logstash-input-http 3.9.2-java → 4.0.0-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/VERSION +1 -1
- data/docs/index.asciidoc +20 -82
- data/lib/logstash/inputs/http.rb +9 -82
- data/lib/logstash-input-http_jars.rb +1 -1
- data/logstash-input-http.gemspec +0 -1
- data/spec/fixtures/certs/generate.sh +3 -0
- data/spec/fixtures/certs/generated/client_from_root.crt +28 -28
- data/spec/fixtures/certs/generated/client_from_root.jks +0 -0
- data/spec/fixtures/certs/generated/client_from_root.key +52 -51
- data/spec/fixtures/certs/generated/client_from_root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/client_from_root.p12 +0 -0
- data/spec/fixtures/certs/generated/root.crt +28 -28
- data/spec/fixtures/certs/generated/root.key +52 -51
- data/spec/fixtures/certs/generated/root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/server_from_root.crt +29 -29
- data/spec/fixtures/certs/generated/server_from_root.key +52 -51
- data/spec/fixtures/certs/generated/server_from_root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/server_from_root.p12 +0 -0
- data/spec/fixtures/certs/generated/truststore.jks +0 -0
- data/spec/inputs/http_spec.rb +19 -154
- data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/{3.9.2/logstash-input-http-3.9.2.jar → 4.0.0/logstash-input-http-4.0.0.jar} +0 -0
- metadata +3 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c406f5e0d989c833db3c35529b4012053539955f830fde6ca9e44235f4a39d3b
|
|
4
|
+
data.tar.gz: 22916a6402a2c55edfbee1bf3af0a578b630d2fd756356733bfc0c7de3359fdf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c2616bcde330f2d0a2d0f4273f45e7bd2ad7e09e3a1322d0c759c146c38e13c92f202b45c4a1df6a19b0b9e1ae46eaaa0e3ec1fc81f5e8421a591479122ab3e
|
|
7
|
+
data.tar.gz: 1b4d208dc8e180ee5818270f1ceb36625870d4429b9570102f69beb96c253bc5a64fc3837c90d8960b2bca1391b9b93bff76fd648d67ed27cb8b9b366b238ca2
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
## 4.0.0
|
|
2
|
+
- SSL settings that were marked deprecated in version `3.7.0` are now marked obsolete, and will prevent the plugin from starting.
|
|
3
|
+
- These settings are:
|
|
4
|
+
- `tls_min_version`, which should be replaced by `ssl_supported_protocols`
|
|
5
|
+
- `tls_max_version`, which should be replaced by `ssl_supported_protocols`
|
|
6
|
+
- `cipher_suites`, which should bre replaced by `ssl_cipher_suites`
|
|
7
|
+
- `ssl`, which should bre replaced by `ssl_enabled`
|
|
8
|
+
- `keystore`, which should bre replaced by `ssl_keystore_path`
|
|
9
|
+
- `keystore_password`, which should bre replaced by `ssl_keystore_password`
|
|
10
|
+
- `ssl_verify_mode`, which should bre replaced by `ssl_client_authentication`
|
|
11
|
+
- `verify_mode`, which should bre replaced by `ssl_client_authentication`
|
|
12
|
+
- [#182](https://github.com/logstash-plugins/logstash-input-http/pull/182)
|
|
13
|
+
|
|
1
14
|
## 3.9.2
|
|
2
15
|
- Upgrade netty to 4.1.115 [#183](https://github.com/logstash-plugins/logstash-input-http/pull/183)
|
|
3
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
4.0.0
|
data/docs/index.asciidoc
CHANGED
|
@@ -87,21 +87,21 @@ for the request's content-type is found in the `additional_codecs` setting.
