Use standard TLS when downloading the database from an HTTP URL. (#6163) (#6167)

opensearch-trigger-bot[bot] · dlvenable · web-flow · commit b82ea0640d98 · 2025-10-14T13:25:04.000-07:00
(cherry picked from commit b0386a5) Signed-off-by: David Venable <dlv@amazon.com> Co-authored-by: David Venable <dlv@amazon.com>
diff --git a/data-prepper-plugins/geoip-processor/src/main/java/org/opensearch/dataprepper/plugins/geoip/extension/databasedownload/DBSource.java b/data-prepper-plugins/geoip-processor/src/main/java/org/opensearch/dataprepper/plugins/geoip/extension/databasedownload/DBSource.java
@@ -5,50 +5,7 @@
 
 package org.opensearch.dataprepper.plugins.geoip.extension.databasedownload;
 
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
-import java.security.KeyManagementException;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.security.cert.CertificateException;
-import java.security.cert.X509Certificate;
-
 public interface DBSource {
     String MAXMIND_DATABASE_EXTENSION = ".mmdb";
     void initiateDownload() throws Exception;
-
-    /**
-     * initiateSSL
-     * @throws NoSuchAlgorithmException NoSuchAlgorithmException
-     * @throws KeyManagementException KeyManagementException
-     */
-    default void initiateSSL() throws NoSuchAlgorithmException, KeyManagementException {
-        final TrustManager[] trustAllCerts = new TrustManager[]{
-                new X509TrustManager() {
-                    public X509Certificate[] getAcceptedIssuers() {
-                        return null;
-                    }
-                    public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
-                        return;
-                    }
-                    public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {
-                        return;
-                    }
-                }
-        };
-
-        final SSLContext sc = SSLContext.getInstance("TLS");
-        sc.init(null, trustAllCerts, new SecureRandom());
-        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-        final HostnameVerifier hostnameVerifier = new HostnameVerifier() {
-            public boolean verify(String urlHostName, SSLSession session) {
-                return true;
-            }
-        };
-        HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
-    }
 }
diff --git a/data-prepper-plugins/geoip-processor/src/main/java/org/opensearch/dataprepper/plugins/geoip/extension/databasedownload/HttpDBDownloadService.java b/data-prepper-plugins/geoip-processor/src/main/java/org/opensearch/dataprepper/plugins/geoip/extension/databasedownload/HttpDBDownloadService.java
@@ -53,7 +53,6 @@ public void initiateDownload() {
         for (final String key: databasePaths) {
             geoIPFileManager.createDirectoryIfNotExist(tarDir);
             try {
-                initiateSSL();
                 buildRequestAndDownloadFile(maxMindDatabaseConfig.getDatabasePaths().get(key), downloadTarFilepath);
                 final File tarFile = decompressAndgetTarFile(tarDir, downloadTarFilepath);
                 unTarFile(tarFile, new File(destinationDirectory), key);
