Skip to content

Commit

Permalink
Add bcpkix-jdk15on runtimeOnly dependency to read keys with bouncycas…
Browse files Browse the repository at this point in the history
…tle (opensearch-project#2191)

* Add bouncycastle bcpkix-jdk15on runtimeOnly dependency to read keys with bouncycastle

Signed-off-by: Craig Perkins <[email protected]>
  • Loading branch information
cwperks authored Oct 26, 2022
1 parent d93c9ee commit 966b3fc
Show file tree
Hide file tree
Showing 4 changed files with 63 additions and 2 deletions.
1 change: 1 addition & 0 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,7 @@ dependencies {
runtimeOnly 'org.apache.santuario:xmlsec:2.2.3'
runtimeOnly 'com.github.luben:zstd-jni:1.5.0-2'
runtimeOnly 'org.checkerframework:checker-qual:3.5.0'
runtimeOnly "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"


implementation 'org.apache.commons:commons-lang3:3.4'
Expand Down
2 changes: 1 addition & 1 deletion src/test/java/org/opensearch/security/ssl/OpenSSLTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ public void testHttpsAndNodeSSLFailedCipher() throws Exception {
@Test
public void testHttpsAndNodeSSLPem() throws Exception {
Assume.assumeTrue(OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED && OpenSsl.isAvailable());
super.testHttpsAndNodeSSLPem();
super.testHttpsAndNodeSSLPKCS8Pem();
}

@Test
Expand Down
35 changes: 34 additions & 1 deletion src/test/java/org/opensearch/security/ssl/SSLTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ public void testHttpsAndNodeSSL() throws Exception {
}

@Test
public void testHttpsAndNodeSSLPem() throws Exception {
public void testHttpsAndNodeSSLPKCS8Pem() throws Exception {

final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true)
.put(ConfigConstants.SECURITY_SSL_ONLY, true)
Expand Down Expand Up @@ -301,6 +301,39 @@ public void testHttpsAndNodeSSLPem() throws Exception {
Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE"));
}

@Test
public void testHttpsAndNodeSSLPKCS1Pem() throws Exception {

final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true)
.put(ConfigConstants.SECURITY_SSL_ONLY, true)
.put(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL)
.put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL)
.put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0.crt.pem"))
.put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-pkcs1.key.pem"))
.put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/root-ca.pem"))
.put("plugins.security.ssl.transport.enforce_hostname_verification", false)
.put("plugins.security.ssl.transport.resolve_hostname", false)

.put("plugins.security.ssl.http.enabled", true)
.put("plugins.security.ssl.http.clientauth_mode", "REQUIRE")
.put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMCERT_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0.crt.pem"))
.put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMKEY_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-pkcs1.key.pem"))
.put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/root-ca.pem"))
.build();

setupSslOnlyMode(settings);

RestHelper rh = restHelper();
rh.enableHTTPClientSSL = true;
rh.trustHTTPServerCertificate = true;
rh.sendAdminCertificate = true;

Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("TLS"));
Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").length() > 0);
Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername));
Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE"));
}

@Test
public void testHttpsAndNodeSSLPemEnc() throws Exception {

Expand Down
27 changes: 27 additions & 0 deletions src/test/resources/ssl/node-0-pkcs1.key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAh5j6Dy0HqaP5MZe+KLkby42pUJn7OaQfZ7AYHJXs8XQ0aB+3
eHfl57ubGDlsbxZc9s88LuhPo1Y3Frgj7SbH/KVeD0nc04uSWDvhFlxbL27c+Top
Pg75YTC8KcXy4mK+Bt1od28yxno6z18XroOoqBEf7086MY7MyDnduuLp/B1nwGij
YM32k+KP9HJbRu9JMMt16GQYmbQtGJEqo5E8WAP/doTiH1f/cASSSoaiAR4Lzjhj
bf6BEvtEQK51BFvqhG/qN229joyiOOexiLZb/bCdRdGebOOpOb9uBjqI1FlVc4Tg
IfyCKm/QATinZMLCcSl6NcUTFgcJkUxZn9DaEwIDAQABAoIBAERT0a3UAwh4mBll
XW0n2dm4iJkU/oMNMMYO9hdxdPQ2mjHdyZXq1O7wmjaauQlBO5ci1jDM31RvHVNV
dsUJxbyJl9wcXCo9KoFLqyCZaVl9g9wScrXS1dcjt61VEg8Bsr/C0eFdJzjcXsYg
JM7LiTEnb/Am/Cv8yTQb9J83uLBRXfTG965R05voFV5OkGvto+YUJH8AkNB0J8sl
5xW/fWGSAVTGgZJ+qFJHW28J9gXR/gccqcGw0YAfxaEYcDCGofQgS8rqmbduiolS
lJ7HHpr7iPx97B9R9b3h9rIaaliHgyXDVrNiG0vJGxlu8A3OZa80aUy0olbOoO4C
JOykUAECgYEA9biE/Pt0J1maa9YvtXKGCc4BVpYISVRI/UqlVRbAvNmiw2Gk3dkv
OGpwmFfcg5zvObHuagO8/gxPowRekrstbuYhbFDsqxF3klyuOjrNLIPFfd3s+JnA
nw2pq106veUGcVlXiHFowfZsM6Ao/YC7RZHe+LVRwYC4WKmBOMdWuckCgYEAjUUf
VhtayWpwcPfHvi64gTewPe7YtdY/loHod9D7BDLZhbQR87VKDtQXl0suS+mUAA4w
ygxITwy88xbeojdkaspxt5yn+2cwVWF0xNAtLLs0RSxOAeCMDgS1GtCOdLXiDmr+
u/qOLfypgs8fd0+zPmESwAE17kUNREfFBy48IvsCgYA3f295/AkmAhTgmkW4Q5+G
g2LF/ajtdv3tR3jEGRl7DeS3IEyuVqlVoqS/o8iIaV+WtltU0ndTIdCyzv/VQDVo
wM13u2dY098fzZMET9ebYD+wx/kHxSI+SkWyEKJ91UZ5P2aHyKWSeWfC2T+o0fR6
KBImNj266Km6TL6E5nDuEQKBgCFv8vLWlq6F2wdiHo0NUe6D19tQ5Upk47gkF3oE
pOVhg8r5zCX7CwRnfw34ZYTiTH2W3kV0ksjjIvYGu7t5kPMV58Sl97yxt+b9oj3T
aF3mEYEt82jOVVgcFSG7q3xEcLUo7hJgQ7buztB/Zds/qhVhtKZtou46ueEne6Mv
dlxxAoGBALPpHtIUdfQtGxj63Bq/VKOSUrDCHKhEmLa5Cd2EetpPoLsw3OrdykSB
Q8y7/SOLOA6bLJ+OkCpzGFvylAcb+6R5HWVLSWoGD6njCCj1kflJ8LJgwxSfUf/V
Oz3//TDGkH+1OuH34d0MXaHfzBMiPLlMG7pd35kmuDgIx4UjT6Ep
-----END RSA PRIVATE KEY-----

0 comments on commit 966b3fc

Please sign in to comment.