logstash-input-http 3.7.3-java → 3.8.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e8f934604fb8326166447a882ec62b39d64ec8238f4a57c93e4e8b19bac41d94
-  data.tar.gz: cdcb23b93ccaaf865598eca9d0bca5c9636a7df8a64bc9589067d45b8bdb7332
+  metadata.gz: 878b9676d690b6f26847e743e00caa41ff11ea5779d37773a083890f6e2ed988
+  data.tar.gz: 0450ae32b81d9ac490241083a8bb0476c8e86f118825c6027e22c32cceaab799
 SHA512:
-  metadata.gz: 6f1a7bfb267d483c5608c5c579f6f7e70f409864aa3b994475dc1af9e09f037fd2ad93a7c1efaf8fdbffb40658c05a525283a01a9367e828bb5ae38763fea6dd
-  data.tar.gz: 0111622dda8404e77d15cd2b4e36707d0f1af15aa6d0e4f88c739242002d4028882c68d54e900653db6619445189cf1e388b107800c143c0485c570d7d13cf69
+  metadata.gz: 71e58120dfba90311d13a27e049b5c74ae361311893365e6f093f3bf61922f36620e9d100719aac107b7b46c53e245a5f2f2bc1ef66c47f5a7724a22e5be6d95
+  data.tar.gz: dec4db2f58fd2e2bb67c09c365fa77c433569ffe7747026d5b8699b0a285bf454cbbea2cd6914b8599f10e686e700a4b3ec9a53f804c7e341abc6032f1fc3511

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 3.8.0
+  - Fixed SSL Java KeyStore support  [#171](https://github.com/logstash-plugins/logstash-input-http/pull/171)
+  - Added `ssl_keystore_type` configuration
+  - Added SSL Java TrustStore configurations (`ssl_truststore_type`, `ssl_truststore_path` and `ssl_truststore_password`)
+
 ## 3.7.3
   - bump netty to 4.1.100 [#170](https://github.com/logstash-plugins/logstash-input-http/pull/170)
 

data/VERSION

@@ -1 +1 @@
-3.7.3
+3.8.0

data/docs/index.asciidoc

@@ -112,7 +112,11 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_keystore_password>> |<<password,password>>|No
 | <<plugins-{type}s-{plugin}-ssl_keystore_path>> |<<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_keystore_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_supported_protocols>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
+| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
 | <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
@@ -405,7 +409,18 @@ SSL key passphrase to use.
  * Value type is <<path,path>>
  * There is no default value for this setting.
 
-The JKS keystore to validate the client's certificates
+The path for the keystore file that contains a private key and certificate.
+It must be either a Java keystore (jks) or a PKCS#12 file.
+
+NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate>> at the same time.
+
+[id="plugins-{type}s-{plugin}-ssl_keystore_type"]
+===== `ssl_keystore_type`
+
+  * Value can be any of: `jks`, `pkcs12`
+  * If not provided, the value will be inferred from the keystore filename.
+
+The format of the keystore file. It must be either `jks` or `pkcs12`.
 
 [id="plugins-{type}s-{plugin}-ssl_keystore_password"]
 ===== `ssl_keystore_password`
@@ -432,6 +447,32 @@ NOTE: If you configure the plugin to use `'TLSv1.1'` on any recent JVM, such as
 the protocol is disabled by default and needs to be enabled manually by changing `jdk.tls.disabledAlgorithms` in
 the *$JDK_HOME/conf/security/java.security* configuration file. That is, `TLSv1.1` needs to be removed from the list.
 
+[id="plugins-{type}s-{plugin}-ssl_truststore_password"]
+===== `ssl_truststore_password`
+
+  * Value type is <<password,password>>
+  * There is no default value for this setting.
+
+Set the truststore password
+
+[id="plugins-{type}s-{plugin}-ssl_truststore_path"]
+===== `ssl_truststore_path`
+
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+
+The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file.
+
+NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> at the same time.
+
+[id="plugins-{type}s-{plugin}-ssl_truststore_type"]
+===== `ssl_truststore_type`
+
+* Value can be any of: `jks`, `pkcs12`
+* If not provided, the value will be inferred from the truststore filename.
+
+The format of the truststore file. It must be either `jks` or `pkcs12`.
+
 [id="plugins-{type}s-{plugin}-ssl_verify_mode"]
 ===== `ssl_verify_mode` 
 deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]

data/lib/logstash/inputs/http.rb

@@ -76,12 +76,24 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   # The JKS keystore password
   config :ssl_keystore_password, :validate => :password
 
-  # The JKS keystore to validate the client's certificates
+  # The path for the keystore file that contains a private key and certificate
   config :ssl_keystore_path, :validate => :path
 
