RestClient: simplify ssl configuration
Original commit: elastic/x-pack-elasticsearch@1600743249
This commit is contained in:
javanna
Luca Cavanna
parent
107ab2d71d
commit
50c24ba4ce
|
|
@ -5,10 +5,12 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.authc.pki;
|
||||
|
||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
import org.elasticsearch.client.Response;
|
||||
import org.elasticsearch.client.ResponseException;
|
||||
import org.elasticsearch.client.RestClient;
|
||||
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
|
||||
import org.elasticsearch.client.transport.TransportClient;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
|
|
@ -77,7 +79,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
|
|||
}
|
||||
|
||||
public void testRestClientWithoutClientCertificate() throws Exception {
|
||||
try (RestClient restClient = createRestClient(new SSLContextHttpConfigCallback(getSSLContext()), "https")) {
|
||||
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(getSSLContext());
|
||||
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) {
|
||||
try {
|
||||
restClient.performRequest("GET", "_nodes");
|
||||
fail("request should have failed");
|
||||
|
|
|
|||
|
|
@ -6,10 +6,12 @@
|
|||
package org.elasticsearch.xpack.security.authc.pki;
|
||||
|
||||
|
||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.client.Response;
|
||||
import org.elasticsearch.client.RestClient;
|
||||
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
|
|
@ -76,7 +78,8 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
|
|||
public void testThatHttpWorks() throws Exception {
|
||||
SSLContext sc = SSLContext.getInstance("SSL");
|
||||
sc.init(null, trustAllCerts, new SecureRandom());
|
||||
try (RestClient restClient = createRestClient(new SSLContextHttpConfigCallback(sc), "https")) {
|
||||
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(sc);
|
||||
try (RestClient restClient = createRestClient(new SSLSocketFactoryHttpConfigCallback(sslConnectionSocketFactory), "https")) {
|
||||
try (Response response = restClient.performRequest("GET", "/_nodes",
|
||||
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
|
||||
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.DEFAULT_USER_NAME,
|
||||
|
|
|
|||
|
|
@ -1,31 +0,0 @@
|
|||
/*
|
||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
||||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.security.authc.pki;
|
||||
|
||||
import org.apache.http.client.config.RequestConfig;
|
||||
import org.apache.http.impl.client.HttpClientBuilder;
|
||||
import org.elasticsearch.client.RestClient;
|
||||
|
||||
import javax.net.ssl.SSLContext;
|
||||
|
||||
class SSLContextHttpConfigCallback implements RestClient.HttpClientConfigCallback {
|
||||
|
||||
private final SSLContext sslContext;
|
||||
|
||||
SSLContextHttpConfigCallback(SSLContext sslContext) {
|
||||
this.sslContext = sslContext;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customizeDefaultRequestConfig(RequestConfig.Builder requestConfigBuilder) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customizeHttpClient(HttpClientBuilder httpClientBuilder) {
|
||||
httpClientBuilder.setSSLContext(sslContext);
|
||||
}
|
||||
}
|
||||
|
|
@ -5,16 +5,15 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.transport.ssl;
|
||||
|
||||
import org.apache.http.client.config.RequestConfig;
|
||||
import org.apache.http.conn.ssl.NoopHostnameVerifier;
|
||||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
|
||||
import org.apache.http.impl.client.HttpClientBuilder;
|
||||
import org.apache.http.message.BasicHeader;
|
||||
import org.apache.http.ssl.SSLContexts;
|
||||
import org.apache.http.util.EntityUtils;
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
import org.elasticsearch.client.Response;
|
||||
import org.elasticsearch.client.RestClient;
|
||||
import org.elasticsearch.client.SSLSocketFactoryHttpConfigCallback;
|
||||
import org.elasticsearch.client.transport.TransportClient;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
|
|
@ -110,23 +109,4 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
|
|||
assertGreenClusterState(client);
|
||||
}
|
||||
}
|
||||
|
||||
private static class SSLSocketFactoryHttpConfigCallback implements RestClient.HttpClientConfigCallback {
|
||||
|
||||
private final SSLConnectionSocketFactory sslSocketFactory;
|
||||
|
||||
SSLSocketFactoryHttpConfigCallback(SSLConnectionSocketFactory sslSocketFactory) {
|
||||
this.sslSocketFactory = sslSocketFactory;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customizeDefaultRequestConfig(RequestConfig.Builder requestConfigBuilder) {
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
public void customizeHttpClient(HttpClientBuilder httpClientBuilder) {
|
||||
httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue