diff --git a/buildSrc/version.properties b/buildSrc/version.properties
index c98e265792b..6009021da14 100644
--- a/buildSrc/version.properties
+++ b/buildSrc/version.properties
@@ -1,5 +1,5 @@
elasticsearch = 7.0.0-alpha1
-lucene = 7.4.0-snapshot-cc2ee23050
+lucene = 7.4.0-snapshot-1cbadda4d3
# optional dependencies
spatial4j = 0.7
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/ClusterClient.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/ClusterClient.java
index 0f9e9e58226..846f29bfb6e 100644
--- a/client/rest-high-level/src/main/java/org/elasticsearch/client/ClusterClient.java
+++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/ClusterClient.java
@@ -21,8 +21,6 @@ package org.elasticsearch.client;
import org.apache.http.Header;
import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequest;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsResponse;
import org.elasticsearch.action.ingest.PutPipelineRequest;
@@ -68,28 +66,6 @@ public final class ClusterClient {
ClusterUpdateSettingsResponse::fromXContent, listener, emptySet(), headers);
}
- /**
- * Get current tasks using the Task Management API
- *
- * See
- * Task Management API on elastic.co
- */
- public ListTasksResponse listTasks(ListTasksRequest request, Header... headers) throws IOException {
- return restHighLevelClient.performRequestAndParseEntity(request, RequestConverters::listTasks, ListTasksResponse::fromXContent,
- emptySet(), headers);
- }
-
- /**
- * Asynchronously get current tasks using the Task Management API
- *
- * See
- * Task Management API on elastic.co
- */
- public void listTasksAsync(ListTasksRequest request, ActionListener listener, Header... headers) {
- restHighLevelClient.performRequestAsyncAndParseEntity(request, RequestConverters::listTasks, ListTasksResponse::fromXContent,
- listener, emptySet(), headers);
- }
-
/**
* Add a pipeline or update an existing pipeline in the cluster
*
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/RestHighLevelClient.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/RestHighLevelClient.java
index 68e32abb69d..8537bf3b450 100644
--- a/client/rest-high-level/src/main/java/org/elasticsearch/client/RestHighLevelClient.java
+++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/RestHighLevelClient.java
@@ -192,6 +192,7 @@ public class RestHighLevelClient implements Closeable {
private final IndicesClient indicesClient = new IndicesClient(this);
private final ClusterClient clusterClient = new ClusterClient(this);
private final SnapshotClient snapshotClient = new SnapshotClient(this);
+ private final TasksClient tasksClient = new TasksClient(this);
/**
* Creates a {@link RestHighLevelClient} given the low level {@link RestClientBuilder} that allows to build the
@@ -264,6 +265,15 @@ public class RestHighLevelClient implements Closeable {
return snapshotClient;
}
+ /**
+ * Provides a {@link TasksClient} which can be used to access the Tasks API.
+ *
+ * See Task Management API on elastic.co
+ */
+ public final TasksClient tasks() {
+ return tasksClient;
+ }
+
/**
* Executes a bulk request using the Bulk API
*
diff --git a/client/rest-high-level/src/main/java/org/elasticsearch/client/TasksClient.java b/client/rest-high-level/src/main/java/org/elasticsearch/client/TasksClient.java
new file mode 100644
index 00000000000..214f1e7884a
--- /dev/null
+++ b/client/rest-high-level/src/main/java/org/elasticsearch/client/TasksClient.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client;
+
+import org.apache.http.Header;
+import org.elasticsearch.action.ActionListener;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
+
+import java.io.IOException;
+
+import static java.util.Collections.emptySet;
+
+/**
+ * A wrapper for the {@link RestHighLevelClient} that provides methods for accessing the Tasks API.
+ *
+ * See Task Management API on elastic.co
+ */
+public class TasksClient {
+ private final RestHighLevelClient restHighLevelClient;
+
+ TasksClient(RestHighLevelClient restHighLevelClient) {
+ this.restHighLevelClient = restHighLevelClient;
+ }
+
+ /**
+ * Get current tasks using the Task Management API
+ *
+ * See
+ * Task Management API on elastic.co
+ */
+ public ListTasksResponse list(ListTasksRequest request, Header... headers) throws IOException {
+ return restHighLevelClient.performRequestAndParseEntity(request, RequestConverters::listTasks, ListTasksResponse::fromXContent,
+ emptySet(), headers);
+ }
+
+ /**
+ * Asynchronously get current tasks using the Task Management API
+ *
+ * See
+ * Task Management API on elastic.co
+ */
+ public void listAsync(ListTasksRequest request, ActionListener listener, Header... headers) {
+ restHighLevelClient.performRequestAsyncAndParseEntity(request, RequestConverters::listTasks, ListTasksResponse::fromXContent,
+ listener, emptySet(), headers);
+ }
+}
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/ClusterClientIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/ClusterClientIT.java
index d41117ceb6d..44332b058bc 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/ClusterClientIT.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/ClusterClientIT.java
@@ -20,9 +20,6 @@
package org.elasticsearch.client;
import org.elasticsearch.ElasticsearchException;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.TaskGroup;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequest;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsResponse;
import org.elasticsearch.action.ingest.PutPipelineRequest;
@@ -37,16 +34,13 @@ import org.elasticsearch.common.xcontent.support.XContentMapValues;
import org.elasticsearch.indices.recovery.RecoverySettings;
import org.elasticsearch.ingest.Pipeline;
import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.tasks.TaskInfo;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
-import static java.util.Collections.emptyList;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.greaterThanOrEqualTo;
import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
@@ -117,31 +111,6 @@ public class ClusterClientIT extends ESRestHighLevelClientTestCase {
"Elasticsearch exception [type=illegal_argument_exception, reason=transient setting [" + setting + "], not recognized]"));
}
- public void testListTasks() throws IOException {
- ListTasksRequest request = new ListTasksRequest();
- ListTasksResponse response = execute(request, highLevelClient().cluster()::listTasks, highLevelClient().cluster()::listTasksAsync);
-
- assertThat(response, notNullValue());
- assertThat(response.getNodeFailures(), equalTo(emptyList()));
- assertThat(response.getTaskFailures(), equalTo(emptyList()));
- // It's possible that there are other tasks except 'cluster:monitor/tasks/lists[n]' and 'action":"cluster:monitor/tasks/lists'
- assertThat(response.getTasks().size(), greaterThanOrEqualTo(2));
- boolean listTasksFound = false;
- for (TaskGroup taskGroup : response.getTaskGroups()) {
- TaskInfo parent = taskGroup.getTaskInfo();
- if ("cluster:monitor/tasks/lists".equals(parent.getAction())) {
- assertThat(taskGroup.getChildTasks().size(), equalTo(1));
- TaskGroup childGroup = taskGroup.getChildTasks().iterator().next();
- assertThat(childGroup.getChildTasks().isEmpty(), equalTo(true));
- TaskInfo child = childGroup.getTaskInfo();
- assertThat(child.getAction(), equalTo("cluster:monitor/tasks/lists[n]"));
- assertThat(child.getParentTaskId(), equalTo(parent.getTaskId()));
- listTasksFound = true;
- }
- }
- assertTrue("List tasks were not found", listTasksFound);
- }
-
public void testPutPipeline() throws IOException {
String id = "some_pipeline_id";
XContentType xContentType = randomFrom(XContentType.values());
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/TasksIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/TasksIT.java
new file mode 100644
index 00000000000..fc7d70a36e1
--- /dev/null
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/TasksIT.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client;
+
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.TaskGroup;
+import org.elasticsearch.tasks.TaskInfo;
+
+import java.io.IOException;
+
+import static java.util.Collections.emptyList;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.greaterThanOrEqualTo;
+import static org.hamcrest.Matchers.notNullValue;
+
+public class TasksIT extends ESRestHighLevelClientTestCase {
+
+ public void testListTasks() throws IOException {
+ ListTasksRequest request = new ListTasksRequest();
+ ListTasksResponse response = execute(request, highLevelClient().tasks()::list, highLevelClient().tasks()::listAsync);
+
+ assertThat(response, notNullValue());
+ assertThat(response.getNodeFailures(), equalTo(emptyList()));
+ assertThat(response.getTaskFailures(), equalTo(emptyList()));
+ // It's possible that there are other tasks except 'cluster:monitor/tasks/lists[n]' and 'action":"cluster:monitor/tasks/lists'
+ assertThat(response.getTasks().size(), greaterThanOrEqualTo(2));
+ boolean listTasksFound = false;
+ for (TaskGroup taskGroup : response.getTaskGroups()) {
+ TaskInfo parent = taskGroup.getTaskInfo();
+ if ("cluster:monitor/tasks/lists".equals(parent.getAction())) {
+ assertThat(taskGroup.getChildTasks().size(), equalTo(1));
+ TaskGroup childGroup = taskGroup.getChildTasks().iterator().next();
+ assertThat(childGroup.getChildTasks().isEmpty(), equalTo(true));
+ TaskInfo child = childGroup.getTaskInfo();
+ assertThat(child.getAction(), equalTo("cluster:monitor/tasks/lists[n]"));
+ assertThat(child.getParentTaskId(), equalTo(parent.getTaskId()));
+ listTasksFound = true;
+ }
+ }
+ assertTrue("List tasks were not found", listTasksFound);
+ }
+
+}
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/ClusterClientDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/ClusterClientDocumentationIT.java
index b9329f99a3c..29bb2d05afc 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/ClusterClientDocumentationIT.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/ClusterClientDocumentationIT.java
@@ -19,13 +19,8 @@
package org.elasticsearch.client.documentation;
-import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.LatchedActionListener;
-import org.elasticsearch.action.TaskOperationFailure;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
-import org.elasticsearch.action.admin.cluster.node.tasks.list.TaskGroup;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsRequest;
import org.elasticsearch.action.admin.cluster.settings.ClusterUpdateSettingsResponse;
import org.elasticsearch.action.ingest.PutPipelineRequest;
@@ -39,21 +34,15 @@ import org.elasticsearch.common.unit.ByteSizeUnit;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.indices.recovery.RecoverySettings;
-import org.elasticsearch.tasks.TaskId;
-import org.elasticsearch.tasks.TaskInfo;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;
-import java.util.List;
import java.util.Map;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
-import static java.util.Collections.emptyList;
import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.greaterThanOrEqualTo;
-import static org.hamcrest.Matchers.notNullValue;
/**
* This class is used to generate the Java Cluster API documentation.
@@ -193,89 +182,6 @@ public class ClusterClientDocumentationIT extends ESRestHighLevelClientTestCase
}
}
- public void testListTasks() throws IOException {
- RestHighLevelClient client = highLevelClient();
- {
- // tag::list-tasks-request
- ListTasksRequest request = new ListTasksRequest();
- // end::list-tasks-request
-
- // tag::list-tasks-request-filter
- request.setActions("cluster:*"); // <1>
- request.setNodes("nodeId1", "nodeId2"); // <2>
- request.setParentTaskId(new TaskId("parentTaskId", 42)); // <3>
- // end::list-tasks-request-filter
-
- // tag::list-tasks-request-detailed
- request.setDetailed(true); // <1>
- // end::list-tasks-request-detailed
-
- // tag::list-tasks-request-wait-completion
- request.setWaitForCompletion(true); // <1>
- request.setTimeout(TimeValue.timeValueSeconds(50)); // <2>
- request.setTimeout("50s"); // <3>
- // end::list-tasks-request-wait-completion
- }
-
- ListTasksRequest request = new ListTasksRequest();
-
- // tag::list-tasks-execute
- ListTasksResponse response = client.cluster().listTasks(request);
- // end::list-tasks-execute
-
- assertThat(response, notNullValue());
-
- // tag::list-tasks-response-tasks
- List tasks = response.getTasks(); // <1>
- // end::list-tasks-response-tasks
-
- // tag::list-tasks-response-calc
- Map> perNodeTasks = response.getPerNodeTasks(); // <1>
- List groups = response.getTaskGroups(); // <2>
- // end::list-tasks-response-calc
-
- // tag::list-tasks-response-failures
- List nodeFailures = response.getNodeFailures(); // <1>
- List taskFailures = response.getTaskFailures(); // <2>
- // end::list-tasks-response-failures
-
- assertThat(response.getNodeFailures(), equalTo(emptyList()));
- assertThat(response.getTaskFailures(), equalTo(emptyList()));
- assertThat(response.getTasks().size(), greaterThanOrEqualTo(2));
- }
-
- public void testListTasksAsync() throws Exception {
- RestHighLevelClient client = highLevelClient();
- {
- ListTasksRequest request = new ListTasksRequest();
-
- // tag::list-tasks-execute-listener
- ActionListener listener =
- new ActionListener() {
- @Override
- public void onResponse(ListTasksResponse response) {
- // <1>
- }
-
- @Override
- public void onFailure(Exception e) {
- // <2>
- }
- };
- // end::list-tasks-execute-listener
-
- // Replace the empty listener by a blocking listener in test
- final CountDownLatch latch = new CountDownLatch(1);
- listener = new LatchedActionListener<>(listener, latch);
-
- // tag::list-tasks-execute-async
- client.cluster().listTasksAsync(request, listener); // <1>
- // end::list-tasks-execute-async
-
- assertTrue(latch.await(30L, TimeUnit.SECONDS));
- }
- }
-
public void testPutPipeline() throws IOException {
RestHighLevelClient client = highLevelClient();
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SnapshotClientDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SnapshotClientDocumentationIT.java
index 0a57fafe5be..dc749a96bb8 100644
--- a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SnapshotClientDocumentationIT.java
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SnapshotClientDocumentationIT.java
@@ -45,7 +45,7 @@ import java.util.concurrent.TimeUnit;
import static org.hamcrest.Matchers.equalTo;
/**
- * This class is used to generate the Java Cluster API documentation.
+ * This class is used to generate the Java Snapshot API documentation.
* You need to wrap your code between two tags like:
* // tag::example
* // end::example
diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/TasksClientDocumentationIT.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/TasksClientDocumentationIT.java
new file mode 100644
index 00000000000..faf447a4143
--- /dev/null
+++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/TasksClientDocumentationIT.java
@@ -0,0 +1,148 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.client.documentation;
+
+import org.elasticsearch.ElasticsearchException;
+import org.elasticsearch.action.ActionListener;
+import org.elasticsearch.action.LatchedActionListener;
+import org.elasticsearch.action.TaskOperationFailure;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksRequest;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.ListTasksResponse;
+import org.elasticsearch.action.admin.cluster.node.tasks.list.TaskGroup;
+import org.elasticsearch.client.ESRestHighLevelClientTestCase;
+import org.elasticsearch.client.RestHighLevelClient;
+import org.elasticsearch.common.unit.TimeValue;
+import org.elasticsearch.tasks.TaskId;
+import org.elasticsearch.tasks.TaskInfo;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
+import static java.util.Collections.emptyList;
+import static org.hamcrest.Matchers.equalTo;
+import static org.hamcrest.Matchers.greaterThanOrEqualTo;
+import static org.hamcrest.Matchers.notNullValue;
+
+/**
+ * This class is used to generate the Java Tasks API documentation.
+ * You need to wrap your code between two tags like:
+ * // tag::example
+ * // end::example
+ *
+ * Where example is your tag name.
+ *
+ * Then in the documentation, you can extract what is between tag and end tags with
+ * ["source","java",subs="attributes,callouts,macros"]
+ * --------------------------------------------------
+ * include-tagged::{doc-tests}/{@link TasksClientDocumentationIT}.java[example]
+ * --------------------------------------------------
+ *
+ * The column width of the code block is 84. If the code contains a line longer
+ * than 84, the line will be cut and a horizontal scroll bar will be displayed.
+ * (the code indentation of the tag is not included in the width)
+ */
+public class TasksClientDocumentationIT extends ESRestHighLevelClientTestCase {
+
+ public void testListTasks() throws IOException {
+ RestHighLevelClient client = highLevelClient();
+ {
+ // tag::list-tasks-request
+ ListTasksRequest request = new ListTasksRequest();
+ // end::list-tasks-request
+
+ // tag::list-tasks-request-filter
+ request.setActions("cluster:*"); // <1>
+ request.setNodes("nodeId1", "nodeId2"); // <2>
+ request.setParentTaskId(new TaskId("parentTaskId", 42)); // <3>
+ // end::list-tasks-request-filter
+
+ // tag::list-tasks-request-detailed
+ request.setDetailed(true); // <1>
+ // end::list-tasks-request-detailed
+
+ // tag::list-tasks-request-wait-completion
+ request.setWaitForCompletion(true); // <1>
+ request.setTimeout(TimeValue.timeValueSeconds(50)); // <2>
+ request.setTimeout("50s"); // <3>
+ // end::list-tasks-request-wait-completion
+ }
+
+ ListTasksRequest request = new ListTasksRequest();
+
+ // tag::list-tasks-execute
+ ListTasksResponse response = client.tasks().list(request);
+ // end::list-tasks-execute
+
+ assertThat(response, notNullValue());
+
+ // tag::list-tasks-response-tasks
+ List tasks = response.getTasks(); // <1>
+ // end::list-tasks-response-tasks
+
+ // tag::list-tasks-response-calc
+ Map> perNodeTasks = response.getPerNodeTasks(); // <1>
+ List groups = response.getTaskGroups(); // <2>
+ // end::list-tasks-response-calc
+
+ // tag::list-tasks-response-failures
+ List nodeFailures = response.getNodeFailures(); // <1>
+ List taskFailures = response.getTaskFailures(); // <2>
+ // end::list-tasks-response-failures
+
+ assertThat(response.getNodeFailures(), equalTo(emptyList()));
+ assertThat(response.getTaskFailures(), equalTo(emptyList()));
+ assertThat(response.getTasks().size(), greaterThanOrEqualTo(2));
+ }
+
+ public void testListTasksAsync() throws Exception {
+ RestHighLevelClient client = highLevelClient();
+ {
+ ListTasksRequest request = new ListTasksRequest();
+
+ // tag::list-tasks-execute-listener
+ ActionListener listener =
+ new ActionListener() {
+ @Override
+ public void onResponse(ListTasksResponse response) {
+ // <1>
+ }
+
+ @Override
+ public void onFailure(Exception e) {
+ // <2>
+ }
+ };
+ // end::list-tasks-execute-listener
+
+ // Replace the empty listener by a blocking listener in test
+ final CountDownLatch latch = new CountDownLatch(1);
+ listener = new LatchedActionListener<>(listener, latch);
+
+ // tag::list-tasks-execute-async
+ client.tasks().listAsync(request, listener); // <1>
+ // end::list-tasks-execute-async
+
+ assertTrue(latch.await(30L, TimeUnit.SECONDS));
+ }
+ }
+}
diff --git a/docs/java-rest/high-level/supported-apis.asciidoc b/docs/java-rest/high-level/supported-apis.asciidoc
index b04cbb8df79..981c2caa543 100644
--- a/docs/java-rest/high-level/supported-apis.asciidoc
+++ b/docs/java-rest/high-level/supported-apis.asciidoc
@@ -104,11 +104,9 @@ include::indices/put_template.asciidoc[]
The Java High Level REST Client supports the following Cluster APIs:
* <>
-* <>
* <>
include::cluster/put_settings.asciidoc[]
-include::cluster/list_tasks.asciidoc[]
include::cluster/put_pipeline.asciidoc[]
== Snapshot APIs
@@ -122,3 +120,11 @@ The Java High Level REST Client supports the following Snapshot APIs:
include::snapshot/get_repository.asciidoc[]
include::snapshot/create_repository.asciidoc[]
include::snapshot/delete_repository.asciidoc[]
+
+== Tasks APIs
+
+The Java High Level REST Client supports the following Tasks APIs:
+
+* <>
+
+include::tasks/list_tasks.asciidoc[]
diff --git a/docs/java-rest/high-level/cluster/list_tasks.asciidoc b/docs/java-rest/high-level/tasks/list_tasks.asciidoc
similarity index 79%
rename from docs/java-rest/high-level/cluster/list_tasks.asciidoc
rename to docs/java-rest/high-level/tasks/list_tasks.asciidoc
index 1a2117b2e66..e60ca61247e 100644
--- a/docs/java-rest/high-level/cluster/list_tasks.asciidoc
+++ b/docs/java-rest/high-level/tasks/list_tasks.asciidoc
@@ -1,4 +1,4 @@
-[[java-rest-high-cluster-list-tasks]]
+[[java-rest-high-tasks-list]]
=== List Tasks API
The List Tasks API allows to get information about the tasks currently executing in the cluster.
