logstash-input-tcp 6.1.0-java → 6.2.2-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 26d542f495a0b506903b944a54ce0cdab39b93714fadfca025f8b2233ac22135
-  data.tar.gz: 17b2c70fc10f1d1132956c6cf45f752c2e0b992d819e0c54e568882f2da0dada
+  metadata.gz: 38fbbb89f6bd5ca7e686f535e3bd1d3975197ab97a2d4aa19024ac2e1182c04e
+  data.tar.gz: d01646af2f4d570aba6b41af7e3cd65dbb233bea0c3d08e67e75f526fa9967a5
 SHA512:
-  metadata.gz: d03c07e5980298f23fe7309528a1eaef3b5ebc45948362582c9ed922c5c257e24affdca65d92f859b55507f1a3f2b9766c6e09e2949d40cb6a51ed55f48b1646
-  data.tar.gz: 817c0305eff54d5fb35ee66a0b4633cfbcce93a2c2adb43be9d71d9c6dedfb71a4d0a07e7ed665b0267839526716eb721ad8c0dc2c3e1e732430988193e97035
+  metadata.gz: 666611382202c67764f7ed535d4eb77aa0b06ddb88dec759fa95a461d16102638d0af5b7754fa719800c51c5199439bc60e9bf440678ce4eaa7eb827ef63db6e
+  data.tar.gz: a417b01914e169f9e284de6777f3ca66fa97e4882ec9a21435eb2c9628c77a0b10de5e38f843acb46373b7e06505cec8560e69b3131c84b2ac5f6e3730998370

data/CHANGELOG.md

@@ -1,3 +1,19 @@
+## 6.2.2
+  - Internal: update to Gradle 7 [#184](https://github.com/logstash-plugins/logstash-input-tcp/pull/184)
+  - Internal: relax jruby-openssl upper bound [#185](https://github.com/logstash-plugins/logstash-input-tcp/pull/185)
+
+## 6.2.1
+  - Fix: restore logic to add the Bouncy-Castle security provider at runtime [#181](https://github.com/logstash-plugins/logstash-input-tcp/pull/181)
+    - required to properly read encrypted (legacy) OpenSSL PKCS#5v1.5 keys
+
+## 6.2.0
+ - Added ECS Compatibility Mode [#165](https://github.com/logstash-plugins/logstash-input-tcp/pull/165)
+   - When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under `[@metadata][input][tcp]` instead of at the root level.
+ - Fix: source address is no longer missing when a proxy is present
+
+## 6.1.1
+ - Changed jar dependencies to reflect newer versions [#179](https://github.com/logstash-plugins/logstash-input-http/pull/179)
+
 ## 6.1.0
   - Feat: improve SSL error logging/unwrapping [#178](https://github.com/logstash-plugins/logstash-input-tcp/pull/178)
   - Fix: the plugin will no longer have a side effect of adding the Bouncy-Castle security provider at runtime  

data/docs/index.asciidoc

@@ -70,6 +70,52 @@ event timestamp
       }
     }
 
+[id="plugins-{type}s-{plugin}-ecs_metadata"]
+==== Event Metadata and the Elastic Common Schema (ECS)
+
+In addition to decoding the events, this input will add metadata about the TCP connection itself to each event.
+This can be helpful when applications are configured to send events directly to this input's TCP listener without including information about themselves.
+
+Historically, this metadata was added to a variety of non-standard top-level fields, which had the potential to create confusion and schema conflicts downstream.
+With ECS compatibility mode, we can ensure a pipeline still has access to this metadata throughout the event's lifecycle without polluting the top-level namespace.
+
+[cols="3,7,5"]
+|=======================================================================
+| Metadata Group                                     | ecs: `v1`, `v8`                       | ecs: `disabled`
+
+.3+|Source Metadata from the TCP connection
+on which events are being received, including
+the sender's name, ip, and outbound port.       l|[@metadata][input][tcp][source][name] l|[host]
+l|[@metadata][input][tcp][source][ip]   l|[@metadata][ip_address]
+l|[@metadata][input][tcp][source][port] l|[port]
+
+.2+|Proxy Metadata from a proxied TCP connection.
+Available when receiving events by proxy and
+`proxy_protocol => true`                        l|[@metadata][input][tcp][proxy][ip]    l|[proxy_host]
+l|[@metadata][input][tcp][proxy][port]  l|[proxy_port]
+
+.1+|SSL Subject Metadata from a secured TCP
+connection. Available when `ssl_enable => true`
+AND `ssl_verify => true`                        l|[@metadata][input][tcp][ssl][subject] l|[sslsubject]
+|=======================================================================
+
+For example, the Elastic Common Schema reserves the https://www.elastic.co/guide/en/ecs/current/ecs-host.html[top-level `host` field] for information about the host on which the event happened.
+If an event is missing this metadata, it can be copied into place from the source TCP connection metadata that has been added to the event:
+
+[source,txt]
+-----
+filter {
+  if [@metadata][input][tcp][source] and not [host] {
+    mutate {
+      copy {
+        "[@metadata][input][tcp][source][name]" => "[host][name]"
+        "[@metadata][input][tcp][source][ip]"   => "[host][ip]"
+      }
+    }
+  }
+}
+-----
+
 [id="plugins-{type}s-{plugin}-options"]
 ==== Tcp Input Configuration Options
 
@@ -79,6 +125,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
@@ -108,6 +155,20 @@ It is possible to avoid DNS reverse-lookups by disabling this setting. If disabl
 the address metadata that is added to events will contain the source address as-specified
 at the TCP layer and IPs will not be resolved to hostnames.
 
+[id="plugins-{type}s-{plugin}-ecs_compatibility"]
+===== `ecs_compatibility`
+
+* Value type is <<string,string>>
+* Supported values are:
+** `disabled`: unstructured connection metadata added at root level
+** `v1`,`v8`: structured connection metadata added under `[@metadata][input][tcp]`
+* Default value depends on which version of Logstash is running:
+** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
+** Otherwise, the default value is `disabled`.
+
+Controls this plugin's compatibility with the https://www.elastic.co/guide/en/ecs/current/index.html[Elastic Common Schema (ECS)].
+The value of this setting affects the <<plugins-{type}s-{plugin}-ecs_metadata,placement of a TCP connection's metadata>> on events.
+
 [id="plugins-{type}s-{plugin}-host"]
 ===== `host` 
 

data/lib/logstash/inputs/tcp/decoder_impl.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 require 'java'
 
-class DecoderImpl
+class LogStash::Inputs::Tcp::DecoderImpl
 
   include org.logstash.tcp.Decoder
 
@@ -24,7 +24,7 @@ class DecoderImpl
   end
 
   def copy
-    DecoderImpl.new(@codec.clone, @tcp)
+    self.class.new(@codec.clone, @tcp)
   end
 
   def flush
@@ -41,16 +41,17 @@ class DecoderImpl
         @tcp.logger.error("Invalid proxy protocol header label", :header => pp_hdr)
         raise IOError.new("Invalid proxy protocol header label #{pp_hdr.inspect}")
       else
-        @proxy_address = pp_info[3]
-        @proxy_port = pp_info[5]
-        @address = pp_info[2]
-        @port = pp_info[4]
+        @proxy_address = pp_info[3] # layer 3 destination address (proxy's receiving address)
+        @proxy_port = pp_info[5] # TCP destination port (proxy's receiving port)
+        @ip_address = pp_info[2] # layer 3 source address (outgoing ip of sender)
+        @address = extract_host_name(@ip_address)
+        @port = pp_info[4] # TCP source port (outgoing port on sender [probably random])
       end
     else
       filtered = received
-      @ip_address = channel_addr.get_address.get_host_address
-      @address = extract_host_name(channel_addr)
-      @port = channel_addr.get_port
+      @ip_address = channel_addr.get_address.get_host_address # ip address of sender
+      @address = extract_host_name(channel_addr) # name _or_ address of sender
+      @port = channel_addr.get_port # outgoing port of sender (probably random)
     end
     @first_read = false
     filtered
@@ -58,6 +59,8 @@ class DecoderImpl
 
   private
   def extract_host_name(channel_addr)
+    channel_addr = java.net.InetSocketAddress.new(channel_addr, 0) if channel_addr.kind_of?(String)
+
     return channel_addr.get_host_string unless @tcp.dns_reverse_lookup_enabled?
 
     channel_addr.get_host_name

data/lib/logstash/inputs/tcp.rb

@@ -5,7 +5,7 @@ require "java"
 require "logstash/inputs/base"
 require "logstash/util/socket_peer"
 require "logstash-input-tcp_jars"
-require "logstash/inputs/tcp/decoder_impl"
+require 'logstash/plugin_mixins/ecs_compatibility_support'
 
 require "socket"
 require "openssl"
@@ -63,6 +63,11 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   java_import 'org.logstash.tcp.InputLoop'
   java_import 'org.logstash.tcp.SslContextBuilder'
 
+  require_relative "tcp/decoder_impl"
+
+  # ecs_compatibility option, provided by Logstash core or the support adapter.
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
+
   config_name "tcp"
 
   default :codec, "line"
@@ -113,13 +118,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   # Option to allow users to avoid DNS Reverse Lookup.
   config :dns_reverse_lookup_enabled, :validate => :boolean, :default => true
 
-  HOST_FIELD = "host".freeze
-  HOST_IP_FIELD = "[@metadata][ip_address]".freeze
-  PORT_FIELD = "port".freeze
-  PROXY_HOST_FIELD = "proxy_host".freeze
-  PROXY_PORT_FIELD = "proxy_port".freeze
-  SSLSUBJECT_FIELD = "sslsubject".freeze
-
   # Monkey patch TCPSocket and SSLSocket to include socket peer
   # @private
   def self.patch_socket_peer!
@@ -134,6 +132,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   def initialize(*args)
     super(*args)
 
+    setup_fields!
+
     self.class.patch_socket_peer!
 
     # threadsafe socket bookkeeping
@@ -186,8 +186,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
                     proxy_port, tbuf, socket)
     codec.decode(tbuf) do |event|
       if @proxy_protocol
-        event.set(PROXY_HOST_FIELD, proxy_address) unless event.get(PROXY_HOST_FIELD)
-        event.set(PROXY_PORT_FIELD, proxy_port) unless event.get(PROXY_PORT_FIELD)
+        event.set(@field_proxy_host, proxy_address) unless event.get(@field_proxy_host)
+        event.set(@field_proxy_port, proxy_port) unless event.get(@field_proxy_port)
       end
       enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
     end
@@ -260,14 +260,24 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   end
 
   def enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
-    event.set(HOST_FIELD, client_address) unless event.get(HOST_FIELD)
-    event.set(HOST_IP_FIELD, client_ip_address) unless event.get(HOST_IP_FIELD)
-    event.set(PORT_FIELD, client_port) unless event.get(PORT_FIELD)
-    event.set(SSLSUBJECT_FIELD, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(SSLSUBJECT_FIELD).nil?
+    event.set(@field_host, client_address) unless event.get(@field_host)
+    event.set(@field_host_ip, client_ip_address) unless event.get(@field_host_ip)
+    event.set(@field_port, client_port) unless event.get(@field_port)
+    event.set(@field_sslsubject, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(@field_sslsubject).nil?
     decorate(event)
     @output_queue << event
   end
 
+  # setup the field names, with respect to ECS compatibility.
+  def setup_fields!
+    @field_host       = ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"        ].freeze
+    @field_host_ip    = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"          ].freeze
+    @field_port       = ecs_select[disabled: "port",                    v1: "[@metadata][input][tcp][source][port]"        ].freeze
+    @field_proxy_host = ecs_select[disabled: "proxy_host",              v1: "[@metadata][input][tcp][proxy][ip]"           ].freeze
+    @field_proxy_port = ecs_select[disabled: "proxy_port",              v1: "[@metadata][input][tcp][proxy][port]"         ].freeze
+    @field_sslsubject = ecs_select[disabled: "sslsubject",              v1: "[@metadata][input][tcp][tls][client][subject]"].freeze
+  end
+
   def server?
     @mode == "server"
   end

data/logstash-input-tcp.gemspec

@@ -21,11 +21,12 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
 
   s.add_runtime_dependency 'logstash-core', '>= 6.7.0'
 
   # we depend on bouncycastle's bcpkix-jdk15on being on the class-path
-  s.add_runtime_dependency 'jruby-openssl', '>= 0.10.2', '< 0.12'
+  s.add_runtime_dependency 'jruby-openssl', '>= 0.10.2'
 
   # line vs streaming codecs required for fix_streaming_codecs
   # TODO: fix_streaming_codecs should be refactored to not

data/spec/fixtures/encrypted-pkcs5v15.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNDCCAZ0CFDeJbri+rGpHPKybNEMIdH/rV8NNMA0GCSqGSIb3DQEBCwUAMFkx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4
+MjUxMzAyMzZaFw0yNDEyMDcxMzAyMzZaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
+DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+v7u9o3mztK8BQ7HiuWs1YJSzpPujs6cYefYDU8AWg6SkDIS/E0SiVoKZmHxcyul+
+t1QEsF3VYEnkKs0jtJQKE6Av0DCMQWA8lXmuEnXI02mDvtL2Kxh4w5x1D5bSRgJP
+Ms9ozN06F5wrMtipUBglwIwQ6HHPywToNMnf5BBZUnECAwEAATANBgkqhkiG9w0B
+AQsFAAOBgQCuh+ytoZKgOEzeLwhfScUvcuDcYJFGkMckO6oUe+/SDTfBN/z5WAhV
+ogBOLOqate4plaP12ZhjE8DUeRy9oN3zKenpskTtXrMz5XH0mclAn8aBig+eOyEj
+1QMDysipE11d1sx1SIXiIMSKtv6kLV/Y+4aId9/AJHxOYMHxebwSQg==
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted-pkcs5v15.key

@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoTAbBgkqhkiG9w0BBQMwDgQI3TfMa5Qd1D8CAggABIICgFjVn88VPNrjBXiF
+Hw5W8yFFwvoeSd/vVkDcGUiNhQy9A3ra/QmktEHvv1d/rGGLSkPypmx9zJuTNGz9
+eJs7TSgIVBsmRG4UtG20qBifG/XVpN1/6pk1Hp9hbIuSBzNIi+EhdhSEty10oZso
+JwrkTbFS4VAk4ivOWcl0O0HQRkGxlSaKmgYNOebvOLqw4/77BN80AOeZHXBGwYNJ
+vRf8Og5PWqR5XmTJLVQxtB4BcBSPCSkECgOBoFfAeaeE6ei0W7V+LDBBHC7Ql0Dl
+rK3KCyvYywd+Ep58jNQRfDsEglgw7jrN2IIaf2jRhfEiPhwbAnEDlQXsMqAIWS/I
+gwj6NaaZObdX8hDVhz/T7MSnK9O8q2JGM6jhhRQZxo4TUlLB1xnwGZ9uQRljshQy
+OmtQ3KuLZvRML9G8nMtd73vdQ3f0cFBIjPG8QblUMOews8tJA2OMpBXEAZf0go25
++lI+rk4RKdHvX9kVGDmKoe/KN3xo23usTjcfodhapHQYPqHc3QOx8XNxtcio1I49
+wnS2xICbiEJfnSOBrrjWIivW0wHZG590ZKJ0FnpKEaXXJ2bV8VEyn+mZ4Ef9ITLk
+9wsOt+68V9xRrsUsvUkkW97POVGZbw0XHf5xZ3ckKiBK41wPuoo2opVc/Qyw+jB0
+cw2Lr/AUzLWZW9w+jmHL1Qr9cydcf2XKBMIoqBFQpJce35bNLTTm8O8K8ZMXEK8g
+WhKLaLRfo4j/pFyuUeHw2pQ7QHRdcYtRHT1GqsQ4AQsXqVYJjwpm1E2ZL001Y+6O
+r/7sJ91jAcv4IwpRS4suaJJydvVQ0qz7xq7B9TvyxZh2f4zbHL+qSe6OQj8Erm1/
+jHkcaB0=
+-----END ENCRYPTED PRIVATE KEY-----

