[GitHub] [skywalking] hanahmily commented on a change in pull request #3370: support es https ssl config.

Sun, 01 Sep 2019 18:51:28 -0700 

hanahmily commented on a change in pull request #3370: support es https ssl 
config.
URL: https://github.com/apache/skywalking/pull/3370#discussion_r319787429
 
 

 ##########
 File path: 
oap-server/server-library/library-client/src/main/java/org/apache/skywalking/oap/server/library/client/elasticsearch/ElasticSearchClient.java
 ##########
 @@ -84,30 +95,50 @@
     public static final String TYPE = "type";
     private final String clusterNodes;
     private final String protocol;
+    private final String trustStorePath;
+    private final String trustStorePass;
     private final String namespace;
     private final String user;
     private final String password;
     protected RestHighLevelClient client;
 
-    public ElasticSearchClient(String clusterNodes, String protocol, String 
namespace, String user, String password) {
+    public ElasticSearchClient(String clusterNodes, String protocol, String 
trustStorePath, String trustStorePass,
+        String namespace, String user, String password) {
         this.clusterNodes = clusterNodes;
         this.protocol = protocol;
         this.namespace = namespace;
         this.user = user;
         this.password = password;
+        this.trustStorePath = trustStorePath;
+        this.trustStorePass = trustStorePass;
     }
 
-    @Override public void connect() throws IOException {
+    @Override
+    public void connect() throws IOException, KeyStoreException, 
NoSuchAlgorithmException, KeyManagementException, CertificateException {
         List<HttpHost> pairsList = parseClusterNodes(clusterNodes);
         RestClientBuilder builder;
         if (StringUtils.isNotBlank(user) && StringUtils.isNotBlank(password)) {
             final CredentialsProvider credentialsProvider = new 
BasicCredentialsProvider();
             credentialsProvider.setCredentials(AuthScope.ANY, new 
UsernamePasswordCredentials(user, password));
             builder = RestClient.builder(pairsList.toArray(new HttpHost[0]))
                 .setHttpClientConfigCallback(httpClientBuilder -> 
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider));
+
+            if ("https".equals(protocol)) {
 
 Review comment:
   hmmm... what I mean is that, if user picks up default ssl,  lines from 127 ~ 
137 should be remove.
   For instance
   ```java
   if (StringUtils.isNotBlank(trustStorePath)) {
      builder = RestClient.builder(pairsList.toArray(new HttpHost[0]))
                       .setHttpClientConfigCallback(httpClientBuilder -> 
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
   } else {
      KeyStore truststore = KeyStore.getInstance("jks");
       ....
      builder = RestClient.builder(pairsList.toArray(new HttpHost[0]))
                       .setHttpClientConfigCallback(httpClientBuilder -> 
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext));
   }
   ```

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


With regards,
Apache Git Services

Reply via email to