diff --git a/indexer-core/pom.xml b/indexer-core/pom.xml
index 49ce44c6ad55653079bcfe146f6561f7b9f5f5f7..08b4a00a5edbe2f94fac86ab2c2b253dae7ad9f6 100644
--- a/indexer-core/pom.xml
+++ b/indexer-core/pom.xml
@@ -4,12 +4,12 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<artifactId>indexer-core</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<name>indexer-core</name>
<description>Indexer Service Core</description>
<packaging>jar</packaging>
diff --git a/pom.xml b/pom.xml
index 51f7584b12ad62b290706011cc4e8eb3c4e3a7c0..61d185ec97ef7ce70c7c55a573f5fc4342d082a8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
<packaging>pom</packaging>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<description>Indexer Service</description>
<properties>
diff --git a/provider/indexer-aws/pom.xml b/provider/indexer-aws/pom.xml
index 7fad557f0e8324b8df8cf15a3fd39878a40d0299..1c576b02acfcd913008f0fbb34b60d1b99767b19 100644
--- a/provider/indexer-aws/pom.xml
+++ b/provider/indexer-aws/pom.xml
@@ -18,7 +18,7 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
@@ -26,7 +26,7 @@
<artifactId>indexer-aws</artifactId>
<description>Storage service on AWS</description>
<packaging>jar</packaging>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<properties>
<aws.version>1.11.637</aws.version>
@@ -43,7 +43,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
index b65add33a07eb10ce43a89218344f01ab3dae4b0..93e6acd37039acda8c22e7b02b827447f58a8ecc 100644
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/persistence/ElasticRepositoryImpl.java
@@ -33,7 +33,17 @@ public class ElasticRepositoryImpl implements IElasticRepository {
@Value("${aws.es.port}")
int port;
- String userNameAndPassword = "testing";
+ @Value("${aws.es.isHttps}")
+ boolean isHttps;
+
+ @Value("${aws.es.username}")
+ String username;
+
+ @Value("${aws.es.password}")
+ String password;
+
+ String usernameAndPassword;
+
@Value("${aws.elasticsearch.port}")
String portParameter;
@@ -41,6 +51,12 @@ public class ElasticRepositoryImpl implements IElasticRepository {
@Value("${aws.elasticsearch.host}")
String hostParameter;
+ @Value("${aws.elasticsearch.username}")
+ String usernameParameter;
+
+ @Value("${aws.elasticsearch.password}")
+ String passwordParameter;
+
@Value("${aws.ssm}")
String ssmEnabledString;
@@ -52,12 +68,24 @@ public class ElasticRepositoryImpl implements IElasticRepository {
SSMConfig ssmConfig = new SSMConfig();
ssm = ssmConfig.amazonSSM();
host = ssm.getProperty(hostParameter).toString();
- port = Integer.parseInt(ssm.getProperty(portParameter).toString());
+ port = Integer.parseInt(ssm.getProperty(portParameter).toString());
+ username = ssm.getProperty(usernameParameter).toString();
+ password = ssm.getProperty(passwordParameter).toString();
}
+
+ //elastic expects username:password format
+ usernameAndPassword = String.format("%s:%s", username, password);
}
@Override
public ClusterSettings getElasticClusterSettings(TenantInfo tenantInfo) {
- return new ClusterSettings(host, port, userNameAndPassword);
+ ClusterSettings settings = new ClusterSettings(host, port, usernameAndPassword);
+
+ if (!isHttps) {
+ settings.setHttps(false);
+ settings.setTls(false);
+ }
+
+ return settings;
}
}
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java
index e6003130aad08cfdb49e57d70cee54f17eca625c..bb0407cdb5a44aa83c765da48708a2a29532c784 100644
--- a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/ElasticClientHandlerAws.java
@@ -16,7 +16,9 @@ package org.opengroup.osdu.indexer.aws.service;
import org.apache.http.Header;
import org.apache.http.HttpHost;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.message.BasicHeader;
+import org.apache.http.ssl.SSLContextBuilder;
import org.elasticsearch.client.RestClient;
import org.opengroup.osdu.indexer.util.ElasticClientHandler;
import org.elasticsearch.client.RestClientBuilder;
@@ -24,17 +26,30 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Component;
+import lombok.extern.java.Log;
+
+import java.security.KeyManagementException;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
import javax.inject.Inject;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
// TODO: Elastic Client Handler should be designed to allow cloud providers to implement their own handler if not we have to inherited
// SPI needs to be refactored
@Primary
@Component
+@Log
public class ElasticClientHandlerAws extends ElasticClientHandler {
private static final int REST_CLIENT_CONNECT_TIMEOUT = 60000;
private static final int REST_CLIENT_SOCKET_TIMEOUT = 60000;
private static final int REST_CLIENT_RETRY_TIMEOUT = 60000;
+ @Value("${aws.es.certificate.disableTrust:false}")
+ // @Value("#{new Boolean('${aws.es.certificate.disableTrust:false}')}")
+ private Boolean disableSslCertificateTrust;
+
public ElasticClientHandlerAws() {
}
@@ -46,8 +61,23 @@ public class ElasticClientHandlerAws extends ElasticClientHandler {
.setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
.setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));
- if(isLocalHost(host)) {
- builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder.setSSLHostnameVerifier((s, sslSession) -> true));
+ if(isLocalHost(host) || disableSslCertificateTrust) {
+
+ SSLContext sslContext;
+ try {
+ sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(null, new TrustManager[]{ UnsafeX509ExtendedTrustManager.INSTANCE }, null);
+ builder.setHttpClientConfigCallback(httpClientBuilder ->
+ httpClientBuilder.setSSLContext(sslContext)
+ .setSSLHostnameVerifier((s, session) -> true));
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
}
Header[] defaultHeaders = new Header[]{
new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
@@ -55,7 +85,8 @@ public class ElasticClientHandlerAws extends ElasticClientHandler {
new BasicHeader("client.transport.sniff", "false"),
new BasicHeader("request.headers.X-Found-Cluster", host),
new BasicHeader("cluster.name", host),
- new BasicHeader("xpack.security.transport.ssl.enabled", tls)
+ new BasicHeader("xpack.security.transport.ssl.enabled", tls),
+ new BasicHeader("Authorization", basicAuthenticationHeaderVal),
};
builder.setDefaultHeaders(defaultHeaders);
return builder;
diff --git a/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/UnsafeX509ExtendedTrustManager.java b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/UnsafeX509ExtendedTrustManager.java
new file mode 100644
index 0000000000000000000000000000000000000000..c2a9af091ababbe359394cc1256eeb3071f2bfae
--- /dev/null
+++ b/provider/indexer-aws/src/main/java/org/opengroup/osdu/indexer/aws/service/UnsafeX509ExtendedTrustManager.java
@@ -0,0 +1,81 @@
+package org.opengroup.osdu.indexer.aws.service;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
+
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * An insecure {@link UnsafeX509ExtendedTrustManager TrustManager} that trusts all X.509 certificates without any verification.
+ * <p>
+ * <strong>NOTE:</strong>
+ * Never use this {@link UnsafeX509ExtendedTrustManager} in production.
+ * It is purely for testing purposes, and thus it is very insecure.
+ * </p>
+ * <br>
+ * Suppressed warning: java:S4830 - "Server certificates should be verified during SSL/TLS connections"
+ * This TrustManager doesn't validate certificates and should not be used at production.
+ * It is just meant to be used for testing purposes and it is designed not to verify server certificates.
+ */
+class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {
+
+ public static final UnsafeX509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
+ private static final Logger LOGGER = LoggerFactory.getLogger(UnsafeX509ExtendedTrustManager.class);
+ private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];
+ private static final String CLIENT_CERTIFICATE_LOG_MESSAGE = "Accepting a client certificate: [{}]";
+ private static final String SERVER_CERTIFICATE_LOG_MESSAGE = "Accepting a server certificate: [{}]";
+
+ private UnsafeX509ExtendedTrustManager() {}
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return EMPTY_X509_CERTIFICATES;
+ }
+
+}
\ No newline at end of file
diff --git a/provider/indexer-aws/src/main/resources/application.properties b/provider/indexer-aws/src/main/resources/application.properties
index d42824c82a6154f8d27c9366053323857f9e847a..299e9198eb748c87648e11f54835429e835c045f 100644
--- a/provider/indexer-aws/src/main/resources/application.properties
+++ b/provider/indexer-aws/src/main/resources/application.properties
@@ -11,14 +11,14 @@ CRON_INDEX_CLEANUP_THRESHOLD_DAYS=3
CRON_EMPTY_INDEX_CLEANUP_THRESHOLD_DAYS=7
# AWS ES configuration
-# DO NOT COMMENT THESE OUT THEY ARE PLACE HOLDERS
-ELASTIC_HOST=""
-ELASTIC_PORT=0
-aws.es.host=${ELASTIC_HOST}
-aws.es.port=${ELASTIC_PORT}
-aws.es.userNameAndPassword=notused
+aws.es.host=${ELASTIC_HOST:}
+aws.es.port=${ELASTIC_PORT:0}
+aws.es.isHttps=${ELASTIC_HTTPS:true}
+aws.es.username=${ELASTIC_USERNAME:empty}
+aws.es.password=${ELASTIC_PASSWORD:empty}
aws.region=${AWS_REGION}
aws.es.serviceName=es
+aws.es.certificate.disableTrust=${ELASTIC_DISABLE_CERTIFICATE_TRUST:false}
GAE_SERVICE=indexer
@@ -53,8 +53,10 @@ aws.dynamodb.endpoint=dynamodb.${AWS_REGION}.amazonaws.com
aws.ssm=${SSM_ENABLED}
aws.ssm.prefix=/osdu/${ENVIRONMENT}
-aws.elasticsearch.host=${aws.ssm.prefix}/elastic-search/end-point
-aws.elasticsearch.port=${aws.ssm.prefix}/elastic-search/end-point-port
+aws.elasticsearch.host=${aws.ssm.prefix}/elasticsearch/end-point
+aws.elasticsearch.port=${aws.ssm.prefix}/elasticsearch/end-point-port
+aws.elasticsearch.username=${aws.ssm.prefix}/elasticsearch/username
+aws.elasticsearch.password=${aws.ssm.prefix}/elasticsearch/password
aws.indexer.sns.topic.arn=${aws.ssm.prefix}/indexer/indexer-sns-topic-arn
aws.storage.sns.topic.arn=${aws.ssm.prefix}/storage/storage-sns-topic-arn
diff --git a/provider/indexer-azure/pom.xml b/provider/indexer-azure/pom.xml
index 88c81b927e5cce9085b9dd747731fc3d93630845..239bfe36f7f64a3e8a7ea93c64dd6b3432d557d5 100644
--- a/provider/indexer-azure/pom.xml
+++ b/provider/indexer-azure/pom.xml
@@ -21,12 +21,12 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>indexer-azure</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<name>indexer-azure</name>
<description>Indexer Service Azure</description>
<packaging>jar</packaging>
@@ -39,7 +39,7 @@
<azure.appservice.subscription />
<log4j.version>2.11.2</log4j.version>
<nimbus-jose-jwt.version>8.2</nimbus-jose-jwt.version>
- <indexer-core.version>0.8.0-SNAPSHOT</indexer-core.version>
+ <indexer-core.version>0.9.0-SNAPSHOT</indexer-core.version>
<spring-security-jwt.version>1.1.1.RELEASE</spring-security-jwt.version>
<osdu.corelibazure.version>0.6.2</osdu.corelibazure.version>
<reactor-netty.version>0.9.12.RELEASE</reactor-netty.version>
diff --git a/provider/indexer-gcp/pom.xml b/provider/indexer-gcp/pom.xml
index ff16763679abd9096948923f2ac504cd6e92ae57..bd5ed65ec20508a34f618533bc0b443dcb113557 100644
--- a/provider/indexer-gcp/pom.xml
+++ b/provider/indexer-gcp/pom.xml
@@ -5,12 +5,12 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>indexer-gcp</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<name>indexer-gcp</name>
<description>Indexer Service GCP App Engine</description>
<packaging>jar</packaging>
@@ -19,7 +19,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/provider/indexer-ibm/pom.xml b/provider/indexer-ibm/pom.xml
index abe6a5ad4769c95e854a1cc58e3c8702b8db3968..b022781486d47c2478d46349651f4be77166b44a 100644
--- a/provider/indexer-ibm/pom.xml
+++ b/provider/indexer-ibm/pom.xml
@@ -21,7 +21,7 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
@@ -53,7 +53,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/provider/indexer-reference/pom.xml b/provider/indexer-reference/pom.xml
index 4a20a160116a32dd5b35a133f3cd24295262b815..3e5a5328dd666658d15098f5cb003613da6b0ee9 100644
--- a/provider/indexer-reference/pom.xml
+++ b/provider/indexer-reference/pom.xml
@@ -22,12 +22,12 @@
<parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-service</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../../pom.xml</relativePath>
</parent>
<artifactId>indexer-reference</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<name>indexer-reference</name>
<description>Indexer Service GCP Anthos</description>
<packaging>jar</packaging>
@@ -36,7 +36,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-core</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/testing/indexer-test-aws/build-aws/run-tests.sh b/testing/indexer-test-aws/build-aws/run-tests.sh
index 78c727bd4a85a1fb99adb1988fd997f19c853de0..2123c4956735d7c9cb5e8f0cfabd8b04c83d9629 100755
--- a/testing/indexer-test-aws/build-aws/run-tests.sh
+++ b/testing/indexer-test-aws/build-aws/run-tests.sh
@@ -28,10 +28,15 @@ export ENTITLEMENTS_DOMAIN=testing.com
export OTHER_RELEVANT_DATA_COUNTRIES=US
export STORAGE_HOST=$STORAGE_URL
export HOST=$SCHEMA_URL
+export ELASTIC_HOST=$ELASTIC_HOST
+export ELASTIC_PORT=$ELASTIC_PORT
+export ELASTIC_PASSWORD=$ELASTIC_PASSWORD
+export ELASTIC_USER_NAME=$ELASTIC_USERNAME
#### RUN INTEGRATION TEST #########################################################################
mvn -ntp test -f "$SCRIPT_SOURCE_DIR"/../pom.xml -Dcucumber.options="--plugin junit:target/junit-report.xml"
+# mvn -Dmaven.surefire.debug test -f "$SCRIPT_SOURCE_DIR"/../pom.xml -Dcucumber.options="--plugin junit:target/junit-report.xml"
TEST_EXIT_CODE=$?
#### COPY TEST REPORTS #########################################################################
diff --git a/testing/indexer-test-aws/pom.xml b/testing/indexer-test-aws/pom.xml
index 39bb3942553c46295342e73a07fb12c31a300b24..a2686385de571c4f159e8d9c7494b6bcf829a734 100644
--- a/testing/indexer-test-aws/pom.xml
+++ b/testing/indexer-test-aws/pom.xml
@@ -21,13 +21,13 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-aws</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
@@ -42,7 +42,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-core</artifactId>
- <version>0.8.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<!-- AWS specific packages -->
diff --git a/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java
index fa172dddc65900906a66e98f6a3fe1b58982bb12..e464354dbebd4d35cca9e916cd5a5fa0845dae68 100644
--- a/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java
+++ b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/ElasticUtilsAws.java
@@ -14,6 +14,13 @@
package org.opengroup.osdu.util;
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Base64;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.message.BasicHeader;
@@ -32,7 +39,30 @@ public class ElasticUtilsAws extends ElasticUtils {
RestClientBuilder builder = RestClient.builder(new HttpHost(host, port, "https"));
builder.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder.setConnectTimeout(REST_CLIENT_CONNECT_TIMEOUT)
.setSocketTimeout(REST_CLIENT_SOCKET_TIMEOUT));
- builder.setHttpClientConfigCallback(httpAsyncClientBuilder -> httpAsyncClientBuilder.setSSLHostnameVerifier((s, sslSession) -> true));
+
+
+ //dont enforce CA/cert validity for tests
+ SSLContext sslContext;
+ try {
+ sslContext = SSLContext.getInstance("TLS");
+ sslContext.init(null, new TrustManager[]{ UnsafeX509ExtendedTrustManager.INSTANCE }, null);
+ builder.setHttpClientConfigCallback(httpClientBuilder ->
+ httpClientBuilder.setSSLContext(sslContext)
+ .setSSLHostnameVerifier((s, session) -> true));
+ } catch (NoSuchAlgorithmException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+
+ String basicEncoded = Base64
+ .getEncoder().encodeToString(usernameAndPassword.getBytes());
+ String basicAuthenticationHeaderVal = String.format("Basic %s", basicEncoded);
+
+
Header[] defaultHeaders = new Header[]{
new BasicHeader("client.transport.nodes_sampler_interval", "30s"),
@@ -40,7 +70,8 @@ public class ElasticUtilsAws extends ElasticUtils {
new BasicHeader("client.transport.sniff", "false"),
new BasicHeader("request.headers.X-Found-Cluster", Config.getElasticHost()),
new BasicHeader("cluster.name", Config.getElasticHost()),
- new BasicHeader("xpack.security.transport.ssl.enabled", Boolean.toString(true))
+ new BasicHeader("xpack.security.transport.ssl.enabled", Boolean.toString(true)),
+ new BasicHeader("Authorization", basicAuthenticationHeaderVal),
};
builder.setDefaultHeaders(defaultHeaders);
diff --git a/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/UnsafeX509ExtendedTrustManager.java b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/UnsafeX509ExtendedTrustManager.java
new file mode 100644
index 0000000000000000000000000000000000000000..ea06a756d75d56961be80c7c2594ab97ecafde4c
--- /dev/null
+++ b/testing/indexer-test-aws/src/test/java/org/opengroup/osdu/util/UnsafeX509ExtendedTrustManager.java
@@ -0,0 +1,81 @@
+package org.opengroup.osdu.util;
+
+import javax.net.ssl.SSLEngine;
+import javax.net.ssl.X509ExtendedTrustManager;
+
+import java.net.Socket;
+import java.security.cert.X509Certificate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * An insecure {@link UnsafeX509ExtendedTrustManager TrustManager} that trusts all X.509 certificates without any verification.
+ * <p>
+ * <strong>NOTE:</strong>
+ * Never use this {@link UnsafeX509ExtendedTrustManager} in production.
+ * It is purely for testing purposes, and thus it is very insecure.
+ * </p>
+ * <br>
+ * Suppressed warning: java:S4830 - "Server certificates should be verified during SSL/TLS connections"
+ * This TrustManager doesn't validate certificates and should not be used at production.
+ * It is just meant to be used for testing purposes and it is designed not to verify server certificates.
+ */
+class UnsafeX509ExtendedTrustManager extends X509ExtendedTrustManager {
+
+ public static final UnsafeX509ExtendedTrustManager INSTANCE = new UnsafeX509ExtendedTrustManager();
+ private static final Logger LOGGER = LoggerFactory.getLogger(UnsafeX509ExtendedTrustManager.class);
+ private static final X509Certificate[] EMPTY_X509_CERTIFICATES = new X509Certificate[0];
+ private static final String CLIENT_CERTIFICATE_LOG_MESSAGE = "Accepting a client certificate: [{}]";
+ private static final String SERVER_CERTIFICATE_LOG_MESSAGE = "Accepting a server certificate: [{}]";
+
+ private UnsafeX509ExtendedTrustManager() {}
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkClientTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(CLIENT_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, Socket socket) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public void checkServerTrusted(X509Certificate[] x509Certificates, String authType, SSLEngine sslEngine) {
+ if (LOGGER.isDebugEnabled()) {
+ LOGGER.debug(SERVER_CERTIFICATE_LOG_MESSAGE, x509Certificates[0].getSubjectDN());
+ }
+ }
+
+ @Override
+ public X509Certificate[] getAcceptedIssuers() {
+ return EMPTY_X509_CERTIFICATES;
+ }
+
+}
\ No newline at end of file
diff --git a/testing/indexer-test-azure/pom.xml b/testing/indexer-test-azure/pom.xml
index baa5cd8b14b926f98b4a979e5efbe23d9309b4cd..961263fefb4798ab2c3305c0957a21dc70f88455 100644
--- a/testing/indexer-test-azure/pom.xml
+++ b/testing/indexer-test-azure/pom.xml
@@ -21,13 +21,13 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-azure</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
@@ -45,7 +45,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-core</artifactId>
- <version>0.8.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<!-- Azure dependencies -->
diff --git a/testing/indexer-test-core/pom.xml b/testing/indexer-test-core/pom.xml
index e9c63cd00626c17b308d31727da789878acf3e1a..cdcc8eb5752f007ec5757910352043c0fadd5ff8 100644
--- a/testing/indexer-test-core/pom.xml
+++ b/testing/indexer-test-core/pom.xml
@@ -5,13 +5,13 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-core</artifactId>
- <version>0.8.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<properties>
<maven.compiler.target>1.8</maven.compiler.target>
diff --git a/testing/indexer-test-gcp/pom.xml b/testing/indexer-test-gcp/pom.xml
index cbefb50737b58238b5869cd65c159d45d515f67a..e25538ed89f404b93bd6f2cee8bae8992475e726 100644
--- a/testing/indexer-test-gcp/pom.xml
+++ b/testing/indexer-test-gcp/pom.xml
@@ -6,13 +6,13 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-gcp</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<packaging>jar</packaging>
<properties>
@@ -37,7 +37,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-core</artifactId>
- <version>0.8.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<!-- Cucumber -->
diff --git a/testing/indexer-test-ibm/pom.xml b/testing/indexer-test-ibm/pom.xml
index af1fd0eec5e992c8b1ad8d8c35b75d0f6d73c413..599761e657c782bab128ac69dd0f3945eaaacaf0 100644
--- a/testing/indexer-test-ibm/pom.xml
+++ b/testing/indexer-test-ibm/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<relativePath>../pom.xml</relativePath>
</parent>
@@ -38,7 +38,7 @@
<dependency>
<groupId>org.opengroup.osdu.indexer</groupId>
<artifactId>indexer-test-core</artifactId>
- <version>0.8.1-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
</dependency>
<dependency>
diff --git a/testing/pom.xml b/testing/pom.xml
index 9d36987c79ff99bbea774dd4ebf269ff1d7fc156..7ad59c09a01617bbcc5dcf2c747e467e8f68ecfd 100644
--- a/testing/pom.xml
+++ b/testing/pom.xml
@@ -18,7 +18,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>org.opengroup.osdu</groupId>
<artifactId>indexer-test</artifactId>
- <version>0.8.0-SNAPSHOT</version>
+ <version>0.9.0-SNAPSHOT</version>
<description>Indexer Service Integration Test Root Project</description>
<properties>
<spring.version>5.1.19.RELEASE</spring.version>