This is an automated email from the ASF dual-hosted git repository.
jnioche pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-stormcrawler.git
The following commit(s) were added to refs/heads/main by this push:
new 8a3c1bba Fix #1197 - Allow to disable SSL/TLS verification in
OpenSearchConnection #1197 (#1199)
8a3c1bba is described below
commit 8a3c1bbae613a5bb16c8be893e43c7f2ec5fc6be
Author: Richard Zowalla <[email protected]>
AuthorDate: Mon Apr 29 17:19:08 2024 +0200
Fix #1197 - Allow to disable SSL/TLS verification in OpenSearchConnection
#1197 (#1199)
---
external/opensearch/opensearch-conf.yaml | 3 +++
.../opensearch/OpenSearchConnection.java | 21 ++++++++++++++++++++-
2 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/external/opensearch/opensearch-conf.yaml
b/external/opensearch/opensearch-conf.yaml
index f37b8d5a..032ba06f 100644
--- a/external/opensearch/opensearch-conf.yaml
+++ b/external/opensearch/opensearch-conf.yaml
@@ -9,6 +9,9 @@ config:
#opensearch.password: "PASSWORD"
opensearch.concurrentRequests: 2
+ # Disable TLS validation for connection to OpenSearch
+ # opensearch.disable.tls.validation: false
+
# Indexer bolt
# adresses can be specified as a full URL
# if not we assume that the protocol is http and the port 9200
diff --git
a/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
b/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
index d3eb87b7..8de2891e 100644
---
a/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
+++
b/external/opensearch/src/main/java/org/apache/stormcrawler/opensearch/OpenSearchConnection.java
@@ -29,7 +29,10 @@ import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.client.CredentialsProvider;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.ssl.SSLContextBuilder;
import org.apache.storm.shade.org.apache.commons.lang.StringUtils;
import org.apache.stormcrawler.util.ConfUtils;
import org.jetbrains.annotations.NotNull;
@@ -125,10 +128,14 @@ public final class OpenSearchConnection {
ConfUtils.getString(
stormConf, Constants.PARAMPREFIX, dottedType,
"proxy.scheme", "http");
+ final boolean disableTlsValidation =
+ ConfUtils.getBoolean(
+ stormConf, Constants.PARAMPREFIX, "",
"disable.tls.validation", false);
+
final boolean needsUser = StringUtils.isNotBlank(user) &&
StringUtils.isNotBlank(password);
final boolean needsProxy = StringUtils.isNotBlank(proxyhost) &&
proxyport != -1;
- if (needsUser || needsProxy) {
+ if (needsUser || needsProxy || disableTlsValidation) {
builder.setHttpClientConfigCallback(
httpClientBuilder -> {
if (needsUser) {
@@ -142,6 +149,18 @@ public final class OpenSearchConnection {
httpClientBuilder.setProxy(
new HttpHost(proxyhost, proxyport,
proxyscheme));
}
+
+ if (disableTlsValidation) {
+ try {
+ final SSLContextBuilder sslContext = new
SSLContextBuilder();
+ sslContext.loadTrustMaterial(null, new
TrustAllStrategy());
+
httpClientBuilder.setSSLContext(sslContext.build());
+ httpClientBuilder.setSSLHostnameVerifier(
+ NoopHostnameVerifier.INSTANCE);
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to disable
TLS validation", e);
+ }
+ }
return httpClientBuilder;
});
}
