[GitHub] [beam] damccorm opened a new issue, #20525: SSL authentication key set to trustMaterial instead of keyMaterial

[GitBox <gi...@apache.org>]

damccorm opened a new issue, #20525:
URL: https://github.com/apache/beam/issues/20525

   If I set 
   ElasticsearchIO.ConnectionConfiguration#withKeystorePath
   the keystore is set to trustMaterial which I think is wrong, because this keystore is suppose to be truststore for certificates.
   
   So if I use keyStoreKey instead of username and pass:
   ```
   
     ElasticsearchIO.write()
         .withConnectionConfiguration(
         ElasticsearchIO.ConnectionConfiguration
   
            .create(config.addresses().toArray(new String[0]), config.index(), config.type())
         .withKeystorePath(config.keystorePath())
   
          .withKeystorePassword("somepassword")
           .withTrustSelfSignedCerts(true));
   
   ```
   
   
   I cannot authenticate.
   
   I got
   ```
   
   Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
   
   ```
   
   because the authetication key is set to trustMaterial instead of keyMaterial
   
   ```
   
   SSLContexts.custom().loadTrustMaterial(keyStore, trustStrategy).build();
   
   ```
   
   via [code](https://github.com/apache/beam/blob/release-2.19.0/sdks/java/io/elasticsearch/src/main/java/org/apache/beam/sdk/io/elasticsearch/ElasticsearchIO.java#L439)
   
   
   I am working on fix
   
   Imported from Jira [BEAM-10723](https://issues.apache.org/jira/browse/BEAM-10723). Original Jira may contain additional context.
   Reported by: marek.simunek.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscribe@beam.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org