honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Provide a message for callers of the EmptyTrustManager (elastic/x-pack-elasticsearch#2052) 

This change will provide a exception with a message to any callers of the empty trust manager for
better visibility into issues.

Original commit: elastic/x-pack-elasticsearch@c8241aea98
This commit is contained in:
Jay Modi 2017-07-21 10:10:14 -06:00 committed by GitHub
parent b29f7a9ddb
commit 2f7142ccc7
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLService.java
View File

@ -813,30 +813,36 @@ public class SSLService extends AbstractComponent {
/**
* This is an empty trust manager that is used in case a loaded trust manager is null
*/
private static final class EmptyX509TrustManager extends X509ExtendedTrustManager {
static final class EmptyX509TrustManager extends X509ExtendedTrustManager {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
throw new CertificateException("no certificates are trusted");
}
@Override

23
plugin/src/test/java/org/elasticsearch/xpack/ssl/SSLServiceTests.java
View File

@ -34,10 +34,13 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509ExtendedTrustManager;
import java.net.Socket;
import java.nio.file.Path;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
@ -45,6 +48,7 @@ import java.util.List;
import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
import static org.hamcrest.Matchers.contains;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.emptyArray;
import static org.hamcrest.Matchers.hasItem;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
@ -407,6 +411,25 @@ public class SSLServiceTests extends ESTestCase {
}
}
public void testEmptyTrustManager() throws Exception {
X509ExtendedTrustManager trustManager = new SSLService.EmptyX509TrustManager();
assertThat(trustManager.getAcceptedIssuers(), emptyArray());
final String message = "no certificates are trusted";
CertificateException ce =
expectThrows(CertificateException.class, () -> trustManager.checkClientTrusted(null, null, (Socket) null));
assertEquals(message, ce.getMessage());
ce = expectThrows(CertificateException.class, () -> trustManager.checkClientTrusted(null, null, (SSLEngine) null));
assertEquals(message, ce.getMessage());
ce = expectThrows(CertificateException.class, () -> trustManager.checkClientTrusted(null, null));
assertEquals(message, ce.getMessage());
ce = expectThrows(CertificateException.class, () -> trustManager.checkServerTrusted(null, null, (Socket) null));
assertEquals(message, ce.getMessage());
ce = expectThrows(CertificateException.class, () -> trustManager.checkServerTrusted(null, null, (SSLEngine) null));
assertEquals(message, ce.getMessage());
ce = expectThrows(CertificateException.class, () -> trustManager.checkServerTrusted(null, null));
assertEquals(message, ce.getMessage());
}
@Network
public void testThatSSLContextWithoutSettingsWorks() throws Exception {
SSLService sslService = new SSLService(Settings.EMPTY, env);