|
|
|
87
87
|
|
|
88
88
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
|
89
89
|
|
|
90
|
+
NOTE: As of version `4.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
|
|
91
|
+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
|
|
92
|
+
|
|
93
|
+
|
|
90
94
|
[cols="<,<,<",options="header",]
|
|
91
95
|
|=======================================================================
|
|
92
96
|
|Setting |Input type|Required
|
|
93
97
|
| <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
|
|
94
|
-
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
|
|
95
98
|
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
|
|
96
99
|
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
|
97
|
-
| <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|__Deprecated__
|
|
98
|
-
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
|
|
99
100
|
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
|
|
100
101
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
|
|
101
102
|
| <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
|
|
102
103
|
| <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
|
|
103
104
|
| <<plugins-{type}s-{plugin}-response_code>> |<<number,number>>, one of `[200, 201, 202, 204]`|No
|
|
104
|
-
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
|
|
105
105
|
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
|
|
106
106
|
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
|
107
107
|
| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
|
|
@@ -117,12 +117,8 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
|
117
117
|
| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
|
|
118
118
|
| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
|
|
119
119
|
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
|
|
120
|
-
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
|
|
121
120
|
| <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
|
|
122
|
-
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
|
|
123
|
-
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
|
|
124
121
|
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
|
|
125
|
-
| <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
|
|
126
122
|
|=======================================================================
|
|
127
123
|
|
|
128
124
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
|
@@ -140,13 +136,6 @@ Apply specific codecs for specific content types.
|
|
|
140
136
|
The default codec will be applied only after this list is checked
|
|
141
137
|
and no codec for the request's content-type is found
|
|
142
138
|
|
|
143
|
-
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
|
144
|
-
===== `cipher_suites`
|
|
145
|
-
deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
|
|
146
|
-
|
|
147
|
-
* Value type is <<array,array>>
|
|
148
|
-
|
|
149
|
-
The list of cipher suites to use, listed by priorities.
|
|
150
139
|
|
|
151
140
|
[id="plugins-{type}s-{plugin}-ecs_compatibility"]
|
|
152
141
|
===== `ecs_compatibility`
|
|
@@ -220,23 +209,6 @@ See <<plugins-{type}s-{plugin}-ecs_metadata>> for detailed information.
|
|
|
220
209
|
|
|
221
210
|
The host or ip to bind
|
|
222
211
|
|
|
223
|
-
[id="plugins-{type}s-{plugin}-keystore"]
|
|
224
|
-
===== `keystore`
|
|
225
|
-
deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_path>> instead]
|
|
226
|
-
|
|
227
|
-
* Value type is <<path,path>>
|
|
228
|
-
* There is no default value for this setting.
|
|
229
|
-
|
|
230
|
-
The JKS keystore to validate the client's certificates
|
|
231
|
-
|
|
232
|
-
[id="plugins-{type}s-{plugin}-keystore_password"]
|
|
233
|
-
===== `keystore_password`
|
|
234
|
-
deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_password>> instead]
|
|
235
|
-
|
|
236
|
-
* Value type is <<password,password>>
|
|
237
|
-
* There is no default value for this setting.
|
|
238
|
-
|
|
239
|
-
Set the keystore password
|
|
240
212
|
|
|
241
213
|
[id="plugins-{type}s-{plugin}-password"]
|
|
242
214
|
===== `password`
|
|
@@ -314,16 +286,6 @@ specify a target field for the client host of the http request
|
|
|
314
286
|
|
|
315
287
|
specify target field for the client host of the http request
|
|
316
288
|
|
|
317
|
-
[id="plugins-{type}s-{plugin}-ssl"]
|
|
318
|
-
===== `ssl`
|
|
319
|
-
deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
|
|
320
|
-
|
|
321
|
-
* Value type is <<boolean,boolean>>
|
|
322
|
-
* Default value is `false`
|
|
323
|
-
|
|
324
|
-
Events are, by default, sent in plain text. You can
|
|
325
|
-
enable encryption by setting `ssl` to true and configuring
|
|
326
|
-
the `ssl_certificate` and `ssl_key` options.
|
|
327
289
|
|
|
328
290
|
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
|
329
291
|
===== `ssl_certificate`
|
|
@@ -473,22 +435,6 @@ NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate
|
|
|
473
435
|
|
|
474
436
|
The format of the truststore file. It must be either `jks` or `pkcs12`.
|
|
475
437
|
|
|
476
|
-
[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
|
|
477
|
-
===== `ssl_verify_mode`
|
|
478
|
-
deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
|
|
479
|
-
|
|
480
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
|
481
|
-
* Default value is `"none"`
|
|
482
|
-
|
|
483
|
-
By default the server doesn't do any client verification.
|
|
484
|
-
|
|
485
|
-
`peer` will make the server ask the client to provide a certificate.
