Fix: restore BC provider installation (#181)

With the Ruby -> Java rewrite in #178 we avoided installing the BC provider at runtime.
Unfortunately to be able to decrypt some openssl keys the BC class relies on the fact that the provider is available.

Otherwise reading the key leads to a `PBKDF-OpenSSL SecretKeyFactory not available`

Author: kares

CHANGELOG.md

@@ -1,3 +1,7 @@
+## 6.2.1
+  - Fix: restore logic to add the Bouncy-Castle security provider at runtime [#181](https://github.com/logstash-plugins/logstash-input-tcp/pull/181)
+    - required to properly read encrypted (legacy) OpenSSL PKCS#5v1.5 keys
+
 ## 6.2.0
  - Added ECS Compatibility Mode [#165](https://github.com/logstash-plugins/logstash-input-tcp/pull/165)
    - When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under `[@metadata][input][tcp]` instead of at the root level.

spec/fixtures/encrypted-pkcs5v15.crt

@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICNDCCAZ0CFDeJbri+rGpHPKybNEMIdH/rV8NNMA0GCSqGSIb3DQEBCwUAMFkx
+CzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRl
+cm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4
+MjUxMzAyMzZaFw0yNDEyMDcxMzAyMzZaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQI
+DApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
+v7u9o3mztK8BQ7HiuWs1YJSzpPujs6cYefYDU8AWg6SkDIS/E0SiVoKZmHxcyul+
+t1QEsF3VYEnkKs0jtJQKE6Av0DCMQWA8lXmuEnXI02mDvtL2Kxh4w5x1D5bSRgJP
+Ms9ozN06F5wrMtipUBglwIwQ6HHPywToNMnf5BBZUnECAwEAATANBgkqhkiG9w0B
+AQsFAAOBgQCuh+ytoZKgOEzeLwhfScUvcuDcYJFGkMckO6oUe+/SDTfBN/z5WAhV
+ogBOLOqate4plaP12ZhjE8DUeRy9oN3zKenpskTtXrMz5XH0mclAn8aBig+eOyEj
+1QMDysipE11d1sx1SIXiIMSKtv6kLV/Y+4aId9/AJHxOYMHxebwSQg==
+-----END CERTIFICATE-----

spec/fixtures/encrypted-pkcs5v15.key

@@ -0,0 +1,17 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIICoTAbBgkqhkiG9w0BBQMwDgQI3TfMa5Qd1D8CAggABIICgFjVn88VPNrjBXiF
+Hw5W8yFFwvoeSd/vVkDcGUiNhQy9A3ra/QmktEHvv1d/rGGLSkPypmx9zJuTNGz9
+eJs7TSgIVBsmRG4UtG20qBifG/XVpN1/6pk1Hp9hbIuSBzNIi+EhdhSEty10oZso
+JwrkTbFS4VAk4ivOWcl0O0HQRkGxlSaKmgYNOebvOLqw4/77BN80AOeZHXBGwYNJ
+vRf8Og5PWqR5XmTJLVQxtB4BcBSPCSkECgOBoFfAeaeE6ei0W7V+LDBBHC7Ql0Dl
+rK3KCyvYywd+Ep58jNQRfDsEglgw7jrN2IIaf2jRhfEiPhwbAnEDlQXsMqAIWS/I
+gwj6NaaZObdX8hDVhz/T7MSnK9O8q2JGM6jhhRQZxo4TUlLB1xnwGZ9uQRljshQy
+OmtQ3KuLZvRML9G8nMtd73vdQ3f0cFBIjPG8QblUMOews8tJA2OMpBXEAZf0go25
++lI+rk4RKdHvX9kVGDmKoe/KN3xo23usTjcfodhapHQYPqHc3QOx8XNxtcio1I49
+wnS2xICbiEJfnSOBrrjWIivW0wHZG590ZKJ0FnpKEaXXJ2bV8VEyn+mZ4Ef9ITLk
+9wsOt+68V9xRrsUsvUkkW97POVGZbw0XHf5xZ3ckKiBK41wPuoo2opVc/Qyw+jB0
+cw2Lr/AUzLWZW9w+jmHL1Qr9cydcf2XKBMIoqBFQpJce35bNLTTm8O8K8ZMXEK8g
+WhKLaLRfo4j/pFyuUeHw2pQ7QHRdcYtRHT1GqsQ4AQsXqVYJjwpm1E2ZL001Y+6O
+r/7sJ91jAcv4IwpRS4suaJJydvVQ0qz7xq7B9TvyxZh2f4zbHL+qSe6OQj8Erm1/
+jHkcaB0=
+-----END ENCRYPTED PRIVATE KEY-----

