fix: provide ssl engine with advisory peer and algorithm info

CHANGELOG.md

@@ -1,3 +1,6 @@
+## 3.6.1
+ - Fix: provide SSL engine with advisory peer and algorithm information [#159](https://github.com/logstash-plugins/logstash-input-http/issues/159)
+
 ## 3.6.0
  - Feat: review and deprecate ssl protocol/cipher related settings [#151](https://github.com/logstash-plugins/logstash-input-http/pull/151)
 

Rakefile

@@ -6,10 +6,11 @@ end
 
 task :vendor => :install_jars
 
+Rake::Task["test"].clear
 task :test do
   require 'rspec'
   require 'rspec/core/runner'
   Rake::Task[:install_jars].invoke
-  sh './gradlew test'
-  exit(RSpec::Core::Runner.run(Rake::FileList['spec/**/*_spec.rb']))
+  sh(%{./gradlew test}) { |ok,res| exit(res) unless ok }
+  exit(RSpec::Core::Runner.run(%w(--format documentation).concat(Rake::FileList['spec/**/*_spec.rb'])))
 end

VERSION

@@ -1 +1 @@
-3.6.0
+3.6.1

build.gradle

@@ -24,7 +24,7 @@ dependencies {
     testImplementation 'org.hamcrest:hamcrest-library:1.3'
     testImplementation "org.apache.logging.log4j:log4j-core:${log4jVersion}"
 
-    implementation 'io.netty:netty-all:4.1.65.Final'
+    implementation 'io.netty:netty-all:4.1.68.Final'
     compileOnly "org.apache.logging.log4j:log4j-api:${log4jVersion}" // provided by Logstash
 }
 
@@ -51,9 +51,12 @@ task generateGemJarRequiresFile {
             jars_file.newWriter().withWriter { w ->
                 w << "# AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.\n\n"
                     w << "require \'jar_dependencies\'\n"
-                    configurations.runtimeClasspath.allDependencies.each {
-                        w << "require_jar(\'${it.group}\', \'${it.name}\', \'${it.version}\')\n"
-                    }
+                    configurations.runtimeClasspath.resolvedConfiguration.resolvedArtifacts
+                            .collect {it.owner}
+                            .sort { it.group }
+                            .each {
+                                w << "require_jar(\'${it.group}\', \'${it.name}\', \'${it.version}\')\n"
+                            }
                 w << "require_jar(\'${project.group}\', \'${project.name}\', \'${project.version}\')\n"
             }
     }
@@ -62,12 +65,14 @@ task generateGemJarRequiresFile {
 task vendor {
     doLast {
         String vendorPathPrefix = "vendor/jar-dependencies"
-            configurations.runtimeClasspath.allDependencies.each { dep ->
-                File f = configurations.runtimeClasspath.filter { it.absolutePath.contains("${dep.group}/${dep.name}/${dep.version}") }.singleFile
-                    String groupPath = dep.group.replaceAll('\\.', '/')
-                    File newJarFile = file("${vendorPathPrefix}/${groupPath}/${dep.name}/${dep.version}/${dep.name}-${dep.version}.jar")
-                    newJarFile.mkdirs()
-                    Files.copy(f.toPath(), newJarFile.toPath(), REPLACE_EXISTING)
+        configurations.runtimeClasspath.resolvedConfiguration.resolvedArtifacts.each { artifact ->
+                ModuleVersionIdentifier dep = artifact.owner
+                File f = artifact.file
+
+                String groupPath = dep.group.replaceAll('\\.', '/')
+                File newJarFile = file("${vendorPathPrefix}/${groupPath}/${dep.name}/${dep.version}/${dep.name}-${dep.version}.jar")
+                newJarFile.mkdirs()
+                Files.copy(f.toPath(), newJarFile.toPath(), REPLACE_EXISTING)
             }
         String projectGroupPath = project.group.replaceAll('\\.', '/')
             File projectJarFile = file("${vendorPathPrefix}/${projectGroupPath}/${project.name}/${project.version}/${project.name}-${project.version}.jar")

src/main/java/org/logstash/plugins/inputs/http/HttpInitializer.java

@@ -10,6 +10,7 @@
 import io.netty.handler.ssl.SslHandler;
 import org.logstash.plugins.inputs.http.util.SslHandlerProvider;
 
+import java.net.InetSocketAddress;
 import java.util.concurrent.ThreadPoolExecutor;
 
 /**
@@ -34,7 +35,7 @@ protected void initChannel(SocketChannel socketChannel) throws Exception {
         ChannelPipeline pipeline = socketChannel.pipeline();
 
         if(sslHandlerProvider != null) {
-            SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel.alloc());
+            SslHandler sslHandler = sslHandlerProvider.getSslHandler(socketChannel);
             pipeline.addLast(sslHandler);
         }
         pipeline.addLast(new HttpServerCodec());

src/main/java/org/logstash/plugins/inputs/http/util/SslHandlerProvider.java

@@ -1,12 +1,15 @@
 package org.logstash.plugins.inputs.http.util;
 
 import io.netty.buffer.ByteBufAllocator;
+import io.netty.channel.socket.SocketChannel;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslHandler;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
 import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
+import java.net.InetSocketAddress;
 import java.util.Arrays;
 
 public class SslHandlerProvider {
@@ -28,14 +31,20 @@ public SslHandlerProvider(SslContext sslContext) {
         this.sslContext = sslContext;
     }
 
-    public SslHandler getSslHandler(ByteBufAllocator bufferAllocator) {
+    public SslHandler getSslHandler(final SocketChannel socketChannel) {
+        final InetSocketAddress remoteAddress = socketChannel.remoteAddress();
+        final String peerHost = remoteAddress.getHostString();
+        final int peerPort = remoteAddress.getPort();
+        final SslHandler sslHandler = sslContext.newHandler(socketChannel.alloc(), peerHost, peerPort);
 
-        SslHandler sslHandler = sslContext.newHandler(bufferAllocator);
-
-        SSLEngine engine = sslHandler.engine();
+        final SSLEngine engine = sslHandler.engine();
         engine.setEnabledProtocols(protocols);
         engine.setUseClientMode(false);
 
+        final SSLParameters sslParameters = engine.getSSLParameters();
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        engine.setSSLParameters(sslParameters);
+
         if (verifyMode == SslClientVerifyMode.FORCE_PEER) {
             // Explicitly require a client certificate
             engine.setNeedClientAuth(true);