@@ -10,7 +10,7 @@ A `ListTasksRequest`:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-request]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-request]
--------------------------------------------------
There is no required parameters. By default the client will list all tasks and will not wait
for task completion.
@@ -19,7 +19,7 @@ for task completion.
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-request-filter]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-request-filter]
--------------------------------------------------
<1> Request only cluster-related tasks
<2> Request all tasks running on nodes nodeId1 and nodeId2
@@ -27,13 +27,13 @@ include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-request
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-request-detailed]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-request-detailed]
--------------------------------------------------
<1> Should the information include detailed, potentially slow to generate data. Defaults to `false`
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-request-wait-completion]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-request-wait-completion]
--------------------------------------------------
<1> Should this request wait for all found tasks to complete. Defaults to `false`
<2> Timeout for the request as a `TimeValue`. Applicable only if `setWaitForCompletion` is `true`.
@@ -45,7 +45,7 @@ Defaults to 30 seconds
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-execute]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-execute]
--------------------------------------------------
[[java-rest-high-cluster-list-tasks-async]]
@@ -57,7 +57,7 @@ passed to the asynchronous method:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-execute-async]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-execute-async]
--------------------------------------------------
<1> The `ListTasksRequest` to execute and the `ActionListener` to use
when the execution completes
@@ -71,7 +71,7 @@ A typical listener for `ListTasksResponse` looks like:
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-execute-listener]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-execute-listener]
--------------------------------------------------
<1> Called when the execution is successfully completed. The response is
provided as an argument
@@ -82,20 +82,20 @@ provided as an argument
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-response-tasks]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-response-tasks]
--------------------------------------------------
<1> List of currently running tasks
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-response-calc]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-response-calc]
--------------------------------------------------
<1> List of tasks grouped by a node
<2> List of tasks grouped by a parent task
["source","java",subs="attributes,callouts,macros"]
--------------------------------------------------
-include-tagged::{doc-tests}/ClusterClientDocumentationIT.java[list-tasks-response-failures]
+include-tagged::{doc-tests}/TasksClientDocumentationIT.java[list-tasks-response-failures]
--------------------------------------------------
<1> List of node failures
<2> List of tasks failures
diff --git a/docs/reference/index.asciidoc b/docs/reference/index.asciidoc
index 59f8d77a0c0..8567ed63b34 100644
--- a/docs/reference/index.asciidoc
+++ b/docs/reference/index.asciidoc
@@ -26,6 +26,7 @@ include::{xes-repo-dir}/settings/configuring-xes.asciidoc[]
include::{xes-repo-dir}/setup/bootstrap-checks-xes.asciidoc[]
+:edit_url:
include::upgrade.asciidoc[]
include::migration/index.asciidoc[]
@@ -66,6 +67,7 @@ include::{xes-repo-dir}/rest-api/index.asciidoc[]
include::{xes-repo-dir}/commands/index.asciidoc[]
+:edit_url:
include::how-to.asciidoc[]
include::testing.asciidoc[]
diff --git a/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/CommonAnalysisPlugin.java b/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/CommonAnalysisPlugin.java
index 02a4197fba9..69c8afb3e2f 100644
--- a/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/CommonAnalysisPlugin.java
+++ b/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/CommonAnalysisPlugin.java
@@ -193,6 +193,7 @@ public class CommonAnalysisPlugin extends Plugin implements AnalysisPlugin {
tokenizers.put("pattern", PatternTokenizerFactory::new);
tokenizers.put("uax_url_email", UAX29URLEmailTokenizerFactory::new);
tokenizers.put("whitespace", WhitespaceTokenizerFactory::new);
+ tokenizers.put("keyword", KeywordTokenizerFactory::new);
return tokenizers;
}
diff --git a/server/src/main/java/org/elasticsearch/index/analysis/KeywordTokenizerFactory.java b/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/KeywordTokenizerFactory.java
similarity index 89%
rename from server/src/main/java/org/elasticsearch/index/analysis/KeywordTokenizerFactory.java
rename to modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/KeywordTokenizerFactory.java
index 1d94cad1507..abe88462cb9 100644
--- a/server/src/main/java/org/elasticsearch/index/analysis/KeywordTokenizerFactory.java
+++ b/modules/analysis-common/src/main/java/org/elasticsearch/analysis/common/KeywordTokenizerFactory.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.elasticsearch.index.analysis;
+package org.elasticsearch.analysis.common;
import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.analysis.core.KeywordTokenizer;
@@ -30,7 +30,7 @@ public class KeywordTokenizerFactory extends AbstractTokenizerFactory {
private final int bufferSize;
- public KeywordTokenizerFactory(IndexSettings indexSettings, Environment environment, String name, Settings settings) {
+ KeywordTokenizerFactory(IndexSettings indexSettings, Environment environment, String name, Settings settings) {
super(indexSettings, name, settings);
bufferSize = settings.getAsInt("buffer_size", 256);
}
diff --git a/modules/analysis-common/src/test/java/org/elasticsearch/analysis/common/CommonAnalysisFactoryTests.java b/modules/analysis-common/src/test/java/org/elasticsearch/analysis/common/CommonAnalysisFactoryTests.java
index 7deadcbcc25..50843065878 100644
--- a/modules/analysis-common/src/test/java/org/elasticsearch/analysis/common/CommonAnalysisFactoryTests.java
+++ b/modules/analysis-common/src/test/java/org/elasticsearch/analysis/common/CommonAnalysisFactoryTests.java
@@ -24,7 +24,6 @@ import org.apache.lucene.analysis.en.PorterStemFilterFactory;
import org.apache.lucene.analysis.miscellaneous.LimitTokenCountFilterFactory;
import org.apache.lucene.analysis.reverse.ReverseStringFilterFactory;
import org.apache.lucene.analysis.snowball.SnowballPorterFilterFactory;
-import org.elasticsearch.index.analysis.KeywordTokenizerFactory;
import org.elasticsearch.index.analysis.SoraniNormalizationFilterFactory;
import org.elasticsearch.index.analysis.SynonymTokenFilterFactory;
import org.elasticsearch.indices.analysis.AnalysisFactoryTestCase;
@@ -56,6 +55,7 @@ public class CommonAnalysisFactoryTests extends AnalysisFactoryTestCase {
tokenizers.put("pattern", PatternTokenizerFactory.class);
tokenizers.put("uax29urlemail", UAX29URLEmailTokenizerFactory.class);
tokenizers.put("whitespace", WhitespaceTokenizerFactory.class);
+ tokenizers.put("keyword", KeywordTokenizerFactory.class);
return tokenizers;
}
diff --git a/modules/analysis-common/src/test/resources/rest-api-spec/test/analysis-common/30_tokenizers.yml b/modules/analysis-common/src/test/resources/rest-api-spec/test/analysis-common/30_tokenizers.yml
index cffd4496f1f..9a7c158fc47 100644
--- a/modules/analysis-common/src/test/resources/rest-api-spec/test/analysis-common/30_tokenizers.yml
+++ b/modules/analysis-common/src/test/resources/rest-api-spec/test/analysis-common/30_tokenizers.yml
@@ -5,9 +5,22 @@
indices.analyze:
body:
text: Foo Bar!
+ explain: true
tokenizer: keyword
- - length: { tokens: 1 }
- - match: { tokens.0.token: Foo Bar! }
+ - length: { detail.tokenizer.tokens: 1 }
+ - match: { detail.tokenizer.name: keyword }
+ - match: { detail.tokenizer.tokens.0.token: Foo Bar! }
+
+ - do:
+ indices.analyze:
+ body:
+ text: Foo Bar!
+ explain: true
+ tokenizer:
+ type: keyword
+ - length: { detail.tokenizer.tokens: 1 }
+ - match: { detail.tokenizer.name: _anonymous_tokenizer }
+ - match: { detail.tokenizer.tokens.0.token: Foo Bar! }
---
"nGram":
diff --git a/modules/analysis-common/src/test/resources/rest-api-spec/test/indices.analyze/10_analyze.yml b/modules/analysis-common/src/test/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
index 1737d743a6d..936736e93de 100644
--- a/modules/analysis-common/src/test/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
+++ b/modules/analysis-common/src/test/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
@@ -97,3 +97,19 @@
- length: { tokens: 2 }
- match: { tokens.0.token: sha }
- match: { tokens.1.token: hay }
+
+---
+"Custom normalizer in request":
+ - do:
+ indices.analyze:
+ body:
+ text: ABc
+ explain: true
+ filter: ["lowercase"]
+
+ - length: { detail.tokenizer.tokens: 1 }
+ - length: { detail.tokenfilters.0.tokens: 1 }
+ - match: { detail.tokenizer.name: keyword_for_normalizer }
+ - match: { detail.tokenizer.tokens.0.token: ABc }
+ - match: { detail.tokenfilters.0.name: lowercase }
+ - match: { detail.tokenfilters.0.tokens.0.token: abc }
diff --git a/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..3bbaa2ba0a7
--- /dev/null
+++ b/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+98c920972b2f5e8563540e805d87e6a3bc888972
\ No newline at end of file
diff --git a/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-cc2ee23050.jar.sha1 b/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 8222106897b..00000000000
--- a/modules/lang-expression/licenses/lucene-expressions-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-1e28b448387ec05d655f8c81ee54e13ff2975a4d
\ No newline at end of file
diff --git a/modules/lang-mustache/src/test/java/org/elasticsearch/script/mustache/SearchTemplateIT.java b/modules/lang-mustache/src/test/java/org/elasticsearch/script/mustache/SearchTemplateIT.java
index fe2fedf62b5..884e26e7df8 100644
--- a/modules/lang-mustache/src/test/java/org/elasticsearch/script/mustache/SearchTemplateIT.java
+++ b/modules/lang-mustache/src/test/java/org/elasticsearch/script/mustache/SearchTemplateIT.java
@@ -198,6 +198,7 @@ public class SearchTemplateIT extends ESSingleNodeTestCase {
getResponse = client().admin().cluster().prepareGetStoredScript("testTemplate").get();
assertNull(getResponse.getSource());
+ assertWarnings("the template context is now deprecated. Specify templates in a \"script\" element.");
}
public void testIndexedTemplate() throws Exception {
@@ -267,6 +268,7 @@ public class SearchTemplateIT extends ESSingleNodeTestCase {
.setScript("2").setScriptType(ScriptType.STORED).setScriptParams(templateParams)
.get();
assertHitCount(searchResponse.getResponse(), 1);
+ assertWarnings("the template context is now deprecated. Specify templates in a \"script\" element.");
}
// Relates to #10397
@@ -311,6 +313,7 @@ public class SearchTemplateIT extends ESSingleNodeTestCase {
.get();
assertHitCount(searchResponse.getResponse(), 1);
}
+ assertWarnings("the template context is now deprecated. Specify templates in a \"script\" element.");
}
public void testIndexedTemplateWithArray() throws Exception {
@@ -339,6 +342,7 @@ public class SearchTemplateIT extends ESSingleNodeTestCase {
.setScript("4").setScriptType(ScriptType.STORED).setScriptParams(arrayTemplateParams)
.get();
assertHitCount(searchResponse.getResponse(), 5);
+ assertWarnings("the template context is now deprecated. Specify templates in a \"script\" element.");
}
}
diff --git a/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/Netty4HttpServerTransport.java b/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/Netty4HttpServerTransport.java
index 45e889797bd..31c1214f034 100644
--- a/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/Netty4HttpServerTransport.java
+++ b/modules/transport-netty4/src/main/java/org/elasticsearch/http/netty4/Netty4HttpServerTransport.java
@@ -56,6 +56,7 @@ import org.elasticsearch.common.util.concurrent.EsExecutors;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.common.xcontent.NamedXContentRegistry;
import org.elasticsearch.common.xcontent.XContentParser;
+import org.elasticsearch.http.AbstractHttpServerTransport;
import org.elasticsearch.http.BindHttpException;
import org.elasticsearch.http.HttpHandlingSettings;
import org.elasticsearch.http.HttpStats;
diff --git a/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpServerTransportTests.java b/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpServerTransportTests.java
index 96b436ce7de..5b22409b92d 100644
--- a/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpServerTransportTests.java
+++ b/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpServerTransportTests.java
@@ -273,7 +273,7 @@ public class Netty4HttpServerTransportTests extends ESTestCase {
try (Netty4HttpServerTransport transport =
new Netty4HttpServerTransport(settings, networkService, bigArrays, threadPool, xContentRegistry(), dispatcher)) {
transport.start();
- final TransportAddress remoteAddress = randomFrom(transport.boundAddress.boundAddresses());
+ final TransportAddress remoteAddress = randomFrom(transport.boundAddress().boundAddresses());
try (Netty4HttpClient client = new Netty4HttpClient()) {
final String url = "/" + new String(new byte[maxInitialLineLength], Charset.forName("UTF-8"));
@@ -352,7 +352,7 @@ public class Netty4HttpServerTransportTests extends ESTestCase {
try (Netty4HttpServerTransport transport =
new Netty4HttpServerTransport(settings, networkService, bigArrays, threadPool, xContentRegistry(), dispatcher)) {
transport.start();
- final TransportAddress remoteAddress = randomFrom(transport.boundAddress.boundAddresses());
+ final TransportAddress remoteAddress = randomFrom(transport.boundAddress().boundAddresses());
AtomicBoolean channelClosed = new AtomicBoolean(false);
diff --git a/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..7f3d3b5ccf6
--- /dev/null
+++ b/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+844e2b76f4bc6e646e1c3257d668ac598e03f36a
\ No newline at end of file
diff --git a/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 781b814c99e..00000000000
--- a/plugins/analysis-icu/licenses/lucene-analyzers-icu-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-452c9a9f86b79b9b3eaa7d6aa782e189d5bcfe8f
\ No newline at end of file
diff --git a/plugins/analysis-icu/src/test/resources/rest-api-spec/test/analysis_icu/10_basic.yml b/plugins/analysis-icu/src/test/resources/rest-api-spec/test/analysis_icu/10_basic.yml
index 521d8f07140..c9ff2b2fb64 100644
--- a/plugins/analysis-icu/src/test/resources/rest-api-spec/test/analysis_icu/10_basic.yml
+++ b/plugins/analysis-icu/src/test/resources/rest-api-spec/test/analysis_icu/10_basic.yml
@@ -16,9 +16,11 @@
body:
filter: [icu_normalizer]
text: Foo Bar Ruß
- tokenizer: keyword
- - length: { tokens: 1 }
- - match: { tokens.0.token: foo bar russ }
+ tokenizer: standard
+ - length: { tokens: 3 }
+ - match: { tokens.0.token: foo}
+ - match: { tokens.1.token: bar }
+ - match: { tokens.2.token: russ }
---
"Normalization charfilter":
- do:
@@ -26,9 +28,11 @@
body:
char_filter: [icu_normalizer]
text: Foo Bar Ruß
- tokenizer: keyword
- - length: { tokens: 1 }
- - match: { tokens.0.token: foo bar russ }
+ tokenizer: standard
+ - length: { tokens: 3 }
+ - match: { tokens.0.token: foo }
+ - match: { tokens.1.token: bar }
+ - match: { tokens.2.token: russ }
---
"Folding filter":
- do:
@@ -36,9 +40,11 @@
body:
filter: [icu_folding]
text: Foo Bar résumé
- tokenizer: keyword
- - length: { tokens: 1 }
- - match: { tokens.0.token: foo bar resume }
+ tokenizer: standard
+ - length: { tokens: 3 }
+ - match: { tokens.0.token: foo }
+ - match: { tokens.1.token: bar }
+ - match: { tokens.2.token: resume }
---
"Normalization with a UnicodeSet Filter":
- do:
@@ -64,25 +70,34 @@
index: test
body:
char_filter: ["charfilter_icu_normalizer"]
- tokenizer: keyword
+ tokenizer: standard
text: charfilter Föo Bâr Ruß
- - length: { tokens: 1 }
- - match: { tokens.0.token: charfilter föo bâr ruß }
+ - length: { tokens: 4 }
+ - match: { tokens.0.token: charfilter }
+ - match: { tokens.1.token: föo }
+ - match: { tokens.2.token: bâr }
+ - match: { tokens.3.token: ruß }
- do:
indices.analyze:
index: test
body:
- tokenizer: keyword
+ tokenizer: standard
filter: ["tokenfilter_icu_normalizer"]
text: tokenfilter Föo Bâr Ruß
- - length: { tokens: 1 }
- - match: { tokens.0.token: tokenfilter föo Bâr ruß }
+ - length: { tokens: 4 }
+ - match: { tokens.0.token: tokenfilter }
+ - match: { tokens.1.token: föo }
+ - match: { tokens.2.token: Bâr }
+ - match: { tokens.3.token: ruß }
- do:
indices.analyze:
index: test
body:
- tokenizer: keyword
+ tokenizer: standard
filter: ["tokenfilter_icu_folding"]
text: icufolding Föo Bâr Ruß
- - length: { tokens: 1 }
- - match: { tokens.0.token: icufolding foo bâr russ }
+ - length: { tokens: 4 }
+ - match: { tokens.0.token: icufolding }
+ - match: { tokens.1.token: foo }
+ - match: { tokens.2.token: bâr }
+ - match: { tokens.3.token: russ }
diff --git a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..65423fff2a4
--- /dev/null
+++ b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+2f2bd2d67c7952e4ae14ab3f742824a45d0d1719
\ No newline at end of file
diff --git a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index baba0897858..00000000000
--- a/plugins/analysis-kuromoji/licenses/lucene-analyzers-kuromoji-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-48c76a922bdfc7f50b1b6fe22e9456c555f3f990
\ No newline at end of file
diff --git a/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..04fa62ce64a
--- /dev/null
+++ b/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+46ad7ebcfcdbdb60dd54aae4d720356a7a51c7c0
\ No newline at end of file
diff --git a/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index da19e1c3857..00000000000
--- a/plugins/analysis-nori/licenses/lucene-analyzers-nori-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-4db5777df468b0867ff6539c9ab687e0ed6cab41
\ No newline at end of file
diff --git a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..55bc8869196
--- /dev/null
+++ b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+548e9f2b4d4a985dc174b2eee4007c0bd5642e68
\ No newline at end of file
diff --git a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 148b5425d64..00000000000
--- a/plugins/analysis-phonetic/licenses/lucene-analyzers-phonetic-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-0e09e6b011ab2b1a0e3e0e1df2ab2a91dca8ba23
\ No newline at end of file
diff --git a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..be668543216
--- /dev/null
+++ b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+b90e66f4104f0234cfef335762f65a6fed695231
\ No newline at end of file
diff --git a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index bce84d16a9a..00000000000
--- a/plugins/analysis-smartcn/licenses/lucene-analyzers-smartcn-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-ceefa0f9789ab9ea5c8ab9f67ed7a601a3ae6aa9
\ No newline at end of file
diff --git a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..b77acdc34f3
--- /dev/null
+++ b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+929a4eb52b11f6d3f0df9c8eba014f5ee2464c67
\ No newline at end of file
diff --git a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 762c56f7700..00000000000
--- a/plugins/analysis-stempel/licenses/lucene-analyzers-stempel-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-b013adc183e52a74795ad3d3032f4d0f9db30b73
\ No newline at end of file
diff --git a/plugins/analysis-stempel/src/test/resources/rest-api-spec/test/analysis_stempel/10_basic.yml b/plugins/analysis-stempel/src/test/resources/rest-api-spec/test/analysis_stempel/10_basic.yml
index 1941126c64f..3400a7f9bdf 100644
--- a/plugins/analysis-stempel/src/test/resources/rest-api-spec/test/analysis_stempel/10_basic.yml
+++ b/plugins/analysis-stempel/src/test/resources/rest-api-spec/test/analysis_stempel/10_basic.yml
@@ -5,7 +5,7 @@
indices.analyze:
body:
text: studenci
- tokenizer: keyword
+ tokenizer: standard
filter: [polish_stem]
- length: { tokens: 1 }
- match: { tokens.0.token: student }
diff --git a/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..cce4b6ff18d
--- /dev/null
+++ b/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+0e6575a411b65cd95e0e54f04d3da278b68be521
\ No newline at end of file
diff --git a/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-cc2ee23050.jar.sha1 b/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 7631bea2569..00000000000
--- a/plugins/analysis-ukrainian/licenses/lucene-analyzers-morfologik-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-95300f29418f60e57e022d934d3462be9e1e2225
\ No newline at end of file
diff --git a/plugins/repository-azure/src/main/java/org/elasticsearch/repositories/azure/AzureStorageServiceImpl.java b/plugins/repository-azure/src/main/java/org/elasticsearch/repositories/azure/AzureStorageServiceImpl.java
index f21dbdfd269..6f4f8cfea96 100644
--- a/plugins/repository-azure/src/main/java/org/elasticsearch/repositories/azure/AzureStorageServiceImpl.java
+++ b/plugins/repository-azure/src/main/java/org/elasticsearch/repositories/azure/AzureStorageServiceImpl.java
@@ -35,6 +35,7 @@ import com.microsoft.azure.storage.blob.DeleteSnapshotsOption;
import com.microsoft.azure.storage.blob.ListBlobItem;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.apache.logging.log4j.util.Supplier;
+import org.elasticsearch.common.Strings;
import org.elasticsearch.common.blobstore.BlobMetaData;
import org.elasticsearch.common.blobstore.support.PlainBlobMetaData;
import org.elasticsearch.common.collect.MapBuilder;
@@ -45,6 +46,7 @@ import org.elasticsearch.repositories.RepositoryException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
+import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
@@ -52,66 +54,59 @@ import java.util.Map;
public class AzureStorageServiceImpl extends AbstractComponent implements AzureStorageService {
final Map storageSettings;
-
- final Map clients = new HashMap<>();
+ final Map clients;
public AzureStorageServiceImpl(Settings settings, Map storageSettings) {
super(settings);
-
- this.storageSettings = storageSettings;
-
if (storageSettings.isEmpty()) {
// If someone did not register any settings, they basically can't use the plugin
throw new IllegalArgumentException("If you want to use an azure repository, you need to define a client configuration.");
}
-
- logger.debug("starting azure storage client instance");
-
- // We register all regular azure clients
- for (Map.Entry azureStorageSettingsEntry : this.storageSettings.entrySet()) {
- logger.debug("registering regular client for account [{}]", azureStorageSettingsEntry.getKey());
- createClient(azureStorageSettingsEntry.getValue());
- }
+ this.storageSettings = storageSettings;
+ this.clients = createClients(storageSettings);
}
- void createClient(AzureStorageSettings azureStorageSettings) {
- try {
- logger.trace("creating new Azure storage client using account [{}], key [{}], endpoint suffix [{}]",
- azureStorageSettings.getAccount(), azureStorageSettings.getKey(), azureStorageSettings.getEndpointSuffix());
+ private Map createClients(final Map storageSettings) {
+ final Map clients = new HashMap<>();
+ for (Map.Entry azureStorageEntry : storageSettings.entrySet()) {
+ final String clientName = azureStorageEntry.getKey();
+ final AzureStorageSettings clientSettings = azureStorageEntry.getValue();
+ try {
+ logger.trace("creating new Azure storage client with name [{}]", clientName);
+ String storageConnectionString =
+ "DefaultEndpointsProtocol=https;"
+ + "AccountName=" + clientSettings.getAccount() + ";"
+ + "AccountKey=" + clientSettings.getKey();
- String storageConnectionString =
- "DefaultEndpointsProtocol=https;"
- + "AccountName=" + azureStorageSettings.getAccount() + ";"
- + "AccountKey=" + azureStorageSettings.getKey();
+ final String endpointSuffix = clientSettings.getEndpointSuffix();
+ if (Strings.hasLength(endpointSuffix)) {
+ storageConnectionString += ";EndpointSuffix=" + endpointSuffix;
+ }
+ // Retrieve storage account from connection-string.
+ CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectionString);
- String endpointSuffix = azureStorageSettings.getEndpointSuffix();
- if (endpointSuffix != null && !endpointSuffix.isEmpty()) {
- storageConnectionString += ";EndpointSuffix=" + endpointSuffix;
+ // Create the blob client.
+ CloudBlobClient client = storageAccount.createCloudBlobClient();
+
+ // Register the client
+ clients.put(clientSettings.getAccount(), client);
+ } catch (Exception e) {
+ logger.error(() -> new ParameterizedMessage("Can not create azure storage client [{}]", clientName), e);
}
- // Retrieve storage account from connection-string.
- CloudStorageAccount storageAccount = CloudStorageAccount.parse(storageConnectionString);
-
- // Create the blob client.
- CloudBlobClient client = storageAccount.createCloudBlobClient();
-
- // Register the client
- this.clients.put(azureStorageSettings.getAccount(), client);
- } catch (Exception e) {
- logger.error("can not create azure storage client: {}", e.getMessage());
}
+ return Collections.unmodifiableMap(clients);
}
CloudBlobClient getSelectedClient(String clientName, LocationMode mode) {
logger.trace("selecting a client named [{}], mode [{}]", clientName, mode.name());
AzureStorageSettings azureStorageSettings = this.storageSettings.get(clientName);
if (azureStorageSettings == null) {
- throw new IllegalArgumentException("Can not find named azure client [" + clientName + "]. Check your settings.");
+ throw new IllegalArgumentException("Unable to find client with name [" + clientName + "]");
}
CloudBlobClient client = this.clients.get(azureStorageSettings.getAccount());
-
if (client == null) {
- throw new IllegalArgumentException("Can not find an azure client named [" + azureStorageSettings.getAccount() + "]");
+ throw new IllegalArgumentException("No account defined for client with name [" + clientName + "]");
}
// NOTE: for now, just set the location mode in case it is different;
diff --git a/plugins/repository-azure/src/test/java/org/elasticsearch/repositories/azure/AzureStorageServiceTests.java b/plugins/repository-azure/src/test/java/org/elasticsearch/repositories/azure/AzureStorageServiceTests.java
index 72cd015f148..447826dbf83 100644
--- a/plugins/repository-azure/src/test/java/org/elasticsearch/repositories/azure/AzureStorageServiceTests.java
+++ b/plugins/repository-azure/src/test/java/org/elasticsearch/repositories/azure/AzureStorageServiceTests.java
@@ -23,7 +23,6 @@ import com.microsoft.azure.storage.LocationMode;
import com.microsoft.azure.storage.RetryExponentialRetry;
import com.microsoft.azure.storage.blob.CloudBlobClient;
import com.microsoft.azure.storage.core.Base64;
-
import org.elasticsearch.common.settings.MockSecureSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsException;
@@ -36,6 +35,7 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.UnknownHostException;
import java.nio.charset.StandardCharsets;
+import java.util.Collections;
import java.util.Map;
import static org.elasticsearch.repositories.azure.AzureStorageServiceImpl.blobNameFromUri;
@@ -49,31 +49,14 @@ import static org.hamcrest.Matchers.nullValue;
public class AzureStorageServiceTests extends ESTestCase {
- private MockSecureSettings buildSecureSettings() {
- MockSecureSettings secureSettings = new MockSecureSettings();
- secureSettings.setString("azure.client.azure1.account", "myaccount1");
- secureSettings.setString("azure.client.azure1.key", "mykey1");
- secureSettings.setString("azure.client.azure2.account", "myaccount2");
- secureSettings.setString("azure.client.azure2.key", "mykey2");
- secureSettings.setString("azure.client.azure3.account", "myaccount3");
- secureSettings.setString("azure.client.azure3.key", "mykey3");
- return secureSettings;
- }
- private Settings buildSettings() {
- Settings settings = Settings.builder()
- .setSecureSettings(buildSecureSettings())
- .build();
- return settings;
- }
-
public void testReadSecuredSettings() {
MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("azure.client.azure1.account", "myaccount1");
- secureSettings.setString("azure.client.azure1.key", "mykey1");
+ secureSettings.setString("azure.client.azure1.key", encodeKey("mykey1"));
secureSettings.setString("azure.client.azure2.account", "myaccount2");
- secureSettings.setString("azure.client.azure2.key", "mykey2");
+ secureSettings.setString("azure.client.azure2.key", encodeKey("mykey2"));
secureSettings.setString("azure.client.azure3.account", "myaccount3");
- secureSettings.setString("azure.client.azure3.key", "mykey3");
+ secureSettings.setString("azure.client.azure3.key", encodeKey("mykey3"));
Settings settings = Settings.builder().setSecureSettings(secureSettings)
.put("azure.client.azure3.endpoint_suffix", "my_endpoint_suffix").build();
@@ -88,9 +71,9 @@ public class AzureStorageServiceTests extends ESTestCase {
public void testCreateClientWithEndpointSuffix() {
MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("azure.client.azure1.account", "myaccount1");
- secureSettings.setString("azure.client.azure1.key", Base64.encode("mykey1".getBytes(StandardCharsets.UTF_8)));
+ secureSettings.setString("azure.client.azure1.key", encodeKey("mykey1"));
secureSettings.setString("azure.client.azure2.account", "myaccount2");
- secureSettings.setString("azure.client.azure2.key", Base64.encode("mykey2".getBytes(StandardCharsets.UTF_8)));
+ secureSettings.setString("azure.client.azure2.key", encodeKey("mykey2"));
Settings settings = Settings.builder().setSecureSettings(secureSettings)
.put("azure.client.azure1.endpoint_suffix", "my_endpoint_suffix").build();
AzureStorageServiceImpl azureStorageService = new AzureStorageServiceImpl(settings, AzureStorageSettings.load(settings));
@@ -103,7 +86,7 @@ public class AzureStorageServiceTests extends ESTestCase {
public void testGetSelectedClientWithNoPrimaryAndSecondary() {
try {
- new AzureStorageServiceMockForSettings(Settings.EMPTY);
+ new AzureStorageServiceImpl(Settings.EMPTY, Collections.emptyMap());
fail("we should have raised an IllegalArgumentException");
} catch (IllegalArgumentException e) {
assertThat(e.getMessage(), is("If you want to use an azure repository, you need to define a client configuration."));
@@ -111,11 +94,11 @@ public class AzureStorageServiceTests extends ESTestCase {
}
public void testGetSelectedClientNonExisting() {
- AzureStorageServiceImpl azureStorageService = new AzureStorageServiceMockForSettings(buildSettings());
+ AzureStorageServiceImpl azureStorageService = createAzureService(buildSettings());
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> {
azureStorageService.getSelectedClient("azure4", LocationMode.PRIMARY_ONLY);
});
- assertThat(e.getMessage(), is("Can not find named azure client [azure4]. Check your settings."));
+ assertThat(e.getMessage(), is("Unable to find client with name [azure4]"));
}
public void testGetSelectedClientDefaultTimeout() {
@@ -123,7 +106,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.setSecureSettings(buildSecureSettings())
.put("azure.client.azure3.timeout", "30s")
.build();
- AzureStorageServiceImpl azureStorageService = new AzureStorageServiceMockForSettings(timeoutSettings);
+ AzureStorageServiceImpl azureStorageService = createAzureService(timeoutSettings);
CloudBlobClient client1 = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY);
assertThat(client1.getDefaultRequestOptions().getTimeoutIntervalInMs(), nullValue());
CloudBlobClient client3 = azureStorageService.getSelectedClient("azure3", LocationMode.PRIMARY_ONLY);
@@ -131,13 +114,13 @@ public class AzureStorageServiceTests extends ESTestCase {
}
public void testGetSelectedClientNoTimeout() {
- AzureStorageServiceImpl azureStorageService = new AzureStorageServiceMockForSettings(buildSettings());
+ AzureStorageServiceImpl azureStorageService = createAzureService(buildSettings());
CloudBlobClient client1 = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY);
assertThat(client1.getDefaultRequestOptions().getTimeoutIntervalInMs(), is(nullValue()));
}
public void testGetSelectedClientBackoffPolicy() {
- AzureStorageServiceImpl azureStorageService = new AzureStorageServiceMockForSettings(buildSettings());
+ AzureStorageServiceImpl azureStorageService = createAzureService(buildSettings());
CloudBlobClient client1 = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY);
assertThat(client1.getDefaultRequestOptions().getRetryPolicyFactory(), is(notNullValue()));
assertThat(client1.getDefaultRequestOptions().getRetryPolicyFactory(), instanceOf(RetryExponentialRetry.class));
@@ -149,7 +132,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.max_retries", 7)
.build();
- AzureStorageServiceImpl azureStorageService = new AzureStorageServiceMockForSettings(timeoutSettings);
+ AzureStorageServiceImpl azureStorageService = createAzureService(timeoutSettings);
CloudBlobClient client1 = azureStorageService.getSelectedClient("azure1", LocationMode.PRIMARY_ONLY);
assertThat(client1.getDefaultRequestOptions().getRetryPolicyFactory(), is(notNullValue()));
assertThat(client1.getDefaultRequestOptions().getRetryPolicyFactory(), instanceOf(RetryExponentialRetry.class));
@@ -159,7 +142,7 @@ public class AzureStorageServiceTests extends ESTestCase {
Settings settings = Settings.builder()
.setSecureSettings(buildSecureSettings())
.build();
- AzureStorageServiceMockForSettings mock = new AzureStorageServiceMockForSettings(settings);
+ AzureStorageServiceImpl mock = createAzureService(settings);
assertThat(mock.storageSettings.get("azure1").getProxy(), nullValue());
assertThat(mock.storageSettings.get("azure2").getProxy(), nullValue());
assertThat(mock.storageSettings.get("azure3").getProxy(), nullValue());
@@ -172,7 +155,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.port", 8080)
.put("azure.client.azure1.proxy.type", "http")
.build();
- AzureStorageServiceMockForSettings mock = new AzureStorageServiceMockForSettings(settings);
+ AzureStorageServiceImpl mock = createAzureService(settings);
Proxy azure1Proxy = mock.storageSettings.get("azure1").getProxy();
assertThat(azure1Proxy, notNullValue());
@@ -192,7 +175,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure2.proxy.port", 8081)
.put("azure.client.azure2.proxy.type", "http")
.build();
- AzureStorageServiceMockForSettings mock = new AzureStorageServiceMockForSettings(settings);
+ AzureStorageServiceImpl mock = createAzureService(settings);
Proxy azure1Proxy = mock.storageSettings.get("azure1").getProxy();
assertThat(azure1Proxy, notNullValue());
assertThat(azure1Proxy.type(), is(Proxy.Type.HTTP));
@@ -211,7 +194,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.port", 8080)
.put("azure.client.azure1.proxy.type", "socks")
.build();
- AzureStorageServiceMockForSettings mock = new AzureStorageServiceMockForSettings(settings);
+ AzureStorageServiceImpl mock = createAzureService(settings);
Proxy azure1Proxy = mock.storageSettings.get("azure1").getProxy();
assertThat(azure1Proxy, notNullValue());
assertThat(azure1Proxy.type(), is(Proxy.Type.SOCKS));
@@ -227,7 +210,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.type", randomFrom("socks", "http"))
.build();
- SettingsException e = expectThrows(SettingsException.class, () -> new AzureStorageServiceMockForSettings(settings));
+ SettingsException e = expectThrows(SettingsException.class, () -> createAzureService(settings));
assertEquals("Azure Proxy type has been set but proxy host or port is not defined.", e.getMessage());
}
@@ -238,7 +221,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.type", randomFrom("socks", "http"))
.build();
- SettingsException e = expectThrows(SettingsException.class, () -> new AzureStorageServiceMockForSettings(settings));
+ SettingsException e = expectThrows(SettingsException.class, () -> createAzureService(settings));
assertEquals("Azure Proxy type has been set but proxy host or port is not defined.", e.getMessage());
}
@@ -249,7 +232,7 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.port", 8080)
.build();
- SettingsException e = expectThrows(SettingsException.class, () -> new AzureStorageServiceMockForSettings(settings));
+ SettingsException e = expectThrows(SettingsException.class, () -> createAzureService(settings));
assertEquals("Azure Proxy port or host have been set but proxy type is not defined.", e.getMessage());
}
@@ -261,26 +244,10 @@ public class AzureStorageServiceTests extends ESTestCase {
.put("azure.client.azure1.proxy.port", 8080)
.build();
- SettingsException e = expectThrows(SettingsException.class, () -> new AzureStorageServiceMockForSettings(settings));
+ SettingsException e = expectThrows(SettingsException.class, () -> createAzureService(settings));
assertEquals("Azure proxy host is unknown.", e.getMessage());
}
- /**
- * This internal class just overload createClient method which is called by AzureStorageServiceImpl.doStart()
- */
- class AzureStorageServiceMockForSettings extends AzureStorageServiceImpl {
- AzureStorageServiceMockForSettings(Settings settings) {
- super(settings, AzureStorageSettings.load(settings));
- }
-
- // We fake the client here
- @Override
- void createClient(AzureStorageSettings azureStorageSettings) {
- this.clients.put(azureStorageSettings.getAccount(),
- new CloudBlobClient(URI.create("https://" + azureStorageSettings.getAccount())));
- }
- }
-
public void testBlobNameFromUri() throws URISyntaxException {
String name = blobNameFromUri(new URI("https://myservice.azure.net/container/path/to/myfile"));
assertThat(name, is("path/to/myfile"));
@@ -291,4 +258,27 @@ public class AzureStorageServiceTests extends ESTestCase {
name = blobNameFromUri(new URI("https://127.0.0.1/container/path/to/myfile"));
assertThat(name, is("path/to/myfile"));
}
+
+ private static MockSecureSettings buildSecureSettings() {
+ MockSecureSettings secureSettings = new MockSecureSettings();
+ secureSettings.setString("azure.client.azure1.account", "myaccount1");
+ secureSettings.setString("azure.client.azure1.key", encodeKey("mykey1"));
+ secureSettings.setString("azure.client.azure2.account", "myaccount2");
+ secureSettings.setString("azure.client.azure2.key", encodeKey("mykey2"));
+ secureSettings.setString("azure.client.azure3.account", "myaccount3");
+ secureSettings.setString("azure.client.azure3.key", encodeKey("mykey3"));
+ return secureSettings;
+ }
+
+ private static Settings buildSettings() {
+ return Settings.builder().setSecureSettings(buildSecureSettings()).build();
+ }
+
+ private static AzureStorageServiceImpl createAzureService(final Settings settings) {
+ return new AzureStorageServiceImpl(settings, AzureStorageSettings.load(settings));
+ }
+
+ private static String encodeKey(final String value) {
+ return Base64.encode(value.getBytes(StandardCharsets.UTF_8));
+ }
}
diff --git a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/NioHttpServerTransport.java b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/NioHttpServerTransport.java
index 825a023bd51..de5c166de3f 100644
--- a/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/NioHttpServerTransport.java
+++ b/plugins/transport-nio/src/main/java/org/elasticsearch/http/nio/NioHttpServerTransport.java
@@ -42,7 +42,7 @@ import org.elasticsearch.http.BindHttpException;
import org.elasticsearch.http.HttpHandlingSettings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.http.HttpStats;
-import org.elasticsearch.http.netty4.AbstractHttpServerTransport;
+import org.elasticsearch.http.AbstractHttpServerTransport;
import org.elasticsearch.nio.AcceptingSelector;
import org.elasticsearch.nio.AcceptorEventHandler;
import org.elasticsearch.nio.BytesChannelContext;
diff --git a/qa/vagrant/src/test/resources/packaging/tests/20_tar_package.bats b/qa/vagrant/src/test/resources/packaging/tests/20_tar_package.bats
index 1a3704c3317..3607e4ab45a 100644
--- a/qa/vagrant/src/test/resources/packaging/tests/20_tar_package.bats
+++ b/qa/vagrant/src/test/resources/packaging/tests/20_tar_package.bats
@@ -68,6 +68,7 @@ setup() {
@test "[TAR] install archive" {
# Install the archive
install_archive
+ set_debug_logging
count=$(find /tmp -type d -name 'elasticsearch*' | wc -l)
[ "$count" -eq 1 ]
diff --git a/qa/vagrant/src/test/resources/packaging/tests/module_and_plugin_test_cases.bash b/qa/vagrant/src/test/resources/packaging/tests/module_and_plugin_test_cases.bash
index 79228adfee5..e258c4db5e6 100644
--- a/qa/vagrant/src/test/resources/packaging/tests/module_and_plugin_test_cases.bash
+++ b/qa/vagrant/src/test/resources/packaging/tests/module_and_plugin_test_cases.bash
@@ -61,6 +61,7 @@ setup() {
[ ! -d "$ESHOME" ]; then
clean_before_test
install
+ set_debug_logging
fi
}
diff --git a/qa/vagrant/src/test/resources/packaging/utils/utils.bash b/qa/vagrant/src/test/resources/packaging/utils/utils.bash
index 4e3fdf5bd55..f8c3005de6c 100644
--- a/qa/vagrant/src/test/resources/packaging/utils/utils.bash
+++ b/qa/vagrant/src/test/resources/packaging/utils/utils.bash
@@ -461,6 +461,13 @@ debug_collect_logs() {
describe_port 127.0.0.1 9201
}
+set_debug_logging() {
+ if [ "$ESCONFIG" ] && [ -d "$ESCONFIG" ] && [ -f /etc/os-release ] && (grep -qi suse /etc/os-release); then
+ echo 'logger.org.elasticsearch.indices: DEBUG' >> "$ESCONFIG/elasticsearch.yml"
+ echo 'logger.org.elasticsearch.gateway: TRACE' >> "$ESCONFIG/elasticsearch.yml"