data/spec/fixtures/encrypted-pkcs8.crt

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqjCCARMCFCWVL+Vfx2IIr8d2/GMqsmfzPLD/MA0GCSqGSIb3DQEBDQUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMDUyNTRaFw0yNDEyMDcxMDUy
+NTRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA8HAsVcCjcolfzYR0siWOAg+xFG4fIahO6PH2Oi0l3zosa4KX2dlt3nFS
+2PmgG9MNIDfXwI+BoM6QXB7O7Ch/YUhOz4GGDv3ptCjTYWyA9KZBrgLpiBFsCdt+
+DiW7JBbt0OnMJGhVEsZa2Byh3HOxYqkvC2y4fET4OXdj2uX56B0CAwEAATANBgkq
+hkiG9w0BAQ0FAAOBgQAW/tHI3AnyKYsJ9uaqvndUnVTIDHEEPNFE/xMM3mtQiL8f
+qVYPq4V4C1Z5RD2xBI/skPngaZRWmqFrshEz2EccKe8gzdfyGQG89MQAB8QWn4dJ
+bXUcnXO4hcSD4y3SiZYXJYNj37I2qJ2DfYBx7pScGYdjzIr/OJNK5EIGZI1Bvg==
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted-pkcs8.key

@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIE3AUYJOvgkYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECO0VArsmaac3BIICgOpQitrzl0AC
+uV2AD2kgBfOUvTVe9jVJZ2Pvawo7IRxZZQl/7wMHfm6uB666OVSOVfKEa6nXJhBn
+JzJYXJHBqzQwgsoGfg25Y6bSvIU8ydkCzwEf2P93cexFCCDJE1B8p1/lxJViEfOq
+2CujkKgS3YZCet/03qt/ktkx3qBk9dOk6+xCXorUgzjwGL2SzSH7Su1kXoVKTu5/
+TRCPyD552l8kjtyqNngfOu3xcd0+FFF/e/bUe4qX1bpYNza/Cs/AJAoxHhhGag+O
+26bZ/LTbsN56fM95PvytRvomyj2rMGFJtz1j56R7iYujLUZu7XgCkxq0/t/3mWgX
+0VxOy0zvppZO0XRky1uwSLPsaopZlPIN6s61JAJciT0O884Hi4citNA0hskOCnJA
+vyy0lGa9goZh/cJKjr7W6w2ZkkPwMOKI6YMIup7Fo+7pfG2h0EDxCZyK2JWVl2n0
+vyKMUNl3yrqDbxTk0vURz9qMx/q2cY6zK6+gi+uvfjvRM4oz3nCREbuVjykvEAXo
+OhmN69CN6f8QwJ6wF4JNtxwwkHy+70dLoQg/FYKIfSbA3aoxpgXtr/2d/vkZYjya
+zjcaIrM/WEoPLFvieMHrOmlRZhbVI9BVjhrAyTmT+sQV+GJ7GJirJpmn06VHz5Ln
+ZNE4+ZSH4ODf+JQdh+LajyI8wQKfh4YMr498i5qHyw/KnKtbPjevbY25uWvEKzce
+RWv9nt7VsSQhXuR2U85yc6sqFQQ01QM9xUdhcVB9Eu7FvloDrC6pgaFIXy3IVcfH
+AJPiyRBv1bNad9wdh/+O5MyoKrhAI37YfH2fEKMdR2QKBEnCs94mjFPLy2Kc9kww
+eVwJJw/VXbE=
+-----END ENCRYPTED PRIVATE KEY-----

