logstash-input-http 3.9.2-java → 4.0.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +13 -0
- data/VERSION +1 -1
- data/docs/index.asciidoc +20 -82
- data/lib/logstash/inputs/http.rb +9 -82
- data/lib/logstash-input-http_jars.rb +1 -1
- data/logstash-input-http.gemspec +0 -1
- data/spec/fixtures/certs/generate.sh +3 -0
- data/spec/fixtures/certs/generated/client_from_root.crt +28 -28
- data/spec/fixtures/certs/generated/client_from_root.jks +0 -0
- data/spec/fixtures/certs/generated/client_from_root.key +52 -51
- data/spec/fixtures/certs/generated/client_from_root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/client_from_root.p12 +0 -0
- data/spec/fixtures/certs/generated/root.crt +28 -28
- data/spec/fixtures/certs/generated/root.key +52 -51
- data/spec/fixtures/certs/generated/root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/server_from_root.crt +29 -29
- data/spec/fixtures/certs/generated/server_from_root.key +52 -51
- data/spec/fixtures/certs/generated/server_from_root.key.pkcs8 +50 -50
- data/spec/fixtures/certs/generated/server_from_root.p12 +0 -0
- data/spec/fixtures/certs/generated/truststore.jks +0 -0
- data/spec/inputs/http_spec.rb +19 -154
- data/vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/{3.9.2/logstash-input-http-3.9.2.jar → 4.0.0/logstash-input-http-4.0.0.jar} +0 -0
- metadata +3 -23
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c406f5e0d989c833db3c35529b4012053539955f830fde6ca9e44235f4a39d3b
|
|
4
|
+
data.tar.gz: 22916a6402a2c55edfbee1bf3af0a578b630d2fd756356733bfc0c7de3359fdf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2c2616bcde330f2d0a2d0f4273f45e7bd2ad7e09e3a1322d0c759c146c38e13c92f202b45c4a1df6a19b0b9e1ae46eaaa0e3ec1fc81f5e8421a591479122ab3e
|
|
7
|
+
data.tar.gz: 1b4d208dc8e180ee5818270f1ceb36625870d4429b9570102f69beb96c253bc5a64fc3837c90d8960b2bca1391b9b93bff76fd648d67ed27cb8b9b366b238ca2
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,16 @@
|
|
|
1
|
+
## 4.0.0
|
|
2
|
+
- SSL settings that were marked deprecated in version `3.7.0` are now marked obsolete, and will prevent the plugin from starting.
|
|
3
|
+
- These settings are:
|
|
4
|
+
- `tls_min_version`, which should be replaced by `ssl_supported_protocols`
|
|
5
|
+
- `tls_max_version`, which should be replaced by `ssl_supported_protocols`
|
|
6
|
+
- `cipher_suites`, which should bre replaced by `ssl_cipher_suites`
|
|
7
|
+
- `ssl`, which should bre replaced by `ssl_enabled`
|
|
8
|
+
- `keystore`, which should bre replaced by `ssl_keystore_path`
|
|
9
|
+
- `keystore_password`, which should bre replaced by `ssl_keystore_password`
|
|
10
|
+
- `ssl_verify_mode`, which should bre replaced by `ssl_client_authentication`
|
|
11
|
+
- `verify_mode`, which should bre replaced by `ssl_client_authentication`
|
|
12
|
+
- [#182](https://github.com/logstash-plugins/logstash-input-http/pull/182)
|
|
13
|
+
|
|
1
14
|
## 3.9.2
|
|
2
15
|
- Upgrade netty to 4.1.115 [#183](https://github.com/logstash-plugins/logstash-input-http/pull/183)
|
|
3
16
|
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
|
|
1
|
+
4.0.0
|
data/docs/index.asciidoc
CHANGED
|
@@ -87,21 +87,21 @@ for the request's content-type is found in the `additional_codecs` setting.
|
|
|
87
87
|
|
|
88
88
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
|
89
89
|
|
|
90
|
+
NOTE: As of version `4.0.0` of this plugin, a number of previously deprecated settings related to SSL have been removed.
|
|
91
|
+
Please check out <<plugins-{type}s-{plugin}-obsolete-options>> for details.
