logstash-input-tcp 6.0.10-java → 6.2.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -0
- data/docs/index.asciidoc +61 -0
- data/lib/logstash/inputs/tcp/decoder_impl.rb +12 -9
- data/lib/logstash/inputs/tcp.rb +53 -27
- data/logstash-input-tcp.gemspec +6 -0
- data/spec/fixtures/encrypted-pkcs5v15.crt +14 -0
- data/spec/fixtures/encrypted-pkcs5v15.key +17 -0
- data/spec/fixtures/encrypted-pkcs8.crt +11 -0
- data/spec/fixtures/encrypted-pkcs8.key +18 -0
- data/spec/fixtures/encrypted_aes256.crt +17 -0
- data/spec/fixtures/encrypted_aes256.key +30 -0
- data/spec/fixtures/encrypted_des.crt +9 -0
- data/spec/fixtures/encrypted_des.key +12 -0
- data/spec/fixtures/encrypted_seed.crt +17 -0
- data/spec/fixtures/encrypted_seed.key +30 -0
- data/spec/fixtures/small.crt +9 -0
- data/spec/fixtures/small.key +9 -0
- data/spec/inputs/tcp_spec.rb +243 -116
- data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/{6.0.10/logstash-input-tcp-6.0.10.jar → 6.2.1/logstash-input-tcp-6.2.1.jar} +0 -0
- data/version +1 -1
- metadata +86 -16
- data/lib/logstash/inputs/tcp/compat_ssl_options.rb +0 -147
Binary file
|
data/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.
|
1
|
+
6.2.1
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-tcp
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.2.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-08-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -20,8 +20,8 @@ dependencies:
|
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: '2.99'
|
22
22
|
name: logstash-core-plugin-api
|
23
|
-
prerelease: false
|
24
23
|
type: :runtime
|
24
|
+
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
@@ -30,6 +30,54 @@ dependencies:
|
|
30
30
|
- - "<="
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '2.99'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
requirement: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - "~>"
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '1.2'
|
39
|
+
name: logstash-mixin-ecs_compatibility_support
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - "~>"
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '1.2'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ">="
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: 6.7.0
|
53
|
+
name: logstash-core
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - ">="
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: 6.7.0
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ">="
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 0.10.2
|
67
|
+
- - "<"
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
version: '0.12'
|
70
|
+
name: jruby-openssl
|
71
|
+
type: :runtime
|
72
|
+
prerelease: false
|
73
|
+
version_requirements: !ruby/object:Gem::Requirement
|
74
|
+
requirements:
|
75
|
+
- - ">="
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
version: 0.10.2
|
78
|
+
- - "<"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '0.12'
|
33
81
|
- !ruby/object:Gem::Dependency
|
34
82
|
requirement: !ruby/object:Gem::Requirement
|
35
83
|
requirements:
|
@@ -37,8 +85,8 @@ dependencies:
|
|
37
85
|
- !ruby/object:Gem::Version
|
38
86
|
version: '0'
|
39
87
|
name: logstash-codec-plain
|
40
|
-
prerelease: false
|
41
88
|
type: :runtime
|
89
|
+
prerelease: false
|
42
90
|
version_requirements: !ruby/object:Gem::Requirement
|
43
91
|
requirements:
|
44
92
|
- - ">="
|
@@ -51,8 +99,8 @@ dependencies:
|
|
51
99
|
- !ruby/object:Gem::Version
|
52
100
|
version: '0'
|
53
101
|
name: logstash-codec-line
|
54
|
-
prerelease: false
|
55
102
|
type: :runtime
|
103
|
+
prerelease: false
|
56
104
|
version_requirements: !ruby/object:Gem::Requirement
|
57
105
|
requirements:
|
58
106
|
- - ">="
|
@@ -65,8 +113,8 @@ dependencies:
|
|
65
113
|
- !ruby/object:Gem::Version
|
66
114
|
version: '0'
|
67
115
|
name: logstash-codec-json
|
68
|
-
prerelease: false
|
69
116
|
type: :runtime
|
117
|
+
prerelease: false
|
70
118
|
version_requirements: !ruby/object:Gem::Requirement
|
71
119
|
requirements:
|
72
120
|
- - ">="
|
@@ -79,8 +127,8 @@ dependencies:
|
|
79
127
|
- !ruby/object:Gem::Version
|
80
128
|
version: '0'
|
81
129
|
name: logstash-codec-json_lines
|
82
|
-
prerelease: false
|
83
130
|
type: :runtime
|
131
|
+
prerelease: false
|
84
132
|
version_requirements: !ruby/object:Gem::Requirement
|
85
133
|
requirements:
|
86
134
|
- - ">="
|
@@ -93,8 +141,8 @@ dependencies:
|
|
93
141
|
- !ruby/object:Gem::Version
|
94
142
|
version: '0'
|
95
143
|
name: logstash-codec-multiline
|
96
|
-
prerelease: false
|
97
144
|
type: :runtime
|
145
|
+
prerelease: false
|
98
146
|
version_requirements: !ruby/object:Gem::Requirement
|
99
147
|
requirements:
|
100
148
|
- - ">="
|
@@ -107,8 +155,8 @@ dependencies:
|
|
107
155
|
- !ruby/object:Gem::Version
|
108
156
|
version: '0'
|
109
157
|
name: logstash-devutils
|
110
|
-
prerelease: false
|
111
158
|
type: :development
|
159
|
+
prerelease: false
|
112
160
|
version_requirements: !ruby/object:Gem::Requirement
|
113
161
|
requirements:
|
114
162
|
- - ">="
|
@@ -121,8 +169,8 @@ dependencies:
|
|
121
169
|
- !ruby/object:Gem::Version
|
122
170
|
version: '0'
|
123
171
|
name: insist
|
124
|
-
prerelease: false
|
125
172
|
type: :development
|
173
|
+
prerelease: false
|
126
174
|
version_requirements: !ruby/object:Gem::Requirement
|
127
175
|
requirements:
|
128
176
|
- - ">="
|
@@ -135,8 +183,8 @@ dependencies:
|
|
135
183
|
- !ruby/object:Gem::Version
|
136
184
|
version: 0.0.6
|
137
185
|
name: flores
|
138
|
-
prerelease: false
|
139
186
|
type: :development
|
187
|
+
prerelease: false
|
140
188
|
version_requirements: !ruby/object:Gem::Requirement
|
141
189
|
requirements:
|
142
190
|
- - "~>"
|
@@ -149,8 +197,8 @@ dependencies:
|
|
149
197
|
- !ruby/object:Gem::Version
|
150
198
|
version: 0.0.22
|
151
199
|
name: stud
|
152
|
-
prerelease: false
|
153
200
|
type: :development
|
201
|
+
prerelease: false
|
154
202
|
version_requirements: !ruby/object:Gem::Requirement
|
155
203
|
requirements:
|
156
204
|
- - "~>"
|
@@ -173,12 +221,23 @@ files:
|
|
173
221
|
- docs/index.asciidoc
|
174
222
|
- lib/logstash-input-tcp_jars.rb
|
175
223
|
- lib/logstash/inputs/tcp.rb
|
176
|
-
- lib/logstash/inputs/tcp/compat_ssl_options.rb
|
177
224
|
- lib/logstash/inputs/tcp/decoder_impl.rb
|
178
225
|
- logstash-input-tcp.gemspec
|
226
|
+
- spec/fixtures/encrypted-pkcs5v15.crt
|
227
|
+
- spec/fixtures/encrypted-pkcs5v15.key
|
228
|
+
- spec/fixtures/encrypted-pkcs8.crt
|
229
|
+
- spec/fixtures/encrypted-pkcs8.key
|
230
|
+
- spec/fixtures/encrypted_aes256.crt
|
231
|
+
- spec/fixtures/encrypted_aes256.key
|
232
|
+
- spec/fixtures/encrypted_des.crt
|
233
|
+
- spec/fixtures/encrypted_des.key
|
234
|
+
- spec/fixtures/encrypted_seed.crt
|
235
|
+
- spec/fixtures/encrypted_seed.key
|
236
|
+
- spec/fixtures/small.crt
|
237
|
+
- spec/fixtures/small.key
|
179
238
|
- spec/inputs/tcp_spec.rb
|
180
239
|
- spec/spec_helper.rb
|
181
|
-
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.
