diff --git a/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java b/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java index 8e2aa750dcd04..b9e1704a2e343 100644 --- a/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java +++ b/modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java @@ -57,6 +57,7 @@ import java.net.SocketAddress; import java.security.AccessController; import java.security.PrivilegedAction; +import java.util.Optional; import io.netty.channel.Channel; import io.netty.channel.ChannelHandler; @@ -142,9 +143,14 @@ public SSLServerChannelInitializer(String name) { protected void initChannel(Channel ch) throws Exception { super.initChannel(ch); - final boolean dualModeEnabled = secureTransportSettingsProvider.isDualModeEnabled(settings); + boolean dualModeEnabled = false; + Optional parameters = secureTransportSettingsProvider.parameters( + settings + ); + if (parameters.isPresent()) { + dualModeEnabled = parameters.get().dualModeEnabled(); + } if (dualModeEnabled) { - logger.info("SSL Dual mode enabled, using port unification handler"); final ChannelHandler portUnificationHandler = new DualModeSslHandler( settings, secureTransportSettingsProvider, @@ -258,7 +264,13 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne public SSLClientChannelInitializer(DiscoveryNode node) { this.node = node; - final boolean dualModeEnabled = secureTransportSettingsProvider.isDualModeEnabled(settings); + boolean dualModeEnabled = false; + Optional parameters = secureTransportSettingsProvider.parameters( + settings + ); + if (parameters.isPresent()) { + dualModeEnabled = parameters.get().dualModeEnabled(); + } hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings); hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings); diff --git a/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java b/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java index df3258a1c7648..50fc6e98a1114 100644 --- a/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java +++ b/server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java @@ -38,12 +38,30 @@ default Collection> getTransportAdapterProvi } /** - * Returns true if dual mode is enabled. Dual mode domains support both encrypted and non-encrypted traffic + * Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider} + * implementation * @param settings settings - * @return a boolean indicating if dual mode is enabled + * @return an instance of {@link SecureTransportParameters} */ - default boolean isDualModeEnabled(Settings settings) { - return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings); + default Optional parameters(Settings settings) { + return Optional.of(new DefaultSecureTransportParameters(settings)); + } + + interface SecureTransportParameters { + boolean dualModeEnabled(); + } + + class DefaultSecureTransportParameters implements SecureTransportParameters { + private final Settings settings; + + DefaultSecureTransportParameters(Settings settings) { + this.settings = settings; + } + + @Override + public boolean dualModeEnabled() { + return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings); + } } /**