From 1adaa83ab6ea1a4056cd8acac502bd27f8864e17 Mon Sep 17 00:00:00 2001
From: jsinovassin <jsinovassinnaik@jahia.com>
Date: Mon, 13 Oct 2025 12:08:10 +0200
Subject: [PATCH] UNOMI-911: fix sslcontext initialization

---
 .../ElasticSearchPersistenceServiceImpl.java     | 16 +++++++++-------
 .../ElasticsearchClientFactory.java              |  2 +-
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticSearchPersistenceServiceImpl.java b/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticSearchPersistenceServiceImpl.java
index 8117116d0..20eb85a5d 100644
--- a/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticSearchPersistenceServiceImpl.java
+++ b/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticSearchPersistenceServiceImpl.java
@@ -486,14 +486,15 @@ private List<HttpHost> getHosts() {
     }
 
     private void buildClient() throws NoSuchFieldException, IllegalAccessException {
-        final SSLContext sslContext;
-        try {
-            sslContext = SSLContext.getInstance("SSL");
-        } catch (NoSuchAlgorithmException e) {
-            throw new RuntimeException(e);
-        }
+        ElasticsearchClientFactory.ClientBuilder esClienBuilder = ElasticsearchClientFactory.builder();
 
         if (sslTrustAllCertificates) {
+            final SSLContext sslContext;
+            try {
+                sslContext = SSLContext.getInstance("SSL");
+            } catch (NoSuchAlgorithmException e) {
+                throw new RuntimeException(e);
+            }
             try {
                 sslContext.init(null, new TrustManager[] { new X509TrustManager() {
                     public X509Certificate[] getAcceptedIssuers() {
@@ -506,12 +507,13 @@ public void checkClientTrusted(X509Certificate[] certs, String authType) {
                     public void checkServerTrusted(X509Certificate[] certs, String authType) {
                     }
                 } }, new SecureRandom());
+                esClienBuilder.sslContext(sslContext);
             } catch (KeyManagementException e) {
                 LOGGER.error("Error creating SSL Context for trust all certificates", e);
             }
         }
 
-        esClient = ElasticsearchClientFactory.builder().hosts(getHosts()).socketTimeout(clientSocketTimeout).sslContext(sslContext)
+        esClient = esClienBuilder.hosts(getHosts()).socketTimeout(clientSocketTimeout)
                 .usernameAndPassword(username, password).build();
 
         buildBulkIngester();
diff --git a/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticsearchClientFactory.java b/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticsearchClientFactory.java
index 5606aad14..3873aca4c 100644
--- a/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticsearchClientFactory.java
+++ b/persistence-elasticsearch/core/src/main/java/org/apache/unomi/persistence/elasticsearch/ElasticsearchClientFactory.java
@@ -59,7 +59,7 @@ public static ElasticsearchClient createClient(
 
             builder.setHttpClientConfigCallback(httpClientBuilder -> {
                 if (sslContext != null) {
-                    httpClientBuilder.setSSLContext(sslContext);
+                    return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider).setSSLContext(sslContext);
                 }
                 return httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
             });