(incubator-stormcrawler) 01/01: Fix 1197 - Allow to disable SSL/TLS verification in OpenSearchConnection #1197

Fri, 26 Apr 2024 11:16:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

rzo1 pushed a commit to branch 1197
in repository https://gitbox.apache.org/repos/asf/incubator-stormcrawler.git

commit b1f75f77655d5e4052fcb854b00d98ef9795683f
Author: Richard Zowalla <[email protected]>
AuthorDate: Fri Apr 26 20:16:08 2024 +0200

    Fix 1197 - Allow to disable SSL/TLS verification in OpenSearchConnection 
#1197
---
 external/opensearch/opensearch-conf.yaml           |  4 ++++
 .../opensearch/OpenSearchConnection.java           | 25 +++++++++++++++++++++-
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/external/opensearch/opensearch-conf.yaml 
b/external/opensearch/opensearch-conf.yaml
index f37b8d5a..08ba8c35 100644
--- a/external/opensearch/opensearch-conf.yaml
+++ b/external/opensearch/opensearch-conf.yaml
@@ -8,6 +8,10 @@ config:
   #opensearch.user: "USERNAME"
   #opensearch.password: "PASSWORD"
   opensearch.concurrentRequests: 2
+  opensearch.sniffer: true
+
+  # Disable TLS validation for connection to OpenSearch
+  # opensearch.disable.tls.validation: false
 
   # Indexer bolt
   # adresses can be specified as a full URL
diff --git 
a/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
 
b/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
index d3eb87b7..f62b0131 100644
--- 
a/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
+++ 
b/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
@@ -29,7 +29,10 @@ import org.apache.http.HttpHost;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
 import org.apache.http.client.CredentialsProvider;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.TrustAllStrategy;
 import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.storm.shade.org.apache.commons.lang.StringUtils;
 import org.apache.stormcrawler.util.ConfUtils;
 import org.jetbrains.annotations.NotNull;
@@ -125,10 +128,18 @@ public final class OpenSearchConnection {
                 ConfUtils.getString(
                         stormConf, Constants.PARAMPREFIX, dottedType, 
"proxy.scheme", "http");
 
+        final boolean disableTlsValidation =
+                ConfUtils.getBoolean(
+                        stormConf,
+                        Constants.PARAMPREFIX,
+                        dottedType,
+                        "disable.tls.validation",
+                        false);
+
         final boolean needsUser = StringUtils.isNotBlank(user) && 
StringUtils.isNotBlank(password);
         final boolean needsProxy = StringUtils.isNotBlank(proxyhost) && 
proxyport != -1;
 
-        if (needsUser || needsProxy) {
+        if (needsUser || needsProxy || disableTlsValidation) {
             builder.setHttpClientConfigCallback(
                     httpClientBuilder -> {
                         if (needsUser) {
@@ -142,6 +153,18 @@ public final class OpenSearchConnection {
                             httpClientBuilder.setProxy(
                                     new HttpHost(proxyhost, proxyport, 
proxyscheme));
                         }
+
+                        if (disableTlsValidation) {
+                            try {
+                                final SSLContextBuilder sslContext = new 
SSLContextBuilder();
+                                sslContext.loadTrustMaterial(null, new 
TrustAllStrategy());
+                                
httpClientBuilder.setSSLContext(sslContext.build());
+                                httpClientBuilder.setSSLHostnameVerifier(
+                                        NoopHostnameVerifier.INSTANCE);
+                            } catch (Exception e) {
+                                throw new RuntimeException("Failed to disable 
TLS validation", e);
+                            }
+                        }
                         return httpClientBuilder;
                     });
         }

Reply via email to