|
|
486
|
-
If the client provides a certificate, it will be validated.
|
|
487
|
-
|
|
488
|
-
`force_peer` will make the server ask the client to provide a certificate.
|
|
489
|
-
If the client doesn't provide a certificate, the connection will be closed.
|
|
490
|
-
|
|
491
|
-
This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> and a defined list of CAs.
|
|
492
438
|
|
|
493
439
|
[id="plugins-{type}s-{plugin}-threads"]
|
|
494
440
|
===== `threads`
|
|
@@ -498,23 +444,6 @@ This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_aut
|
|
|
498
444
|
|
|
499
445
|
Number of threads to use for both accepting connections and handling requests
|
|
500
446
|
|
|
501
|
-
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
|
502
|
-
===== `tls_max_version`
|
|
503
|
-
deprecated[3.6.0]
|
|
504
|
-
|
|
505
|
-
* Value type is <<number,number>>
|
|
506
|
-
|
|
507
|
-
The maximum TLS version allowed for the encrypted connections.
|
|
508
|
-
The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
|
|
509
|
-
|
|
510
|
-
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
|
511
|
-
===== `tls_min_version`
|
|
512
|
-
deprecated[3.6.0]
|
|
513
|
-
|
|
514
|
-
* Value type is <<number,number>>
|
|
515
|
-
|
|
516
|
-
The minimum TLS version allowed for the encrypted connections.
|
|
517
|
-
The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
|
|
518
447
|
|
|
519
448
|
[id="plugins-{type}s-{plugin}-user"]
|
|
520
449
|
===== `user`
|
|
@@ -524,15 +453,24 @@ The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 fo
|
|
|
524
453
|
|
|
525
454
|
Username for basic authorization
|
|
526
455
|
|
|
527
|
-
[id="plugins-{type}s-{plugin}-
|
|
528
|
-
|
|
529
|
-
deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verify_mode>>]
|
|
530
|
-
|
|
531
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
|
532
|
-
* Default value is `"none"`
|
|
456
|
+
[id="plugins-{type}s-{plugin}-obsolete-options"]
|
|
457
|
+
==== HTTP Input Obsolete Configuration Options
|
|
533
458
|
|
|
534
|
-
|
|
459
|
+
WARNING: As of version `4.0.0` of this plugin, some configuration options have been replaced.
|
|
460
|
+
The plugin will fail to start if it contains any of these obsolete options.
|
|
535
461
|
|
|
462
|
+
[cols="<,<",options="header",]
|
|
463
|
+
|=======================================================================
|
|
464
|
+
|Setting|Replaced by
|
|
465
|
+
| cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
|
|
466
|
+
| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
|
|
467
|
+
| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
|
|
468
|
+
| ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
|
|
469
|
+
| ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
|
|
470
|
+
| tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
|
471
|
+
| tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
|
472
|
+
| verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
|
|
473
|
+
|=======================================================================
|
|
536
474
|
|
|
537
475
|
[id="plugins-{type}s-{plugin}-common-options"]
|
|
538
476
|
include::{include_path}/{type}.asciidoc[]
|
data/lib/logstash/inputs/http.rb
CHANGED
|
@@ -55,11 +55,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
55
55
|
# Password for basic authorization
|
|
56
56
|
config :password, :validate => :password, :required => false
|
|
57
57
|
|
|
58
|
-
# Events are by default sent in plain text. You can
|
|
59
|
-
# enable encryption by setting `ssl` to true and configuring
|
|
60
|
-
# the `ssl_certificate` and `ssl_key` options.
|
|
61
|
-
config :ssl, :validate => :boolean, :default => false, :deprecated => "Set 'ssl_enabled' instead."
