Remove BouncyCastle dependency from runtime (#32193)
* Remove BouncyCastle dependency from runtime This commit introduces a new gradle project that contains the classes that have a dependency on BouncyCastle. For the default distribution, It builds a jar from those and in puts it in a subdirectory of lib (/tools/security-cli) along with the BouncyCastle jars. This directory is then passed in the ES_ADDITIONAL_CLASSPATH_DIRECTORIES of the CLI tools that use these classes. BouncyCastle is removed as a runtime dependency (remains as a compileOnly one) from x-pack core and x-pack security.
This commit is contained in:
parent
7aa8a0a927
commit
aaa8f842d6
|
@ -49,7 +49,7 @@ CopySpec archiveFiles(CopySpec modulesFiles, String distributionType, boolean os
|
|||
return copySpec {
|
||||
into("elasticsearch-${version}") {
|
||||
into('lib') {
|
||||
with libFiles
|
||||
with libFiles(oss)
|
||||
}
|
||||
into('config') {
|
||||
dirMode 0750
|
||||
|
|
|
@ -227,7 +227,8 @@ configure(subprojects.findAll { ['archives', 'packages'].contains(it.name) }) {
|
|||
/*****************************************************************************
|
||||
* Common files in all distributions *
|
||||
*****************************************************************************/
|
||||
libFiles = copySpec {
|
||||
libFiles = { oss ->
|
||||
copySpec {
|
||||
// delay by using closures, since they have not yet been configured, so no jar task exists yet
|
||||
from { project(':server').jar }
|
||||
from { project(':server').configurations.runtime }
|
||||
|
@ -238,6 +239,13 @@ configure(subprojects.findAll { ['archives', 'packages'].contains(it.name) }) {
|
|||
from { project(':distribution:tools:plugin-cli').jar }
|
||||
from { project(':distribution:tools:plugin-cli').configurations.runtime }
|
||||
}
|
||||
if (oss == false) {
|
||||
into('tools/security-cli') {
|
||||
from { project(':x-pack:plugin:security:cli').jar }
|
||||
from { project(':x-pack:plugin:security:cli').configurations.compile }
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
modulesFiles = { oss ->
|
||||
|
|
|
@ -126,7 +126,7 @@ Closure commonPackageConfig(String type, boolean oss) {
|
|||
}
|
||||
into('lib') {
|
||||
with copySpec {
|
||||
with libFiles
|
||||
with libFiles(oss)
|
||||
// we need to specify every intermediate directory so we iterate through the parents; duplicate calls with the same part are fine
|
||||
eachFile { FileCopyDetails fcp ->
|
||||
String[] segments = fcp.relativePath.segments
|
||||
|
|
|
@ -57,6 +57,7 @@ import static org.hamcrest.CoreMatchers.is;
|
|||
import static org.hamcrest.CoreMatchers.notNullValue;
|
||||
import static org.hamcrest.MatcherAssert.assertThat;
|
||||
import static org.hamcrest.Matchers.isEmptyString;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import static org.junit.Assume.assumeThat;
|
||||
import static org.junit.Assume.assumeTrue;
|
||||
|
@ -302,5 +303,26 @@ public abstract class ArchiveTestCase extends PackagingTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
public void test90SecurityCliPackaging() {
|
||||
assumeThat(installation, is(notNullValue()));
|
||||
|
||||
final Installation.Executables bin = installation.executables();
|
||||
final Shell sh = new Shell();
|
||||
|
||||
if (distribution().equals(Distribution.DEFAULT_TAR) || distribution().equals(Distribution.DEFAULT_ZIP)) {
|
||||
assertTrue(Files.exists(installation.lib.resolve("tools").resolve("security-cli")));
|
||||
Platforms.onLinux(() -> {
|
||||
final Result result = sh.run(bin.elasticsearchCertutil + " help");
|
||||
assertThat(result.stdout, containsString("Simplifies certificate creation for use with the Elastic Stack"));
|
||||
});
|
||||
|
||||
Platforms.onWindows(() -> {
|
||||
final Result result = sh.run(bin.elasticsearchCertutil + " help");
|
||||
assertThat(result.stdout, containsString("Simplifies certificate creation for use with the Elastic Stack"));
|
||||
});
|
||||
} else if (distribution().equals(Distribution.OSS_TAR) || distribution().equals(Distribution.OSS_ZIP)) {
|
||||
assertFalse(Files.exists(installation.lib.resolve("tools").resolve("security-cli")));
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -101,6 +101,7 @@ public class Installation {
|
|||
public final Path elasticsearchPlugin = platformExecutable("elasticsearch-plugin");
|
||||
public final Path elasticsearchKeystore = platformExecutable("elasticsearch-keystore");
|
||||