|
|
92
|
+
|
|
93
|
+
|
|
90
94
|
[cols="<,<,<",options="header",]
|
|
91
95
|
|=======================================================================
|
|
92
96
|
|Setting |Input type|Required
|
|
93
97
|
| <<plugins-{type}s-{plugin}-additional_codecs>> |<<hash,hash>>|No
|
|
94
|
-
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|__Deprecated__
|
|
95
98
|
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
|
|
96
99
|
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
|
97
|
-
| <<plugins-{type}s-{plugin}-keystore>> |<<path,path>>|__Deprecated__
|
|
98
|
-
| <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|__Deprecated__
|
|
99
100
|
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
|
|
100
101
|
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|No
|
|
101
102
|
| <<plugins-{type}s-{plugin}-max_pending_requests>> |<<number,number>>|No
|
|
102
103
|
| <<plugins-{type}s-{plugin}-response_headers>> |<<hash,hash>>|No
|
|
103
104
|
| <<plugins-{type}s-{plugin}-response_code>> |<<number,number>>, one of `[200, 201, 202, 204]`|No
|
|
104
|
-
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|__Deprecated__
|
|
105
105
|
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
|
|
106
106
|
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
|
107
107
|
| <<plugins-{type}s-{plugin}-ssl_cipher_suites>> |<<array,array>>|No
|
|
@@ -117,12 +117,8 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
|
117
117
|
| <<plugins-{type}s-{plugin}-ssl_truststore_password>> |<<password,password>>|No
|
|
118
118
|
| <<plugins-{type}s-{plugin}-ssl_truststore_path>> |<<path,path>>|No
|
|
119
119
|
| <<plugins-{type}s-{plugin}-ssl_truststore_type>> |<<string,string>>|No
|
|
120
|
-
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
|
|
121
120
|
| <<plugins-{type}s-{plugin}-threads>> |<<number,number>>|No
|
|
122
|
-
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|__Deprecated__
|
|
123
|
-
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|__Deprecated__
|
|
124
121
|
| <<plugins-{type}s-{plugin}-user>> |<<string,string>>|No
|
|
125
|
-
| <<plugins-{type}s-{plugin}-verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|__Deprecated__
|
|
126
122
|
|=======================================================================
|
|
127
123
|
|
|
128
124
|
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
|
@@ -140,13 +136,6 @@ Apply specific codecs for specific content types.
|
|
|
140
136
|
The default codec will be applied only after this list is checked
|
|
141
137
|
and no codec for the request's content-type is found
|
|
142
138
|
|
|
143
|
-
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
|
144
|
-
===== `cipher_suites`
|
|
145
|
-
deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_cipher_suites>>]
|
|
146
|
-
|
|
147
|
-
* Value type is <<array,array>>
|
|
148
|
-
|
|
149
|
-
The list of cipher suites to use, listed by priorities.
|
|
150
139
|
|
|
151
140
|
[id="plugins-{type}s-{plugin}-ecs_compatibility"]
|
|
152
141
|
===== `ecs_compatibility`
|
|
@@ -220,23 +209,6 @@ See <<plugins-{type}s-{plugin}-ecs_metadata>> for detailed information.
|
|
|
220
209
|
|
|
221
210
|
The host or ip to bind
|
|
222
211
|
|
|
223
|
-
[id="plugins-{type}s-{plugin}-keystore"]
|
|
224
|
-
===== `keystore`
|
|
225
|
-
deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_path>> instead]
|
|
226
|
-
|
|
227
|
-
* Value type is <<path,path>>
|
|
228
|
-
* There is no default value for this setting.
|
|
229
|
-
|
|
230
|
-
The JKS keystore to validate the client's certificates
|
|
231
|
-
|
|
232
|
-
[id="plugins-{type}s-{plugin}-keystore_password"]
|
|
233
|
-
===== `keystore_password`
|
|
234
|
-
deprecated[3.7.0, Use <<plugins-{type}s-{plugin}-ssl_keystore_password>> instead]
|
|
235
|
-
|
|
236
|
-
* Value type is <<password,password>>
|
|
237
|
-
* There is no default value for this setting.
|
|
238
|
-
|
|
239
|
-
Set the keystore password
|
|
240
212
|
|
|
241
213
|
[id="plugins-{type}s-{plugin}-password"]
|
|
242
214
|
===== `password`
|
|
@@ -314,16 +286,6 @@ specify a target field for the client host of the http request
|
|
|
314
286
|
|
|
315
287
|
specify target field for the client host of the http request
|
|
316
288
|
|
|
317
|
-
[id="plugins-{type}s-{plugin}-ssl"]
|
|
318
|
-
===== `ssl`
|
|
319
|
-
deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_enabled>>]
|
|
320
|
-
|
|
321
|
-
* Value type is <<boolean,boolean>>
|
|
322
|
-
* Default value is `false`
|
|
323
|
-
|
|
324
|
-
Events are, by default, sent in plain text. You can
|
|
325
|
-
enable encryption by setting `ssl` to true and configuring
|
|
326
|
-
the `ssl_certificate` and `ssl_key` options.
|
|
327
289
|
|
|
328
290
|
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
|
329
291
|
===== `ssl_certificate`
|
|
@@ -473,22 +435,6 @@ NOTE: You cannot use this setting and <<plugins-{type}s-{plugin}-ssl_certificate
|
|
|
473
435
|
|
|
474
436
|
The format of the truststore file. It must be either `jks` or `pkcs12`.
