From 75039ca82b02117951fae2c31cceddae3c6d6277 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Mon, 30 Dec 2024 20:15:44 +0100 Subject: [PATCH] Fix default key store type for JDK PKCS setup Fix default key/trust store type which is `JKS` but not `PKCS12` --- .../security/ssl/config/SslCertificatesLoader.java | 6 +++--- .../opensearch/security/ssl/util/SSLConfigConstants.java | 2 ++ 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java index a3f0c39eed..a5eb7631f4 100644 --- a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java +++ b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java @@ -14,7 +14,6 @@ import java.nio.file.Files; import java.nio.file.LinkOption; import java.nio.file.Path; -import java.security.KeyStore; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -27,6 +26,7 @@ import static org.opensearch.security.ssl.SecureSSLSettings.SECURE_SUFFIX; import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD; +import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_TYPE; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_KEY_PASSWORD; @@ -123,7 +123,7 @@ private KeyStoreConfiguration.JdkKeyStoreConfiguration buildJdkKeyStoreConfigura ) { return new KeyStoreConfiguration.JdkKeyStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + KEYSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(KEYSTORE_ALIAS, null), keyStorePassword, keyPassword @@ -137,7 +137,7 @@ private TrustStoreConfiguration.JdkTrustStoreConfiguration buildJdkTrustStoreCon ) { return new TrustStoreConfiguration.JdkTrustStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + TRUSTSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(TRUSTSTORE_ALIAS, null), trustStorePassword ); diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java index 0a67e1a520..ffe0a02ffd 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java @@ -28,6 +28,8 @@ public final class SSLConfigConstants { + public static final String DEFAULT_STORE_TYPE = "JKS"; + public static final String SSL_PREFIX = "plugins.security.ssl."; public static final String HTTP_SETTINGS = "http";