+ fi
+}
+
# Waits for Elasticsearch to reach some status.
# $1 - expected status - defaults to green
wait_for_elasticsearch_status() {
diff --git a/rest-api-spec/src/main/resources/rest-api-spec/test/indices.analyze/10_analyze.yml b/rest-api-spec/src/main/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
index d95417c16ca..85861a23d59 100644
--- a/rest-api-spec/src/main/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
+++ b/rest-api-spec/src/main/resources/rest-api-spec/test/indices.analyze/10_analyze.yml
@@ -75,19 +75,3 @@
- match: { detail.tokenizer.tokens.2.token: buzz }
- match: { detail.tokenfilters.0.name: "_anonymous_tokenfilter" }
- match: { detail.tokenfilters.0.tokens.0.token: bar }
-
----
-"Custom normalizer in request":
- - do:
- indices.analyze:
- body:
- text: ABc
- explain: true
- filter: ["lowercase"]
-
- - length: { detail.tokenizer.tokens: 1 }
- - length: { detail.tokenfilters.0.tokens: 1 }
- - match: { detail.tokenizer.name: keyword_for_normalizer }
- - match: { detail.tokenizer.tokens.0.token: ABc }
- - match: { detail.tokenfilters.0.name: lowercase }
- - match: { detail.tokenfilters.0.tokens.0.token: abc }
diff --git a/server/licenses/lucene-analyzers-common-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-analyzers-common-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..82585bb7ff3
--- /dev/null
+++ b/server/licenses/lucene-analyzers-common-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+0f75703c30756c31f7d09ec79191dab6fb35c958
\ No newline at end of file
diff --git a/server/licenses/lucene-analyzers-common-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-analyzers-common-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 1c471a77d80..00000000000
--- a/server/licenses/lucene-analyzers-common-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-96ab108569c77932ecb17c45421affece207df5c
\ No newline at end of file
diff --git a/server/licenses/lucene-backward-codecs-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-backward-codecs-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..981e6d1a173
--- /dev/null
+++ b/server/licenses/lucene-backward-codecs-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+c5c519fdea65726612f79e3dd942b7316966646e
\ No newline at end of file
diff --git a/server/licenses/lucene-backward-codecs-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-backward-codecs-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 4c8842872ab..00000000000
--- a/server/licenses/lucene-backward-codecs-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-72d09ca50979f716a57f53f2de33d55023a166ec
\ No newline at end of file
diff --git a/server/licenses/lucene-core-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-core-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..cea13d14fe1
--- /dev/null
+++ b/server/licenses/lucene-core-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+f345b6aa3c550dafc63de3e5a5c404691e782336
\ No newline at end of file
diff --git a/server/licenses/lucene-core-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-core-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 4aecfc6a550..00000000000
--- a/server/licenses/lucene-core-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-e118e4d05070378516b9055184b74498ba528dee
\ No newline at end of file
diff --git a/server/licenses/lucene-grouping-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-grouping-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..fcb173608ef
--- /dev/null
+++ b/server/licenses/lucene-grouping-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+7a74855e37124a27af36390c9d15abe33614129e
\ No newline at end of file
diff --git a/server/licenses/lucene-grouping-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-grouping-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 948aacf662f..00000000000
--- a/server/licenses/lucene-grouping-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-2b2ea6bfe6fa159bbf205bf7f7fa2ed2c22bbffc
\ No newline at end of file
diff --git a/server/licenses/lucene-highlighter-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-highlighter-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..79addefbfc6
--- /dev/null
+++ b/server/licenses/lucene-highlighter-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+0e3df4b469465ef101254fdcbb08ebd8a19f1f9d
\ No newline at end of file
diff --git a/server/licenses/lucene-highlighter-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-highlighter-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 30a960c5a80..00000000000
--- a/server/licenses/lucene-highlighter-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-423e4fff9276101d845d6073dc6cd27504def207
\ No newline at end of file
diff --git a/server/licenses/lucene-join-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-join-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..a9838db7caa
--- /dev/null
+++ b/server/licenses/lucene-join-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+05d236149c99c860e6b627a8f78ea32918c108c3
\ No newline at end of file
diff --git a/server/licenses/lucene-join-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-join-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index fb3cd72c755..00000000000
--- a/server/licenses/lucene-join-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-27561038da2edcae3ecc3a08b0a52824966af87a
\ No newline at end of file
diff --git a/server/licenses/lucene-memory-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-memory-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..679c79788f5
--- /dev/null
+++ b/server/licenses/lucene-memory-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+d83e7e65eb268425f7bd5be2425d4a00b556bc47
\ No newline at end of file
diff --git a/server/licenses/lucene-memory-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-memory-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index cd989836ab2..00000000000
--- a/server/licenses/lucene-memory-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-d7d422159f705261784d121e24877119d9c95083
\ No newline at end of file
diff --git a/server/licenses/lucene-misc-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-misc-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..c403d4c4f86
--- /dev/null
+++ b/server/licenses/lucene-misc-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+440a998b5bf99871bec4272a219de01b25751d5c
\ No newline at end of file
diff --git a/server/licenses/lucene-misc-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-misc-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index c4d8ad61c73..00000000000
--- a/server/licenses/lucene-misc-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-fc09508fde6ba87f241d7e3148d9e310c0db9cb9
\ No newline at end of file
diff --git a/server/licenses/lucene-queries-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-queries-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..6b8897d1ae7
--- /dev/null
+++ b/server/licenses/lucene-queries-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+2a5c031155fdfa743af321150c0dd654a6ea3c71
\ No newline at end of file
diff --git a/server/licenses/lucene-queries-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-queries-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 0cb51736803..00000000000
--- a/server/licenses/lucene-queries-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-201fdf3432ff3fef0f48c38c2c0f482c144f6868
\ No newline at end of file
diff --git a/server/licenses/lucene-queryparser-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-queryparser-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..b6c6bf76610
--- /dev/null
+++ b/server/licenses/lucene-queryparser-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+d021c9a461ff0f020d038ad5ecc5127973d4674a
\ No newline at end of file
diff --git a/server/licenses/lucene-queryparser-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-queryparser-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index ecd6440ba64..00000000000
--- a/server/licenses/lucene-queryparser-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-917df8c8d08952a012a34050b183b6204ae7081b
\ No newline at end of file
diff --git a/server/licenses/lucene-sandbox-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-sandbox-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..92f64fca2c7
--- /dev/null
+++ b/server/licenses/lucene-sandbox-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+9877a14c53e69b39fff2bf10d49a61171746d940
\ No newline at end of file
diff --git a/server/licenses/lucene-sandbox-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-sandbox-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 3e65eaeef91..00000000000
--- a/server/licenses/lucene-sandbox-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-caff84fa66cb0376835c39f3d4ca7dfd2177d8f4
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-spatial-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..2f691988c44
--- /dev/null
+++ b/server/licenses/lucene-spatial-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+7d7e5101b46a120efa311509948c0d1f9bf30155
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-spatial-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index c86854b16c3..00000000000
--- a/server/licenses/lucene-spatial-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-e1bce61a9d9129a8d0fdd3127a84665d29f53eb0
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial-extras-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-spatial-extras-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..86c147f9610
--- /dev/null
+++ b/server/licenses/lucene-spatial-extras-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+5a4c11db96ae70b9048243cc530fcbc76faa0978
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial-extras-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-spatial-extras-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index 144984a3869..00000000000
--- a/server/licenses/lucene-spatial-extras-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-3a2e4373d79fda968a078971efa2cb8ec9ff65b0
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial3d-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-spatial3d-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..2fbdcdecf1a
--- /dev/null
+++ b/server/licenses/lucene-spatial3d-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+afb01af1450067b145ca2c1d737b5907288af560
\ No newline at end of file
diff --git a/server/licenses/lucene-spatial3d-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-spatial3d-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index fd19f4ad811..00000000000
--- a/server/licenses/lucene-spatial3d-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-7f14927e5c3c1c85c4c5b3681c28c5e36f241dda
\ No newline at end of file
diff --git a/server/licenses/lucene-suggest-7.4.0-snapshot-1cbadda4d3.jar.sha1 b/server/licenses/lucene-suggest-7.4.0-snapshot-1cbadda4d3.jar.sha1
new file mode 100644
index 00000000000..1a86525735c
--- /dev/null
+++ b/server/licenses/lucene-suggest-7.4.0-snapshot-1cbadda4d3.jar.sha1
@@ -0,0 +1 @@
+473f0221e0b2ea45940d8ae6dcf16e39c81b18c2
\ No newline at end of file
diff --git a/server/licenses/lucene-suggest-7.4.0-snapshot-cc2ee23050.jar.sha1 b/server/licenses/lucene-suggest-7.4.0-snapshot-cc2ee23050.jar.sha1
deleted file mode 100644
index ba405960dbe..00000000000
--- a/server/licenses/lucene-suggest-7.4.0-snapshot-cc2ee23050.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-6e708a38c957a655e0cfedb06a1b9aa892929db0
\ No newline at end of file
diff --git a/server/src/main/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaData.java b/server/src/main/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaData.java
index c0d254509c1..ae58d2885bb 100644
--- a/server/src/main/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaData.java
+++ b/server/src/main/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaData.java
@@ -270,7 +270,8 @@ public class IndexTemplateMetaData extends AbstractDiffable VALID_FIELDS = Sets.newHashSet("template", "order", "mappings", "settings", "index_patterns");
+ private static final Set VALID_FIELDS = Sets.newHashSet(
+ "template", "order", "mappings", "settings", "index_patterns", "aliases", "version");
static {
VALID_FIELDS.addAll(IndexMetaData.customPrototypes.keySet());
}
diff --git a/server/src/main/java/org/elasticsearch/http/netty4/AbstractHttpServerTransport.java b/server/src/main/java/org/elasticsearch/http/AbstractHttpServerTransport.java
similarity index 98%
rename from server/src/main/java/org/elasticsearch/http/netty4/AbstractHttpServerTransport.java
rename to server/src/main/java/org/elasticsearch/http/AbstractHttpServerTransport.java
index a0b3632310b..c75754bde58 100644
--- a/server/src/main/java/org/elasticsearch/http/netty4/AbstractHttpServerTransport.java
+++ b/server/src/main/java/org/elasticsearch/http/AbstractHttpServerTransport.java
@@ -17,7 +17,7 @@
* under the License.
*/
-package org.elasticsearch.http.netty4;
+package org.elasticsearch.http;
import com.carrotsearch.hppc.IntHashSet;
import com.carrotsearch.hppc.IntSet;
@@ -30,8 +30,6 @@ import org.elasticsearch.common.transport.PortsRange;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.common.unit.ByteSizeValue;
import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.http.BindHttpException;
-import org.elasticsearch.http.HttpInfo;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.threadpool.ThreadPool;
diff --git a/server/src/main/java/org/elasticsearch/index/analysis/AnalysisRegistry.java b/server/src/main/java/org/elasticsearch/index/analysis/AnalysisRegistry.java
index 63e56651cd0..77be68fbbe2 100644
--- a/server/src/main/java/org/elasticsearch/index/analysis/AnalysisRegistry.java
+++ b/server/src/main/java/org/elasticsearch/index/analysis/AnalysisRegistry.java
@@ -548,6 +548,10 @@ public final class AnalysisRegistry implements Closeable {
TokenizerFactory keywordTokenizerFactory,
Map tokenFilters,
Map charFilters) {
+ if (keywordTokenizerFactory == null) {
+ throw new IllegalStateException("keyword tokenizer factory is null, normalizers require analysis-common module");
+ }
+
if (normalizerFactory instanceof CustomNormalizerProvider) {
((CustomNormalizerProvider) normalizerFactory).build(keywordTokenizerFactory, charFilters, tokenFilters);
}
diff --git a/server/src/main/java/org/elasticsearch/index/shard/ElasticsearchMergePolicy.java b/server/src/main/java/org/elasticsearch/index/shard/ElasticsearchMergePolicy.java
index e49ac868aa7..430e75ed494 100644
--- a/server/src/main/java/org/elasticsearch/index/shard/ElasticsearchMergePolicy.java
+++ b/server/src/main/java/org/elasticsearch/index/shard/ElasticsearchMergePolicy.java
@@ -83,7 +83,7 @@ public final class ElasticsearchMergePolicy extends FilterMergePolicy {
@Override
public MergeSpecification findForcedMerges(SegmentInfos segmentInfos,
- int maxSegmentCount, Map segmentsToMerge, IndexWriter writer)
+ int maxSegmentCount, Map segmentsToMerge, MergeContext mergeContext)
throws IOException {
if (upgradeInProgress) {
@@ -122,7 +122,7 @@ public final class ElasticsearchMergePolicy extends FilterMergePolicy {
// has a chance to decide what to do (e.g. collapse the segments to satisfy maxSegmentCount)
}
- return super.findForcedMerges(segmentInfos, maxSegmentCount, segmentsToMerge, writer);
+ return super.findForcedMerges(segmentInfos, maxSegmentCount, segmentsToMerge, mergeContext);
}
/**
diff --git a/server/src/main/java/org/elasticsearch/indices/analysis/AnalysisModule.java b/server/src/main/java/org/elasticsearch/indices/analysis/AnalysisModule.java
index 10547444226..bc590381c3c 100644
--- a/server/src/main/java/org/elasticsearch/indices/analysis/AnalysisModule.java
+++ b/server/src/main/java/org/elasticsearch/indices/analysis/AnalysisModule.java
@@ -56,7 +56,6 @@ import org.elasticsearch.index.analysis.IndonesianAnalyzerProvider;
import org.elasticsearch.index.analysis.IrishAnalyzerProvider;
import org.elasticsearch.index.analysis.ItalianAnalyzerProvider;
import org.elasticsearch.index.analysis.KeywordAnalyzerProvider;
-import org.elasticsearch.index.analysis.KeywordTokenizerFactory;
import org.elasticsearch.index.analysis.LatvianAnalyzerProvider;
import org.elasticsearch.index.analysis.LithuanianAnalyzerProvider;
import org.elasticsearch.index.analysis.NorwegianAnalyzerProvider;
@@ -225,7 +224,6 @@ public final class AnalysisModule {
private NamedRegistry> setupTokenizers(List plugins) {
NamedRegistry> tokenizers = new NamedRegistry<>("tokenizer");
tokenizers.register("standard", StandardTokenizerFactory::new);
- tokenizers.register("keyword", KeywordTokenizerFactory::new);
tokenizers.extractAndRegister(plugins, AnalysisPlugin::getTokenizers);
return tokenizers;
}
diff --git a/server/src/main/java/org/elasticsearch/script/StoredScriptSource.java b/server/src/main/java/org/elasticsearch/script/StoredScriptSource.java
index da6dad1dff3..11f8769c86b 100644
--- a/server/src/main/java/org/elasticsearch/script/StoredScriptSource.java
+++ b/server/src/main/java/org/elasticsearch/script/StoredScriptSource.java
@@ -74,6 +74,11 @@ public class StoredScriptSource extends AbstractDiffable imp
*/
public static final ParseField TEMPLATE_PARSE_FIELD = new ParseField("template");
+ /**
+ * Standard {@link ParseField} for query on the inner field.