+  # The format of the keystore file. It must be either jks or pkcs12
+  config :ssl_keystore_type, :validate => %w[pkcs12 jks]
+
   # SSL key passphrase to use.
   config :ssl_key_passphrase, :validate => :password
 
+  # Set the truststore password
+  config :ssl_truststore_password, :validate => :password
+
+  # The path for the keystore that contains the certificates to trust. It must be either a Java keystore (jks) or a PKCS#12 file
+  config :ssl_truststore_path, :validate => :path
+
+  # The format of the truststore file. It must be either jks or pkcs12
+  config  :ssl_truststore_type, :validate => %w[pkcs12 jks]
+
   # Validate client certificates against these authorities.
   # You can define multiple files or paths. All the certificates will
   # be read and added to the trust store. You need to configure the `ssl_client_authentication`
@@ -301,18 +313,31 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
       raise LogStash::ConfigurationError, 'An `ssl_certificate` is required when using an `ssl_key`'
     end
 
-    unless ssl_key_configured? || ssl_jks_configured?
+    unless ssl_certificate_configured? || ssl_keystore_configured?
       raise LogStash::ConfigurationError, "Either an `ssl_certificate` or `ssl_keystore_path` is required when SSL is enabled `#{ssl_config_name} => true`"
     end
 
-    if require_certificate_authorities? && !certificate_authorities_configured?
-      config_name, optional, required = provided_client_authentication_config([SSL_CLIENT_AUTH_OPTIONAL, SSL_CLIENT_AUTH_REQUIRED])
-      raise LogStash::ConfigurationError, "Using `#{config_name}` set to `#{optional}` or `#{required}`, requires the configuration of `ssl_certificate_authorities`"
+    if ssl_certificate_configured? && ssl_keystore_configured?
+      raise LogStash::ConfigurationError, 'Use either an `ssl_certificate` or an `ssl_keystore_path`'
     end
 
-    if !require_certificate_authorities? && certificate_authorities_configured?
-      config_name, optional, required = provided_client_authentication_config([SSL_CLIENT_AUTH_OPTIONAL, SSL_CLIENT_AUTH_REQUIRED])
-      raise LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `#{config_name}` to `#{optional}` or '#{required}'"
+    if ssl_certificate_authorities_configured? && ssl_truststore_configured?
+      raise LogStash::ConfigurationError, 'Use either an `ssl_certificate_authorities` or an `ssl_truststore_path`'
+    end
+
+    cli_auth_config_name, cli_auth_optional_val, cli_auth_required_val = provided_ssl_client_authentication_config([SSL_CLIENT_AUTH_OPTIONAL, SSL_CLIENT_AUTH_REQUIRED])
+    if ssl_client_authentication_enabled?
+      # Ensure any CA is configured. By default, the keystore can also be used as CA
+      unless ssl_certificate_authorities_configured? || ssl_truststore_configured? || ssl_keystore_configured?
+        raise LogStash::ConfigurationError, "Using `#{cli_auth_config_name}` set to `#{cli_auth_optional_val}` or `#{cli_auth_required_val}`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`"
+      end
+    else
+      if ssl_truststore_configured?
+        raise LogStash::ConfigurationError, "The configuration of `ssl_truststore_path` requires setting `#{cli_auth_config_name}` to `#{cli_auth_optional_val}` or '#{cli_auth_required_val}'"
+      end
+      if ssl_certificate_authorities_configured?
+        raise LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `#{cli_auth_config_name}` to `#{cli_auth_optional_val}` or '#{cli_auth_required_val}'"
+      end
     end
   end
 
@@ -372,73 +397,76 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   def build_ssl_params
     return nil unless @ssl_enabled
 
-    if @ssl_keystore_path && @ssl_keystore_password
-      ssl_builder = org.logstash.plugins.inputs.http.util.JksSslBuilder.new(@ssl_keystore_path, @ssl_keystore_password.value)
-    else
-      ssl_builder = new_ssl_simple_builder
-    end
-
-    new_ssl_handshake_provider(ssl_builder)
+    new_ssl_handshake_provider(new_ssl_simple_builder)
   end
 
   def new_ssl_simple_builder
-    passphrase = @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value
     begin
-      ssl_context_builder = SslSimpleBuilder.new(@ssl_certificate, @ssl_key, passphrase)
-                            .setProtocols(@ssl_supported_protocols)
-                            .setCipherSuites(normalized_cipher_suites)
+      if ssl_keystore_configured?
+        ssl_context_builder = SslSimpleBuilder.withKeyStore(@ssl_keystore_type, @ssl_keystore_path, @ssl_keystore_password&.value)
+      else
+        ssl_context_builder = SslSimpleBuilder.withPemCertificate(@ssl_certificate, @ssl_key, @ssl_key_passphrase&.value)
+      end
 