spec/fixtures/encrypted-pkcs8.crt

@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqjCCARMCFCWVL+Vfx2IIr8d2/GMqsmfzPLD/MA0GCSqGSIb3DQEBDQUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMDUyNTRaFw0yNDEyMDcxMDUy
+NTRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA8HAsVcCjcolfzYR0siWOAg+xFG4fIahO6PH2Oi0l3zosa4KX2dlt3nFS
+2PmgG9MNIDfXwI+BoM6QXB7O7Ch/YUhOz4GGDv3ptCjTYWyA9KZBrgLpiBFsCdt+
+DiW7JBbt0OnMJGhVEsZa2Byh3HOxYqkvC2y4fET4OXdj2uX56B0CAwEAATANBgkq
+hkiG9w0BAQ0FAAOBgQAW/tHI3AnyKYsJ9uaqvndUnVTIDHEEPNFE/xMM3mtQiL8f
+qVYPq4V4C1Z5RD2xBI/skPngaZRWmqFrshEz2EccKe8gzdfyGQG89MQAB8QWn4dJ
+bXUcnXO4hcSD4y3SiZYXJYNj37I2qJ2DfYBx7pScGYdjzIr/OJNK5EIGZI1Bvg==
+-----END CERTIFICATE-----

spec/fixtures/encrypted-pkcs8.key

@@ -0,0 +1,18 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIC1DBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIE3AUYJOvgkYCAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECO0VArsmaac3BIICgOpQitrzl0AC
+uV2AD2kgBfOUvTVe9jVJZ2Pvawo7IRxZZQl/7wMHfm6uB666OVSOVfKEa6nXJhBn
+JzJYXJHBqzQwgsoGfg25Y6bSvIU8ydkCzwEf2P93cexFCCDJE1B8p1/lxJViEfOq
+2CujkKgS3YZCet/03qt/ktkx3qBk9dOk6+xCXorUgzjwGL2SzSH7Su1kXoVKTu5/
+TRCPyD552l8kjtyqNngfOu3xcd0+FFF/e/bUe4qX1bpYNza/Cs/AJAoxHhhGag+O
+26bZ/LTbsN56fM95PvytRvomyj2rMGFJtz1j56R7iYujLUZu7XgCkxq0/t/3mWgX
+0VxOy0zvppZO0XRky1uwSLPsaopZlPIN6s61JAJciT0O884Hi4citNA0hskOCnJA
+vyy0lGa9goZh/cJKjr7W6w2ZkkPwMOKI6YMIup7Fo+7pfG2h0EDxCZyK2JWVl2n0
+vyKMUNl3yrqDbxTk0vURz9qMx/q2cY6zK6+gi+uvfjvRM4oz3nCREbuVjykvEAXo
+OhmN69CN6f8QwJ6wF4JNtxwwkHy+70dLoQg/FYKIfSbA3aoxpgXtr/2d/vkZYjya
+zjcaIrM/WEoPLFvieMHrOmlRZhbVI9BVjhrAyTmT+sQV+GJ7GJirJpmn06VHz5Ln
+ZNE4+ZSH4ODf+JQdh+LajyI8wQKfh4YMr498i5qHyw/KnKtbPjevbY25uWvEKzce
+RWv9nt7VsSQhXuR2U85yc6sqFQQ01QM9xUdhcVB9Eu7FvloDrC6pgaFIXy3IVcfH
+AJPiyRBv1bNad9wdh/+O5MyoKrhAI37YfH2fEKMdR2QKBEnCs94mjFPLy2Kc9kww
+eVwJJw/VXbE=
+-----END ENCRYPTED PRIVATE KEY-----

