Add bcpkix-jdk15on runtimeOnly dependency to read keys with bouncycastle

build.gradle

@@ -372,6 +372,7 @@ dependencies {
     runtimeOnly 'org.apache.santuario:xmlsec:2.2.3'
     runtimeOnly 'com.github.luben:zstd-jni:1.5.0-2'
     runtimeOnly 'org.checkerframework:checker-qual:3.5.0'
+    runtimeOnly "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
 
 
     implementation 'org.apache.commons:commons-lang3:3.4'

src/test/java/org/opensearch/security/ssl/OpenSSLTest.java

@@ -175,7 +175,7 @@ public void testHttpsAndNodeSSLFailedCipher() throws Exception {
     @Test
     public void testHttpsAndNodeSSLPem() throws Exception {
         Assume.assumeTrue(OpenSearchSecuritySSLPlugin.OPENSSL_SUPPORTED && OpenSsl.isAvailable());
-        super.testHttpsAndNodeSSLPem();
+        super.testHttpsAndNodeSSLPKCS8Pem();
     }
 
     @Test

src/test/java/org/opensearch/security/ssl/SSLTest.java

@@ -265,7 +265,7 @@ public void testHttpsAndNodeSSL() throws Exception {
     }
 
     @Test
-    public void testHttpsAndNodeSSLPem() throws Exception {
+    public void testHttpsAndNodeSSLPKCS8Pem() throws Exception {
 
         final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true)
                 .put(ConfigConstants.SECURITY_SSL_ONLY, true)
@@ -301,6 +301,39 @@ public void testHttpsAndNodeSSLPem() throws Exception {
         Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE"));
     }
 
+    @Test
+    public void testHttpsAndNodeSSLPKCS1Pem() throws Exception {
+
+        final Settings settings = Settings.builder().put("plugins.security.ssl.transport.enabled", true)
+                .put(ConfigConstants.SECURITY_SSL_ONLY, true)
+                .put(SSLConfigConstants.SECURITY_SSL_HTTP_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL)
+                .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_ENABLE_OPENSSL_IF_AVAILABLE, allowOpenSSL)
+                .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMCERT_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0.crt.pem"))
+                .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMKEY_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-pkcs1.key.pem"))
+                .put(SSLConfigConstants.SECURITY_SSL_TRANSPORT_PEMTRUSTEDCAS_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/root-ca.pem"))
+                .put("plugins.security.ssl.transport.enforce_hostname_verification", false)
+                .put("plugins.security.ssl.transport.resolve_hostname", false)
+
+                .put("plugins.security.ssl.http.enabled", true)
+                .put("plugins.security.ssl.http.clientauth_mode", "REQUIRE")
+                .put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMCERT_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0.crt.pem"))
+                .put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMKEY_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/node-0-pkcs1.key.pem"))
+                .put(SSLConfigConstants.SECURITY_SSL_HTTP_PEMTRUSTEDCAS_FILEPATH, FileHelper. getAbsoluteFilePathFromClassPath("ssl/root-ca.pem"))
+                .build();
+
+        setupSslOnlyMode(settings);
+
+        RestHelper rh = restHelper();
+        rh.enableHTTPClientSSL = true;
+        rh.trustHTTPServerCertificate = true;
+        rh.sendAdminCertificate = true;
+
+        Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("TLS"));
+        Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").length() > 0);
+        Assert.assertTrue(rh.executeSimpleRequest("_nodes/settings?pretty").contains(clusterInfo.clustername));
+        Assert.assertTrue(rh.executeSimpleRequest("_opendistro/_security/sslinfo?pretty").contains("CN=node-0.example.com,OU=SSL,O=Test,L=Test,C=DE"));
+    }
+
     @Test
     public void testHttpsAndNodeSSLPemEnc() throws Exception {
 