-      if client_authentication_enabled?
-        ssl_context_builder.setClientAuthentication(ssl_simple_builder_verify_mode, @ssl_certificate_authorities)
+      ssl_context_builder.setProtocols(@ssl_supported_protocols)
+                         .setCipherSuites(normalized_cipher_suites)
+                         .setClientAuthentication(ssl_simple_builder_verify_mode)
+
+      if ssl_client_authentication_enabled?
+        if ssl_certificate_authorities_configured?
+          ssl_context_builder.setCertificateAuthorities(@ssl_certificate_authorities)
+        elsif ssl_truststore_configured?
+          ssl_context_builder.setTrustStore(@ssl_truststore_type, @ssl_truststore_path, @ssl_truststore_password&.value)
+        end
       end
 
       ssl_context_builder
-    rescue java.lang.IllegalArgumentException => e
+    rescue => e
       @logger.error("SSL configuration invalid", error_details(e))
       raise LogStash::ConfigurationError, e
     end
   end
 
   def ssl_simple_builder_verify_mode
-    return SslSimpleBuilder::SslClientVerifyMode::OPTIONAL if client_authentication_optional?
-    return SslSimpleBuilder::SslClientVerifyMode::REQUIRED if client_authentication_required?
-    return SslSimpleBuilder::SslClientVerifyMode::NONE if client_authentication_none?
+    return SslSimpleBuilder::SslClientVerifyMode::OPTIONAL if ssl_client_authentication_optional?
+    return SslSimpleBuilder::SslClientVerifyMode::REQUIRED if ssl_client_authentication_required?
+    return SslSimpleBuilder::SslClientVerifyMode::NONE if ssl_client_authentication_none?
     raise LogStash::ConfigurationError, "Invalid `ssl_client_authentication` value #{@ssl_client_authentication}"
   end
 
-  def ssl_key_configured?
-    !!(@ssl_certificate && @ssl_key)
+  def ssl_certificate_configured?
+    !(@ssl_certificate.nil? || @ssl_certificate.empty?)
   end
 
-  def ssl_jks_configured?
-    !!(@ssl_keystore_path && @ssl_keystore_password)
+  def ssl_keystore_configured?
+    !(@ssl_keystore_path.nil? || @ssl_keystore_path.empty?)
   end
 
-  def client_authentication_enabled?
-    client_authentication_optional? || client_authentication_required?
+  def ssl_truststore_configured?
+    !(@ssl_truststore_path.nil? || @ssl_truststore_path.empty?)
   end
 
-  def require_certificate_authorities?
-    client_authentication_required? || client_authentication_optional?
+  def ssl_client_authentication_enabled?
+    ssl_client_authentication_optional? || ssl_client_authentication_required?
   end
 
-  def certificate_authorities_configured?
+  def ssl_certificate_authorities_configured?
     @ssl_certificate_authorities && @ssl_certificate_authorities.size > 0
   end
 
-  def client_authentication_required?
+  def ssl_client_authentication_required?
     @ssl_client_authentication && @ssl_client_authentication.downcase == SSL_CLIENT_AUTH_REQUIRED
   end
 
-  def client_authentication_none?
+  def ssl_client_authentication_none?
     @ssl_client_authentication && @ssl_client_authentication.downcase == SSL_CLIENT_AUTH_NONE
   end
 
-  def client_authentication_optional?
+  def ssl_client_authentication_optional?
     @ssl_client_authentication && @ssl_client_authentication.downcase == SSL_CLIENT_AUTH_OPTIONAL
   end
 
-  def provided_client_authentication_config(values = [@ssl_client_authentication])
+  def provided_ssl_client_authentication_config(values = [@ssl_client_authentication])
     if original_params.include?('ssl_verify_mode')
       ['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
     elsif original_params.include?('verify_mode')

data/lib/logstash-input-http_jars.rb

@@ -8,4 +8,4 @@ require_jar('io.netty', 'netty-common', '4.1.100.Final')
 require_jar('io.netty', 'netty-transport', '4.1.100.Final')
 require_jar('io.netty', 'netty-handler', '4.1.100.Final')
 require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.100.Final')
-require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.7.3')
+require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.8.0')

data/spec/fixtures/certs/generate.sh

@@ -12,11 +12,16 @@ echo "DO NOT USE THESE CERTIFICATES IN PRODUCTION" >> ./README.txt
 # certificate authority
 openssl genrsa -out root.key 4096
 openssl req -new -x509 -days 1826 -extensions ca -key root.key -out root.crt -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=root" -config ../openssl.cnf
+# using keytool here as openssl < 3.2 won't add the "2.16.840.1.113894.746875.1.1" OID to make the cert "trusted" # See more:
+# * https://github.com/openssl/openssl/pull/19025
+# * https://github.com/openssl/openssl/commit/e869c867c1c405de3b6538586f17b67937556a4b
+keytool -import -file root.crt -alias rootCA -keystore truststore.jks -noprompt -storepass 12345678
 
 # server certificate from root
 openssl genrsa -out server_from_root.key 4096
 openssl req -new -key server_from_root.key -out server_from_root.csr -subj "/C=LS/ST=NA/L=Http Input/O=Logstash/CN=server" -config ../openssl.cnf
 openssl x509 -req -extensions server_cert -extfile ../openssl.cnf -days 1096 -in server_from_root.csr -CA root.crt -CAkey root.key -set_serial 03 -out server_from_root.crt
+openssl pkcs12 -export -out server_from_root.p12 -inkey server_from_root.key -in server_from_root.crt -certfile root.crt -password pass:12345678
 
 # client certificate from root
 openssl genrsa -out client_from_root.key 4096

data/spec/inputs/http_spec.rb

@@ -735,6 +735,16 @@ describe LogStash::Inputs::Http do
         end
       end
 
+      context "and with :ssl_keystore_path" do
+        let(:config) do
+          super().merge('ssl_keystore_path' => certificate_path( 'server_from_root.p12'), 'ssl_enabled' => true )
+        end
+
+        it "should raise a configuration error" do
+          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use either an `ssl_certificate` or an `ssl_keystore_path`/i
+        end
+      end
+
       context "with ssl_client_authentication" do
         context "normalized from ssl_verify_mode 'none'" do
           let(:config) { super().merge("ssl_verify_mode" => "none") }
@@ -766,7 +776,7 @@ describe LogStash::Inputs::Http do
             context "with no ssl_certificate_authorities set " do
               let(:config) { super().reject { |key| "ssl_certificate_authorities".eql?(key) } }
               it "raise a configuration error" do
-                expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_verify_mode` set to `peer` or `force_peer`, requires the configuration of `ssl_certificate_authorities`")
+                expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_verify_mode` set to `peer` or `force_peer`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`")
               end
             end
           end
@@ -786,13 +796,21 @@ describe LogStash::Inputs::Http do
               expect {subject.register}.to raise_error(LogStash::ConfigurationError, "The configuration of `ssl_certificate_authorities` requires setting `ssl_client_authentication` to `optional` or 'required'")
             end
           end
+
+          context "with ssl_truststore_path set" do
+            let(:config) { super().merge("ssl_truststore_path" => certificate_path('truststore.jks'), "ssl_truststore_password" => "12345678") }
+
+            it "raise a configuration error" do
+              expect {subject.register}.to raise_error(LogStash::ConfigurationError, "The configuration of `ssl_truststore_path` requires setting `ssl_client_authentication` to `optional` or 'required'")
+            end
+          end
         end
 
         context "configured to 'required'" do
           let(:config) { super().merge("ssl_client_authentication" => "required") }
 
           it "raise a ConfigurationError when certificate_authorities is not set" do
-            expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_client_authentication` set to `optional` or `required`, requires the configuration of `ssl_certificate_authorities`")
+            expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_client_authentication` set to `optional` or `required`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`")
           end
 
           context "with ssl_certificate_authorities set" do
@@ -802,13 +820,30 @@ describe LogStash::Inputs::Http do
               expect {subject.register}.not_to raise_error
             end
           end
+
+          context "with ssl_truststore_path set to a valid truststore" do
+            let(:config) { super().merge("ssl_truststore_path" => certificate_path('truststore.jks'), "ssl_truststore_password" => "12345678") }
+
+            it "doesn't raise a configuration error" do
+              expect {subject.register}.not_to raise_error
+            end
+          end
+
+          context "with ssl_truststore_path set with no trusted certificate" do
+            let(:truststore_path) { certificate_path('server_from_root.p12') }
+            let(:config) { super().merge("ssl_truststore_path" => truststore_path, "ssl_truststore_password" => "12345678") }
+
+            it "raise a configuration error" do
+              expect {subject.register}.to raise_error(LogStash::ConfigurationError, "The provided Trust Store file does not contains any trusted certificate entry: #{truststore_path}")
+            end
+          end
         end
 
         context "configured to 'optional'" do
           let(:config) { super().merge("ssl_client_authentication" => "optional") }
 
           it "raise a ConfigurationError when certificate_authorities is not set" do
-            expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_client_authentication` set to `optional` or `required`, requires the configuration of `ssl_certificate_authorities`")
+            expect {subject.register}.to raise_error(LogStash::ConfigurationError, "Using `ssl_client_authentication` set to `optional` or `required`, requires the configuration of `ssl_certificate_authorities` or `ssl_truststore_path`")
           end
 
           context "with certificate_authorities set" do
@@ -818,9 +853,71 @@ describe LogStash::Inputs::Http do
               expect {subject.register}.not_to raise_error
             end
           end
+
+          context "with ssl_truststore_path set" do
+            let(:config) { super().merge("ssl_truststore_path" => certificate_path('truststore.jks'), "ssl_truststore_password" => "12345678") }
+
+            it "doesn't raise a configuration error" do
+              expect {subject.register}.not_to raise_error
+            end
+          end
+
+          context "with ssl_truststore_path set with no trusted certificate" do
+            let(:config) { super().merge("ssl_truststore_path" => certificate_path('server_from_root.p12'), "ssl_truststore_password" => "12345678") }
+
+            it "doesn't raise a configuration error" do
+              expect {subject.register}.not_to raise_error
+            end
+          end
+        end
+      end
+    end
+    context "with :ssl_keystore_path" do
+      let(:config) do
+        {
+          "port" => port,
+          "ssl_enabled" => true,
+          "ssl_keystore_path" => certificate_path( 'server_from_root.p12'),
+          "ssl_keystore_password" => "12345678"
+        }
+      end
+
+      subject { LogStash::Inputs::Http.new(config) }
+
+      it "should not raise exception" do
+        expect { subject.register }.to_not raise_exception
+      end
+    end
+    context "with :ssl_truststore_path" do
+      let(:config) do
+        {
+          "port" => port,
+          "ssl_enabled" => true,
+          "ssl_client_authentication" => "optional",
+          "ssl_keystore_path" => certificate_path( 'server_from_root.p12'),
+          "ssl_keystore_password" => "12345678",
+          "ssl_truststore_path" => certificate_path( 'truststore.jks'),
+          "ssl_truststore_password" => "12345678"
+        }
+      end
+
+      subject { LogStash::Inputs::Http.new(config) }
+
+      it "should not raise exception" do
+        expect { subject.register }.to_not raise_exception
+      end
+
+      context "and with :ssl_certificate_authorities configured" do
+        let(:config) do
+          super().merge('ssl_certificate_authorities' => [certificate_path( 'root.crt')], 'ssl_enabled' => true )
+        end
+
+        it "should raise a configuration error" do
+          expect { subject.register }.to raise_error LogStash::ConfigurationError, /Use either an `ssl_certificate_authorities` or an `ssl_truststore_path`/i
         end
       end
     end
+
   end
 end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-http
 version: !ruby/object:Gem::Version
-  version: 3.7.3
+  version: 3.8.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-18 00:00:00.000000000 Z
+date: 2023-11-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -184,6 +184,8 @@ files:
 - spec/fixtures/certs/generated/server_from_root.crt
 - spec/fixtures/certs/generated/server_from_root.key
 - spec/fixtures/certs/generated/server_from_root.key.pkcs8
+- spec/fixtures/certs/generated/server_from_root.p12
+- spec/fixtures/certs/generated/truststore.jks
 - spec/fixtures/certs/openssl.cnf
 - spec/inputs/helpers.rb
 - spec/inputs/http_spec.rb
@@ -194,7 +196,7 @@ files:
 - vendor/jar-dependencies/io/netty/netty-handler/4.1.100.Final/netty-handler-4.1.100.Final.jar
 - vendor/jar-dependencies/io/netty/netty-transport-native-unix-common/4.1.100.Final/netty-transport-native-unix-common-4.1.100.Final.jar
 - vendor/jar-dependencies/io/netty/netty-transport/4.1.100.Final/netty-transport-4.1.100.Final.jar
-- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.7.3/logstash-input-http-3.7.3.jar
+- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.8.0/logstash-input-http-3.8.0.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
@@ -235,6 +237,8 @@ test_files:
 - spec/fixtures/certs/generated/server_from_root.crt
 - spec/fixtures/certs/generated/server_from_root.key
 - spec/fixtures/certs/generated/server_from_root.key.pkcs8
+- spec/fixtures/certs/generated/server_from_root.p12
+- spec/fixtures/certs/generated/truststore.jks
 - spec/fixtures/certs/openssl.cnf
 - spec/inputs/helpers.rb
 - spec/inputs/http_spec.rb