f236278fbd75cf972efee0d0ffc45838f4550d09f81dba34fbcbf0445810a831b6fda365
-  data.tar.gz: 8cef76bf6831eae2d1053a99699fc07f31077939bd3bc5ab28a402be4d709f9f4eec53ec9c14e954a01cefd5866a399e4d2ceeb373bd0e94d205023bf0375b3a
+  metadata.gz: b4702ea39635a4f00dce824ca750a5c9b507a1102234b88b3fe782bd25205c7377a40cde8e51143324af1d1f25ee574542e391b8e99f59e9c3fa1d31b15d95cc
+  data.tar.gz: e67001eedef2c25b144ef2f7f63b6af0824279fb84ecbe9bda90005627bd575c1558b69027ec80944804f08f1840f162f65276464e743b41c087e1515d7789fe

data/.gitlab-ci.yml

@@ -0,0 +1,10 @@
+default:
+  image: ruby:3.3.6
+
+  before_script:
+    - gem install bundler -v 2.5.22
+    - bundle install
+
+test_job:
+  script:
+    - bundle exec rake

data/.rubocop.yml

@@ -22,6 +22,7 @@ Metrics/ClassLength:
   Exclude:
     - test/**/*.rb
     - lib/fluent/plugin/in_ssl_check.rb
+    - lib/fluent/plugin/in_ssl_file_check.rb
 
 Metrics/MethodLength:
   Max: 20
@@ -29,3 +30,6 @@ Metrics/MethodLength:
 # Naming/MethodParameterName:
 #   Exclude:
 #     - lib/fluent/plugin/in_ssl_check.rb
+
+Style/Documentation:
+  Enabled: false

data/.ruby-version

@@ -1 +1 @@
-2.7.7
+3.3.6

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-ssl-check (2.3.0)
+    fluent-plugin-ssl-check (2.4.0)
       fluentd (>= 0.14.10, < 2)
 
 GEM
@@ -29,6 +29,8 @@ GEM
     json (2.6.3)
     kwalify (0.7.2)
     language_server-protocol (3.17.0.3)
+    mocha (2.6.1)
+      ruby2_keywords (>= 0.0.5)
     msgpack (1.7.2)
     parallel (1.23.0)
     parser (3.2.2.3)
@@ -61,6 +63,7 @@ GEM
     rubocop-rake (0.6.0)
       rubocop (~> 1.0)
     ruby-progressbar (1.13.0)
+    ruby2_keywords (0.0.5)
     serverengine (2.3.2)
       sigdump (~> 0.2.2)
     sigdump (0.2.5)
@@ -84,6 +87,7 @@ DEPENDENCIES
   bundler (~> 2.4)
   byebug (~> 11.1, >= 11.1.3)
   fluent-plugin-ssl-check!
+  mocha (~> 2.6, >= 2.6.1)
   rake (~> 13.0, >= 13.0.6)
   reek (~> 6.1, >= 6.1.4)
   rubocop (~> 1.56)

data/README.md

@@ -36,6 +36,7 @@ Options are:
 * cert: client cert for ssl connection
 * key: client key associated to client cert for ssl connection
 * timeout: timeout for ssl check execution (5sec)
+* paths: local certificate file paths
 * log_events: emit log format (true)
 * metric_events: emit metric format (false)
 * event_prefix: metric event prefix for extra dimension
@@ -44,6 +45,38 @@ Options are:
 If no port is specified with host, default port is 443.
 
 
+### in - ssl_file_check
+
+Poll ssl local file and report status.
+
+Example:
+
+``` conf
+<source>
+  @type ssl_file_check
+  tag ssl_check
+
+  paths /etc/cert/host.pem,/app/application_1/cert.pem
+
+  interval 600
+
+  ca_path /my/ca_dir/
+  ca_file /my/ca_file
+</source>
+```
+
+Options are:
+* tag: Tag to emit events on
+* interval: check every X seconds
+* paths: local certificate file paths
+* ca_path: directory that contains CA files
+* ca_file: specify a CA file directly
+* log_events: emit log format (true)
+* metric_events: emit metric format (false)
+* event_prefix: metric event prefix for extra dimension
+* timestamp_format: iso, epochmillis timestamp format (iso)
+
+
 ## output examples
 
 ### log output example

data/fluent-plugin-ssl-check.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = 'fluent-plugin-ssl-check'
-  spec.version = '2.3.0'
+  spec.version = '2.4.0'
   spec.authors = ['Thomas Tych']
   spec.email   = ['thomas.tych@gmail.com']
 