spec/fixtures/encrypted_aes256.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFCbPEM/VXTgCksFOQPoLuv1Td9seMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUwOTM1MDBaFw0yNDEyMDcwOTM1
+MDBaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAOfAL1NL6pXDkpgWNync+LHLWgrrL18gTrpXjaPjmw6HuiX0te6J
+1xYPjg6xYown6/SJeXi7LS0GFvlQGuz9dh2n6OtqpjBgHIXBXLtT8dXQszdZDaGu
+U8iTBnjDYADt206Bqe2q3MpKEz6a3D8fHAE/fR/4FM4HAI77W+Bng2XwFKqLYHQC
+ReKAexjxIExWBh/dvm8tUdvVmWyY/CVABQWucmwRNo+RQqktksiNqZCDHkE6CVgx
+oXS8UUIWfz6EWNT6UkeIWRJSVUUECcgRYOTVgkYWBE/5BDsBK9E7ZNL+gWqy6j6h
+9fSPhK/Xv6XMqdCcOExZsNWFV1j+bt9Wun0CAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEA5ah44LKyb2LHTr1ePeduoXdVPqwuXik7mL/H6/ZGI1zfSFb0JgjQG822K0s1
+3QLT15/lndSt8smHCgMTm12i/bO1cwaM93+jpUbOaVILLnfuDprjVMgiBVfz1bdx
+GBz6ISJXe1xaKLBhurDsy/1dzbISoizVIg5mJ1us5BvvdklMjtQ1ymY5210ZYCsk
+YcKBVW3hJ6hoZTHrNw7tI99CeBSOpfg0UaxUNMIy1D95+m4RU2aIykoYhAGfmX+u
+zZR0I16widielJWXNCnh6gXdoNjOgYS0TuNoSfmX2oF7nsC5N1zfynz+tPvoK0ys
+OMFwnJJ5LrPHbQk/RK907gBf5Q==
+-----END CERTIFICATE-----

spec/fixtures/encrypted_aes256.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: AES-256-CBC,23BAC38304EB81CEE42C61575CA054CE
+
+jR1vKTozeVkx4Nyjb38fj/SSj99MZtboUUHSlUyfDYNgWdhDSli3agFuouxtGoGe
+cWNKcjn73lbxBaAozFGejNo1RQSOaWdKLCXKvvoQTjWg02+9xIL4bQL29Xe4xi7f
+DlsMbcLOrlJZsdAYeL+11vU61yrtIYyPJJFaRh6WLTbVuHH6vUJPYt0Vg77g0L8I
+8tJtAvFSLeMzonu1LGEa/gXHwNT5TlWERybXxD6JzoigmHx4mGFNo9fz4ZyTPjkR
+OWbOZssFDKUeGJVdssRTPYwjaEg8DOUk7JbFTWlRYa7Re/2SEkIte3PrAxJFLFuV
+LZSIR4Vg/cKmpo4BcNNNHmSyymSS4ZAh3GQiztfqHOqAXxfvBsuO3ZHUYPCIhpqw
+KwwkDjJb4dRygDRC5n4os/mdQW/dBVD4OIaghE4lQApOqc3fxOoD9V0SIipbPPv0
+bjaKyt5pEZYyAMrAd3G1UGPQBWcNl2Hu1Shc30uhJZrzthPy/0BTWao0lpA3fIQD
+Pv4weYOc+5tZsKXSuFQc/Y2fLPF9m1GGTAd+YQlfN8JO9I1GKhl1AL/7eC+Usgl4
+ugXPjIgh5/5+qYqiaYE1HlaNrNh2XxcIR9SC7+jgbliBMOeouEPQ0bPQyvz/44cg
+sv3OoIP3F7lqLP/3oR9AiqrqadsO0WMNWwYdMUFshY3EZLWgdWVcH6JyxD02E/IJ
+tPtZrhIGMADuJWbTj0abQUIxAuYrBm2Vf/+qgY9gKxJcHIZ3nKfrJc100WOILR8P
+3Ok2WLprASSLiOEkTJ0nvViTtsbgy4DRRhytGNzFEedj50/yRltkb9gdXuVNbmUV
+M7p9YkY4VkF2m43k6sxGXuoAFxAVCLriAGzHLifWkX/xRuxsh93osNhUsg9sMWRd
+bgX5Vcmyr2xhe2UEiQp6glQ6DQg7gofi19jes2iKaw7eMG3pelBvmUKqboARI4Ga
+i8blKaBWZvdmZMBOJ6fx322T+Ii7vvAlCmnWLBxboF5GJ/KiE0i2vrdLTxwI0IZN
+EHFxgfJF3rlLtuvRD8cW1VId9wyOPWPMi/olgE+FdRVlg7+w35cAb9c7Na52c+jj
+G2pxqHgjFoSsofY/iWZ13OQvn6RFUncRS/b+QFz6c2Tp5shMwU+i4BXiuwSj8AvB
+oWfEij7UBpi9o2x4qG3hAeJWM3mg4Nr9MRdv82eEf3tuAPidfXCne/GEN+aIRYeG
+niBZS+kDXtvFgsixGtCU60T4/IXf7FDTWbZ5lN5o0vD6BClReubGd0cYbHTtH7ax
+k4/BAM/PF7dT0sR0zNCd2I7Zkub/CF0+HDAcP94vgV1EcB4XdL7inaZXPTntDRmu
+IZHTVm3satJBt34tAhML1Xqvb8ck02/rhQRdjqWcAOk7gGfKJUwewoH4T558R9uW
+HHEOYCzXy8ckqiDZxJVJ67iZgrCOadWJWtEQPsr1QFxdxuO1J31u50Zzv/nJlrPb
+bmm7fUwszWLX+sM0RGoenvdphicht4gmalMade8N05XzEoOIGth8jYQqFw3s8BKJ
+uZGDC706f0VAGo1dVOvGcNeEOPC3keXkMABbzHFVEzAjH3kfr4rKNCrMx+2Vr/qc
+-----END RSA PRIVATE KEY-----

spec/fixtures/encrypted_des.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUHQzJgyMCU0MIRFQe/tf7VKuisH8wDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTAxMFoXDTI0MTIwNzEyMTAx
+MFowFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+APJeOzK15pLZ1c3dyCJpNw2Uupj0LrFXmoOT5beHgdvD9JY49lgdISSU8utJHoNw
+pTZx4akFd1WylBO8TRoqCvsCAwEAATANBgkqhkiG9w0BAQsFAANBAL1WWmNOIyms
+1I+bW2bnljtomnwEIAto6eLjjikZf/96hUghYFrRSO21rE2R5HxVyrGTz8G4N3Qv
+vqHZ0vqwxVc=
+-----END CERTIFICATE-----

