Add ssl support for elasticsearch

2022-06-08 16:23:49 +03:00 · 2022-06-08 16:23:49 +03:00 · 3433f58506
parent 0235406246
commit 3433f58506
2 changed files with 51 additions and 6 deletions
--- a/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java
+++ b/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java
@ -4,11 +4,14 @@ import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.CredentialsProvider;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
 import org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor;
 import org.apache.http.nio.reactor.IOReactorException;
 import org.apache.http.nio.reactor.IOReactorExceptionHandler;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.SSLContexts;
 import org.elasticsearch.client.RestClient;
 import org.elasticsearch.client.RestHighLevelClient;
 import org.slf4j.Logger;
@ -18,7 +21,17 @@ import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.env.Environment;

+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import java.io.FileInputStream;
 import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;

 /**
 * Created by ikalyvas on 7/5/2018.
@ -56,12 +69,41 @@ public class ElasticSearchConfiguration {
                }
            });

-            RestHighLevelClient client = new RestHighLevelClient(
-                    RestClient.builder(
-                            new HttpHost(this.environment.getProperty("elasticsearch.host"),
-                                    Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "http"))
-                            .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
-                                    .setDefaultCredentialsProvider(credentialsProvider).setConnectionManager(new PoolingNHttpClientConnectionManager(ioReactor))));
+            RestHighLevelClient client;
+            if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){
+
+                Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
+                CertificateFactory factory =
+                        CertificateFactory.getInstance("X.509");
+                Certificate trustedCa;
+                try (InputStream is = Files.newInputStream(caCertificatePath)) {
+                    trustedCa = factory.generateCertificate(is);
+                }
+                KeyStore trustStore = KeyStore.getInstance("pkcs12");
+                trustStore.load(null, null);
+                trustStore.setCertificateEntry("ca", trustedCa);
+
+                TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                tmf.init(trustStore);
+
+                SSLContext sslContext = SSLContext.getInstance("TLS");
+                sslContext.init(null, tmf.getTrustManagers(), null);
+
+                client = new RestHighLevelClient(
+                        RestClient.builder(
+                                new HttpHost(this.environment.getProperty("elasticsearch.host"),
+                                        Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https"))
+                                .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
+                                        .setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext)));
+            }
+            else {
+                 client = new RestHighLevelClient(
+                        RestClient.builder(
+                                new HttpHost(this.environment.getProperty("elasticsearch.host"),
+                                        Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "http"))
+                                .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
+                                        .setDefaultCredentialsProvider(credentialsProvider).setConnectionManager(new PoolingNHttpClientConnectionManager(ioReactor))));
+            }
            return client;
        }catch (IOReactorException ex) {
            throw new RuntimeException(ex);
--- a/dmp-backend/web/src/main/resources/config/application-devel.properties
+++ b/dmp-backend/web/src/main/resources/config/application-devel.properties
@ -14,6 +14,9 @@ elasticsearch.port = 9200
 elasticsearch.username=elastic
 elasticsearch.password=
 elasticsearch.index=dmps
+elasticsearch.usingssl=false
+elasticsearch.certPath =
+elasticsearch.certKey =

 ####################ELK OVERRIDES CONFIGURATIONS##########
 http-logger.server-address = http://localhost:31311