+ */
+ public static final ParseField TEMPLATE_NO_WRAPPER_PARSE_FIELD = new ParseField("query");
+
/**
* Standard {@link ParseField} for lang on the inner level.
*/
@@ -189,6 +194,26 @@ public class StoredScriptSource extends AbstractDiffable imp
PARSER.declareField(Builder::setOptions, XContentParser::mapStrings, OPTIONS_PARSE_FIELD, ValueType.OBJECT);
}
+ private static StoredScriptSource parseRemaining(Token token, XContentParser parser) throws IOException {
+ try (XContentBuilder builder = XContentFactory.jsonBuilder()) {
+ if (token != Token.START_OBJECT) {
+ builder.startObject();
+ builder.copyCurrentStructure(parser);
+ builder.endObject();
+ } else {
+ builder.copyCurrentStructure(parser);
+ }
+
+ String source = Strings.toString(builder);
+
+ if (source == null || source.isEmpty()) {
+ DEPRECATION_LOGGER.deprecated("empty templates should no longer be used");
+ }
+
+ return new StoredScriptSource(Script.DEFAULT_TEMPLATE_LANG, source, Collections.emptyMap());
+ }
+ }
+
/**
* This will parse XContent into a {@link StoredScriptSource}. The following formats can be parsed:
*
@@ -304,38 +329,28 @@ public class StoredScriptSource extends AbstractDiffable imp
} else {
throw new ParsingException(parser.getTokenLocation(), "unexpected token [" + token + "], expected [{, ]");
}
- } else {
- if (TEMPLATE_PARSE_FIELD.getPreferredName().equals(name)) {
- token = parser.nextToken();
+ } else if (TEMPLATE_PARSE_FIELD.getPreferredName().equals(name)) {
- if (token == Token.VALUE_STRING) {
- String source = parser.text();
+ DEPRECATION_LOGGER.deprecated("the template context is now deprecated. Specify templates in a \"script\" element.");
- if (source == null || source.isEmpty()) {
- DEPRECATION_LOGGER.deprecated("empty templates should no longer be used");
- }
-
- return new StoredScriptSource(Script.DEFAULT_TEMPLATE_LANG, source, Collections.emptyMap());
- }
- }
-
- try (XContentBuilder builder = XContentFactory.jsonBuilder()) {
- if (token != Token.START_OBJECT) {
- builder.startObject();
- builder.copyCurrentStructure(parser);
- builder.endObject();
- } else {
- builder.copyCurrentStructure(parser);
- }
-
- String source = Strings.toString(builder);
+ token = parser.nextToken();
+ if (token == Token.VALUE_STRING) {
+ String source = parser.text();
if (source == null || source.isEmpty()) {
DEPRECATION_LOGGER.deprecated("empty templates should no longer be used");
}
return new StoredScriptSource(Script.DEFAULT_TEMPLATE_LANG, source, Collections.emptyMap());
+ } else {
+ return parseRemaining(token, parser);
}
+ } else if (TEMPLATE_NO_WRAPPER_PARSE_FIELD.getPreferredName().equals(name)) {
+ DEPRECATION_LOGGER.deprecated("the template context is now deprecated. Specify templates in a \"script\" element.");
+ return parseRemaining(token, parser);
+ } else {
+ DEPRECATION_LOGGER.deprecated("scripts should not be stored without a context. Specify them in a \"script\" element.");
+ return parseRemaining(token, parser);
}
} catch (IOException ioe) {
throw new UncheckedIOException(ioe);
diff --git a/server/src/test/java/org/elasticsearch/action/admin/indices/TransportAnalyzeActionTests.java b/server/src/test/java/org/elasticsearch/action/admin/indices/TransportAnalyzeActionTests.java
index de11902d914..c0404a47ab2 100644
--- a/server/src/test/java/org/elasticsearch/action/admin/indices/TransportAnalyzeActionTests.java
+++ b/server/src/test/java/org/elasticsearch/action/admin/indices/TransportAnalyzeActionTests.java
@@ -19,6 +19,7 @@
package org.elasticsearch.action.admin.indices;
import org.apache.lucene.analysis.MockTokenFilter;
+import org.apache.lucene.analysis.MockTokenizer;
import org.apache.lucene.analysis.TokenStream;
import org.elasticsearch.Version;
import org.elasticsearch.action.admin.indices.analyze.AnalyzeRequest;
@@ -37,6 +38,7 @@ import org.elasticsearch.index.analysis.CharFilterFactory;
import org.elasticsearch.index.analysis.IndexAnalyzers;
import org.elasticsearch.index.analysis.PreConfiguredCharFilter;
import org.elasticsearch.index.analysis.TokenFilterFactory;
+import org.elasticsearch.index.analysis.TokenizerFactory;
import org.elasticsearch.indices.analysis.AnalysisModule;
import org.elasticsearch.indices.analysis.AnalysisModule.AnalysisProvider;
import org.elasticsearch.indices.analysis.AnalysisModuleTests.AppendCharFilter;
@@ -107,6 +109,12 @@ public class TransportAnalyzeActionTests extends ESTestCase {
return singletonMap("append", AppendCharFilterFactory::new);
}
+ @Override
+ public Map> getTokenizers() {
+ return singletonMap("keyword", (indexSettings, environment, name, settings) ->
+ () -> new MockTokenizer(MockTokenizer.KEYWORD, false));
+ }
+
@Override
public Map> getTokenFilters() {
return singletonMap("mock", MockFactory::new);
diff --git a/server/src/test/java/org/elasticsearch/action/termvectors/GetTermVectorsIT.java b/server/src/test/java/org/elasticsearch/action/termvectors/GetTermVectorsIT.java
index c55e4851edb..b5a596401cb 100644
--- a/server/src/test/java/org/elasticsearch/action/termvectors/GetTermVectorsIT.java
+++ b/server/src/test/java/org/elasticsearch/action/termvectors/GetTermVectorsIT.java
@@ -37,10 +37,13 @@ import org.elasticsearch.common.xcontent.ToXContent;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.index.engine.VersionConflictEngineException;
import org.elasticsearch.index.mapper.FieldMapper;
+import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.test.MockKeywordPlugin;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -58,6 +61,12 @@ import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
public class GetTermVectorsIT extends AbstractTermVectorsTestCase {
+
+ @Override
+ protected Collection> nodePlugins() {
+ return Collections.singleton(MockKeywordPlugin.class);
+ }
+
public void testNoSuchDoc() throws Exception {
XContentBuilder mapping = jsonBuilder().startObject().startObject("type1")
.startObject("properties")
diff --git a/server/src/test/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaDataTests.java b/server/src/test/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaDataTests.java
index d6eb00c499e..6d489f5feb3 100644
--- a/server/src/test/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaDataTests.java
+++ b/server/src/test/java/org/elasticsearch/cluster/metadata/IndexTemplateMetaDataTests.java
@@ -43,6 +43,7 @@ import java.util.Collections;
import static java.util.Collections.singletonMap;
import static org.elasticsearch.cluster.metadata.AliasMetaData.newAliasMetaDataBuilder;
import static org.hamcrest.CoreMatchers.equalTo;
+import static org.hamcrest.Matchers.contains;
public class IndexTemplateMetaDataTests extends ESTestCase {
@@ -167,4 +168,54 @@ public class IndexTemplateMetaDataTests extends ESTestCase {
assertThat(ex.getMessage(), equalTo("Index patterns must not be null or empty; got null"));
}
}
+
+ public void testParseTemplateWithAliases() throws Exception {
+ String templateInJSON = "{\"aliases\": {\"log\":{}}, \"index_patterns\": [\"pattern-1\"]}";
+ try (XContentParser parser =
+ XContentHelper.createParser(NamedXContentRegistry.EMPTY,
+ DeprecationHandler.THROW_UNSUPPORTED_OPERATION, new BytesArray(templateInJSON), XContentType.JSON)) {
+ IndexTemplateMetaData template = IndexTemplateMetaData.Builder.fromXContent(parser, randomAlphaOfLengthBetween(1, 100));
+ assertThat(template.aliases().containsKey("log"), equalTo(true));
+ assertThat(template.patterns(), contains("pattern-1"));
+ }
+ }
+
+ public void testFromToXContent() throws Exception {
+ String templateName = randomUnicodeOfCodepointLengthBetween(1, 10);
+ IndexTemplateMetaData.Builder templateBuilder = IndexTemplateMetaData.builder(templateName);
+ templateBuilder.patterns(Arrays.asList("pattern-1"));
+ int numAlias = between(0, 5);
+ for (int i = 0; i < numAlias; i++) {
+ AliasMetaData.Builder alias = AliasMetaData.builder(randomRealisticUnicodeOfLengthBetween(1, 100));
+ if (randomBoolean()) {
+ alias.indexRouting(randomRealisticUnicodeOfLengthBetween(1, 100));
+ }
+ if (randomBoolean()) {
+ alias.searchRouting(randomRealisticUnicodeOfLengthBetween(1, 100));
+ }
+ templateBuilder.putAlias(alias);
+ }
+ if (randomBoolean()) {
+ templateBuilder.settings(Settings.builder().put("index.setting-1", randomLong()));
+ templateBuilder.settings(Settings.builder().put("index.setting-2", randomTimeValue()));
+ }
+ if (randomBoolean()) {
+ templateBuilder.order(randomInt());
+ }
+ if (randomBoolean()) {
+ templateBuilder.version(between(0, 100));
+ }
+ if (randomBoolean()) {
+ templateBuilder.putMapping("doc", "{\"doc\":{\"properties\":{\"type\":\"text\"}}}");
+ }
+ IndexTemplateMetaData template = templateBuilder.build();
+ XContentBuilder builder = XContentBuilder.builder(randomFrom(XContentType.JSON.xContent()));
+ builder.startObject();
+ IndexTemplateMetaData.Builder.toXContent(template, builder, ToXContent.EMPTY_PARAMS);
+ builder.endObject();
+ try (XContentParser parser = createParser(shuffleXContent(builder))) {
+ IndexTemplateMetaData parsed = IndexTemplateMetaData.Builder.fromXContent(parser, templateName);
+ assertThat(parsed, equalTo(template));
+ }
+ }
}
diff --git a/server/src/test/java/org/elasticsearch/gateway/GatewayIndexStateIT.java b/server/src/test/java/org/elasticsearch/gateway/GatewayIndexStateIT.java
index aeadcf30e36..209fbd37c59 100644
--- a/server/src/test/java/org/elasticsearch/gateway/GatewayIndexStateIT.java
+++ b/server/src/test/java/org/elasticsearch/gateway/GatewayIndexStateIT.java
@@ -432,7 +432,7 @@ public class GatewayIndexStateIT extends ESIntegTestCase {
logger.info("--> starting one node");
internalCluster().startNode();
prepareCreate("test").setSettings(Settings.builder()
- .put("index.analysis.analyzer.test.tokenizer", "keyword")
+ .put("index.analysis.analyzer.test.tokenizer", "standard")
.put("index.number_of_shards", "1"))
.addMapping("type1", "{\n" +
" \"type1\": {\n" +
diff --git a/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpPublishPortTests.java b/server/src/test/java/org/elasticsearch/http/AbstractHttpServerTransportTests.java
similarity index 93%
rename from modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpPublishPortTests.java
rename to server/src/test/java/org/elasticsearch/http/AbstractHttpServerTransportTests.java
index afa513275ea..ee74d98002f 100644
--- a/modules/transport-netty4/src/test/java/org/elasticsearch/http/netty4/Netty4HttpPublishPortTests.java
+++ b/server/src/test/java/org/elasticsearch/http/AbstractHttpServerTransportTests.java
@@ -17,13 +17,11 @@
* under the License.
*/
-package org.elasticsearch.http.netty4;
+package org.elasticsearch.http;
import org.elasticsearch.common.network.NetworkUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
-import org.elasticsearch.http.BindHttpException;
-import org.elasticsearch.http.HttpTransportSettings;
import org.elasticsearch.test.ESTestCase;
import java.net.UnknownHostException;
@@ -32,11 +30,11 @@ import java.util.List;
import static java.net.InetAddress.getByName;
import static java.util.Arrays.asList;
-import static org.elasticsearch.http.netty4.Netty4HttpServerTransport.resolvePublishPort;
+import static org.elasticsearch.http.AbstractHttpServerTransport.resolvePublishPort;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
-public class Netty4HttpPublishPortTests extends ESTestCase {
+public class AbstractHttpServerTransportTests extends ESTestCase {
public void testHttpPublishPort() throws Exception {
int boundPort = randomIntBetween(9000, 9100);
@@ -88,5 +86,4 @@ public class Netty4HttpPublishPortTests extends ESTestCase {
}
return addresses;
}
-
}
diff --git a/server/src/test/java/org/elasticsearch/index/analysis/CustomNormalizerTests.java b/server/src/test/java/org/elasticsearch/index/analysis/CustomNormalizerTests.java
index 7d8d64e6962..e2025145241 100644
--- a/server/src/test/java/org/elasticsearch/index/analysis/CustomNormalizerTests.java
+++ b/server/src/test/java/org/elasticsearch/index/analysis/CustomNormalizerTests.java
@@ -20,6 +20,8 @@
package org.elasticsearch.index.analysis;
import org.apache.lucene.analysis.MockLowerCaseFilter;
+import org.apache.lucene.analysis.MockTokenizer;
+import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.util.BytesRef;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
@@ -71,7 +73,7 @@ public class CustomNormalizerTests extends ESTokenStreamTestCase {
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString())
.build();
IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
- () -> AnalysisTestsHelper.createTestAnalysisFromSettings(settings));
+ () -> AnalysisTestsHelper.createTestAnalysisFromSettings(settings, MOCK_ANALYSIS_PLUGIN));
assertEquals("Custom normalizer [my_normalizer] cannot configure a tokenizer", e.getMessage());
}
@@ -135,7 +137,7 @@ public class CustomNormalizerTests extends ESTokenStreamTestCase {
@Override
public int read(char[] cbuf, int off, int len) throws IOException {
int result = reader.read(cbuf, off, len);
- for (int i = off; i < result; i++) {
+ for (int i = off; i < off + len; i++) {
if (cbuf[i] == 'a') {
cbuf[i] = 'z';
}
@@ -157,5 +159,11 @@ public class CustomNormalizerTests extends ESTokenStreamTestCase {
return new Factory();
});
}
+
+ @Override
+ public Map> getTokenizers() {
+ return singletonMap("keyword", (indexSettings, environment, name, settings) ->
+ () -> new MockTokenizer(MockTokenizer.KEYWORD, false));
+ }
}
}
diff --git a/server/src/test/java/org/elasticsearch/index/mapper/KeywordFieldMapperTests.java b/server/src/test/java/org/elasticsearch/index/mapper/KeywordFieldMapperTests.java
index bffb1737eeb..86cf7b4b766 100644
--- a/server/src/test/java/org/elasticsearch/index/mapper/KeywordFieldMapperTests.java
+++ b/server/src/test/java/org/elasticsearch/index/mapper/KeywordFieldMapperTests.java
@@ -20,6 +20,8 @@
package org.elasticsearch.index.mapper;
import org.apache.lucene.analysis.MockLowerCaseFilter;
+import org.apache.lucene.analysis.MockTokenizer;
+import org.apache.lucene.analysis.Tokenizer;
import org.apache.lucene.index.DocValuesType;
import org.apache.lucene.index.IndexOptions;
import org.apache.lucene.index.IndexableField;
@@ -33,7 +35,9 @@ import org.elasticsearch.common.xcontent.XContentFactory;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.IndexService;
import org.elasticsearch.index.analysis.PreConfiguredTokenFilter;
+import org.elasticsearch.index.analysis.TokenizerFactory;
import org.elasticsearch.index.mapper.MapperService.MergeReason;
+import org.elasticsearch.indices.analysis.AnalysisModule;
import org.elasticsearch.plugins.AnalysisPlugin;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESSingleNodeTestCase;
@@ -44,8 +48,10 @@ import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
+import java.util.Map;
import static java.util.Collections.singletonList;
+import static java.util.Collections.singletonMap;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
@@ -58,6 +64,21 @@ public class KeywordFieldMapperTests extends ESSingleNodeTestCase {
public List getPreConfiguredTokenFilters() {
return singletonList(PreConfiguredTokenFilter.singleton("mock_other_lowercase", true, MockLowerCaseFilter::new));
}
+
+ @Override
+ public Map> getTokenizers() {
+ return singletonMap("keyword", (indexSettings, environment, name, settings) -> {
+ class Factory implements TokenizerFactory {
+
+ @Override
+ public Tokenizer create() {
+ return new MockTokenizer(MockTokenizer.KEYWORD, false);
+ }
+ }
+ return new Factory();
+ });
+ }
+
};
@Override
diff --git a/server/src/test/java/org/elasticsearch/indices/analysis/AnalysisModuleTests.java b/server/src/test/java/org/elasticsearch/indices/analysis/AnalysisModuleTests.java
index 2bc98885f90..a31dcc81f72 100644
--- a/server/src/test/java/org/elasticsearch/indices/analysis/AnalysisModuleTests.java
+++ b/server/src/test/java/org/elasticsearch/indices/analysis/AnalysisModuleTests.java
@@ -21,6 +21,7 @@ package org.elasticsearch.indices.analysis;
import org.apache.lucene.analysis.Analyzer;
import org.apache.lucene.analysis.CharFilter;
+import org.apache.lucene.analysis.MockTokenizer;
import org.apache.lucene.analysis.TokenFilter;
import org.apache.lucene.analysis.TokenStream;
import org.apache.lucene.analysis.Tokenizer;
@@ -31,6 +32,7 @@ import org.apache.lucene.store.Directory;
import org.apache.lucene.store.SimpleFSDirectory;
import org.elasticsearch.Version;
import org.elasticsearch.cluster.metadata.IndexMetaData;
+import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.env.Environment;
@@ -49,6 +51,7 @@ import org.elasticsearch.index.analysis.StandardTokenizerFactory;
import org.elasticsearch.index.analysis.StopTokenFilterFactory;
import org.elasticsearch.index.analysis.TokenFilterFactory;
import org.elasticsearch.index.analysis.MyFilterTokenFilterFactory;
+import org.elasticsearch.index.analysis.TokenizerFactory;
import org.elasticsearch.indices.analysis.AnalysisModule.AnalysisProvider;
import org.elasticsearch.plugins.AnalysisPlugin;
import org.elasticsearch.test.ESTestCase;
@@ -60,6 +63,8 @@ import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
+import java.io.StringReader;
+import java.io.UncheckedIOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
@@ -222,7 +227,7 @@ public class AnalysisModuleTests extends ESTestCase {
public void testUnderscoreInAnalyzerName() throws IOException {
Settings settings = Settings.builder()
- .put("index.analysis.analyzer._invalid_name.tokenizer", "keyword")
+ .put("index.analysis.analyzer._invalid_name.tokenizer", "standard")
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString())
.put(IndexMetaData.SETTING_VERSION_CREATED, "1")
.build();
@@ -256,6 +261,13 @@ public class AnalysisModuleTests extends ESTestCase {
(tokenStream, esVersion) -> new AppendCharFilter(tokenStream, esVersion.toString()))
);
}
+
+ @Override
+ public Map> getTokenizers() {
+ // Need mock keyword tokenizer here, because alpha / beta versions are broken up by the dash.
+ return singletonMap("keyword", (indexSettings, environment, name, settings) ->
+ () -> new MockTokenizer(MockTokenizer.KEYWORD, false));
+ }
})).getAnalysisRegistry();
Version version = VersionUtils.randomVersion(random());
@@ -305,11 +317,11 @@ public class AnalysisModuleTests extends ESTestCase {
Version version = VersionUtils.randomVersion(random());
IndexAnalyzers analyzers = getIndexAnalyzers(registry, Settings.builder()
- .put("index.analysis.analyzer.no_version.tokenizer", "keyword")
+ .put("index.analysis.analyzer.no_version.tokenizer", "standard")
.put("index.analysis.analyzer.no_version.filter", "no_version")
- .put("index.analysis.analyzer.lucene_version.tokenizer", "keyword")
+ .put("index.analysis.analyzer.lucene_version.tokenizer", "standard")
.put("index.analysis.analyzer.lucene_version.filter", "lucene_version")
- .put("index.analysis.analyzer.elasticsearch_version.tokenizer", "keyword")
+ .put("index.analysis.analyzer.elasticsearch_version.tokenizer", "standard")
.put("index.analysis.analyzer.elasticsearch_version.filter", "elasticsearch_version")
.put(IndexMetaData.SETTING_VERSION_CREATED, version)
.build());
@@ -425,12 +437,17 @@ public class AnalysisModuleTests extends ESTestCase {
// Simple char filter that appends text to the term
public static class AppendCharFilter extends CharFilter {
- private final char[] appendMe;
- private int offsetInAppendMe = -1;
+
+ static Reader append(Reader input, String appendMe) {
+ try {
+ return new StringReader(Streams.copyToString(input) + appendMe);
+ } catch (IOException e) {
+ throw new UncheckedIOException(e);
+ }
+ }
public AppendCharFilter(Reader input, String appendMe) {
- super(input);
- this.appendMe = appendMe.toCharArray();
+ super(append(input, appendMe));
}
@Override
@@ -440,24 +457,7 @@ public class AnalysisModuleTests extends ESTestCase {
@Override
public int read(char[] cbuf, int off, int len) throws IOException {
- if (offsetInAppendMe < 0) {
- int read = input.read(cbuf, off, len);
- if (read == len) {
- return read;
- }
- off += read;
- len -= read;
- int allowedLen = Math.min(len, appendMe.length);
- System.arraycopy(appendMe, 0, cbuf, off, allowedLen);
- offsetInAppendMe = allowedLen;
- return read + allowedLen;
- }
- if (offsetInAppendMe >= appendMe.length) {
- return -1;
- }
- int allowedLen = Math.max(len, appendMe.length - offsetInAppendMe);
- System.arraycopy(appendMe, offsetInAppendMe, cbuf, off, allowedLen);
- return allowedLen;
+ return input.read(cbuf, off, len);
}
}
diff --git a/server/src/test/java/org/elasticsearch/indices/analyze/AnalyzeActionIT.java b/server/src/test/java/org/elasticsearch/indices/analyze/AnalyzeActionIT.java
index 802761780a7..9d0c512f785 100644
--- a/server/src/test/java/org/elasticsearch/indices/analyze/AnalyzeActionIT.java
+++ b/server/src/test/java/org/elasticsearch/indices/analyze/AnalyzeActionIT.java
@@ -22,11 +22,18 @@ import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.analyze.AnalyzeRequestBuilder;
import org.elasticsearch.action.admin.indices.analyze.AnalyzeResponse;
import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.index.analysis.CharFilterFactory;
+import org.elasticsearch.indices.analysis.AnalysisModule;
+import org.elasticsearch.plugins.AnalysisPlugin;
+import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.test.MockKeywordPlugin;
import org.hamcrest.core.IsNull;
import java.io.IOException;
import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -38,6 +45,12 @@ import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.startsWith;
public class AnalyzeActionIT extends ESIntegTestCase {
+
+ @Override
+ protected Collection> nodePlugins() {
+ return Collections.singleton(MockKeywordPlugin.class);
+ }
+
public void testSimpleAnalyzerTests() throws Exception {
assertAcked(prepareCreate("test").addAlias(new Alias("alias")));
ensureGreen();
diff --git a/server/src/test/java/org/elasticsearch/script/ScriptMetaDataTests.java b/server/src/test/java/org/elasticsearch/script/ScriptMetaDataTests.java
index 32d4d48a448..bef20190acf 100644
--- a/server/src/test/java/org/elasticsearch/script/ScriptMetaDataTests.java
+++ b/server/src/test/java/org/elasticsearch/script/ScriptMetaDataTests.java
@@ -81,10 +81,12 @@ public class ScriptMetaDataTests extends AbstractSerializingTestCase> nodePlugins() {
- return Collections.singletonList(InternalSettingsPlugin.class);
+ return Arrays.asList(InternalSettingsPlugin.class, MockKeywordPlugin.class);
}
public void testHighlightingWithStoredKeyword() throws IOException {
diff --git a/server/src/test/java/org/elasticsearch/search/query/MultiMatchQueryIT.java b/server/src/test/java/org/elasticsearch/search/query/MultiMatchQueryIT.java
index c8d57b96856..926839f2af2 100644
--- a/server/src/test/java/org/elasticsearch/search/query/MultiMatchQueryIT.java
+++ b/server/src/test/java/org/elasticsearch/search/query/MultiMatchQueryIT.java
@@ -32,15 +32,19 @@ import org.elasticsearch.index.query.MultiMatchQueryBuilder;
import org.elasticsearch.index.query.Operator;
import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.index.search.MatchQuery;
+import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.search.SearchHit;
import org.elasticsearch.search.SearchHits;
import org.elasticsearch.search.sort.SortBuilders;
import org.elasticsearch.search.sort.SortOrder;
import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.test.MockKeywordPlugin;
import org.junit.Before;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.concurrent.ExecutionException;
@@ -72,6 +76,11 @@ import static org.hamcrest.Matchers.lessThan;
public class MultiMatchQueryIT extends ESIntegTestCase {
+ @Override
+ protected Collection> nodePlugins() {
+ return Collections.singleton(MockKeywordPlugin.class);
+ }
+
@Before
public void init() throws Exception {
CreateIndexRequestBuilder builder = prepareCreate("test").setSettings(Settings.builder()
diff --git a/test/framework/src/main/java/org/elasticsearch/indices/analysis/AnalysisFactoryTestCase.java b/test/framework/src/main/java/org/elasticsearch/indices/analysis/AnalysisFactoryTestCase.java
index f26c44e05f5..c5b89adfd73 100644
--- a/test/framework/src/main/java/org/elasticsearch/indices/analysis/AnalysisFactoryTestCase.java
+++ b/test/framework/src/main/java/org/elasticsearch/indices/analysis/AnalysisFactoryTestCase.java
@@ -24,7 +24,6 @@ import org.apache.lucene.analysis.util.TokenFilterFactory;
import org.apache.lucene.analysis.util.TokenizerFactory;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.index.analysis.HunspellTokenFilterFactory;
-import org.elasticsearch.index.analysis.KeywordTokenizerFactory;
import org.elasticsearch.index.analysis.MultiTermAwareComponent;
import org.elasticsearch.index.analysis.PreConfiguredCharFilter;
import org.elasticsearch.index.analysis.PreConfiguredTokenFilter;
@@ -79,7 +78,7 @@ public abstract class AnalysisFactoryTestCase extends ESTestCase {
// exposed in ES
.put("classic", MovedToAnalysisCommon.class)
.put("edgengram", MovedToAnalysisCommon.class)
- .put("keyword", KeywordTokenizerFactory.class)
+ .put("keyword", MovedToAnalysisCommon.class)
.put("letter", MovedToAnalysisCommon.class)
.put("lowercase", MovedToAnalysisCommon.class)
.put("ngram", MovedToAnalysisCommon.class)
diff --git a/test/framework/src/main/java/org/elasticsearch/test/MockKeywordPlugin.java b/test/framework/src/main/java/org/elasticsearch/test/MockKeywordPlugin.java
new file mode 100644
index 00000000000..fb9da1dad40
--- /dev/null
+++ b/test/framework/src/main/java/org/elasticsearch/test/MockKeywordPlugin.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.elasticsearch.test;
+
+import org.apache.lucene.analysis.MockTokenizer;
+import org.apache.lucene.analysis.Tokenizer;
+import org.elasticsearch.index.analysis.TokenizerFactory;
+import org.elasticsearch.indices.analysis.AnalysisModule;
+import org.elasticsearch.plugins.AnalysisPlugin;
+import org.elasticsearch.plugins.Plugin;
+
+import java.util.Map;
+
+import static java.util.Collections.singletonMap;
+
+/**
+ * Some tests rely on the keyword tokenizer, but this tokenizer isn't part of lucene-core and therefor not available
+ * in some modules. What this test plugin does, is use the mock tokenizer and advertise that as the keyword tokenizer.
+ *
+ * Most tests that need this test plugin use normalizers. When normalizers are constructed they try to resolve the
+ * keyword tokenizer, but if the keyword tokenizer isn't available then constructing normalizers will fail.
+ */
+public class MockKeywordPlugin extends Plugin implements AnalysisPlugin {
+
+ @Override
+ public Map> getTokenizers() {
+ return singletonMap("keyword", (indexSettings, environment, name, settings) -> {
+ class Factory implements TokenizerFactory {
+
+ @Override
+ public Tokenizer create() {
+ return new MockTokenizer(MockTokenizer.KEYWORD, false);
+ }
+ }
+ return new Factory();
+ });
+ }
+}
diff --git a/x-pack/plugin/core/build.gradle b/x-pack/plugin/core/build.gradle
index ca38aee302e..4bbe339a09b 100644
--- a/x-pack/plugin/core/build.gradle
+++ b/x-pack/plugin/core/build.gradle
@@ -88,6 +88,7 @@ compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-
licenseHeaders {
approvedLicenses << 'BCrypt (BSD-like)'
additionalLicense 'BCRYP', 'BCrypt (BSD-like)', 'Copyright (c) 2006 Damien Miller '
+ excludes << 'org/elasticsearch/xpack/core/ssl/DerParser.java'
}
// make LicenseSigner available for testing signed licenses
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java
index 77d521e2d43..9568a36551c 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java
@@ -7,7 +7,6 @@ package org.elasticsearch.xpack.core;
import org.apache.logging.log4j.Logger;
import org.apache.lucene.util.SetOnce;
-import org.bouncycastle.operator.OperatorCreationException;
import org.elasticsearch.SpecialPermission;
import org.elasticsearch.Version;
import org.elasticsearch.action.ActionRequest;
@@ -125,7 +124,7 @@ public class XPackPlugin extends XPackClientPlugin implements ScriptPlugin, Exte
public XPackPlugin(
final Settings settings,
- final Path configPath) throws IOException, DestroyFailedException, OperatorCreationException, GeneralSecurityException {
+ final Path configPath) {
super(settings);
this.settings = settings;
this.transportClientMode = transportClientMode(settings);
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertGenUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertGenUtils.java
new file mode 100644
index 00000000000..6273456aca2
--- /dev/null
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertGenUtils.java
@@ -0,0 +1,308 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.xpack.core.ssl;
+
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERSequence;
+import org.bouncycastle.asn1.DERTaggedObject;
+import org.bouncycastle.asn1.DERUTF8String;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x500.X500Name;
+import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
+import org.bouncycastle.asn1.x509.BasicConstraints;
+import org.bouncycastle.asn1.x509.Extension;
+import org.bouncycastle.asn1.x509.ExtensionsGenerator;
+import org.bouncycastle.asn1.x509.GeneralName;
+import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.asn1.x509.Time;
+import org.bouncycastle.cert.CertIOException;
+import org.bouncycastle.cert.X509CertificateHolder;
+import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
+import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
+import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.operator.ContentSigner;
+import org.bouncycastle.operator.OperatorCreationException;
+import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.bouncycastle.pkcs.PKCS10CertificationRequest;
+import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
+import org.elasticsearch.common.Strings;
+import org.elasticsearch.common.SuppressForbidden;
+import org.elasticsearch.common.network.InetAddressHelper;
+import org.elasticsearch.common.network.NetworkAddress;
+import org.joda.time.DateTime;
+import org.joda.time.DateTimeZone;
+
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509ExtendedTrustManager;
+import javax.security.auth.x500.X500Principal;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.InetAddress;
+import java.net.SocketException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.SecureRandom;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.HashSet;
+import java.util.Locale;
+import java.util.Objects;
+import java.util.Set;
+
+
+/**
+ * Utility methods that deal with {@link Certificate}, {@link KeyStore}, {@link X509ExtendedTrustManager}, {@link X509ExtendedKeyManager}
+ * and other certificate related objects.
+ */
+public class CertGenUtils {
+
+ private static final String CN_OID = "2.5.4.3";
+
+ private static final int SERIAL_BIT_LENGTH = 20 * 8;
+ private static final BouncyCastleProvider BC_PROV = new BouncyCastleProvider();
+
+ private CertGenUtils() {
+ }
+
+ /**
+ * Generates a CA certificate
+ */
+ public static X509Certificate generateCACertificate(X500Principal x500Principal, KeyPair keyPair, int days)
+ throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
+ return generateSignedCertificate(x500Principal, null, keyPair, null, null, true, days, null);
+ }
+
+ /**
+ * Generates a signed certificate using the provided CA private key and
+ * information from the CA certificate
+ *
+ * @param principal the principal of the certificate; commonly referred to as the
+ * distinguished name (DN)
+ * @param subjectAltNames the subject alternative names that should be added to the
+ * certificate as an X509v3 extension. May be {@code null}
+ * @param keyPair the key pair that will be associated with the certificate
+ * @param caCert the CA certificate. If {@code null}, this results in a self signed
+ * certificate
+ * @param caPrivKey the CA private key. If {@code null}, this results in a self signed
+ * certificate
+ * @param days no of days certificate will be valid from now
+ * @return a signed {@link X509Certificate}
+ */
+ public static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
+ X509Certificate caCert, PrivateKey caPrivKey, int days)
+ throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
+ return generateSignedCertificate(principal, subjectAltNames, keyPair, caCert, caPrivKey, false, days, null);
+ }
+
+ /**
+ * Generates a signed certificate using the provided CA private key and
+ * information from the CA certificate
+ *
+ * @param principal the principal of the certificate; commonly referred to as the
+ * distinguished name (DN)
+ * @param subjectAltNames the subject alternative names that should be added to the
+ * certificate as an X509v3 extension. May be {@code null}
+ * @param keyPair the key pair that will be associated with the certificate
+ * @param caCert the CA certificate. If {@code null}, this results in a self signed
+ * certificate
+ * @param caPrivKey the CA private key. If {@code null}, this results in a self signed
+ * certificate
+ * @param days no of days certificate will be valid from now
+ * @param signatureAlgorithm algorithm used for signing certificate. If {@code null} or
+ * empty, then use default algorithm {@link CertGenUtils#getDefaultSignatureAlgorithm(PrivateKey)}
+ * @return a signed {@link X509Certificate}
+ */
+ public static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
+ X509Certificate caCert, PrivateKey caPrivKey,
+ int days, String signatureAlgorithm)
+ throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
+ return generateSignedCertificate(principal, subjectAltNames, keyPair, caCert, caPrivKey, false, days, signatureAlgorithm);
+ }
+
+ /**
+ * Generates a signed certificate
+ *
+ * @param principal the principal of the certificate; commonly referred to as the
+ * distinguished name (DN)
+ * @param subjectAltNames the subject alternative names that should be added to the
+ * certificate as an X509v3 extension. May be {@code null}
+ * @param keyPair the key pair that will be associated with the certificate
+ * @param caCert the CA certificate. If {@code null}, this results in a self signed
+ * certificate
+ * @param caPrivKey the CA private key. If {@code null}, this results in a self signed
+ * certificate
+ * @param isCa whether or not the generated certificate is a CA
+ * @param days no of days certificate will be valid from now
+ * @param signatureAlgorithm algorithm used for signing certificate. If {@code null} or
+ * empty, then use default algorithm {@link CertGenUtils#getDefaultSignatureAlgorithm(PrivateKey)}
+ * @return a signed {@link X509Certificate}
+ */
+ private static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
+ X509Certificate caCert, PrivateKey caPrivKey, boolean isCa,
+ int days, String signatureAlgorithm)
+ throws NoSuchAlgorithmException, CertificateException, CertIOException, OperatorCreationException {
+ Objects.requireNonNull(keyPair, "Key-Pair must not be null");
+ final DateTime notBefore = new DateTime(DateTimeZone.UTC);
+ if (days < 1) {
+ throw new IllegalArgumentException("the certificate must be valid for at least one day");
+ }
+ final DateTime notAfter = notBefore.plusDays(days);
+ final BigInteger serial = CertGenUtils.getSerial();
+ JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
+
+ X500Name subject = X500Name.getInstance(principal.getEncoded());
+ final X500Name issuer;
+ final AuthorityKeyIdentifier authorityKeyIdentifier;
+ if (caCert != null) {
+ if (caCert.getBasicConstraints() < 0) {
+ throw new IllegalArgumentException("ca certificate is not a CA!");
+ }
+ issuer = X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded());
+ authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey());
+ } else {
+ issuer = subject;
+ authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(keyPair.getPublic());
+ }
+
+ JcaX509v3CertificateBuilder builder =
+ new JcaX509v3CertificateBuilder(issuer, serial,
+ new Time(notBefore.toDate(), Locale.ROOT), new Time(notAfter.toDate(), Locale.ROOT), subject, keyPair.getPublic());
+
+ builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
+ builder.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
+ if (subjectAltNames != null) {
+ builder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
+ }
+ builder.addExtension(Extension.basicConstraints, isCa, new BasicConstraints(isCa));
+
+ PrivateKey signingKey = caPrivKey != null ? caPrivKey : keyPair.getPrivate();
+ ContentSigner signer = new JcaContentSignerBuilder(
+ (Strings.isNullOrEmpty(signatureAlgorithm)) ? getDefaultSignatureAlgorithm(signingKey) : signatureAlgorithm)
+ .setProvider(CertGenUtils.BC_PROV).build(signingKey);
+ X509CertificateHolder certificateHolder = builder.build(signer);
+ return new JcaX509CertificateConverter().getCertificate(certificateHolder);
+ }
+
+ /**
+ * Based on the private key algorithm {@link PrivateKey#getAlgorithm()}
+ * determines default signing algorithm used by CertGenUtils
+ *
+ * @param key {@link PrivateKey}
+ * @return algorithm
+ */
+ private static String getDefaultSignatureAlgorithm(PrivateKey key) {
+ String signatureAlgorithm = null;
+ switch (key.getAlgorithm()) {
+ case "RSA":
+ signatureAlgorithm = "SHA256withRSA";
+ break;
+ case "DSA":
+ signatureAlgorithm = "SHA256withDSA";
+ break;
+ case "EC":
+ signatureAlgorithm = "SHA256withECDSA";
+ break;
+ default:
+ throw new IllegalArgumentException("Unsupported algorithm : " + key.getAlgorithm()
+ + " for signature, allowed values for private key algorithm are [RSA, DSA, EC]");
+ }
+ return signatureAlgorithm;
+ }
+
+ /**
+ * Generates a certificate signing request
+ *
+ * @param keyPair the key pair that will be associated by the certificate generated from the certificate signing request
+ * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN)
+ * @param sanList the subject alternative names that should be added to the certificate as an X509v3 extension. May be
+ * {@code null}
+ * @return a certificate signing request
+ */
+ static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal principal, GeneralNames sanList)
+ throws IOException, OperatorCreationException {
+ Objects.requireNonNull(keyPair, "Key-Pair must not be null");
+ Objects.requireNonNull(keyPair.getPublic(), "Public-Key must not be null");
+ Objects.requireNonNull(principal, "Principal must not be null");
+ JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
+ if (sanList != null) {
+ ExtensionsGenerator extGen = new ExtensionsGenerator();
+ extGen.addExtension(Extension.subjectAlternativeName, false, sanList);
+ builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
+ }
+
+ return builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(CertGenUtils.BC_PROV).build(keyPair.getPrivate()));
+ }
+
+ /**
+ * Gets a random serial for a certificate that is generated from a {@link SecureRandom}
+ */
+ public static BigInteger getSerial() {
+ SecureRandom random = new SecureRandom();
+ BigInteger serial = new BigInteger(SERIAL_BIT_LENGTH, random);
+ assert serial.compareTo(BigInteger.valueOf(0L)) >= 0;
+ return serial;
+ }
+
+ /**
+ * Generates a RSA key pair with the provided key size (in bits)
+ */
+ public static KeyPair generateKeyPair(int keysize) throws NoSuchAlgorithmException {
+ // generate a private key
+ KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
+ keyPairGenerator.initialize(keysize);
+ return keyPairGenerator.generateKeyPair();
+ }
+
+ /**
+ * Converts the {@link InetAddress} objects into a {@link GeneralNames} object that is used to represent subject alternative names.