data/spec/fixtures/encrypted_aes256.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFCbPEM/VXTgCksFOQPoLuv1Td9seMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUwOTM1MDBaFw0yNDEyMDcwOTM1
+MDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAOfAL1NL6pXDkpgWNync+LHLWgrrL18gTrpXjaPjmw6HuiX0te6J
+1xYPjg6xYown6/SJeXi7LS0GFvlQGuz9dh2n6OtqpjBgHIXBXLtT8dXQszdZDaGu
+U8iTBnjDYADt206Bqe2q3MpKEz6a3D8fHAE/fR/4FM4HAI77W+Bng2XwFKqLYHQC
+ReKAexjxIExWBh/dvm8tUdvVmWyY/CVABQWucmwRNo+RQqktksiNqZCDHkE6CVgx
+oXS8UUIWfz6EWNT6UkeIWRJSVUUECcgRYOTVgkYWBE/5BDsBK9E7ZNL+gWqy6j6h
+9fSPhK/Xv6XMqdCcOExZsNWFV1j+bt9Wun0CAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEA5ah44LKyb2LHTr1ePeduoXdVPqwuXik7mL/H6/ZGI1zfSFb0JgjQG822K0s1
+3QLT15/lndSt8smHCgMTm12i/bO1cwaM93+jpUbOaVILLnfuDprjVMgiBVfz1bdx
+GBz6ISJXe1xaKLBhurDsy/1dzbISoizVIg5mJ1us5BvvdklMjtQ1ymY5210ZYCsk
+YcKBVW3hJ6hoZTHrNw7tI99CeBSOpfg0UaxUNMIy1D95+m4RU2aIykoYhAGfmX+u
+zZR0I16widielJWXNCnh6gXdoNjOgYS0TuNoSfmX2oF7nsC5N1zfynz+tPvoK0ys
+OMFwnJJ5LrPHbQk/RK907gBf5Q==
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted_aes256.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,23BAC38304EB81CEE42C61575CA054CE
+
+jR1vKTozeVkx4Nyjb38fj/SSj99MZtboUUHSlUyfDYNgWdhDSli3agFuouxtGoGe
+cWNKcjn73lbxBaAozFGejNo1RQSOaWdKLCXKvvoQTjWg02+9xIL4bQL29Xe4xi7f
+DlsMbcLOrlJZsdAYeL+11vU61yrtIYyPJJFaRh6WLTbVuHH6vUJPYt0Vg77g0L8I
+8tJtAvFSLeMzonu1LGEa/gXHwNT5TlWERybXxD6JzoigmHx4mGFNo9fz4ZyTPjkR
+OWbOZssFDKUeGJVdssRTPYwjaEg8DOUk7JbFTWlRYa7Re/2SEkIte3PrAxJFLFuV
+LZSIR4Vg/cKmpo4BcNNNHmSyymSS4ZAh3GQiztfqHOqAXxfvBsuO3ZHUYPCIhpqw
+KwwkDjJb4dRygDRC5n4os/mdQW/dBVD4OIaghE4lQApOqc3fxOoD9V0SIipbPPv0
+bjaKyt5pEZYyAMrAd3G1UGPQBWcNl2Hu1Shc30uhJZrzthPy/0BTWao0lpA3fIQD
+Pv4weYOc+5tZsKXSuFQc/Y2fLPF9m1GGTAd+YQlfN8JO9I1GKhl1AL/7eC+Usgl4
+ugXPjIgh5/5+qYqiaYE1HlaNrNh2XxcIR9SC7+jgbliBMOeouEPQ0bPQyvz/44cg
+sv3OoIP3F7lqLP/3oR9AiqrqadsO0WMNWwYdMUFshY3EZLWgdWVcH6JyxD02E/IJ
+tPtZrhIGMADuJWbTj0abQUIxAuYrBm2Vf/+qgY9gKxJcHIZ3nKfrJc100WOILR8P
+3Ok2WLprASSLiOEkTJ0nvViTtsbgy4DRRhytGNzFEedj50/yRltkb9gdXuVNbmUV
+M7p9YkY4VkF2m43k6sxGXuoAFxAVCLriAGzHLifWkX/xRuxsh93osNhUsg9sMWRd
+bgX5Vcmyr2xhe2UEiQp6glQ6DQg7gofi19jes2iKaw7eMG3pelBvmUKqboARI4Ga
+i8blKaBWZvdmZMBOJ6fx322T+Ii7vvAlCmnWLBxboF5GJ/KiE0i2vrdLTxwI0IZN
+EHFxgfJF3rlLtuvRD8cW1VId9wyOPWPMi/olgE+FdRVlg7+w35cAb9c7Na52c+jj
+G2pxqHgjFoSsofY/iWZ13OQvn6RFUncRS/b+QFz6c2Tp5shMwU+i4BXiuwSj8AvB
+oWfEij7UBpi9o2x4qG3hAeJWM3mg4Nr9MRdv82eEf3tuAPidfXCne/GEN+aIRYeG
+niBZS+kDXtvFgsixGtCU60T4/IXf7FDTWbZ5lN5o0vD6BClReubGd0cYbHTtH7ax
+k4/BAM/PF7dT0sR0zNCd2I7Zkub/CF0+HDAcP94vgV1EcB4XdL7inaZXPTntDRmu
+IZHTVm3satJBt34tAhML1Xqvb8ck02/rhQRdjqWcAOk7gGfKJUwewoH4T558R9uW
+HHEOYCzXy8ckqiDZxJVJ67iZgrCOadWJWtEQPsr1QFxdxuO1J31u50Zzv/nJlrPb
+bmm7fUwszWLX+sM0RGoenvdphicht4gmalMade8N05XzEoOIGth8jYQqFw3s8BKJ
+uZGDC706f0VAGo1dVOvGcNeEOPC3keXkMABbzHFVEzAjH3kfr4rKNCrMx+2Vr/qc
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/encrypted_des.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUHQzJgyMCU0MIRFQe/tf7VKuisH8wDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTAxMFoXDTI0MTIwNzEyMTAx
+MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+APJeOzK15pLZ1c3dyCJpNw2Uupj0LrFXmoOT5beHgdvD9JY49lgdISSU8utJHoNw
+pTZx4akFd1WylBO8TRoqCvsCAwEAATANBgkqhkiG9w0BAQsFAANBAL1WWmNOIyms
+1I+bW2bnljtomnwEIAto6eLjjikZf/96hUghYFrRSO21rE2R5HxVyrGTz8G4N3Qv
+vqHZ0vqwxVc=
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted_des.key

