Merge branch 'main' into fix.filetered.reader

opensearch-project · Feb 24, 2025 · 47fae53 · 47fae53
2 parents 0f0a5bf + 2cca355
commit 47fae53
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 0 deletions.
diff --git a/src/main/java/org/opensearch/security/ssl/OpenSearchSecureSettingsFactory.java b/src/main/java/org/opensearch/security/ssl/OpenSearchSecureSettingsFactory.java
@@ -12,10 +12,13 @@
 package org.opensearch.security.ssl;
 
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Optional;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.TrustManagerFactory;
 
 import org.opensearch.common.settings.Settings;
 import org.opensearch.http.HttpServerTransport;
@@ -76,6 +79,41 @@ public Optional<SecureTransportParameters> parameters(Settings settings) {
                     public boolean dualModeEnabled() {
                         return sslConfig.isDualModeEnabled();
                     }
+
+                    @Override
+                    public Optional<String> sslProvider() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP).map(config -> config.sslParameters().provider().name());
+                    }
+
+                    @Override
+                    public Optional<String> clientAuth() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP).map(config -> config.sslParameters().clientAuth().name());
+                    }
+
+                    @Override
+                    public Collection<String> protocols() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP)
+                            .map(config -> config.sslParameters().allowedProtocols())
+                            .orElse(Collections.emptyList());
+                    }
+
+                    @Override
+                    public Collection<String> cipherSuites() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP)
+                            .map(config -> config.sslParameters().allowedCiphers())
+                            .orElse(Collections.emptyList());
+                    }
+
+                    @Override
+                    public Optional<KeyManagerFactory> keyManagerFactory() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP).map(SslConfiguration::keyStoreFactory);
+                    }
+
+                    @Override
+                    public Optional<TrustManagerFactory> trustManagerFactory() {
+                        return sslSettingsManager.sslConfiguration(CertType.HTTP).map(SslConfiguration::trustStoreFactory);
+                    }
+
                 });
             }
 

diff --git a/src/main/java/org/opensearch/security/ssl/SslConfiguration.java b/src/main/java/org/opensearch/security/ssl/SslConfiguration.java
@@ -20,6 +20,8 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -67,6 +69,14 @@ public List<Certificate> certificates() {
             .collect(Collectors.toList());
     }
 
+    public KeyManagerFactory keyStoreFactory() {
+        return keyStoreConfiguration.createKeyManagerFactory(sslParameters.shouldValidateNewCertDNs());
+    }
+
+    public TrustManagerFactory trustStoreFactory() {
+        return trustStoreConfiguration.createTrustManagerFactory(sslParameters.shouldValidateNewCertDNs());
+    }
+
     public SslParameters sslParameters() {
         return sslParameters;
     }