logstash-input-http 3.2.0-java → 3.2.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dd4ab63a8da778ab6b98669f405773f04defba698bef77a3430d0ea4eb778cf0
-  data.tar.gz: 8bc8d4d7909fa768424d63142198644bb97e6b8ea44bef779288267d48044052
+  metadata.gz: fb71407dd95cdf4ed3a00e3a3052eb9ca98228aab5c4b0d5d850fab30f398612
+  data.tar.gz: 606cb730cbef12485216a22c367fe7e07c0f1f12b4e7e3d2227cb6ef32012a9e
 SHA512:
-  metadata.gz: 91ee9ad30eaf383efbf38b2f8a6720a3a9bba045ed7dda602734600dfa63b6d7c532bbee12b078a6c1444632e7edb3afe19569d72e9f2f4e94405092849d4a6c
-  data.tar.gz: b09f089df723d4240a6a89d8c78cb46c54a914784d8a15491604be7b31238c4f668044ea15f3cceb74e557f70678783ff0b4c9444ba8d61c56d55f0f8bd844c8
+  metadata.gz: 77dda823940c35650a14743778fda13e12abbfad0b718d386b410598dc187ee7aa6f0b08a665d95dfc507237c9d0f5ef878ec92394cf4a91e87544860da83da1
+  data.tar.gz: add1951942163b0908a6b0288f0945bc3a412e2eff9bd0819ef988b972031a9211304a4c58475ef04ee062f93cc649a7afcfe0fe352b82eb28792bffd5fdb2d1

data/CHANGELOG.md

@@ -1,3 +1,6 @@
+## 3.2.1
+  - Fix expensive SslContext creation per connection #93
+
 ## 3.2.0
   - Add `request_headers_target_field` and `remote_host_target_field` configuration options with default to `host` and `headers` respectively #68
   - Sanitize content-type header with getMimeType #87

data/VERSION

@@ -1 +1 @@
-3.2.0
+3.2.1

data/lib/logstash-input-http_jars.rb

@@ -4,4 +4,4 @@ require 'jar_dependencies'
 require_jar('io.netty', 'netty-all', '4.1.18.Final')
 require_jar('io.netty', 'netty-tcnative-boringssl-static', '2.0.7.Final')
 require_jar('org.apache.logging.log4j', 'log4j-api', '2.6.2')
-require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.2.0')
+require_jar('org.logstash.plugins.input.http', 'logstash-input-http', '3.2.1')

data/lib/logstash/inputs/http.rb

@@ -212,37 +212,33 @@ class LogStash::Inputs::Http < LogStash::Inputs::Base
   def build_ssl_params
     return nil unless @ssl
 
+    ssl_builder = nil
+    verify_mode_string = nil
+
     if @keystore && @keystore_password
       ssl_builder = org.logstash.plugins.inputs.http.util.JksSslBuilder.new(@keystore, @keystore_password.value)
-      if original_params.key?("verify_mode")
-        if @verify_mode.upcase == "FORCE_PEER"
-          ssl_builder.setVerifyMode(org.logstash.plugins.inputs.http.util.SslBuilder::SslClientVerifyMode::FORCE_PEER)
-        elsif @verify_mode.upcase == "PEER"
-          ssl_builder.setVerifyMode(org.logstash.plugins.inputs.http.util.SslBuilder::SslClientVerifyMode::VERIFY_PEER)
-        end
+      verify_mode_string = @verify_mode.upcase if original_params.key?("verify_mode")
+    else
+      begin
+        ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
+        .setCipherSuites(normalized_ciphers)
+      rescue java.lang.IllegalArgumentException => e
+        raise LogStash::ConfigurationError.new(e)
       end
-      return ssl_builder
-    end
 
-    begin
-      ssl_builder = org.logstash.plugins.inputs.http.util.SslSimpleBuilder.new(@ssl_certificate, @ssl_key, @ssl_key_passphrase.nil? ? nil : @ssl_key_passphrase.value)
-      .setProtocols(convert_protocols)
-      .setCipherSuites(normalized_ciphers)
-    rescue java.lang.IllegalArgumentException => e
-      raise LogStash::ConfigurationError.new(e)
+      if client_authentication?
+        verify_mode_string = @ssl_verify_mode.upcase
+        ssl_builder.setCertificateAuthorities(@ssl_certificate_authorities)
+      end
     end
 
-    ssl_builder.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
+    ssl_context = ssl_builder.build()
+    ssl_handler_provider = org.logstash.plugins.inputs.http.util.SslHandlerProvider.new(ssl_context)
+    ssl_handler_provider.setVerifyMode(verify_mode_string)
+    ssl_handler_provider.setProtocols(convert_protocols)
+    ssl_handler_provider.setHandshakeTimeoutMilliseconds(@ssl_handshake_timeout)
 
-    if client_authentication?
-      if @ssl_verify_mode.upcase == "FORCE_PEER"
-        ssl_builder.setVerifyMode(org.logstash.plugins.inputs.http.util.SslBuilder::SslClientVerifyMode::FORCE_PEER)
-      elsif @ssl_verify_mode.upcase == "PEER"
-        ssl_builder.setVerifyMode(org.logstash.plugins.inputs.http.util.SslBuilder::SslClientVerifyMode::VERIFY_PEER)
-      end
-      ssl_builder.setCertificateAuthorities(@ssl_certificate_authorities)
-    end
-    ssl_builder
+    ssl_handler_provider
   end
 
   def ssl_key_configured?

data/spec/inputs/http_spec.rb

@@ -361,6 +361,7 @@ describe LogStash::Inputs::Http do
                                            "ssl_certificate" => ssl_certificate.path,
                                            "ssl_key" => ssl_key.path) }
       it "should not raise exception" do
+        expect(subject).to receive(:build_ssl_params)
         expect { subject.register }.to_not raise_exception
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-http
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.2.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-05-10 00:00:00.000000000 Z
+date: 2018-08-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -141,7 +141,7 @@ files:
 - vendor/jar-dependencies/io/netty/netty-all/4.1.18.Final/netty-all-4.1.18.Final.jar
 - vendor/jar-dependencies/io/netty/netty-tcnative-boringssl-static/2.0.7.Final/netty-tcnative-boringssl-static-2.0.7.Final.jar
 - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.6.2/log4j-api-2.6.2.jar
-- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.2.0/logstash-input-http-3.2.0.jar
+- vendor/jar-dependencies/org/logstash/plugins/input/http/logstash-input-http/3.2.1/logstash-input-http-3.2.1.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)