Support ECK/Elasticsearch on EKS

commit b3a5f318 Author: Matt Wise <wsmatth@amazon.com> Date: Mon Mar 22 2021 11:44:35 GMT-0500 (Central Daylight Time) fix int tests for new elasticsearch deployment commit 71ba4de3 Author: Matt Wise <wsmatth@amazon.com> Date: Thu Mar 18 2021 14:02:48 GMT-0500 (Central Daylight Time) support new elasticsearch connection model commit 4d512443 Author: Matt Wise <wsmatth@amazon.com> Date: Thu Mar 18 2021 13:57:26 GMT-0500 (Central Daylight Time) Merge remote-tracking branch 'origin/master' into dev commit bbaaa4af Author: zhijie wang <wanzhiji@amazon.com> Date: Thu Mar 04 2021 11:52:26 GMT-0600 (Central Standard Time) re-enable test commit 8e187e1f Author: zhijie wang <wanzhiji@amazon.com> Date: Wed Mar 03 2021 16:24:12 GMT-0600 (Central Standard Time) merge dev commit b8bde92f Author: zhijie wang <wanzhiji@amazon.com> Date: Wed Mar 03 2021 15:26:52 GMT-0600 (Central Standard Time) add reindex task commit 86590ad2 Author: zhijie wang <wanzhiji@amazon.com> Date: Fri Feb 12 2021 16:35:55 GMT-0600 (Central Standard Time) remove uncessary hard code commit 94db5a97 Author: zhijie wang <wanzhiji@amazon.com> Date: Fri Feb 12 2021 16:28:58 GMT-0600 (Central Standard Time) use correct indexerQueueTaskBuilder for AWS commit 5d95151c Author: zhijie wang <wanzhiji@amazon.com> Date: Fri Feb 12 2021 11:48:00 GMT-0600 (Central Standard Time) Solve DependencyInjection for ReIndexService (previously using IndexerQueueTaskBuilder from Core) commit f3824aff Author: wanzhiji <wanzhiji@amazon.com> Date: Fri Feb 05 2021 16:27:31 GMT-0600 (Central Standard Time) Storage 404 error causing message to not retry. Add fix commit 149d03fc Author: Matt Wise <wsmatth@amazon.com> Date: Fri Feb 05 2021 10:17:20 GMT-0800 (Pacific Standard Time) Merge remote-tracking branch 'origin/dev' into storage-404 commit f478d4d3 Author: zhijie wang <wanzhiji@amazon.com> Date: Fri Feb 05 2021 09:10:16 GMT-0800 (Pacific Standard Time) fix storage 404 commit 3580a510 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Wed Feb 03 2021 08:13:36 GMT-0800 (Pacific Standard Time) Merge branch 'dev' of codecommit://os-indexer into dev commit e17cd0f9 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Wed Feb 03 2021 08:13:24 GMT-0800 (Pacific Standard Time) ubuntu expired key fix commit 8623a8c6 Author: Spencer Sutton <suttonsp@amazon.com> Date: Wed Feb 03 2021 07:21:23 GMT-0800 (Pacific Standard Time) SSL AWS commit 78cab700 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Fri Jan 29 2021 12:41:00 GMT-0600 (Central Standard Time) Adding ssl props commit 82a15c82 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Fri Jan 29 2021 12:20:36 GMT-0600 (Central Standard Time) Adding SSL commit cd820a21 Author: Matt Wise <wsmatth@amazon.com> Date: Tue Feb 02 2021 07:57:36 GMT-0800 (Pacific Standard Time) disable test failures commit a3dacfb7 Author: Spencer Sutton <suttonsp@amazon.com> Date: Wed Feb 03 2021 09:21:23 GMT-0600 (Central Standard Time) SSL AWS commit 78cab700 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Fri Jan 29 2021 12:41:00 GMT-0600 (Central Standard Time) Adding ssl props commit 82a15c82 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Fri Jan 29 2021 12:20:36 GMT-0600 (Central Standard Time) Adding SSL commit 40af5d94 Author: Sutton <suttonsp@147dda3a90de.ant.amazon.com> Date: Wed Feb 03 2021 10:13:24 GMT-0600 (Central Standard Time) ubuntu expired key fix commit 56b3f539 Author: Matt Wise <wsmatth@amazon.com> Date: Tue Feb 02 2021 09:57:36 GMT-0600 (Central Standard Time) disable test failures

Support ECK/Elasticsearch on EKS
2efa3ad9 · Matt Wise · e612dbf7 · 2efa3ad9 · 2efa3ad9 · 2efa3ad9
Commit 2efa3ad9 authored 3 years ago by Matt Wise
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
@@ -33,7 +33,17 @@ public class ElasticRepositoryImpl implements IElasticRepository {
    @Value("${aws.es.port}")
    int port;
-    String userNameAndPassword = "testing";
+    @Value("${aws.es.isHttps}")
+    boolean isHttps;
+    @Value("${aws.es.username}")
+    String username;
+    @Value("${aws.es.password}")
+    String password;
+    String usernameAndPassword;
    @Value("${aws.elasticsearch.port}")
    String portParameter;
@@ -41,6 +51,12 @@ public class ElasticRepositoryImpl implements IElasticRepository {
    @Value("${aws.elasticsearch.host}")
    String hostParameter;
+    @Value("${aws.elasticsearch.username}")
+    String usernameParameter;
+    @Value("${aws.elasticsearch.password}")
+    String passwordParameter;
    @Value("${aws.ssm}")
    String ssmEnabledString;
@@ -52,12 +68,24 @@ public class ElasticRepositoryImpl implements IElasticRepository {
            SSMConfig ssmConfig = new SSMConfig();