|
240
|
+
- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.2.1/logstash-input-tcp-6.2.1.jar
|
182
241
|
- version
|
183
242
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
184
243
|
licenses:
|
@@ -202,11 +261,22 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
202
261
|
- !ruby/object:Gem::Version
|
203
262
|
version: '0'
|
204
263
|
requirements: []
|
205
|
-
|
206
|
-
rubygems_version: 2.6.13
|
264
|
+
rubygems_version: 3.0.6
|
207
265
|
signing_key:
|
208
266
|
specification_version: 4
|
209
267
|
summary: Reads events from a TCP socket
|
210
268
|
test_files:
|
269
|
+
- spec/fixtures/encrypted-pkcs5v15.crt
|
270
|
+
- spec/fixtures/encrypted-pkcs5v15.key
|
271
|
+
- spec/fixtures/encrypted-pkcs8.crt
|
272
|
+
- spec/fixtures/encrypted-pkcs8.key
|
273
|
+
- spec/fixtures/encrypted_aes256.crt
|
274
|
+
- spec/fixtures/encrypted_aes256.key
|
275
|
+
- spec/fixtures/encrypted_des.crt
|
276
|
+
- spec/fixtures/encrypted_des.key
|
277
|
+
- spec/fixtures/encrypted_seed.crt
|
278
|
+
- spec/fixtures/encrypted_seed.key
|
279
|
+
- spec/fixtures/small.crt
|
280
|
+
- spec/fixtures/small.key
|
211
281
|
- spec/inputs/tcp_spec.rb
|
212
282
|
- spec/spec_helper.rb
|
@@ -1,147 +0,0 @@
|
|
1
|
-
require 'openssl'
|
2
|
-
require "logstash/util/loggable"
|
3
|
-
|
4
|
-
# Simulate a normal SslOptions builder:
|
5
|
-
#
|
6
|
-
# ssl_context = SslOptions.builder
|
7
|
-
# .set_is_ssl_enabled(@ssl_enable)
|
8
|
-
# .set_should_verify(@ssl_verify)
|
9
|
-
# .set_ssl_cert(@ssl_cert)
|
10
|
-
# .set_ssl_key(@ssl_key)
|
11
|
-
# .set_ssl_key_passphrase(@ssl_key_passphrase.value)
|
12
|
-
# .set_ssl_extra_chain_certs(@ssl_extra_chain_certs.to_java(:string))
|
13
|
-
# .set_ssl_certificate_authorities(@ssl_certificate_authorities.to_java(:string))
|
14
|
-
# .build.toSslContext()
|
15
|
-
class SslOptions
|
16
|
-
include LogStash::Util::Loggable
|
17
|
-
|
18
|
-
java_import 'io.netty.handler.ssl.ClientAuth'
|
19
|
-
java_import 'io.netty.handler.ssl.SslContextBuilder'
|
20
|
-
java_import 'java.security.cert.X509Certificate'
|
21
|
-
java_import 'javax.crypto.Cipher'
|
22
|
-
java_import 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo'
|
23
|
-
java_import 'org.bouncycastle.jce.provider.BouncyCastleProvider'
|
24
|
-
java_import 'org.bouncycastle.openssl.PEMKeyPair'
|
25
|
-
java_import 'org.bouncycastle.openssl.PEMParser'
|
26
|
-
java_import 'org.bouncycastle.openssl.PEMEncryptedKeyPair'
|
27
|
-
java_import 'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter'
|
28
|
-
java_import 'org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder'
|
29
|
-
java_import 'org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder'
|
30
|
-
java_import 'org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo'
|
31
|
-
|
32
|
-
def self.builder
|
33
|
-
new
|
34
|
-
end
|
35
|
-
|
36
|
-
def set_is_ssl_enabled(boolean)
|
37
|
-
@ssl_enabled = boolean
|
38
|
-
self
|
39
|
-
end
|
40
|
-
|
41
|
-
def set_should_verify(boolean)
|
42
|
-
@ssl_verify = boolean
|
43
|
-
self
|
44
|
-
end
|
45
|
-
|
46
|
-
def set_ssl_cert(path)
|
47
|
-
@ssl_cert_path = path
|
48
|
-
self
|
49
|
-
end
|
50
|
-
|
51
|
-
def set_ssl_key(path)
|
52
|
-
@ssl_key_path = path
|
53
|
-
self
|
54
|
-
end
|
55
|
-
|
56
|
-
def set_ssl_key_passphrase(passphrase)
|
57
|
-
@ssl_key_passphrase = passphrase
|
58
|
-
self
|
59
|
-
end
|
60
|
-
|
61
|
-