spec/fixtures/encrypted_des.key

@@ -0,0 +1,12 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: DES-CBC,C64C0A139C862F09
+
+fObfzXEWxU9j6m2ijcVE2DngVLwTGmXo9G5Se8LjHTRhIwexPayiPoZs/rspeIrE
+1UPG5UONa7AmzK/YFjcvhhslyY+xK0Vd68Z/eZvXI7ZlyO+AVxFb/JcxGXgOC7wr
+hEBFoM+h27Y2S+zQZjKms4vD5gxfbaQqabvqXLQgD/m7eXUtI8Nizcevm2fXREDE
+WmBOeD+KUj2IQtFsDGtuKDBnJGCR7oDQ0iynaf1sR0Ebvyx3LrkEDSPVGS8kO1Gl
+ahiwNnwPp3YTAqyV8l2TctFFAH5ozvsDsSB3IttiqrenKkyqjtnCTTUzYfS+hz7O
+L5/FBAEzOydup+2ofWbPLPKa/PNWHQ+eiHJihmpa+LOiVrWmTLp2KatsX0rdHwm5
+cywEoFCgpOmb+WErZ3cmAf8NaF15iEm/X7xUiiDDuts=
+-----END RSA PRIVATE KEY-----

spec/fixtures/encrypted_seed.crt

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICrzCCAZcCFH04gu3GFNPDed+cRH4XlfdiqmdoMA0GCSqGSIb3DQEBCwUAMBQx
+EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA4MjUxMTIzNDVaFw0yNDEyMDcxMTIz
+NDVaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANf8mFL9tkqzYXonDcjw5vZKQfmNenmZisBHo6Vsi2x76bnoL7Un
+fn5vhpgZiPHX9hdfJGz/69JOrp2GwCtl5CCkxhPZquN4Qh0WJKosh/uc2mB8FFnw
+5qbEHDteixsx62IC6a9ckCTZHp3EVHJUfsAuNFgA3bXwmC9/slXcnRUYbZSVI3iK
+hobK3CmtuzsZvi0len1X6QJsY+O994RkUtccE27ZEE7ss/h3tklj8SB57EH+L+wT
+Y8RRsCBp/Uw+LtNsKGLU1D7F8xZ+/cwDNVwxCBEDnXqxq3tP/OpIuW2DOxteXbld
+R7qPe99xH8z4fgYqXONzlpWqqsl7l3ARxOcCAwEAATANBgkqhkiG9w0BAQsFAAOC
+AQEAHTVVtumbGuR2s8SXKx+mmmHC7Mc0VJOMDAUZZL9x8/ilB4+i8H/akB8jj/m3
+Kz+84QSUzP/PA6pzA+nWtoofFhJkg9Cz4chychyTrJYk7KXDmr1oJtZRBdOUf6Jb
+AiZ8oFd5BK5s06aPbNPcD4LHYdhbizI0tERX7IOIT+GnLqzwWEqUMIMWVrF2hLOT
+PIU+E2Be8gV7M5CdYRhGA05zhhs686c5au/z/o/4eNAtm6/y+/q3veUU9GH7O1s7
+X70iApYnexB+AbRlLah/1Eq/bKLfgxdvDJlyXlsTXV0ig0D9btFRZeeYMaVpW8iT
+RCHtMk7HpYi+822MDJUKltQKzQ==
+-----END CERTIFICATE-----