@@ -27,6 +27,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'bump', '~> 0.10.0'
   spec.add_development_dependency 'bundler', '~> 2.4'
   spec.add_development_dependency 'byebug', '~> 11.1', '>= 11.1.3'
+  spec.add_development_dependency 'mocha', '~> 2.6', '>= 2.6.1'
   spec.add_development_dependency 'rake', '~> 13.0', '>= 13.0.6'
   spec.add_development_dependency 'reek', '~> 6.1', '>= 6.1.4'
   spec.add_development_dependency 'rubocop', '~> 1.56'

data/lib/fluent/plugin/in_ssl_check.rb

@@ -23,15 +23,17 @@ require 'timeout'
 require 'date'
 
 require_relative 'extensions/time'
+require_relative 'ssl_check'
 
 module Fluent
   module Plugin
-    # ssl_check input plugin
-    #   check ssl service
     class SslCheckInput < Fluent::Plugin::Input
       NAME = 'ssl_check'
       Fluent::Plugin.register_input(NAME, self)
 
+      include Fluent::Plugin::SslCheck::SslInputEmit
+      include Fluent::Plugin::SslCheck::SslCommon
+
       DEFAULT_TAG = NAME
       DEFAULT_PORT = 443
       DEFAULT_INTERVAL = 600
@@ -41,6 +43,7 @@ module Fluent
       DEFAULT_LOG_EVENTS = true
       DEFAULT_METRIC_EVENTS = false
       DEFAULT_EVENT_PREFIX = ''
+      DEFAULT_TIMESTAMP_FORMAT = :iso
 
       desc 'Tag to emit events on'
       config_param :tag, :string, default: DEFAULT_TAG
@@ -72,7 +75,7 @@ module Fluent
       desc 'Event prefix'
       config_param :event_prefix, :string, default: DEFAULT_EVENT_PREFIX
       desc 'Timestamp format'
-      config_param :timestamp_format, :enum, list: %i[iso epochmillis], default: :iso
+      config_param :timestamp_format, :enum, list: %i[iso epochmillis], default: DEFAULT_TIMESTAMP_FORMAT
 
       helpers :timer
 
@@ -125,57 +128,6 @@ module Fluent
         ssl_client.ssl_info
       end
 
-      def emit_logs(ssl_info)
-        record = {
-          'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
-          'status' => ssl_info.status,
-          'host' => ssl_info.host,
-          'port' => ssl_info.port,
-          'ssl_version' => ssl_info.ssl_version,
-          'ssl_dn' => ssl_info.subject_s,
-          'ssl_not_after' => ssl_info.not_after,
-          'expire_in_days' => ssl_info.expire_in_days,
-          'serial' => ssl_info.serial
-        }
-        record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
-        router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
-      end
-
-      def emit_metrics(ssl_info)
-        emit_metric_status(ssl_info)
-        emit_metric_expirency(ssl_info)
-      end
-
-      def emit_metric_status(ssl_info)
-        record = {
-          'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
-          'metric_name' => 'ssl_status',
-          'metric_value' => ssl_info.status,
-          "#{event_prefix}host" => ssl_info.host,
-          "#{event_prefix}port" => ssl_info.port,
-          "#{event_prefix}ssl_dn" => ssl_info.subject_s,
-          "#{event_prefix}ssl_version" => ssl_info.ssl_version,
-          "#{event_prefix}ssl_not_after" => ssl_info.not_after,
-          "#{event_prefix}serial" => ssl_info.serial
-        }
-        router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
-      end
-
-      def emit_metric_expirency(ssl_info)
-        return if ssl_info.error
-
-        record = {
-          'timestamp' => ssl_info.time.send("to_#{timestamp_format}"),
-          'metric_name' => 'ssl_expirency',
-          'metric_value' => ssl_info.expire_in_days,
-          "#{event_prefix}host" => ssl_info.host,
-          "#{event_prefix}port" => ssl_info.port,
-          "#{event_prefix}ssl_dn" => ssl_info.subject_s,
-          "#{event_prefix}serial" => ssl_info.serial
-        }
-        router.emit(tag, Fluent::EventTime.from_time(ssl_info.time), record)
-      end
-
       private
 
       def ssl_verify_mode
@@ -184,61 +136,6 @@ module Fluent
         OpenSSL::SSL::VERIFY_NONE
       end
 
