Hide SSLService.sslContext and reloadSSLContext

Author: tvernum

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLService.java

@@ -375,11 +375,11 @@ public static boolean isSSLClientAuthEnabled(SslConfiguration sslConfiguration)
     /**
      * Returns the {@link SSLContext} for the configuration. Mainly used for testing
      */
-    public SSLContext sslContext(SslConfiguration configuration) {
+    SSLContext sslContext(SslConfiguration configuration) {
         return sslContextHolder(configuration).sslContext();
     }
 
-    public void reloadSSLContext(SslConfiguration configuration) {
+    void reloadSSLContext(SslConfiguration configuration) {
         sslContextHolder(configuration).reload();
     }
 

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/netty4/SimpleSecurityNetty4ServerTransportTests.java

@@ -31,7 +31,6 @@
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.ssl.SslClientAuthenticationMode;
-import org.elasticsearch.common.ssl.SslConfiguration;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.unit.ByteSizeValue;
 import org.elasticsearch.common.util.PageCacheRecycler;
@@ -66,6 +65,7 @@
 import org.elasticsearch.xpack.core.XPackSettings;
 import org.elasticsearch.xpack.core.common.socket.SocketAccess;
 import org.elasticsearch.xpack.core.ssl.SSLService;
+import org.elasticsearch.xpack.core.ssl.SslProfile;
 import org.elasticsearch.xpack.security.authc.CrossClusterAccessAuthenticationService;
 import org.elasticsearch.xpack.security.transport.SSLEngineUtils;
 import org.elasticsearch.xpack.security.transport.filter.IPFilter;
@@ -215,8 +215,8 @@ public void testRenegotiation() throws Exception {
         SSLService sslService = createSSLService(
             Settings.builder().put("xpack.security.transport.ssl.supported_protocols", "TLSv1.2").build()
         );
-        final SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        SocketFactory factory = sslService.sslSocketFactory(sslConfiguration);
+        final SslProfile sslProfile = sslService.profile("xpack.security.transport.ssl");
+        final SocketFactory factory = sslProfile.socketFactory();
         try (SSLSocket socket = (SSLSocket) factory.createSocket()) {
             SocketAccess.doPrivileged(() -> socket.connect(serviceA.boundAddress().publishAddress().address()));
 
@@ -267,8 +267,8 @@ public void testSNIServerNameIsPropagated() throws Exception {
         assumeFalse("Can't run in a FIPS JVM, TrustAllConfig is not a SunJSSE TrustManagers", inFipsJvm());
         SSLService sslService = createSSLService();
 
-        final SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        SSLContext sslContext = sslService.sslContext(sslConfiguration);
+        final SslProfile sslProfile = sslService.profile("xpack.security.transport.ssl");
+        final SSLContext sslContext = sslProfile.sslContext();
         final SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
         final String sniIp = "sni-hostname";
         final SNIHostName sniHostName = new SNIHostName(sniIp);
@@ -332,8 +332,8 @@ public void testInvalidSNIServerName() throws Exception {
         assumeFalse("Can't run in a FIPS JVM, TrustAllConfig is not a SunJSSE TrustManagers", inFipsJvm());
         SSLService sslService = createSSLService();
 
-        final SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        SSLContext sslContext = sslService.sslContext(sslConfiguration);
+        final SslProfile sslProfile = sslService.profile("xpack.security.transport.ssl");
+        final SSLContext sslContext = sslProfile.sslContext();
         final SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
         final String sniIp = "invalid_hostname";
 
@@ -859,8 +859,8 @@ public void testTcpHandshakeTimeout() throws IOException {
         assumeFalse("Can't run in a FIPS JVM, TrustAllConfig is not a SunJSSE TrustManagers", inFipsJvm());
         SSLService sslService = createSSLService();
 
-        final SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        SSLContext sslContext = sslService.sslContext(sslConfiguration);
+        final SslProfile sslProfile = sslService.profile("xpack.security.transport.ssl");
+        final SSLContext sslContext = sslProfile.sslContext();
         final SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
         // use latch to to ensure that the accepted socket below isn't closed before the handshake times out
         final CountDownLatch doneLatch = new CountDownLatch(1);
@@ -996,8 +996,8 @@ public void testTcpHandshakeConnectionReset() throws IOException, InterruptedExc
         assumeFalse("Can't run in a FIPS JVM, TrustAllConfig is not a SunJSSE TrustManagers", inFipsJvm());
         SSLService sslService = createSSLService();
 
-        final SslConfiguration sslConfiguration = sslService.getSSLConfiguration("xpack.security.transport.ssl");
-        SSLContext sslContext = sslService.sslContext(sslConfiguration);
+        final SslProfile sslProfile = sslService.profile("xpack.security.transport.ssl");
+        final SSLContext sslContext = sslProfile.sslContext();
         final SSLServerSocketFactory serverSocketFactory = sslContext.getServerSocketFactory();
         try (ServerSocket socket = serverSocketFactory.createServerSocket()) {
             socket.bind(getLocalEphemeral(), 1);

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/ssl/SSLErrorMessageCertificateVerificationTests.java

@@ -228,8 +228,8 @@ private static String randomCapitalization(Enum<?> enumValue) {
     }
 
     private MockWebServer initWebServer(SSLService sslService) throws IOException {
-        final SslConfiguration httpSslConfig = sslService.getSSLConfiguration(HTTP_SERVER_SSL);
-        final MockWebServer webServer = new MockWebServer(sslService.sslContext(httpSslConfig), false);
+        final SslProfile httpSslProfile = sslService.profile(HTTP_SERVER_SSL);
+        final MockWebServer webServer = new MockWebServer(httpSslProfile.sslContext(), false);
 
         webServer.enqueue(new MockResponse().setBody("{}").setResponseCode(200));
         webServer.start();