fix #2626 add elasticsearch.http.ssl.certificate_authorities

src/main/java/org/codelibs/fess/es/client/CrawlerEngineClient.java

@@ -30,12 +30,16 @@ public class CrawlerEngineClient extends FesenClient {
     protected Client createClient() {
         final Builder builder = Settings.builder().putList("http.hosts", address);
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
-        final String username = fessConfig.getFesenUsername();
-        final String password = fessConfig.getFesenPassword();
+        final String username = fessConfig.getOpenSearchUsername();
+        final String password = fessConfig.getOpenSearchPassword();
         if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
             builder.put(Constants.FESEN_USERNAME, username);
             builder.put(Constants.FESEN_PASSWORD, password);
         }
+        final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
+        if (StringUtil.isNotBlank(authorities)) {
+            builder.put("http.ssl.certificate_authorities", authorities);
+        }
         return new HttpClient(builder.build(), null);
     }
 }

src/main/java/org/codelibs/fess/es/client/SearchEngineClient.java

@@ -341,9 +341,15 @@ public class SearchEngineClient implements Client {
 
     protected Client createHttpClient(final FessConfig fessConfig, final String host) {
         final Builder builder = Settings.builder().putList("http.hosts", host).put("processors", fessConfig.availableProcessors());
-        if (StringUtil.isNotBlank(fessConfig.getFesenUsername()) && StringUtil.isNotBlank(fessConfig.getFesenPassword())) {
-            builder.put(Constants.FESEN_USERNAME, fessConfig.getFesenUsername());
-            builder.put(Constants.FESEN_PASSWORD, fessConfig.getFesenPassword());
+        final String username = fessConfig.getOpenSearchUsername();
+        final String password = fessConfig.getOpenSearchPassword();
+        if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
+            builder.put(Constants.FESEN_USERNAME, username);
+            builder.put(Constants.FESEN_PASSWORD, password);
+        }
+        final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
+        if (StringUtil.isNotBlank(authorities)) {
+            builder.put("http.ssl.certificate_authorities", authorities);
         }
         return new HttpClient(builder.build(), null);
     }

src/main/java/org/codelibs/fess/helper/CurlHelper.java

@@ -15,8 +15,20 @@
  */
 package org.codelibs.fess.helper;
 
+import java.io.FileInputStream;
+import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
+import java.security.KeyStore;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
 
+import javax.annotation.PostConstruct;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
 import org.codelibs.core.lang.StringUtil;
 import org.codelibs.curl.Curl.Method;
 import org.codelibs.curl.CurlRequest;
@@ -25,6 +37,36 @@ import org.codelibs.fess.util.ComponentUtil;
 import org.codelibs.fess.util.ResourceUtil;
 
 public class CurlHelper {
+    private static final Logger logger = LogManager.getLogger(CurlHelper.class);
+
+    private SSLSocketFactory sslSocketFactory;
+
+    @PostConstruct
+    protected void init() {
+        final FessConfig fessConfig = ComponentUtil.getFessConfig();
+        final String authorities = fessConfig.getOpenSearchHttpSslCertificateAuthorities();
+        if (StringUtil.isNotBlank(authorities)) {
+            if (logger.isDebugEnabled()) {
+                logger.debug("Loading {}", authorities);
+            }
+            try (final InputStream in = new FileInputStream(authorities)) {
+                final Certificate certificate = CertificateFactory.getInstance("X.509").generateCertificate(in);
+
+                final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+                keyStore.load(null, null);
+                keyStore.setCertificateEntry("server", certificate);
+
+                final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+                trustManagerFactory.init(keyStore);
+
+                final SSLContext sslContext = SSLContext.getInstance("TLS");
+                sslContext.init(null, trustManagerFactory.getTrustManagers(), null);
+                sslSocketFactory = sslContext.getSocketFactory();
+            } catch (final Exception e) {
+                logger.warn("Failed to load {}", authorities, e);
+            }
+        }
+    }
 
     public CurlRequest get(final String path) {
         return request(Method.GET, path).header("Content-Type", "application/json");
@@ -45,13 +87,16 @@ public class CurlHelper {
     public CurlRequest request(final Method method, final String path) {
         final CurlRequest request = new CurlRequest(method, ResourceUtil.getFesenHttpUrl() + path);
         final FessConfig fessConfig = ComponentUtil.getFessConfig();
-        final String username = fessConfig.getFesenUsername();
-        final String password = fessConfig.getFesenPassword();
+        final String username = fessConfig.getOpenSearchUsername();
+        final String password = fessConfig.getOpenSearchPassword();
         if (StringUtil.isNotBlank(username) && StringUtil.isNotBlank(password)) {
             final String value = username + ":" + password;
             final String basicAuth = "Basic " + java.util.Base64.getEncoder().encodeToString(value.getBytes(StandardCharsets.UTF_8));
             request.header("Authorization", basicAuth);
         }
+        if (sslSocketFactory != null) {
+            request.sslSocketFactory(sslSocketFactory);
+        }
         return request;
     }
 }

src/main/java/org/codelibs/fess/mylasta/direction/FessConfig.java

@@ -31,6 +31,9 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
     /** The key of the configuration. e.g. http://localhost:9201 */
     String ELASTICSEARCH_HTTP_URL = "elasticsearch.http.url";
 
