From 7ddbf6a729b9cee7197a29022a3e6a4ca7245d12 Mon Sep 17 00:00:00 2001 From: Terry Quigley <77437788+terryquigleysas@users.noreply.github.com> Date: Mon, 16 Sep 2024 18:30:22 +0100 Subject: [PATCH] Refactor ASN1 call (#4729) Signed-off-by: Terry Quigley --- .../security/ssl/DefaultSecurityKeyStore.java | 15 +++++++++++++-- .../java/org/opensearch/security/ssl/SSLTest.java | 15 +++++++++++++++ 2 files changed, 28 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index 9be2582b7f..8dbd2f139a 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -18,6 +18,7 @@ package org.opensearch.security.ssl; import java.io.File; +import java.lang.reflect.Method; import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.LinkOption; @@ -1223,9 +1224,10 @@ private List getOtherName(List altName) { final ASN1Sequence sequence = ASN1Sequence.getInstance(asn1Primitive); final ASN1ObjectIdentifier asn1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(0)); final ASN1TaggedObject asn1TaggedObject = ASN1TaggedObject.getInstance(sequence.getObjectAt(1)); - ASN1Object maybeTaggedAsn1Primitive = asn1TaggedObject.getBaseObject(); + Method getObjectMethod = getObjectMethod(); + ASN1Object maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(asn1TaggedObject); if (maybeTaggedAsn1Primitive instanceof ASN1TaggedObject) { - maybeTaggedAsn1Primitive = ASN1TaggedObject.getInstance(maybeTaggedAsn1Primitive).getBaseObject(); + maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(maybeTaggedAsn1Primitive); } if (maybeTaggedAsn1Primitive instanceof ASN1String) { return ImmutableList.of(asn1ObjectIdentifier.getId(), maybeTaggedAsn1Primitive.toString()); @@ -1237,4 +1239,13 @@ private List getOtherName(List altName) { throw new RuntimeException("Couldn't parse subject alternative names", ioe); } } + + static Method getObjectMethod() throws ClassNotFoundException, NoSuchMethodException { + Class asn1TaggedObjectClass = Class.forName("org.bouncycastle.asn1.ASN1TaggedObject"); + try { + return asn1TaggedObjectClass.getMethod("getBaseObject"); + } catch (NoSuchMethodException ex) { + return asn1TaggedObjectClass.getMethod("getObject"); + } + } } diff --git a/src/test/java/org/opensearch/security/ssl/SSLTest.java b/src/test/java/org/opensearch/security/ssl/SSLTest.java index 4e497be468..a6013c7823 100644 --- a/src/test/java/org/opensearch/security/ssl/SSLTest.java +++ b/src/test/java/org/opensearch/security/ssl/SSLTest.java @@ -17,6 +17,7 @@ package org.opensearch.security.ssl; +import java.lang.reflect.Method; import java.net.SocketException; import java.nio.file.Paths; import java.security.Security; @@ -1291,4 +1292,18 @@ public void testHttpsAndNodeSSLPemExtendedUsageEnabled() throws Exception { Assert.assertTrue(res.contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE")); Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername)); } + + @Test + public void testGetObjectMethod() { + try { + Method method = DefaultSecurityKeyStore.getObjectMethod(); + Assert.assertNotNull("Method should not be null", method); + Assert.assertTrue( + "One of the expected methods should be available", + method.getName().equals("getBaseObject") || method.getName().equals("getObject") + ); + } catch (ClassNotFoundException | NoSuchMethodException e) { + Assert.fail("Exception should not be thrown: " + e.getMessage()); + } + } }