diff --git a/plugin/src/main/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfig.java b/plugin/src/main/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfig.java index d8ec483c6ce..3ffee9a5219 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfig.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfig.java @@ -10,6 +10,7 @@ import java.io.IOException; import java.io.InputStream; import java.nio.file.Files; import java.nio.file.Path; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.List; @@ -17,7 +18,6 @@ import java.util.Objects; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; @@ -28,12 +28,12 @@ import org.elasticsearch.env.Environment; */ public final class RestrictedTrustConfig extends TrustConfig { - public static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name"; + private static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name"; private final Settings settings; private final String groupConfigPath; private final TrustConfig delegate; - public RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) { + RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) { this.settings = settings; this.groupConfigPath = Objects.requireNonNull(groupConfigPath); this.delegate = Objects.requireNonNull(delegate); @@ -52,7 +52,9 @@ public final class RestrictedTrustConfig extends TrustConfig { @Override List filesToMonitor(@Nullable Environment environment) { - return Collections.singletonList(resolveGroupConfigPath(environment)); + List files = new ArrayList<>(delegate.filesToMonitor(environment)); + files.add(resolveGroupConfigPath(environment)); + return Collections.unmodifiableList(files); } @Override diff --git a/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java b/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java index b81aa8531b2..ebd5fd3c0bc 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/ssl/SSLConfiguration.java @@ -5,9 +5,7 @@ */ package org.elasticsearch.xpack.ssl; -import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfigTests.java b/plugin/src/test/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfigTests.java new file mode 100644 index 00000000000..fcfed7a2303 --- /dev/null +++ b/plugin/src/test/java/org/elasticsearch/xpack/ssl/RestrictedTrustConfigTests.java @@ -0,0 +1,68 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +package org.elasticsearch.xpack.ssl; + +import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.env.Environment; +import org.elasticsearch.test.ESTestCase; +import org.hamcrest.Matchers; + +import javax.net.ssl.X509ExtendedTrustManager; +import java.nio.file.Files; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.List; + +public class RestrictedTrustConfigTests extends ESTestCase { + + public void testDelegationOfFilesToMonitor() throws Exception { + Path homeDir = createTempDir(); + Settings settings = Settings.builder().put("path.home", homeDir).build(); + Environment environment = new Environment(settings); + + final int numOtherFiles = randomIntBetween(0, 4); + List otherFiles = new ArrayList<>(numOtherFiles); + for (int i = 0; i < numOtherFiles; i++) { + otherFiles.add(Files.createFile(homeDir.resolve("otherFile" + i))); + } + Path groupConfigPath = Files.createFile(homeDir.resolve("groupConfig")); + + TrustConfig delegate = new TrustConfig() { + @Override + X509ExtendedTrustManager createTrustManager(Environment environment) { + return null; + } + + @Override + List filesToMonitor(Environment environment) { + return otherFiles; + } + + @Override + public String toString() { + return null; + } + + @Override + public boolean equals(Object o) { + return false; + } + + @Override + public int hashCode() { + return 0; + } + }; + + final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(settings, groupConfigPath.toString(), delegate); + List filesToMonitor = restrictedTrustConfig.filesToMonitor(environment); + List expectedPathList = new ArrayList<>(otherFiles); + expectedPathList.add(groupConfigPath); + + assertEquals(numOtherFiles + 1, filesToMonitor.size()); + assertThat(filesToMonitor, Matchers.contains(expectedPathList.toArray(new Path[0]))); + } +}