Rebased main

Signed-off-by: Andrey Pleskach <ples@aiven.io>
willyborankin · Sep 18, 2024 · 044e516 · 044e516
1 parent e9d4f0a
commit 044e516
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 6 deletions.
diff --git a/src/main/java/org/opensearch/security/ssl/SslContextHandler.java b/src/main/java/org/opensearch/security/ssl/SslContextHandler.java
@@ -14,6 +14,7 @@
 import java.nio.charset.StandardCharsets;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.stream.Collectors;
@@ -153,9 +154,8 @@ private void validateNewCertificates(final List<Certificate> newCertificates) th
     private void invalidateSessions() {
         final var sessionContext = sslContext.sessionContext();
         if (sessionContext != null) {
-            final var sessionsIds = sessionContext.getIds();
-            while (sessionsIds.hasMoreElements()) {
-                final var session = sessionContext.getSession(sessionsIds.nextElement());
+            for (final var sessionId : Collections.list(sessionContext.getIds())) {
+                final var session = sessionContext.getSession(sessionId);
                 if (session != null) {
                     session.invalidate();
                 }

diff --git a/src/main/java/org/opensearch/security/ssl/config/Certificate.java b/src/main/java/org/opensearch/security/ssl/config/Certificate.java
@@ -11,6 +11,7 @@
 
 package org.opensearch.security.ssl.config;
 
+import java.lang.reflect.Method;
 import java.security.cert.CertificateParsingException;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -119,9 +120,10 @@ private List<String> parseOtherName(List<?> altName) {
             final ASN1Sequence sequence = ASN1Sequence.getInstance(asn1Primitive);
             final ASN1ObjectIdentifier asn1ObjectIdentifier = ASN1ObjectIdentifier.getInstance(sequence.getObjectAt(0));
             final ASN1TaggedObject asn1TaggedObject = ASN1TaggedObject.getInstance(sequence.getObjectAt(1));
-            ASN1Object maybeTaggedAsn1Primitive = asn1TaggedObject.getBaseObject();
+            Method getObjectMethod = getObjectMethod();
+            ASN1Object maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(asn1TaggedObject);
             if (maybeTaggedAsn1Primitive instanceof ASN1TaggedObject) {
-                maybeTaggedAsn1Primitive = ASN1TaggedObject.getInstance(maybeTaggedAsn1Primitive).getBaseObject();
+                maybeTaggedAsn1Primitive = (ASN1Primitive) getObjectMethod.invoke(maybeTaggedAsn1Primitive);
             }
             if (maybeTaggedAsn1Primitive instanceof ASN1String) {
                 return ImmutableList.of(asn1ObjectIdentifier.getId(), maybeTaggedAsn1Primitive.toString());
@@ -134,6 +136,15 @@ private List<String> parseOtherName(List<?> altName) {
         }
     }
 
+    static Method getObjectMethod() throws ClassNotFoundException, NoSuchMethodException {
+        Class<?> asn1TaggedObjectClass = Class.forName("org.bouncycastle.asn1.ASN1TaggedObject");
+        try {
+            return asn1TaggedObjectClass.getMethod("getBaseObject");
+        } catch (NoSuchMethodException ex) {
+            return asn1TaggedObjectClass.getMethod("getObject");
+        }
+    }
+
     public String serialNumber() {
         return certificate.getSerialNumber().toString();
     }

diff --git a/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java b/src/test/java/org/opensearch/security/ssl/SslContextHandlerTest.java
@@ -74,7 +74,7 @@ void writeCertificates(
     }
 
     @Test
-    public void failsIfCertificatesAreSame() throws Exception {
+    public void doesNothingIfCertificatesAreSame() throws Exception {
         final var sslContextHandler = sslContextHandler();
 
         final var sslContextBefore = sslContextHandler.sslContext();

diff --git a/src/test/java/org/opensearch/security/ssl/config/CertificateTest.java b/src/test/java/org/opensearch/security/ssl/config/CertificateTest.java
@@ -0,0 +1,38 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+package org.opensearch.security.ssl.config;
+
+import java.lang.reflect.Method;
+
+import org.junit.Test;
+
+import static org.hamcrest.CoreMatchers.notNullValue;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.junit.Assert.fail;
+
+public class CertificateTest {
+
+    @Test
+    public void testGetObjectMethod() {
+        try {
+            final Method method = Certificate.getObjectMethod();
+            assertThat("Method should not be null", method, notNullValue());
+            assertThat(
+                "One of the expected methods should be available",
+                method.getName().equals("getBaseObject") || method.getName().equals("getObject")
+            );
+        } catch (ClassNotFoundException | NoSuchMethodException e) {
+            fail("Exception should not be thrown: " + e.getMessage());
+        }
+    }
+
+}