From 3a1b64bb12684c986cece28785e3a0599e26c7f2 Mon Sep 17 00:00:00 2001
From: Jay Modi <jaymode@users.noreply.github.com>
Date: Thu, 27 Jul 2017 14:03:05 -0600
Subject: [PATCH] Create the cryptoservice later in startup process
 (elastic/x-pack-elasticsearch#2087)

This commit moves the creation of the CryptoService to the createComponents method so that bootstrap
checks have been checked before the crypto service is instantiated. The cryptoservice was changed to
expect that the bootstrap check has passed before being instantiated in elastic/x-pack-elasticsearch#1831.

Original commit: elastic/x-pack-elasticsearch@cf11cf478290903a95b85abadef6c6a6d7bdbe26
---
 .../java/org/elasticsearch/xpack/XPackPlugin.java | 15 +++++++++++----
 .../elasticsearch/xpack/security/Security.java    |  5 +++--
 2 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
index 8eb2fe4c417..0bb4601167b 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
@@ -106,6 +106,7 @@ import org.elasticsearch.xpack.watcher.WatcherFeatureSet;
 
 import javax.security.auth.DestroyFailedException;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.nio.file.Path;
 import java.security.AccessController;
 import java.security.GeneralSecurityException;
@@ -205,7 +206,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
     protected Graph graph;
     protected MachineLearning machineLearning;
     protected Logstash logstash;
-    protected CryptoService cryptoService;
+
     protected Deprecation deprecation;
     protected Upgrade upgrade;
 
@@ -233,7 +234,6 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
         } else {
             this.extensionsService = null;
         }
-        cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
     }
 
     // For tests only
@@ -286,6 +286,13 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
         }
         components.addAll(monitoring.createComponents(internalClient, threadPool, clusterService, licenseService, sslService));
 
+        final CryptoService cryptoService;
+        try {
+            cryptoService = ENCRYPT_SENSITIVE_DATA_SETTING.get(settings) ? new CryptoService(settings) : null;
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
+
         // watcher http stuff
         Map<String, HttpAuthFactory> httpAuthFactories = new HashMap<>();
         httpAuthFactories.put(BasicAuth.TYPE, new BasicAuthFactory(cryptoService));
@@ -297,7 +304,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
         components.add(httpClient);
 
         Collection<Object> notificationComponents = createNotificationComponents(clusterService.getClusterSettings(), httpClient,
-                httpTemplateParser, scriptService, httpAuthRegistry);
+                httpTemplateParser, scriptService, httpAuthRegistry, cryptoService);
         components.addAll(notificationComponents);
 
         components.addAll(watcher.createComponents(getClock(), scriptService, internalClient, licenseState,
@@ -318,7 +325,7 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
 
     private Collection<Object> createNotificationComponents(ClusterSettings clusterSettings, HttpClient httpClient,
                                                             HttpRequestTemplate.Parser httpTemplateParser, ScriptService scriptService,
-                                                            HttpAuthRegistry httpAuthRegistry) {
+                                                            HttpAuthRegistry httpAuthRegistry, CryptoService cryptoService) {
         List<Object> components = new ArrayList<>();
         components.add(new EmailService(settings, cryptoService, clusterSettings));
         components.add(new HipChatService(settings, httpClient, clusterSettings));
diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
index 3f1a180d0eb..48a5ab3a3dd 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -417,7 +417,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
             final String transportType = NetworkModule.TRANSPORT_TYPE_SETTING.get(settings);
             if (NAME4.equals(transportType) == false) {
                 throw new IllegalArgumentException("transport type setting [" + NetworkModule.TRANSPORT_TYPE_KEY + "] must be [" + NAME4
-                        + "]");
+                        + "] but is [" + transportType + "]");
             }
         } else {
             // default to security4
@@ -429,7 +429,8 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
             if (httpType.equals(NAME4)) {
                 SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings);
             } else {
-                throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4 + "]");
+                throw new IllegalArgumentException("http type setting [" + NetworkModule.HTTP_TYPE_KEY + "] must be [" + NAME4
+                        + "] but is [" + httpType + "]");
             }
         } else {
             // default to security4