use tls and BasicCredentialsProvider for RestClient

2024-11-06 02:05:22 +00:00 · 2023-08-08 17:39:03 +03:00 · 2023-08-08 17:39:03 +03:00 · 861fae0aee
commit 861fae0aee
parent a798642e26
3 changed files with 60 additions and 20 deletions
--- a/src/main/java/dev/vality/exporter/walletbalances/config/OpenSearchClientConfig.java
+++ b/src/main/java/dev/vality/exporter/walletbalances/config/OpenSearchClientConfig.java
@ -1,30 +1,61 @@
 package dev.vality.exporter.walletbalances.config;

+import lombok.SneakyThrows;
 import org.apache.http.HttpHost;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.impl.client.BasicCredentialsProvider;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.opensearch.client.RestClient;
+import org.opensearch.client.json.jackson.JacksonJsonpMapper;
 import org.opensearch.client.opensearch.OpenSearchClient;
-import org.opensearch.client.transport.aws.AwsSdk2Transport;
-import org.opensearch.client.transport.aws.AwsSdk2TransportOptions;
+import org.opensearch.client.transport.rest_client.RestClientTransport;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import software.amazon.awssdk.http.SdkHttpClient;
-import software.amazon.awssdk.http.apache.ApacheHttpClient;
-import software.amazon.awssdk.regions.Region;
+import org.springframework.core.io.Resource;
+
+import javax.net.ssl.SSLContext;
+import java.io.InputStream;
+import java.security.KeyStore;

@Configuration
+@SuppressWarnings("LineLength")
 public class OpenSearchClientConfig {

    @Bean(destroyMethod = "close")
-    public SdkHttpClient httpClient() {
-        return ApacheHttpClient.builder().build();
+    public RestClient restClient(OpenSearchProperties openSearchProperties) {
+        final var credentialsProvider = new BasicCredentialsProvider();
+        credentialsProvider.setCredentials(
+                AuthScope.ANY,
+                new UsernamePasswordCredentials(openSearchProperties.getUsername(), openSearchProperties.getPassword()));
+        var httpHost = new HttpHost(openSearchProperties.getHostname(), openSearchProperties.getPort(), "https");
+        var sslContext = sslContext(keyStore(openSearchProperties.getType(), openSearchProperties.getCertificate(), openSearchProperties.getCertificatePassword()), openSearchProperties.getCertificatePassword());
+        return RestClient.builder(httpHost)
+                .setHttpClientConfigCallback(httpClientBuilder -> httpClientBuilder
+                        .setDefaultCredentialsProvider(credentialsProvider)
+                        .setSSLContext(sslContext)).build();
    }

    @Bean
-    public OpenSearchClient openSearchClient(OpenSearchProperties openSearchProperties, SdkHttpClient httpClient) {
-        return new OpenSearchClient(new AwsSdk2Transport(
-                httpClient,
-                HttpHost.create(openSearchProperties.getEndpoint()).getHostName(),
-                openSearchProperties.getService(),
-                Region.of(openSearchProperties.getRegion()),
-                AwsSdk2TransportOptions.builder().build()));
+    public OpenSearchClient openSearchClient(RestClient restClient) {
+        var transport = new RestClientTransport(restClient, new JacksonJsonpMapper());
+        return new OpenSearchClient(transport);
+    }
+
+    @SneakyThrows
+    private SSLContext sslContext(KeyStore keyStore, String password) {
+        return new SSLContextBuilder()
+                .loadTrustMaterial(keyStore, (x509Certificates, s) -> true)
+                .loadKeyMaterial(keyStore, password.toCharArray())
+                .build();
+    }
+
+    @SneakyThrows
+    private KeyStore keyStore(String type, Resource certificate, String password) {
+        var keyStore = KeyStore.getInstance(type);
+        try (InputStream pKeyFileStream = certificate.getInputStream()) {
+            keyStore.load(pKeyFileStream, password.toCharArray());
+        }
+        return keyStore;
    }
 }
--- a/src/main/java/dev/vality/exporter/walletbalances/config/OpenSearchProperties.java
+++ b/src/main/java/dev/vality/exporter/walletbalances/config/OpenSearchProperties.java
@ -3,14 +3,19 @@ package dev.vality.exporter.walletbalances.config;
 import lombok.Data;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;

@Data
@Configuration
@ConfigurationProperties(prefix = "opensearch")
 public class OpenSearchProperties {

-    private String endpoint;
-    private String service;
-    private String region;
+    private String username;
+    private String password;
+    private String hostname;
+    private Integer port;
+    private String type;
+    private String certificatePassword;
+    private Resource certificate;

 }
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@ -56,6 +56,10 @@ interval:
  time: 60 #seconds

 opensearch:
-  endpoint: changeit
-  service: changeit
-  region: changeit
+  username: changeit
+  password: changeit
+  hostname: changeit
+  port: changeit
+  type: changeit
+  certificatePassword: changeit
+  certificate: changeit