File tree 3 files changed +71
-570
lines changed
libs/ssl-config/src/main/java/org/opensearch/common/ssl
server/src/main/java/org/opensearch/common/settings
3 files changed +71
-570
lines changed Original file line number Diff line number Diff line change 3232
3333package org .opensearch .common .ssl ;
3434
35+ import org .bouncycastle .pkcs .PKCSException ;
36+
3537import javax .net .ssl .KeyManagerFactory ;
3638import javax .net .ssl .X509ExtendedKeyManager ;
3739
@@ -82,7 +84,12 @@ public X509ExtendedKeyManager createKeyManager() {
8284
8385 private PrivateKey getPrivateKey () {
8486 try {
85- final PrivateKey privateKey = PemUtils .readPrivateKey (key , () -> keyPassword );
87+ final PrivateKey privateKey = PemUtils .readPrivateKey (key , () -> {
88+ if (keyPassword .length == 0 ) {
89+ throw new SslConfigException ("cannot read encrypted key [" + key .toAbsolutePath () + "] without a password" );
90+ }
91+ return keyPassword ;
92+ });
8693 if (privateKey == null ) {
8794 throw new SslConfigException ("could not load ssl private key file [" + key + "]" );
8895 }
@@ -91,7 +98,7 @@ private PrivateKey getPrivateKey() {
9198 throw new SslConfigException ("the configured ssl private key file [" + key .toAbsolutePath () + "] does not exist" , e );
9299 } catch (IOException e ) {
93100 throw new SslConfigException ("the configured ssl private key file [" + key .toAbsolutePath () + "] cannot be read" , e );
94- } catch (GeneralSecurityException e ) {
101+ } catch (PKCSException e ) {
95102 throw new SslConfigException ("cannot load ssl private key file [" + key .toAbsolutePath () + "]" , e );
96103 }
97104 }
You can’t perform that action at this time.
0 commit comments