|
|
62
|
-
|
|
63
58
|
# Events are by default sent in plain text. You can
|
|
64
59
|
# enable encryption by setting `ssl` to true and configuring
|
|
65
60
|
# the `ssl_certificate` and `ssl_key` options.
|
|
@@ -108,17 +103,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
108
103
|
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
109
104
|
config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
|
|
110
105
|
|
|
111
|
-
# By default the server doesn't do any client verification.
|
|
112
|
-
#
|
|
113
|
-
# `peer` will make the server ask the client to provide a certificate.
|
|
114
|
-
# If the client provides a certificate, it will be validated.
|
|
115
|
-
#
|
|
116
|
-
# `force_peer` will make the server ask the client to provide a certificate.
|
|
117
|
-
# If the client doesn't provide a certificate, the connection will be closed.
|
|
118
|
-
#
|
|
119
|
-
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
120
|
-
config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
|
|
121
|
-
|
|
122
106
|
# Time in milliseconds for an incomplete ssl handshake to timeout
|
|
123
107
|
config :ssl_handshake_timeout, :validate => :number, :default => 10000
|
|
124
108
|
|
|
@@ -150,25 +134,15 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
150
134
|
|
|
151
135
|
config :response_code, :validate => [200, 201, 202, 204], :default => 200
|
|
152
136
|
|
|
153
|
-
#
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
config :
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
config :
|
|
160
|
-
|
|
161
|
-
config :
|
|
162
|
-
|
|
163
|
-
config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
|
|
164
|
-
|
|
165
|
-
# The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
|
166
|
-
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
|
167
|
-
config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
|
|
168
|
-
|
|
169
|
-
# The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
|
170
|
-
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
|
171
|
-
config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
|
|
137
|
+
# Obsolete Settings
|
|
138
|
+
config :ssl, :obsolete => "Set 'ssl_enabled' instead."
|
|
139
|
+
config :keystore, :obsolete => "Set 'ssl_keystore_path' instead."
|
|
140
|
+
config :keystore_password, :validate => :password, :obsolete => "Set 'ssl_keystore_password' instead."
|
|
141
|
+
config :verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
|
|
142
|
+
config :cipher_suites, :obsolete => "Set 'ssl_cipher_suites' instead."
|
|
143
|
+
config :tls_min_version, :obsolete => "Set 'ssl_supported_protocols' instead."
|
|
144
|
+
config :tls_max_version, :obsolete => "Set 'ssl_supported_protocols' instead."
|
|
145
|
+
config :ssl_verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
|
|
172
146
|
|
|
173
147
|
attr_reader :codecs
|
|
174
148
|
|
|
