diff --git a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java index a3f0c39eed..a5eb7631f4 100644 --- a/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java +++ b/src/main/java/org/opensearch/security/ssl/config/SslCertificatesLoader.java @@ -14,7 +14,6 @@ import java.nio.file.Files; import java.nio.file.LinkOption; import java.nio.file.Path; -import java.security.KeyStore; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -27,6 +26,7 @@ import static org.opensearch.security.ssl.SecureSSLSettings.SECURE_SUFFIX; import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD; +import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_TYPE; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_KEY_PASSWORD; @@ -123,7 +123,7 @@ private KeyStoreConfiguration.JdkKeyStoreConfiguration buildJdkKeyStoreConfigura ) { return new KeyStoreConfiguration.JdkKeyStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + KEYSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + KEYSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(KEYSTORE_ALIAS, null), keyStorePassword, keyPassword @@ -137,7 +137,7 @@ private TrustStoreConfiguration.JdkTrustStoreConfiguration buildJdkTrustStoreCon ) { return new TrustStoreConfiguration.JdkTrustStoreConfiguration( resolvePath(environment.settings().get(sslConfigSuffix + TRUSTSTORE_FILEPATH), environment), - environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, KeyStore.getDefaultType()), + environment.settings().get(sslConfigSuffix + TRUSTSTORE_TYPE, DEFAULT_STORE_TYPE), settings.get(TRUSTSTORE_ALIAS, null), trustStorePassword ); diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java index 0a67e1a520..ffe0a02ffd 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java @@ -28,6 +28,8 @@ public final class SSLConfigConstants { + public static final String DEFAULT_STORE_TYPE = "JKS"; + public static final String SSL_PREFIX = "plugins.security.ssl."; public static final String HTTP_SETTINGS = "http"; diff --git a/src/test/java/org/opensearch/security/ssl/config/JdkSslCertificatesLoaderTest.java b/src/test/java/org/opensearch/security/ssl/config/JdkSslCertificatesLoaderTest.java index 829fc6a386..93df4ab7a2 100644 --- a/src/test/java/org/opensearch/security/ssl/config/JdkSslCertificatesLoaderTest.java +++ b/src/test/java/org/opensearch/security/ssl/config/JdkSslCertificatesLoaderTest.java @@ -30,6 +30,7 @@ import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.MatcherAssert.assertThat; import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_PASSWORD; +import static org.opensearch.security.ssl.util.SSLConfigConstants.DEFAULT_STORE_TYPE; import static org.opensearch.security.ssl.util.SSLConfigConstants.ENABLED; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_ALIAS; import static org.opensearch.security.ssl.util.SSLConfigConstants.KEYSTORE_FILEPATH; @@ -54,7 +55,7 @@ public class JdkSslCertificatesLoaderTest extends SslCertificatesLoaderTest { - static final Function resolveKeyStoreType = s -> isNull(s) ? KeyStore.getDefaultType() : s; + static final Function resolveKeyStoreType = s -> isNull(s) ? DEFAULT_STORE_TYPE : s; static final String SERVER_TRUSTSTORE_ALIAS = "server-truststore-alias";