|
|
475
437
|
|
|
476
|
-
[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
|
|
477
|
-
===== `ssl_verify_mode`
|
|
478
|
-
deprecated[3.7.0, Replaced by <<plugins-{type}s-{plugin}-ssl_client_authentication>>]
|
|
479
|
-
|
|
480
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
|
481
|
-
* Default value is `"none"`
|
|
482
|
-
|
|
483
|
-
By default the server doesn't do any client verification.
|
|
484
|
-
|
|
485
|
-
`peer` will make the server ask the client to provide a certificate.
|
|
486
|
-
If the client provides a certificate, it will be validated.
|
|
487
|
-
|
|
488
|
-
`force_peer` will make the server ask the client to provide a certificate.
|
|
489
|
-
If the client doesn't provide a certificate, the connection will be closed.
|
|
490
|
-
|
|
491
|
-
This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> and a defined list of CAs.
|
|
492
438
|
|
|
493
439
|
[id="plugins-{type}s-{plugin}-threads"]
|
|
494
440
|
===== `threads`
|
|
@@ -498,23 +444,6 @@ This option needs to be used with <<plugins-{type}s-{plugin}-ssl_certificate_aut
|
|
|
498
444
|
|
|
499
445
|
Number of threads to use for both accepting connections and handling requests
|
|
500
446
|
|
|
501
|
-
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
|
502
|
-
===== `tls_max_version`
|
|
503
|
-
deprecated[3.6.0]
|
|
504
|
-
|
|
505
|
-
* Value type is <<number,number>>
|
|
506
|
-
|
|
507
|
-
The maximum TLS version allowed for the encrypted connections.
|
|
508
|
-
The value must be the one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
|
|
509
|
-
|
|
510
|
-
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
|
511
|
-
===== `tls_min_version`
|
|
512
|
-
deprecated[3.6.0]
|
|
513
|
-
|
|
514
|
-
* Value type is <<number,number>>
|
|
515
|
-
|
|
516
|
-
The minimum TLS version allowed for the encrypted connections.
|
|
517
|
-
The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLSv1.3
|
|
518
447
|
|
|
519
448
|
[id="plugins-{type}s-{plugin}-user"]
|
|
520
449
|
===== `user`
|
|
@@ -524,15 +453,24 @@ The value must be one of the following: 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 fo
|
|
|
524
453
|
|
|
525
454
|
Username for basic authorization
|
|
526
455
|
|
|
527
|
-
[id="plugins-{type}s-{plugin}-
|
|
528
|
-
|
|
529
|
-
deprecated[3.6.0, Replaced by <<plugins-{type}s-{plugin}-ssl_verify_mode>>]
|
|
530
|
-
|
|
531
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
|
532
|
-
* Default value is `"none"`
|
|
456
|
+
[id="plugins-{type}s-{plugin}-obsolete-options"]
|
|
457
|
+
==== HTTP Input Obsolete Configuration Options
|
|
533
458
|
|
|
534
|
-
|
|
459
|
+
WARNING: As of version `4.0.0` of this plugin, some configuration options have been replaced.
|
|
460
|
+
The plugin will fail to start if it contains any of these obsolete options.
|
|
535
461
|
|
|
462
|
+
[cols="<,<",options="header",]
|
|
463
|
+
|=======================================================================
|
|
464
|
+
|Setting|Replaced by
|
|
465
|
+
| cipher_suites |<<plugins-{type}s-{plugin}-ssl_cipher_suites>>
|
|
466
|
+
| keystore |<<plugins-{type}s-{plugin}-ssl_keystore_path>>
|
|
467
|
+
| keystore_password |<<plugins-{type}s-{plugin}-ssl_keystore_password>>
|
|
468
|
+
| ssl |<<plugins-{type}s-{plugin}-ssl_enabled>>
|
|
469
|
+
| ssl_verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
|
|
470
|
+
| tls_max_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
|
471
|
+
| tls_min_version |<<plugins-{type}s-{plugin}-ssl_supported_protocols>>
|
|
472
|
+
| verify_mode |<<plugins-{type}s-{plugin}-ssl_client_authentication>>
|
|
473
|
+
|=======================================================================
|
|
536
474
|
|
|
537
475
|
[id="plugins-{type}s-{plugin}-common-options"]
|
|
538
476
|
include::{include_path}/{type}.asciidoc[]
|
data/lib/logstash/inputs/http.rb
CHANGED
|
@@ -55,11 +55,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
55
55
|
# Password for basic authorization
|
|
56
56
|
config :password, :validate => :password, :required => false
|
|
57
57
|
|
|
58
|
-
# Events are by default sent in plain text. You can
|
|
59
|
-
# enable encryption by setting `ssl` to true and configuring
|
|
60
|
-
# the `ssl_certificate` and `ssl_key` options.
|
|
61
|
-
config :ssl, :validate => :boolean, :default => false, :deprecated => "Set 'ssl_enabled' instead."