@@ -200,8 +174,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
200
174
|
public
|
|
201
175
|
def register
|
|
202
176
|
|
|
203
|
-
setup_ssl_params!
|
|
204
|
-
|
|
205
177
|
validate_ssl_settings!
|
|
206
178
|
|
|
207
179
|
if @user && @password
|
|
@@ -342,34 +314,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
342
314
|
end
|
|
343
315
|
|
|
344
316
|
def setup_ssl_params!
|
|
345
|
-
@ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
|
|
346
|
-
normalizer.with_deprecated_alias(:ssl)
|
|
347
|
-
end
|
|
348
|
-
|
|
349
|
-
@ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
|
|
350
|
-
normalizer.with_deprecated_alias(:cipher_suites)
|
|
351
|
-
end
|
|
352
|
-
|
|
353
|
-
@ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
|
|
354
|
-
normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
|
|
355
|
-
TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
|
|
356
|
-
end
|
|
357
|
-
end
|
|
358
|
-
|
|
359
|
-
@ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
|
|
360
|
-
normalizer.with_deprecated_mapping(:verify_mode, :ssl_verify_mode) do |verify_mode, ssl_verify_mode|
|
|
361
|
-
normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
|
|
362
|
-
end
|
|
363
|
-
end
|
|
364
|
-
|
|
365
|
-
@ssl_keystore_path = normalize_config(:ssl_keystore_path) do |normalizer|
|
|
366
|
-
normalizer.with_deprecated_alias(:keystore)
|
|
367
|
-
end
|
|
368
|
-
|
|
369
|
-
@ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalizer|
|
|
370
|
-
normalizer.with_deprecated_alias(:keystore_password)
|
|
371
|
-
end
|
|
372
|
-
|
|
373
317
|
params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
|
|
374
318
|
params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
|
|
375
319
|
params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
|
|
@@ -378,17 +322,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
378
322
|
params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
|
|
379
323
|
end
|
|
380
324
|
|
|
381
|
-
def normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
|
|
382
|
-
verify_mode_explicitly_set = original_params.key?("verify_mode")
|
|
383
|
-
|
|
384
|
-
if verify_mode_explicitly_set && original_params.key?("ssl_verify_mode")
|
|
385
|
-
raise LogStash::ConfigurationError, "Both (deprecated) `ssl_verify_mode` and `verify_mode` were set. Use only `ssl_verify_mode`"
|
|
386
|
-
end
|
|
387
|
-
|
|
388
|
-
deprecated_value = (verify_mode_explicitly_set ? verify_mode : ssl_verify_mode).downcase
|
|
389
|
-
SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[deprecated_value]
|
|
390
|
-
end
|
|
391
|
-
|
|
392
325
|
def create_http_server(message_handler)
|
|
393
326
|
org.logstash.plugins.inputs.http.NettyHttpServer.new(
|
|
394
327
|
@host, @port, message_handler, build_ssl_params, @threads, @max_pending_requests, @max_content_length, @response_code)
|
|