public final Path elasticsearchTranslog = platformExecutable("elasticsearch-translog");
|
||||
public final Path elasticsearchCertutil = platformExecutable("elasticsearch-certutil");
|
||||
|
||||
private Path platformExecutable(String name) {
|
||||
final String platformExecutableName = Platforms.WINDOWS
|
||||
|
|
|
@ -20,7 +20,6 @@ esplugin {
|
|||
}
|
||||
|
||||
dependencyLicenses {
|
||||
mapping from: /bc.*/, to: 'bouncycastle'
|
||||
mapping from: /http.*/, to: 'httpclient' // pulled in by rest client
|
||||
mapping from: /commons-.*/, to: 'commons' // pulled in by rest client
|
||||
}
|
||||
|
@ -38,8 +37,6 @@ dependencies {
|
|||
|
||||
// security deps
|
||||
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
|
||||
compile 'org.bouncycastle:bcprov-jdk15on:1.59'
|
||||
compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
|
||||
compile project(path: ':modules:transport-netty4', configuration: 'runtime')
|
||||
|
||||
testCompile 'org.elasticsearch:securemock:1.2'
|
||||
|
@ -116,6 +113,7 @@ task testJar(type: Jar) {
|
|||
appendix 'test'
|
||||
from sourceSets.test.output
|
||||
}
|
||||
|
||||
artifacts {
|
||||
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
|
||||
archives jar
|
||||
|
|
|
@ -63,7 +63,7 @@ public class CertParsingUtils {
|
|||
return PathUtils.get(path).normalize();
|
||||
}
|
||||
|
||||
static KeyStore readKeyStore(Path path, String type, char[] password)
|
||||
public static KeyStore readKeyStore(Path path, String type, char[] password)
|
||||
throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
|
||||
try (InputStream in = Files.newInputStream(path)) {
|
||||
KeyStore store = KeyStore.getInstance(type);
|
||||
|
@ -108,7 +108,7 @@ public class CertParsingUtils {
|
|||
return certificates.toArray(new X509Certificate[0]);
|
||||
}
|
||||
|
||||
static List<Certificate> readCertificates(InputStream input) throws CertificateException, IOException {
|
||||
public static List<Certificate> readCertificates(InputStream input) throws CertificateException, IOException {
|
||||
CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
|
||||
Collection<Certificate> certificates = (Collection<Certificate>) certFactory.generateCertificates(input);
|
||||
return new ArrayList<>(certificates);
|
||||
|
@ -140,7 +140,7 @@ public class CertParsingUtils {
|
|||
/**
|
||||
* Creates a {@link KeyStore} from a PEM encoded certificate and key file
|
||||
*/
|
||||
static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword)
|
||||
public static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword)
|
||||
throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
|
||||
final PrivateKey key = PemUtils.readPrivateKey(keyPath, () -> keyPassword);
|
||||
final Certificate[] certificates = readCertificates(Collections.singletonList(certificatePath));
|
||||
|
@ -168,7 +168,7 @@ public class CertParsingUtils {
|
|||
/**
|
||||
* Returns a {@link X509ExtendedKeyManager} that is built from the provided keystore
|
||||
*/
|
||||
static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] password, String algorithm)
|
||||
public static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] password, String algorithm)
|
||||
throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
|
||||
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
|
||||
kmf.init(keyStore, password);
|
||||
|
@ -271,7 +271,7 @@ public class CertParsingUtils {
|
|||
/**
|
||||
* Creates a {@link X509ExtendedTrustManager} based on the trust material in the provided {@link KeyStore}
|
||||
*/
|
||||
static X509ExtendedTrustManager trustManager(KeyStore keyStore, String algorithm)
|
||||
public static X509ExtendedTrustManager trustManager(KeyStore keyStore, String algorithm)
|
||||
throws NoSuchAlgorithmException, KeyStoreException {
|
||||
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
|
||||
tmf.init(keyStore);
|
||||
|
|
|
@ -22,8 +22,8 @@ dependencies {
|
|||
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
||||
|
||||
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
|
||||
compile 'org.bouncycastle:bcprov-jdk15on:1.59'
|
||||
compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
|
||||
compileOnly 'org.bouncycastle:bcprov-jdk15on:1.59'
|
||||
compileOnly 'org.bouncycastle:bcpkix-jdk15on:1.59'
|
||||
|
||||
// the following are all SAML dependencies - might as well download the whole internet
|
||||
compile "org.opensaml:opensaml-core:3.3.0"
|
||||
|
@ -79,7 +79,6 @@ sourceSets.test.resources {
|
|||
srcDir '../core/src/test/resources'
|
||||
}
|
||||
dependencyLicenses {
|
||||
mapping from: /bc.*/, to: 'bouncycastle'
|
||||
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
|
||||
mapping from: /http.*/, to: 'httpclient'
|
||||
}
|
||||
|
|
|
@ -0,0 +1,20 @@
|
|||
apply plugin: 'elasticsearch.build'
|
||||
|
||||
archivesBaseName = 'elasticsearch-security-cli'
|
||||
|
||||
dependencies {
|
||||
compileOnly "org.elasticsearch:elasticsearch:${version}"
|
||||
compileOnly xpackProject('plugin:core')
|
||||
compile 'org.bouncycastle:bcprov-jdk15on:1.59'
|
||||
compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
|
||||
testImplementation 'com.google.jimfs:jimfs:1.1'
|
||||
testCompile "junit:junit:${versions.junit}"
|
||||
testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"
|
||||
testCompile 'org.elasticsearch:securemock:1.2'
|
||||
testCompile "org.elasticsearch.test:framework:${version}"
|
||||
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
||||
}
|
||||
|
||||
dependencyLicenses {
|
||||
mapping from: /bc.*/, to: 'bouncycastle'
|
||||
}
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import org.bouncycastle.asn1.ASN1Encodable;
|
||||
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import joptsimple.ArgumentAcceptingOptionSpec;
|
||||
import joptsimple.OptionSet;
|
||||
|
@ -34,6 +34,8 @@ import org.elasticsearch.common.xcontent.ObjectParser;
|
|||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.common.xcontent.XContentType;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
||||
|
@ -68,6 +70,7 @@ import java.util.zip.ZipOutputStream;
|
|||
|
||||
/**
|
||||
* CLI tool to make generation of certificates or certificate requests easier for users
|
||||
*
|
||||
* @deprecated Replaced by {@link CertificateTool}
|
||||
*/
|
||||
@Deprecated
|
||||
|
@ -223,6 +226,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
/**
|
||||
* This method handles the collection of information about each instance that is necessary to generate a certificate. The user may
|
||||
* be prompted or the information can be gathered from a file
|
||||
*
|
||||
* @param terminal the terminal to use for user interaction
|
||||
* @param inputFile an optional file that will be used to load the instance information
|
||||
* @return a {@link Collection} of {@link CertificateInformation} that represents each instance
|
||||
|
@ -298,6 +302,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
|
||||
/**
|
||||
* Parses the input file to retrieve the certificate information
|
||||
*
|
||||
* @param file the file to parse
|
||||
* @return a collection of certificate information
|
||||
*/
|
||||
|
@ -312,6 +317,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
|
||||
/**
|
||||
* Generates certificate signing requests and writes them out to the specified file in zip format
|
||||
*
|
||||
* @param outputFile the file to write the output to. This file must not already exist
|
||||
* @param certInfo the details to use in the certificate signing requests
|
||||
*/
|
||||
|
@ -388,6 +394,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
|
||||
/**
|
||||
* Generates signed certificates in PEM format stored in a zip file
|
||||
*
|
||||
* @param outputFile the file that the certificates will be written to. This file must not exist
|
||||
* @param certificateInformations details for creation of the certificates
|
||||
* @param caInfo the CA information to sign the certificates with
|
||||
|
@ -441,6 +448,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
|
||||
/**
|
||||
* This method handles the deletion of a file in the case of a partial write
|
||||
*
|
||||
* @param file the file that is being written to
|
||||
* @param writer writes the contents of the file
|
||||
*/
|
||||
|
@ -468,6 +476,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
/**
|
||||
* This method handles writing out the certificate authority cert and private key if the certificate authority was generated by
|
||||
* this invocation of the tool
|
||||
*
|
||||
* @param outputStream the output stream to write to
|
||||
* @param pemWriter the writer for PEM objects
|
||||
* @param info the certificate authority information
|
||||
|
@ -577,6 +586,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
|
|||
/**
|
||||
* Helper method to read a private key and support prompting of user for a key. To avoid passwords being placed as an argument we
|
||||
* can prompt the user for their password if we encounter an encrypted key.
