logstash-input-beats 3.1.18-java → 3.1.19-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: dd37c14458a22eeca569f243f3cbd7feafa6a699
-  data.tar.gz: 54f225c5d3ed127f402fb4d9d61e0e001e10e722
+  metadata.gz: 97c1ad83b25e92e16acb2dde75a8d7d0796c7cd8
+  data.tar.gz: d684f40a578b5ec09f260b5d9e6d55e97bbb1d30
 SHA512:
-  metadata.gz: b2ec41b2bf657d9d6e048e4affc338ed8d6d5d5d8cf1db9c13bebbc4c7f84a0e3d61eb0aff419319f76f6984343a24458d8e6a11798ab2abc457d58371ed2eee
-  data.tar.gz: cc924727ca27fb15b435c16ff4b862e47baa9b3b59e0f691f915d1e83ff46bdafd49b829e25bbbbc35b7497d7191bf9902a4303b9457e8e4cfba9df8c8f873bf
+  metadata.gz: 1d7f83a1fb266ee9b66cb219a09b5eef81c61a61fd87527e275c07a0e42dbed405183353f632c717822bbc8825f6ba4f248bf41b7bd03660e8b51068b98e9081
+  data.tar.gz: d26d3a488875ebaada9cbe5710926a0c682331a5c7cbb529e9034d2546a8a8fef0f3e9bb86207897b46ccd03d15899ee7a94fc924db23609d04a80667af20279

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 3.1.19
+ - Fix ability to set SSL protocols #228
+
 ## 3.1.18
  - Relax version of concurrent-ruby to `~> 1.0`
 

data/VERSION

@@ -1 +1 @@
-3.1.18
+3.1.19

data/lib/logstash-input-beats_jars.rb

@@ -9,4 +9,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.7.5')
 require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.7.5')
 require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.7.5')
 require_jar('log4j', 'log4j', '1.2.17')
-require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.18')
+require_jar('org.logstash.beats', 'logstash-input-beats', '3.1.19')

data/lib/tasks/test.rake

@@ -2,10 +2,11 @@
 OS_PLATFORM = RbConfig::CONFIG["host_os"]
 VENDOR_PATH = File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "vendor"))
 
+#TODO: Figure out better means to keep this version in sync
 if OS_PLATFORM == "linux"
-  FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-linux-x86_64.tar.gz"
+  FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-alpha2-linux-x86_64.tar.gz"
 elsif OS_PLATFORM == "darwin"
-  FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-5.0.0-darwin-x86_64.tar.gz"
+  FILEBEAT_URL = "https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-6.0.0-alpha2-darwin-x86_64.tar.gz"
 end
 
 LSF_URL = "https://download.elastic.co/logstash-forwarder/binaries/logstash-forwarder_#{OS_PLATFORM}_amd64"

data/spec/integration/filebeat_spec.rb

@@ -52,6 +52,7 @@ describe "Filebeat", :integration => true do
   before :each do
     FileUtils.rm_rf(File.join(File.dirname(__FILE__), "..", "..", "vendor", "filebeat", "data"))
     start_client
+    raise 'Filebeat did not start in alloted time' unless is_alive
     sleep(20) # give some time to FB to send something
   end
 
@@ -76,7 +77,7 @@ describe "Filebeat", :integration => true do
   end
 
   ############################################################
-  # Actuals tests 
+  # Actuals tests
   context "Plain TCP" do
     include_examples "send events"
   end
@@ -190,6 +191,9 @@ describe "Filebeat", :integration => true do
       context "CA root" do
         include_context "Root CA"
 
