Refactor SSL handler retrieval to use HttpChannel / TranportChannel A…

…PIs instead of typecasting

Signed-off-by: Andriy Redko <[email protected]>

src/main/java/org/opensearch/security/filter/OpenSearchRequest.java

@@ -18,7 +18,6 @@
 
 import javax.net.ssl.SSLEngine;
 
-import org.opensearch.http.netty4.Netty4HttpChannel;
 import org.opensearch.rest.RestRequest;
 import org.opensearch.rest.RestRequest.Method;
 
@@ -43,20 +42,14 @@ public Map<String, List<String>> getHeaders() {
     @Override
     public SSLEngine getSSLEngine() {
         if (underlyingRequest == null
-            || underlyingRequest.getHttpChannel() == null
-            || !(underlyingRequest.getHttpChannel() instanceof Netty4HttpChannel)) {
+            || underlyingRequest.getHttpChannel() == null) {
             return null;
         }
 
-        // We look for Ssl_handler called `ssl_http` in the outbound pipeline of Netty channel first, and if its not
-        // present we look for it in inbound channel. If its present in neither we return null, else we return the sslHandler.
-        final Netty4HttpChannel httpChannel = (Netty4HttpChannel) underlyingRequest.getHttpChannel();
-        SslHandler sslhandler = (SslHandler) httpChannel.getNettyChannel().pipeline().get("ssl_http");
-        if (sslhandler == null && httpChannel.inboundPipeline() != null) {
-            sslhandler = (SslHandler) httpChannel.inboundPipeline().get("ssl_http");
-        }
-
-        return sslhandler != null ? sslhandler.engine() : null;
+        return underlyingRequest.getHttpChannel()
+            .get("ssl_http", SslHandler.class)
+            .map(SslHandler::engine)
+            .orElse(null);
     }
 
     @Override

src/main/java/org/opensearch/security/ssl/transport/SecuritySSLRequestHandler.java

@@ -37,13 +37,9 @@
 import org.opensearch.security.support.ConfigConstants;
 import org.opensearch.tasks.Task;
 import org.opensearch.threadpool.ThreadPool;
-import org.opensearch.transport.BaseTcpTransportChannel;
-import org.opensearch.transport.TaskTransportChannel;
-import org.opensearch.transport.TcpChannel;
 import org.opensearch.transport.TransportChannel;
 import org.opensearch.transport.TransportRequest;
 import org.opensearch.transport.TransportRequestHandler;
-import org.opensearch.transport.netty4.Netty4TcpChannel;
 
 public class SecuritySSLRequestHandler<T extends TransportRequest> implements TransportRequestHandler<T> {
 
@@ -108,21 +104,7 @@ public final void messageReceived(T request, TransportChannel channel, Task task
         }
 
         try {
-
-            Netty4TcpChannel nettyChannel = null;
-
-            if (channel instanceof TaskTransportChannel) {
-                final TransportChannel inner = ((TaskTransportChannel) channel).getChannel();
-                nettyChannel = (Netty4TcpChannel) ((BaseTcpTransportChannel) inner).getChannel();
-            } else if (channel instanceof BaseTcpTransportChannel) {
-                final TcpChannel inner = ((BaseTcpTransportChannel) channel).getChannel();
-                nettyChannel = (Netty4TcpChannel) inner;
-            } else {
-                throw new Exception("Invalid channel of type " + channel.getClass() + " (" + channel.getChannelType() + ")");
-            }
-
-            final SslHandler sslhandler = (SslHandler) nettyChannel.getNettyChannel().pipeline().get("ssl_server");
-
+            final SslHandler sslhandler = channel.get("ssl_server", SslHandler.class).orElse(null);
             if (sslhandler == null) {
                 if (SSLConfig.isDualModeEnabled()) {
                     log.info("Communication in dual mode. Skipping SSL handler check");