121 lines
3 KiB
Go
121 lines
3 KiB
Go
// Licensed to Elasticsearch B.V. under one or more contributor
|
|
// license agreements. See the NOTICE file distributed with
|
|
// this work for additional information regarding copyright
|
|
// ownership. Elasticsearch B.V. licenses this file to you under
|
|
// the Apache License, Version 2.0 (the "License"); you may
|
|
// not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing,
|
|
// software distributed under the License is distributed on an
|
|
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
// KIND, either express or implied. See the License for the
|
|
// specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
package tls
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/elastic/beats/libbeat/common"
|
|
"github.com/elastic/beats/libbeat/logp"
|
|
)
|
|
|
|
type alertSeverity uint8
|
|
type alertCode uint8
|
|
|
|
type alert struct {
|
|
severity alertSeverity
|
|
code alertCode
|
|
}
|
|
|
|
var alertNames = map[alertCode]string{
|
|
0: "close_notify",
|
|
10: "unexpected_message",
|
|
20: "bad_record_mac",
|
|
21: "decryption_failed",
|
|
22: "record_overflow",
|
|
30: "decompression_failure",
|
|
40: "handshake_failure",
|
|
41: "no_certificate_RESERVED",
|
|
42: "bad_certificate",
|
|
43: "unsupported_certificate",
|
|
44: "certificate_revoked",
|
|
45: "certificate_expired",
|
|
46: "certificate_unknown",
|
|
47: "illegal_parameter",
|
|
48: "unknown_ca",
|
|
49: "access_denied",
|
|
50: "decode_error",
|
|
51: "decrypt_error",
|
|
60: "export_restriction_RESERVED",
|
|
70: "protocol_version",
|
|
71: "insufficient_security",
|
|
80: "internal_error",
|
|
86: "inappropriate_fallback",
|
|
90: "user_canceled",
|
|
100: "no_renegotiation",
|
|
110: "unsupported_extension",
|
|
111: "certificate_unobtainable",
|
|
112: "unrecognized_name",
|
|
113: "bad_certificate_status_response",
|
|
114: "bad_certificate_hash_value",
|
|
115: "unknown_psk_identity",
|
|
}
|
|
|
|
var (
|
|
errRead = errors.New("Buffer read error")
|
|
)
|
|
|
|
func (severity alertSeverity) String() string {
|
|
switch severity {
|
|
case 1:
|
|
return "warning"
|
|
case 2:
|
|
return "fatal"
|
|
}
|
|
return fmt.Sprintf("(unknown:0x%02x)", int(severity))
|
|
}
|
|
|
|
func (alertCode alertCode) String() string {
|
|
if str, ok := alertNames[alertCode]; ok {
|
|
return str
|
|
}
|
|
return fmt.Sprintf("(unknown:0x%02x)", int(alertCode))
|
|
}
|
|
|
|
func (alert alert) toMap(source string) common.MapStr {
|
|
return common.MapStr{
|
|
"severity": alert.severity.String(),
|
|
"code": int(alert.code),
|
|
"type": alert.code.String(),
|
|
"source": source,
|
|
}
|
|
}
|
|
|
|
func (parser *parser) parseAlert(buf *bufferView) error {
|
|
if buf.length() != 2 {
|
|
if isDebug {
|
|
debugf("ignoring encrypted alert")
|
|
}
|
|
return nil
|
|
}
|
|
|
|
var severity, code uint8
|
|
if !buf.read8(0, &severity) || !buf.read8(1, &code) {
|
|
return errRead
|
|
}
|
|
if severity < 1 || severity > 2 {
|
|
logp.Warn("invalid severity in alert: %v", severity)
|
|
}
|
|
alert := alert{alertSeverity(severity), alertCode(code)}
|
|
if isDebug {
|
|
debugf("Got alert %v", alert)
|
|
}
|
|
parser.alerts = append(parser.alerts, alert)
|
|
return nil
|
|
}
|