honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use client http ssl settings if applicable 

Original commit: elastic/x-pack-elasticsearch@c74116d40a
This commit is contained in:
Lee Hinman 2016-06-29 15:00:39 -06:00
parent 4d7d9ad5b9
commit 92637d2eec
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java
View File

@ -64,6 +64,7 @@ import java.util.Set;
import java.util.regex.Pattern;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.xpack.security.Security.setting;
/**
* This is the command-line tool used for migrating users and roles from the file-based realm into the new native realm using the API for
@ -148,15 +149,16 @@ public class ESNativeRealmMigrateTool extends MultiCommand {
HttpURLConnection conn;
// If using SSL, need a custom service because it's likely a self-signed certificate
if ("https".equalsIgnoreCase(uri.getScheme())) {
Settings sslSettings = settings.getByPrefix(setting("http.ssl."));
SSLConfiguration.Global globalConfig = new SSLConfiguration.Global(settings);
final ClientSSLService sslService = new ClientSSLService(settings, globalConfig);
final ClientSSLService sslService = new ClientSSLService(sslSettings, globalConfig);
sslService.setEnvironment(env);
final HttpsURLConnection httpsConn = (HttpsURLConnection) url.openConnection();
AccessController.doPrivileged(new PrivilegedAction<Void>() {
@Override
public Void run() {
// Requires permission java.lang.RuntimePermission "setFactory";
httpsConn.setSSLSocketFactory(sslService.sslSocketFactory(settings));
httpsConn.setSSLSocketFactory(sslService.sslSocketFactory(sslSettings));
return null;
}
});