Skip to content
Snippets Groups Projects
Commit 522c4593 authored by Riabokon Stanislav(EPAM)[GCP]'s avatar Riabokon Stanislav(EPAM)[GCP]
Browse files

Merge branch 'integration-master' of... 

Merge branch 'integration-master' of git.epam.com:go3-nrg/platform/System/indexer into integration-master
parents a9e48190 e6b87e65
No related branches found
No related tags found
3 merge requests!46GCP fix swagger (GONRG-1022),!41GCP implement index cleanup (GONRG-856),!36Support for self-signed certificates for ElasticSearch connection(GONRG-776, GONRG-539)
Hide whitespace changes
Inline Side-by-side
indexer-core/src/main/java/org/opengroup/osdu/indexer/util/ElasticClientHandler.java
+ 152
152
View file @ 522c4593
package org.opengroup.osdu.indexer.util;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import lombok.extern.java.Log;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpStatus;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContextBuilder;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.indexer.IElasticSettingService;
import org.opengroup.osdu.core.common.model.search.ClusterSettings;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
@Log
public class ElasticClientHandler {
// Elastic cluster Rest client settings
private static final int CLOUD_REST_CLIENT_PORT = 9243;
private static final int REST_CLIENT_CONNECT_TIMEOUT = 60000;
private static final int REST_CLIENT_SOCKET_TIMEOUT = 60000;
private static final int REST_CLIENT_RETRY_TIMEOUT = 60000;
@Value("#{new Boolean('${security.https.certificate.trust:false}')}")
private Boolean isSecurityHttpsCertificateTrust;
@Autowired
private IElasticSettingService elasticSettingService;
public RestHighLevelClient createRestClient() {
return getCloudRestClient(elasticSettingService.getElasticClusterInformation());
}
// TODO: Remove this temporary implementation when ECE CCS is utilized
public RestHighLevelClient createRestClient(final ClusterSettings clusterSettings) {
return getCloudRestClient(clusterSettings);
}
private RestHighLevelClient getCloudRestClient(final ClusterSettings clusterSettings) {
String cluster = null;
String host = null;
int port = CLOUD_REST_CLIENT_PORT;
String protocolScheme = "https";
String tls = "true";
try {
cluster = clusterSettings.getHost();
host = clusterSettings.getHost();
port = clusterSettings.getPort();
if (!clusterSettings.isHttps()) {
protocolScheme = "http";
}
if (!clusterSettings.isTls()) {
tls = "false";
}
String basicEncoded = Base64
.getEncoder().encodeToString(clusterSettings.getUserNameAndPassword().getBytes());
String basicAuthenticationHeaderVal = String.format("Basic %s", basicEncoded);
RestClientBuilder builder = createClientBuilder(host, basicAuthenticationHeaderVal, port,
protocolScheme, tls);
return new RestHighLevelClient(builder);
} catch (AppException e) {
throw e;
} catch (Exception e) {
throw new AppException(
HttpStatus.SC_INTERNAL_SERVER_ERROR,
"search client error",
"error creating search client",
String
.format("Elastic client connection params, cluster: %s, host: %s, port: %s", cluster,
host, port),
e);
}
}
public RestClientBuilder createClientBuilder(String host, String basicAuthenticationHeaderVal,
int port, String protocolScheme, String tls) {
RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, protocolScheme));
builder.setRequestConfigCallback(
requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
.setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));
builder.setMaxRetryTimeoutMillis(REST_CLIENT_RETRY_TIMEOUT);
Header[] defaultHeaders = new Header[]{
new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
new BasicHeader("client.transport.ping_timeout", "30s"),
new BasicHeader("client.transport.sniff", "false"),
new BasicHeader("request.headers.X-Found-Cluster", host),
new BasicHeader("cluster.name", host),
new BasicHeader("xpack.security.transport.ssl.enabled", tls),
new BasicHeader("Authorization", basicAuthenticationHeaderVal),
};
log.info(String.format(
"Elastic client connection uses protocolScheme = %s with a flag "
+ "'security.https.certificate.trust' = %s",
protocolScheme, isSecurityHttpsCertificateTrust));
if ("https".equals(protocolScheme) && isSecurityHttpsCertificateTrust) {
log.warning("Elastic client connection uses TrustSelfSignedStrategy()");
SSLContext sslContext = createSSLContext();
builder.setHttpClientConfigCallback(httpClientBuilder ->
{
HttpAsyncClientBuilder httpAsyncClientBuilder = httpClientBuilder.setSSLContext(sslContext)
.setSSLHostnameVerifier(
NoopHostnameVerifier.INSTANCE);
return httpAsyncClientBuilder;
});
}
builder.setDefaultHeaders(defaultHeaders);
return builder;
}
private SSLContext createSSLContext() {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
try {
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
return sslContextBuilder.build();
} catch (NoSuchAlgorithmException e) {
log.severe(e.getMessage());
} catch (KeyStoreException e) {
log.severe(e.getMessage());
} catch (KeyManagementException e) {
log.severe(e.getMessage());
}
return null;
}
public Boolean isSecurityHttpsCertificateTrust() {
