Source code

001/*
002Copyright 2015 Hendrik Saly
003
004Licensed under the Apache License, Version 2.0 (the "License");
005you may not use this file except in compliance with the License.
006You may obtain a copy of the License at
007
008    http://www.apache.org/licenses/LICENSE-2.0
009
010Unless required by applicable law or agreed to in writing, software
011distributed under the License is distributed on an "AS IS" BASIS,
012WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013See the License for the specific language governing permissions and
014limitations under the License.
015 */
016
017package de.saly.es.example.tssl.rest;
018
019import java.io.IOException;
020
021import org.elasticsearch.client.Client;
022import org.elasticsearch.common.inject.Inject;
023import org.elasticsearch.common.settings.Settings;
024import org.elasticsearch.common.xcontent.XContentBuilder;
025import org.elasticsearch.common.xcontent.json.JsonXContent;
026import org.elasticsearch.rest.BaseRestHandler;
027import org.elasticsearch.rest.BytesRestResponse;
028import org.elasticsearch.rest.RestChannel;
029import org.elasticsearch.rest.RestController;
030import org.elasticsearch.rest.RestRequest;
031import org.elasticsearch.rest.RestRequest.Method;
032import org.elasticsearch.rest.RestStatus;
033
034import de.saly.es.example.tssl.util.SecurityUtil;
035
036public class TSslRestAction extends BaseRestHandler {
037
038    @Inject
039    public TSslRestAction(final Settings settings, final Client client, final RestController controller) {
040        super(settings, controller, client);
041        controller.registerHandler(Method.GET, "/_tssl/state", this);
042        controller.registerHandler(Method.POST, "/_tssl/state", this);
043
044    }
045
046    @Override
047    protected void handleRequest(final RestRequest request, final RestChannel channel, final Client client) throws Exception {
048
049        if (request.param("cat") != null) {
050            final StringBuilder sb = new StringBuilder();
051            sb.append("enabled protocols\n");
052            for (final String protocol : SecurityUtil.ENABLED_SSL_PROTOCOLS) {
053                sb.append(protocol + "\n");
054            }
055
056            sb.append("\nenabled ciphers\n");
057            for (final String cipher : SecurityUtil.ENABLED_SSL_CIPHERS) {
058                sb.append(cipher + "\n");
059            }
060
061            sb.append("\nunlimited strength policy installed\n");
062            sb.append(SecurityUtil.UNLIMITED_STRENGTH_SUPPORTED);
063            channel.sendResponse(new BytesRestResponse(RestStatus.OK, "text/plain", sb.toString()));
064            return;
065        }
066
067        try {
068            final XContentBuilder builder = JsonXContent.contentBuilder();
069            builder.startObject();
070            builder.field("enabled_protocols", SecurityUtil.ENABLED_SSL_PROTOCOLS);
071            builder.field("enabled_chipers", SecurityUtil.ENABLED_SSL_CIPHERS);
072            builder.field("unlimited_strength_policy_installed", SecurityUtil.UNLIMITED_STRENGTH_SUPPORTED);
073            builder.endObject();
074            channel.sendResponse(new BytesRestResponse(RestStatus.OK, builder));
075        } catch (final IOException e) {
076            try {
077                channel.sendResponse(new BytesRestResponse(channel, e));
078            } catch (final IOException e1) {
079                logger.error("Failed to send a failure response.", e1);
080            }
081        }
082
083    }
084
085}