MaDgiK-CITE
/
argos
13
0
Fork 0
Code Issues Pull Requests Projects Releases 3 Wiki Activity

elasticsearch cert change

This commit is contained in:
Diamantis Tziotzios 2022-11-25 17:03:25 +02:00
parent ccc102a52d
commit 75007286fc
1 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
dmp-backend/web/src/main/java/eu/eudat/configurations/ElasticSearchConfiguration.java
View File

@ -4,6 +4,7 @@ import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager;
@ -72,29 +73,34 @@ public class ElasticSearchConfiguration {
RestHighLevelClient client;
if(this.environment.getProperty("elasticsearch.usingssl", Boolean.class)){
Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
CertificateFactory factory =
CertificateFactory.getInstance("X.509");
Certificate trustedCa;
try (InputStream is = Files.newInputStream(caCertificatePath)) {
trustedCa = factory.generateCertificate(is);
}
KeyStore trustStore = KeyStore.getInstance("pkcs12");
trustStore.load(null, null);
trustStore.setCertificateEntry("ca", trustedCa);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
// Path caCertificatePath = Paths.get(this.environment.getProperty("elasticsearch.certPath"));
// CertificateFactory factory =
// CertificateFactory.getInstance("X.509");
// Certificate trustedCa;
// try (InputStream is = Files.newInputStream(caCertificatePath)) {
// trustedCa = factory.generateCertificate(is);
// }
// KeyStore trustStore = KeyStore.getInstance("pkcs12");
// trustStore.load(null, null);
// trustStore.setCertificateEntry("ca", trustedCa);
//
// TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
// tmf.init(trustStore);
//
// SSLContext sslContext = SSLContext.getInstance("TLS");
// sslContext.init(null, tmf.getTrustManagers(), null);
SSLContextBuilder sslBuilder = SSLContexts.custom()
.loadTrustMaterial(null, (x509Certificates, s) -> true);
final SSLContext sslContext = sslBuilder.build();
client = new RestHighLevelClient(
RestClient.builder(
new HttpHost(this.environment.getProperty("elasticsearch.host"),
Integer.parseInt(this.environment.getProperty("elasticsearch.port")), "https"))
.setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext)));
.setDefaultCredentialsProvider(credentialsProvider).setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLContext(sslContext))
.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(5000).setSocketTimeout(120000))
);
}
else {
client = new RestHighLevelClient(