@@ -467,13 +400,7 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
467
400
|
end
|
|
468
401
|
|
|
469
402
|
def provided_ssl_client_authentication_config(values = [@ssl_client_authentication])
|
|
470
|
-
if original_params.include?('ssl_verify_mode')
|
|
471
|
-
['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
|
|
472
|
-
elsif original_params.include?('verify_mode')
|
|
473
|
-
['verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
|
|
474
|
-
else
|
|
475
403
|
['ssl_client_authentication', *values]
|
|
476
|
-
end
|
|
477
404
|
end
|
|
478
405
|
|
|
479
406
|
private
|
|
@@ -8,4 +8,4 @@ require_jar('io.netty', 'netty-common', '4.1.115.Final')
|
|
|
8
8
|
require_jar('io.netty', 'netty-transport', '4.1.115.Final')
|
|
9
9
|
require_jar('io.netty', 'netty-handler', '4.1.115.Final')
|
|
10
10
|
require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
|
|
11
|
-
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '
|
|
11
|
+
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '4.0.0')
|
data/logstash-input-http.gemspec
CHANGED
|
@@ -22,7 +22,6 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
# Gem dependencies
|
|
23
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
24
24
|
s.add_runtime_dependency 'logstash-codec-plain'
|
|
25
|
-
s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
|
|
26
25
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
|
|
27
26
|
s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
|
|
28
27
|
|
|
@@ -41,5 +41,8 @@ openssl pkcs12 -export -in client_from_root.crt -inkey client_from_root.key -out
|
|
|
41
41
|
# use java keytool to convert all pkcs12 keystores to jks-format keystores (pass:12345678)
|
|
42
42
|
keytool -importkeystore -srckeystore client_from_root.p12 -srcstoretype pkcs12 -srcstorepass 12345678 -destkeystore client_from_root.jks -deststorepass 12345678 -alias client_from_root
|
|
43
43
|
|
|
44
|
+
# create pkcs8 version of root key
|
|
45
|
+
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in root.key -out root.key.pkcs8
|
|
46
|
+
|
|
44
47
|
# cleanup csr, we don't need them
|
|
45
48
|
rm -rf *.csr
|
|
@@ -1,35 +1,35 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
2
|
MIIGATCCA+mgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJMUzEL
|
|
3
3
|
MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
YXNoMQ0wCwYDVQQDDARyb290MB4XDTI0MTIwMzIzNTQzNVoXDTI3MTIwNDIzNTQz
|
|
5
|
+
NVowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
|
|
6
6
|
cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkq
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
7
|
+
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvNGWMOYl/etQBVwxlaH5DSEXA5HuD0iG
|
|
8
|
+
lTnOmy/gX1AUCnf/s3oUIu9AnmdvZMuVGwDBrFItKU+fTWTmkusoBa9Ih1UZgYqd
|
|
9
|
+
8ZQi5+cPRaK7M/+vpPgZ6OSp6gONc65tMPqB0KGMjBm5se8eXJV6eOAxu7rT3Ylu
|
|
10
|
+
DlXTDRVP4gO4/JwidHO8l+JKz4SZng/cqw2WftdCZJygadQwUOCLba1CIQqs0IwP
|
|
11
