Skip to content

Commit 49bcba3

Browse files
finnegancarrollfinnegancarroll
committed
Remove some extraneous settings (store type/alias) not exposed to user/docs.
Signed-off-by: Finn Carroll <[email protected]>
1 parent ca85266 commit 49bcba3

File tree

2 files changed

+0
-54
lines changed

2 files changed

+0
-54
lines changed

src/main/java/org/opensearch/security/ssl/OpenSearchSecuritySSLPlugin.java

Lines changed: 0 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -687,52 +687,13 @@ public List<Setting<?>> getSettings() {
687687
)
688688
);
689689
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_CLIENTAUTH_MODE, Property.NodeScope, Property.Filtered));
690-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_KEYSTORE_ALIAS, Property.NodeScope, Property.Filtered));
691690
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_KEYSTORE_FILEPATH, Property.NodeScope, Property.Filtered));
692-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_KEYSTORE_TYPE, Property.NodeScope, Property.Filtered));
693-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_TRUSTSTORE_ALIAS, Property.NodeScope, Property.Filtered));
694691
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_TRUSTSTORE_FILEPATH, Property.NodeScope, Property.Filtered));
695-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_TRUSTSTORE_TYPE, Property.NodeScope, Property.Filtered));
696692
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_PEMCERT_FILEPATH, Property.NodeScope, Property.Filtered));
697693
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_PEMKEY_FILEPATH, Property.NodeScope, Property.Filtered));
698694
settings.add(
699695
Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_PEMTRUSTEDCAS_FILEPATH, Property.NodeScope, Property.Filtered)
700696
);
701-
settings.add(Setting.simpleString(SSLConfigConstants.SECURITY_SSL_AUX_CRL_FILE, Property.NodeScope, Property.Filtered));
702-
settings.add(Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_VALIDATE, false, Property.NodeScope, Property.Filtered));
703-
settings.add(
704-
Setting.boolSetting(
705-
SSLConfigConstants.SECURITY_SSL_AUX_CRL_PREFER_CRLFILE_OVER_OCSP,
706-
false,
707-
Property.NodeScope,
708-
Property.Filtered
709-
)
710-
);
711-
settings.add(
712-
Setting.boolSetting(
713-
SSLConfigConstants.SECURITY_SSL_AUX_CRL_CHECK_ONLY_END_ENTITIES,
714-
true,
715-
Property.NodeScope,
716-
Property.Filtered
717-
)
718-
);
719-
settings.add(
720-
Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_DISABLE_CRLDP, false, Property.NodeScope, Property.Filtered)
721-
);
722-
settings.add(
723-
Setting.boolSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_DISABLE_OCSP, false, Property.NodeScope, Property.Filtered)
724-
);
725-
settings.add(
726-
Setting.longSetting(SSLConfigConstants.SECURITY_SSL_AUX_CRL_VALIDATION_DATE, -1, -1, Property.NodeScope, Property.Filtered)
727-
);
728-
settings.add(
729-
Setting.boolSetting(
730-
SSLConfigConstants.SECURITY_SSL_AUX_ENFORCE_CERT_RELOAD_DN_VERIFICATION,
731-
true,
732-
Property.NodeScope,
733-
Property.Filtered
734-
)
735-
);
736697

737698
return settings;
738699
}

src/main/java/org/opensearch/security/ssl/util/SSLConfigConstants.java

Lines changed: 0 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -115,7 +115,6 @@ public final class SSLConfigConstants {
115115
*/
116116
public static final String AUX_SETTINGS = "aux";
117117
public static final String SSL_AUX_PREFIX = SSL_PREFIX + AUX_SETTINGS + ".";
118-
public static final String SSL_AUX_CRL_PREFIX = SSL_AUX_PREFIX + "crl.";
119118

120119
// aux enable settings
121120
public static final boolean SECURITY_SSL_AUX_ENABLED_DEFAULT = false; // aux transports are optional
@@ -129,29 +128,15 @@ public final class SSLConfigConstants {
129128
public static final String[] ALLOWED_OPENSSL_AUX_PROTOCOLS_PRIOR_OPENSSL_1_1_1_BETA_9 = { "TLSv1.2", "TLSv1.1", "TLSv1" };
130129

131130
// aux keystore settings
132-
public static final String SECURITY_SSL_AUX_KEYSTORE_TYPE = SSL_AUX_PREFIX + KEYSTORE_TYPE;
133-
public static final String SECURITY_SSL_AUX_KEYSTORE_ALIAS = SSL_AUX_PREFIX + KEYSTORE_ALIAS;
134131
public static final String SECURITY_SSL_AUX_KEYSTORE_FILEPATH = SSL_AUX_PREFIX + KEYSTORE_FILEPATH;
135132
public static final String SECURITY_SSL_AUX_PEMKEY_FILEPATH = SSL_AUX_PREFIX + PEM_KEY_FILEPATH;
136133
public static final String SECURITY_SSL_AUX_PEMCERT_FILEPATH = SSL_AUX_PREFIX + PEM_CERT_FILEPATH;
137134

138135
// aux truststore settings
139136
public static final String SECURITY_SSL_AUX_CLIENTAUTH_MODE = SSL_AUX_PREFIX + CLIENT_AUTH_MODE;
140-
public static final String SECURITY_SSL_AUX_TRUSTSTORE_TYPE = SSL_AUX_PREFIX + TRUSTSTORE_TYPE;
141-
public static final String SECURITY_SSL_AUX_TRUSTSTORE_ALIAS = SSL_AUX_PREFIX + TRUSTSTORE_ALIAS;
142137
public static final String SECURITY_SSL_AUX_TRUSTSTORE_FILEPATH = SSL_AUX_PREFIX + TRUSTSTORE_FILEPATH;
143-
public static final String SECURITY_SSL_AUX_ENFORCE_CERT_RELOAD_DN_VERIFICATION = SSL_AUX_PREFIX + ENFORCE_CERT_RELOAD_DN_VERIFICATION;
144138
public static final String SECURITY_SSL_AUX_PEMTRUSTEDCAS_FILEPATH = SSL_AUX_PREFIX + PEM_TRUSTED_CAS_FILEPATH;
145139

146-
// aux cert revocation list settings
147-
public static final String SECURITY_SSL_AUX_CRL_FILE = SSL_AUX_CRL_PREFIX + "file_path";
148-
public static final String SECURITY_SSL_AUX_CRL_VALIDATE = SSL_AUX_CRL_PREFIX + "validate";
149-
public static final String SECURITY_SSL_AUX_CRL_PREFER_CRLFILE_OVER_OCSP = SSL_AUX_CRL_PREFIX + "prefer_crlfile_over_ocsp";
150-
public static final String SECURITY_SSL_AUX_CRL_CHECK_ONLY_END_ENTITIES = SSL_AUX_CRL_PREFIX + "check_only_end_entities";
151-
public static final String SECURITY_SSL_AUX_CRL_DISABLE_OCSP = SSL_AUX_CRL_PREFIX + "disable_ocsp";
152-
public static final String SECURITY_SSL_AUX_CRL_DISABLE_CRLDP = SSL_AUX_CRL_PREFIX + "disable_crldp";
153-
public static final String SECURITY_SSL_AUX_CRL_VALIDATION_DATE = SSL_AUX_CRL_PREFIX + "validation_date";
154-
155140
/**
156141
* Transport layer (node-to-node) settings.
157142
* Transport layer acts both as client and server within the cluster.

0 commit comments

Comments
 (0)