src/test/resources/ssl/node-0-pkcs1.key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAh5j6Dy0HqaP5MZe+KLkby42pUJn7OaQfZ7AYHJXs8XQ0aB+3
+eHfl57ubGDlsbxZc9s88LuhPo1Y3Frgj7SbH/KVeD0nc04uSWDvhFlxbL27c+Top
+Pg75YTC8KcXy4mK+Bt1od28yxno6z18XroOoqBEf7086MY7MyDnduuLp/B1nwGij
+YM32k+KP9HJbRu9JMMt16GQYmbQtGJEqo5E8WAP/doTiH1f/cASSSoaiAR4Lzjhj
+bf6BEvtEQK51BFvqhG/qN229joyiOOexiLZb/bCdRdGebOOpOb9uBjqI1FlVc4Tg
+IfyCKm/QATinZMLCcSl6NcUTFgcJkUxZn9DaEwIDAQABAoIBAERT0a3UAwh4mBll
+XW0n2dm4iJkU/oMNMMYO9hdxdPQ2mjHdyZXq1O7wmjaauQlBO5ci1jDM31RvHVNV
+dsUJxbyJl9wcXCo9KoFLqyCZaVl9g9wScrXS1dcjt61VEg8Bsr/C0eFdJzjcXsYg
+JM7LiTEnb/Am/Cv8yTQb9J83uLBRXfTG965R05voFV5OkGvto+YUJH8AkNB0J8sl
+5xW/fWGSAVTGgZJ+qFJHW28J9gXR/gccqcGw0YAfxaEYcDCGofQgS8rqmbduiolS
+lJ7HHpr7iPx97B9R9b3h9rIaaliHgyXDVrNiG0vJGxlu8A3OZa80aUy0olbOoO4C
+JOykUAECgYEA9biE/Pt0J1maa9YvtXKGCc4BVpYISVRI/UqlVRbAvNmiw2Gk3dkv
+OGpwmFfcg5zvObHuagO8/gxPowRekrstbuYhbFDsqxF3klyuOjrNLIPFfd3s+JnA
+nw2pq106veUGcVlXiHFowfZsM6Ao/YC7RZHe+LVRwYC4WKmBOMdWuckCgYEAjUUf
+VhtayWpwcPfHvi64gTewPe7YtdY/loHod9D7BDLZhbQR87VKDtQXl0suS+mUAA4w
+ygxITwy88xbeojdkaspxt5yn+2cwVWF0xNAtLLs0RSxOAeCMDgS1GtCOdLXiDmr+
+u/qOLfypgs8fd0+zPmESwAE17kUNREfFBy48IvsCgYA3f295/AkmAhTgmkW4Q5+G
+g2LF/ajtdv3tR3jEGRl7DeS3IEyuVqlVoqS/o8iIaV+WtltU0ndTIdCyzv/VQDVo
+wM13u2dY098fzZMET9ebYD+wx/kHxSI+SkWyEKJ91UZ5P2aHyKWSeWfC2T+o0fR6
+KBImNj266Km6TL6E5nDuEQKBgCFv8vLWlq6F2wdiHo0NUe6D19tQ5Upk47gkF3oE
+pOVhg8r5zCX7CwRnfw34ZYTiTH2W3kV0ksjjIvYGu7t5kPMV58Sl97yxt+b9oj3T
+aF3mEYEt82jOVVgcFSG7q3xEcLUo7hJgQ7buztB/Zds/qhVhtKZtou46ueEne6Mv
+dlxxAoGBALPpHtIUdfQtGxj63Bq/VKOSUrDCHKhEmLa5Cd2EetpPoLsw3OrdykSB
+Q8y7/SOLOA6bLJ+OkCpzGFvylAcb+6R5HWVLSWoGD6njCCj1kflJ8LJgwxSfUf/V
+Oz3//TDGkH+1OuH34d0MXaHfzBMiPLlMG7pd35kmuDgIx4UjT6Ep
+-----END RSA PRIVATE KEY-----