From 7b448e54e0ea84ba3db9946d004ca63f0ebed483 Mon Sep 17 00:00:00 2001 From: Andrey Pleskach Date: Mon, 30 Dec 2024 19:39:45 +0100 Subject: [PATCH] Fix SSL config for JDK PKCS setup Fix issue #4961 by defaulting the keystore_keypassword setting to the same value as the keystore_password Signed-off-by: Andrey Pleskach --- .../security/ssl/config/SslCertificatesLoader.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java index a3f0c39eed..f3959bb946 100644 --- a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java +++ b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java @@ -62,6 +62,7 @@ public Tuple loadConfiguration(f final var settings = environment.settings(); final var sslConfigSettings = settings.getByPrefix(fullSslConfigSuffix); if (settings.hasValue(sslConfigSuffix + KEYSTORE_FILEPATH)) { + final var keyStorePassword = resolvePassword(sslConfigSuffix + KEYSTORE_PASSWORD, settings, DEFAULT_STORE_PASSWORD); return Tuple.tuple( environment.settings().hasValue(sslConfigSuffix + TRUSTSTORE_FILEPATH) ? buildJdkTrustStoreConfiguration( @@ -73,8 +74,12 @@ public Tuple loadConfiguration(f buildJdkKeyStoreConfiguration( sslConfigSettings, environment, - resolvePassword(sslConfigSuffix + KEYSTORE_PASSWORD, settings, DEFAULT_STORE_PASSWORD), - resolvePassword(fullSslConfigSuffix + KEYSTORE_KEY_PASSWORD, settings, DEFAULT_STORE_PASSWORD) + keyStorePassword, + resolvePassword( + fullSslConfigSuffix + KEYSTORE_KEY_PASSWORD, + settings, + keyStorePassword != null ? String.valueOf(keyStorePassword) : null + ) ) ); } else {