logstash-input-tcp 6.3.0-java → 6.3.1-java

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/inputs/tcp/decoder_impl.rb +17 -5
  4. data/lib/logstash/inputs/tcp.rb +12 -8
  5. data/lib/logstash-input-tcp_jars.rb +1 -1
  6. data/spec/inputs/tcp_spec.rb +37 -2
  7. data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.1/logstash-input-tcp-6.3.1.jar +0 -0
  8. data/version +1 -1
  9. metadata +3 -3
  10. data/vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.0/logstash-input-tcp-6.3.0.jar +0 -0
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f018798315cfe0b020a135261fd6145a2854fe8d432bec36b69168e72b21a226
4
- data.tar.gz: 1c38f5e86c898ffe936a7970cbb50fe3b8ce2fe0e7ec0d8f9d99dabd13fd0046
3
+ metadata.gz: 2fb789cdfaf2019169729724b4ab5f0f330d7a136594310a5f823f90d59b807c
4
+ data.tar.gz: f385f458414136970b159cc1f4e20ff053da79ac55c9358a30e35a741969de0b
5
5
  SHA512:
6
- metadata.gz: df77c83316a7c9793b34ca0efeb16efa83ca53b3c59b1edbf53223a801e0dea865efbad074598d47013547f0beced6565cef49a109e13beb98c19859cbafa6c3
7
- data.tar.gz: cf3e87359d1666fb6bbc6b42a595bf303714f19bd2cba77a4dc608c0d240b8d57bf9fdd59e38bb5ec4e1ccbc5996c42d0e92b2f99e5c06cd071eea8a10f0ae98
6
+ metadata.gz: 990b51998a4229fd5638083df9ab64daad5dc5a1cf98f6d78fbd3b2e53cce22a8c2ecc0ee61afce2577901b9d68ded2fd27fe34504d92c1f03ee7efef7e885b7
7
+ data.tar.gz: 8495257bef6b00b3fd06e7bd8d5981adf688d268c531c10f9ae8bf24126f1a367e030d2622dd3a0a0b707b066e822bbc31628bc4f22d184494ceeb78e2987de4
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 6.3.1
2
+ - Fixes a regression in which the ssl_subject was missing for SSL-secured connections in server mode [#199](https://github.com/logstash-plugins/logstash-input-tcp/pull/199)
3
+
1
4
  ## 6.3.0
2
5
  - Feat: ssl_supported_protocols (TLSv1.3) + ssl_cipher_suites [#198](https://github.com/logstash-plugins/logstash-input-tcp/pull/198)
3
6
 
data/lib/logstash/inputs/tcp/decoder_impl.rb CHANGED
@@ -11,16 +11,17 @@ class LogStash::Inputs::Tcp::DecoderImpl
11
11
  @first_read = true
12
12
  end
13
13
 
14
- def decode(channel_addr, data)
14
+ def decode(ctx, data)
15
+ channel = ctx.channel()
15
16
  bytes = Java::byte[data.readableBytes].new
16
17
  data.getBytes(0, bytes)
17
18
  data.release
18
19
  tbuf = String.from_java_bytes bytes, "ASCII-8BIT"
19
20
  if @first_read
20
- tbuf = init_first_read(channel_addr, tbuf)
21
+ tbuf = init_first_read(channel, tbuf)
21
22
  end
22
23
  @tcp.decode_buffer(@ip_address, @address, @port, @codec,
23
- @proxy_address, @proxy_port, tbuf, nil)
24
+ @proxy_address, @proxy_port, tbuf, @sslsubject)
24
25
  end
25
26
 
26
27
  def copy
@@ -28,11 +29,12 @@ class LogStash::Inputs::Tcp::DecoderImpl
28
29
  end
29
30
 
30
31
  def flush
31
- @tcp.flush_codec(@codec, @ip_address, @address, @port, nil)
32
+ @tcp.flush_codec(@codec, @ip_address, @address, @port, @sslsubject)
32
33
  end
33
34
 