-      # ssl info
-      #  to encapsulate extracted ssl information
-      class SslInfo
-        OK = 1
-        KO = 0
-
-        attr_reader :time
-        attr_accessor :host, :port, :cert, :cert_chain, :ssl_version, :error
-
-        # rubocop:disable Metrics/ParameterLists
-        def initialize(host: nil, port: nil, cert: nil, cert_chain: nil, ssl_version: nil, error: nil, time: Time.now)
-          @host = host
-          @port = port
-          @cert = cert
-          @cert_chain = cert_chain
-          @ssl_version = ssl_version
-          @error = error
-          @time = time
-        end
-        # rubocop:enable Metrics/ParameterLists
-
-        def subject_s
-          cert.subject.to_s if cert&.subject
-        end
-
-        def expire_in_days
-          return unless cert&.not_after
-
-          expire_in = cert.not_after
-          ((expire_in - time) / 3600 / 24).to_i
-        end
-
-        def not_after
-          return unless cert
-
-          cert.not_after.iso8601(3)
-        end
-
-        def serial
-          cert&.serial&.to_s(16)&.downcase
-        end
-
-        def status
-          return KO if error
-
-          OK
-        end
-
-        def error_class
-          return unless error
-
-          error.class.to_s
-        end
-      end
-
       # ssl client
       #  to check ssl status
       class SslClient
@@ -261,7 +158,7 @@ module Fluent
         # rubocop:enable Metrics/ParameterLists
 
         def ssl_info
-          info = SslInfo.new(host: host, port: port)
+          info = Fluent::Plugin::SslCheck::SslInfo.new(host: host, port: port)
           begin
             Timeout.timeout(timeout) do
               tcp_socket = TCPSocket.open(host, port)
@@ -282,18 +179,10 @@ module Fluent
           info
         end
 
-        def store
-          OpenSSL::X509::Store.new.tap do |store|
-            store.set_default_paths
-            store.add_path(ca_path) if ca_path
-            store.add_file(ca_file) if ca_file
-          end
-        end
-
         def ssl_context
           OpenSSL::SSL::SSLContext.new.tap do |ssl_context|
             ssl_context.verify_mode = verify_mode
-            ssl_context.cert_store = store
+            ssl_context.cert_store = ssl_store(ca_path: ca_path, ca_file: ca_file)
             ssl_context.min_version = nil
             ssl_context.max_version = OpenSSL::SSL::TLS1_2_VERSION
             ssl_context.cert = OpenSSL::X509::Certificate.new(File.open(cert)) if cert

data/lib/fluent/plugin/in_ssl_file_check.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+#
+# Copyright 2024- Thomas Tych
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+require 'fluent/plugin/input'
+
+require 'openssl'
+
+require_relative 'extensions/time'
+require_relative 'ssl_check'
+
+module Fluent
+  module Plugin
+    class SslFileCheckInput < Fluent::Plugin::Input
+      NAME = 'ssl_file_check'
+      Fluent::Plugin.register_input(NAME, self)
+
+      include Fluent::Plugin::SslCheck::SslInputEmit
+
+      DEFAULT_TAG = NAME
+      DEFAULT_INTERVAL = 600
+      DEFAULT_LOG_EVENTS = true
+      DEFAULT_METRIC_EVENTS = false
+      DEFAULT_EVENT_PREFIX = ''
+      DEFAULT_TIMESTAMP_FORMAT = :iso
+
+      desc 'Tag to emit events on'
+      config_param :tag, :string, default: DEFAULT_TAG
+
+      desc 'Paths of local certificate to check'
+      config_param :paths, :array, default: [], value_type: :string
+
+      desc 'Interval for the check execution'
+      config_param :interval, :time, default: DEFAULT_INTERVAL
+
+      desc 'CA path to load'
+      config_param :ca_path, :string, default: nil
+      desc 'CA file to load'
+      config_param :ca_file, :string, default: nil
+
+      desc 'Emit log events'
+      config_param :log_events, :bool, default: DEFAULT_LOG_EVENTS
+      desc 'Emit metric events'
+      config_param :metric_events, :bool, default: DEFAULT_METRIC_EVENTS
+      desc 'Event prefix'
+      config_param :event_prefix, :string, default: DEFAULT_EVENT_PREFIX
+      desc 'Timestamp format'
+      config_param :timestamp_format, :enum, list: %i[iso epochmillis], default: DEFAULT_TIMESTAMP_FORMAT
+
+      helpers :timer
+
+      # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+      def configure(conf)
+        super
+
+        raise Fluent::ConfigError, 'tag can not be empty.' if !tag || tag.empty?
+        raise Fluent::ConfigError, 'paths can not be empty.' unless paths
+        raise Fluent::ConfigError, 'interval can not be < 1.' if !interval || interval < 1
+        raise Fluent::ConfigError, 'ca_path should be a dir.' if ca_path && !File.directory?(ca_path)
+        raise Fluent::ConfigError, 'ca_file should be a file.' if ca_file && !File.file?(ca_file)
+
+        log.warn("#{NAME}: paths is empty, nothing to process") if paths.empty?
+      end
+      # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+
+      def start
+        super
+
+        timer_execute(:ssl_file_check_timer, 1, repeat: false, &method(:check)) if interval > 60
+
+        timer_execute(:ssl_file_check_timer, interval, repeat: true, &method(:check))
+      end
+
+      # rubocop:disable Lint/SuppressedException
+      def check
+        paths.each do |cert_path|
+          ssl_info = fetch_ssl_info(cert_path)
+          emit_logs(ssl_info) if log_events
+          emit_metrics(ssl_info) if metric_events
+        rescue StandardError
+        end
+      end
+      # rubocop:enable Lint/SuppressedException
+
+      def fetch_ssl_info(filepath)
+        ssl_file = Fluent::Plugin::SslCheck::FileChecker.new(filepath, ca_path: ca_path, ca_file: ca_file)
+        ssl_file.ssl_info
+      end
+    end
+  end
+end

data/lib/fluent/plugin/ssl_check/file_checker.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+require 'socket'
+require 'openssl'
+require_relative 'ssl_common'
+require_relative 'ssl_info'
+
+module Fluent
+  module Plugin
+    module SslCheck
+      class FileChecker
+        attr_reader :filepath, :ca_path, :ca_file
+
+        include Fluent::Plugin::SslCheck::SslCommon
+
+        def initialize(filepath, ca_path: nil, ca_file: nil)
+          @filepath = filepath
+          @ca_path = ca_path
+          @ca_file = ca_file
+        end
+
+        def certificate
+          @certificate ||= OpenSSL::X509::Certificate.new(File.read(filepath_absolute))
+        end
+
+        def filepath_absolute
+          File.expand_path(filepath)
+        end
+
+        def ssl_info
+          info = Fluent::Plugin::SslCheck::SslInfo.new(host: hostname, path: filepath_absolute)
+          begin
+            ca_store = ssl_store(ca_path: ca_path, ca_file: ca_file)
+            ca_store.verify(certificate)
+
+            info.cert = certificate
+            info.cert_chain = ca_store.chain
+            info.error = ca_store.error_string if ca_store.error != 0
+          rescue StandardError => e
+            info.error = e
+          end
+          info
+        end
+
+        def hostname
+          Socket.gethostname
+        end
+      end
+    end
+  end
+end

data/lib/fluent/plugin/ssl_check/ssl_common.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module Fluent
+  module Plugin
+    module SslCheck
+      module SslCommon
+        def ssl_store(ca_path: nil, ca_file: nil)
+          OpenSSL::X509::Store.new.tap do |store|
+            store.set_default_paths
+            store.add_path(ca_path) if ca_path
+            store.add_file(ca_file) if ca_file
+          end
+        end
+      end
+    end
+  end
+end

data/lib/fluent/plugin/ssl_check/ssl_info.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'openssl'
+
+module Fluent
+  module Plugin
+    module SslCheck
+      # ssl info
+      #  to encapsulate extracted ssl information
+      class SslInfo
+        OK = 1
+        KO = 0
+
+        attr_accessor :host, :port, :path, :cert, :cert_chain, :ssl_version, :error
+
+        # rubocop:disable Metrics/ParameterLists
+        def initialize(host: nil, port: nil, path: nil, cert: nil, cert_chain: nil, ssl_version: nil,
+                       error: nil, time: nil)
+          @host = host
+          @port = port
+          @path = path
+          @cert = cert
+          @cert_chain = cert_chain
+          @ssl_version = ssl_version
+          @error = error
+          @time = time
+        end
+        # rubocop:enable Metrics/ParameterLists
+
+        def subject_s
+          cert.subject.to_utf8 if cert&.subject
+        end
+
+        def expire_in_days
+          return unless cert&.not_after
+
+          expire_in = cert.not_after
+          ((expire_in - time) / 3600 / 24).to_i
+        end
+
+        def not_after
+          return unless cert
+
+          cert.not_after.iso8601(3)
+        end
+
+        def serial
+          cert&.serial&.to_s(16)&.downcase
+        end
+
+        def status
+          return KO if error
+
+          OK
+        end
+
+        def time
+          @time ||= Time.now.utc
+        end
+
+        def time_utc
+          time.utc
+        end
+
+        def error_class
+          return unless error
+
+          return error if error.is_a?(String)
+
+          error.class.to_s
+        end
+      end
+    end
+  end
+end

