Source code

001/*
002Copyright 2015 Hendrik Saly
003
004Licensed under the Apache License, Version 2.0 (the "License");
005you may not use this file except in compliance with the License.
006You may obtain a copy of the License at
007
008    http://www.apache.org/licenses/LICENSE-2.0
009
010Unless required by applicable law or agreed to in writing, software
011distributed under the License is distributed on an "AS IS" BASIS,
012WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013See the License for the specific language governing permissions and
014limitations under the License.
015 */
016
017package de.saly.es.example.tssl.plugin;
018
019import org.elasticsearch.common.lang3.StringUtils;
020import org.elasticsearch.common.settings.ImmutableSettings;
021import org.elasticsearch.common.settings.Settings;
022import org.elasticsearch.plugins.AbstractPlugin;
023import org.elasticsearch.rest.RestModule;
024import org.elasticsearch.transport.TransportModule;
025
026import de.saly.es.example.tssl.netty.SSLNettyTransport;
027import de.saly.es.example.tssl.netty.UnexpectedSecurityException;
028import de.saly.es.example.tssl.rest.TSslRestAction;
029import de.saly.es.example.tssl.util.ConfigConstants;
030
031public class TSslPlugin extends AbstractPlugin {
032
033    private final Settings settings;
034
035    public TSslPlugin(final Settings settings) {
036        this.settings = settings;
037    }
038
039    @Override
040    public String name() {
041        return "elasticsearch-sample-plugin-tssl";
042    }
043
044    @Override
045    public String description() {
046        return "Elasticsearch example plugin which implements and enforces transport layer SSL/TLS encryption";
047    }
048
049    public void onModule(final TransportModule transportModule) {
050        transportModule.setTransport(SSLNettyTransport.class, name());
051    }
052
053    public void onModule(final RestModule restModule) {
054        restModule.addRestAction(TSslRestAction.class);
055    }
056
057    @Override
058    public Settings additionalSettings() {
059        final ImmutableSettings.Builder settingsBuilder = ImmutableSettings.settingsBuilder();
060        if (settings.getAsBoolean(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_ENABLED, false)) {
061            final String keystoreFilePath = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_FILEPATH,
062                    System.getProperty("javax.net.ssl.keyStore", null));
063            final String truststoreFilePath = settings.get(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_FILEPATH,
064                    System.getProperty("javax.net.ssl.trustStore", null));
065
066            if (StringUtils.isBlank(keystoreFilePath) || StringUtils.isBlank(truststoreFilePath)) {
067                throw new UnexpectedSecurityException(ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_KEYSTORE_FILEPATH + " and "
068                        + ConfigConstants.SECURITY_SSL_TRANSPORT_NODE_TRUSTSTORE_FILEPATH + " must be set if transport ssl is reqested.");
069            }
070        }
071        return settingsBuilder.build();
072    }
073}