logstash-input-tcp 6.0.10-java → 6.2.1-java

data/spec/fixtures/encrypted_des.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUHQzJgyMCU0MIRFQe/tf7VKuisH8wDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTAxMFoXDTI0MTIwNzEyMTAx
+MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+APJeOzK15pLZ1c3dyCJpNw2Uupj0LrFXmoOT5beHgdvD9JY49lgdISSU8utJHoNw
+pTZx4akFd1WylBO8TRoqCvsCAwEAATANBgkqhkiG9w0BAQsFAANBAL1WWmNOIyms
+1I+bW2bnljtomnwEIAto6eLjjikZf/96hUghYFrRSO21rE2R5HxVyrGTz8G4N3Qv
+vqHZ0vqwxVc=
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted_des.key

@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,C64C0A139C862F09
+
+fObfzXEWxU9j6m2ijcVE2DngVLwTGmXo9G5Se8LjHTRhIwexPayiPoZs/rspeIrE
+1UPG5UONa7AmzK/YFjcvhhslyY+xK0Vd68Z/eZvXI7ZlyO+AVxFb/JcxGXgOC7wr
+hEBFoM+h27Y2S+zQZjKms4vD5gxfbaQqabvqXLQgD/m7eXUtI8Nizcevm2fXREDE
+WmBOeD+KUj2IQtFsDGtuKDBnJGCR7oDQ0iynaf1sR0Ebvyx3LrkEDSPVGS8kO1Gl
+ahiwNnwPp3YTAqyV8l2TctFFAH5ozvsDsSB3IttiqrenKkyqjtnCTTUzYfS+hz7O
+L5/FBAEzOydup+2ofWbPLPKa/PNWHQ+eiHJihmpa+LOiVrWmTLp2KatsX0rdHwm5
+cywEoFCgpOmb+WErZ3cmAf8NaF15iEm/X7xUiiDDuts=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/encrypted_seed.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFH04gu3GFNPDed+cRH4XlfdiqmdoMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMTIzNDVaFw0yNDEyMDcxMTIz
+NDVaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANf8mFL9tkqzYXonDcjw5vZKQfmNenmZisBHo6Vsi2x76bnoL7Un
+fn5vhpgZiPHX9hdfJGz/69JOrp2GwCtl5CCkxhPZquN4Qh0WJKosh/uc2mB8FFnw
+5qbEHDteixsx62IC6a9ckCTZHp3EVHJUfsAuNFgA3bXwmC9/slXcnRUYbZSVI3iK
+hobK3CmtuzsZvi0len1X6QJsY+O994RkUtccE27ZEE7ss/h3tklj8SB57EH+L+wT
+Y8RRsCBp/Uw+LtNsKGLU1D7F8xZ+/cwDNVwxCBEDnXqxq3tP/OpIuW2DOxteXbld
+R7qPe99xH8z4fgYqXONzlpWqqsl7l3ARxOcCAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAHTVVtumbGuR2s8SXKx+mmmHC7Mc0VJOMDAUZZL9x8/ilB4+i8H/akB8jj/m3
+Kz+84QSUzP/PA6pzA+nWtoofFhJkg9Cz4chychyTrJYk7KXDmr1oJtZRBdOUf6Jb
+AiZ8oFd5BK5s06aPbNPcD4LHYdhbizI0tERX7IOIT+GnLqzwWEqUMIMWVrF2hLOT
+PIU+E2Be8gV7M5CdYRhGA05zhhs686c5au/z/o/4eNAtm6/y+/q3veUU9GH7O1s7
+X70iApYnexB+AbRlLah/1Eq/bKLfgxdvDJlyXlsTXV0ig0D9btFRZeeYMaVpW8iT
+RCHtMk7HpYi+822MDJUKltQKzQ==
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted_seed.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: SEED-CBC,C83A6ABB19E102763677F0502883E0AE
+
+SPFBownCKM7EbFdOV9KdEtc+MmLwJRUM0UcA8X6Zhjd4xK0UP2jDlQ92W2Cvetbe
+8B8E5wSTxZMO43MXxF0HFHS2/1wi98XcDWQfpDRYYCzmjKm7vV+qkwQ962DvD/x2
+eXAfduAY8mPl97HX+inSX7M0/+Lz7uIMEGuihLNuyaAaLD3tOUxjb69/rxsDjWHD
+LElQgQotpdZsvd06xwowdqxYMMq8B+fwwiemZLD5W0eEtBnu43Jlv02COegYeZDm
+o4pApPsyjQ9pv+LFMl4A+k8NrVc87+GU67aFetOR7ojksxSQ/zq7ZdHQic7NhbiK
+Ad/EHQwu1PhXk+clFIZhDvkiyjAyWwbCwOm7F3AK7B2ZioIfQ4Fokoj1hbgXk57G
+YjuY4zTJj9zr02wToOYJ4gpVRT7hrG3NtSeEYny5102CaMyTUejv5833o0b9P/sp
++3O5nk+wR+4H6ELwVq3JnMz6yWkccsjQ7wAEhbc3WVLd0OAqL/9fPusDg6LM+n3W
+IbDmkKYwoUWQBn5KcXUHLRncj4Cpupn/bAsGcHoNqHTidu8sictHQ3iVfrDJpKfb
+VRkpPdarQGkPJ/f7WMS1crxsuPy88NZ6KBwNAjp2E/ZJk0XwWUn1KWcq7Do7rGzv
+cbl6Q2I2ySA/Uzj+pgup2CQi75kCqHTXHlxCE8/5lR7UOPUvDJP/ODMO+h64kWmB
+JcIXVp68cBqLzkbQgg5oiJ34XWXTdcQYK/ljJjRBzh2pTlBhTKabOARYdKaSfG7L
+7KitHI9c9Dhqa0Uhw1/4KPVOaPTa/futBi82x7hrvBsYZKySpseWCW0xERNr0QFX
+5mbM3nnP4aFpNU9wtjgEZEjd7BB+kI9nd7M5BdQWHveAsP6dWPyHYJUSLh6JdQkv
+ti34Ae62sC/iPi2TPlK69nTscUJnOnisMGzhlcUQniweHII9VKytpqfTR7rBPRpB
+Pn4fLAd0hyuhzUUCQwKO1pCcFzv04RuHJXdzTt8MJZzGMyNS4MqxTb0/CABGvF3R
+vUorxeL5jZKNnRG6CegtC4LAFx1rhtMyoEjGftY+sSyLr20R6kjKbxPBxbMaZ1AL
+8/tYF+vrh6HuoNk+mk79sb2vFVbyAluzSkXzq8An9kaiDG8QARRtW047BU9UY5sy
+Gww+e8PNCoAIEJLE2BOLqIiCa911lyA8kfNU8CQtEc9sQZSV8sphlgCtb12DMplH
+7LVAloMODaFiuXscn4Y8gSP3Oa6QYmgfk2ramrh1RdQWORIkq1+fNCVIbZlK7tTb
+TyjrJI9xtU/XoYk0ZIkl274Ku5JPUgZPHL5Zq0SLZhCcGfWeww2fCOwtOaRMPZ67
+CtL0W0UfTGO1bWRoOVKJifqTdYHL9xRLxdT7o946TAjSrYpZnYOg57ldo+9z9Gze
+Ikoxs6OtJi6r39bLXYuLQk2yyhH6y7qCplQDQfFcLWtVGJ/XU5I3J096Fns3/Nbw
+QpHuAyCjhc6h99blQKZDu3/NaIppOwLliLBvNUdii9fMwIBokLFcvt6voYKX6Qw7
+gSD9nQx4X/yJj6zs9B/m9IgNX7lOBaYmtUTeSY4qtkOHFIy8JBuC3yWyeXvDJlQm
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/small.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUWcThKSs0itRx3SVjfBeLTRx8RwMwDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTUxN1oXDTI0MTIwNzEyMTUx
+N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+AMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40vpAZ3WIttq1x
+Gb4+fF81/jDuodfFgu2zm3cCAwEAATANBgkqhkiG9w0BAQsFAANBAHByJqZFOPFr
+OE0BRv7KCd0IMNbVzr99de74jZKx7qBK8soV4ZAUsVX/+Qldtta2+q2WXaMEKHXS
+7xpnYQjSkNs=
+-----END CERTIFICATE-----

data/spec/fixtures/small.key

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40
+vpAZ3WIttq1xGb4+fF81/jDuodfFgu2zm3cCAwEAAQJBALigAUhN5fXuN4xVvxBC
+O3BU0jJbODxt9E8GTzBvJRrRKLVv8eLF7IubPPh+CW2D32JMSj8XZLBjkjj6y5P5
+p8ECIQD9mZbe5iT4SowhlGO0YqyxnN2C1Id+CloUmIoOyNDR0QIhAM3s/uGpjxvD
+6zdJQds5tp4WpFhrQzs5lAf7wFUrRuLHAiByc0OEmycqKzKs4PRSb4nyqpHJvrLb
+bj6TNvhvja+4UQIgCSf6hUomxNNHSCQHu5mrVwgmso/CY4XB4UD+YksUUc0CIAIm
+cjJtX/A4DdaSMwdNp8q8f8MrppQjErltD80oRpxv
+-----END RSA PRIVATE KEY-----

data/spec/inputs/tcp_spec.rb

@@ -15,9 +15,11 @@ java_import "io.netty.handler.ssl.util.SelfSignedCertificate"
 
 require_relative "../spec_helper"
 
+require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
+
 #Cabin::Channel.get(LogStash).subscribe(STDOUT)
 #Cabin::Channel.get(LogStash).level = :debug
-describe LogStash::Inputs::Tcp do
+describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
 
   def get_port
     begin
@@ -52,160 +54,176 @@ describe LogStash::Inputs::Tcp do
     end
   end
 
-  it "should read plain with unicode" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
+  ecs_compatibility_matrix(:disabled,:v1, :v8 => :v1) do |ecs_select|
+    before(:each) do
+      allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+    end
+
+    it "should read plain with unicode" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+          }
         }
-      }
-    CONFIG
+      CONFIG
+
+      host = 'localhost'
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new(host, port) }
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-    host = 'localhost'
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new(host, port) }
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
-        socket.flush
+        event_count.times.collect {queue.pop}
       end
-      socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      event_count.times do |i|
+        event = events[i]
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      event = events[i]
-      insist { event.get("message") } == "#{i} ☹"
-      insist { ["localhost","ip6-localhost"].includes? event.get("host") }
-      insist { event.get("[@metadata][ip_address]") } == '127.0.0.1'
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host", v1: "[@metadata][input][tcp][source][name]"])).to eq("localhost").or eq("ip6-localhost")
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"])).to eq('127.0.0.1')
+        end
+      end
     end
-  end
 
-  it "should handle PROXY protocol v1 connections" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          proxy_protocol => true
-          port => '#{port}'
+    it "should handle PROXY protocol v1 connections" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            proxy_protocol => true
+            port => '#{port}'
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
-      socket.flush
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
         socket.flush
-      end
-      socket.close
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+        event_count.times.collect {queue.pop}
+      end
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      insist { events[i].get("message") } == "#{i} ☹"
-      insist { events[i].get("host") } == "1.2.3.4"
-      insist { events[i].get("port") } == "1234"
-      insist { events[i].get("proxy_host") } == "5.6.7.8"
-      insist { events[i].get("proxy_port") } == "5678"
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      events.each_with_index do |event, i|
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "port",                    v1: "[@metadata][input][tcp][source][port]"])).to eq('1234')
+          expect(event.get(ecs_select[disabled: "proxy_host",              v1: "[@metadata][input][tcp][proxy][ip]"  ])).to eq('5.6.7.8')
+          expect(event.get(ecs_select[disabled: "proxy_port",              v1: "[@metadata][input][tcp][proxy][port]"  ])).to eq('5678')
+        end
+      end
     end
-  end
 
-  it "should read events with plain codec and ISO-8859-1 charset" do
-    charset = "ISO-8859-1"
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => plain { charset => "#{charset}" }
+    it "should read events with json codec" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world",
+        "foo" => [1,2,3],
+        "baz" => { "1" => "2" },
+        "host" => "example host"
       }
-    CONFIG
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
-      text.force_encoding("ISO-8859-1")
-      socket.puts(text)
-      socket.close
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-      queue.pop
-    end
+        queue.pop
+      end
 
-    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
-    insist { event.get("message").size } == 1
-    insist { event.get("message").bytesize } == 2
-    insist { event.get("message") } == "£"
-  end
+      insist { event.get("hello") } == data["hello"]
+      insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
+      insist { event.get("baz") } == data["baz"]
 
-  it "should read events with json codec" do
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+      # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
+      # if present, instead of providing its own
+      insist { event.get("host") } == data["host"]
+    end
+
+    it "should read events with json codec (testing 'host' handling)" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world"
       }
-    CONFIG
 
-    data = {
-      "hello" => "world",
-      "foo" => [1,2,3],
-      "baz" => { "1" => "2" },
-      "host" => "example host"
-    }
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
-      socket.close
+        queue.pop
+      end
 
-      queue.pop
+      aggregate_failures("event") do
+        expect(event.get("hello")).to eq(data["hello"])
+        expect(event).to include(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])
+        expect(event).to include(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])
+      end
     end
-
-    insist { event.get("hello") } == data["hello"]
-    insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
-    insist { event.get("baz") } == data["baz"]
-
-    # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
-    # if present, instead of providing its own
-    insist { event.get("host") } == data["host"]
   end
 
-  it "should read events with json codec (testing 'host' handling)" do
+  it "should read events with plain codec and ISO-8859-1 charset" do
+    charset = "ISO-8859-1"
     conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+        input {
+          tcp {
+            port => #{port}
+            codec => plain { charset => "#{charset}" }
+          }
         }
-      }
     CONFIG
 
-    data = {
-      "hello" => "world"
-    }
-
     event = input(conf) do |pipeline, queue|
       socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
+      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
+      text.force_encoding("ISO-8859-1")
+      socket.puts(text)
       socket.close
 
       queue.pop
     end
 
-    insist { event.get("hello") } == data["hello"]
-    insist { event }.include?("host")
+    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
+    aggregate_failures("event") do
+      expect(event.get("message")).to have_attributes(size: 1, bytesize: 2, encoding: Encoding.find("UTF-8"))
+      expect(event.get("message")).to eq("£")
+    end
   end
 
   it "should read events with json_lines codec" do
@@ -411,6 +429,115 @@ describe LogStash::Inputs::Tcp do
             expect { subject.register }.to_not raise_error
           end
         end
+
+        context "encrypted (AES-156) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_aes256.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_aes256.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (SEED) key" do # algorithm not supported by Sun provider
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_seed.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_seed.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            pending # newer BC should be able to read this
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (DES) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_des.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_des.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted PKCS#8 key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs8.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs8.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        # NOTE: only BC provider can read the legacy (OpenSSL) format
+        context "encrypted PKCS#5 v1.5 key" do # openssl pkcs8 -topk8 -v1 PBE-MD5-DES
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs5v15.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs5v15.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "small (legacy) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/small.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/small.key', File.dirname(__FILE__)),
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
       end
     end