|
|
62
|
-
|
|
63
58
|
# Events are by default sent in plain text. You can
|
|
64
59
|
# enable encryption by setting `ssl` to true and configuring
|
|
65
60
|
# the `ssl_certificate` and `ssl_key` options.
|
|
@@ -108,17 +103,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
108
103
|
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
109
104
|
config :ssl_client_authentication, :validate => %w[none optional required], :default => 'none'
|
|
110
105
|
|
|
111
|
-
# By default the server doesn't do any client verification.
|
|
112
|
-
#
|
|
113
|
-
# `peer` will make the server ask the client to provide a certificate.
|
|
114
|
-
# If the client provides a certificate, it will be validated.
|
|
115
|
-
#
|
|
116
|
-
# `force_peer` will make the server ask the client to provide a certificate.
|
|
117
|
-
# If the client doesn't provide a certificate, the connection will be closed.
|
|
118
|
-
#
|
|
119
|
-
# This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
|
120
|
-
config :ssl_verify_mode, :validate => ["none", "peer", "force_peer"], :default => "none", :deprecated => "Set 'ssl_client_authentication' instead."
|
|
121
|
-
|
|
122
106
|
# Time in milliseconds for an incomplete ssl handshake to timeout
|
|
123
107
|
config :ssl_handshake_timeout, :validate => :number, :default => 10000
|
|
124
108
|
|
|
@@ -150,25 +134,15 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
150
134
|
|
|
151
135
|
config :response_code, :validate => [200, 201, 202, 204], :default => 200
|
|
152
136
|
|
|
153
|
-
#
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
config :
|
|
157
|
-
|
|
158
|
-
|
|
159
|
-
config :
|
|
160
|
-
|
|
161
|
-
config :
|
|
162
|
-
|
|
163
|
-
config :cipher_suites, :validate => :array, :default => [], :deprecated => "Set 'ssl_cipher_suites' instead."
|
|
164
|
-
|
|
165
|
-
# The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
|
166
|
-
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
|
167
|
-
config :tls_min_version, :validate => :number, :default => TLS.min.version, :deprecated => "Set 'ssl_supported_protocols' instead."
|
|
168
|
-
|
|
169
|
-
# The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
|
170
|
-
# 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2, 1.3 for TLS 1.3
|
|
171
|
-
config :tls_max_version, :validate => :number, :default => TLS.max.version, :deprecated => "Set 'ssl_supported_protocols' instead."
|
|
137
|
+
# Obsolete Settings
|
|
138
|
+
config :ssl, :obsolete => "Set 'ssl_enabled' instead."
|
|
139
|
+
config :keystore, :obsolete => "Set 'ssl_keystore_path' instead."
|
|
140
|
+
config :keystore_password, :validate => :password, :obsolete => "Set 'ssl_keystore_password' instead."
|
|
141
|
+
config :verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
|
|
142
|
+
config :cipher_suites, :obsolete => "Set 'ssl_cipher_suites' instead."
|
|
143
|
+
config :tls_min_version, :obsolete => "Set 'ssl_supported_protocols' instead."
|
|
144
|
+
config :tls_max_version, :obsolete => "Set 'ssl_supported_protocols' instead."
|
|
145
|
+
config :ssl_verify_mode, :obsolete => "Set 'ssl_client_authentication' instead."
|
|
172
146
|
|
|
173
147
|
attr_reader :codecs
|
|
174
148
|
|
|
@@ -200,8 +174,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
200
174
|
public
|
|
201
175
|
def register
|
|
202
176
|
|
|
203
|
-
setup_ssl_params!
|
|
204
|
-
|
|
205
177
|
validate_ssl_settings!
|
|
206
178
|
|
|
207
179
|
if @user && @password
|
|
@@ -342,34 +314,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
342
314
|
end
|
|
343
315
|
|
|
344
316
|
def setup_ssl_params!
|
|
345
|
-
@ssl_enabled = normalize_config(:ssl_enabled) do |normalizer|
|
|
346
|
-
normalizer.with_deprecated_alias(:ssl)
|
|
347
|
-
end
|
|
348
|
-
|
|
349
|
-
@ssl_cipher_suites = normalize_config(:ssl_cipher_suites) do |normalizer|
|
|
350
|
-
normalizer.with_deprecated_alias(:cipher_suites)
|
|
351
|
-
end
|
|
352
|
-
|
|
353
|
-
@ssl_supported_protocols = normalize_config(:ssl_supported_protocols) do |normalizer|
|
|
354
|
-
normalizer.with_deprecated_mapping(:tls_min_version, :tls_max_version) do |tls_min_version, tls_max_version|
|
|
355
|
-
TLS.get_supported(tls_min_version..tls_max_version).map(&:name)
|
|
356
|
-
end
|
|
357
|
-
end
|
|
358
|
-
|
|
359
|
-
@ssl_client_authentication = normalize_config(:ssl_client_authentication) do |normalizer|
|
|
360
|
-
normalizer.with_deprecated_mapping(:verify_mode, :ssl_verify_mode) do |verify_mode, ssl_verify_mode|
|
|
361
|
-
normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
|
|
362
|
-
end
|
|
363
|
-
end
|
|
364
|
-
|
|
365
|
-
@ssl_keystore_path = normalize_config(:ssl_keystore_path) do |normalizer|
|
|
366
|
-
normalizer.with_deprecated_alias(:keystore)
|
|
367
|
-
end
|
|
368
|
-
|
|
369
|
-
@ssl_keystore_password = normalize_config(:ssl_keystore_password) do |normalizer|
|
|
370
|
-
normalizer.with_deprecated_alias(:keystore_password)
|
|
371
|
-
end
|
|
372
|
-
|
|
373
317
|
params['ssl_enabled'] = @ssl_enabled unless @ssl_enabled.nil?