|
+
tIcjVYxYoQQD3qtahAmsVaZU+H78gRm2wNJHoeb+OGTnlSaG5WLnIPBdycfynMoc
|
|
12
|
+
EZ3u4uYC4x/OGLpzrXCg6kULf/siM2nInHR0CZAalmLtvfXXvSZ44+Ux9uhDxAhh
|
|
13
|
+
UPzE0ntAVqoP7MoUnFbOaoVHBGzKy/Iqw3P4YaxymxPZW3Ya3jqN9cLo/4P+/kOF
|
|
14
|
+
AEMRwvj6LHIq0Q1wOWYXuZXGXCeBik+EpCtDWxzNimyit17DfZCx4IZA9hqhvxld
|
|
15
|
+
n92pkW8f57G/akTB5C5Q9OFpiluEA26CQiGav7wMZVwHLujtOLrzymPfhAyjmIB/
|
|
16
|
+
N7WKMuYSXKgC95T5IkNv660rE1+4rZ7PazvgPTx0hgzg+S5wxc0KtDUJgWs/gtkG
|
|
17
|
+
5fwloNnnDTHTtpr569fCdJoas3fEcyDxvrFumIiOymE7P2ffNO/nRiBSNSa9A2Oq
|
|
18
|
+
gxURnCZjXgUCAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
|
|
19
19
|
oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
ZmljYXRlMB0GA1UdDgQWBBQ7nE3b49NUrz6Pt0Stbks/331++TAfBgNVHSMEGDAW
|
|
21
|
+
gBTimcFV2onYOhvPHoNcBGb4oovAvDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
|
|
22
22
|
FAYIKwYBBQUHAwIGCCsGAQUFBwMEMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
23
|
+
ATANBgkqhkiG9w0BAQsFAAOCAgEAeQaNjo5b8qjtkUSj3ragLlIbZHZviOWWtJsA
|
|
24
|
+
bpqw2Tyf6Mn9uSESoViAdy8bnGxpuk5FgIydJ9LRnOebjDxB/adYyf0+NJxsMiwq
|
|
25
|
+
z4ROVZLa3xPkL18GVPAg+3nlPiI8uUKNOJIglzO1ueOU30Vc9KG9bQIRbsKMX06H
|
|
26
|
+
JHkPFPRRxtHcUCUggibQcKHoSmgNkBVPVbCTbupYQ6WMt+oKpGjc/mSa7vZNXiYL
|
|
27
|
+
qa0qVmczo2KWXuvTZ0DQQbEZL0lDTVOA0WI+wxAotd4h3w0x5J4mAgic+5GyVuRD
|
|
28
|
+
XInsDyG7RBnUr+hH+eeZ8z+SzTEy8isVOsAdgjyh/bKUHmiRQPgcVxUpnJz/DzrQ
|
|
29
|
+
mLOZ9YSwVJ9pc7MYnvjJqbAkM2+m8BEb6UgspQmcd3NY6sXS1JYfNmxwyqvYjLEQ
|
|
30
|
+
ylOo2oEDRKrPtmAQ6w7wuItVUvnczXtuRjpN5uR5+9GvWKm+Wxru3v9EFkz79oUj
|
|
31
|
+
uA9/CXoFNWBFTunDsHP482ty9rLjP3iMLbh9JpZJ01uSsehGNFQVhfEsuSxa9oEJ
|
|
32
|
+
6lk40tR2C/vQXMvKt9AAJ1H1t9JAc2idj29p6mUia3YwE91WiYJElgHM7b3o7zGu
|
|
33
|
+
YDA+VNda80FvUm42iqpNz+21nYULtasJ0WUrg2RrFnPXEykr4kX0kQV2wbTnW0YE
|
|
34
|
+
udpNeRQ=
|
|
35
35
|
-----END CERTIFICATE-----
|
|
Binary file
|
|
@@ -1,51 +1,52 @@
|
|
|
1
|
-
-----BEGIN
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
1
|
+
-----BEGIN PRIVATE KEY-----
|
|
2
|
+
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC80ZYw5iX961AF
|
|
3
|
+
XDGVofkNIRcDke4PSIaVOc6bL+BfUBQKd/+zehQi70CeZ29ky5UbAMGsUi0pT59N
|
|
4
|
+
ZOaS6ygFr0iHVRmBip3xlCLn5w9Forsz/6+k+Bno5KnqA41zrm0w+oHQoYyMGbmx
|
|
5
|
+
7x5clXp44DG7utPdiW4OVdMNFU/iA7j8nCJ0c7yX4krPhJmeD9yrDZZ+10JknKBp
|
|
6
|
+
1DBQ4IttrUIhCqzQjA+0hyNVjFihBAPeq1qECaxVplT4fvyBGbbA0keh5v44ZOeV
|
|
7
|
+
JoblYucg8F3Jx/KcyhwRne7i5gLjH84YunOtcKDqRQt/+yIzacicdHQJkBqWYu29
|
|
8
|
+
9de9Jnjj5TH26EPECGFQ/MTSe0BWqg/syhScVs5qhUcEbMrL8irDc/hhrHKbE9lb
|
|
9
|
+
dhreOo31wuj/g/7+Q4UAQxHC+PoscirRDXA5Zhe5lcZcJ4GKT4SkK0NbHM2KbKK3
|
|
10
|
+
XsN9kLHghkD2GqG/GV2f3amRbx/nsb9qRMHkLlD04WmKW4QDboJCIZq/vAxlXAcu
|
|
11
|
+
6O04uvPKY9+EDKOYgH83tYoy5hJcqAL3lPkiQ2/rrSsTX7itns9rO+A9PHSGDOD5
|
|
12
|
+
LnDFzQq0NQmBaz+C2Qbl/CWg2ecNMdO2mvnr18J0mhqzd8RzIPG+sW6YiI7KYTs/
|
|
13
|
+
Z9807+dGIFI1Jr0DY6qDFRGcJmNeBQIDAQABAoICAAYJYFcfYIsR7RzCwg4R39vA
|
|
14
|