+    /** The key of the configuration. e.g.  */
+    String ELASTICSEARCH_HTTP_SSL_certificate_authorities = "elasticsearch.http.ssl.certificate_authorities";
+
     /** The key of the configuration. e.g.  */
     String ELASTICSEARCH_USERNAME = "elasticsearch.username";
 
@@ -1757,12 +1760,27 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      */
     String getOpenSearchHttpUrl();
 
+    /**
+     * Get the value for the key 'elasticsearch.http.ssl.certificate_authorities'. <br>
+     * The value is, e.g.  <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     */
+    String getOpenSearchHttpSslCertificateAuthorities();
+
+    /**
+     * Get the value for the key 'elasticsearch.http.ssl.certificate_authorities' as {@link Integer}. <br>
+     * The value is, e.g.  <br>
+     * @return The value of found property. (NotNull: if not found, exception but basically no way)
+     * @throws NumberFormatException When the property is not integer.
+     */
+    Integer getOpenSearchHttpSslCertificateAuthoritiesAsInteger();
+
     /**
      * Get the value for the key 'elasticsearch.username'. <br>
      * The value is, e.g.  <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
-    String getFesenUsername();
+    String getOpenSearchUsername();
 
     /**
      * Get the value for the key 'elasticsearch.username' as {@link Integer}. <br>
@@ -1770,14 +1788,14 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      * @throws NumberFormatException When the property is not integer.
      */
-    Integer getFesenUsernameAsInteger();
+    Integer getOpenSearchUsernameAsInteger();
 
     /**
      * Get the value for the key 'elasticsearch.password'. <br>
      * The value is, e.g.  <br>
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      */
-    String getFesenPassword();
+    String getOpenSearchPassword();
 
     /**
      * Get the value for the key 'elasticsearch.password' as {@link Integer}. <br>
@@ -1785,7 +1803,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
      * @return The value of found property. (NotNull: if not found, exception but basically no way)
      * @throws NumberFormatException When the property is not integer.
      */
-    Integer getFesenPasswordAsInteger();
+    Integer getOpenSearchPasswordAsInteger();
 
     /**
      * Get the value for the key 'app.cipher.algorism'. <br>
@@ -7204,19 +7222,27 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             return get(FessConfig.ELASTICSEARCH_HTTP_URL);
         }
 
-        public String getFesenUsername() {
+        public String getOpenSearchHttpSslCertificateAuthorities() {
+            return get(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities);
+        }
+
+        public Integer getOpenSearchHttpSslCertificateAuthoritiesAsInteger() {
+            return getAsInteger(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities);
+        }
+
+        public String getOpenSearchUsername() {
             return get(FessConfig.ELASTICSEARCH_USERNAME);
         }
 
-        public Integer getFesenUsernameAsInteger() {
+        public Integer getOpenSearchUsernameAsInteger() {
             return getAsInteger(FessConfig.ELASTICSEARCH_USERNAME);
         }
 
-        public String getFesenPassword() {
+        public String getOpenSearchPassword() {
             return get(FessConfig.ELASTICSEARCH_PASSWORD);
         }
 
-        public Integer getFesenPasswordAsInteger() {
+        public Integer getOpenSearchPasswordAsInteger() {
             return getAsInteger(FessConfig.ELASTICSEARCH_PASSWORD);
         }
 
@@ -10058,6 +10084,7 @@ public interface FessConfig extends FessEnv, org.codelibs.fess.mylasta.direction
             defaultMap.put(FessConfig.DOMAIN_TITLE, "Fess");
             defaultMap.put(FessConfig.ELASTICSEARCH_TYPE, "default");
             defaultMap.put(FessConfig.ELASTICSEARCH_HTTP_URL, "http://localhost:9201");
+            defaultMap.put(FessConfig.ELASTICSEARCH_HTTP_SSL_certificate_authorities, "");
             defaultMap.put(FessConfig.ELASTICSEARCH_USERNAME, "");
             defaultMap.put(FessConfig.ELASTICSEARCH_PASSWORD, "");
             defaultMap.put(FessConfig.APP_CIPHER_ALGORISM, "aes");

src/main/resources/fess_config.properties

@@ -11,6 +11,7 @@ domain.title = Fess
 # Elasticsearch
 elasticsearch.type=default
 elasticsearch.http.url=http://localhost:9201
+elasticsearch.http.ssl.certificate_authorities=
 elasticsearch.username=
 elasticsearch.password=