Skip to content

Commit

Permalink
Merge branch 'main' into fix_blake2b_hash
Browse files Browse the repository at this point in the history
  • Loading branch information
@terryquigleysas
terryquigleysas authored Feb 25, 2025
2 parents 4d6a965 + 7e7ca19 commit 88fb6cf
Show file tree
Hide file tree
Showing 3 changed files with 53 additions and 5 deletions.
10 changes: 5 additions & 5 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -692,11 +692,11 @@ dependencies {
testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test"
testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test"
testImplementation 'commons-validator:commons-validator:1.9.0'
testImplementation 'org.springframework.kafka:spring-kafka-test:3.3.2'
testImplementation 'org.springframework.kafka:spring-kafka-test:3.3.3'
testImplementation "org.springframework:spring-beans:${spring_version}"
testImplementation 'org.junit.jupiter:junit-jupiter:5.11.4'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.11.4'
testImplementation('org.awaitility:awaitility:4.2.2') {
testImplementation 'org.junit.jupiter:junit-jupiter:5.12.0'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.12.0'
testImplementation('org.awaitility:awaitility:4.3.0') {
exclude(group: 'org.hamcrest', module: 'hamcrest')
}
testImplementation "org.bouncycastle:bcpkix-jdk18on:${versions.bouncycastle}"
Expand Down Expand Up @@ -742,7 +742,7 @@ dependencies {
integrationTestImplementation 'org.hamcrest:hamcrest:2.2'
integrationTestImplementation "org.bouncycastle:bcpkix-jdk18on:${versions.bouncycastle}"
integrationTestImplementation "org.bouncycastle:bcutil-jdk18on:${versions.bouncycastle}"
integrationTestImplementation('org.awaitility:awaitility:4.2.2') {
integrationTestImplementation('org.awaitility:awaitility:4.3.0') {
exclude(group: 'org.hamcrest', module: 'hamcrest')
}
integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14'
Expand Down
38 changes: 38 additions & 0 deletions src/main/java/org/opensearch/security/ssl/OpenSearchSecureSettingsFactory.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,10 +12,13 @@
package org.opensearch.security.ssl;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManagerFactory;

import org.opensearch.common.settings.Settings;
import org.opensearch.http.HttpServerTransport;
Expand Down Expand Up @@ -76,6 +79,41 @@ public Optional<SecureTransportParameters> parameters(Settings settings) {
public boolean dualModeEnabled() {
return sslConfig.isDualModeEnabled();
}

@Override
public Optional<String> sslProvider() {
return sslSettingsManager.sslConfiguration(CertType.HTTP).map(config -> config.sslParameters().provider().name());
}

@Override
public Optional<String> clientAuth() {
return sslSettingsManager.sslConfiguration(CertType.HTTP).map(config -> config.sslParameters().clientAuth().name());
}

@Override
public Collection<String> protocols() {
return sslSettingsManager.sslConfiguration(CertType.HTTP)
.map(config -> config.sslParameters().allowedProtocols())
.orElse(Collections.emptyList());
}

@Override
public Collection<String> cipherSuites() {
return sslSettingsManager.sslConfiguration(CertType.HTTP)
.map(config -> config.sslParameters().allowedCiphers())
.orElse(Collections.emptyList());
}

@Override
public Optional<KeyManagerFactory> keyManagerFactory() {
return sslSettingsManager.sslConfiguration(CertType.HTTP).map(SslConfiguration::keyStoreFactory);
}

@Override
public Optional<TrustManagerFactory> trustManagerFactory() {
return sslSettingsManager.sslConfiguration(CertType.HTTP).map(SslConfiguration::trustStoreFactory);
}

});
}

Expand Down
10 changes: 10 additions & 0 deletions src/main/java/org/opensearch/security/ssl/SslConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
Expand Down Expand Up @@ -67,6 +69,14 @@ public List<Certificate> certificates() {
.collect(Collectors.toList());
}

public KeyManagerFactory keyStoreFactory() {
return keyStoreConfiguration.createKeyManagerFactory(sslParameters.shouldValidateNewCertDNs());
}

public TrustManagerFactory trustStoreFactory() {
return trustStoreConfiguration.createTrustManagerFactory(sslParameters.shouldValidateNewCertDNs());
}

public SslParameters sslParameters() {
return sslParameters;
}
Expand Down

0 comments on commit 88fb6cf

Please sign in to comment.