From 89977928751ead5d7703f713150a77a7751375a6 Mon Sep 17 00:00:00 2001
From: jaymode <jay@elastic.co>
Date: Thu, 14 Sep 2017 15:57:28 -0600
Subject: [PATCH] Test: use TLS for plugin integ tests

Original commit: elastic/x-pack-elasticsearch@99971d72566b85a3a04314f908089a8ce3048a2d
---
 plugin/build.gradle                           | 39 +++++++++++++++++++
 .../MlNativeAutodetectIntegTestCase.java      | 13 +++++++
 2 files changed, 52 insertions(+)

diff --git a/plugin/build.gradle b/plugin/build.gradle
index a801c2d6689..fd2640835aa 100644
--- a/plugin/build.gradle
+++ b/plugin/build.gradle
@@ -1,3 +1,4 @@
+import org.elasticsearch.gradle.LoggedExec
 import org.elasticsearch.gradle.MavenFilteringHack
 import org.elasticsearch.gradle.test.NodeInfo
 
@@ -198,7 +199,39 @@ integTestRunner {
   systemProperty 'tests.rest.blacklist', 'getting_started/10_monitor_cluster_health/*'
 }
 
+// location of generated keystores and certificates
+File keystoreDir = new File(project.buildDir, 'keystore')
+
+// Generate the node's keystore
+File nodeKeystore = new File(keystoreDir, 'test-node.jks')
+task createNodeKeyStore(type: LoggedExec) {
+  doFirst {
+    if (nodeKeystore.parentFile.exists() == false) {
+      nodeKeystore.parentFile.mkdirs()
+    }
+    if (nodeKeystore.exists()) {
+      delete nodeKeystore
+    }
+  }
+  executable = new File(project.javaHome, 'bin/keytool')
+  standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
+  args '-genkey',
+          '-alias', 'test-node',
+          '-keystore', nodeKeystore,
+          '-keyalg', 'RSA',
+          '-keysize', '2048',
+          '-validity', '712',
+          '-dname', 'CN=smoke-test-plugins-ssl',
+          '-keypass', 'keypass',
+          '-storepass', 'keypass'
+}
+
+// Add keystores to test classpath: it expects it there
+sourceSets.test.resources.srcDir(keystoreDir)
+processTestResources.dependsOn(createNodeKeyStore)
+
 integTestCluster {
+  dependsOn createNodeKeyStore
   setting 'xpack.ml.enabled', 'true'
   setting 'logger.org.elasticsearch.xpack.ml.datafeed', 'TRACE'
   // Integration tests are supposed to enable/disable exporters before/after each test
@@ -206,11 +239,17 @@ integTestCluster {
   setting 'xpack.monitoring.exporters._local.enabled', 'false'
   setting 'xpack.monitoring.collection.interval', '-1'
   setting 'xpack.security.authc.token.enabled', 'true'
+  setting 'xpack.security.transport.ssl.enabled', 'true'
+  setting 'xpack.security.transport.ssl.keystore.path', nodeKeystore.name
+  setting 'xpack.security.transport.ssl.verification_mode', 'certificate'
   keystoreSetting 'bootstrap.password', 'x-pack-test-password'
+  keystoreSetting 'xpack.security.transport.ssl.keystore.secure_password', 'keypass'
   distribution = 'zip' // this is important since we use the reindex module in ML
 
   setupCommand 'setupTestUser', 'bin/x-pack/users', 'useradd', 'x_pack_rest_user', '-p', 'x-pack-test-password', '-r', 'superuser'
 
+  extraConfigFile nodeKeystore.name, nodeKeystore
+
   waitCondition = { NodeInfo node, AntBuilder ant ->
       File tmpFile = new File(node.cwd, 'wait.success')
 
diff --git a/plugin/src/test/java/org/elasticsearch/xpack/ml/integration/MlNativeAutodetectIntegTestCase.java b/plugin/src/test/java/org/elasticsearch/xpack/ml/integration/MlNativeAutodetectIntegTestCase.java
index f16936aadea..891d02ace1c 100644
--- a/plugin/src/test/java/org/elasticsearch/xpack/ml/integration/MlNativeAutodetectIntegTestCase.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/ml/integration/MlNativeAutodetectIntegTestCase.java
@@ -11,6 +11,7 @@ import org.elasticsearch.cluster.ClusterModule;
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.bytes.BytesArray;
+import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.network.NetworkModule;
 import org.elasticsearch.common.settings.Settings;
@@ -60,6 +61,8 @@ import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.xpack.security.authc.TokenMetaData;
 
 import java.io.IOException;
+import java.net.URISyntaxException;
+import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -80,10 +83,20 @@ abstract class MlNativeAutodetectIntegTestCase extends SecurityIntegTestCase {
 
     @Override
     protected Settings externalClusterClientSettings() {
+        Path keyStore;
+        try {
+            keyStore = PathUtils.get(getClass().getResource("/test-node.jks").toURI());
+        } catch (URISyntaxException e) {
+            throw new IllegalStateException("error trying to get keystore path", e);
+        }
         Settings.Builder builder = Settings.builder();
         builder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME4);
         builder.put(Security.USER_SETTING.getKey(), "x_pack_rest_user:" + SecuritySettingsSource.TEST_PASSWORD_SECURE_STRING);
         builder.put(XPackSettings.MACHINE_LEARNING_ENABLED.getKey(), true);
+        builder.put("xpack.security.transport.ssl.enabled", true);
+        builder.put("xpack.security.transport.ssl.keystore.path", keyStore.toAbsolutePath().toString());
+        builder.put("xpack.security.transport.ssl.keystore.password", "keypass");
+        builder.put("xpack.security.transport.ssl.verification_mode", "certificate");
         return builder.build();
     }