Skip to content

Commit 40da1f7

Browse files
jksmthjksmth
committed
Move logic to function implemented from OpenDistroSecurityKeyStore
1 parent b064bfb commit 40da1f7

4 files changed

Lines changed: 37 additions & 28 deletions

File tree

src/main/java/com/amazon/opendistroforelasticsearch/security/ssl/DefaultOpenDistroSecurityKeyStore.java

Lines changed: 29 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -582,28 +582,7 @@ private boolean hasValidDNs(final X509Certificate[] currentX509Certs, final X509
582582
final Function<? super X509Certificate, String> formatDNString = cert -> {
583583
final String issuerDn = cert !=null && cert.getIssuerX500Principal() != null ? cert.getIssuerX500Principal().getName() : "";
584584
final String subjectDn = cert !=null && cert.getSubjectX500Principal() != null ? cert.getSubjectX500Principal().getName() : "";
585-
String san = "";
586-
try {
587-
Collection<List<?>> altNames = cert !=null && cert.getSubjectAlternativeNames() != null ? cert.getSubjectAlternativeNames() : null;
588-
if (altNames != null) {
589-
Collection<List<?>> sans = new ArrayList<>();
590-
for (List<?> altName : altNames) {
591-
Integer type = (Integer) altName.get(0);
592-
// otherName requires parsing to string
593-
if (type == 0) {
594-
List<?> otherName = getOtherName(altName);
595-
if (otherName != null) {
596-
sans.add(Arrays.asList(type, otherName));
597-
}
598-
} else {
599-
sans.add(altName);
600-
}
601-
}
602-
san = sans.toString();
603-
}
604-
} catch (CertificateParsingException e) {
605-
log.error("Issue parsing SubjectAlternativeName:", e);
606-
}
585+
final String san = getSubjectAlternativeNames(cert);
607586
return String.format("%s/%s/%s", issuerDn, subjectDn, san);
608587
};
609588

@@ -977,6 +956,34 @@ private static void checkPath(String keystoreFilePath, String fileNameLogOnly) {
977956
}
978957
}
979958

959+
@Override
960+
public String getSubjectAlternativeNames(X509Certificate cert) {
961+
String san = "";
962+
try {
963+
Collection<List<?>> altNames = cert !=null && cert.getSubjectAlternativeNames() != null ? cert.getSubjectAlternativeNames() : null;
964+
if (altNames != null) {
965+
Collection<List<?>> sans = new ArrayList<>();
966+
for (List<?> altName : altNames) {
967+
Integer type = (Integer) altName.get(0);
968+
// otherName requires parsing to string
969+
if (type == 0) {
970+
List<?> otherName = getOtherName(altName);
971+
if (otherName != null) {
972+
sans.add(Arrays.asList(type, otherName));
973+
}
974+
} else {
975+
sans.add(altName);
976+
}
977+
}
978+
san = sans.toString();
979+
}
980+
} catch (CertificateParsingException e) {
981+
log.error("Issue parsing SubjectAlternativeName:", e);
982+
}
983+
984+
return san;
985+
}
986+
980987
private List<String> getOtherName(List<?> altName) {
981988
ASN1Primitive oct = null;
982989
try {

src/main/java/com/amazon/opendistroforelasticsearch/security/ssl/ExternalOpenDistroSecurityKeyStore.java

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -127,6 +127,12 @@ public X509Certificate[] getHttpCerts() {
127127
return null;
128128
}
129129

130+
@Override
131+
public String getSubjectAlternativeNames(X509Certificate cert) {
132+
// NO-OP: since this class uses externalSslContext there is no cert
133+
return null;
134+
}
135+
130136
public static void registerExternalSslContext(String id, SSLContext externalSsslContext) {
131137
contextMap.put(Objects.requireNonNull(id), Objects.requireNonNull(externalSsslContext));
132138
}

src/main/java/com/amazon/opendistroforelasticsearch/security/ssl/OpenDistroSecurityKeyStore.java

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ public interface OpenDistroSecurityKeyStore {
3232
public String getHTTPProviderName();
3333
public String getTransportServerProviderName();
3434
public String getTransportClientProviderName();
35+
public String getSubjectAlternativeNames(X509Certificate cert);
3536

3637
public void initHttpSSLConfig();
3738
public void initTransportSSLConfig();

src/main/java/com/amazon/opendistroforelasticsearch/security/ssl/rest/OpenDistroSecuritySSLCertsInfoAction.java

Lines changed: 1 addition & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -168,12 +168,7 @@ private List<Map<String, String>> generateCertDetailList(final X509Certificate[]
168168
final String issuerDn = cert != null && cert.getIssuerX500Principal() != null ? cert.getIssuerX500Principal().getName(): "";
169169
final String subjectDn = cert != null && cert.getSubjectX500Principal() != null ? cert.getSubjectX500Principal().getName(): "";
170170

171-
String san = "";
172-
try {
173-
san = cert !=null && cert.getSubjectAlternativeNames() != null ? cert.getSubjectAlternativeNames().toString() : "";
174-
} catch (CertificateParsingException e) {
175-
log.error("Issue parsing SubjectAlternativeName:", e);
176-
}
171+
final String san = odsks.getSubjectAlternativeNames(cert);
177172

178173
final String notBefore = cert != null && cert.getNotBefore() != null ? cert.getNotBefore().toInstant().toString(): "";
179174
final String notAfter = cert != null && cert.getNotAfter() != null ? cert.getNotAfter().toInstant().toString(): "";

0 commit comments

Comments
 (0)