def set_ssl_extra_chain_certs(certs)
|
62
|
-
@ssl_extra_chain_certs = certs
|
63
|
-
self
|
64
|
-
end
|
65
|
-
|
66
|
-
def set_ssl_certificate_authorities(certs)
|
67
|
-
@ssl_certificate_authorities = certs
|
68
|
-
self
|
69
|
-
end
|
70
|
-
|
71
|
-
def build; self; end
|
72
|
-
|
73
|
-
def toSslContext
|
74
|
-
return nil unless @ssl_enabled
|
75
|
-
|
76
|
-
# Check key strength
|
77
|
-
logger.warn("JCE Unlimited Strength Jurisdiction Policy not installed - max key length is 128 bits") unless Cipher.getMaxAllowedKeyLength("AES") > 128
|
78
|
-
# create certificate object
|
79
|
-
cf = java.security.cert.CertificateFactory.getInstance("X.509")
|
80
|
-
cert_chain = []
|
81
|
-
fetch_certificates_from_file(@ssl_cert_path, cf) do |cert|
|
82
|
-
cert_chain << cert
|
83
|
-
end
|
84
|
-
|
85
|
-
# convert key from pkcs1 to pkcs8 and get PrivateKey object
|
86
|
-
pem_parser = PEMParser.new(java.io.FileReader.new(@ssl_key_path))
|
87
|
-
java.security.Security.addProvider(BouncyCastleProvider.new)
|
88
|
-
converter = JcaPEMKeyConverter.new
|
89
|
-
case obj = pem_parser.readObject
|
90
|
-
when PEMKeyPair # unencrypted pkcs#1
|
91
|
-
private_key = converter.getKeyPair(obj).private
|
92
|
-
when PrivateKeyInfo # unencrypted pkcs#8
|
93
|
-
private_key = converter.getPrivateKey(obj)
|
94
|
-
when PEMEncryptedKeyPair # encrypted pkcs#1
|
95
|
-
key_char_array = @ssl_key_passphrase.to_java.toCharArray
|
96
|
-
decryptor = JcePEMDecryptorProviderBuilder.new.build(key_char_array)
|
97
|
-
key_pair = obj.decryptKeyPair(decryptor)
|
98
|
-
private_key = converter.getKeyPair(key_pair).private
|
99
|
-
when PKCS8EncryptedPrivateKeyInfo # encrypted pkcs#8
|
100
|
-
key_char_array = @ssl_key_passphrase.to_java.toCharArray
|
101
|
-
key = JceOpenSSLPKCS8DecryptorProviderBuilder.new.build(key_char_array)
|
102
|
-
private_key = converter.getPrivateKey(obj.decryptPrivateKeyInfo(key))
|
103
|
-
else
|
104
|
-
raise "Could not recognize 'ssl_key' format. Class: #{obj.class}"
|
105
|
-
end
|
106
|
-
|
107
|
-
@ssl_extra_chain_certs.each do |file|
|
108
|
-
fetch_certificates_from_file(file, cf) do |cert|
|
109
|
-
cert_chain << cert
|
110
|
-
end
|
111
|
-
end
|
112
|
-
sslContextBuilder = SslContextBuilder.forServer(private_key, @ssl_key_passphrase, cert_chain.to_java(X509Certificate))
|
113
|
-
|
114
|
-
trust_certs = []
|
115
|
-
|
116
|
-
@ssl_certificate_authorities.each do |file|
|
117
|
-
fetch_certificates_from_file(file, cf) do |cert|
|
118
|
-
trust_certs << cert
|
119
|
-
end
|
120
|
-
end
|
121
|
-
|
122
|
-
if trust_certs.any?
|
123
|
-
sslContextBuilder.trustManager(trust_certs.to_java(X509Certificate))
|
124
|
-
end
|
125
|
-
|
126
|
-
sslContextBuilder.clientAuth(@ssl_verify ? ClientAuth::REQUIRE : ClientAuth::NONE)
|
127
|
-
sslContextBuilder.build()
|
128
|
-
end
|
129
|
-
|
130
|
-
private
|
131
|
-
def fetch_certificates_from_file(file, cf)
|
132
|
-
fis = java.io.FileInputStream.new(file)
|
133
|
-
|
134
|
-
while (fis.available > 0) do
|
135
|
-
cert = generate_certificate(cf, fis)
|
136
|
-
yield cert if cert
|
137
|
-
end
|
138
|
-
ensure
|
139
|
-
fis.close if fis
|
140
|
-
end
|
141
|
-
|
142
|
-
def generate_certificate(cf, fis)
|
143
|
-
cf.generateCertificate(fis)
|
144
|
-
rescue Java::JavaSecurityCert::CertificateException => e
|
145
|
-
raise e unless e.cause.message == "Empty input"
|
146
|
-
end
|
147
|
-
end
|