From 75007286fcef5d8a8e3dc01f22abd6bb15f670ba Mon Sep 17 00:00:00 2001 From: Diamantis Tziotzios Date: Fri, 25 Nov 2022 17:03:25 +0200 Subject: [PATCH] elasticsearch cert change --- .../ElasticSearchConfiguration.java | 40 +++++++++++-------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java b/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java index 49f7de4b4..70690ff62 100644 --- a/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java +++ b/dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java @@ -4,6 +4,7 @@ import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.client.CredentialsProvider; +import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager; @@ -72,29 +73,34 @@ public class ElasticSearchConfiguration { RestHighLevelClient client; if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){ - Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath")); - CertificateFactory factory = - CertificateFactory.getInstance("X.509"); - Certificate trustedCa; - try (InputStream is = Files.newInputStream(caCertificatePath)) { - trustedCa = factory.generateCertificate(is); - } - KeyStore trustStore = KeyStore.getInstance("pkcs12"); - trustStore.load(null, null); - trustStore.setCertificateEntry("ca", trustedCa); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustStore); - - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, tmf.getTrustManagers(), null); +// Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath")); +// CertificateFactory factory = +// CertificateFactory.getInstance("X.509"); +// Certificate trustedCa; +// try (InputStream is = Files.newInputStream(caCertificatePath)) { +// trustedCa = factory.generateCertificate(is); +// } +// KeyStore trustStore = KeyStore.getInstance("pkcs12"); +// trustStore.load(null, null); +// trustStore.setCertificateEntry("ca", trustedCa); +// +// TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); +// tmf.init(trustStore); +// +// SSLContext sslContext = SSLContext.getInstance("TLS"); +// sslContext.init(null, tmf.getTrustManagers(), null); + SSLContextBuilder sslBuilder = SSLContexts.custom() + .loadTrustMaterial(null, (x509Certificates, s) -> true); + final SSLContext sslContext = sslBuilder.build(); client = new RestHighLevelClient( RestClient.builder( new HttpHost(this.environment.getProperty("elasticsearch.host"), Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https")) .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder - .setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext))); + .setDefaultCredentialsProvider(credentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLContext(sslContext)) + .setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(5000).setSocketTimeout(120000)) + ); } else { client = new RestHighLevelClient(