honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPS: Do not require client auth by default 

Original commit: elastic/x-pack-elasticsearch@795d40a705
This commit is contained in:
Alexander Reelsen 2014-10-06 09:11:53 +02:00
parent fe7d79384f
commit 0d702c2fbc
5 changed files with 7 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredHttpServerTransport.java
View File

@ -46,7 +46,7 @@ public class NettySecuredHttpServerTransport extends NettyHttpServerTransport {
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
super(transport);
if (ssl) {
sslConfig = new SSLConfig(settings.getByPrefix("shield.http.ssl."), settings.getByPrefix("shield.ssl."));
sslConfig = new SSLConfig(settings.getByPrefix("shield.http.ssl."), settings.getByPrefix("shield.ssl."), false);
// try to create an SSL engine, so that exceptions lead to early exit
sslConfig.createSSLEngine();
} else {

4
src/main/java/org/elasticsearch/shield/transport/netty/NettySecuredTransport.java
View File

@ -53,7 +53,7 @@ public class NettySecuredTransport extends NettyTransport {
public SslServerChannelPipelineFactory(NettyTransport nettyTransport) {
super(nettyTransport);
if (ssl) {
sslConfig = new SSLConfig(settings.getByPrefix("shield.transport.ssl."), settings.getByPrefix("shield.ssl."));
sslConfig = new SSLConfig(settings.getByPrefix("shield.transport.ssl."), settings.getByPrefix("shield.ssl."), true);
// try to create an SSL engine, so that exceptions lead to early exit
sslConfig.createSSLEngine();
} else {
@ -85,7 +85,7 @@ public class NettySecuredTransport extends NettyTransport {
public SslClientChannelPipelineFactory(NettyTransport transport) {
super(transport);
if (ssl) {
sslConfig = new SSLConfig(settings.getByPrefix("shield.transport.ssl."), settings.getByPrefix("shield.ssl."));
sslConfig = new SSLConfig(settings.getByPrefix("shield.transport.ssl."), settings.getByPrefix("shield.ssl."), true);
// try to create an SSL engine, so that exceptions lead to early exit
sslConfig.createSSLEngine();
} else {

4
src/main/java/org/elasticsearch/shield/transport/ssl/SSLConfig.java
View File

@ -28,10 +28,10 @@ public class SSLConfig {
private SSLContext sslContext;
private String[] ciphers;
public SSLConfig(Settings componentSettings, Settings defaultSettings) {
public SSLConfig(Settings componentSettings, Settings defaultSettings, boolean defaultRequireClientAuth) {
SSLTrustConfig sslTrustConfig = new SSLTrustConfig(componentSettings, defaultSettings);
this.clientAuth = componentSettings.getAsBoolean("require.client.auth", defaultSettings.getAsBoolean("require.client.auth", true));
this.clientAuth = componentSettings.getAsBoolean("require.client.auth", defaultSettings.getAsBoolean("require.client.auth", defaultRequireClientAuth));
String keyStore = componentSettings.get("keystore", defaultSettings.get("keystore", System.getProperty("javax.net.ssl.keyStore")));
String keyStorePassword = componentSettings.get("keystore_password", defaultSettings.get("keystore_password", System.getProperty("javax.net.ssl.keyStorePassword")));
String keyStoreAlgorithm = componentSettings.get("keystore_algorithm", defaultSettings.get("keystore_algorithm", System.getProperty("ssl.KeyManagerFactory.algorithm")));

1
src/test/java/org/elasticsearch/shield/test/ShieldIntegrationTest.java
View File

@ -140,7 +140,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
.put("shield.transport.ssl.truststore", store.getPath())
.put("shield.transport.ssl.truststore_password", password)
.put("shield.http.ssl", true)
.put("shield.http.ssl.require.client.auth", false)
.put("shield.http.ssl.keystore", store.getPath())
.put("shield.http.ssl.keystore_password", password)
.put("shield.http.ssl.truststore", store.getPath())

4
src/test/java/org/elasticsearch/shield/transport/ssl/SSLConfigTests.java
View File

@ -38,7 +38,7 @@ public class SSLConfigTests extends ElasticsearchTestCase {
.put("keystore_password", "testnode")
.put("truststore", testnodeStore.getPath())
.put("truststore_password", "testnode")
.build());
.build(), false);
} catch (ElasticsearchSSLException e) {
assertThat(e.getRootCause(), instanceOf(NoSuchAlgorithmException.class));
}
@ -59,7 +59,7 @@ public class SSLConfigTests extends ElasticsearchTestCase {
.put("shield.ssl.truststore_password", "testnode")
.build();
SSLConfig sslConfig = new SSLConfig(concreteSettings, genericSettings.getByPrefix("shield.ssl."));
SSLConfig sslConfig = new SSLConfig(concreteSettings, genericSettings.getByPrefix("shield.ssl."), false);
SSLEngine sslEngine = sslConfig.createSSLEngine();
assertThat(sslEngine.getEnabledCipherSuites().length, is(1));
}