|
|
374
318
|
params['ssl_cipher_suites'] = @ssl_cipher_suites unless @ssl_cipher_suites.nil?
|
|
375
319
|
params['ssl_supported_protocols'] = @ssl_supported_protocols unless @ssl_supported_protocols.nil?
|
|
@@ -378,17 +322,6 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
378
322
|
params['ssl_keystore_password'] = @ssl_keystore_password unless @ssl_keystore_password.nil?
|
|
379
323
|
end
|
|
380
324
|
|
|
381
|
-
def normalize_ssl_client_authentication_value!(verify_mode, ssl_verify_mode)
|
|
382
|
-
verify_mode_explicitly_set = original_params.key?("verify_mode")
|
|
383
|
-
|
|
384
|
-
if verify_mode_explicitly_set && original_params.key?("ssl_verify_mode")
|
|
385
|
-
raise LogStash::ConfigurationError, "Both (deprecated) `ssl_verify_mode` and `verify_mode` were set. Use only `ssl_verify_mode`"
|
|
386
|
-
end
|
|
387
|
-
|
|
388
|
-
deprecated_value = (verify_mode_explicitly_set ? verify_mode : ssl_verify_mode).downcase
|
|
389
|
-
SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP[deprecated_value]
|
|
390
|
-
end
|
|
391
|
-
|
|
392
325
|
def create_http_server(message_handler)
|
|
393
326
|
org.logstash.plugins.inputs.http.NettyHttpServer.new(
|
|
394
327
|
@host, @port, message_handler, build_ssl_params, @threads, @max_pending_requests, @max_content_length, @response_code)
|
|
@@ -467,13 +400,7 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
|
|
|
467
400
|
end
|
|
468
401
|
|
|
469
402
|
def provided_ssl_client_authentication_config(values = [@ssl_client_authentication])
|
|
470
|
-
if original_params.include?('ssl_verify_mode')
|
|
471
|
-
['ssl_verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
|
|
472
|
-
elsif original_params.include?('verify_mode')
|
|
473
|
-
['verify_mode', *values.map { |v| SSL_VERIFY_MODE_TO_CLIENT_AUTHENTICATION_MAP.key(v) }]
|
|
474
|
-
else
|
|
475
403
|
['ssl_client_authentication', *values]
|
|
476
|
-
end
|
|
477
404
|
end
|
|
478
405
|
|
|
479
406
|
private
|
|
@@ -8,4 +8,4 @@ require_jar('io.netty', 'netty-common', '4.1.115.Final')
|
|
|
8
8
|
require_jar('io.netty', 'netty-transport', '4.1.115.Final')
|
|
9
9
|
require_jar('io.netty', 'netty-handler', '4.1.115.Final')
|
|
10
10
|
require_jar('io.netty', 'netty-transport-native-unix-common', '4.1.115.Final')
|
|
11
|
-
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '
|
|
11
|
+
require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '4.0.0')
|
data/logstash-input-http.gemspec
CHANGED
|
@@ -22,7 +22,6 @@ Gem::Specification.new do |s|
|
|
|
22
22
|
# Gem dependencies
|
|
23
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
24
24
|
s.add_runtime_dependency 'logstash-codec-plain'
|
|
25
|
-
s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
|
|
26
25
|
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
|
|
27
26
|
s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
|
|
28
27
|
|
|
@@ -41,5 +41,8 @@ openssl pkcs12 -export -in client_from_root.crt -inkey client_from_root.key -out
|
|
|
41
41
|
# use java keytool to convert all pkcs12 keystores to jks-format keystores (pass:12345678)
|
|
42
42
|
keytool -importkeystore -srckeystore client_from_root.p12 -srcstoretype pkcs12 -srcstorepass 12345678 -destkeystore client_from_root.jks -deststorepass 12345678 -alias client_from_root
|
|
43
43
|
|
|
44
|
+
# create pkcs8 version of root key
|
|
45
|
+
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in root.key -out root.key.pkcs8
|
|
46
|
+
|
|
44
47
|
# cleanup csr, we don't need them
|
|
45
48
|
rm -rf *.csr
|
|
@@ -1,35 +1,35 @@
|
|
|
1
1
|
-----BEGIN CERTIFICATE-----
|
|
2
2
|
MIIGATCCA+mgAwIBAgIBBDANBgkqhkiG9w0BAQsFADBRMQswCQYDVQQGEwJMUzEL
|
|
3
3
|
MAkGA1UECAwCTkExEzARBgNVBAcMCkh0dHAgSW5wdXQxETAPBgNVBAoMCExvZ3N0
|
|
4
|
-
|
|
5
|
-
|
|
4
|
+
YXNoMQ0wCwYDVQQDDARyb290MB4XDTI0MTIwMzIzNTQzNVoXDTI3MTIwNDIzNTQz
|
|
5
|
+
NVowUzELMAkGA1UEBhMCTFMxCzAJBgNVBAgMAk5BMRMwEQYDVQQHDApIdHRwIElu
|
|
6
6
|
cHV0MREwDwYDVQQKDAhMb2dzdGFzaDEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkq
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
7
|
+
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvNGWMOYl/etQBVwxlaH5DSEXA5HuD0iG
|
|
8
|
+
lTnOmy/gX1AUCnf/s3oUIu9AnmdvZMuVGwDBrFItKU+fTWTmkusoBa9Ih1UZgYqd
|
|
9
|
+
8ZQi5+cPRaK7M/+vpPgZ6OSp6gONc65tMPqB0KGMjBm5se8eXJV6eOAxu7rT3Ylu
|
|
10
|
+
DlXTDRVP4gO4/JwidHO8l+JKz4SZng/cqw2WftdCZJygadQwUOCLba1CIQqs0IwP
|
|
11
|
+
tIcjVYxYoQQD3qtahAmsVaZU+H78gRm2wNJHoeb+OGTnlSaG5WLnIPBdycfynMoc
|
|
12
|
+
EZ3u4uYC4x/OGLpzrXCg6kULf/siM2nInHR0CZAalmLtvfXXvSZ44+Ux9uhDxAhh
|
|
13
|
+
UPzE0ntAVqoP7MoUnFbOaoVHBGzKy/Iqw3P4YaxymxPZW3Ya3jqN9cLo/4P+/kOF
|
|
14
|
+
AEMRwvj6LHIq0Q1wOWYXuZXGXCeBik+EpCtDWxzNimyit17DfZCx4IZA9hqhvxld
|
|
15
|
+
n92pkW8f57G/akTB5C5Q9OFpiluEA26CQiGav7wMZVwHLujtOLrzymPfhAyjmIB/
|
|
16
|
+
N7WKMuYSXKgC95T5IkNv660rE1+4rZ7PazvgPTx0hgzg+S5wxc0KtDUJgWs/gtkG
|
|
17
|
+
5fwloNnnDTHTtpr569fCdJoas3fEcyDxvrFumIiOymE7P2ffNO/nRiBSNSa9A2Oq
|
|
18
|
+
gxURnCZjXgUCAwEAAaOB4TCB3jAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIF
|
|
19
19
|
oDAzBglghkgBhvhCAQ0EJhYkT3BlblNTTCBHZW5lcmF0ZWQgQ2xpZW50IENlcnRp
|
|
20
|
-
|
|
21
|
-
|
|
20
|
+
