From 370406bdc0079e4cdab8522c62fd9041b7ee269b Mon Sep 17 00:00:00 2001 From: jaymode Date: Tue, 7 Jun 2016 08:56:42 -0400 Subject: [PATCH] test: update active directory certificate This change removes the old active directory certificate and replaces it with the AD CA certificate that is valid until 2029 instead of needing to be changed yearly. Closes elastic/elasticsearch#2440 Original commit: elastic/x-pack-elasticsearch@2f05bdfd015ef86ae7b8d9111b56cc60bb69d588 --- .../ActiveDirectoryGroupsResolverTests.java | 2 -- .../test/ShieldSettingsSource.java | 2 +- .../shield/authc/ldap/support/ldaptrust.jks | Bin 2810 -> 2111 bytes .../ssl/certs/simple/active-directory-ca.crt | Bin 0 -> 1414 bytes .../transport/ssl/certs/simple/activedir.crt | Bin 2338 -> 0 bytes .../certs/simple/testnode-no-subjaltname.jks | Bin 6983 -> 6284 bytes .../transport/ssl/certs/simple/testnode.jks | Bin 7104 -> 6405 bytes 7 files changed, 1 insertion(+), 3 deletions(-) create mode 100644 elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt delete mode 100644 elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java index 09df0fc35cb..a8545833124 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/activedirectory/ActiveDirectoryGroupsResolverTests.java @@ -6,7 +6,6 @@ package org.elasticsearch.shield.authc.activedirectory; import com.unboundid.ldap.sdk.Filter; -import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.shield.authc.ldap.GroupsResolverTestCase; @@ -23,7 +22,6 @@ import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.is; @Network -@LuceneTestCase.AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2440") public class ActiveDirectoryGroupsResolverTests extends GroupsResolverTestCase { public static final String BRUCE_BANNER_DN = "cn=Bruce Banner,CN=Users,DC=ad,DC=test,DC=elasticsearch,DC=com"; diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java index 6e148315bda..f438116cd7c 100644 --- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java +++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java @@ -217,7 +217,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ return getSSLSettingsForPEMFiles("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.pem", "testnode", Collections.singletonList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), Arrays.asList("/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-client-profile.crt", - "/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt", + "/org/elasticsearch/shield/transport/ssl/certs/simple/active-directory-ca.