From e945646755e88f7085f2e7b3062c1b6b39771b77 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Mon, 30 Dec 2024 20:09:54 +0100 Subject: [PATCH] Fix default key store type for JDK PKCS setup Fix default key/trust store type which is `JKS` but not `PKCS12` --- .../ssl/config/SslCertificatesLoader.java | 20 +++---------------- .../security/ssl/util/SSLConfigConstants.java | 2 ++ 2 files changed, 5 insertions(+), 17 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java index a3f0c39eed..91a85d0d1a 100644 --- a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java +++ b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java @@ -14,7 +14,6 @@ import java.nio.file.Files; import java.nio.file.LinkOption; import java.nio.file.Path; -import java.security.KeyStore; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -26,20 +25,7 @@ import org.opensearch.env.Environment; import static org.opensearch.security.ssl.SecureSSLSettings.SECURE_SUFFIX; -import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD; -import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS; -import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH; -import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_KEY_PASSWORD; -import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_PASSWORD; -import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_TYPE; -import static org.opensearch.security.ssl.util.SSLConfigConstants.PEM_CERT_FILEPATH; -import static org.opensearch.security.ssl.util.SSLConfigConstants.PEM_KEY_FILEPATH; -import static org.opensearch.security.ssl.util.SSLConfigConstants.PEM_KEY_PASSWORD; -import static org.opensearch.security.ssl.util.SSLConfigConstants.PEM_TRUSTED_CAS_FILEPATH; -import static org.opensearch.security.ssl.util.SSLConfigConstants.TRUSTSTORE_ALIAS; -import static org.opensearch.security.ssl.util.SSLConfigConstants.TRUSTSTORE_FILEPATH; -import static org.opensearch.security.ssl.util.SSLConfigConstants.TRUSTSTORE_PASSWORD; -import static org.opensearch.security.ssl.util.SSLConfigConstants.TRUSTSTORE_TYPE; +import static org.opensearch.security.ssl.util.SSLConfigConstants.*; public class SslCertificatesLoader { @@ -123,7 +109,7 @@ private KeyStoreConfiguration.JdkKeyStoreConfiguration buildJdkKeyStoreConfigura ) { return new KeyStoreConfiguration.JdkKeyStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + KEYSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(KEYSTORE_ALIAS, null), keyStorePassword, keyPassword @@ -137,7 +123,7 @@ private TrustStoreConfiguration.JdkTrustStoreConfiguration buildJdkTrustStoreCon ) { return new TrustStoreConfiguration.JdkTrustStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + TRUSTSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(TRUSTSTORE_ALIAS, null), trustStorePassword ); diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java index 0a67e1a520..ffe0a02ffd 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java @@ -28,6 +28,8 @@ public final class SSLConfigConstants { + public static final String DEFAULT_STORE_TYPE = "JKS"; + public static final String SSL_PREFIX = "plugins.security.ssl."; public static final String HTTP_SETTINGS = "http";