data/lib/fluent/plugin/ssl_check/ssl_input_emit.rb

@@ -0,0 +1,63 @@
+# frozen_string_literal: true
+
+module Fluent
+  module Plugin
+    module SslCheck
+      module SslInputEmit
+        def emit_logs(ssl_info)
+          record = {
+            'timestamp' => ssl_info.time_utc.send("to_#{timestamp_format}"),
+            'status' => ssl_info.status,
+            'host' => ssl_info.host,
+            'port' => ssl_info.port,
+            'path' => ssl_info.path,
+            'ssl_version' => ssl_info.ssl_version,
+            'ssl_dn' => ssl_info.subject_s,
+            'ssl_not_after' => ssl_info.not_after,
+            'expire_in_days' => ssl_info.expire_in_days,
+            'serial' => ssl_info.serial
+          }
+          record.update('error_class' => ssl_info.error_class) if ssl_info.error_class
+          router.emit(tag, Fluent::EventTime.from_time(ssl_info.time_utc), record)
+        end
+
+        def emit_metrics(ssl_info)
+          emit_metric_status(ssl_info)
+          emit_metric_expirency(ssl_info)
+        end
+
+        def emit_metric_status(ssl_info)
+          record = {
+            'timestamp' => ssl_info.time_utc.send("to_#{timestamp_format}"),
+            'metric_name' => 'ssl_status',
+            'metric_value' => ssl_info.status,
+            "#{event_prefix}host" => ssl_info.host,
+            "#{event_prefix}port" => ssl_info.port,
+            "#{event_prefix}path" => ssl_info.path,
+            "#{event_prefix}ssl_dn" => ssl_info.subject_s,
+            "#{event_prefix}ssl_version" => ssl_info.ssl_version,
+            "#{event_prefix}ssl_not_after" => ssl_info.not_after,
+            "#{event_prefix}serial" => ssl_info.serial
+          }
+          router.emit(tag, Fluent::EventTime.from_time(ssl_info.time_utc), record)
+        end
+
+        def emit_metric_expirency(ssl_info)
+          return unless ssl_info.cert
+
+          record = {
+            'timestamp' => ssl_info.time_utc.send("to_#{timestamp_format}"),
+            'metric_name' => 'ssl_expirency',
+            'metric_value' => ssl_info.expire_in_days,
+            "#{event_prefix}host" => ssl_info.host,
+            "#{event_prefix}port" => ssl_info.port,
+            "#{event_prefix}path" => ssl_info.path,
+            "#{event_prefix}ssl_dn" => ssl_info.subject_s,
+            "#{event_prefix}serial" => ssl_info.serial
+          }
+          router.emit(tag, Fluent::EventTime.from_time(ssl_info.time_utc), record)
+        end
+      end
+    end
+  end
+end

data/lib/fluent/plugin/ssl_check.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+require_relative 'ssl_check/ssl_input_emit'
+require_relative 'ssl_check/ssl_common'
+require_relative 'ssl_check/ssl_info'
+require_relative 'ssl_check/file_checker'
+
+module Fluent
+  module Plugin
+    module SslCheck
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-ssl-check
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Thomas Tych
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-03 00:00:00.000000000 Z
+date: 2024-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bump
@@ -58,6 +58,26 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 11.1.3
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.6'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.6.1
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
@@ -188,6 +208,7 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".gitignore"
+- ".gitlab-ci.yml"
 - ".rubocop.yml"
 - ".ruby-version"
 - Gemfile
@@ -198,6 +219,12 @@ files:
 - fluent-plugin-ssl-check.gemspec
 - lib/fluent/plugin/extensions/time.rb
 - lib/fluent/plugin/in_ssl_check.rb
+- lib/fluent/plugin/in_ssl_file_check.rb
+- lib/fluent/plugin/ssl_check.rb
+- lib/fluent/plugin/ssl_check/file_checker.rb
+- lib/fluent/plugin/ssl_check/ssl_common.rb
+- lib/fluent/plugin/ssl_check/ssl_info.rb
+- lib/fluent/plugin/ssl_check/ssl_input_emit.rb
 homepage: https://gitlab.com/ttych/fluent-plugin-ssl-check
 licenses:
 - Apache-2.0
@@ -218,7 +245,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.5.22
 signing_key:
 specification_version: 4
 summary: fluentd plugin to check ssl endpoint