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/testclient.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/openldap.crt", "/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.crt"), diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/authc/ldap/support/ldaptrust.jks index 37f8edfe8449702c16a813bab61626f335acc5b1..2b8287d88f094742e02557fbdf85d9d70447c637 100644 GIT binary patch delta 741 zcmV?1c8$R0U&>~ zO=iH!`dDle`a&W@Wvj2n#|!s8O^oR?IRGol|7lcfqZMzd8@PJ}=9|{H3@1#QW(7Sb{-w zgSw0APX{B6qbf}4xO>(_D`f#JIcOlUjep#lQ| z00E;>Fi$WG1_Mh@YjC=Ku8x)Y8-kB2rjlUs@w#lZ!RgFP?Nw;F?2B%$Wf+x z$x^4^w%vHaxu~jC`&h%n{DyJ1>(X?qhYlC@S2@QKE#t5qP{F@uyT>>IO9wS59&}8* z^zO@C24Gk=?;4!mgurPmb_m<>h|yQ2H&fy-6xztFXrH);KZzDY;3}D7|(q XMQIH zug%&lnNuaN-3(>_raw8#r1}K+58WvjCv817|5d)gj3sjN$6MZYpQtx-W@2V!U|ih9 z>}$}(>}jCS#;MK5$imoUF2cm3B&WdO!jR99%aF*B$&kn33}ojqlrR(l=^P+TWhgR` z1qQvWDvOwb2pb1bCo3yEGZUP}Xut=O=4WL5&%(mY#Ja$sf{jzF&7Co(G3$m*b_5vAgh&GBn-qFL>jrIo#uK5r_5Q-ljb)09~(z~<7bex zJWJzigT@yIjZYUeK3dRtzpe33PD)~dmA<~dv!88Zimt1VV{nM4bFiypkh6!Qi>|Yy z4p0J1k_QPpy99u!fYPL#%w$y~1Mk#IAQ_xmRF;{XS`3ncv+F_1^YhX&(@TpIOEUBG zbX=T)_JK%H#sSeNc?To_%s%$XsYNB3X_?81C8xylYgM3_o5=EIwr65HC`I&ho2938N>7<^Oosp5H@ti^9X@kZSu(V^q)YiD0 zm;i9}1cw7LKE>|Qdcr<+bVm3Ui|^o)K)*SbmSp4?WtLPL@WPWiBR4Apa}y&YL;t0; zJ4`1(yjzpoqcZXSNfWl~J(m>gRor`TuG`?RqknmtDEArNoq`wB)3$vnGOr01IV#9y z7Wn1aVFzV}^!?@uz58kmR%gWRS?`g+BVcB~g+tz3^Wx_%4SBOg7r$L=wsw}cxAbJg zoyj4Nmro|P@$S4U>giy-rZ0eloln7A|JF99ealvxm&SCP8Q$v3sbKk(ku#ffNBzD@ zZOs{lp&ugl|C<=hd*=J|l`lTBEnapb_rPtI3ek`;9Nbgei2APgn-JZ=2O&M;F^rCybv2}b@I#s8t ze*B;ZBGbbEXef*=!_q*Eeu6(XjAvQ8uxc83vNa$U1ho|$fw+C9&d#`xpg!y`sJ(M( z2QaMrN7J{aN_Yr@mjQIh(g>kPP>?xVZe82lUtBYQW|--js7_wU6O;V)hx6myR8lx* z5*{{8cCx!dM~Me5Q>(9$eZR&^JNF>$k8mFjl@!dV0|Bh>cHb6u&snb=pxmhKCfCt7 z)c}bJgam=vOS5Azg~<#PA+!Sl8$oL85i*dQVCcc^Nskfl>GgtFBzm32d&B*-Vf5Jg z`i-u?P;%)|?9sygsR@YqQ^x4*!PoD<4fCI3{g}S86XuH}Uh|`|WMVxVI*9&OAM!cn zd7(uR$ea!HM+G&S$-M7C1#6r_;Kjz#=-njsf)poFg5xkTqJVE;s0n%yYubhZkwx?% zvz>cxHJ=KD06`c4y{?fDbn0?&*XSDp7vub;+w9Q15I1U8kB5iM85?FMAIVQdk3|9( zmB*)xrb}50AimvHMJIDNY8}s$h%YBm=636|**nYW%Pr<55_c%1bts+DjSkyKl^$2! z3T`Rx#nS~ovxqy?tn9a(OSom2xDR64et)!VSZxn-%Z@%=4&H{jFQX@y%}(g!esq*W z>_0B-zV%1`;WS~<$ftCA#1-2gv_tc2)30Je0pDX~1llV2h)Mz5B-bDys<5r|Ej^XwPR zEYs$APo4RYK-87XcHA(xREr7P&SxE^i(y{BUqdvitSFs2_%7N<>Q5O_e5JXWqO98d zV_O{zEmEwkFM9ltmuDepP zx-gX!DPgUTfuGifd7ACzZB<+w=K59}n%g)NWzt@C^{lR|swF!Oe}%J?qA{26Z#nPw z2W3$9{G_hOXGA0TE-OhbH23&8EQu^(RXWx7G^fJ%RcQ9l#hv1KD$?AxrI0^7-DfhI zN)+r?Em>soLU+_;T@7Cw67Q7p(z0i_I%qD#`#bz(oGt*z6~qnmYpEiv|IecR7tj&8 AApigX literal 0 HcmV?d00001 diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/activedir.crt deleted file mode 100644 index 49a4416a2cf1addbb0197fb0eb59e6c36dbf8d50..