+        let_tmp_file(:certificate_key_file) { convert_to_pkcs8(certificate_data.last) }
+        let_tmp_file(:certificate_file) { certificate_data.first }
+
         context "directly signed client certificate" do
           let(:certificate_authorities) { [root_ca_certificate_file] }
           let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", root_ca_certificate, root_ca_key) }
@@ -202,7 +206,7 @@ describe "Filebeat", :integration => true do
 
           let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
           let(:certificate_authorities) { [certificate_authorities_chain] }
-          
+
           include_examples "send events"
         end
       end
@@ -224,7 +228,7 @@ describe "Filebeat", :integration => true do
         end
 
         let(:input_config) do
-          super.merge({ 
+          super.merge({
             "ssl" => true,
             "ssl_certificate_authorities" => certificate_authorities,
             "ssl_certificate" => server_certificate_file,
@@ -249,6 +253,8 @@ describe "Filebeat", :integration => true do
 
           let_tmp_file(:server_certificate_file) { server_certificate_data.first }
           let_tmp_file(:server_certificate_key_file) { convert_to_pkcs8(server_certificate_data.last) }
+          let_tmp_file(:certificate_file) { certificate_data.first }
+          let_tmp_file(:certificate_key_file) { convert_to_pkcs8(certificate_data.last) }
 
           context "directly signed client certificate" do
             let(:certificate_authorities) { [root_ca_certificate_file] }
@@ -262,7 +268,7 @@ describe "Filebeat", :integration => true do
             include_context "Intermediate CA"
 
             let(:certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
-            let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) } 
+            let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", intermediate_ca_certificate, intermediate_ca_key) }
             let(:certificate_authorities) { [intermediate_ca_certificate_file] }
 
             include_examples "send events"
@@ -298,7 +304,7 @@ describe "Filebeat", :integration => true do
 
               let(:server_certificate_data) { Flores::PKI.create_client_certicate("CN=localhost", root_ca_certificate, root_ca_key) }
 
-              context "client from primary CA" do 
+              context "client from primary CA" do
                 include_examples "send events"
               end
 

data/spec/support/client_process_helpers.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 require "childprocess"
 module ClientProcessHelpers
-  def start_client(timeout = 1)
+  def start_client(timeout = 5)
     @client_out = Stud::Temporary.file
     @client_out.sync
 
@@ -11,13 +11,26 @@ module ClientProcessHelpers
     ChildProcess.posix_spawn = true
     @process.start
 
-    sleep(0.1)
+    sleep_interval = 0.1
+    max_iterations = (timeout / sleep_interval).to_i
+    max_iterations.times do
+      sleep(sleep_interval)
+      if @process.alive?
+        break
+      end
+    end
+    #Note - can not raise error here if process failed to start, since some tests expects for the process to not start due to invalid configuration
+
     @client_out.rewind
 
     # can be used to helper debugging when a test fails
     @execution_output = @client_out.read
   end
 
+  def is_alive
+    return @process.alive?
+  end
+
   def stop_client
     begin
       @process.poll_for_exit(5)

data/spec/support/flores_extensions.rb

@@ -1,49 +1,68 @@
 # encoding: utf-8
 require "flores/pki"
 require "flores/random"
+require "socket"
 
 module Flores
   module Random
     DEFAULT_PORT_RANGE = 1024..65535
-    DEFAULT_PORT_CHECK_TIMEOUT = 1
-    DEFAULT_MAXIMUM_PORT_FIND_TRY = 15
-
     class << self
       def port(range = DEFAULT_PORT_RANGE)
-        try = 0
-        while try < DEFAULT_MAXIMUM_PORT_FIND_TRY
-          candidate = integer(range)
-
-          if port_available?(candidate)
-            break
-          else
-            try += 1
-          end
+        integer(range)
+      end
+    end
+  end
+
+  module PKI
+
+    # Monkey patched the fix for https://github.com/jordansissel/ruby-flores/issues/9
+    # TODO: remove this once Flores is released with fix.
+    CertificateSigningRequest.class_eval do
+      def create
+        validate!
+        extensions = OpenSSL::X509::ExtensionFactory.new
+        extensions.subject_certificate = certificate
+        extensions.issuer_certificate = self_signed? ? certificate : signing_certificate
+
+        certificate.issuer = extensions.issuer_certificate.subject
+        certificate.add_extension(extensions.create_extension("subjectKeyIdentifier", "hash", false))
+
+        if want_signature_ability?
+          # Create a CA.
+          certificate.add_extension(extensions.create_extension("basicConstraints", "CA:TRUE", true))
+          # Rough googling seems to indicate at least keyCertSign is required for CA and intermediate certs.
+          certificate.add_extension(extensions.create_extension("keyUsage", "keyCertSign, cRLSign, digitalSignature", true))
+        else
+          # Create a client+server certificate
+          #
+          # It feels weird to create a certificate that's valid as both server and client, but a brief inspection of major
+          # web properties (apple.com, google.com, yahoo.com, github.com, fastly.com, mozilla.com, amazon.com) reveals that
+          # major web properties have certificates with both clientAuth and serverAuth extended key usages. Further,
+          # these major server certificates all have digitalSignature and keyEncipherment for key usage.
+          #
+          # Here's the command I used to check this:
+          #    echo mozilla.com apple.com github.com google.com yahoo.com fastly.com elastic.co amazon.com \
+          #    | xargs -n1 sh -c 'openssl s_client -connect $1:443 \
+          #    | sed -ne "/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p" \
+          #    | openssl x509 -text -noout | sed -ne "/X509v3 extensions/,/Signature Algorithm/p" | sed -e "s/^/$1 /"' - \
+          #    | grep -A2 'Key Usage'
+          certificate.add_extension(extensions.create_extension("keyUsage", "digitalSignature, keyEncipherment", true))
+          certificate.add_extension(extensions.create_extension("extendedKeyUsage", "clientAuth, serverAuth", false))
         end
-        
-        raise "Flores.random_port: Cannot find an available port, tried #{DEFAULT_MAXIMUM_PORT_FIND_TRY} times, range was: #{range}" if try == DEFAULT_MAXIMUM_PORT_FIND_TRY
 
-        candidate
-      end
-      
-      def port_available?(port)
-        begin
-          server = TCPServer.new(port)
-          available = true
-        rescue # Assume that any errors can do this
-          available = false
-        ensure
-          server.close if server
+        if @subject_alternates
+          certificate.add_extension(extensions.create_extension("subjectAltName", @subject_alternates.join(",")))
         end
 
-        return available
+        certificate.serial = OpenSSL::BN.new(serial)
+        certificate.sign(signing_key, digest_method)
+        certificate
       end
     end
-  end
 
-  module PKI
+
     DEFAULT_CERTIFICATE_OPTIONS = {
-      :duration => Flores::Random.number(100..2000),
+      :duration => 86400, #one day
       :key_size => GENERATE_DEFAULT_KEY_SIZE, 
       :exponent => GENERATE_DEFAULT_EXPONENT,
       :want_signature_ability => false
@@ -78,5 +97,9 @@ module Flores
 
       [csr.create, client_key]
     end
+
+
+
   end
 end
+

data/spec/support/integration_shared_context.rb

@@ -3,7 +3,7 @@ require "flores/random"
 
 shared_examples "send events" do
   it "successfully send the events" do
-    try(50) { expect(queue.size).to eq(number_of_events), "Expected: #{number_of_events} got: #{queue.size}, execution output:\n #{@execution_output}" }
+    try(25) { expect(queue.size).to eq(number_of_events), "Expected: #{number_of_events} got: #{queue.size}, execution output:\n #{@execution_output}" }
     expect(queue.collect { |e| e.get("message") }).to eq(events)
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-beats
 version: !ruby/object:Gem::Version
-  version: 3.1.18
+  version: 3.1.19
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-06-07 00:00:00.000000000 Z
+date: 2017-06-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -264,7 +264,7 @@ files:
 - vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/1.1.33.Fork23/netty-tcnative-boringssl-static-1.1.33.Fork23.jar
 - vendor/jar-dependencies/log4j/log4j/1.2.17/log4j-1.2.17.jar
 - vendor/jar-dependencies/org/javassist/javassist/3.20.0-GA/javassist-3.20.0-GA.jar
-- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.18/logstash-input-beats-3.1.18.jar
+- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/3.1.19/logstash-input-beats-3.1.19.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)