Skip to content

Commit

Permalink
Fix SSL config for JDK PKCS setup
Browse files Browse the repository at this point in the history 
Fix issue opensearch-project#4961 by defaulting
the keystore_keypassword setting to the same value as the keystore_password

Signed-off-by: Andrey Pleskach <[email protected]>
  • Loading branch information
@willyborankin
willyborankin committed Dec 30, 2024
1 parent a3345ef commit 7b448e5
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ public Tuple<TrustStoreConfiguration, KeyStoreConfiguration> loadConfiguration(f
final var settings = environment.settings();
final var sslConfigSettings = settings.getByPrefix(fullSslConfigSuffix);
if (settings.hasValue(sslConfigSuffix + KEYSTORE_FILEPATH)) {
final var keyStorePassword = resolvePassword(sslConfigSuffix + KEYSTORE_PASSWORD, settings, DEFAULT_STORE_PASSWORD);
return Tuple.tuple(
environment.settings().hasValue(sslConfigSuffix + TRUSTSTORE_FILEPATH)
? buildJdkTrustStoreConfiguration(
Expand All @@ -73,8 +74,12 @@ public Tuple<TrustStoreConfiguration, KeyStoreConfiguration> loadConfiguration(f
buildJdkKeyStoreConfiguration(
sslConfigSettings,
environment,
resolvePassword(sslConfigSuffix + KEYSTORE_PASSWORD, settings, DEFAULT_STORE_PASSWORD),
resolvePassword(fullSslConfigSuffix + KEYSTORE_KEY_PASSWORD, settings, DEFAULT_STORE_PASSWORD)
keyStorePassword,
resolvePassword(
fullSslConfigSuffix + KEYSTORE_KEY_PASSWORD,
settings,
keyStorePassword != null ? String.valueOf(keyStorePassword) : null
)
)
);
} else {
Expand Down

0 comments on commit 7b448e5

Please sign in to comment.