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2338 zcmai0*|MrS5Pjz>?z?qLK;6n?62c4`W_S~DhtXLXzWzq{+2`D;>ZXe7N)y`EtGk!^ z@q;ahRo(dmVb|9c9RVM|oIf~Q*VU#*2*wu*dL06)`(6*&+Rc^KI(+CjkjZP$)&v|# zn@ibLs?_rkkek8*8P06i?lDPBlz$KELzyq!GnXu! zHi?aTFXO<5x{7G$8K=(QR6_&YCW4yV<_j|58W2cNMpNyLX0G2-fK!DUC6~(hV8dPo zLV&?whe<^4ZZN<=a1A0j3JDF_!wR+n2ikBM%RUxtIUk%FFYQSeI9oZroZ{Q*e>s`2 z-^wo^`3`({e?m@#pNO&2glaf(1zMFUTJdS@@KzVz5@z?2Go_I-CL(>jdC+yJ*Z(9C zD*$W}2gnAnNNc}f~MkG2+qEulsX9=CR!g6(}N*WDxt(yGi7_|fcL>3B+wBiGsE z6al*i6E2kHyn1R;>Ppa2`re3Xzct$;Q!DwARP#ZKt*diNRzM6=;ogRDo;Hy|Uh1Zo2^3g!2nLLO*3$a;7KY7bHZM;r359w|73kjREaMd+pi5-6~@5v24A zDOMoKW#EG?q)w=j4FsPX3;}z;2mJvs1gBKz%4hBX((Ism>-X=&^n2Q5HkkaZp2Yf*TciuQb_E)_Dr{z=IHcaKTiD`2nw8^YO^Q zy!tQyU$%=}_ARNSi+dQTFYQLE_KRC%-TLZ>;Jxt%td-fE3B17Z-9YgO zUqTlNGVuo4ufNjd{xeU^0t5~Y(EA`MBICA??AETKmB!7>`e|&4OgCDN4c05#FUQZl zoQbP$9~DC0DNJCbhlO4Fjp}9NH;FeF+Y_yty);gr ziTD-JSKFzOrHW$`*6u{9+IL}HVCN-i(=Kv6AG>E(p>ZD>0t@oYTKL>YE1r>={iW3* zlQa)bHG<>B9>7|bO&BDBW&=~D+5LZs<^I7e^a6Y%{89?Eu*z5?8NS|oVz_!))>LEB zwRIZXUuW2!`>TV9(j)EKV-XuHX9l}^^TAa6ZNHTJP3CX)W+cAl`_1S}!grzr$=}Ee z=1HeasV_Z~?%XB|SAMm5&WL8E8`^^H$?S%&x_ae zY)H_Q$vl0M+CQT9$MX!S$oNOob5ZH_B?Kz zcgyFQm02tYF8qYabN=B5{lb=Jhx5k{tEZ1F$#OY^_NO&1Rd-(c9nafi`8cvm!{Gq~ zd=xw|H@48^@|m4KH=c7Q2PV8_VI|{4b^UUHTje>4tESnd&q7Nlf7v>Xm#=5f#d*xH b{(487^=-lJRad>3e9paZJlK){eGB>%(|zs| diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode-no-subjaltname.jks index 81f947afcc149ed23d452ac182283f813d1d2543..ec482775bd055647acc6297c5368a74ad8388c70 100644 GIT binary patch delta 701 zcmV;u0z&=AHjFW_V+;jVD%ZJPlOYos5fE4nxUEvV7K%WC;olM}KUR~K44V`(GBh$; z7Y#BwFgP+dF*Y+YG%{L~qzr+Q7$ASMO=iH!`dDle`a&W@Wvj2n#|!s8O^oR?IRGol|7l zcfqZMzd8@PJ}=9|{H3@1#QW(7Sb{-wgSw0APX{B6qbf}4xO>(_D`f#JIcOlUFi$WG1_M($0R#bpHx&T{0|Eg6FbxI?Duzgg_YDC7 z3k3iJf&l>lU~OPmJ+TZ-OCnWl=*DF5*8)ID7f)&&dI|_GwlS*Q1fy>*DV*%dMYc(k2w}rBKD#(|m{ffWU?MZh0Hn j{5?P@y>_z+6DkN4gTOsLL$l^x<9KtAB3rU1C-Pi+zqvPK delta 1579 zcmeA%JZ`ojna9X0Bu<^3fi*(U)WDK~fo+;W6Wb(%Cf2G2%uI|-Ov2s_3=B-7w=M>- zL^XW_vVpwGlXzzPnV6cGM~U+qni^ObnH!pcxds-7W(Fo~%%LpI!n&?GiNz(E$-$|K zMadbCDIuxFC3=Y|dLAV+C`}jMeuddhebh@*??Dt=tB~2=ZYdUYTW!5ZJQDs=Qc3Pc{ zfN%iA>ZnD+KJ}m8=dPXgcS&26l(EpH@PAKF`8;a5&$eZ^^^HSCZ?9iVy_j zFz97fS;P!P*f@YXSy|bcncyr&13r*6KO^IR78YhE)&&L?Y@Awc9&O)w89Dh`vJL7p zfhss4BFs!oObiW3d=@aDn~gJ}&4V$OnT1iy0EwfE%wa<2uo|$lv1;=%GqD?R!3}4J zxRj4Yj78-C(*Ls$)<_HGEUVAZGG59G;&Eh&GigUnX{ZH z&F%7(Ro3Q*l?