+ */
+ public static GeneralNames getSubjectAlternativeNames(boolean resolveName, Set addresses) throws SocketException {
+ Set generalNameList = new HashSet<>();
+ for (InetAddress address : addresses) {
+ if (address.isAnyLocalAddress()) {
+ // it is a wildcard address
+ for (InetAddress inetAddress : InetAddressHelper.getAllAddresses()) {
+ addSubjectAlternativeNames(resolveName, inetAddress, generalNameList);
+ }
+ } else {
+ addSubjectAlternativeNames(resolveName, address, generalNameList);
+ }
+ }
+ return new GeneralNames(generalNameList.toArray(new GeneralName[generalNameList.size()]));
+ }
+
+ @SuppressForbidden(reason = "need to use getHostName to resolve DNS name and getHostAddress to ensure we resolved the name")
+ private static void addSubjectAlternativeNames(boolean resolveName, InetAddress inetAddress, Set list) {
+ String hostaddress = inetAddress.getHostAddress();
+ String ip = NetworkAddress.format(inetAddress);
+ list.add(new GeneralName(GeneralName.iPAddress, ip));
+ if (resolveName && (inetAddress.isLinkLocalAddress() == false)) {
+ String possibleHostName = inetAddress.getHostName();
+ if (possibleHostName.equals(hostaddress) == false) {
+ list.add(new GeneralName(GeneralName.dNSName, possibleHostName));
+ }
+ }
+ }
+
+ /**
+ * Creates an X.509 {@link GeneralName} for use as a Common Name in the certificate's Subject Alternative Names
+ * extension. A common name is a name with a tag of {@link GeneralName#otherName OTHER}, with an object-id that references
+ * the {@link #CN_OID cn} attribute, an explicit tag of '0', and a DER encoded UTF8 string for the name.
+ * This usage of using the {@code cn} OID as a Subject Alternative Name is non-standard and will not be
+ * recognised by other X.509/TLS implementations.
+ */
+ public static GeneralName createCommonName(String cn) {
+ final ASN1Encodable[] sequence = {new ASN1ObjectIdentifier(CN_OID), new DERTaggedObject(true, 0, new DERUTF8String(cn))};
+ return new GeneralName(GeneralName.otherName, new DERSequence(sequence));
+ }
+}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java
new file mode 100644
index 00000000000..8f66af14dfc
--- /dev/null
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java
@@ -0,0 +1,286 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+package org.elasticsearch.xpack.core.ssl;
+
+import org.elasticsearch.common.Nullable;
+import org.elasticsearch.common.SuppressForbidden;
+import org.elasticsearch.common.io.PathUtils;
+import org.elasticsearch.common.settings.SecureString;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.env.Environment;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509ExtendedKeyManager;
+import javax.net.ssl.X509ExtendedTrustManager;
+import java.io.IOException;
+import java.io.InputStream;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.security.Key;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+import static org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings.getKeyStoreType;
+
+public class CertParsingUtils {
+
+ private CertParsingUtils() {
+ throw new IllegalStateException("Utility class should not be instantiated");
+ }
+ /**
+ * Resolves a path with or without an {@link Environment} as we may be running in a transport client where we do not have access to
+ * the environment
+ */
+ @SuppressForbidden(reason = "we don't have the environment to resolve files from when running in a transport client")
+ static Path resolvePath(String path, @Nullable Environment environment) {
+ if (environment != null) {
+ return environment.configFile().resolve(path);
+ }
+ return PathUtils.get(path).normalize();
+ }
+
+ static KeyStore readKeyStore(Path path, String type, char[] password)
+ throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
+ try (InputStream in = Files.newInputStream(path)) {
+ KeyStore store = KeyStore.getInstance(type);
+ assert password != null;
+ store.load(in, password);
+ return store;
+ }
+ }
+
+ /**
+ * Reads the provided paths and parses them into {@link Certificate} objects
+ *
+ * @param certPaths the paths to the PEM encoded certificates
+ * @param environment the environment to resolve files against. May be {@code null}
+ * @return an array of {@link Certificate} objects
+ */
+ public static Certificate[] readCertificates(List certPaths, @Nullable Environment environment)
+ throws CertificateException, IOException {
+ final List resolvedPaths = certPaths.stream().map(p -> resolvePath(p, environment)).collect(Collectors.toList());
+ return readCertificates(resolvedPaths);
+ }
+
+ public static Certificate[] readCertificates(List certPaths) throws CertificateException, IOException {
+ Collection certificates = new ArrayList<>();
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ for (Path path : certPaths) {
+ try (InputStream input = Files.newInputStream(path)) {
+ certificates.addAll((Collection) certFactory.generateCertificates(input));
+ }
+ }
+ return certificates.toArray(new Certificate[0]);
+ }
+
+ public static X509Certificate[] readX509Certificates(List certPaths) throws CertificateException, IOException {
+ Collection certificates = new ArrayList<>();
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ for (Path path : certPaths) {
+ try (InputStream input = Files.newInputStream(path)) {
+ certificates.addAll((Collection) certFactory.generateCertificates(input));
+ }
+ }
+ return certificates.toArray(new X509Certificate[0]);
+ }
+
+ static List readCertificates(InputStream input) throws CertificateException, IOException {
+ CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
+ Collection certificates = (Collection) certFactory.generateCertificates(input);
+ return new ArrayList<>(certificates);
+ }
+
+ /**
+ * Read all certificate-key pairs from a PKCS#12 container.
+ *
+ * @param path The path to the PKCS#12 container file.
+ * @param password The password for the container file
+ * @param keyPassword A supplier for the password for each key. The key alias is supplied as an argument to the function, and it should
+ * return the password for that key. If it returns {@code null}, then the key-pair for that alias is not read.
+ */
+ public static Map readPkcs12KeyPairs(Path path, char[] password, Function keyPassword)
+ throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
+ final KeyStore store = readKeyStore(path, "PKCS12", password);
+ final Enumeration enumeration = store.aliases();
+ final Map map = new HashMap<>(store.size());
+ while (enumeration.hasMoreElements()) {
+ final String alias = enumeration.nextElement();
+ if (store.isKeyEntry(alias)) {
+ final char[] pass = keyPassword.apply(alias);
+ map.put(store.getCertificate(alias), store.getKey(alias, pass));
+ }
+ }
+ return map;
+ }
+
+ /**
+ * Creates a {@link KeyStore} from a PEM encoded certificate and key file
+ */
+ static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword)
+ throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
+ final PrivateKey key = PemUtils.readPrivateKey(keyPath, () -> keyPassword);
+ final Certificate[] certificates = readCertificates(Collections.singletonList(certificatePath));
+ return getKeyStore(certificates, key, keyPassword);
+ }
+
+ /**
+ * Returns a {@link X509ExtendedKeyManager} that is built from the provided private key and certificate chain
+ */
+ public static X509ExtendedKeyManager keyManager(Certificate[] certificateChain, PrivateKey privateKey, char[] password)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
+ KeyStore keyStore = getKeyStore(certificateChain, privateKey, password);
+ return keyManager(keyStore, password, KeyManagerFactory.getDefaultAlgorithm());
+ }
+
+ private static KeyStore getKeyStore(Certificate[] certificateChain, PrivateKey privateKey, char[] password)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
+ KeyStore keyStore = KeyStore.getInstance("jks");
+ keyStore.load(null, null);
+ // password must be non-null for keystore...
+ keyStore.setKeyEntry("key", privateKey, password, certificateChain);
+ return keyStore;
+ }
+
+ /**
+ * Returns a {@link X509ExtendedKeyManager} that is built from the provided keystore
+ */
+ static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] password, String algorithm)
+ throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
+ kmf.init(keyStore, password);
+ KeyManager[] keyManagers = kmf.getKeyManagers();
+ for (KeyManager keyManager : keyManagers) {
+ if (keyManager instanceof X509ExtendedKeyManager) {
+ return (X509ExtendedKeyManager) keyManager;
+ }
+ }
+ throw new IllegalStateException("failed to find a X509ExtendedKeyManager");
+ }
+
+ public static X509ExtendedKeyManager getKeyManager(X509KeyPairSettings keyPair, Settings settings,
+ @Nullable String trustStoreAlgorithm, Environment environment) {
+ if (trustStoreAlgorithm == null) {
+ trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
+ }
+ final KeyConfig keyConfig = createKeyConfig(keyPair, settings, trustStoreAlgorithm);
+ if (keyConfig == null) {
+ return null;
+ } else {
+ return keyConfig.createKeyManager(environment);
+ }
+ }
+
+ static KeyConfig createKeyConfig(X509KeyPairSettings keyPair, Settings settings, String trustStoreAlgorithm) {
+ String keyPath = keyPair.keyPath.get(settings).orElse(null);
+ String keyStorePath = keyPair.keystorePath.get(settings).orElse(null);
+
+ if (keyPath != null && keyStorePath != null) {
+ throw new IllegalArgumentException("you cannot specify a keystore and key file");
+ }
+
+ if (keyPath != null) {
+ SecureString keyPassword = keyPair.keyPassword.get(settings);
+ String certPath = keyPair.certificatePath.get(settings).orElse(null);
+ if (certPath == null) {
+ throw new IllegalArgumentException("you must specify the certificates [" + keyPair.certificatePath.getKey()
+ + "] to use with the key [" + keyPair.keyPath.getKey() + "]");
+ }
+ return new PEMKeyConfig(keyPath, keyPassword, certPath);
+ }
+
+ if (keyStorePath != null) {
+ SecureString keyStorePassword = keyPair.keystorePassword.get(settings);
+ String keyStoreAlgorithm = keyPair.keystoreAlgorithm.get(settings);
+ String keyStoreType = getKeyStoreType(keyPair.keystoreType, settings, keyStorePath);
+ SecureString keyStoreKeyPassword = keyPair.keystoreKeyPassword.get(settings);
+ if (keyStoreKeyPassword.length() == 0) {
+ keyStoreKeyPassword = keyStorePassword;
+ }
+ return new StoreKeyConfig(keyStorePath, keyStoreType, keyStorePassword, keyStoreKeyPassword, keyStoreAlgorithm,
+ trustStoreAlgorithm);
+ }
+ return null;
+
+ }
+
+ /**
+ * Creates a {@link X509ExtendedTrustManager} based on the provided certificates
+ *
+ * @param certificates the certificates to trust
+ * @return a trust manager that trusts the provided certificates
+ */
+ public static X509ExtendedTrustManager trustManager(Certificate[] certificates)
+ throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
+ KeyStore store = trustStore(certificates);
+ return trustManager(store, TrustManagerFactory.getDefaultAlgorithm());
+ }
+
+ static KeyStore trustStore(Certificate[] certificates)
+ throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
+ assert certificates != null : "Cannot create trust store with null certificates";
+ KeyStore store = KeyStore.getInstance("jks");
+ store.load(null, null);
+ int counter = 0;
+ for (Certificate certificate : certificates) {
+ store.setCertificateEntry("cert" + counter, certificate);
+ counter++;
+ }
+ return store;
+ }
+
+ /**
+ * Loads the truststore and creates a {@link X509ExtendedTrustManager}
+ *
+ * @param trustStorePath the path to the truststore
+ * @param trustStorePassword the password to the truststore
+ * @param trustStoreAlgorithm the algorithm to use for the truststore
+ * @param env the environment to use for file resolution. May be {@code null}
+ * @return a trust manager with the trust material from the store
+ */
+ public static X509ExtendedTrustManager trustManager(String trustStorePath, String trustStoreType, char[] trustStorePassword,
+ String trustStoreAlgorithm, @Nullable Environment env)
+ throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException {
+ KeyStore trustStore = readKeyStore(resolvePath(trustStorePath, env), trustStoreType, trustStorePassword);
+ return trustManager(trustStore, trustStoreAlgorithm);
+ }
+
+ /**
+ * Creates a {@link X509ExtendedTrustManager} based on the trust material in the provided {@link KeyStore}
+ */
+ static X509ExtendedTrustManager trustManager(KeyStore keyStore, String algorithm)
+ throws NoSuchAlgorithmException, KeyStoreException {
+ TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
+ tmf.init(keyStore);
+ TrustManager[] trustManagers = tmf.getTrustManagers();
+ for (TrustManager trustManager : trustManagers) {
+ if (trustManager instanceof X509ExtendedTrustManager) {
+ return (X509ExtendedTrustManager) trustManager;
+ }
+ }
+ throw new IllegalStateException("failed to find a X509ExtendedTrustManager");
+ }
+}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertUtils.java
deleted file mode 100644
index 557ef3f1de7..00000000000
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertUtils.java
+++ /dev/null
@@ -1,667 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.xpack.core.ssl;
-
-import org.bouncycastle.asn1.ASN1Encodable;
-import org.bouncycastle.asn1.ASN1ObjectIdentifier;
-import org.bouncycastle.asn1.DERSequence;
-import org.bouncycastle.asn1.DERTaggedObject;
-import org.bouncycastle.asn1.DERUTF8String;
-import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.asn1.x500.X500Name;
-import org.bouncycastle.asn1.x509.AuthorityKeyIdentifier;
-import org.bouncycastle.asn1.x509.BasicConstraints;
-import org.bouncycastle.asn1.x509.Extension;
-import org.bouncycastle.asn1.x509.ExtensionsGenerator;
-import org.bouncycastle.asn1.x509.GeneralName;
-import org.bouncycastle.asn1.x509.GeneralNames;
-import org.bouncycastle.asn1.x509.Time;
-import org.bouncycastle.cert.CertIOException;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
-import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
-import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMEncryptedKeyPair;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.X509TrustedCertificateBlock;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
-import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.OperatorCreationException;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.pkcs.PKCS10CertificationRequest;
-import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
-import org.elasticsearch.common.Nullable;
-import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.SuppressForbidden;
-import org.elasticsearch.common.io.PathUtils;
-import org.elasticsearch.common.network.InetAddressHelper;
-import org.elasticsearch.common.network.NetworkAddress;
-import org.elasticsearch.common.settings.SecureString;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.env.Environment;
-import org.joda.time.DateTime;
-import org.joda.time.DateTimeZone;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
-import javax.net.ssl.X509ExtendedKeyManager;
-import javax.net.ssl.X509ExtendedTrustManager;
-import javax.security.auth.x500.X500Principal;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.Reader;
-import java.math.BigInteger;
-import java.net.InetAddress;
-import java.net.SocketException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.SecureRandom;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Objects;
-import java.util.Set;
-import java.util.function.Function;
-import java.util.function.Supplier;
-import java.util.stream.Collectors;
-
-import static org.elasticsearch.xpack.core.ssl.SSLConfigurationSettings.getKeyStoreType;
-
-/**
- * Utility methods that deal with {@link Certificate}, {@link KeyStore}, {@link X509ExtendedTrustManager}, {@link X509ExtendedKeyManager}
- * and other certificate related objects.
