diff --git a/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java b/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java index bdc391ec7f..36f3399e26 100644 --- a/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java +++ b/src/main/java/org/opensearch/security/filter/SecurityRequestFactory.java @@ -12,6 +12,8 @@ import org.opensearch.rest.RestRequest; import org.opensearch.rest.RestRequest.Method; +import io.netty.handler.ssl.SslHandler; + public class SecurityRequestFactory { public static SecurityRequest from() { @@ -38,9 +40,17 @@ public Map> getHeaders() { @Override public SSLEngine getSSLEngine() { - // TODO: this doesn't seem properly handled + if (underlyingRequest == null || underlyingRequest.getHttpChannel() == null || !(underlyingRequest.getHttpChannel() instanceof Netty4HttpChannel)) { + return null; + } - throw new UnsupportedOperationException("Unimplemented method 'getSSLEngine'"); + final Netty4HttpChannel httpChannel = (Netty4HttpChannel) underlyingRequest.getHttpChannel(); + SslHandler sslhandler = (SslHandler) httpChannel.getNettyChannel().pipeline().get("ssl_http"); + if (sslhandler == null && httpChannel.inboundPipeline() != null) { + sslhandler = (SslHandler) httpChannel.inboundPipeline().get("ssl_http"); + } + + return sslhandler != null ? sslhandler.engine() : null; } @Override @@ -80,8 +90,7 @@ public Optional asRestRequest() { @Override public Map params() { - // TODO Auto-generated method stub - throw new UnsupportedOperationException("Unimplemented method 'params'"); + return underlyingRequest.params(); } } diff --git a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java index 78b7138d09..df92bfc703 100644 --- a/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java +++ b/src/main/java/org/opensearch/security/ssl/util/SSLRequestHelper.java @@ -123,6 +123,10 @@ public static SSLInfo getSSLInfo( PrincipalExtractor principalExtractor ) throws SSLPeerUnverifiedException { final SSLEngine engine = request.getSSLEngine(); + if (engine == null) { + return null; + } + final SSLSession session = engine.getSession(); X509Certificate[] x509Certs = null;