Move keystore creation to gradle - this prevents committing a keystore to the source repo

plugins/discovery-gce/build.gradle

@@ -1,3 +1,4 @@
+import org.elasticsearch.gradle.LoggedExec
 
 esplugin {
   description 'The Google Compute Engine (GCE) Discovery plugin allows to use GCE API for the unicast discovery mechanism.'
@@ -21,6 +22,36 @@ dependencies {
   compile "commons-codec:commons-codec:${versions.commonscodec}"
 }
 
+
+// needed to be consistent with ssl host checking
+String host = InetAddress.getLoopbackAddress().getHostAddress();
+
+// location of keystore and files to generate it
+File keystore = new File(project.buildDir, 'keystore/test-node.jks')
+
+// generate the keystore
+task createKey(type: LoggedExec) {
+  doFirst {
+    project.delete(keystore.parentFile)
+    keystore.parentFile.mkdirs()
+  }
+  executable = 'keytool'
+  standardInput = new ByteArrayInputStream('FirstName LastName\nUnit\nOrganization\nCity\nState\nNL\nyes\n\n'.getBytes('UTF-8'))
+  args '-genkey',
+          '-alias', 'test-node',
+          '-keystore', keystore,
+          '-keyalg', 'RSA',
+          '-keysize', '2048',
+          '-validity', '712',
+          '-dname', 'CN=' + host,
+          '-keypass', 'keypass',
+          '-storepass', 'keypass'
+}
+
+// add keystore to test classpath: it expects it there
+sourceSets.test.resources.srcDir(keystore.parentFile)
+processTestResources.dependsOn(createKey)
+
 dependencyLicenses {
   mapping from: /google-.*/, to: 'google'
 }

plugins/discovery-gce/src/test/java/org/elasticsearch/discovery/gce/GceDiscoverTests.java

@@ -40,7 +40,9 @@ import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
+import java.io.InputStream;
 import java.io.OutputStream;
+import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
@@ -115,9 +117,10 @@ public class GceDiscoverTests extends ESIntegTestCase {
     @BeforeClass
     public static void startHttpd() throws Exception {
         logDir = createTempDir();
-        httpsServer = HttpsServer.create(new InetSocketAddress("127.0.0.1", 0), 0);
+        SSLContext sslContext = getSSLContext();
-        httpServer = HttpServer.create(new InetSocketAddress("127.0.0.1", 0), 0);
+        httpsServer = HttpsServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress().getHostAddress(), 0), 0);
-        httpsServer.setHttpsConfigurator(new HttpsConfigurator(getSSLContext()));
+        httpServer = HttpServer.create(new InetSocketAddress(InetAddress.getLoopbackAddress().getHostAddress(), 0), 0);
+        httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
         httpServer.createContext("/computeMetadata/v1/instance/service-accounts/default/token", (s) -> {
             String response = GceComputeServiceMock.readGoogleInternalJsonResponse(
                 "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token");
@@ -174,9 +177,12 @@ public class GceDiscoverTests extends ESIntegTestCase {
     }
 
     private static SSLContext getSSLContext() throws Exception{
-        char[] passphrase = "passphrase".toCharArray();
+        char[] passphrase = "keypass".toCharArray();
         KeyStore ks = KeyStore.getInstance("JKS");
-        ks.load(GceDiscoverTests.class.getResourceAsStream("keystore.jks"), passphrase);
+        try (InputStream stream = GceDiscoverTests.class.getResourceAsStream("/test-node.jks")) {
+            assertNotNull("can't find keystore file", stream);
+            ks.load(stream, passphrase);
+        }
         KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
         kmf.init(ks, passphrase);
         TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");