|
||||
*
|
||||
* @param path the path to the private key
|
||||
* @param password the password provided by the user or {@code null}
|
||||
* @param terminal the terminal to use for user interaction
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import joptsimple.OptionParser;
|
||||
import joptsimple.OptionSet;
|
||||
|
@ -39,6 +39,8 @@ import org.elasticsearch.common.xcontent.ObjectParser;
|
|||
import org.elasticsearch.common.xcontent.XContentParser;
|
||||
import org.elasticsearch.common.xcontent.XContentType;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||
|
||||
import javax.security.auth.x500.X500Principal;
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import org.bouncycastle.asn1.x509.GeneralName;
|
||||
import org.bouncycastle.asn1.x509.GeneralNames;
|
||||
|
@ -12,6 +12,7 @@ import org.elasticsearch.common.SuppressForbidden;
|
|||
import org.elasticsearch.common.network.InetAddresses;
|
||||
import org.elasticsearch.common.network.NetworkAddress;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.security.cli.CertGenUtils;
|
||||
import org.junit.BeforeClass;
|
||||
|
||||
import java.math.BigInteger;
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import com.google.common.jimfs.Configuration;
|
||||
import com.google.common.jimfs.Jimfs;
|
||||
|
@ -33,9 +33,11 @@ import org.elasticsearch.env.Environment;
|
|||
import org.elasticsearch.env.TestEnvironment;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSourceField;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateGenerateTool.CAInfo;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateGenerateTool.CertificateInformation;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateGenerateTool.Name;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateGenerateTool.CAInfo;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateGenerateTool.CertificateInformation;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateGenerateTool.Name;
|
||||
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.After;
|
||||
import org.junit.BeforeClass;
|
||||
|
@ -359,8 +361,8 @@ public class CertificateGenerateToolTests extends ESTestCase {
|
|||
|
||||
public void testGetCAInfo() throws Exception {
|
||||
Environment env = TestEnvironment.newEnvironment(Settings.builder().put("path.home", createTempDir()).build());
|
||||
Path testNodeCertPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt");
|
||||
Path testNodeKeyPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem");
|
||||
Path testNodeCertPath = getDataPath("/org/elasticsearch/xpack/security/cli/testnode.crt");
|
||||
Path testNodeKeyPath = getDataPath("/org/elasticsearch/xpack/security/cli/testnode.pem");
|
||||
final boolean passwordPrompt = randomBoolean();
|
||||
MockTerminal terminal = new MockTerminal();
|
||||
if (passwordPrompt) {
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.xpack.core.ssl;
|
||||
package org.elasticsearch.xpack.security.cli;
|
||||
|
||||
import com.google.common.jimfs.Configuration;
|
||||
import com.google.common.jimfs.Jimfs;
|
||||
|
@ -39,12 +39,14 @@ import org.elasticsearch.env.TestEnvironment;
|
|||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.test.SecuritySettingsSourceField;
|
||||
import org.elasticsearch.test.TestMatchers;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.CAInfo;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.CertificateAuthorityCommand;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.CertificateCommand;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.CertificateInformation;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.GenerateCertificateCommand;
|
||||
import org.elasticsearch.xpack.core.ssl.CertificateTool.Name;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.CAInfo;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.CertificateAuthorityCommand;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.CertificateCommand;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.CertificateInformation;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.GenerateCertificateCommand;
|
||||
import org.elasticsearch.xpack.security.cli.CertificateTool.Name;
|
||||
import org.elasticsearch.xpack.core.ssl.CertParsingUtils;
|
||||
import org.elasticsearch.xpack.core.ssl.PemUtils;
|
||||
import org.hamcrest.Matchers;
|
||||
import org.junit.After;
|
||||
import org.junit.BeforeClass;
|
||||
|
@ -387,8 +389,8 @@ public class CertificateToolTests extends ESTestCase {
|
|||
|
||||
public void testGetCAInfo() throws Exception {
|
||||
Environment env = TestEnvironment.newEnvironment(Settings.builder().put("path.home", createTempDir()).build());
|
||||
Path testNodeCertPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt");
|
||||
Path testNodeKeyPath = getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem");
|
||||
Path testNodeCertPath = getDataPath("/org/elasticsearch/xpack/security/cli/testnode.crt");
|
||||
Path testNodeKeyPath = getDataPath("/org/elasticsearch/xpack/security/cli/testnode.pem");
|
||||
final boolean passwordPrompt = randomBoolean();
|
||||
MockTerminal terminal = new MockTerminal();
|
||||
if (passwordPrompt) {
|
|
@ -0,0 +1,23 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIID0zCCArugAwIBAgIJALi5bDfjMszLMA0GCSqGSIb3DQEBCwUAMEgxDDAKBgNV
|
||||
BAoTA29yZzEWMBQGA1UECxMNZWxhc3RpY3NlYXJjaDEgMB4GA1UEAxMXRWxhc3Rp
|
||||
Y3NlYXJjaCBUZXN0IE5vZGUwHhcNMTUwOTIzMTg1MjU3WhcNMTkwOTIyMTg1MjU3
|
||||
WjBIMQwwCgYDVQQKEwNvcmcxFjAUBgNVBAsTDWVsYXN0aWNzZWFyY2gxIDAeBgNV
|
||||
BAMTF0VsYXN0aWNzZWFyY2ggVGVzdCBOb2RlMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||
AQ8AMIIBCgKCAQEA3rGZ1QbsW0+MuyrSLmMfDFKtLBkIFW8V0gRuurFg1PUKKNR1
|
||||
Mq2tMVwjjYETAU/UY0iKZOzjgvYPKhDTYBTte/WHR1ZK4CYVv7TQX/gtFQG/ge/c
|
||||
7u0sLch9p7fbd+/HZiLS/rBEZDIohvgUvzvnA8+OIYnw4kuxKo/5iboAIS41klMg
|
||||
/lATm8V71LMY68inht71/ZkQoAHKgcR9z4yNYvQ1WqKG8DG8KROXltll3sTrKbl5
|
||||
zJhn660es/1ZnR6nvwt6xnSTl/mNHMjkfv1bs4rJ/py3qPxicdoSIn/KyojUcgHV
|
||||
F38fuAy2CQTdjVG5fWj9iz+mQvLm3+qsIYQdFwIDAQABo4G/MIG8MAkGA1UdEwQC
|
||||
MAAwHQYDVR0OBBYEFEMMWLWQi/g83PzlHYqAVnty5L7HMIGPBgNVHREEgYcwgYSC
|
||||
CWxvY2FsaG9zdIIVbG9jYWxob3N0LmxvY2FsZG9tYWluggpsb2NhbGhvc3Q0ghds
|
||||
b2NhbGhvc3Q0LmxvY2FsZG9tYWluNIIKbG9jYWxob3N0NoIXbG9jYWxob3N0Ni5s
|
||||
b2NhbGRvbWFpbjaHBH8AAAGHEAAAAAAAAAAAAAAAAAAAAAEwDQYJKoZIhvcNAQEL
|
||||
BQADggEBAMjGGXT8Nt1tbl2GkiKtmiuGE2Ej66YuZ37WSJViaRNDVHLlg87TCcHe
|
||||
k2rdO+6sFqQbbzEfwQ05T7xGmVu7tm54HwKMRugoQ3wct0bQC5wEWYN+oMDvSyO6
|
||||
M28mZwWb4VtR2IRyWP+ve5DHwTM9mxWa6rBlGzsQqH6YkJpZojzqk/mQTug+Y8aE
|
||||
mVoqRIPMHq9ob+S9qd5lp09+MtYpwPfTPx/NN+xMEooXWW/ARfpGhWPkg/FuCu4z
|
||||
1tFmCqHgNcWirzMm3dQpF78muE9ng6OB2MXQwL4VgnVkxmlZNHbkR2v/t8MyZJxC
|
||||
y4g6cTMM3S/UMt5/+aIB2JAuMKyuD+A=
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,30 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: DES-EDE3-CBC,9D867F7E0C94D013
|
||||
|
||||
dVoVCjPeg1wgS7rVtOvGfQcrZyLkx393aWRnFq45tbjKBVuITtJ9vI7o4QXOV/15
|
||||
Gnb6WhXGIdWrzsxEAd46K6hIuNSISd4Emsx6c2Q5hTqWXXfexbOZBNfTtXtdJPnJ
|
||||
1jAaikhtztLo3JSLTKNY5sNxd+XbaQyYVUWvueK6zOaIIMETvB+VPVFd9i1ROibk
|
||||
Sgdtyj01KjkoalifqK/tA0CIYNKL0S6/eoK3UhAlpIprlpV+cnXa940C6bjLeJPt
|
||||
PMAGGp5RrplxSgrSerw3I9DOWkHGtpqzIka3XneNUXJP8k4HUJ+aZkGH2ZILKS8d
|
||||
4KMIb+KZSpHEGn+6uGccWLtZZmAjWJrDw56JbQtSHdRYLBRSOjLbTvQoPu/2Hpli
|
||||
7HOxbotlvjptMunncq5aqK57SHA1dh0cwF7J3LUmGFJ67eoz+VV3b5qMn4MopSeI
|
||||
mS16Ydd3nGpjSrln/elM0CQxqWfcOAXRZpDpFUQoXcBrLVzvz2DBl/0CrTRLhgzi
|
||||
CO+5/IVcBWRlYpRNGgjjP7q0j6URID3jk5J06fYQXmBiwQT5j+GZqqzpMCJ9mIy2
|
||||
1O9SN1hebJnIcEU+E0njn/MGjlYdPywhaCy8pqElp6Q8TUEJpwLRFO/owCoBet/n
|
||||
ZmCXUjfCGhc1pWHufFcDEQ6xMgEWWY/tdwCZeSU7EhErTjCbfupg+55A5fpDml0m
|
||||
3wH4CFcuRjlqyx6Ywixm1ATeitDtJl5HQTw6b8OtEXwSgRmZ0eSqSRVk9QbVS7gu
|
||||
IpQe09/Zimb5HzjZqZ3fdqHlcW4xax8hyJeyIvF5ZJ57eY8CBvu/wP2GDn26QnvF
|
||||
xQqdfDbq1H4JmpwUHpbFwBoQK4Q6WFd1z4EA9bRQeo3H9PoqoOwMDjzajwLRF7b7
|
||||
q6tYH/n9PyHwdf1c4fFwgSmL1toXGfKlA9hjIaLsRSDD6srT5EdUk78bsnddwI51
|
||||
tu7C7P4JG+h1VdRNMNTlqtileWsIE7Nn2A1OkcUxZdF5mamENpDpJcHePLto6c8q
|
||||
FKiwyFMsxhgsj6HK2HqO+UA4sX5Ni4oHwiPmb//EZLn045M5i1AN26KosJmb8++D
|
||||
sgR5reWRy+UqJCTYblVg+7Dx++ggUnfxVyQEsWmw5r5f4KU5wXBkvoVMGtPNa9DE
|
||||