@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,C64C0A139C862F09
+
+fObfzXEWxU9j6m2ijcVE2DngVLwTGmXo9G5Se8LjHTRhIwexPayiPoZs/rspeIrE
+1UPG5UONa7AmzK/YFjcvhhslyY+xK0Vd68Z/eZvXI7ZlyO+AVxFb/JcxGXgOC7wr
+hEBFoM+h27Y2S+zQZjKms4vD5gxfbaQqabvqXLQgD/m7eXUtI8Nizcevm2fXREDE
+WmBOeD+KUj2IQtFsDGtuKDBnJGCR7oDQ0iynaf1sR0Ebvyx3LrkEDSPVGS8kO1Gl
+ahiwNnwPp3YTAqyV8l2TctFFAH5ozvsDsSB3IttiqrenKkyqjtnCTTUzYfS+hz7O
+L5/FBAEzOydup+2ofWbPLPKa/PNWHQ+eiHJihmpa+LOiVrWmTLp2KatsX0rdHwm5
+cywEoFCgpOmb+WErZ3cmAf8NaF15iEm/X7xUiiDDuts=
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/encrypted_seed.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFH04gu3GFNPDed+cRH4XlfdiqmdoMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMTIzNDVaFw0yNDEyMDcxMTIz
+NDVaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANf8mFL9tkqzYXonDcjw5vZKQfmNenmZisBHo6Vsi2x76bnoL7Un
+fn5vhpgZiPHX9hdfJGz/69JOrp2GwCtl5CCkxhPZquN4Qh0WJKosh/uc2mB8FFnw
+5qbEHDteixsx62IC6a9ckCTZHp3EVHJUfsAuNFgA3bXwmC9/slXcnRUYbZSVI3iK
+hobK3CmtuzsZvi0len1X6QJsY+O994RkUtccE27ZEE7ss/h3tklj8SB57EH+L+wT
+Y8RRsCBp/Uw+LtNsKGLU1D7F8xZ+/cwDNVwxCBEDnXqxq3tP/OpIuW2DOxteXbld
+R7qPe99xH8z4fgYqXONzlpWqqsl7l3ARxOcCAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAHTVVtumbGuR2s8SXKx+mmmHC7Mc0VJOMDAUZZL9x8/ilB4+i8H/akB8jj/m3
+Kz+84QSUzP/PA6pzA+nWtoofFhJkg9Cz4chychyTrJYk7KXDmr1oJtZRBdOUf6Jb
+AiZ8oFd5BK5s06aPbNPcD4LHYdhbizI0tERX7IOIT+GnLqzwWEqUMIMWVrF2hLOT
+PIU+E2Be8gV7M5CdYRhGA05zhhs686c5au/z/o/4eNAtm6/y+/q3veUU9GH7O1s7
+X70iApYnexB+AbRlLah/1Eq/bKLfgxdvDJlyXlsTXV0ig0D9btFRZeeYMaVpW8iT
+RCHtMk7HpYi+822MDJUKltQKzQ==
+-----END CERTIFICATE-----

data/spec/fixtures/encrypted_seed.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: SEED-CBC,C83A6ABB19E102763677F0502883E0AE
+
+SPFBownCKM7EbFdOV9KdEtc+MmLwJRUM0UcA8X6Zhjd4xK0UP2jDlQ92W2Cvetbe
+8B8E5wSTxZMO43MXxF0HFHS2/1wi98XcDWQfpDRYYCzmjKm7vV+qkwQ962DvD/x2
+eXAfduAY8mPl97HX+inSX7M0/+Lz7uIMEGuihLNuyaAaLD3tOUxjb69/rxsDjWHD
+LElQgQotpdZsvd06xwowdqxYMMq8B+fwwiemZLD5W0eEtBnu43Jlv02COegYeZDm
+o4pApPsyjQ9pv+LFMl4A+k8NrVc87+GU67aFetOR7ojksxSQ/zq7ZdHQic7NhbiK
+Ad/EHQwu1PhXk+clFIZhDvkiyjAyWwbCwOm7F3AK7B2ZioIfQ4Fokoj1hbgXk57G
+YjuY4zTJj9zr02wToOYJ4gpVRT7hrG3NtSeEYny5102CaMyTUejv5833o0b9P/sp
++3O5nk+wR+4H6ELwVq3JnMz6yWkccsjQ7wAEhbc3WVLd0OAqL/9fPusDg6LM+n3W
+IbDmkKYwoUWQBn5KcXUHLRncj4Cpupn/bAsGcHoNqHTidu8sictHQ3iVfrDJpKfb
+VRkpPdarQGkPJ/f7WMS1crxsuPy88NZ6KBwNAjp2E/ZJk0XwWUn1KWcq7Do7rGzv
+cbl6Q2I2ySA/Uzj+pgup2CQi75kCqHTXHlxCE8/5lR7UOPUvDJP/ODMO+h64kWmB
+JcIXVp68cBqLzkbQgg5oiJ34XWXTdcQYK/ljJjRBzh2pTlBhTKabOARYdKaSfG7L
+7KitHI9c9Dhqa0Uhw1/4KPVOaPTa/futBi82x7hrvBsYZKySpseWCW0xERNr0QFX
+5mbM3nnP4aFpNU9wtjgEZEjd7BB+kI9nd7M5BdQWHveAsP6dWPyHYJUSLh6JdQkv
+ti34Ae62sC/iPi2TPlK69nTscUJnOnisMGzhlcUQniweHII9VKytpqfTR7rBPRpB
+Pn4fLAd0hyuhzUUCQwKO1pCcFzv04RuHJXdzTt8MJZzGMyNS4MqxTb0/CABGvF3R
+vUorxeL5jZKNnRG6CegtC4LAFx1rhtMyoEjGftY+sSyLr20R6kjKbxPBxbMaZ1AL
+8/tYF+vrh6HuoNk+mk79sb2vFVbyAluzSkXzq8An9kaiDG8QARRtW047BU9UY5sy
+Gww+e8PNCoAIEJLE2BOLqIiCa911lyA8kfNU8CQtEc9sQZSV8sphlgCtb12DMplH
+7LVAloMODaFiuXscn4Y8gSP3Oa6QYmgfk2ramrh1RdQWORIkq1+fNCVIbZlK7tTb
+TyjrJI9xtU/XoYk0ZIkl274Ku5JPUgZPHL5Zq0SLZhCcGfWeww2fCOwtOaRMPZ67
+CtL0W0UfTGO1bWRoOVKJifqTdYHL9xRLxdT7o946TAjSrYpZnYOg57ldo+9z9Gze
+Ikoxs6OtJi6r39bLXYuLQk2yyhH6y7qCplQDQfFcLWtVGJ/XU5I3J096Fns3/Nbw
+QpHuAyCjhc6h99blQKZDu3/NaIppOwLliLBvNUdii9fMwIBokLFcvt6voYKX6Qw7
+gSD9nQx4X/yJj6zs9B/m9IgNX7lOBaYmtUTeSY4qtkOHFIy8JBuC3yWyeXvDJlQm
+-----END RSA PRIVATE KEY-----