ZmljYXRlMB0GA1UdDgQWBBQ7nE3b49NUrz6Pt0Stbks/331++TAfBgNVHSMEGDAW
|
|
21
|
+
gBTimcFV2onYOhvPHoNcBGb4oovAvDAOBgNVHQ8BAf8EBAMCBeAwHQYDVR0lBBYw
|
|
22
22
|
FAYIKwYBBQUHAwIGCCsGAQUFBwMEMBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAA
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
23
|
+
ATANBgkqhkiG9w0BAQsFAAOCAgEAeQaNjo5b8qjtkUSj3ragLlIbZHZviOWWtJsA
|
|
24
|
+
bpqw2Tyf6Mn9uSESoViAdy8bnGxpuk5FgIydJ9LRnOebjDxB/adYyf0+NJxsMiwq
|
|
25
|
+
z4ROVZLa3xPkL18GVPAg+3nlPiI8uUKNOJIglzO1ueOU30Vc9KG9bQIRbsKMX06H
|
|
26
|
+
JHkPFPRRxtHcUCUggibQcKHoSmgNkBVPVbCTbupYQ6WMt+oKpGjc/mSa7vZNXiYL
|
|
27
|
+
qa0qVmczo2KWXuvTZ0DQQbEZL0lDTVOA0WI+wxAotd4h3w0x5J4mAgic+5GyVuRD
|
|
28
|
+
XInsDyG7RBnUr+hH+eeZ8z+SzTEy8isVOsAdgjyh/bKUHmiRQPgcVxUpnJz/DzrQ
|
|
29
|
+
mLOZ9YSwVJ9pc7MYnvjJqbAkM2+m8BEb6UgspQmcd3NY6sXS1JYfNmxwyqvYjLEQ
|
|
30
|
+
ylOo2oEDRKrPtmAQ6w7wuItVUvnczXtuRjpN5uR5+9GvWKm+Wxru3v9EFkz79oUj
|
|
31
|
+
uA9/CXoFNWBFTunDsHP482ty9rLjP3iMLbh9JpZJ01uSsehGNFQVhfEsuSxa9oEJ
|
|
32
|
+
6lk40tR2C/vQXMvKt9AAJ1H1t9JAc2idj29p6mUia3YwE91WiYJElgHM7b3o7zGu
|
|
33
|
+
YDA+VNda80FvUm42iqpNz+21nYULtasJ0WUrg2RrFnPXEykr4kX0kQV2wbTnW0YE
|
|
34
|
+
udpNeRQ=
|
|
35
35
|
-----END CERTIFICATE-----
|
|
Binary file
|
|
@@ -1,51 +1,52 @@
|
|
|
1
|
-
-----BEGIN
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
1
|
+
-----BEGIN PRIVATE KEY-----
|
|
2
|
+
MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQC80ZYw5iX961AF
|
|
3
|
+
XDGVofkNIRcDke4PSIaVOc6bL+BfUBQKd/+zehQi70CeZ29ky5UbAMGsUi0pT59N
|
|
4
|
+
ZOaS6ygFr0iHVRmBip3xlCLn5w9Forsz/6+k+Bno5KnqA41zrm0w+oHQoYyMGbmx
|
|
5
|
+
7x5clXp44DG7utPdiW4OVdMNFU/iA7j8nCJ0c7yX4krPhJmeD9yrDZZ+10JknKBp
|
|
6
|
+
1DBQ4IttrUIhCqzQjA+0hyNVjFihBAPeq1qECaxVplT4fvyBGbbA0keh5v44ZOeV
|
|
7
|
+
JoblYucg8F3Jx/KcyhwRne7i5gLjH84YunOtcKDqRQt/+yIzacicdHQJkBqWYu29
|
|
8
|
+
9de9Jnjj5TH26EPECGFQ/MTSe0BWqg/syhScVs5qhUcEbMrL8irDc/hhrHKbE9lb
|
|
9
|
+
dhreOo31wuj/g/7+Q4UAQxHC+PoscirRDXA5Zhe5lcZcJ4GKT4SkK0NbHM2KbKK3
|
|
10
|
+
XsN9kLHghkD2GqG/GV2f3amRbx/nsb9qRMHkLlD04WmKW4QDboJCIZq/vAxlXAcu
|
|
11
|
+
6O04uvPKY9+EDKOYgH83tYoy5hJcqAL3lPkiQ2/rrSsTX7itns9rO+A9PHSGDOD5
|
|
12
|
+
LnDFzQq0NQmBaz+C2Qbl/CWg2ecNMdO2mvnr18J0mhqzd8RzIPG+sW6YiI7KYTs/
|
|
13
|
+
Z9807+dGIFI1Jr0DY6qDFRGcJmNeBQIDAQABAoICAAYJYFcfYIsR7RzCwg4R39vA
|
|
14
|
+
2VLCpV0FOVJHhxi0iuSZM47TH9Bt4HtucT8vOOM80/9JQqfe97Uop8PqbCm5zW2D
|
|
15
|
+
GVtER/y5gQuya/xEiZs1FO2YaNXqHa/xsZH6+5h9dN26QJC6PXtULjjnV23n1ILN
|
|
16
|
+
TiG9mxzr0iIwsb7rFcL40f73ge19rsOfVztztpKUWL56QHu9J5D+Ze2EPGg1iZef
|
|
17
|
+
0KusQvKm67Cemm1Xf5TkQzho+4uZoJIbb3+DVdDN0OcwwdwF/c4xQasl0G3Af/mw
|
|
18
|
+
