Java Client encrypted communication Doc bug

asidoren · December 10, 2018, 9:20pm

The Encrypted communication example in Java REST Client section is completely wrong.
The original ref:
https://www.elastic.co/guide/en/elasticsearch/client/java-rest/current/_encrypted_communication.html

Here is what should be there:

    KeyStore keystore = KeyStore.getInstance("jks");
    try (InputStream is = Files.newInputStream(keyStorePath)) {
        keystore.load(is, keyStorePass.toCharArray());
    }
    SSLContextBuilder sslBuilder = SSLContexts.custom()
        . loadKeyMaterial (keystore, null);
    final SSLContext sslContext = sslBuilder.build();
    RestClientBuilder builder = RestClient.builder(
        new HttpHost("localhost", 9200, "https"))
        .setHttpClientConfigCallback(new HttpClientConfigCallback() {
            @Override
            public HttpAsyncClientBuilder customizeHttpClient(
                    HttpAsyncClientBuilder httpClientBuilder) {
                return httpClientBuilder.setSSLContext(sslContext);
            }
        });

warkolm · December 10, 2018, 9:53pm

Can you please create a bug report at https://github.com/elastic/elasticsearch/issues?

TimV · December 11, 2018, 5:37am

I don't follow what you think is wrong about that example.

It is configuring a custom SSL context using a truststore as an example of connecting to an Elasticsearch node that uses a certificate from a non-standard CA.

Your example demonstrates how to provide a keystore, which is what you would need if you wish to connect to a node that requires client SSL certificates (PKI).
That's a valid example, but it's simply a different example than the one that is there. It doesn't mean that the existing example is wrong.

You could certainly make an argument that the example could have more explanation around it, but replacing it with a different example doesn't help that.

system · January 8, 2019, 5:37am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.