            ssm = ssmConfig.amazonSSM();
            host = ssm.getProperty(hostParameter).toString();
-            port = Integer.parseInt(ssm.getProperty(portParameter).toString());
+            port = Integer.parseInt(ssm.getProperty(portParameter).toString());            
+            username = ssm.getProperty(usernameParameter).toString();            
+            password = ssm.getProperty(passwordParameter).toString();            
        }
+        //elastic expects username:password format
+        usernameAndPassword = String.format("%s:%s", username, password);
    }
    @Override
    public ClusterSettings getElasticClusterSettings(TenantInfo tenantInfo) {
-        return new ClusterSettings(host, port, userNameAndPassword);
+        ClusterSettings settings = new ClusterSettings(host, port, usernameAndPassword);
+        if (!isHttps) {
+            settings.setHttps(false);
+            settings.setTls(false);
+        }
+        return settings;
    }
 }
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java
@@ -16,7 +16,9 @@ package org.opengroup.osdu.indexer.aws.service;
 import org.apache.http.Header;
 import org.apache.http.HttpHost;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.message.BasicHeader;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.elasticsearch.client.RestClient;
 import org.opengroup.osdu.indexer.util.ElasticClientHandler;
 import org.elasticsearch.client.RestClientBuilder;
@@ -24,17 +26,30 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Primary;
 import org.springframework.stereotype.Component;
+import lombok.extern.java.Log;
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import javax.inject.Inject;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 // TODO: Elastic Client Handler should be designed to allow cloud providers to implement their own handler if not we have to inherited
 // SPI needs to be refactored
 @Primary
 @Component
+@Log
 public class ElasticClientHandlerAws extends ElasticClientHandler {
    private static final int REST_CLIENT_CONNECT_TIMEOUT = 60000;
    private static final int REST_CLIENT_SOCKET_TIMEOUT = 60000;
    private static final int REST_CLIENT_RETRY_TIMEOUT = 60000;
+    @Value("${aws.es.certificate.disableTrust:false}")
+    // @Value("#{new Boolean('${aws.es.certificate.disableTrust:false}')}")
+    private Boolean disableSslCertificateTrust;
    public ElasticClientHandlerAws() {
    }
@@ -46,8 +61,23 @@ public class ElasticClientHandlerAws extends ElasticClientHandler {
                .setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
                .setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));        
-        if(isLocalHost(host)) {
+        if(isLocalHost(host) || disableSslCertificateTrust) {            
-            builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder.setSSLHostnameVerifier((s, sslSession) -> true));
+            SSLContext sslContext;            
+            try {
+                sslContext = SSLContext.getInstance("TLS");
+                sslContext.init(null, new TrustManager[]{ UnsafeX509ExtendedTrustManager.INSTANCE }, null);
+                builder.setHttpClientConfigCallback(httpClientBuilder -> 
+                httpClientBuilder.setSSLContext(sslContext)
+                                .setSSLHostnameVerifier((s, session) -> true));
+            } catch (NoSuchAlgorithmException e) {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            } catch (KeyManagementException e) {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            }
        }
        Header[] defaultHeaders = new Header[]{
                new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
@@ -55,7 +85,8 @@ public class ElasticClientHandlerAws extends ElasticClientHandler {
                new BasicHeader("client.transport.sniff", "false"),
                new BasicHeader("request.headers.X-Found-Cluster", host),
                new BasicHeader("cluster.name", host),
-                new BasicHeader("xpack.security.transport.ssl.enabled", tls)
+                new BasicHeader("xpack.security.transport.ssl.enabled", tls),
+                new BasicHeader("Authorization", basicAuthenticationHeaderVal),
        };
        builder.setDefaultHeaders(defaultHeaders);
        return builder;

--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/UnsafeX509ExtendedTrustManager.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/UnsafeX509ExtendedTrustManager.java
+package org.opengroup.osdu.indexer.aws.service;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+/**
+ * An insecure {@link UnsafeX509ExtendedTrustManager TrustManager} that trusts all X.509 certificates without any verification.
