org.appenders.log4j2.elasticsearch.jest.JKSCertInfo Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of log4j2-elasticsearch-jest Show documentation
Show all versions of log4j2-elasticsearch-jest Show documentation
Log4j2 Appender plugin pushing logs in batches to Elasticsearch (2.x/5.x/6.x) clusters
package org.appenders.log4j2.elasticsearch.jest;
/*-
* #%L
* log4j-elasticsearch
* %%
* Copyright (C) 2018 Rafal Foltynski
* %%
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
* #L%
*/
import io.searchbox.client.config.ClientConfig;
import io.searchbox.client.config.HttpClientConfig;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.nio.conn.ssl.SSLIOSessionStrategy;
import org.apache.logging.log4j.core.config.ConfigurationException;
import org.apache.logging.log4j.core.config.Node;
import org.apache.logging.log4j.core.config.plugins.Plugin;
import org.apache.logging.log4j.core.config.plugins.PluginBuilderAttribute;
import org.apache.logging.log4j.core.config.plugins.PluginBuilderFactory;
import org.appenders.log4j2.elasticsearch.CertInfo;
import org.appenders.log4j2.elasticsearch.thirdparty.PemReader;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@Plugin(name = JKSCertInfo.PLUGIN_NAME, category = Node.CATEGORY, elementType = CertInfo.ELEMENT_TYPE)
public class JKSCertInfo implements CertInfo {
static final String PLUGIN_NAME = "JKS";
static final String configExceptionMessage = "Failed to apply SSL/TLS settings";
private final String keystorePath;
private final String truststorePath;
private final String keystorePassword;
private final String truststorePassword;
protected JKSCertInfo(String keystorePath, String keystorePassword, String truststorePath, String truststorePassword) {
this.keystorePath = keystorePath;
this.keystorePassword = keystorePassword;
this.truststorePath = truststorePath;
this.truststorePassword = truststorePassword;
}
@Override
public void applyTo(HttpClientConfig.Builder clientConfigBuilder) {
try (
FileInputStream keystoreFile = new FileInputStream(new File(keystorePath));
FileInputStream truststoreFile = new FileInputStream(new File(truststorePath))
) {
KeyStore keyStore = KeyStore.getInstance("jks");
keyStore.load(keystoreFile, keystorePassword.toCharArray());
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
KeyStore trustStore = KeyStore.getInstance("jks");
trustStore.load(truststoreFile, truststorePassword.toCharArray());
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), null);
// TODO: add support for hostname verification modes
clientConfigBuilder.sslSocketFactory(new SSLConnectionSocketFactory(sslContext));
clientConfigBuilder.httpsIOSessionStrategy(new SSLIOSessionStrategy(sslContext, new NoopHostnameVerifier()));
} catch (IOException | GeneralSecurityException e) {
throw new ConfigurationException(configExceptionMessage, e);
}
}
@PluginBuilderFactory
public static Builder newBuilder() {
return new Builder();
}
public static class Builder implements org.apache.logging.log4j.core.util.Builder {
public static final String EMPTY_PASSWORD = "";
@PluginBuilderAttribute
private String keystorePath;
@PluginBuilderAttribute
private String keystorePassword = EMPTY_PASSWORD;
@PluginBuilderAttribute
private String truststorePath;
@PluginBuilderAttribute
private String truststorePassword = EMPTY_PASSWORD;
@Override
public JKSCertInfo build() {
if (keystorePath == null) {
throw new ConfigurationException("No keystorePath provided for " + PLUGIN_NAME);
}
if (keystorePassword == null) {
throw new ConfigurationException("No keystorePassword provided for " + PLUGIN_NAME);
}
if (truststorePath == null) {
throw new ConfigurationException("No truststorePath provided for " + PLUGIN_NAME);
}
if (truststorePassword == null) {
throw new ConfigurationException("No truststorePassword provided for " + PLUGIN_NAME);
}
return new JKSCertInfo(keystorePath, keystorePassword, truststorePath, truststorePassword);
}
public Builder withKeystorePath(String keystorePath) {
this.keystorePath = keystorePath;
return this;
}
public Builder withKeystorePassword(String keystorePassword) {
this.keystorePassword = keystorePassword;
return this;
}
public Builder withTruststorePath(String truststorePath) {
this.truststorePath = truststorePath;
return this;
}
public Builder withTruststorePassword(String truststorePassword) {
this.truststorePassword = truststorePassword;
return this;
}
}
}