MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

elasticsearch cert change

This commit is contained in:
Diamantis Tziotzios 2022-11-25 17:03:25 +02:00
parent ccc102a52d
commit 75007286fc
1 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java
View File

@ -4,6 +4,7 @@ import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope; import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials; import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider; import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy; import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager; import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
@ -72,29 +73,34 @@ public class ElasticSearchConfiguration {
RestHighLevelClient client; RestHighLevelClient client;
if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){ if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){
Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath")); // Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
CertificateFactory factory = // CertificateFactory factory =
CertificateFactory.getInstance("X.509"); // CertificateFactory.getInstance("X.509");
Certificate trustedCa; // Certificate trustedCa;
try (InputStream is = Files.newInputStream(caCertificatePath)) { // try (InputStream is = Files.newInputStream(caCertificatePath)) {
trustedCa = factory.generateCertificate(is); // trustedCa = factory.generateCertificate(is);
} // }
KeyStore trustStore = KeyStore.getInstance("pkcs12"); // KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null); // trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa); // trustStore.setCertificateEntry("ca", trustedCa);
//
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); // TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore); // tmf.init(trustStore);
//
SSLContext sslContext = SSLContext.getInstance("TLS"); // SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null); // sslContext.init(null, tmf.getTrustManagers(), null);
SSLContextBuilder sslBuilder = SSLContexts.custom()
.loadTrustMaterial(null, (x509Certificates, s) -> true);
final SSLContext sslContext = sslBuilder.build();
client = new RestHighLevelClient( client = new RestHighLevelClient(
RestClient.builder( RestClient.builder(
new HttpHost(this.environment.getProperty("elasticsearch.host"), new HttpHost(this.environment.getProperty("elasticsearch.host"),
Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https")) Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https"))
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext))); .setDefaultCredentialsProvider(credentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLContext(sslContext))
.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(5000).setSocketTimeout(120000))
);
} }
else { else {
client = new RestHighLevelClient( client = new RestHighLevelClient(