data/spec/fixtures/small.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUWcThKSs0itRx3SVjfBeLTRx8RwMwDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTUxN1oXDTI0MTIwNzEyMTUx
+N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+AMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40vpAZ3WIttq1x
+Gb4+fF81/jDuodfFgu2zm3cCAwEAATANBgkqhkiG9w0BAQsFAANBAHByJqZFOPFr
+OE0BRv7KCd0IMNbVzr99de74jZKx7qBK8soV4ZAUsVX/+Qldtta2+q2WXaMEKHXS
+7xpnYQjSkNs=
+-----END CERTIFICATE-----

data/spec/fixtures/small.key

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40
+vpAZ3WIttq1xGb4+fF81/jDuodfFgu2zm3cCAwEAAQJBALigAUhN5fXuN4xVvxBC
+O3BU0jJbODxt9E8GTzBvJRrRKLVv8eLF7IubPPh+CW2D32JMSj8XZLBjkjj6y5P5
+p8ECIQD9mZbe5iT4SowhlGO0YqyxnN2C1Id+CloUmIoOyNDR0QIhAM3s/uGpjxvD
+6zdJQds5tp4WpFhrQzs5lAf7wFUrRuLHAiByc0OEmycqKzKs4PRSb4nyqpHJvrLb
+bj6TNvhvja+4UQIgCSf6hUomxNNHSCQHu5mrVwgmso/CY4XB4UD+YksUUc0CIAIm
+cjJtX/A4DdaSMwdNp8q8f8MrppQjErltD80oRpxv
+-----END RSA PRIVATE KEY-----

data/spec/inputs/tcp_spec.rb

@@ -15,9 +15,11 @@ java_import "io.netty.handler.ssl.util.SelfSignedCertificate"
 
 require_relative "../spec_helper"
 
+require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
+
 #Cabin::Channel.get(LogStash).subscribe(STDOUT)
 #Cabin::Channel.get(LogStash).level = :debug
-describe LogStash::Inputs::Tcp do
+describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
 
   def get_port
     begin
@@ -52,160 +54,176 @@ describe LogStash::Inputs::Tcp do
     end
   end
 
-  it "should read plain with unicode" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
+  ecs_compatibility_matrix(:disabled,:v1, :v8 => :v1) do |ecs_select|
+    before(:each) do
+      allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+    end
+
+    it "should read plain with unicode" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+          }
         }
-      }
-    CONFIG
+      CONFIG
+
+      host = 'localhost'
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new(host, port) }
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-    host = 'localhost'
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new(host, port) }
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
-        socket.flush
+        event_count.times.collect {queue.pop}
       end
-      socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      event_count.times do |i|
+        event = events[i]
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      event = events[i]
-      insist { event.get("message") } == "#{i} ☹"
-      insist { ["localhost","ip6-localhost"].includes? event.get("host") }
-      insist { event.get("[@metadata][ip_address]") } == '127.0.0.1'
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host", v1: "[@metadata][input][tcp][source][name]"])).to eq("localhost").or eq("ip6-localhost")
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"])).to eq('127.0.0.1')
+        end
+      end
     end
-  end
 
-  it "should handle PROXY protocol v1 connections" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          proxy_protocol => true
-          port => '#{port}'
+    it "should handle PROXY protocol v1 connections" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            proxy_protocol => true
+            port => '#{port}'
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
-      socket.flush
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
         socket.flush
-      end
-      socket.close
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+        event_count.times.collect {queue.pop}
+      end
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      insist { events[i].get("message") } == "#{i} ☹"
-      insist { events[i].get("host") } == "1.2.3.4"
-      insist { events[i].get("port") } == "1234"
-      insist { events[i].get("proxy_host") } == "5.6.7.8"
-      insist { events[i].get("proxy_port") } == "5678"
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      events.each_with_index do |event, i|
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "port",                    v1: "[@metadata][input][tcp][source][port]"])).to eq('1234')
+          expect(event.get(ecs_select[disabled: "proxy_host",              v1: "[@metadata][input][tcp][proxy][ip]"  ])).to eq('5.6.7.8')
+          expect(event.get(ecs_select[disabled: "proxy_port",              v1: "[@metadata][input][tcp][proxy][port]"  ])).to eq('5678')
+        end
+      end
     end
-  end
 
