Identification algorithm

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 6.4.3
+  - Fix: provide SSL engine with advisory peer and algorithm information [#458](https://github.com/logstash-plugins/logstash-input-beats/issues/458)
+
 ## 6.4.2
   - Build: do not package jackson dependencies [#455](https://github.com/logstash-plugins/logstash-input-beats/pull/455)
 

VERSION

@@ -1 +1 @@
-6.4.2
+6.4.3

build.gradle

@@ -13,18 +13,18 @@ description = "Beats/Lumberjack Netty implementation"
 sourceCompatibility = 1.8
 targetCompatibility = 1.8
 
-String jacksonVersion = '2.13.3'
-String jacksonDatabindVersion = '2.13.3'
+String jacksonVersion = '2.14.0'
+String jacksonDatabindVersion = '2.14.0'
 
 repositories {
     mavenCentral()
 }
 
 dependencies {
-    testImplementation 'junit:junit:4.12'
+    testImplementation 'junit:junit:4.13.1'
     testImplementation 'org.hamcrest:hamcrest-library:1.3'
-    testImplementation 'org.apache.logging.log4j:log4j-core:2.17.0'
-    implementation 'io.netty:netty-all:4.1.65.Final'
+    testImplementation 'org.apache.logging.log4j:log4j-core:2.17.1'
+    implementation 'io.netty:netty-all:4.1.68.Final'
     implementation 'org.javassist:javassist:3.24.0-GA'
     testImplementation "com.fasterxml.jackson.core:jackson-core:${jacksonVersion}"
     testImplementation "com.fasterxml.jackson.core:jackson-annotations:${jacksonVersion}"
@@ -64,9 +64,12 @@ task generateGemJarRequiresFile {
             jars_file.newWriter().withWriter { w ->
                 w << "# AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.\n\n"
                     w << "require \'jar_dependencies\'\n"
-                    configurations.runtimeClasspath.allDependencies.each {
-                        w << "require_jar(\'${it.group}\', \'${it.name}\', \'${it.version}\')\n"
-                    }
+                    configurations.runtimeClasspath.resolvedConfiguration.resolvedArtifacts
+                            .collect {it.owner}
+                            .sort { it.group }
+                            .each {
+                                w << "require_jar(\'${it.group}\', \'${it.name}\', \'${it.version}\')\n"
+                            }
                 w << "require_jar(\'${project.group}\', \'${project.name}\', \'${project.version}\')\n"
             }
     }
@@ -75,13 +78,14 @@ task generateGemJarRequiresFile {
 task vendor {
     doLast {
         String vendorPathPrefix = "vendor/jar-dependencies"
-            configurations.runtimeClasspath.allDependencies.each { dep ->
-                File f = configurations.runtimeClasspath.filter { it.absolutePath.contains("${dep.group}/${dep.name}/${dep.version}") }.singleFile
-                    String groupPath = dep.group.replaceAll('\\.', '/')
-                    File newJarFile = file("${vendorPathPrefix}/${groupPath}/${dep.name}/${dep.version}/${dep.name}-${dep.version}.jar")
-                    newJarFile.mkdirs()
-                    Files.copy(f.toPath(), newJarFile.toPath(), REPLACE_EXISTING)
-            }
+        configurations.runtimeClasspath.resolvedConfiguration.resolvedArtifacts.each { artifact ->
+            ModuleVersionIdentifier dep = artifact.owner
+            File f = artifact.file
+            String groupPath = dep.group.replaceAll('\\.', '/')
+            File newJarFile = file("${vendorPathPrefix}/${groupPath}/${dep.name}/${dep.version}/${dep.name}-${dep.version}.jar")
+            newJarFile.mkdirs()
+            Files.copy(f.toPath(), newJarFile.toPath(), REPLACE_EXISTING)
+        }
         String projectGroupPath = project.group.replaceAll('\\.', '/')
             File projectJarFile = file("${vendorPathPrefix}/${projectGroupPath}/${project.name}/${project.version}/${project.name}-${project.version}.jar")
             projectJarFile.mkdirs()

src/main/java/org/logstash/netty/SslHandlerProvider.java

@@ -4,6 +4,10 @@
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslHandler;
 
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import java.net.InetSocketAddress;
+
 public class SslHandlerProvider {
 
     private final SslContext sslContext;
@@ -14,9 +18,20 @@ public SslHandlerProvider(SslContext context, int sslHandshakeTimeoutMillis){
         this.sslHandshakeTimeoutMillis = sslHandshakeTimeoutMillis;
     }
 
-    public SslHandler sslHandlerForChannel(final SocketChannel socket) {
-        SslHandler handler =  sslContext.newHandler(socket.alloc());
-        handler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
-        return handler;
+    public SslHandler sslHandlerForChannel(final SocketChannel socketChannel) {
+        final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
+        final String peerHost = remoteAddress.getHostString();
+        final int peerPort = remoteAddress.getPort();
+        final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);
+
+        final SSLEngine engine = sslHandler.engine();
+        engine.setUseClientMode(false);
+
+        final SSLParameters sslParameters = engine.getSSLParameters();
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        engine.setSSLParameters(sslParameters);
+
+        sslHandler.setHandshakeTimeoutMillis(sslHandshakeTimeoutMillis);
+        return sslHandler;
     }
 }