Add back sslContext() to SslContextHandler. Used in tests.

finnegancarroll · finnegancarroll · commit 9614f9e92a74 · 2025-06-25T11:52:01.000-07:00
Signed-off-by: Finn Carroll &lt;carrofin@amazon.com&gt;
diff --git a/src/main/java/org/opensearch/security/ssl/OpenSearchSecureSettingsFactory.java b/src/main/java/org/opensearch/security/ssl/OpenSearchSecureSettingsFactory.java
@@ -240,7 +240,7 @@ public Optional<SecureAuxTransportSettingsProvider> getSecureAuxTransportSetting
             @Override
             public Optional<SSLContext> buildSecureAuxServerTransportContext(Settings settings, AuxTransport transport) {
                 CertType auxCertType = new CertType(transport.settingKey());
-                return sslSettingsManager.sslContextHandler(auxCertType).map(SslContextHandler::sslContext);
+                return sslSettingsManager.sslContextHandler(auxCertType).map(SslContextHandler::tryFetchSSLContext);
             }
 
             @Override
diff --git a/src/main/java/org/opensearch/security/ssl/SslContextHandler.java b/src/main/java/org/opensearch/security/ssl/SslContextHandler.java
@@ -67,16 +67,24 @@ public SslConfiguration sslConfiguration() {
     }
 
     /**
-     * Only JDK provider is supported, so we expect only JdkSslContext.
-     * @return null if context cannot be fetched from io.netty.handler.ssl.SslContext child type.
+     * Attempt to fetch the underlying io.netty.handler.ssl.SslContext as a javax SSLContext.
+     * As JDK is the only supported provider we expect sslContext is always of type JdkSslContext,
+     * allowing us to extract the javax.net.ssl.SSLContext delegate. Providing a javax SSLContext is
+     * desirable for dependencies which want to access security settings without taking on netty as a dependency.
+     * @return null if context cannot be fetched as JdkSslContext.
      */
-    public SSLContext sslContext() {
+    public SSLContext tryFetchSSLContext() {
         if (sslContext instanceof JdkSslContext) {
             return ((JdkSslContext) sslContext).context();
         }
         return null;
     }
 
+    // public for testing
+    public SslContext sslContext() {
+        return sslContext;
+    }
+
     public Stream<Certificate> certificates() {
         return Stream.concat(authorityCertificates(), keyMaterialCertificates())
             .sorted((c1, c2) -> Boolean.compare(c1.hasPrivateKey(), c2.hasPrivateKey()));

Original file line number	Diff line number	Diff line change
`@@ -240,7 +240,7 @@ public Optional<SecureAuxTransportSettingsProvider> getSecureAuxTransportSetting`
`240`	`240`	`@Override`
`241`	`241`	`public Optional<SSLContext> buildSecureAuxServerTransportContext(Settings settings, AuxTransport transport) {`
`242`	`242`	`CertType auxCertType = new CertType(transport.settingKey());`
`243`		`- return sslSettingsManager.sslContextHandler(auxCertType).map(SslContextHandler::sslContext);`
	`243`	`+ return sslSettingsManager.sslContextHandler(auxCertType).map(SslContextHandler::tryFetchSSLContext);`
`244`	`244`	`}`
`245`	`245`
`246`	`246`	`@Override`