logstash-input-tcp 6.0.10-java → 6.2.1-java

data/version

@@ -1 +1 @@
-6.0.10
+6.2.1

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-tcp
 version: !ruby/object:Gem::Version
-  version: 6.0.10
+  version: 6.2.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-22 00:00:00.000000000 Z
+date: 2021-08-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -30,6 +30,54 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  name: logstash-mixin-ecs_compatibility_support
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.7.0
+  name: logstash-core
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 6.7.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  name: jruby-openssl
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.10.2
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '0.12'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -37,8 +85,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,8 +99,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-line
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -65,8 +113,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -79,8 +127,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json_lines
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -93,8 +141,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-multiline
-  prerelease: false
   type: :runtime
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -107,8 +155,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -121,8 +169,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: insist
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -135,8 +183,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.6
   name: flores
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -149,8 +197,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.22
   name: stud
-  prerelease: false
   type: :development
+  prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -173,12 +221,23 @@ files:
 - docs/index.asciidoc
 - lib/logstash-input-tcp_jars.rb
 - lib/logstash/inputs/tcp.rb
-- lib/logstash/inputs/tcp/compat_ssl_options.rb
 - lib/logstash/inputs/tcp/decoder_impl.rb
 - logstash-input-tcp.gemspec
+- spec/fixtures/encrypted-pkcs5v15.crt
+- spec/fixtures/encrypted-pkcs5v15.key
+- spec/fixtures/encrypted-pkcs8.crt
+- spec/fixtures/encrypted-pkcs8.key
+- spec/fixtures/encrypted_aes256.crt
+- spec/fixtures/encrypted_aes256.key
+- spec/fixtures/encrypted_des.crt
+- spec/fixtures/encrypted_des.key
+- spec/fixtures/encrypted_seed.crt
+- spec/fixtures/encrypted_seed.key
+- spec/fixtures/small.crt
+- spec/fixtures/small.key
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb
-- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.0.10/logstash-input-tcp-6.0.10.jar
+- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.2.1/logstash-input-tcp-6.2.1.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -202,11 +261,22 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.0.6
 signing_key:
 specification_version: 4
 summary: Reads events from a TCP socket
 test_files:
+- spec/fixtures/encrypted-pkcs5v15.crt
+- spec/fixtures/encrypted-pkcs5v15.key
+- spec/fixtures/encrypted-pkcs8.crt
+- spec/fixtures/encrypted-pkcs8.key
+- spec/fixtures/encrypted_aes256.crt
+- spec/fixtures/encrypted_aes256.key
+- spec/fixtures/encrypted_des.crt
+- spec/fixtures/encrypted_des.key
+- spec/fixtures/encrypted_seed.crt
+- spec/fixtures/encrypted_seed.key
+- spec/fixtures/small.crt
+- spec/fixtures/small.key
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb

data/lib/logstash/inputs/tcp/compat_ssl_options.rb

@@ -1,147 +0,0 @@
-require 'openssl'
-require "logstash/util/loggable"
-
-# Simulate a normal SslOptions builder:
-#
-#     ssl_context = SslOptions.builder
-#       .set_is_ssl_enabled(@ssl_enable)
-#       .set_should_verify(@ssl_verify)
-#       .set_ssl_cert(@ssl_cert)
-#       .set_ssl_key(@ssl_key)
-#       .set_ssl_key_passphrase(@ssl_key_passphrase.value)
-#       .set_ssl_extra_chain_certs(@ssl_extra_chain_certs.to_java(:string))
-#       .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
-#       .build.toSslContext()
-class SslOptions
-  include LogStash::Util::Loggable
-
-  java_import 'io.netty.handler.ssl.ClientAuth'
-  java_import 'io.netty.handler.ssl.SslContextBuilder'
-  java_import 'java.security.cert.X509Certificate'
-  java_import 'javax.crypto.Cipher'
-  java_import 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo'
-  java_import 'org.bouncycastle.jce.provider.BouncyCastleProvider'
-  java_import 'org.bouncycastle.openssl.PEMKeyPair'
-  java_import 'org.bouncycastle.openssl.PEMParser'
-  java_import 'org.bouncycastle.openssl.PEMEncryptedKeyPair'
-  java_import 'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter'
-  java_import 'org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder'
-  java_import 'org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder'
-  java_import 'org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo'
-
-  def self.builder
-    new
-  end
-
-  def set_is_ssl_enabled(boolean)
-    @ssl_enabled = boolean
-    self
-  end
-
-  def set_should_verify(boolean)
-    @ssl_verify = boolean
-    self
-  end
-
-  def set_ssl_cert(path)
-    @ssl_cert_path = path
-    self
-  end
-
-  def set_ssl_key(path)
-    @ssl_key_path = path
-    self
-  end
-
-  def set_ssl_key_passphrase(passphrase)
-    @ssl_key_passphrase = passphrase
-    self
-  end
-
-  def set_ssl_extra_chain_certs(certs)
-    @ssl_extra_chain_certs = certs
-    self
-  end
-
-  def set_ssl_certificate_authorities(certs)
-    @ssl_certificate_authorities = certs
-    self
-  end
-
-  def build; self; end
-
-  def toSslContext
-    return nil unless @ssl_enabled
-
-    # Check key strength
-    logger.warn("JCE Unlimited Strength Jurisdiction Policy not installed - max key length is 128 bits") unless Cipher.getMaxAllowedKeyLength("AES") > 128
-    # create certificate object
-    cf = java.security.cert.CertificateFactory.getInstance("X.509")
-    cert_chain = []
-    fetch_certificates_from_file(@ssl_cert_path, cf) do |cert|
-      cert_chain << cert
-    end
-
-    # convert key from pkcs1 to pkcs8 and get PrivateKey object
-    pem_parser = PEMParser.new(java.io.FileReader.new(@ssl_key_path))
-    java.security.Security.addProvider(BouncyCastleProvider.new)
-    converter = JcaPEMKeyConverter.new
-    case obj = pem_parser.readObject
-    when PEMKeyPair # unencrypted pkcs#1
-      private_key = converter.getKeyPair(obj).private
-    when PrivateKeyInfo # unencrypted pkcs#8
-      private_key = converter.getPrivateKey(obj)
-    when PEMEncryptedKeyPair # encrypted pkcs#1
-      key_char_array = @ssl_key_passphrase.to_java.toCharArray
-      decryptor = JcePEMDecryptorProviderBuilder.new.build(key_char_array)
-      key_pair = obj.decryptKeyPair(decryptor)
-      private_key = converter.getKeyPair(key_pair).private
-    when PKCS8EncryptedPrivateKeyInfo # encrypted pkcs#8
-      key_char_array = @ssl_key_passphrase.to_java.toCharArray
-      key = JceOpenSSLPKCS8DecryptorProviderBuilder.new.build(key_char_array)
-      private_key = converter.getPrivateKey(obj.decryptPrivateKeyInfo(key))
-    else
-      raise "Could not recognize 'ssl_key' format. Class: #{obj.class}"
-    end
-
-    @ssl_extra_chain_certs.each do |file|
-      fetch_certificates_from_file(file, cf) do |cert|
-        cert_chain << cert
-      end
-    end
-    sslContextBuilder = SslContextBuilder.forServer(private_key, @ssl_key_passphrase, cert_chain.to_java(X509Certificate))
-
-    trust_certs = []
-
-    @ssl_certificate_authorities.each do |file|
-      fetch_certificates_from_file(file, cf) do |cert|
-        trust_certs << cert
-      end
-    end
-
-    if trust_certs.any?
-      sslContextBuilder.trustManager(trust_certs.to_java(X509Certificate))
-    end
-
-    sslContextBuilder.clientAuth(@ssl_verify ? ClientAuth::REQUIRE : ClientAuth::NONE)
-    sslContextBuilder.build()
-  end
-
-  private
-  def fetch_certificates_from_file(file, cf)
-    fis = java.io.FileInputStream.new(file)
-
-    while (fis.available > 0) do
-      cert = generate_certificate(cf, fis)
-      yield cert if cert
-    end
-  ensure
-    fis.close if fis
-  end
-
-  def generate_certificate(cf, fis)
-    cf.generateCertificate(fis)
-  rescue Java::JavaSecurityCert::CertificateException => e
-    raise e unless e.cause.message == "Empty input"
-  end
-end