34
35
  private
35
- def init_first_read(channel_addr, received)
36
+ def init_first_read(channel, received)
37
+ channel_addr = channel.remoteAddress()
36
38
  if @tcp.proxy_protocol
37
39
  pp_hdr, filtered = received.split("\r\n", 2)
38
40
  pp_info = pp_hdr.split(/\s/)
@@ -53,10 +55,20 @@ class LogStash::Inputs::Tcp::DecoderImpl
53
55
  @address = extract_host_name(channel_addr) # name _or_ address of sender
54
56
  @port = channel_addr.get_port # outgoing port of sender (probably random)
55
57
  end
58
+ @sslsubject = extract_sslsubject(channel)
56
59
  @first_read = false
57
60
  filtered
58
61
  end
59
62
 
63
+ private
64
+ def extract_sslsubject(channel)
65
+ return nil unless @tcp.ssl_enable && @tcp.ssl_verify
66
+
67
+ channel.pipeline().get("ssl-handler").engine().getSession().getPeerPrincipal().getName()
68
+ rescue Exception => e
69
+ nil
70
+ end
71
+
60
72
  private
61
73
  def extract_host_name(channel_addr)
62
74
  channel_addr = java.net.InetSocketAddress.new(channel_addr, 0) if channel_addr.kind_of?(String)
data/lib/logstash/inputs/tcp.rb CHANGED
@@ -190,19 +190,19 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
190
190
  end
191
191
 
192
192
  def decode_buffer(client_ip_address, client_address, client_port, codec, proxy_address,
193
- proxy_port, tbuf, socket)
193
+ proxy_port, tbuf, ssl_subject)
194
194
  codec.decode(tbuf) do |event|
195
195
  if @proxy_protocol
196
196
  event.set(@field_proxy_host, proxy_address) unless event.get(@field_proxy_host)
197
197
  event.set(@field_proxy_port, proxy_port) unless event.get(@field_proxy_port)
198
198
  end
199
- enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
199
+ enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
200
200
  end
201
201
  end
202
202
 
203
- def flush_codec(codec, client_ip_address, client_address, client_port, socket)
203
+ def flush_codec(codec, client_ip_address, client_address, client_port, ssl_subject)
204
204
  codec.flush do |event|
205
- enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
205
+ enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
206
206
  end
207
207
  end
208
208
 
@@ -222,10 +222,14 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
222
222
  client_socket.close rescue nil
223
223
  end
224
224
 
225
+ # only called in client mode
225
226
  def handle_socket(socket)
226
227
  client_address = socket.peeraddr[3]
227
228
  client_ip_address = socket.peeraddr[2]
228
229
  client_port = socket.peeraddr[1]
230
+
231
+ # Client mode sslsubject extraction, server mode happens in DecoderImpl#decode
232
+ ssl_subject = socket.peer_cert.subject.to_s if @ssl_enable && @ssl_verify
229
233
  peer = "#{client_address}:#{client_port}"
230
234
  first_read = true
231
235
  codec = @codec.clone
@@ -249,7 +253,7 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
249
253
  end
250
254
  end
251
255
  decode_buffer(client_ip_address, client_address, client_port, codec, proxy_address,
252
- proxy_port, tbuf, socket)
256
+ proxy_port, tbuf, ssl_subject)
253
257
  end
254
258
  rescue EOFError
255
259
  @logger.debug? && @logger.debug("Connection closed", :client => peer)
@@ -263,14 +267,14 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
263
267
  ensure
264
268
  # catch all rescue nil on close to discard any close errors or invalid socket
265
269
  socket.close rescue nil
266
- flush_codec(codec, client_ip_address, client_address, client_port, socket)
270
+ flush_codec(codec, client_ip_address, client_address, client_port, ssl_subject)
267
271
  end
268
272
 
