logstash-input-elastic_serverless_forwarder 0.1.0-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. checksums.yaml +7 -0
  2. data/CHANGELOG.md +2 -0
  3. data/DEVELOPER.md +1 -0
  4. data/Gemfile +11 -0
  5. data/LICENSE +202 -0
  6. data/NOTICE.TXT +1 -0
  7. data/README.md +98 -0
  8. data/docs/index.asciidoc +307 -0
  9. data/lib/logstash/inputs/elastic_serverless_forwarder.rb +172 -0
  10. data/logstash-input-elastic_serverless_forwarder.gemspec +32 -0
  11. data/spec/fixtures/certs/generate.sh +58 -0
  12. data/spec/fixtures/certs/generated/README.txt +2 -0
  13. data/spec/fixtures/certs/generated/client_from_root.crt +35 -0
  14. data/spec/fixtures/certs/generated/client_from_root.jks +0 -0
  15. data/spec/fixtures/certs/generated/client_from_root.key +51 -0
  16. data/spec/fixtures/certs/generated/client_from_root.key.pkcs8 +52 -0
  17. data/spec/fixtures/certs/generated/client_from_root.p12 +0 -0
  18. data/spec/fixtures/certs/generated/client_no_matching_subject.crt +35 -0
  19. data/spec/fixtures/certs/generated/client_no_matching_subject.key +51 -0
  20. data/spec/fixtures/certs/generated/client_no_matching_subject.p12 +0 -0
  21. data/spec/fixtures/certs/generated/client_self_signed.crt +30 -0
  22. data/spec/fixtures/certs/generated/client_self_signed.key +52 -0
  23. data/spec/fixtures/certs/generated/client_self_signed.p12 +0 -0
  24. data/spec/fixtures/certs/generated/root.crt +32 -0
  25. data/spec/fixtures/certs/generated/root.key +51 -0
  26. data/spec/fixtures/certs/generated/server_from_root.crt +36 -0
  27. data/spec/fixtures/certs/generated/server_from_root.key +51 -0
  28. data/spec/fixtures/certs/generated/server_from_root.key.pkcs8 +52 -0
  29. data/spec/fixtures/certs/generated/server_from_root.pkcs8.key +52 -0
  30. data/spec/fixtures/certs/openssl.cnf +57 -0
  31. data/spec/inputs/elastic_serverless_forwarder_spec.rb +292 -0
  32. metadata +188 -0
@@ -0,0 +1,51 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIJJwIBAAKCAgEAyNxGk4AN6CblKsvbnu8YQquwazUbxZQMGyInLrrdN/5hXX/T
3
+ +DRHAE1GBTIEc5xakRPaezqa+d8CU6qRSE4EiEPE6Hcm0C9dXZ6WxC8MQxkwLR79
4
+ c8T0Es5Pj8OKsOULPfJPv1Sr80iK2+TbAE+EraNyjZ2FfYMu2i+VF2G4LDQmljW9
5
+ xdthBQ+iEYe+T5uQCkKf6np8X/8wu0yG69dM9h0EwIYq/aubxqt1obsRapuH/X28
6
+ C9YlaFZ03sTuwiHarbINpAeIGifGJHzY5OPWzPv3vH2mZlWXxD+oXb9VFrHMmdrB
7
+ 94tijFiSLdMXt1JFU3uziUoOfJCqzKk4GAYOA4mIIGw7p+cifYrdc4Lx2m8CsR2M
8
+ RJGC2/MAqgt0/ul4booXHIJXyodgvZGl3FWxVkZNbywazIKD7kH4SwyMrWFPxCbm
9
+ aRMld0ln91O4TUi5YFkSvwT7IBwA7qTa76dWGNb8ypk7BREx5kARA55ib2Gj/Ris
10
+ Cw92tG6rmnX25+UyAUCBugy5YXmK05Up4XsZmnz7UU3yggoBCJwi6exzhmyjUVGZ
11
+ H8FmsbetBuB66aOperTh3OBPG2lXEto0wOXhLv4KYpJQNvUTAOOgXJ5ourH7taG9
12
+ HwJj2ZFDxy4o+N1WRK8hpvb/KzkRhIj08643qsNpVHvM+In4y3zXMfSnDuECAwEA
13
+ AQKCAgB6Rycr+mP89VjD0fD0c4foZo7y5RTwFi28gvEpkJbF1LW/budDDcg/lctP
14
+ tGBjZUb5VQXHySi5fxryhj8FroEx11fTUV4ulPcY3EfaTO4BFx9uCJSxWrBflnt3
15
+ AMq43+cVIiOMTeaUJ5BpR4xPRxl1f7BoKAIxI6BtMVRpNJMjTehDv5m1DtWkeBzo
16
+ 4SNpYUGyDVc/Lqvy4O7wxyjIAH0Ywxe2gLdBUKx3qL/m4nQ6205Rcq784bRKLX/e
17
+ cjMLugJfhaqqNe+URKxqYBrGVTHZ/naVqESZvfezgDFmSOlq9HijHTrCEXfACteK
18
+ 0Bx6/Lm5le/5Xz0sdgGUsFu2vFDgoEgJdswwCXR2gw72m/H4sW6gkG5ewglv2Z/s
19
+ wci+xmmHTpQli9Gjo6W/7zFcgXYJWLkgbI6Q+0JOXBarsi2yX72zizjdn/cuLiOk
20
+ xQSGENd4jdiFy1rKwRnqEzC0uook9VeSRDwubNTro64Ojr1J4wsTVbLO1wXszg8S
21
+ SZnPfGmuJc+flFRrSosNjgv/fTtnh9kKke5xB1l+ZNtIgiBgvsS/LP1ywRDveYeU
22
+ QCVSd5Vu2LdhdIGRX2RYXndiW3oR4wXfM8hU2lunLgKsQaIKNN9W6ZDUYoMpXDl4
23
+ NGhtgDeha4Pz8PZvGKzJctPYPyqK4x2TS/mDrpJ/r3KAeolVAQKCAQEA5T3dLH/O
24
+ SGkaYhKjiqAo5ZAGlebeiWCrFe/m2tlsWsAj1ZK5QF/6IidnkhMifPgW6fKTsRM3
25
+ nMUjOxVOsZ4+fm77MHUtW8/TkUqQOmUiTcXfZ6NkS8p6KhZRaN7E2p/I48/5r3og
26
+ lRNedcMdZh+y6etTKixAeKsgecg1fOVaWTZ3zkpq4+XQSYtSmpT8H7u4fC9XS1Yh
27
+ la2AuBFvuYYh8Db/8ONETs2+nV2qfVREiH8ZtnEjagspHlzIO+J52lhHCPsjI7Ib
28