return isSecurityHttpsCertificateTrust;
}
public void setSecurityHttpsCertificateTrust(Boolean isSecurityHttpsCertificateTrust) {
this.isSecurityHttpsCertificateTrust = isSecurityHttpsCertificateTrust;
}
package org.opengroup.osdu.indexer.util;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Objects;
import javax.net.ssl.SSLContext;
import lombok.extern.java.Log;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.HttpStatus;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.nio.client.HttpAsyncClientBuilder;
import org.apache.http.message.BasicHeader;
import org.apache.http.ssl.SSLContextBuilder;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.opengroup.osdu.core.common.model.http.AppException;
import org.opengroup.osdu.core.common.model.indexer.IElasticSettingService;
import org.opengroup.osdu.core.common.model.search.ClusterSettings;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
@Component
@Log
public class ElasticClientHandler {
// Elastic cluster Rest client settings
private static final int CLOUD_REST_CLIENT_PORT = 9243;
private static final int REST_CLIENT_CONNECT_TIMEOUT = 60000;
private static final int REST_CLIENT_SOCKET_TIMEOUT = 60000;
private static final int REST_CLIENT_RETRY_TIMEOUT = 60000;
@Value("#{new Boolean('${security.https.certificate.trust}')}")
private Boolean isSecurityHttpsCertificateTrust;
@Autowired
private IElasticSettingService elasticSettingService;
public RestHighLevelClient createRestClient() {
return getCloudRestClient(elasticSettingService.getElasticClusterInformation());
}
// TODO: Remove this temporary implementation when ECE CCS is utilized
public RestHighLevelClient createRestClient(final ClusterSettings clusterSettings) {
return getCloudRestClient(clusterSettings);
}
private RestHighLevelClient getCloudRestClient(final ClusterSettings clusterSettings) {
String cluster = null;
String host = null;
int port = CLOUD_REST_CLIENT_PORT;
String protocolScheme = "https";
String tls = "true";
try {
cluster = clusterSettings.getHost();
host = clusterSettings.getHost();
port = clusterSettings.getPort();
if (!clusterSettings.isHttps()) {
protocolScheme = "http";
}
if (!clusterSettings.isTls()) {
tls = "false";
}
String basicEncoded = Base64
.getEncoder().encodeToString(clusterSettings.getUserNameAndPassword().getBytes());
String basicAuthenticationHeaderVal = String.format("Basic %s", basicEncoded);
RestClientBuilder builder = createClientBuilder(host, basicAuthenticationHeaderVal, port,
protocolScheme, tls);
return new RestHighLevelClient(builder);
} catch (AppException e) {
throw e;
} catch (Exception e) {
throw new AppException(
HttpStatus.SC_INTERNAL_SERVER_ERROR,
"search client error",
"error creating search client",
String
.format("Elastic client connection params, cluster: %s, host: %s, port: %s", cluster,
host, port),
e);
}
}
public RestClientBuilder createClientBuilder(String host, String basicAuthenticationHeaderVal,
int port, String protocolScheme, String tls) {
RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, protocolScheme));
builder.setRequestConfigCallback(
requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
.setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));
builder.setMaxRetryTimeoutMillis(REST_CLIENT_RETRY_TIMEOUT);
Header[] defaultHeaders = new Header[]{
new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
new BasicHeader("client.transport.ping_timeout", "30s"),
new BasicHeader("client.transport.sniff", "false"),
new BasicHeader("request.headers.X-Found-Cluster", host),
new BasicHeader("cluster.name", host),
new BasicHeader("xpack.security.transport.ssl.enabled", tls),
new BasicHeader("Authorization", basicAuthenticationHeaderVal),
};
log.info(String.format(
"Elastic client connection uses protocolScheme = %s with a flag "
+ "'security.https.certificate.trust' = %s",
protocolScheme, isSecurityHttpsCertificateTrust));
if ("https".equals(protocolScheme) && isSecurityHttpsCertificateTrust) {
log.warning("Elastic client connection uses TrustSelfSignedStrategy()");
SSLContext sslContext = createSSLContext();
builder.setHttpClientConfigCallback(httpClientBuilder ->
{
HttpAsyncClientBuilder httpAsyncClientBuilder = httpClientBuilder.setSSLContext(sslContext)
.setSSLHostnameVerifier(
NoopHostnameVerifier.INSTANCE);
return httpAsyncClientBuilder;
});
}
builder.setDefaultHeaders(defaultHeaders);
return builder;
}
private SSLContext createSSLContext() {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
try {
sslContextBuilder.loadTrustMaterial(null, new TrustSelfSignedStrategy());
return sslContextBuilder.build();
} catch (NoSuchAlgorithmException e) {
log.severe(e.getMessage());
} catch (KeyStoreException e) {
log.severe(e.getMessage());
} catch (KeyManagementException e) {
log.severe(e.getMessage());
}
return null;
}
public Boolean isSecurityHttpsCertificateTrust() {
return isSecurityHttpsCertificateTrust;
}
public void setSecurityHttpsCertificateTrust(Boolean isSecurityHttpsCertificateTrust) {
this.isSecurityHttpsCertificateTrust = isSecurityHttpsCertificateTrust;
}
}
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment