From 9df905ff19a401bb4979dac5a3576ec9f577b5f5 Mon Sep 17 00:00:00 2001 From: Robert Muir Date: Mon, 30 Nov 2015 09:28:16 -0500 Subject: [PATCH] Simplify SSL test to not use openssl. I think the intent here is to just test that our SSL layers work, not invoke a long chain of keytool + openssl commands. This simplifies the build and will work on windows. Original commit: elastic/x-pack-elasticsearch@af07d0d4f7c1ef26d70dd96265dbad6fe761b183 --- qa/smoke-test-plugins-ssl/build.gradle | 127 +------------------------ 1 file changed, 1 insertion(+), 126 deletions(-) diff --git a/qa/smoke-test-plugins-ssl/build.gradle b/qa/smoke-test-plugins-ssl/build.gradle index 4f05bcc556d..30f361cd459 100644 --- a/qa/smoke-test-plugins-ssl/build.gradle +++ b/qa/smoke-test-plugins-ssl/build.gradle @@ -7,76 +7,8 @@ dependencies { } // location of keystore and files to generate it -File ca = new File(project.buildDir, 'ca') -File caConfig = new File(ca, 'conf/caconfig.cnf') -File cert = new File(project.buildDir, 'cert/test-node.csr') -File signedCert = new File(project.buildDir, 'cert/test-node-signed.csr') File keystore = new File(project.buildDir, 'keystore/test-node.jks') -String caConfigData = """ -[ ca ] -default_ca = CA_default -[ CA_default ] -copy_extensions = copy -serial = ${ca}/serial -database = ${ca}/index.txt -new_certs_dir = ${ca}/certs -certificate = ${ca}/certs/cacert.pem -private_key = ${ca}/private/cakey.pem -default_days = 712 -default_md = sha256 -preserve = no -email_in_dn = no -x509_extensions = v3_ca -name_opt = ca_default -cert_opt = ca_default -policy = policy_anything -[ policy_anything ] -countryName = optional -stateOrProvinceName = optional -localityName = optional -organizationName = optional -organizationalUnitName = optional -commonName = supplied -emailAddress = optional -[ req ] -default_bits = 2048 # Size of keys -default_keyfile = key.pem # name of generated keys -default_md = sha256 # message digest algorithm -string_mask = nombstr # permitted characters -distinguished_name = req_distinguished_name -req_extensions = v3_req -[ req_distinguished_name ] -# Variable name Prompt string -#------------------------- ---------------------------------- -0.organizationName = Organization Name (company) -organizationalUnitName = Organizational Unit Name (department, division) -emailAddress = Email Address -emailAddress_max = 40 -localityName = Locality Name (city, district) -stateOrProvinceName = State or Province Name (full name) -countryName = Country Name (2 letter code) -countryName_min = 2 -countryName_max = 2 -commonName = Common Name (hostname, IP, or your name) -commonName_max = 64 -# Default values for the above, for consistency and less typing. -# Variable name Value -#------------------------ ------------------------------ -0.organizationName_default = Elasticsearch Test Org -localityName_default = Amsterdam -stateOrProvinceName_default = Amsterdam -countryName_default = NL -emailAddress_default = cacerttest@YOUR.COMPANY.TLD -[ v3_ca ] -basicConstraints = CA:TRUE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer:always -[ v3_req ] -basicConstraints = CA:FALSE -subjectKeyIdentifier = hash -""" - // generate the keystore task createKey(type: LoggedExec) { doFirst { @@ -95,58 +27,9 @@ task createKey(type: LoggedExec) { '-storepass', 'keypass' } -task createCertificate(type: LoggedExec, dependsOn: createKey) { - doFirst { - project.delete(cert.parentFile) - cert.parentFile.mkdirs() - } - executable = 'keytool' - standardInput = new ByteArrayInputStream('keypass\n'.getBytes('UTF-8')) - args '-certreq', - '-alias', 'test-node', - '-keystore', keystore, - '-file', cert, - '-keyalg', 'RSA', - '-ext', 'san=dns:localhost,ip:127.0.0.1' -} - -task createCertificateAuthority(type: LoggedExec) { - doFirst { - project.delete(ca) - ca.mkdirs() - for (String dir : ['private', 'certs', 'conf']) { - new File(ca, dir).mkdirs() - } - caConfig.setText(caConfigData, 'UTF-8') - new File(ca, 'serial').setText('01', 'UTF-8') - new File(ca, 'index.txt').setText('', 'UTF-8') - } - executable = 'openssl' - args 'req', '-new', '-x509', '-extensions', 'v3_ca', - '-keyout', new File(ca, 'private/cakey.pem'), - '-out', new File(ca, 'certs/cacert.pem'), - '-days', '1460', - '-config', caConfig, - '-subj', '/OU=XPlugins QA', - '-passout', 'pass:capass' -} - -task signCertificate(type: LoggedExec, dependsOn: [createCertificate, createCertificateAuthority]) { - executable = 'openssl' - standardInput = new ByteArrayInputStream('y\ny\n'.getBytes('UTF-8')) - args 'ca', '-in', cert, '-notext', '-out', signedCert, '-config', caConfig, - '-extensions', 'v3_req', '-passin', 'pass:capass' -} - -task importCertificate(type: LoggedExec, dependsOn: signCertificate) { - executable = 'keytool' - standardInput = new ByteArrayInputStream('keypass\nyes\n'.getBytes('UTF-8')) - args '-importcert', '-keystore', keystore, '-file', signedCert, '-trustcacerts' -} - // add keystore to test classpath: it expects it there sourceSets.test.resources.srcDir(keystore.parentFile) -processTestResources.dependsOn(importCertificate) +processTestResources.dependsOn(createKey) // add ES plugins, this loop must be outside of a configuration closure, otherwise it may get executed multiple times for (Project subproj : project.rootProject.subprojects) { @@ -157,14 +40,6 @@ for (Project subproj : project.rootProject.subprojects) { } integTest { - // in some environments, openssl might not be available - try { - int ret = Runtime.getRuntime().exec("openssl version").waitFor(); - enabled = (ret == 0); - } catch (IOException unavailable) { - enabled = false; - } - cluster { // TODO: use some variable here for port number systemProperty 'es.marvel.agent.exporter.es.hosts', 'https://marvel_export:changeme@localhost:9400'