n/uLtObD1qkNL38pRsr2OGRchYCgEoKGqEISBP4knfGXLOlWiW/246j9QzI97r1u
|
||||
tvy7fKg28G7AUz9l6bpewsPHefBUeRQeieP9eJINaEpxkF/w2RpKDLpQjWxwDDOM
|
||||
s+D0mrBMJve17AmJ8rMw6dIQPZYNZ88/jz1uQuUwQ2YlbmtZbCG81k9YMFGEU9XS
|
||||
cyhJxj8hvYnt2PR5Z9/cJPyWOs0m/ufOeeQQ8SnU/lzmrQnpzUd2Z6p5i/B7LdRP
|
||||
n1kX+l1qynuPnjvBz4nJQE0p6nzW8RyCDSniC9mtYtZmhgC8icqxgbvS7uEOBIYJ
|
||||
NbK+0bEETTO34iY/JVTIqLOw3iQZYMeUpxpj6Phgx/oooxMTquMecPKNgeVtaBst
|
||||
qjTNPX0ti1/HYpZqzYi8SV8YjHSJWCVMsZjKPr3W/HIcCKqYoIfgzi83Ha2KMQx6
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -4,7 +4,8 @@
|
|||
# or more contributor license agreements. Licensed under the Elastic License;
|
||||
# you may not use this file except in compliance with the Elastic License.
|
||||
|
||||
ES_MAIN_CLASS=org.elasticsearch.xpack.core.ssl.CertificateGenerateTool \
|
||||
ES_MAIN_CLASS=org.elasticsearch.xpack.security.cli.CertificateGenerateTool \
|
||||
ES_ADDITIONAL_SOURCES="x-pack-env;x-pack-security-env" \
|
||||
ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli \
|
||||
"`dirname "$0"`"/elasticsearch-cli \
|
||||
"$@"
|
||||
|
|
|
@ -7,8 +7,9 @@ rem you may not use this file except in compliance with the Elastic License.
|
|||
setlocal enabledelayedexpansion
|
||||
setlocal enableextensions
|
||||
|
||||
set ES_MAIN_CLASS=org.elasticsearch.xpack.core.ssl.CertificateGenerateTool
|
||||
set ES_MAIN_CLASS=org.elasticsearch.xpack.security.cli.CertificateGenerateTool
|
||||
set ES_ADDITIONAL_SOURCES=x-pack-env;x-pack-security-env
|
||||
set ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli
|
||||
call "%~dp0elasticsearch-cli.bat" ^
|
||||
%%* ^
|
||||
|| exit /b 1
|
||||
|
|
|
@ -4,7 +4,8 @@
|
|||
# or more contributor license agreements. Licensed under the Elastic License;
|
||||
# you may not use this file except in compliance with the Elastic License.
|
||||
|
||||
ES_MAIN_CLASS=org.elasticsearch.xpack.core.ssl.CertificateTool \
|
||||
ES_MAIN_CLASS=org.elasticsearch.xpack.security.cli.CertificateTool \
|
||||
ES_ADDITIONAL_SOURCES="x-pack-env;x-pack-security-env" \
|
||||
ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli \
|
||||
"`dirname "$0"`"/elasticsearch-cli \
|
||||
"$@"
|
||||
|
|
|
@ -7,8 +7,9 @@ rem you may not use this file except in compliance with the Elastic License.
|
|||
setlocal enabledelayedexpansion
|
||||
setlocal enableextensions
|
||||
|
||||
set ES_MAIN_CLASS=org.elasticsearch.xpack.core.ssl.CertificateTool
|
||||
set ES_MAIN_CLASS=org.elasticsearch.xpack.security.cli.CertificateTool
|
||||
set ES_ADDITIONAL_SOURCES=x-pack-env;x-pack-security-env
|
||||
set ES_ADDITIONAL_CLASSPATH_DIRECTORIES=lib/tools/security-cli
|
||||
call "%~dp0elasticsearch-cli.bat" ^
|
||||
%%* ^
|
||||
|| exit /b 1
|
||||
|
|
Loading…
Reference in New Issue