-
Notifications
You must be signed in to change notification settings - Fork 24.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Move security http server logic to http server (#91870)
This commit moves logic related to implementing security features into the core http server implementation.
- Loading branch information
1 parent
dd82d3b
commit 251e830
Showing
17 changed files
with
253 additions
and
232 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
40 changes: 40 additions & 0 deletions
40
...ansport-netty4/src/main/java/org/elasticsearch/transport/netty4/AcceptChannelHandler.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
package org.elasticsearch.transport.netty4; | ||
|
||
import io.netty.channel.ChannelHandler; | ||
import io.netty.channel.ChannelHandlerContext; | ||
import io.netty.handler.ipfilter.AbstractRemoteAddressFilter; | ||
|
||
import org.elasticsearch.common.transport.BoundTransportAddress; | ||
|
||
import java.net.InetSocketAddress; | ||
import java.util.function.BiPredicate; | ||
|
||
@ChannelHandler.Sharable | ||
public class AcceptChannelHandler extends AbstractRemoteAddressFilter<InetSocketAddress> { | ||
|
||
private final BiPredicate<String, InetSocketAddress> predicate; | ||
private final String profile; | ||
|
||
public AcceptChannelHandler(final BiPredicate<String, InetSocketAddress> predicate, final String profile) { | ||
this.predicate = predicate; | ||
this.profile = profile; | ||
} | ||
|
||
@Override | ||
protected boolean accept(final ChannelHandlerContext ctx, final InetSocketAddress remoteAddress) throws Exception { | ||
return predicate.test(profile, remoteAddress); | ||
} | ||
|
||
public interface AcceptPredicate extends BiPredicate<String, InetSocketAddress> { | ||
|
||
void setBoundAddress(BoundTransportAddress boundHttpTransportAddress); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8 changes: 5 additions & 3 deletions
8
...ecurity/transport/SSLExceptionHelper.java → .../transport/netty4/SSLExceptionHelper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
modules/transport-netty4/src/main/java/org/elasticsearch/transport/netty4/TLSConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0 and the Server Side Public License, v 1; you may not use this file except | ||
* in compliance with, at your election, the Elastic License 2.0 or the Server | ||
* Side Public License, v 1. | ||
*/ | ||
|
||
package org.elasticsearch.transport.netty4; | ||
|
||
import org.elasticsearch.common.ssl.SslConfiguration; | ||
|
||
import javax.net.ssl.SSLEngine; | ||
|
||
public record TLSConfig(SslConfiguration sslConfiguration, EngineProvider engineProvider) { | ||
|
||
public boolean isTLSEnabled() { | ||
return sslConfiguration != null; | ||
} | ||
|
||
public SSLEngine createServerSSLEngine() { | ||
assert isTLSEnabled(); | ||
SSLEngine sslEngine = engineProvider.create(sslConfiguration, null, -1); | ||
sslEngine.setUseClientMode(false); | ||
return sslEngine; | ||
} | ||
|
||
public static TLSConfig noTLS() { | ||
return new TLSConfig(null, null); | ||
} | ||
|
||
@FunctionalInterface | ||
public interface EngineProvider { | ||
|
||
SSLEngine create(SslConfiguration configuration, String host, int port); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.