elasticsearch cert change
This commit is contained in:
parent
ccc102a52d
commit
75007286fc
|
@ -4,6 +4,7 @@ import org.apache.http.HttpHost;
|
||||||
import org.apache.http.auth.AuthScope;
|
import org.apache.http.auth.AuthScope;
|
||||||
import org.apache.http.auth.UsernamePasswordCredentials;
|
import org.apache.http.auth.UsernamePasswordCredentials;
|
||||||
import org.apache.http.client.CredentialsProvider;
|
import org.apache.http.client.CredentialsProvider;
|
||||||
|
import org.apache.http.conn.ssl.NoopHostnameVerifier;
|
||||||
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
|
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
|
||||||
import org.apache.http.impl.client.BasicCredentialsProvider;
|
import org.apache.http.impl.client.BasicCredentialsProvider;
|
||||||
import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
|
import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
|
||||||
|
@ -72,29 +73,34 @@ public class ElasticSearchConfiguration {
|
||||||
RestHighLevelClient client;
|
RestHighLevelClient client;
|
||||||
if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){
|
if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){
|
||||||
|
|
||||||
Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
|
// Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
|
||||||
CertificateFactory factory =
|
// CertificateFactory factory =
|
||||||
CertificateFactory.getInstance("X.509");
|
// CertificateFactory.getInstance("X.509");
|
||||||
Certificate trustedCa;
|
// Certificate trustedCa;
|
||||||
try (InputStream is = Files.newInputStream(caCertificatePath)) {
|
// try (InputStream is = Files.newInputStream(caCertificatePath)) {
|
||||||
trustedCa = factory.generateCertificate(is);
|
// trustedCa = factory.generateCertificate(is);
|
||||||
}
|
// }
|
||||||
KeyStore trustStore = KeyStore.getInstance("pkcs12");
|
// KeyStore trustStore = KeyStore.getInstance("pkcs12");
|
||||||
trustStore.load(null, null);
|
// trustStore.load(null, null);
|
||||||
trustStore.setCertificateEntry("ca", trustedCa);
|
// trustStore.setCertificateEntry("ca", trustedCa);
|
||||||
|
//
|
||||||
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
// TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
|
||||||
tmf.init(trustStore);
|
// tmf.init(trustStore);
|
||||||
|
//
|
||||||
SSLContext sslContext = SSLContext.getInstance("TLS");
|
// SSLContext sslContext = SSLContext.getInstance("TLS");
|
||||||
sslContext.init(null, tmf.getTrustManagers(), null);
|
// sslContext.init(null, tmf.getTrustManagers(), null);
|
||||||
|
|
||||||
|
SSLContextBuilder sslBuilder = SSLContexts.custom()
|
||||||
|
.loadTrustMaterial(null, (x509Certificates, s) -> true);
|
||||||
|
final SSLContext sslContext = sslBuilder.build();
|
||||||
client = new RestHighLevelClient(
|
client = new RestHighLevelClient(
|
||||||
RestClient.builder(
|
RestClient.builder(
|
||||||
new HttpHost(this.environment.getProperty("elasticsearch.host"),
|
new HttpHost(this.environment.getProperty("elasticsearch.host"),
|
||||||
Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https"))
|
Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https"))
|
||||||
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
|
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
|
||||||
.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext)));
|
.setDefaultCredentialsProvider(credentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLContext(sslContext))
|
||||||
|
.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(5000).setSocketTimeout(120000))
|
||||||
|
);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
client = new RestHighLevelClient(
|
client = new RestHighLevelClient(
|
||||||
|
|
Loading…
Reference in New Issue