-  it "should read events with plain codec and ISO-8859-1 charset" do
-    charset = "ISO-8859-1"
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => plain { charset => "#{charset}" }
+    it "should read events with json codec" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world",
+        "foo" => [1,2,3],
+        "baz" => { "1" => "2" },
+        "host" => "example host"
       }
-    CONFIG
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
-      text.force_encoding("ISO-8859-1")
-      socket.puts(text)
-      socket.close
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-      queue.pop
-    end
+        queue.pop
+      end
 
-    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
-    insist { event.get("message").size } == 1
-    insist { event.get("message").bytesize } == 2
-    insist { event.get("message") } == "£"
-  end
+      insist { event.get("hello") } == data["hello"]
+      insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
+      insist { event.get("baz") } == data["baz"]
 
-  it "should read events with json codec" do
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+      # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
+      # if present, instead of providing its own
+      insist { event.get("host") } == data["host"]
+    end
+
+    it "should read events with json codec (testing 'host' handling)" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world"
       }
-    CONFIG
 
-    data = {
-      "hello" => "world",
-      "foo" => [1,2,3],
-      "baz" => { "1" => "2" },
-      "host" => "example host"
-    }
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
-      socket.close
+        queue.pop
+      end
 
-      queue.pop
+      aggregate_failures("event") do
+        expect(event.get("hello")).to eq(data["hello"])
+        expect(event).to include(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])
+        expect(event).to include(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])
+      end
     end
-
-    insist { event.get("hello") } == data["hello"]
-    insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
-    insist { event.get("baz") } == data["baz"]
-
-    # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
-    # if present, instead of providing its own
-    insist { event.get("host") } == data["host"]
   end
 
-  it "should read events with json codec (testing 'host' handling)" do
+  it "should read events with plain codec and ISO-8859-1 charset" do
+    charset = "ISO-8859-1"
     conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+        input {
+          tcp {
+            port => #{port}
+            codec => plain { charset => "#{charset}" }
+          }
         }
-      }
     CONFIG
 
-    data = {
-      "hello" => "world"
-    }
-
     event = input(conf) do |pipeline, queue|
       socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
+      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
+      text.force_encoding("ISO-8859-1")
+      socket.puts(text)
       socket.close
 
       queue.pop
     end
 
-    insist { event.get("hello") } == data["hello"]
-    insist { event }.include?("host")
+    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
+    aggregate_failures("event") do
+      expect(event.get("message")).to have_attributes(size: 1, bytesize: 2, encoding: Encoding.find("UTF-8"))
+      expect(event.get("message")).to eq("£")
+    end
   end
 
   it "should read events with json_lines codec" do
@@ -411,6 +429,115 @@ describe LogStash::Inputs::Tcp do
             expect { subject.register }.to_not raise_error
           end
         end
+
+        context "encrypted (AES-156) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_aes256.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_aes256.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (SEED) key" do # algorithm not supported by Sun provider
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_seed.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_seed.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            pending # newer BC should be able to read this
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (DES) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_des.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_des.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted PKCS#8 key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs8.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs8.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        # NOTE: only BC provider can read the legacy (OpenSSL) format
+        context "encrypted PKCS#5 v1.5 key" do # openssl pkcs8 -topk8 -v1 PBE-MD5-DES
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs5v15.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs5v15.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "small (legacy) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/small.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/small.key', File.dirname(__FILE__)),
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
       end
     end
 

data/version

@@ -1 +1 @@
-6.1.0
+6.2.2

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-tcp
 version: !ruby/object:Gem::Version
-  version: 6.1.0
+  version: 6.2.2
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-17 00:00:00.000000000 Z
+date: 2021-11-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  name: logstash-mixin-ecs_compatibility_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -50,9 +64,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.10.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '0.12'
   name: jruby-openssl
   prerelease: false
   type: :runtime
@@ -61,9 +72,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.10.2
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '0.12'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -209,9 +217,21 @@ files:
 - lib/logstash/inputs/tcp.rb
 - lib/logstash/inputs/tcp/decoder_impl.rb
 - logstash-input-tcp.gemspec
+- spec/fixtures/encrypted-pkcs5v15.crt
+- spec/fixtures/encrypted-pkcs5v15.key
+- spec/fixtures/encrypted-pkcs8.crt
+- spec/fixtures/encrypted-pkcs8.key
+- spec/fixtures/encrypted_aes256.crt
+- spec/fixtures/encrypted_aes256.key
+- spec/fixtures/encrypted_des.crt
+- spec/fixtures/encrypted_des.key
+- spec/fixtures/encrypted_seed.crt
+- spec/fixtures/encrypted_seed.key
+- spec/fixtures/small.crt
+- spec/fixtures/small.key
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb
-- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.1.0/logstash-input-tcp-6.1.0.jar
+- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.2.2/logstash-input-tcp-6.2.2.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
@@ -235,11 +255,22 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Reads events from a TCP socket
 test_files:
+- spec/fixtures/encrypted-pkcs5v15.crt
+- spec/fixtures/encrypted-pkcs5v15.key
+- spec/fixtures/encrypted-pkcs8.crt
+- spec/fixtures/encrypted-pkcs8.key
+- spec/fixtures/encrypted_aes256.crt
+- spec/fixtures/encrypted_aes256.key
+- spec/fixtures/encrypted_des.crt
+- spec/fixtures/encrypted_des.key
+- spec/fixtures/encrypted_seed.crt
+- spec/fixtures/encrypted_seed.key
+- spec/fixtures/small.crt
+- spec/fixtures/small.key
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb