0ct0pu5/fess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix #2626 add elasticsearch.http.ssl.certificate_authorities

Browse source
This commit is contained in:
Shinsuke Sugaya 2022-02-17 22:11:29 +09:00
parent 01d1200648
commit ee0cb68c52
5 changed files with 98 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/main/java/org/codelibs/fess/es/client/CrawlerEngineClient.java
View file

@ -30,12 +30,16 @@ public class CrawlerEngineClient extends FesenClient {
protected Client createClient() {
final Builder builder = Settings.builder().putList("http.hosts", address);
final FessConfig fessConfig = ComponentUtil.getFessConfig();
final String username = fessConfig.getFesenUsername();
final String password = fessConfig.getFesenPassword();
final String username = fessConfig.getOpenSearchUsername();
final String password = fessConfig.getOpenSearchPassword();
if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
builder.put(Constants.FESEN_USERNAME, username);
builder.put(Constants.FESEN_PASSWORD, password);
}
final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
if (StringUtil.isNotBlank(authorities)) {
builder.put("http.ssl.certificate_authorities", authorities);
}
return new HttpClient(builder.build(), null);
}
}

12
src/main/java/org/codelibs/fess/es/client/SearchEngineClient.java
View file

@ -341,9 +341,15 @@ public class SearchEngineClient implements Client {
protected Client createHttpClient(final FessConfig fessConfig, final String host) {
final Builder builder = Settings.builder().putList("http.hosts", host).put("processors", fessConfig.availableProcessors());
if (StringUtil.isNotBlank(fessConfig.getFesenUsername()) && StringUtil.isNotBlank(fessConfig.getFesenPassword())) {
builder.put(Constants.FESEN_USERNAME, fessConfig.getFesenUsername());
builder.put(Constants.FESEN_PASSWORD, fessConfig.getFesenPassword());
final String username = fessConfig.getOpenSearchUsername();
final String password = fessConfig.getOpenSearchPassword();
if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
builder.put(Constants.FESEN_USERNAME, username);
builder.put(Constants.FESEN_PASSWORD, password);
}
final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
if (StringUtil.isNotBlank(authorities)) {
builder.put("http.ssl.certificate_authorities", authorities);
}
return new HttpClient(builder.build(), null);
}

49
src/main/java/org/codelibs/fess/helper/CurlHelper.java
View file

@ -15,8 +15,20 @@
*/
package org.codelibs.fess.helper;
import java.io.FileInputStream;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import javax.annotation.PostConstruct;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.codelibs.core.lang.StringUtil;
import org.codelibs.curl.Curl.Method;
import org.codelibs.curl.CurlRequest;
@ -25,6 +37,36 @@ import org.codelibs.fess.util.ComponentUtil;
import org.codelibs.fess.util.ResourceUtil;
public class CurlHelper {
private static final Logger logger = LogManager.getLogger(CurlHelper.class);
private SSLSocketFactory sslSocketFactory;
@PostConstruct
protected void init() {
final FessConfig fessConfig = ComponentUtil.getFessConfig();
final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
if (StringUtil.isNotBlank(authorities)) {
if (logger.isDebugEnabled()) {
logger.debug("Loading {}", authorities);
}
try (final InputStream in = new FileInputStream(authorities)) {
final Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in);
final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
keyStore.setCertificateEntry("server", certificate);
final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
final SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
sslSocketFactory = sslContext.getSocketFactory();
} catch (final Exception e) {
logger.warn("Failed to load {}", authorities, e);
}
}
}
public CurlRequest get(final String path) {
return request(Method.GET, path).header("Content-Type", "application/json");
@ -45,13 +87,16 @@ public class CurlHelper {
public CurlRequest request(final Method method, final String path) {
final CurlRequest request = new CurlRequest(method, ResourceUtil.getFesenHttpUrl() + path);
final FessConfig fessConfig = ComponentUtil.getFessConfig();
final String username = fessConfig.getFesenUsername();
final String password = fessConfig.getFesenPassword();
final String username = fessConfig.getOpenSearchUsername();
final String password = fessConfig.getOpenSearchPassword();
if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
final String value = username + ":" + password;
final String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(value.getBytes(StandardCharsets.UTF_8));
request.header("Authorization", basicAuth);
}
if (sslSocketFactory != null) {
request.sslSocketFactory(sslSocketFactory);
}
return request;
}
}

43
src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java
View file

@ -31,6 +31,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
/** The key of the configuration. e.g. http://localhost:9201 */
String ELASTICSEARCH_HTTP_URL = "elasticsearch.http.url";
/** The key of the configuration. e.g. */
String ELASTICSEARCH_HTTP_SSL_certificate_authorities = "elasticsearch.http.ssl.certificate_authorities";
/** The key of the configuration. e.g. */
String ELASTICSEARCH_USERNAME = "elasticsearch.username";
@ -1757,12 +1760,27 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
*/
String getOpenSearchHttpUrl();
/**
* Get the value for the key 'elasticsearch.http.ssl.certificate_authorities'. <br>
* The value is, e.g. <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getOpenSearchHttpSslCertificateAuthorities();
/**
* Get the value for the key 'elasticsearch.http.ssl.certificate_authorities' as {@link Integer}. <br>
* The value is, e.g. <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
* @throws NumberFormatException When the property is not integer.
*/
Integer getOpenSearchHttpSslCertificateAuthoritiesAsInteger();
/**
* Get the value for the key 'elasticsearch.username'. <br>
* The value is, e.g. <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getFesenUsername();
String getOpenSearchUsername();
/**
* Get the value for the key 'elasticsearch.username' as {@link Integer}. <br>
@ -1770,14 +1788,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
* @return The value of found property. (NotNull: if not found, exception but basically no way)
* @throws NumberFormatException When the property is not integer.
*/
Integer getFesenUsernameAsInteger();
Integer getOpenSearchUsernameAsInteger();
/**
* Get the value for the key 'elasticsearch.password'. <br>
* The value is, e.g. <br>
* @return The value of found property. (NotNull: if not found, exception but basically no way)
*/
String getFesenPassword();
String getOpenSearchPassword();
/**
* Get the value for the key 'elasticsearch.password' as {@link Integer}. <br>
@ -1785,7 +1803,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
* @return The value of found property. (NotNull: if not found, exception but basically no way)
* @throws NumberFormatException When the property is not integer.
*/
Integer getFesenPasswordAsInteger();
Integer getOpenSearchPasswordAsInteger();
/**
* Get the value for the key 'app.cipher.algorism'. <br>
@ -7204,19 +7222,27 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
return get(FessConfig.ELASTICSEARCH_HTTP_URL);
}
public String getFesenUsername() {
public String getOpenSearchHttpSslCertificateAuthorities() {
return get(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities);
}
public Integer getOpenSearchHttpSslCertificateAuthoritiesAsInteger() {
return getAsInteger(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities);
}
public String getOpenSearchUsername() {
return get(FessConfig.ELASTICSEARCH_USERNAME);
}
public Integer getFesenUsernameAsInteger() {
public Integer getOpenSearchUsernameAsInteger() {
return getAsInteger(FessConfig.ELASTICSEARCH_USERNAME);
}
public String getFesenPassword() {
public String getOpenSearchPassword() {
return get(FessConfig.ELASTICSEARCH_PASSWORD);
}
public Integer getFesenPasswordAsInteger() {
public Integer getOpenSearchPasswordAsInteger() {
return getAsInteger(FessConfig.ELASTICSEARCH_PASSWORD);
}
@ -10058,6 +10084,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
defaultMap.put(FessConfig.DOMAIN_TITLE, "Fess");
defaultMap.put(FessConfig.ELASTICSEARCH_TYPE, "default");
defaultMap.put(FessConfig.ELASTICSEARCH_HTTP_URL, "http://localhost:9201");
defaultMap.put(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities, "");
defaultMap.put(FessConfig.ELASTICSEARCH_USERNAME, "");
defaultMap.put(FessConfig.ELASTICSEARCH_PASSWORD, "");
defaultMap.put(FessConfig.APP_CIPHER_ALGORISM, "aes");

1
src/main/resources/fess_config.properties
View file

@ -11,6 +11,7 @@ domain.title = Fess
# Elasticsearch
elasticsearch.type=default
elasticsearch.http.url=http://localhost:9201
elasticsearch.http.ssl.certificate_authorities=
elasticsearch.username=
elasticsearch.password=