+
2VLCpV0FOVJHhxi0iuSZM47TH9Bt4HtucT8vOOM80/9JQqfe97Uop8PqbCm5zW2D
|
|
15
|
+
GVtER/y5gQuya/xEiZs1FO2YaNXqHa/xsZH6+5h9dN26QJC6PXtULjjnV23n1ILN
|
|
16
|
+
TiG9mxzr0iIwsb7rFcL40f73ge19rsOfVztztpKUWL56QHu9J5D+Ze2EPGg1iZef
|
|
17
|
+
0KusQvKm67Cemm1Xf5TkQzho+4uZoJIbb3+DVdDN0OcwwdwF/c4xQasl0G3Af/mw
|
|
18
|
+
XZtAInxLROL2TOchqel3gJgPS/f5UBe1TeURUxpYMTL5USVmH0d8EbQ/Sh6wvnAi
|
|
19
|
+
ttORnIoMEfU4dy6XcV/xjK9nNAfGSwQgOnGdjbTAtamQieoQgjVzSL/+TTRN7onZ
|
|
20
|
+
97mdfyym50sY5PqxfgtzO11OQ7b6PnRmxw7uci1WPcP+JBaKkiL12ObraUG2+320
|
|
21
|
+
Yfw9nZqxblFag7ByttAroghRmKzGUS6+tamlMhh1DMk5/9uXS3lUaD6vJIJ87gCf
|
|
22
|
+
D8hZPpfqYFzZ22oQu9sJEfwigRiAa57a86Adymo1o5T9fiwVyEMIzx1X7oR3Gy9h
|
|
23
|
+
UsmyU4sAI3aAwQyh2w6GRgaAzS6iNCEMqNjgpQ+/z4IJMW8XB527jSqdGN0hj3ab
|
|
24
|
+
xKtUPmdqOjLvkr2vuFopAoIBAQDmJUn/MvlbkDj8Ov7+K6HOYVcl+lAADuLhxF5h
|
|
25
|
+
S40FgN5I4CrGoHTNaGmNDUKNER74qE5ie3g/P2IuN1mmmLjAq9kywo8LmmZGI7JT
|
|
26
|
+
sC6UIVrzgKURLiY7ZqybuM/HgB0lHwaGCbtcBJzhWExywZ+jBAWxpFxzmlbBN9jx
|
|
27
|
+
wgLTe+hXB7wDirx4FzNzyzsWq/flFHf8EAdZsoc0V1yiP3x/0GBX59XQAd3/EfgC
|
|
28
|
+
VO4VEZWjJKAF11Ft20U7c7yHckOZ+VOCPxNEJm/sH1dPV0xjqSVzurUb/UNecqK3
|
|
29
|
+
84xQECkSk1R3kLQ0mTcuz8LnMr2BQbvJu7UPX6RLduzhIBJNAoIBAQDSB8i+p9GY
|
|
30
|
+
cUSrLR09fV5VJRNRZOxLp762aMu89NaXkyqiYGFddsNXALfeN0oa64fzsXxKgC0H
|
|
31
|
+
XRtTICqGL9p5lxgnxazNWRyLqWs9VqdnEgHIqFQJZtFVJF4NF6z+OfUAGPiUNzWd
|
|
32
|
+
o+9dkYLCmxSoC2WY80Vycsywn5zXyHWTgvET5zeBwut2i7DhNXZ0qWCs/UZH3tdw
|
|
33
|
+
n8KXV4/XB/YBhln3TfX5qVa0fAETWBRyhaVTb7MW3Z4OCUISGbsXZIO53OQwwPvi
|
|
34
|
+
Z7qcOJQk+bLlvbsc9gkFadS8uRMaLSlMUFRxYNYbmNuo33gT+yqBl4aL6LkHwVr1
|
|
35
|
+
fx0Ba15sBSaZAoIBAHtltPY7G44nlxZOf5hCRsCEWpjHTIurb6TDiCM8wgEYZpbG
|
|
36
|
+
cskLEXVtLWLuoCdI7cU/YL/XGdM3penHza7QpgbQXWWlAdOj1oB29U9/4ImWFNEI
|
|
37
|
+
wfijOOaSl6vq/KUoIPhdWT8XCrk80+zTTjIddP2P04m66cMmFqwEyLJfZuqDvkCj
|
|
38
|
+
qgBwK7tsHS9R4X23ePP/9JFW+snyOiIrUUTBK3zQekfHy1F7Hs97j/GYHgt34TaX
|
|
39
|
+
FaHsIAH6FnXZCVXKQ0rUbx0furHItivxZfvpf9DTyXvyuNaoBa4nYu2kjTAEajFG
|
|
40
|
+
g3yUPrsRB5B23zbdctRSLWDt3xe+HTZFLp9KdeUCggEAEJZ8zFIEw71uZvaRMKIO
|
|
41
|
+
KTtcYzlNUExXS6DLNok/yYjd/SUPi4ots1ljLDHBsI6Zli2WW2v0InjAB7iqox50
|
|
42
|
+
atX8GmgKVc2L65vd1GJbplBNw8NHn9Z3Afp1UyNjjlCVgQR33XzexyyDYyhy41vM
|
|
43
|
+
Ldl4lLPh8EAQ2oJAqOo0Hwpgb+n7AEycvCgcOC04xc36zK7UNijrawGzJLDNs3X1
|
|
44
|
+
f/lUcau+mZE+P9LrYtO6CbF0dTqFMnEeYo1oonVVyWsu3CcN/qu/OQpoOp5dVO5D
|
|
45
|
+
qtFpTchAviS1oJIdaBvY/yX5BVtYjaVs89FycmGL4eBNyA8BThN/U5ROfiY0tuNR
|
|
46
|
+
QQKCAQBRG/+oSf2w7GK1BgdvQPOLdtzph8ppiBpOkQwZyb1Q/lJN1HVjS3SGnOMW
|
|
47
|
+
en3R9wEVNb37IQYy2dpsDWn9Ioa73lktT5mG/+7resEZVO21gVLfav9cIFwIpCyJ
|
|
48
|
+
t3r+J2/7Cq2EZbBsyfqzVb7hcloxMO8WajQfLvD6e0IBUF/BASF/H4KWpCxHbYd4
|
|
49
|
+
qwhOEGL1TZPXamj/Hh+OIQ2bjVRNcoyXDv286YKcDhW3Pcg7jwdBjIWH61n+1y3P
|
|
50
|
+
CENjhxlTvlQ04QKyKdApAaaKkPFkde7+y4z9Lx6xXO0Z6lQcaT19kUUnrvMDRTSo
|
|
51
|
+
NPBWUAWkeuCzFYeJ1YIV3tMD+QiU
|
|
52
|
+
-----END PRIVATE KEY-----
|