+ * <p>
+ * <strong>NOTE:</strong>
+ * Never use this {@link UnsafeX509ExtendedTrustManager} in production.
+ * It is purely for testing purposes, and thus it is very insecure.
+ * </p>
+ * <br>
+ * Suppressed warning: java:S4830 - "Server certificates should be verified during SSL/TLS connections"
+ *                                  This TrustManager doesn't validate certificates and should not be used at production.
+ *                                  It is just meant to be used for testing purposes and it is designed not to verify server certificates.
+ */
+class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {
+    public static final UnsafeX509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
+    private static final Logger LOGGER = LoggerFactory.getLogger(UnsafeX509ExtendedTrustManager.class);
+    private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];
+    private static final String CLIENT_CERTIFICATE_LOG_MESSAGE = "Accepting a client certificate: [{}]";
+    private static final String SERVER_CERTIFICATE_LOG_MESSAGE = "Accepting a server certificate: [{}]";
+    private UnsafeX509ExtendedTrustManager() {}
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return EMPTY_X509_CERTIFICATES;
+    }
+}
\ No newline at end of file
--- a/provider/indexer-aws/src/main/resources/application.properties
+++ b/provider/indexer-aws/src/main/resources/application.properties
@@ -11,14 +11,14 @@ CRON_INDEX_CLEANUP_THRESHOLD_DAYS=3
 CRON_EMPTY_INDEX_CLEANUP_THRESHOLD_DAYS=7
 # AWS ES configuration
-# DO NOT COMMENT THESE OUT THEY ARE PLACE HOLDERS
+aws.es.host=${ELASTIC_HOST:}
-ELASTIC_HOST=""
+aws.es.port=${ELASTIC_PORT:0}
-ELASTIC_PORT=0
+aws.es.isHttps=${ELASTIC_HTTPS:true}
-aws.es.host=${ELASTIC_HOST}
+aws.es.username=${ELASTIC_USERNAME:empty}
-aws.es.port=${ELASTIC_PORT}
+aws.es.password=${ELASTIC_PASSWORD:empty}
-aws.es.userNameAndPassword=notused
 aws.region=${AWS_REGION}
 aws.es.serviceName=es
+aws.es.certificate.disableTrust=${ELASTIC_DISABLE_CERTIFICATE_TRUST:false}
 GAE_SERVICE=indexer
@@ -53,8 +53,10 @@ aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
 aws.ssm=${SSM_ENABLED}
 aws.ssm.prefix=/osdu/${ENVIRONMENT}
-aws.elasticsearch.host=${aws.ssm.prefix}/elastic-search/end-point
+aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point
-aws.elasticsearch.port=${aws.ssm.prefix}/elastic-search/end-point-port
+aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port
+aws.elasticsearch.username=${aws.ssm.prefix}/elasticsearch/username
+aws.elasticsearch.password=${aws.ssm.prefix}/elasticsearch/password
 aws.indexer.sns.topic.arn=${aws.ssm.prefix}/indexer/indexer-sns-topic-arn
 aws.storage.sns.topic.arn=${aws.ssm.prefix}/storage/storage-sns-topic-arn

--- a/testing/indexer-test-aws/build-aws/run-tests.sh
+++ b/testing/indexer-test-aws/build-aws/run-tests.sh
@@ -28,10 +28,15 @@ export ENTITLEMENTS_DOMAIN=testing.com
 export OTHER_RELEVANT_DATA_COUNTRIES=US
 export STORAGE_HOST=$STORAGE_URL
 export HOST=$SCHEMA_URL
+export ELASTIC_HOST=$ELASTIC_HOST
+export ELASTIC_PORT=$ELASTIC_PORT
+export ELASTIC_PASSWORD=$ELASTIC_PASSWORD
+export ELASTIC_USER_NAME=$ELASTIC_USERNAME
 #### RUN INTEGRATION TEST #########################################################################
 mvn -ntp test -f "$SCRIPT_SOURCE_DIR"/../pom.xml -Dcucumber.options="--plugin junit:target/junit-report.xml"
+# mvn -Dmaven.surefire.debug test -f "$SCRIPT_SOURCE_DIR"/../pom.xml -Dcucumber.options="--plugin junit:target/junit-report.xml"
 TEST_EXIT_CODE=$?
 #### COPY TEST REPORTS #########################################################################

--- a/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java
+++ b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java
@@ -14,6 +14,13 @@
 package org.opengroup.osdu.util;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 import org.apache.http.Header;
 import org.apache.http.HttpHost;
 import org.apache.http.message.BasicHeader;
@@ -32,7 +39,30 @@ public class ElasticUtilsAws extends ElasticUtils {
        RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, "https"));
        builder.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
                .setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));
-        builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder.setSSLHostnameVerifier((s, sslSession) -> true));
+        //dont enforce CA/cert validity for tests
+        SSLContext sslContext;            
+        try {
+            sslContext = SSLContext.getInstance("TLS");
+            sslContext.init(null, new TrustManager[]{ UnsafeX509ExtendedTrustManager.INSTANCE }, null);
+            builder.setHttpClientConfigCallback(httpClientBuilder -> 
+            httpClientBuilder.setSSLContext(sslContext)
+                            .setSSLHostnameVerifier((s, session) -> true));
+        } catch (NoSuchAlgorithmException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        } catch (KeyManagementException e) {
+            // TODO Auto-generated catch block
+            e.printStackTrace();
+        }
+        String basicEncoded = Base64
+                            .getEncoder().encodeToString(usernameAndPassword.getBytes());
+        String basicAuthenticationHeaderVal = String.format("Basic %s", basicEncoded);
        Header[] defaultHeaders = new Header[]{
                new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
@@ -40,7 +70,8 @@ public class ElasticUtilsAws extends ElasticUtils {
                new BasicHeader("client.transport.sniff", "false"),
                new BasicHeader("request.headers.X-Found-Cluster", Config.getElasticHost()),
                new BasicHeader("cluster.name", Config.getElasticHost()),
-                new BasicHeader("xpack.security.transport.ssl.enabled", Boolean.toString(true))
+                new BasicHeader("xpack.security.transport.ssl.enabled", Boolean.toString(true)),
+                new BasicHeader("Authorization", basicAuthenticationHeaderVal),
        };
        builder.setDefaultHeaders(defaultHeaders);

--- a/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/UnsafeX509ExtendedTrustManager.java
+++ b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/UnsafeX509ExtendedTrustManager.java
+package org.opengroup.osdu.util;
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+/**
+ * An insecure {@link UnsafeX509ExtendedTrustManager TrustManager} that trusts all X.509 certificates without any verification.
+ * <p>
+ * <strong>NOTE:</strong>
+ * Never use this {@link UnsafeX509ExtendedTrustManager} in production.
+ * It is purely for testing purposes, and thus it is very insecure.
+ * </p>
+ * <br>
+ * Suppressed warning: java:S4830 - "Server certificates should be verified during SSL/TLS connections"
+ *                                  This TrustManager doesn't validate certificates and should not be used at production.
+ *                                  It is just meant to be used for testing purposes and it is designed not to verify server certificates.
+ */
+class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {
+    public static final UnsafeX509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
+    private static final Logger LOGGER = LoggerFactory.getLogger(UnsafeX509ExtendedTrustManager.class);
+    private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];
+    private static final String CLIENT_CERTIFICATE_LOG_MESSAGE = "Accepting a client certificate: [{}]";
+    private static final String SERVER_CERTIFICATE_LOG_MESSAGE = "Accepting a server certificate: [{}]";
+    private UnsafeX509ExtendedTrustManager() {}
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+        }
+    }
+    @Override
+    public X509Certificate[] getAcceptedIssuers() {
+        return EMPTY_X509_CERTIFICATES;
+    }
+}
\ No newline at end of file