spec/fixtures/encrypted_seed.key

@@ -0,0 +1,30 @@
+-----BEGIN RSA PRIVATE KEY-----
+Proc-Type: 4,ENCRYPTED
+DEK-Info: SEED-CBC,C83A6ABB19E102763677F0502883E0AE
+
+SPFBownCKM7EbFdOV9KdEtc+MmLwJRUM0UcA8X6Zhjd4xK0UP2jDlQ92W2Cvetbe
+8B8E5wSTxZMO43MXxF0HFHS2/1wi98XcDWQfpDRYYCzmjKm7vV+qkwQ962DvD/x2
+eXAfduAY8mPl97HX+inSX7M0/+Lz7uIMEGuihLNuyaAaLD3tOUxjb69/rxsDjWHD
+LElQgQotpdZsvd06xwowdqxYMMq8B+fwwiemZLD5W0eEtBnu43Jlv02COegYeZDm
+o4pApPsyjQ9pv+LFMl4A+k8NrVc87+GU67aFetOR7ojksxSQ/zq7ZdHQic7NhbiK
+Ad/EHQwu1PhXk+clFIZhDvkiyjAyWwbCwOm7F3AK7B2ZioIfQ4Fokoj1hbgXk57G
+YjuY4zTJj9zr02wToOYJ4gpVRT7hrG3NtSeEYny5102CaMyTUejv5833o0b9P/sp
++3O5nk+wR+4H6ELwVq3JnMz6yWkccsjQ7wAEhbc3WVLd0OAqL/9fPusDg6LM+n3W
+IbDmkKYwoUWQBn5KcXUHLRncj4Cpupn/bAsGcHoNqHTidu8sictHQ3iVfrDJpKfb
+VRkpPdarQGkPJ/f7WMS1crxsuPy88NZ6KBwNAjp2E/ZJk0XwWUn1KWcq7Do7rGzv
+cbl6Q2I2ySA/Uzj+pgup2CQi75kCqHTXHlxCE8/5lR7UOPUvDJP/ODMO+h64kWmB
+JcIXVp68cBqLzkbQgg5oiJ34XWXTdcQYK/ljJjRBzh2pTlBhTKabOARYdKaSfG7L
+7KitHI9c9Dhqa0Uhw1/4KPVOaPTa/futBi82x7hrvBsYZKySpseWCW0xERNr0QFX
+5mbM3nnP4aFpNU9wtjgEZEjd7BB+kI9nd7M5BdQWHveAsP6dWPyHYJUSLh6JdQkv
+ti34Ae62sC/iPi2TPlK69nTscUJnOnisMGzhlcUQniweHII9VKytpqfTR7rBPRpB
+Pn4fLAd0hyuhzUUCQwKO1pCcFzv04RuHJXdzTt8MJZzGMyNS4MqxTb0/CABGvF3R
+vUorxeL5jZKNnRG6CegtC4LAFx1rhtMyoEjGftY+sSyLr20R6kjKbxPBxbMaZ1AL
+8/tYF+vrh6HuoNk+mk79sb2vFVbyAluzSkXzq8An9kaiDG8QARRtW047BU9UY5sy
+Gww+e8PNCoAIEJLE2BOLqIiCa911lyA8kfNU8CQtEc9sQZSV8sphlgCtb12DMplH
+7LVAloMODaFiuXscn4Y8gSP3Oa6QYmgfk2ramrh1RdQWORIkq1+fNCVIbZlK7tTb
+TyjrJI9xtU/XoYk0ZIkl274Ku5JPUgZPHL5Zq0SLZhCcGfWeww2fCOwtOaRMPZ67
+CtL0W0UfTGO1bWRoOVKJifqTdYHL9xRLxdT7o946TAjSrYpZnYOg57ldo+9z9Gze
+Ikoxs6OtJi6r39bLXYuLQk2yyhH6y7qCplQDQfFcLWtVGJ/XU5I3J096Fns3/Nbw
+QpHuAyCjhc6h99blQKZDu3/NaIppOwLliLBvNUdii9fMwIBokLFcvt6voYKX6Qw7
+gSD9nQx4X/yJj6zs9B/m9IgNX7lOBaYmtUTeSY4qtkOHFIy8JBuC3yWyeXvDJlQm
+-----END RSA PRIVATE KEY-----

spec/fixtures/small.crt

@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE-----
+MIIBJDCBzwIUWcThKSs0itRx3SVjfBeLTRx8RwMwDQYJKoZIhvcNAQELBQAwFDES
+MBAGA1UEAwwJbG9jYWxob3N0MB4XDTIxMDgyNTEyMTUxN1oXDTI0MTIwNzEyMTUx
+N1owFDESMBAGA1UEAwwJbG9jYWxob3N0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB
+AMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40vpAZ3WIttq1x
+Gb4+fF81/jDuodfFgu2zm3cCAwEAATANBgkqhkiG9w0BAQsFAANBAHByJqZFOPFr
+OE0BRv7KCd0IMNbVzr99de74jZKx7qBK8soV4ZAUsVX/+Qldtta2+q2WXaMEKHXS
+7xpnYQjSkNs=
+-----END CERTIFICATE-----

spec/fixtures/small.key

@@ -0,0 +1,9 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIBOgIBAAJBAMv+w+WDbrAPQCNqBkry52ayQyLnx/WZZyX3YKW6S123qUAiGO40
+vpAZ3WIttq1xGb4+fF81/jDuodfFgu2zm3cCAwEAAQJBALigAUhN5fXuN4xVvxBC
+O3BU0jJbODxt9E8GTzBvJRrRKLVv8eLF7IubPPh+CW2D32JMSj8XZLBjkjj6y5P5
+p8ECIQD9mZbe5iT4SowhlGO0YqyxnN2C1Id+CloUmIoOyNDR0QIhAM3s/uGpjxvD
+6zdJQds5tp4WpFhrQzs5lAf7wFUrRuLHAiByc0OEmycqKzKs4PRSb4nyqpHJvrLb
+bj6TNvhvja+4UQIgCSf6hUomxNNHSCQHu5mrVwgmso/CY4XB4UD+YksUUc0CIAIm
+cjJtX/A4DdaSMwdNp8q8f8MrppQjErltD80oRpxv
+-----END RSA PRIVATE KEY-----

spec/inputs/tcp_spec.rb

@@ -429,6 +429,115 @@ def get_port
             expect { subject.register }.to_not raise_error
           end
         end
+
+        context "encrypted (AES-156) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_aes256.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_aes256.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (SEED) key" do # algorithm not supported by Sun provider
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_seed.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_seed.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            pending # newer BC should be able to read this
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted (DES) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted_des.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted_des.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "encrypted PKCS#8 key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs8.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs8.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        # NOTE: only BC provider can read the legacy (OpenSSL) format
+        context "encrypted PKCS#5 v1.5 key" do # openssl pkcs8 -topk8 -v1 PBE-MD5-DES
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/encrypted-pkcs5v15.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/encrypted-pkcs5v15.key', File.dirname(__FILE__)),
+                "ssl_key_passphrase" => '1234',
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
+
+        context "small (legacy) key" do
+          let(:config) do
+            {
+                "host" => "127.0.0.1",
+                "port" => port,
+                "ssl_enable" => true,
+                "ssl_cert" => File.expand_path('../fixtures/small.crt', File.dirname(__FILE__)),
+                "ssl_key" => File.expand_path('../fixtures/small.key', File.dirname(__FILE__)),
+            }
+          end
+
+          it "should register without errors" do
+            expect { subject.register }.to_not raise_error
+          end
+
+        end
       end
     end
 

src/main/java/org/logstash/tcp/SslContextBuilder.java

@@ -22,6 +22,7 @@
 import java.io.FileReader;
 import java.io.IOException;
 import java.security.PrivateKey;
+import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateFactory;
@@ -91,6 +92,9 @@ public SslContext buildContext() throws Exception {
             throw new IllegalArgumentException("missing ssl_key");
         }
 
+        // NOTE: decrypting openssl key-pair (PEMEncryptedKeyPair) assumes the BC provider
+        installBouncyCastleProvider();
+
         // Check key strength
         if (Cipher.getMaxAllowedKeyLength("AES") <= 128) {
             logger.warn("JCE Unlimited Strength Jurisdiction Policy not installed - max key length is 128 bits");
@@ -189,4 +193,12 @@ private static List<Certificate> getCertificatesFromFile(final String file, fina
         return certificates;
     }
 
+    private static void installBouncyCastleProvider() {
+        synchronized (Security.class) {
+            if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+                Security.addProvider(new BouncyCastleProvider());
+            }
+        }
+    }
+
 }

version

@@ -1 +1 @@
-6.2.0
+6.2.1