269
- def enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
273
+ def enqueue_decorated(event, client_ip_address, client_address, client_port, ssl_subject)
270
274
  event.set(@field_host, client_address) unless event.get(@field_host)
271
275
  event.set(@field_host_ip, client_ip_address) unless event.get(@field_host_ip)
272
276
  event.set(@field_port, client_port) unless event.get(@field_port)
273
- event.set(@field_sslsubject, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(@field_sslsubject).nil?
277
+ event.set(@field_sslsubject, ssl_subject) unless ssl_subject.nil? || event.get(@field_sslsubject)
274
278
  decorate(event)
275
279
  @output_queue << event
276
280
  end
data/lib/logstash-input-tcp_jars.rb CHANGED
@@ -4,4 +4,4 @@ require 'jar_dependencies'
4
4
  require_jar('io.netty', 'netty-all', '4.1.65.Final')
5
5
  require_jar('commons-io', 'commons-io', '2.8.0')
6
6
 
7
- require_jar('org.logstash.inputs', 'logstash-input-tcp', '6.3.0')
7
+ require_jar('org.logstash.inputs', 'logstash-input-tcp', '6.3.1')
data/spec/inputs/tcp_spec.rb CHANGED
@@ -541,7 +541,7 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
541
541
  end
542
542
  end
543
543
 
544
- describe "#receive" do
544
+ describe "#receive", :ecs_compatibility_support do
545
545
  shared_examples "receiving events" do
546
546
  # TODO(sissel): Implement normal event-receipt tests as as a shared example
547
547
  end
@@ -549,7 +549,10 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
549
549
  context "when ssl_enable is true" do
550
550
  let(:input) { subject }
551
551
  let(:queue) { Queue.new }
552
- before(:each) { subject.register }
552
+ before(:each) do
553
+ allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility) if defined?(ecs_compatibility)
554
+ subject.register
555
+ end
553
556
 
554
557
  context "when using a certificate chain" do
555
558
  chain_of_certificates = TcpHelpers.new.chain_of_certificates
@@ -651,6 +654,38 @@ describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
651
654
  end
652
655
  end
653
656
 
657
+ context "with a regular TLS setup" do
658
+ let(:config) do
659
+ {
660
+ "host" => "127.0.0.1",
661
+ "port" => port,
662
+ "ssl_enable" => true,
663
+ "ssl_cert" => chain_of_certificates[:b_cert].path,
664
+ "ssl_key" => chain_of_certificates[:b_key].path,
665
+ "ssl_extra_chain_certs" => [ chain_of_certificates[:a_cert].path ],
666
+ "ssl_certificate_authorities" => [ chain_of_certificates[:root_ca].path ],
667
+ "ssl_verify" => true
668
+ }
669
+ end
670
+
671
+ ecs_compatibility_matrix(:disabled,:v1, :v8 => :v1) do |ecs_select|
672
+ it "extracts the TLS subject from connections" do
673
+ result = TcpHelpers.pipelineless_input(subject, 1) do
674
+ sslsocket.connect
675
+ sslsocket.write("#{message}\n")
676
+ tcp.flush
677
+ sslsocket.close
678
+ tcp.close
679
+ end
680
+ expect(result.size).to eq(1)
681
+ event = result.first
682
+
683
+ ssl_subject_field = ecs_select[disabled: 'sslsubject', v1:'[@metadata][input][tcp][tls][client][subject]']
684
+ expect(event.get(ssl_subject_field)).to eq("CN=RubyAA_Cert,DC=ruby-lang,DC=org")
685
+ end
686
+ end
687
+ end
688
+
654
689
  context "with enforced protocol version" do
655
690
  let(:config) do
656
691
  base_config.merge 'ssl_supported_protocols' => [ tls_version ]
data/version CHANGED
@@ -1 +1 @@
1
- 6.3.0
1
+ 6.3.1
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-tcp
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.3.0
4
+ version: 6.3.1
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-06-06 00:00:00.000000000 Z
11
+ date: 2022-10-12 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -233,7 +233,7 @@ files:
233
233
  - spec/spec_helper.rb
234
234
  - vendor/jar-dependencies/commons-io/commons-io/2.8.0/commons-io-2.8.0.jar
235
235
  - vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
236
- - vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.0/logstash-input-tcp-6.3.0.jar
236
+ - vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.3.1/logstash-input-tcp-6.3.1.jar
237
237
  - version
238
238
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
239
239
  licenses: