From 044e516c82bf2454dbdbd3cdcf382346f3da5b0a Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Wed, 18 Sep 2024 18:51:22 +0200 Subject: [PATCH] Rebased main Signed-off-by: Andrey Pleskach --- .../security/ssl/SslContextHandler.java | 6 +-- .../security/ssl/config/Certificate.java | 15 +++++++- .../security/ssl/SslContextHandlerTest.java | 2 +- .../security/ssl/config/CertificateTest.java | 38 +++++++++++++++++++ 4 files changed, 55 insertions(+), 6 deletions(-) create mode 100644 src/test/java/org/opensearch/security/ssl/config/CertificateTest.java diff --git a/src/main/java/org/opensearch/security/ssl/SslContextHandler.java b/src/main/java/org/opensearch/security/ssl/SslContextHandler.java index f9b4e5b444..925854e2af 100644 --- a/src/main/java/org/opensearch/security/ssl/SslContextHandler.java +++ b/src/main/java/org/opensearch/security/ssl/SslContextHandler.java @@ -14,6 +14,7 @@ import java.nio.charset.StandardCharsets; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.Collections; import java.util.List; import java.util.Set; import java.util.stream.Collectors; @@ -153,9 +154,8 @@ private void validateNewCertificates(final List newCertificates) th private void invalidateSessions() { final var sessionContext = sslContext.sessionContext(); if (sessionContext != null) { - final var sessionsIds = sessionContext.getIds(); - while (sessionsIds.hasMoreElements()) { - final var session = sessionContext.getSession(sessionsIds.nextElement()); + for (final var sessionId : Collections.list(sessionContext.getIds())) { + final var session = sessionContext.getSession(sessionId); if (session != null) { session.invalidate(); } diff --git a/src/main/java/org/opensearch/security/ssl/config/Certificate.java b/src/main/java/org/opensearch/security/ssl/config/Certificate.java index 1ae251c04a..534148db57 100644 --- a/src/main/java/org/opensearch/security/ssl/config/Certificate.java +++ b/src/main/java/org/opensearch/security/ssl/config/Certificate.java @@ -11,6 +11,7 @@ package org.opensearch.security.ssl.config; +import java.lang.reflect.Method; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; import java.util.Arrays; @@ -119,9 +120,10 @@ private List parseOtherName(List altName) { final ASN1Sequence sequence = ASN1Sequence.getInstance(asn1Primitive); final ASN1ObjectIdentifier asn1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(0)); final ASN1TaggedObject asn1TaggedObject = ASN1TaggedObject.getInstance(sequence.getObjectAt(1)); - ASN1Object maybeTaggedAsn1Primitive = asn1TaggedObject.getBaseObject(); + Method getObjectMethod = getObjectMethod(); + ASN1Object maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(asn1TaggedObject); if (maybeTaggedAsn1Primitive instanceof ASN1TaggedObject) { - maybeTaggedAsn1Primitive = ASN1TaggedObject.getInstance(maybeTaggedAsn1Primitive).getBaseObject(); + maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(maybeTaggedAsn1Primitive); } if (maybeTaggedAsn1Primitive instanceof ASN1String) { return ImmutableList.of(asn1ObjectIdentifier.getId(), maybeTaggedAsn1Primitive.toString()); @@ -134,6 +136,15 @@ private List parseOtherName(List altName) { } } + static Method getObjectMethod() throws ClassNotFoundException, NoSuchMethodException { + Class asn1TaggedObjectClass = Class.forName("org.bouncycastle.asn1.ASN1TaggedObject"); + try { + return asn1TaggedObjectClass.getMethod("getBaseObject"); + } catch (NoSuchMethodException ex) { + return asn1TaggedObjectClass.getMethod("getObject"); + } + } + public String serialNumber() { return certificate.getSerialNumber().toString(); } diff --git a/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java b/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java index d044372291..4dea300754 100644 --- a/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java +++ b/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java @@ -74,7 +74,7 @@ void writeCertificates( } @Test - public void failsIfCertificatesAreSame() throws Exception { + public void doesNothingIfCertificatesAreSame() throws Exception { final var sslContextHandler = sslContextHandler(); final var sslContextBefore = sslContextHandler.sslContext(); diff --git a/src/test/java/org/opensearch/security/ssl/config/CertificateTest.java b/src/test/java/org/opensearch/security/ssl/config/CertificateTest.java new file mode 100644 index 0000000000..5fe2185d44 --- /dev/null +++ b/src/test/java/org/opensearch/security/ssl/config/CertificateTest.java @@ -0,0 +1,38 @@ +/* + * SPDX-License-Identifier: Apache-2.0 + * + * The OpenSearch Contributors require contributions made to + * this file be licensed under the Apache-2.0 license or a + * compatible open source license. + * + * Modifications Copyright OpenSearch Contributors. See + * GitHub history for details. + */ + +package org.opensearch.security.ssl.config; + +import java.lang.reflect.Method; + +import org.junit.Test; + +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.junit.Assert.fail; + +public class CertificateTest { + + @Test + public void testGetObjectMethod() { + try { + final Method method = Certificate.getObjectMethod(); + assertThat("Method should not be null", method, notNullValue()); + assertThat( + "One of the expected methods should be available", + method.getName().equals("getBaseObject") || method.getName().equals("getObject") + ); + } catch (ClassNotFoundException | NoSuchMethodException e) { + fail("Exception should not be thrown: " + e.getMessage()); + } + } + +}