@s{gH*_~G`==yd|}Y|bV1{z1&#OH8t>$!Bo+3uF*(Rpwy81W< zhj=;%yE+CrdpNr2Iy>qBC9ot-pm4pdvr7O-I-oQuCo@^q$iO?b5=aK87L{ctrxt^x zklD`pd1;yHrA3J)nfZA-F3v#vKqM%EgJ_gA4iW$+bNl4fqLR$C%;dz9)S%R|d>{?f z>yuerVxN>)Uz}>6pOlrFT;dGO9>uoFK|U@(nWD_3Qjn^E{LH)(gT~vi2xVksX*_4p zc-o-x1Wd?)sjYE0F#+J{2@VHTkJeMyr;g4DzXE-S?m4(5&})vRB^mie^_eA=29cm> z6=VrA2v{HwPyUjO3xrq%tb#2<3m;m$tX`MH|FBN7wu!VN#()=|+!?u98JL?G85!b# zF0oF@&ndh*Q|^I4eMUUv|I5LPPscl!FDgr0y2J46*T42ARezKpx%Dw$l41Y*DdcZV z$At~majF4()}|*p82O7ST<+==m>tC4;80~7)Ejd7$DJhOgvAasCLW2oIcbsNrn?JV zzc?MZTO%kjt*+vDV~NevhqpBKS%0W;?A+{I@G3y-{{J?kKdQG?l0Vk7eTlx!t{?L^ z{PT*%pHH^TH@nata&pe6U;EO8TvtU|{<(4>2qQmgdTcd(|9M5o3N^; x=y9WXv3Z(RyEdpiXW#;*+2qZU0`eRpa_S~d*H}xRJ?Wq1zQ(9;T1?;$ApnSkJ=y>O diff --git a/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks b/elasticsearch/x-pack/shield/src/test/resources/org/elasticsearch/shield/transport/ssl/certs/simple/testnode.jks index 39955d91a2ed2cbf5d9c97330a4ade007f502e47..f034f5b005a43c7c8d2508fa55fe2f6f88417b8e 100644 GIT binary patch delta 761 zcmVR?IRGol|7lcfqZMzd8@PJ}=9|{H3@1#QW(7Sb{-w zgSw0APX{B6qbf}4xO>(_D`f#JIcOlUjep#lQ| z00E;>Fi$WG1_Mh@YjC=Ku8x)Y8-kB2rjlUs@w#lZ!RgFP?Nw;F?2B%$Wf+x z$x^4^w%vHaxu~jC`&h%n{DyJ1>(X?qhYlC@S2@QKE#t5qP{F@uyT>>IO9wS59&}8* z^zO@C24Gk=?;4!mgurPmb_m<>h|yQ2H&fy-6xztFXrH);KZzDY;3}D7|(7 r000623Up<2bYpC3Wp1;M3LX&@vAzRV>9`2(%no+Y5lvoSR(apVnmb8A delta 1559 zcmZoQI$*xxCbN;>9Igi$46G4)rUsS_3~bX3n%E{8G_h7KU}j=uViNXdU|?YWFFx<; zjz$q)AREY=%)v4x)YQP-(9F=n*vQl%N}Siw49GQwat$niToX3tP!?ukUDuq%;*!kd z;MByTeAxb>1sRB#L>j^Kb2=b&NrBu}`kC*RlNVlDz(UbEB$gonDHv>(++jZ#Ftd z+Pcg;dq?)nM)vwQ$ErDJT$eJuvFk#i^V!|07Z)l<2HalSAIj&%6wdTo^|UG9_J+r^ zZA-t;h)$4Ok}03Qa8mk=Gn*rrm6;7?#rq%aDV^zl!B?DzGmeK(D?D0C;a!sc$FD`N z&Dt!PQzft63}yeOKRL>z`ULk6-6sm;d7!q{Xk!o;E^r@-LCkk63IkjRk9kjLN*WalxIFcbml93V_(C^C=* zhP@5qwPB{BPTygwn2R+ zPz47>gqewniJ<|B&jRLivvDT0c`&9jvoLBIAaQh&IZVhLRs(i6R&73JCUyfZxZ&&u zkszlCvIH3fERcu!vff;hae)wvfK{+XXyHR^m(}ZX_#f6u);5urk|3eL$0Eie(s(2& zb6I9tc~O#{2Zv~vgIyhioIM;} zbe$b_fD%|zJxJKuB>+SPlqTh5CaW45c&AnZ$>7wYvdrYvVvtmDJrc(`KQApay|gH? zBr`ux$Hf_FABY6y9T1I@eLw=h9AuxIT2zvmmYJMbk{Xm+mJg(XdVMmBOYD;pi&O3M zld@8iOPqljuh=#@$j1dJQIwff3Q`o1pP5%;P~UhPmRJ}WSsKq7G@dqSJOL9jU}|gJ zO-ukddV<3NpHH!SG>&+mIyxi#ip6(uNub{xOG`5Hi!w_pCvRXAsqep(c8BTYhj(jo zdsHUgKWV~tz2}mmihJ+PbsPM3^e;~n3;v?4YcW zzTZ5dcVCUc>WsKO>pc>91kCKWaL9XWUi`eJA#b+m;0Qd+Akz`6+q1c$NvlG*b-(S-NzOO-Uc7nMPSwn1&imKjm#b_0Z+k5i&ed_P9miy+`y8l=D)@(SMx~o*19RRE?DhL1o