+ 5ziDFMBsqt2xuqCRpNOg/VlIfSZvRKy0Eq/71FqSNqssWXt6YgEi8UfWMt7ClMSM
29
+ 70kqeffCMuEk0QKCAQEA4E5VGCiuiQ1nztelxok3znSfibm37f3MDZugWz+qQLFq
30
+ RG/UERk9vnMbR/ZjqtrW1/QOqs6eY3tLMCAeCvxDfQ3E+NowdnBm43Wn+oLHJ/Wr
31
+ gHpftbcFt/vasOvP3posM0kaRJ1v3vG/Gm3qjV7Ug8CoBwJnE4cLT3iaHd3fqf3X
32
+ 30XSJYwvjc4vkLsqw1Co7tVQ/iUWY8tCJBtz44ybRPSeNf3Yh/+hN/KUUmgVR8Ya
33
+ 6WSGioqeapZZaOSBOXy4AYjqm56iWTZY0AY1zLVaX4tEEJLvBnmeSAM2ayjHCvlu
34
+ paCQ7+xoKVGwqC+KNsZuOsz9uoXOy/UWDivM0MUNEQKCAQAX/8MA3pxs7jvp2oOu
35
+ hpfheJOH6/SOM0WV9ViYvrxeP9FAkay9NY8NNkzceQ5aQOq9MT0PA7EFw4mtrMxh
36
+ QezO9bVsXEgUXYyLoF+7DU1rEPUTd4KPgLILZ+y76t52+NViLCq6mTGCCdYQxA12
37
+ 3IixfoZlWt6hA2FR/ojC+4va3R3rxdSs6SlGGcTbFA/VDqUAs0ATTgAUGGbqXkDx
38
+ Dj7NVCS1RkWnblivRtgLaOAH3i6F8BBCEMsMN7BqvIn/NtCw+wGxwfqz2TG34XE+
39
+ 7himLhsxQ0qOW2OAXp61dNMhRbU6hQTbnk31TD0Ct5W95sRg7Ps38d/DSUieHjcB
40
+ dpqRAoIBAF1Z3GpYjAL39EsOTqzo8LPYr4j3JQhERwcmzL8NKQMRk0N2MxEGqz62
41
+ 0xTJA0PZHe70YKJPqXWHm4wk4bv6ru+9qktTKzYvo3JoxgcpJE+KG901kN2klRm0
42
+ FJjrGzDugxS5CNijmSp0++647hP18oX+yS9ZnaJv4pIphCKH84zg21XNzh7YT/Y5
43
+ aGxYqPxudlAnsTSEJORVdGpojnuWSgyRrcKUqeg3yFXrfDUroiej2BFoR+IivLlp
44
+ Zz6TUwCk2kOxQsqPY8uzJZU18HAIzdrTr/kh3Z6ZQPmBdMV2TBhSJO2DfK6NefAw
45
+ UlA8sM4JGVkZdUOKar1Re+Nb8Tq1t7ECggEAG2+zqye7GuTQjsg8plNPCIEOluuI
46
+ 8PKvOD4/fKMlCIyg/09SHlAXpaPMjVBeYF3gB3ZhIDHMxdYWSNGb3+X5K6g5s4Aa
47
+ dkUHoyy1ppbHOscvQuQ4U4TE0JSv5MIoCIFBhQ37GdiRgqjPSRzErZfPap4Rocdu
48
+ LgjM9fCerNV931acZoYvI5BemQn/QM7POq4W3sU5UQm2p0liwt8olG5S3MG2DhP2
49
+ Q2qWyGFJ0FQO9PzJM30Y8P/HGQba1nsjPn3AjZMS2t/AgDX6RMm/nrzcn/VsKO1L
50
+ PChy9olPQhAjs9j2Yf+eRKBqw/VsNAI8TKQlUald0wS/zOF6X6eaV7BqzQ==
51
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,36 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIGXDCCBESgAwIBAgIBAzANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJMUzEL
3
+ MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
4
+ YXNoMQ0wCwYDVQQDDARyb290MB4XDTIyMTExODA2MTA0NloXDTI1MTExODA2MTA0
5
+ NlowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
6
+ cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGc2VydmVyMIICIjANBgkq
7
+ hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwuiDEhm5zHcuzLD+5sBUThKJJ4nIDLOF
8
+ OrOqiTaLE8ttWhK05RJNUs5tKaNpMWeO5zXQ7rQZgEyJv9VDOh4Q/hZkyqbL1xpW
9
+ p3kg7ZdMUkym/jNv0Yp0WB4fyETQAfVdk+sQIl0e8IAIB1cFyFinC+rdUlZz5fic
10
+ doghw52BN5jnn/ZoaRVkstNKGSnYnwlOUvQc2/CF+uQUZLVX/625UD1cmWcIpqQG
11
+ sQKuWfZ3UBJFep8s/PrU/ix6MKC9k8Oqg1ZsdE6McgMyfIbPD0isX7tnGipR+Jpd
12
+ +vS1EDjKaW28zjHe8+jOPAp6FZMLRZavI0ZpFF57TZOqgYRtnqJ8WLt6IllOlfEs
13
+ ieRPUL+VFAoYq6M3ppOGy9v4GEASox/EUDC28y9DU8fC8cotteqz5YGHJZ0uJS4s
14
+ SQhKKwjGSEzirvptCMZ+NwJ2mY744mwziwuZclQiB5om7tFk6ePiQa+H2zL97tWu
15
+ EZGrlRlzh46YNY5gwfHVRbPK4m4pVzzOHF1KFemtynydds/8kvr4FvdgmARkFbzY
16
+ 5qe4EaUS25sdFEU8VOAp6PpApORzGdThwfvzckvjPOxuvRm/O1cwpJ8xrxZOE4j4
17
+ AjCq3aHU+JYVXfbdVXLJ6kaN3V9xXg4EeDw4BR0oAM8EWf8q/6vHcOEf9TabAD1D
18
+ hoEPe0SZKrUCAwEAAaOCATswggE3MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQD
19
+ AgZAMDMGCWCGSAGG+EIBDQQmFiRPcGVuU1NMIEdlbmVyYXRlZCBTZXJ2ZXIgQ2Vy
20
+ dGlmaWNhdGUwHQYDVR0OBBYEFLotdYaM98cfcizXp/UFYQebwQRoMIGBBgNVHSME
21
+ ejB4gBTA8vgd/nWOBOCTxL+z67d+Am9lqqFVpFMwUTELMAkGA1UEBhMCTFMxCzAJ
22
+ BgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElucHV0MREwDwYDVQQKDAhMb2dzdGFz
23
+ aDENMAsGA1UEAwwEcm9vdIIJAJCh5OjxT2kkMA4GA1UdDwEB/wQEAwIFoDATBgNV
24
+ HSUEDDAKBggrBgEFBQcDATAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwDQYJ
25
+ KoZIhvcNAQEFBQADggIBAJJkOXW4R0VaNIXYEl2FWQXwX3qXsY/NTu/2kE0s+p9m
26
+ s8Zu8i93jPKVJhnTelxUi1MQNPk65KVinNZfPmbDjYdYSejR21R0fMZn/NvmNwoh
27
+ Zc4kgyKggi4gCmwYI2w83bfG0T02v86zveEy9EK1rSEU7kcMwk5zXgmvgZZVXZru
28
+ XNWK9GzDt2PoA+I4VijoO89J/lACUgFcFvs2jwvGFPP2UlrfwJtXngieNRTlydOF
29
+ c2GLRiad9in71RWqetiS2AvwizmDY/rWTvindNd4WX0QJGqCc6GJsmQWP3BotvVT
30
+ QDPLSIOqO0pcDP4GfsvQl7kNzWci4MKCziR3m8NoPuHJ5QhKy0N9wqEhHnJpMOHb