XZtAInxLROL2TOchqel3gJgPS/f5UBe1TeURUxpYMTL5USVmH0d8EbQ/Sh6wvnAi
|
|
19
|
+
ttORnIoMEfU4dy6XcV/xjK9nNAfGSwQgOnGdjbTAtamQieoQgjVzSL/+TTRN7onZ
|
|
20
|
+
97mdfyym50sY5PqxfgtzO11OQ7b6PnRmxw7uci1WPcP+JBaKkiL12ObraUG2+320
|
|
21
|
+
Yfw9nZqxblFag7ByttAroghRmKzGUS6+tamlMhh1DMk5/9uXS3lUaD6vJIJ87gCf
|
|
22
|
+
D8hZPpfqYFzZ22oQu9sJEfwigRiAa57a86Adymo1o5T9fiwVyEMIzx1X7oR3Gy9h
|
|
23
|
+
UsmyU4sAI3aAwQyh2w6GRgaAzS6iNCEMqNjgpQ+/z4IJMW8XB527jSqdGN0hj3ab
|
|
24
|
+
xKtUPmdqOjLvkr2vuFopAoIBAQDmJUn/MvlbkDj8Ov7+K6HOYVcl+lAADuLhxF5h
|
|
25
|
+
S40FgN5I4CrGoHTNaGmNDUKNER74qE5ie3g/P2IuN1mmmLjAq9kywo8LmmZGI7JT
|
|
26
|
+
sC6UIVrzgKURLiY7ZqybuM/HgB0lHwaGCbtcBJzhWExywZ+jBAWxpFxzmlbBN9jx
|
|
27
|
+
wgLTe+hXB7wDirx4FzNzyzsWq/flFHf8EAdZsoc0V1yiP3x/0GBX59XQAd3/EfgC
|
|
28
|
+
VO4VEZWjJKAF11Ft20U7c7yHckOZ+VOCPxNEJm/sH1dPV0xjqSVzurUb/UNecqK3
|
|
29
|
+
84xQECkSk1R3kLQ0mTcuz8LnMr2BQbvJu7UPX6RLduzhIBJNAoIBAQDSB8i+p9GY
|
|
30
|
+
cUSrLR09fV5VJRNRZOxLp762aMu89NaXkyqiYGFddsNXALfeN0oa64fzsXxKgC0H
|
|
31
|
+
XRtTICqGL9p5lxgnxazNWRyLqWs9VqdnEgHIqFQJZtFVJF4NF6z+OfUAGPiUNzWd
|
|
32
|
+
o+9dkYLCmxSoC2WY80Vycsywn5zXyHWTgvET5zeBwut2i7DhNXZ0qWCs/UZH3tdw
|
|
33
|
+
n8KXV4/XB/YBhln3TfX5qVa0fAETWBRyhaVTb7MW3Z4OCUISGbsXZIO53OQwwPvi
|
|
34
|
+
Z7qcOJQk+bLlvbsc9gkFadS8uRMaLSlMUFRxYNYbmNuo33gT+yqBl4aL6LkHwVr1
|
|
35
|
+
fx0Ba15sBSaZAoIBAHtltPY7G44nlxZOf5hCRsCEWpjHTIurb6TDiCM8wgEYZpbG
|
|
36
|
+
cskLEXVtLWLuoCdI7cU/YL/XGdM3penHza7QpgbQXWWlAdOj1oB29U9/4ImWFNEI
|
|
37
|
+
wfijOOaSl6vq/KUoIPhdWT8XCrk80+zTTjIddP2P04m66cMmFqwEyLJfZuqDvkCj
|
|
38
|
+
qgBwK7tsHS9R4X23ePP/9JFW+snyOiIrUUTBK3zQekfHy1F7Hs97j/GYHgt34TaX
|
|
39
|
+
FaHsIAH6FnXZCVXKQ0rUbx0furHItivxZfvpf9DTyXvyuNaoBa4nYu2kjTAEajFG
|
|
40
|
+
g3yUPrsRB5B23zbdctRSLWDt3xe+HTZFLp9KdeUCggEAEJZ8zFIEw71uZvaRMKIO
|
|
41
|
+
KTtcYzlNUExXS6DLNok/yYjd/SUPi4ots1ljLDHBsI6Zli2WW2v0InjAB7iqox50
|
|
42
|
+
atX8GmgKVc2L65vd1GJbplBNw8NHn9Z3Afp1UyNjjlCVgQR33XzexyyDYyhy41vM
|
|
43
|
+
Ldl4lLPh8EAQ2oJAqOo0Hwpgb+n7AEycvCgcOC04xc36zK7UNijrawGzJLDNs3X1
|
|
44
|
+
f/lUcau+mZE+P9LrYtO6CbF0dTqFMnEeYo1oonVVyWsu3CcN/qu/OQpoOp5dVO5D
|
|
45
|
+
qtFpTchAviS1oJIdaBvY/yX5BVtYjaVs89FycmGL4eBNyA8BThN/U5ROfiY0tuNR
|
|
46
|
+
QQKCAQBRG/+oSf2w7GK1BgdvQPOLdtzph8ppiBpOkQwZyb1Q/lJN1HVjS3SGnOMW
|
|
47
|
+
en3R9wEVNb37IQYy2dpsDWn9Ioa73lktT5mG/+7resEZVO21gVLfav9cIFwIpCyJ
|
|
48
|
+
t3r+J2/7Cq2EZbBsyfqzVb7hcloxMO8WajQfLvD6e0IBUF/BASF/H4KWpCxHbYd4
|
|
49
|
+
qwhOEGL1TZPXamj/Hh+OIQ2bjVRNcoyXDv286YKcDhW3Pcg7jwdBjIWH61n+1y3P
|
|
50
|
+
CENjhxlTvlQ04QKyKdApAaaKkPFkde7+y4z9Lx6xXO0Z6lQcaT19kUUnrvMDRTSo
|
|
51
|
+
NPBWUAWkeuCzFYeJ1YIV3tMD+QiU
|
|
52
|
+
-----END PRIVATE KEY-----
|