From d7612f09387bc73d32baf906626697244537f5cf Mon Sep 17 00:00:00 2001
From: Greg Nieman <nemonster@users.noreply.github.com>
Date: Wed, 16 Oct 2019 14:19:23 -0400
Subject: [PATCH] Fix for issue with --noVerify not working. (#319)

---
 pom.xml                                       |  2 +-
 .../elastic/support/ElasticClientService.java | 16 ++-------
 .../support/rest/RestClientBuilder.java       | 34 +++++++++++++++----
 3 files changed, 31 insertions(+), 21 deletions(-)

diff --git a/pom.xml b/pom.xml
index 30de1fae..a504f2aa 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>com.elasticsearch</groupId>
     <artifactId>support-diagnostics</artifactId>
-    <version>7.1.0</version>
+    <version>7.1.1</version>
     <packaging>jar</packaging>
     <name>Support Diagnostics Utilities</name>
     <properties>
diff --git a/src/main/java/com/elastic/support/ElasticClientService.java b/src/main/java/com/elastic/support/ElasticClientService.java
index 49c3eb2a..2f4c082e 100644
--- a/src/main/java/com/elastic/support/ElasticClientService.java
+++ b/src/main/java/com/elastic/support/ElasticClientService.java
@@ -25,20 +25,14 @@ protected RestClient createEsRestClient(BaseConfig config, ElasticClientInputs i
         builder.setBypassVerify(inputs.isSkipVerification())
                 .setHost(inputs.getHost())
                 .setPort(inputs.getPort())
-                .setScheme(inputs.getScheme());
-
-
-
-        builder
+                .setScheme(inputs.getScheme())
                 .setConnectTimeout(config.getRestConfig().get("connectTimeout") * 1000)
                 .setRequestTimeout(config.getRestConfig().get("requestTimeout") * 1000)
                 .setSocketTimeout(config.getRestConfig().get("socketTimeout") * 1000)
                 .setProxyHost(inputs.getProxyUser())
                 .setProxPort(inputs.getProxyPort())
                 .setProxyUser(inputs.getUser())
-                .setProxyPass(inputs.getProxyPassword())
-                .setBypassVerify(inputs.isSkipVerification());
-
+                .setProxyPass(inputs.getProxyPassword());
 
         if (inputs.isSecured()) {
             builder.setUser(inputs.getUser())
@@ -60,11 +54,7 @@ RestClientBuilder setupBuilder(BaseConfig config, ElasticClientInputs inputs){
         return builder
                 .setConnectTimeout(config.getRestConfig().get("connectTimeout") * 1000)
                 .setRequestTimeout(config.getRestConfig().get("requestTimeout") * 1000)
-                .setSocketTimeout(config.getRestConfig().get("socketTimeout") * 1000)
-                .setProxyHost(inputs.getProxyUser())
-                .setProxPort(inputs.getProxyPort())
-                .setProxyUser(inputs.getUser())
-                .setProxyPass(inputs.getProxyPassword());
+                .setSocketTimeout(config.getRestConfig().get("socketTimeout") * 1000);
     }
 
 
diff --git a/src/main/java/com/elastic/support/rest/RestClientBuilder.java b/src/main/java/com/elastic/support/rest/RestClientBuilder.java
index cf7320b4..000b1013 100644
--- a/src/main/java/com/elastic/support/rest/RestClientBuilder.java
+++ b/src/main/java/com/elastic/support/rest/RestClientBuilder.java
@@ -29,7 +29,9 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
 import java.io.File;
 import java.io.FileInputStream;
 import java.security.KeyStore;
@@ -186,9 +188,19 @@ public RestClient build() {
             }
 
             SSLContext sslCtx = sslContextBuilder.build();
-            SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslCtx);
+            //SSLConnectionSocketFactory factory = new SSLConnectionSocketFactory(sslCtx);
             clientBuilder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslCtx));
 
+            SSLConnectionSocketFactory factory = null;
+            if (bypassVerify) {
+                factory = new SSLConnectionSocketFactory(sslCtx, NoopHostnameVerifier.INSTANCE);
+                clientBuilder.setSSLSocketFactory(factory);
+            }
+            else{
+                factory = new SSLConnectionSocketFactory(sslCtx);
+                clientBuilder.setSSLSocketFactory(factory);
+            }
+
             // If and when we start making connections to multinple nodes this will
             // need to be turned on. Note that we need to create a registry for socket factories
             // for both http and https or pooling will not work.
@@ -202,12 +214,7 @@ public RestClient build() {
                 clientBuilder.setConnectionManager(mgr);
             }
 
-            if (bypassVerify) {
-                clientBuilder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslCtx, new NoopHostnameVerifier()));
-            }
-            else{
-                clientBuilder.setSSLSocketFactory(new SSLConnectionSocketFactory(sslCtx));
-            }
+
         }
         catch (Exception e){
             logger.log(SystemProperties.DIAG, "Connection setup failed", e);
@@ -259,5 +266,18 @@ public RestClient build() {
 
     }
 
+    /**
+     * This overrides any hostname mismatch in the certificate
+     */
+    private class BypassHostnameVerifier implements HostnameVerifier {
+
+        public boolean verify(String hostname, SSLSession session) {
+            return true;
+        }
+
+    }
+
 }
 
+
+