31
+ Qg0+rDLo66wYjBpjDpGmuAvKFEE63ox7mE+UH9A2mWThv7gqyXqHiydw7XHtYbY9
32
+ /5Lhm+MrUdlybmk4aUlkTyrsquODOuQn9yQBomJhUosD5hHcEVRdQv5EX89FBqNC
33
+ cDADsdQzXISXoCeASZKYj6urUAOiGmjIAj78sssgHOeziXtrQK0nJ5QFubMYYp8k
34
+ mMwPGBphdZ300ji0eylQfo1rbuQMSbChODNkBxPZj4KMH0V9FpbQhf6shG9evDnB
35
+ i0onM5GyjUTJXXop9lbORFpJROlBTPA71r2DPsAlGLuY64NEuMhPl3GFPgzw0XL5
36
+ -----END CERTIFICATE-----
@@ -0,0 +1,51 @@
1
+ -----BEGIN RSA PRIVATE KEY-----
2
+ MIIJKQIBAAKCAgEAwuiDEhm5zHcuzLD+5sBUThKJJ4nIDLOFOrOqiTaLE8ttWhK0
3
+ 5RJNUs5tKaNpMWeO5zXQ7rQZgEyJv9VDOh4Q/hZkyqbL1xpWp3kg7ZdMUkym/jNv
4
+ 0Yp0WB4fyETQAfVdk+sQIl0e8IAIB1cFyFinC+rdUlZz5ficdoghw52BN5jnn/Zo
5
+ aRVkstNKGSnYnwlOUvQc2/CF+uQUZLVX/625UD1cmWcIpqQGsQKuWfZ3UBJFep8s
6
+ /PrU/ix6MKC9k8Oqg1ZsdE6McgMyfIbPD0isX7tnGipR+Jpd+vS1EDjKaW28zjHe
7
+ 8+jOPAp6FZMLRZavI0ZpFF57TZOqgYRtnqJ8WLt6IllOlfEsieRPUL+VFAoYq6M3
8
+ ppOGy9v4GEASox/EUDC28y9DU8fC8cotteqz5YGHJZ0uJS4sSQhKKwjGSEzirvpt
9
+ CMZ+NwJ2mY744mwziwuZclQiB5om7tFk6ePiQa+H2zL97tWuEZGrlRlzh46YNY5g
10
+ wfHVRbPK4m4pVzzOHF1KFemtynydds/8kvr4FvdgmARkFbzY5qe4EaUS25sdFEU8
11
+ VOAp6PpApORzGdThwfvzckvjPOxuvRm/O1cwpJ8xrxZOE4j4AjCq3aHU+JYVXfbd
12
+ VXLJ6kaN3V9xXg4EeDw4BR0oAM8EWf8q/6vHcOEf9TabAD1DhoEPe0SZKrUCAwEA
13
+ AQKCAgEAlZiaSUE/jwSHAgpziq5hxo6JgLRKvBzpjBWsNaaMdoPziWfEOfGjMYRI
14
+ 2uWWbpn6X9G5bA0FaajVLUzFTY0YI70SXUxKNe38Row8zr8KkDxPC9p035JyG9P7
15
+ Nt5B/M7TpR2NA6MPhS3ve5q6UHxisk3w0yqRyBfaF0wDBj4UmJSeavNYThdic7Ki
16
+ M9AfeGlPGXJN2C2y189JK8bYJOC01DZUpVUkmapZjHDvWxNFnkp301bq07y9z9xZ
17
+ aItnFkveyvGBSn+jYjq7/EIIGMYBr3SJ/NYwliv9KAm8ExhTmznj6Srz4ad06zZr
18
+ X7W9uAqgn+WB72VZJEDLZJ88973ky2rKMj7iBVODT0ijVzodMIIH9uVFwZXOjBgX
19
+ juC5tR4CmCdLKxlgHdUhCx/J5/43QFYMRcgSmVH9oNBX/+P9cuoWWVh30qLMeRvx
20
+ 82pOf/xbIW5ggG+BbTbytc3FW1r3tRcQQVlEBwEBO24gY7blAz6MHUVNEvoxWMgN
21
+ +1QVAeKSOqI96g2w8MXAbRDD6SySi+dRctRFsokpm0zBuAPJ14cyWuRkX0Gmqdpo
22
+ 50a9neJHsqzzDbg5Kuhpb/TdlqTdxHPqvCDj9kIJbvgD7wc61I3EZiQyPkSL+9/8
23
+ kmsMBU1uaEbp/DraSsEJ0bAj4pzeqQ332GWtUkyDt00nzUHaMt0CggEBAOoxhhDc
24
+ oFRgHe8gsY2wg+Oz+NPAlqLtQsLzWLJllg8gwd2TFbqkGgiLSjvPU3xslmi7g/TQ
25
+ rhed66fvv+FaFmDFOqgqoLXIydnUjRv1hPvv2OlJTgRapasjmkDtPl1HUlFxKtlX
26
+ v8v2NbjE1ysB0nqCWX4zbNd54UPxrvUN6T4anKqYi3BhpOSbmTAOC9np2CflGQKl
27
+ +3qXwqkZbYTvCtqooBg2DRoYj82o5hNPYZwnWW871KAu6azSZGqbcz9NGcbbH8bJ
28
+ /pERQjUMIDTdbfKfQxDmiw9NntWYjzrjy5JAtxWWWumGCmcNVHypf0FoPPcZkNYQ
29
+ OJAk3wUKre8b+jMCggEBANUOi7d6eQ1/zBx/1V+5ulRZDzoYFdc0AiPN/z7O6U7+
30
+ xt+MgrG2rSG3sP9scpA9FjOMD6WvqAjbFn856WAUrceGuxB7zxNtBUCOyzJ+6GOX
31
+ YZzW/EYJ2yunNDbBp0eVVNM72ri4u6wRUT8xfsqV/miBgr9z9MKNvdRat+H3dpu3
32
+ s5tsEyAM6L82+BQJFZ5eCf5nj3Jl5QzcectYIl6jU+okeAzX2MjnJ6tqclIQVMAj
33
+ SkpFnFyBGu047c+jPfnUN3e4gRz6Zg1VkM/5ZYLcs4yCMVl6/AGA/CTgBPwyfb9B
34
+ lI0avsDcHEjYfJstGdSbGEP63jA3B5GltNwlZwY1r3cCggEASKX4Or7WFZaDcqyn
35
+ p5Z8M2Se6cEyeXQ0Y5ltiFmvBR5aRUvdT7qcQM5Exuz3rv9YYUDaHFWny7e3ZK8g
36
+ zN1PV9GW8pfWps2UoDgpVeUBzc2HckbFJuCfx8kRjtaJpBH93TnH2wg3fSPxYlHd
37
+ lX/JNSu+a0G0n9s1IAiXB3m7QwKqWtlbWA9SQYBrMtcIoh7CaQ3Ohl3K9yqgvigf
38
+ Kz+kFFR+5UPPKKs54MhmJtNXKkOioLjkqpQi9POHJvL1+0sFlgRfhSEgEQxTh3Ut
39
+ gHi4JK129oUt2h9wCD59H/2OJt5gbRfpN8vW6kTeUpWZ3kZhsx2BKoZ5pW1qqXu4
40
+ nRYGtQKCAQEArZInEvfszKmTkJg4Lb8yZGsVs59Rk7vkDmVRD0sj2V5IiHCBPOR0
41
+ 0aZDxSMFhiqt/pqZWMLs4yIRht6YGNVf6dACb+BdiBbmE30BX4byLchzFoIyjaCT
42
+ 9FFIgV9sty2aKGh3vMuK4RhOl2vsPoDJ/TudV/nQqfstbmXlrmqbLysOYI1AW3kI
43
+ 2Fag7jmkaht0itS1kV4fp0Wq15Vakrz+rR6+yr/B9ZITyFt0/RQe51UYvb9OLjJj
44
+ zGT3oJP99p0D/z3JueDo6O4Phs9H+r9wawTZzWsbCOKbCDOU/BzqQrjbm8TxKE9p
45
+ n5L2mLi6dXFQ6HjlMGR0fxx/ZmX2M6Hi6wKCAQBHgivsyJtEKrJnoRpKlrGoxXK7
46
+ Pvhi6Qe3jK7o8hMNR9j4EhUbkd9F28EL8Y6ApFozbKnXvhE424QsZnV8Li0szBSA
47
+ CUwaVa0UsP/DxQf0zNCE1evF6efI6bsDoE3P743XZTkzkgclr/KIkNNjemL+dTkt
48
+ cCggJ+DHtesFEkS2xyk02p0T54nCxtPpqlOBGVLAEmbIqso/D/w8tgIDO8nzPRxe
49
+ GCb87liHR8jCrLQn03lu1GRIUkzqHmBsTq2Ckf7V3lfbwmeFuc3gR7zNKvyRscRS
50
+ azzK55Vf4Sa8Y3BalcbPzsvebA5jzwbxTSQ1HEeKCuM6PztYnS2hwza3Rata
51
+ -----END RSA PRIVATE KEY-----
@@ -0,0 +1,52 @@
1
+ -----BEGIN PRIVATE KEY-----
2
+ MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDC6IMSGbnMdy7M
3
+ sP7mwFROEoknicgMs4U6s6qJNosTy21aErTlEk1Szm0po2kxZ47nNdDutBmATIm/
4
+ 1UM6HhD+FmTKpsvXGlaneSDtl0xSTKb+M2/RinRYHh/IRNAB9V2T6xAiXR7wgAgH
5
+ VwXIWKcL6t1SVnPl+Jx2iCHDnYE3mOef9mhpFWSy00oZKdifCU5S9Bzb8IX65BRk
6
+ tVf/rblQPVyZZwimpAaxAq5Z9ndQEkV6nyz8+tT+LHowoL2Tw6qDVmx0ToxyAzJ8
7
+ hs8PSKxfu2caKlH4ml369LUQOMppbbzOMd7z6M48CnoVkwtFlq8jRmkUXntNk6qB
8
+ hG2eonxYu3oiWU6V8SyJ5E9Qv5UUChirozemk4bL2/gYQBKjH8RQMLbzL0NTx8Lx
9
+ yi216rPlgYclnS4lLixJCEorCMZITOKu+m0Ixn43AnaZjvjibDOLC5lyVCIHmibu
10
+ 0WTp4+JBr4fbMv3u1a4RkauVGXOHjpg1jmDB8dVFs8ribilXPM4cXUoV6a3KfJ12
11
+ z/yS+vgW92CYBGQVvNjmp7gRpRLbmx0URTxU4Cno+kCk5HMZ1OHB+/NyS+M87G69
12
+ Gb87VzCknzGvFk4TiPgCMKrdodT4lhVd9t1VcsnqRo3dX3FeDgR4PDgFHSgAzwRZ
13
+ /yr/q8dw4R/1NpsAPUOGgQ97RJkqtQIDAQABAoICAQCVmJpJQT+PBIcCCnOKrmHG
14
+ jomAtEq8HOmMFaw1pox2g/OJZ8Q58aMxhEja5ZZumfpf0blsDQVpqNUtTMVNjRgj
15
+ vRJdTEo17fxGjDzOvwqQPE8L2nTfknIb0/s23kH8ztOlHY0Dow+FLe97mrpQfGKy
16
+ TfDTKpHIF9oXTAMGPhSYlJ5q81hOF2JzsqIz0B94aU8Zck3YLbLXz0krxtgk4LTU
17
+ NlSlVSSZqlmMcO9bE0WeSnfTVurTvL3P3Floi2cWS97K8YFKf6NiOrv8QggYxgGv
18
+ dIn81jCWK/0oCbwTGFObOePpKvPhp3TrNmtftb24CqCf5YHvZVkkQMtknzz3veTL
19
+ asoyPuIFU4NPSKNXOh0wggf25UXBlc6MGBeO4Lm1HgKYJ0srGWAd1SELH8nn/jdA
20
+ VgxFyBKZUf2g0Ff/4/1y6hZZWHfSosx5G/Hzak5//FshbmCAb4FtNvK1zcVbWve1
21
+ FxBBWUQHAQE7biBjtuUDPowdRU0S+jFYyA37VBUB4pI6oj3qDbDwxcBtEMPpLJKL
22
+ 51Fy1EWyiSmbTMG4A8nXhzJa5GRfQaap2mjnRr2d4keyrPMNuDkq6Glv9N2WpN3E
23
+ c+q8IOP2Qglu+APvBzrUjcRmJDI+RIv73/ySawwFTW5oRun8OtpKwQnRsCPinN6p
24
+ DffYZa1STIO3TSfNQdoy3QKCAQEA6jGGENygVGAd7yCxjbCD47P408CWou1CwvNY
25
+ smWWDyDB3ZMVuqQaCItKO89TfGyWaLuD9NCuF53rp++/4VoWYMU6qCqgtcjJ2dSN
26
+ G/WE++/Y6UlOBFqlqyOaQO0+XUdSUXEq2Ve/y/Y1uMTXKwHSeoJZfjNs13nhQ/Gu
27
+ 9Q3pPhqcqpiLcGGk5JuZMA4L2enYJ+UZAqX7epfCqRlthO8K2qigGDYNGhiPzajm
28
+ E09hnCdZbzvUoC7prNJkaptzP00Zxtsfxsn+kRFCNQwgNN1t8p9DEOaLD02e1ZiP
29
+ OuPLkkC3FZZa6YYKZw1UfKl/QWg89xmQ1hA4kCTfBQqt7xv6MwKCAQEA1Q6Lt3p5
30
+ DX/MHH/VX7m6VFkPOhgV1zQCI83/Ps7pTv7G34yCsbatIbew/2xykD0WM4wPpa+o
31
+ CNsWfznpYBStx4a7EHvPE20FQI7LMn7oY5dhnNb8RgnbK6c0NsGnR5VU0zvauLi7
32
+ rBFRPzF+ypX+aIGCv3P0wo291Fq34fd2m7ezm2wTIAzovzb4FAkVnl4J/mePcmXl
33
+ DNx5y1giXqNT6iR4DNfYyOcnq2pyUhBUwCNKSkWcXIEa7Tjtz6M9+dQ3d7iBHPpm
34
+ DVWQz/llgtyzjIIxWXr8AYD8JOAE/DJ9v0GUjRq+wNwcSNh8my0Z1JsYQ/reMDcH
35
+ kaW03CVnBjWvdwKCAQBIpfg6vtYVloNyrKenlnwzZJ7pwTJ5dDRjmW2IWa8FHlpF
36
+ S91PupxAzkTG7Peu/1hhQNocVafLt7dkryDM3U9X0Zbyl9amzZSgOClV5QHNzYdy
37
+ RsUm4J/HyRGO1omkEf3dOcfbCDd9I/FiUd2Vf8k1K75rQbSf2zUgCJcHebtDAqpa
38
+ 2VtYD1JBgGsy1wiiHsJpDc6GXcr3KqC+KB8rP6QUVH7lQ88oqzngyGYm01cqQ6Kg
39
+ uOSqlCL084cm8vX7SwWWBF+FISARDFOHdS2AeLgkrXb2hS3aH3AIPn0f/Y4m3mBt
40
+ F+k3y9bqRN5SlZneRmGzHYEqhnmlbWqpe7idFga1AoIBAQCtkicS9+zMqZOQmDgt
41
+ vzJkaxWzn1GTu+QOZVEPSyPZXkiIcIE85HTRpkPFIwWGKq3+mplYwuzjIhGG3pgY
42
+ 1V/p0AJv4F2IFuYTfQFfhvItyHMWgjKNoJP0UUiBX2y3LZooaHe8y4rhGE6Xa+w+
43
+ gMn9O51X+dCp+y1uZeWuapsvKw5gjUBbeQjYVqDuOaRqG3SK1LWRXh+nRarXlVqS
44
+ vP6tHr7Kv8H1khPIW3T9FB7nVRi9v04uMmPMZPegk/32nQP/Pcm54Ojo7g+Gz0f6
45
+ v3BrBNnNaxsI4psIM5T8HOpCuNubxPEoT2mfkvaYuLp1cVDoeOUwZHR/HH9mZfYz
46
+ oeLrAoIBAEeCK+zIm0QqsmehGkqWsajFcrs++GLpB7eMrujyEw1H2PgSFRuR30Xb
47
+ wQvxjoCkWjNsqde+ETjbhCxmdXwuLSzMFIAJTBpVrRSw/8PFB/TM0ITV68Xp58jp
48
+ uwOgTc/vjddlOTOSByWv8oiQ02N6Yv51OS1wKCAn4Me16wUSRLbHKTTanRPnicLG
49
+ 0+mqU4EZUsASZsiqyj8P/Dy2AgM7yfM9HF4YJvzuWIdHyMKstCfTeW7UZEhSTOoe
50
+ YGxOrYKR/tXeV9vCZ4W5zeBHvM0q/JGxxFJrPMrnlV/hJrxjcFqVxs/Oy95sDmPP
51
+ BvFNJDUcR4oK4zo/O1idLaHDNrdFq1o=
52
+ -----END PRIVATE KEY-----
@@ -0,0 +1,52 @@
1
+ -----BEGIN PRIVATE KEY-----
2
+ MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDC6IMSGbnMdy7M
3
+ sP7mwFROEoknicgMs4U6s6qJNosTy21aErTlEk1Szm0po2kxZ47nNdDutBmATIm/
4
+ 1UM6HhD+FmTKpsvXGlaneSDtl0xSTKb+M2/RinRYHh/IRNAB9V2T6xAiXR7wgAgH
5
+ VwXIWKcL6t1SVnPl+Jx2iCHDnYE3mOef9mhpFWSy00oZKdifCU5S9Bzb8IX65BRk
6
+ tVf/rblQPVyZZwimpAaxAq5Z9ndQEkV6nyz8+tT+LHowoL2Tw6qDVmx0ToxyAzJ8
7
+ hs8PSKxfu2caKlH4ml369LUQOMppbbzOMd7z6M48CnoVkwtFlq8jRmkUXntNk6qB
8
+ hG2eonxYu3oiWU6V8SyJ5E9Qv5UUChirozemk4bL2/gYQBKjH8RQMLbzL0NTx8Lx
9
+ yi216rPlgYclnS4lLixJCEorCMZITOKu+m0Ixn43AnaZjvjibDOLC5lyVCIHmibu
10
+ 0WTp4+JBr4fbMv3u1a4RkauVGXOHjpg1jmDB8dVFs8ribilXPM4cXUoV6a3KfJ12
11
+ z/yS+vgW92CYBGQVvNjmp7gRpRLbmx0URTxU4Cno+kCk5HMZ1OHB+/NyS+M87G69
12
+ Gb87VzCknzGvFk4TiPgCMKrdodT4lhVd9t1VcsnqRo3dX3FeDgR4PDgFHSgAzwRZ
13
+ /yr/q8dw4R/1NpsAPUOGgQ97RJkqtQIDAQABAoICAQCVmJpJQT+PBIcCCnOKrmHG
14
+ jomAtEq8HOmMFaw1pox2g/OJZ8Q58aMxhEja5ZZumfpf0blsDQVpqNUtTMVNjRgj
15
+ vRJdTEo17fxGjDzOvwqQPE8L2nTfknIb0/s23kH8ztOlHY0Dow+FLe97mrpQfGKy
16
+ TfDTKpHIF9oXTAMGPhSYlJ5q81hOF2JzsqIz0B94aU8Zck3YLbLXz0krxtgk4LTU
17
+ NlSlVSSZqlmMcO9bE0WeSnfTVurTvL3P3Floi2cWS97K8YFKf6NiOrv8QggYxgGv
18
+ dIn81jCWK/0oCbwTGFObOePpKvPhp3TrNmtftb24CqCf5YHvZVkkQMtknzz3veTL
19
+ asoyPuIFU4NPSKNXOh0wggf25UXBlc6MGBeO4Lm1HgKYJ0srGWAd1SELH8nn/jdA
20
+ VgxFyBKZUf2g0Ff/4/1y6hZZWHfSosx5G/Hzak5//FshbmCAb4FtNvK1zcVbWve1
21
+ FxBBWUQHAQE7biBjtuUDPowdRU0S+jFYyA37VBUB4pI6oj3qDbDwxcBtEMPpLJKL
22
+ 51Fy1EWyiSmbTMG4A8nXhzJa5GRfQaap2mjnRr2d4keyrPMNuDkq6Glv9N2WpN3E
23
+ c+q8IOP2Qglu+APvBzrUjcRmJDI+RIv73/ySawwFTW5oRun8OtpKwQnRsCPinN6p
24
+ DffYZa1STIO3TSfNQdoy3QKCAQEA6jGGENygVGAd7yCxjbCD47P408CWou1CwvNY
25
+ smWWDyDB3ZMVuqQaCItKO89TfGyWaLuD9NCuF53rp++/4VoWYMU6qCqgtcjJ2dSN
26
+ G/WE++/Y6UlOBFqlqyOaQO0+XUdSUXEq2Ve/y/Y1uMTXKwHSeoJZfjNs13nhQ/Gu
27
+ 9Q3pPhqcqpiLcGGk5JuZMA4L2enYJ+UZAqX7epfCqRlthO8K2qigGDYNGhiPzajm
28
+ E09hnCdZbzvUoC7prNJkaptzP00Zxtsfxsn+kRFCNQwgNN1t8p9DEOaLD02e1ZiP
29
+ OuPLkkC3FZZa6YYKZw1UfKl/QWg89xmQ1hA4kCTfBQqt7xv6MwKCAQEA1Q6Lt3p5
30
+ DX/MHH/VX7m6VFkPOhgV1zQCI83/Ps7pTv7G34yCsbatIbew/2xykD0WM4wPpa+o
31
+ CNsWfznpYBStx4a7EHvPE20FQI7LMn7oY5dhnNb8RgnbK6c0NsGnR5VU0zvauLi7
32
+ rBFRPzF+ypX+aIGCv3P0wo291Fq34fd2m7ezm2wTIAzovzb4FAkVnl4J/mePcmXl
33
+ DNx5y1giXqNT6iR4DNfYyOcnq2pyUhBUwCNKSkWcXIEa7Tjtz6M9+dQ3d7iBHPpm
34
+ DVWQz/llgtyzjIIxWXr8AYD8JOAE/DJ9v0GUjRq+wNwcSNh8my0Z1JsYQ/reMDcH
35
+ kaW03CVnBjWvdwKCAQBIpfg6vtYVloNyrKenlnwzZJ7pwTJ5dDRjmW2IWa8FHlpF
36
+ S91PupxAzkTG7Peu/1hhQNocVafLt7dkryDM3U9X0Zbyl9amzZSgOClV5QHNzYdy
37
+ RsUm4J/HyRGO1omkEf3dOcfbCDd9I/FiUd2Vf8k1K75rQbSf2zUgCJcHebtDAqpa
38
+ 2VtYD1JBgGsy1wiiHsJpDc6GXcr3KqC+KB8rP6QUVH7lQ88oqzngyGYm01cqQ6Kg
39
+ uOSqlCL084cm8vX7SwWWBF+FISARDFOHdS2AeLgkrXb2hS3aH3AIPn0f/Y4m3mBt
40
+ F+k3y9bqRN5SlZneRmGzHYEqhnmlbWqpe7idFga1AoIBAQCtkicS9+zMqZOQmDgt
41
+ vzJkaxWzn1GTu+QOZVEPSyPZXkiIcIE85HTRpkPFIwWGKq3+mplYwuzjIhGG3pgY
42
+ 1V/p0AJv4F2IFuYTfQFfhvItyHMWgjKNoJP0UUiBX2y3LZooaHe8y4rhGE6Xa+w+
43
+ gMn9O51X+dCp+y1uZeWuapsvKw5gjUBbeQjYVqDuOaRqG3SK1LWRXh+nRarXlVqS
44
+ vP6tHr7Kv8H1khPIW3T9FB7nVRi9v04uMmPMZPegk/32nQP/Pcm54Ojo7g+Gz0f6
45
+ v3BrBNnNaxsI4psIM5T8HOpCuNubxPEoT2mfkvaYuLp1cVDoeOUwZHR/HH9mZfYz
46
+ oeLrAoIBAEeCK+zIm0QqsmehGkqWsajFcrs++GLpB7eMrujyEw1H2PgSFRuR30Xb
47
+ wQvxjoCkWjNsqde+ETjbhCxmdXwuLSzMFIAJTBpVrRSw/8PFB/TM0ITV68Xp58jp
48
+ uwOgTc/vjddlOTOSByWv8oiQ02N6Yv51OS1wKCAn4Me16wUSRLbHKTTanRPnicLG
49
+ 0+mqU4EZUsASZsiqyj8P/Dy2AgM7yfM9HF4YJvzuWIdHyMKstCfTeW7UZEhSTOoe
50
+ YGxOrYKR/tXeV9vCZ4W5zeBHvM0q/JGxxFJrPMrnlV/hJrxjcFqVxs/Oy95sDmPP
51
+ BvFNJDUcR4oK4zo/O1idLaHDNrdFq1o=
52
+ -----END PRIVATE KEY-----
@@ -0,0 +1,57 @@
1
+ [ req ]
2
+ distinguished_name= req_distinguished_name
3
+ attributes= req_attributes
4
+
5
+ [ req_distinguished_name ]
6
+ countryName= Country Name (2 letter code)
7
+ countryName_min= 2
8
+ countryName_max= 2
9
+ stateOrProvinceName= State or Province Name (full name)
10
+ localityName= Locality Name (eg, city)
11
+ 0.organizationName= Organization Name (eg, company)
12
+ organizationalUnitName= Organizational Unit Name (eg, section)
13
+ commonName= Common Name (eg, fully qualified host name)
14
+ commonName_max= 64
15
+ emailAddress= Email Address
16
+ emailAddress_max= 64
17
+
18
+ [ req_attributes ]
19
+ challengePassword= A challenge password
20
+ challengePassword_min= 4
21
+ challengePassword_max= 20
22
+
23
+ [ ca ]
24
+ subjectKeyIdentifier = hash
25
+ authorityKeyIdentifier = keyid:always,issuer
26
+ basicConstraints = critical, CA:true
27
+ keyUsage = critical, digitalSignature, cRLSign, keyCertSign
28
+
29
+ [ client_cert ]
30
+ basicConstraints = CA:FALSE
31
+ nsCertType = client, email
32
+ nsComment = "OpenSSL Generated Client Certificate"
33
+ subjectKeyIdentifier = hash
34
+ authorityKeyIdentifier = keyid,issuer
35
+ keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
36
+ extendedKeyUsage = clientAuth, emailProtection
37
+ subjectAltName = "DNS:localhost, IP:127.0.0.1"
38
+
39
+ [ client_cert_no_matching_subject ]
40
+ basicConstraints = CA:FALSE
41
+ nsCertType = client, email
42
+ nsComment = "OpenSSL Generated Client Certificate"
43
+ subjectKeyIdentifier = hash
44
+ authorityKeyIdentifier = keyid,issuer
45
+ keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
46
+ extendedKeyUsage = clientAuth, emailProtection
47
+ subjectAltName = "DNS:nowhere, IP:123.45.67.89"
48
+
49
+ [ server_cert ]
50
+ basicConstraints = CA:FALSE
51
+ nsCertType = server
52
+ nsComment = "OpenSSL Generated Server Certificate"
53
+ subjectKeyIdentifier = hash
54
+ authorityKeyIdentifier = keyid,issuer:always
55
+ keyUsage = critical, digitalSignature, keyEncipherment
56
+ extendedKeyUsage = serverAuth
57
+ subjectAltName = "DNS:localhost, IP:127.0.0.1"
@@ -0,0 +1,292 @@
1
+ require "logstash/devutils/rspec/spec_helper"
2
+ require "logstash/devutils/rspec/shared_examples"
3
+
4
+ require "logstash/inputs/elastic_serverless_forwarder"
5
+
6
+ require "json"
7
+ require "manticore"
8
+
9
+ describe LogStash::Inputs::ElasticServerlessForwarder do
10
+
11
+ let(:generated_certs_directory) { Pathname.new('../fixtures/certs/generated').expand_path(__dir__).realpath }
12
+
13
+ let(:client) { Manticore::Client.new(client_options) }
14
+ let(:client_options) { { } }
15
+ let(:request_options) do
16
+ { headers: {"Content-Type" => "application/x-ndjson"} }
17
+ end
18
+
19
+ let(:port) { rand(1025...5000) }
20
+ let(:host) { "127.0.0.1" }
21
+ let(:scheme) { 'https' }
22
+ let(:url) { "#{scheme}://#{host}:#{port}" }
23
+
24
+ let(:config) { { "host" => host, "port" => port } }
25
+
26
+ subject(:esf_input) { described_class.new(config) }
27
+
28
+ let!(:queue) { Queue.new }
29
+
30
+ context 'baseline' do
31
+ let(:config) { super().merge('ssl' => false) }
32
+ let(:scheme) { 'http' }
33
+
34
+ it_behaves_like "an interruptible input plugin" do
35
+ let(:config) { { "port" => port, "ssl" => false } }
36
+ end
37
+
38
+ after :each do
39
+ client.clear_pending
40
+ client.close
41
+ esf_input.stop
42
+ end
43
+
44
+ end
45
+
46
+ shared_context "basic request handling" do
47
+ let!(:registered_esf_input) { esf_input.tap(&:register) }
48
+ let!(:running_input_thread) { Thread.new { registered_esf_input.run(queue) } }
49
+ before(:each) { wait_until_listening(host, port) }
50
+
51
+ after(:each) do
52
+ client.clear_pending
53
+ client.close
54
+ esf_input.stop
55
+ running_input_thread.join(10) || fail('o no')
56
+ end
57
+
58
+ let(:ndjson_encoded_body) do
59
+ <<~EONDJSONBODY
60
+ {"hello":"world"}
61
+ {"this":"works"}
62
+ {"message":"and doesn't destroy event.original that was included in payload", "event":{"original":"yes"}}
63
+ EONDJSONBODY
64
+ end
65
+
66
+ def wait_until_listening(host, port, timeout=10)
67
+ deadline = Time.now + timeout
68
+ begin
69
+ TCPSocket.new(host, port).close
70
+ rescue Errno::ECONNREFUSED
71
+ raise if Time.now > deadline
72
+ sleep 1
73
+ retry
74
+ end
75
+ end
76
+
77
+ def pop_with_timeout(queue, timeout)
78
+ t = Thread.new { queue.pop }
79
+ t.join(timeout) || t.kill
80
+ t.value
81
+ end
82
+ end
83
+
84
+ shared_examples 'successful request handling' do
85
+ include_context 'basic request handling'
86
+ describe 'basic receipt of events' do
87
+ it 'puts decoded, unenriched events into the queue' do
88
+ client.post("#{scheme}://#{host}:#{port}/events", request_options.merge(body: ndjson_encoded_body)).call
89
+
90
+ event = pop_with_timeout(queue, 30) || fail('nothing written to queue')
91
+ expect(event.get("hello")).to eq('world')
92
+
93
+ # ensure enrichment is avoided
94
+ expect(event).to_not include('[event][original]')
95
+ expect(event).to_not include('[@metadata][void]')
96
+ expect(event).to_not include('[host]')
97
+
98
+ # ensure additional events are added
99
+ event2 = pop_with_timeout(queue, 1) || fail('only single event written to queue')
100
+ expect(event2.get("this")).to eq('works')
101
+
102
+ # ensure an event that _has_ an event.original in the payload is not lost
103
+ event3 = pop_with_timeout(queue, 1) || fail('no third element in the queue')
104
+ expect(event3).to include('[event][original]')
105
+ expect(event3.get('[event][original]')).to eq('yes')
106
+ end
107
+ end
108
+ end
109
+
110
+ shared_examples 'bad certificate request handling' do
111
+ include_context 'basic request handling'
112
+ describe 'connection' do
113
+ it 'rejects the connection with a bad_certificate error' do
114
+ expect do
115
+ client.post("#{scheme}://#{host}:#{port}/events", request_options.merge(body: ndjson_encoded_body)).call
116
+ end.to raise_exception(Manticore::ClientProtocolException, a_string_including('bad_certificate'))
117
+ end
118
+ end
119
+ end
120
+
121
+ shared_examples 'bad basic auth request handling' do
122
+ include_context 'basic request handling'
123
+ describe 'request' do
124
+ it 'rejects the request with an HTTP 401 Unauthorized' do
125
+ response = client.post("#{scheme}://#{host}:#{port}/events", request_options.merge(body: ndjson_encoded_body)).call
126
+ expect(response).to have_attributes(code: 401, message: 'Unauthorized')
127
+ end
128
+ end
129
+ end
130
+
131
+ shared_examples 'basic auth support' do
132
+ context 'when http basic auth is enabled' do
133
+ let(:username) { 'john.doe' }
134
+ let(:password) { 'sUp3r$ecr3t' }
135
+ let(:config) do
136
+ super().merge('auth_basic_username' => username, 'auth_basic_password' => password)
137
+ end
138
+
139
+ context 'with valid credentials' do
140
+ let(:request_options) { super().merge(auth: {user: username, password: password}) }
141
+
142
+ include_examples 'successful request handling'
143
+ end
144
+ context 'with invalid credentials' do
145
+ let(:request_options) { super().merge(auth: {user: username, password: "incorrect"}) }
146
+
147
+ include_examples 'bad basic auth request handling'
148
+ end
149
+ context 'without credentials' do
150
+ include_examples 'bad basic auth request handling'
151
+ end
152
+ end
153
+ end
154
+
155
+ describe 'unsecured HTTP' do
156
+ let(:config) { super().merge('ssl' => false) }
157
+ let(:scheme) { 'http' }
158
+
159
+ include_examples 'successful request handling'
160
+ include_examples 'basic auth support'
161
+ end
162
+
163
+ describe 'SSL enabled' do
164
+ let(:config) do
165
+ super().merge({
166
+ 'ssl_certificate' => generated_certs_directory.join('server_from_root.crt').to_path,
167
+ 'ssl_key' => generated_certs_directory.join('server_from_root.key.pkcs8').to_path,
168
+ })
169
+ end
170
+ let(:client_ssl_options) do
171
+ { ca_file: generated_certs_directory.join('root.crt').to_path }
172
+ end
173
+ let(:client_options) do
174
+ super().merge(
175
+ ssl: client_ssl_options
176
+ )
177
+ end
178
+
179
+ include_examples 'successful request handling'
180
+ include_examples 'basic auth support'
181
+
182
+ context 'ssl_client_authentication => optional' do
183
+ let(:config) do
184
+ super().merge({
185
+ "ssl_client_authentication" => "optional",
186
+ "ssl_certificate_authorities" => generated_certs_directory.join('root.crt').to_path,
187
+ })
188
+ end
189
+
190
+ context 'when client provides trusted cert' do
191
+ let(:client_ssl_options) do
192
+ super().merge({
193
+ keystore: generated_certs_directory.join('client_from_root.p12').to_path,
194
+ keystore_password: '12345678',
195
+ })
196
+ end
197
+ include_examples 'successful request handling'
198
+ include_examples 'basic auth support'
199
+ end
200
+
201
+ context 'when client does not provide cert' do
202
+ include_examples 'successful request handling'
203
+ include_examples 'basic auth support'
204
+ end
205
+
206
+ context 'when client provides CA-signed cert without matching subjectAltName entry' do
207
+ let(:client_ssl_options) do
208
+ super().merge({
209
+ keystore: generated_certs_directory.join('client_no_matching_subject.p12').to_path,
210
+ keystore_password: '12345678',
211
+ })
212
+ end
213
+
214
+ include_examples 'successful request handling'
215
+
216
+ context 'and `ssl_verification_mode => full`', skip: "pending implementation of `ssl_verification_mode => full`" do
217
+ let(:config) do
218
+ super().merge('ssl_verification_mode' => 'full')
219
+ end
220
+
221
+ include_examples 'bad certificate request handling'
222
+ end
223
+ end
224
+
225
+ context 'when client provides self-signed cert' do
226
+ let(:client_ssl_options) do
227
+ super().merge({
228
+ keystore: generated_certs_directory.join('client_self_signed.p12').to_path,
229
+ keystore_password: '12345678',
230
+ })
231
+ end
232
+
233
+ include_examples 'successful request handling'
234
+ include_examples 'basic auth support'
235
+ end
236
+ end
237
+
238
+ context 'ssl_client_authentication => required' do
239
+ let(:config) do
240
+ super().merge({
241
+ "ssl_client_authentication" => "required",
242
+ "ssl_certificate_authorities" => generated_certs_directory.join('root.crt').to_path,
243
+ })
244
+ end
245
+
246
+ context 'when client provides trusted cert' do
247
+ let(:client_ssl_options) do
248
+ super().merge({
249
+ keystore: generated_certs_directory.join('client_from_root.p12').to_path,
250
+ keystore_password: '12345678',
251
+ })
252
+ end
253
+ include_examples 'successful request handling'
254
+ include_examples 'basic auth support'
255
+ end
256
+
257
+ context 'when client does not provide cert' do
258
+ include_examples 'bad certificate request handling'
259
+ end
260
+
261
+ context 'when client provides CA-signed cert without matching subjectAltName entry' do
262
+ let(:client_ssl_options) do
263
+ super().merge({
264
+ keystore: generated_certs_directory.join('client_no_matching_subject.p12').to_path,
265
+ keystore_password: '12345678',
266
+ })
267
+ end
268
+
269
+ include_examples 'successful request handling'
270
+
271
+ context 'and `ssl_verification_mode => full`', skip: "pending implementation of `ssl_verification_mode => full`" do
272
+ let(:config) do
273
+ super().merge('ssl_verification_mode' => 'full')
274
+ end
275
+
276
+ include_examples 'bad certificate request handling'
277
+ end
278
+ end
279
+
280
+ context 'when client provides self-signed cert' do
281
+ let(:client_ssl_options) do
282
+ super().merge({
283
+ keystore: generated_certs_directory.join('client_self_signed.p12').to_path,
284
+ keystore_password: '12345678',
285
+ })
286
+ end
287
+
288
+ include_examples 'bad certificate request handling'
289
+ end
290
+ end
291
+ end
292
+ end