- */
-public class CertUtils {
-
- static final String CN_OID = "2.5.4.3";
-
- private static final int SERIAL_BIT_LENGTH = 20 * 8;
- static final BouncyCastleProvider BC_PROV = new BouncyCastleProvider();
-
- private CertUtils() {
- }
-
- /**
- * Resolves a path with or without an {@link Environment} as we may be running in a transport client where we do not have access to
- * the environment
- */
- @SuppressForbidden(reason = "we don't have the environment to resolve files from when running in a transport client")
- static Path resolvePath(String path, @Nullable Environment environment) {
- if (environment != null) {
- return environment.configFile().resolve(path);
- }
- return PathUtils.get(path).normalize();
- }
-
- /**
- * Creates a {@link KeyStore} from a PEM encoded certificate and key file
- */
- static KeyStore getKeyStoreFromPEM(Path certificatePath, Path keyPath, char[] keyPassword)
- throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
- final PrivateKey key;
- try (Reader reader = Files.newBufferedReader(keyPath, StandardCharsets.UTF_8)) {
- key = CertUtils.readPrivateKey(reader, () -> keyPassword);
- }
- final Certificate[] certificates = readCertificates(Collections.singletonList(certificatePath));
- return getKeyStore(certificates, key, keyPassword);
- }
-
-
- /**
- * Returns a {@link X509ExtendedKeyManager} that is built from the provided private key and certificate chain
- */
- public static X509ExtendedKeyManager keyManager(Certificate[] certificateChain, PrivateKey privateKey, char[] password)
- throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
- KeyStore keyStore = getKeyStore(certificateChain, privateKey, password);
- return keyManager(keyStore, password, KeyManagerFactory.getDefaultAlgorithm());
- }
-
- private static KeyStore getKeyStore(Certificate[] certificateChain, PrivateKey privateKey, char[] password)
- throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
- KeyStore keyStore = KeyStore.getInstance("jks");
- keyStore.load(null, null);
- // password must be non-null for keystore...
- keyStore.setKeyEntry("key", privateKey, password, certificateChain);
- return keyStore;
- }
-
- /**
- * Returns a {@link X509ExtendedKeyManager} that is built from the provided keystore
- */
- static X509ExtendedKeyManager keyManager(KeyStore keyStore, char[] password, String algorithm)
- throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
- KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
- kmf.init(keyStore, password);
- KeyManager[] keyManagers = kmf.getKeyManagers();
- for (KeyManager keyManager : keyManagers) {
- if (keyManager instanceof X509ExtendedKeyManager) {
- return (X509ExtendedKeyManager) keyManager;
- }
- }
- throw new IllegalStateException("failed to find a X509ExtendedKeyManager");
- }
-
- public static X509ExtendedKeyManager getKeyManager(X509KeyPairSettings keyPair, Settings settings,
- @Nullable String trustStoreAlgorithm, Environment environment) {
- if (trustStoreAlgorithm == null) {
- trustStoreAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
- }
- final KeyConfig keyConfig = createKeyConfig(keyPair, settings, trustStoreAlgorithm);
- if (keyConfig == null) {
- return null;
- } else {
- return keyConfig.createKeyManager(environment);
- }
- }
-
- static KeyConfig createKeyConfig(X509KeyPairSettings keyPair, Settings settings, String trustStoreAlgorithm) {
- String keyPath = keyPair.keyPath.get(settings).orElse(null);
- String keyStorePath = keyPair.keystorePath.get(settings).orElse(null);
-
- if (keyPath != null && keyStorePath != null) {
- throw new IllegalArgumentException("you cannot specify a keystore and key file");
- }
-
- if (keyPath != null) {
- SecureString keyPassword = keyPair.keyPassword.get(settings);
- String certPath = keyPair.certificatePath.get(settings).orElse(null);
- if (certPath == null) {
- throw new IllegalArgumentException("you must specify the certificates [" + keyPair.certificatePath.getKey()
- + "] to use with the key [" + keyPair.keyPath.getKey() + "]");
- }
- return new PEMKeyConfig(keyPath, keyPassword, certPath);
- }
-
- if (keyStorePath != null) {
- SecureString keyStorePassword = keyPair.keystorePassword.get(settings);
- String keyStoreAlgorithm = keyPair.keystoreAlgorithm.get(settings);
- String keyStoreType = getKeyStoreType(keyPair.keystoreType, settings, keyStorePath);
- SecureString keyStoreKeyPassword = keyPair.keystoreKeyPassword.get(settings);
- if (keyStoreKeyPassword.length() == 0) {
- keyStoreKeyPassword = keyStorePassword;
- }
- return new StoreKeyConfig(keyStorePath, keyStoreType, keyStorePassword, keyStoreKeyPassword, keyStoreAlgorithm,
- trustStoreAlgorithm);
- }
- return null;
-
- }
-
- /**
- * Creates a {@link X509ExtendedTrustManager} based on the provided certificates
- *
- * @param certificates the certificates to trust
- * @return a trust manager that trusts the provided certificates
- */
- public static X509ExtendedTrustManager trustManager(Certificate[] certificates)
- throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
- KeyStore store = trustStore(certificates);
- return trustManager(store, TrustManagerFactory.getDefaultAlgorithm());
- }
-
- static KeyStore trustStore(Certificate[] certificates)
- throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
- assert certificates != null : "Cannot create trust store with null certificates";
- KeyStore store = KeyStore.getInstance("jks");
- store.load(null, null);
- int counter = 0;
- for (Certificate certificate : certificates) {
- store.setCertificateEntry("cert" + counter, certificate);
- counter++;
- }
- return store;
- }
-
- /**
- * Loads the truststore and creates a {@link X509ExtendedTrustManager}
- *
- * @param trustStorePath the path to the truststore
- * @param trustStorePassword the password to the truststore
- * @param trustStoreAlgorithm the algorithm to use for the truststore
- * @param env the environment to use for file resolution. May be {@code null}
- * @return a trust manager with the trust material from the store
- */
- public static X509ExtendedTrustManager trustManager(String trustStorePath, String trustStoreType, char[] trustStorePassword,
- String trustStoreAlgorithm, @Nullable Environment env)
- throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
- KeyStore trustStore = readKeyStore(resolvePath(trustStorePath, env), trustStoreType, trustStorePassword);
- return trustManager(trustStore, trustStoreAlgorithm);
- }
-
- static KeyStore readKeyStore(Path path, String type, char[] password)
- throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
- try (InputStream in = Files.newInputStream(path)) {
- KeyStore store = KeyStore.getInstance(type);
- assert password != null;
- store.load(in, password);
- return store;
- }
- }
-
- /**
- * Creates a {@link X509ExtendedTrustManager} based on the trust material in the provided {@link KeyStore}
- */
- static X509ExtendedTrustManager trustManager(KeyStore keyStore, String algorithm)
- throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException {
- TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
- tmf.init(keyStore);
- TrustManager[] trustManagers = tmf.getTrustManagers();
- for (TrustManager trustManager : trustManagers) {
- if (trustManager instanceof X509ExtendedTrustManager) {
- return (X509ExtendedTrustManager) trustManager;
- }
- }
- throw new IllegalStateException("failed to find a X509ExtendedTrustManager");
- }
-
- /**
- * Reads the provided paths and parses them into {@link Certificate} objects
- *
- * @param certPaths the paths to the PEM encoded certificates
- * @param environment the environment to resolve files against. May be {@code null}
- * @return an array of {@link Certificate} objects
- */
- public static Certificate[] readCertificates(List certPaths, @Nullable Environment environment)
- throws CertificateException, IOException {
- final List resolvedPaths = certPaths.stream().map(p -> resolvePath(p, environment)).collect(Collectors.toList());
- return readCertificates(resolvedPaths);
- }
-
- public static Certificate[] readCertificates(List certPaths) throws CertificateException, IOException {
- List certificates = new ArrayList<>(certPaths.size());
- CertificateFactory certFactory = CertificateFactory.getInstance("X.509");
- for (Path path : certPaths) {
- try (Reader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
- readCertificates(reader, certificates, certFactory);
- }
- }
- return certificates.toArray(new Certificate[certificates.size()]);
- }
-
- /**
- * Reads the certificates from the provided reader
- */
- static void readCertificates(Reader reader, List certificates, CertificateFactory certFactory)
- throws IOException, CertificateException {
- try (PEMParser pemParser = new PEMParser(reader)) {
-
- Object parsed = pemParser.readObject();
- if (parsed == null) {
- throw new IllegalArgumentException("could not parse pem certificate");
- }
-
- while (parsed != null) {
- X509CertificateHolder holder;
- if (parsed instanceof X509CertificateHolder) {
- holder = (X509CertificateHolder) parsed;
- } else if (parsed instanceof X509TrustedCertificateBlock) {
- X509TrustedCertificateBlock certificateBlock = (X509TrustedCertificateBlock) parsed;
- holder = certificateBlock.getCertificateHolder();
- } else {
- String msg = "parsed an unsupported object [" + parsed.getClass().getSimpleName() + "]";
- if (parsed instanceof PEMEncryptedKeyPair || parsed instanceof PEMKeyPair || parsed instanceof PrivateKeyInfo) {
- msg = msg + ". Encountered a PEM Key while expecting a PEM certificate.";
- }
- throw new IllegalArgumentException(msg);
- }
- certificates.add(certFactory.generateCertificate(new ByteArrayInputStream(holder.getEncoded())));
- parsed = pemParser.readObject();
- }
- }
- }
-
- /**
- * Reads the private key from the reader and optionally uses the password supplier to retrieve a password if the key is encrypted
- */
- public static PrivateKey readPrivateKey(Reader reader, Supplier passwordSupplier) throws IOException {
- try (PEMParser parser = new PEMParser(reader)) {
- PrivateKeyInfo privateKeyInfo = innerReadPrivateKey(parser, passwordSupplier);
- if (parser.readObject() != null) {
- throw new IllegalStateException("key file contained more that one entry");
- }
- JcaPEMKeyConverter converter = new JcaPEMKeyConverter();
- converter.setProvider(BC_PROV);
- return converter.getPrivateKey(privateKeyInfo);
- }
- }
-
- private static PrivateKeyInfo innerReadPrivateKey(PEMParser parser, Supplier passwordSupplier) throws IOException {
- final Object parsed = parser.readObject();
- if (parsed == null) {
- throw new IllegalStateException("key file did not contain a supported key");
- }
-
- PrivateKeyInfo privateKeyInfo;
- if (parsed instanceof PEMEncryptedKeyPair) {
- char[] keyPassword = passwordSupplier.get();
- if (keyPassword == null) {
- throw new IllegalArgumentException("cannot read encrypted key without a password");
- }
- // we have an encrypted key pair so we need to decrypt it
- PEMEncryptedKeyPair encryptedKeyPair = (PEMEncryptedKeyPair) parsed;
- privateKeyInfo = encryptedKeyPair
- .decryptKeyPair(new JcePEMDecryptorProviderBuilder().setProvider(BC_PROV).build(keyPassword))
- .getPrivateKeyInfo();
- } else if (parsed instanceof PEMKeyPair) {
- privateKeyInfo = ((PEMKeyPair) parsed).getPrivateKeyInfo();
- } else if (parsed instanceof PrivateKeyInfo) {
- privateKeyInfo = (PrivateKeyInfo) parsed;
- } else if (parsed instanceof ASN1ObjectIdentifier) {
- // skip this object and recurse into this method again to read the next object
- return innerReadPrivateKey(parser, passwordSupplier);
- } else {
- String msg = "parsed an unsupported object [" + parsed.getClass().getSimpleName() + "]";
- if (parsed instanceof X509CertificateHolder || parsed instanceof X509TrustedCertificateBlock) {
- msg = msg + ". Encountered a PEM Certificate while expecting a PEM Key.";
- }
- throw new IllegalArgumentException(msg);
- }
-
- return privateKeyInfo;
- }
-
- /**
- * Read all certificate-key pairs from a PKCS#12 container.
- *
- * @param path The path to the PKCS#12 container file.
- * @param password The password for the container file
- * @param keyPassword A supplier for the password for each key. The key alias is supplied as an argument to the function, and it should
- * return the password for that key. If it returns {@code null}, then the key-pair for that alias is not read.
- */
- public static Map readPkcs12KeyPairs(Path path, char[] password, Function keyPassword, Environment
- env)
- throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
- final KeyStore store = readKeyStore(path, "PKCS12", password);
- final Enumeration enumeration = store.aliases();
- final Map map = new HashMap<>(store.size());
- while (enumeration.hasMoreElements()) {
- final String alias = enumeration.nextElement();
- if (store.isKeyEntry(alias)) {
- final char[] pass = keyPassword.apply(alias);
- map.put(store.getCertificate(alias), store.getKey(alias, pass));
- }
- }
- return map;
- }
-
- /**
- * Generates a CA certificate
- */
- public static X509Certificate generateCACertificate(X500Principal x500Principal, KeyPair keyPair, int days)
- throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
- return generateSignedCertificate(x500Principal, null, keyPair, null, null, true, days, null);
- }
-
- /**
- * Generates a signed certificate using the provided CA private key and
- * information from the CA certificate
- *
- * @param principal
- * the principal of the certificate; commonly referred to as the
- * distinguished name (DN)
- * @param subjectAltNames
- * the subject alternative names that should be added to the
- * certificate as an X509v3 extension. May be {@code null}
- * @param keyPair
- * the key pair that will be associated with the certificate
- * @param caCert
- * the CA certificate. If {@code null}, this results in a self signed
- * certificate
- * @param caPrivKey
- * the CA private key. If {@code null}, this results in a self signed
- * certificate
- * @param days
- * no of days certificate will be valid from now
- * @return a signed {@link X509Certificate}
- */
- public static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
- X509Certificate caCert, PrivateKey caPrivKey, int days)
- throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
- return generateSignedCertificate(principal, subjectAltNames, keyPair, caCert, caPrivKey, false, days, null);
- }
-
- /**
- * Generates a signed certificate using the provided CA private key and
- * information from the CA certificate
- *
- * @param principal
- * the principal of the certificate; commonly referred to as the
- * distinguished name (DN)
- * @param subjectAltNames
- * the subject alternative names that should be added to the
- * certificate as an X509v3 extension. May be {@code null}
- * @param keyPair
- * the key pair that will be associated with the certificate
- * @param caCert
- * the CA certificate. If {@code null}, this results in a self signed
- * certificate
- * @param caPrivKey
- * the CA private key. If {@code null}, this results in a self signed
- * certificate
- * @param days
- * no of days certificate will be valid from now
- * @param signatureAlgorithm
- * algorithm used for signing certificate. If {@code null} or
- * empty, then use default algorithm {@link CertUtils#getDefaultSignatureAlgorithm(PrivateKey)}
- * @return a signed {@link X509Certificate}
- */
- public static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
- X509Certificate caCert, PrivateKey caPrivKey, int days, String signatureAlgorithm)
- throws OperatorCreationException, CertificateException, CertIOException, NoSuchAlgorithmException {
- return generateSignedCertificate(principal, subjectAltNames, keyPair, caCert, caPrivKey, false, days, signatureAlgorithm);
- }
-
- /**
- * Generates a signed certificate
- *
- * @param principal
- * the principal of the certificate; commonly referred to as the
- * distinguished name (DN)
- * @param subjectAltNames
- * the subject alternative names that should be added to the
- * certificate as an X509v3 extension. May be {@code null}
- * @param keyPair
- * the key pair that will be associated with the certificate
- * @param caCert
- * the CA certificate. If {@code null}, this results in a self signed
- * certificate
- * @param caPrivKey
- * the CA private key. If {@code null}, this results in a self signed
- * certificate
- * @param isCa
- * whether or not the generated certificate is a CA
- * @param days
- * no of days certificate will be valid from now
- * @param signatureAlgorithm
- * algorithm used for signing certificate. If {@code null} or
- * empty, then use default algorithm {@link CertUtils#getDefaultSignatureAlgorithm(PrivateKey)}
- * @return a signed {@link X509Certificate}
- */
- private static X509Certificate generateSignedCertificate(X500Principal principal, GeneralNames subjectAltNames, KeyPair keyPair,
- X509Certificate caCert, PrivateKey caPrivKey, boolean isCa, int days, String signatureAlgorithm)
- throws NoSuchAlgorithmException, CertificateException, CertIOException, OperatorCreationException {
- Objects.requireNonNull(keyPair, "Key-Pair must not be null");
- final DateTime notBefore = new DateTime(DateTimeZone.UTC);
- if (days < 1) {
- throw new IllegalArgumentException("the certificate must be valid for at least one day");
- }
- final DateTime notAfter = notBefore.plusDays(days);
- final BigInteger serial = CertUtils.getSerial();
- JcaX509ExtensionUtils extUtils = new JcaX509ExtensionUtils();
-
- X500Name subject = X500Name.getInstance(principal.getEncoded());
- final X500Name issuer;
- final AuthorityKeyIdentifier authorityKeyIdentifier;
- if (caCert != null) {
- if (caCert.getBasicConstraints() < 0) {
- throw new IllegalArgumentException("ca certificate is not a CA!");
- }
- issuer = X500Name.getInstance(caCert.getIssuerX500Principal().getEncoded());
- authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(caCert.getPublicKey());
- } else {
- issuer = subject;
- authorityKeyIdentifier = extUtils.createAuthorityKeyIdentifier(keyPair.getPublic());
- }
-
- JcaX509v3CertificateBuilder builder =
- new JcaX509v3CertificateBuilder(issuer, serial,
- new Time(notBefore.toDate(), Locale.ROOT), new Time(notAfter.toDate(), Locale.ROOT), subject, keyPair.getPublic());
-
- builder.addExtension(Extension.subjectKeyIdentifier, false, extUtils.createSubjectKeyIdentifier(keyPair.getPublic()));
- builder.addExtension(Extension.authorityKeyIdentifier, false, authorityKeyIdentifier);
- if (subjectAltNames != null) {
- builder.addExtension(Extension.subjectAlternativeName, false, subjectAltNames);
- }
- builder.addExtension(Extension.basicConstraints, isCa, new BasicConstraints(isCa));
-
- PrivateKey signingKey = caPrivKey != null ? caPrivKey : keyPair.getPrivate();
- ContentSigner signer = new JcaContentSignerBuilder(
- (Strings.isNullOrEmpty(signatureAlgorithm)) ? getDefaultSignatureAlgorithm(signingKey) : signatureAlgorithm)
- .setProvider(CertUtils.BC_PROV).build(signingKey);
- X509CertificateHolder certificateHolder = builder.build(signer);
- return new JcaX509CertificateConverter().getCertificate(certificateHolder);
- }
-
- /**
- * Based on the private key algorithm {@link PrivateKey#getAlgorithm()}
- * determines default signing algorithm used by CertUtils
- *
- * @param key
- * {@link PrivateKey}
- * @return algorithm
- */
- private static String getDefaultSignatureAlgorithm(PrivateKey key) {
- String signatureAlgorithm = null;
- switch (key.getAlgorithm()) {
- case "RSA":
- signatureAlgorithm = "SHA256withRSA";
- break;
- case "DSA":
- signatureAlgorithm = "SHA256withDSA";
- break;
- case "EC":
- signatureAlgorithm = "SHA256withECDSA";
- break;
- default:
- throw new IllegalArgumentException("Unsupported algorithm : " + key.getAlgorithm()
- + " for signature, allowed values for private key algorithm are [RSA, DSA, EC]");
- }
- return signatureAlgorithm;
- }
-
- /**
- * Generates a certificate signing request
- *
- * @param keyPair the key pair that will be associated by the certificate generated from the certificate signing request
- * @param principal the principal of the certificate; commonly referred to as the distinguished name (DN)
- * @param sanList the subject alternative names that should be added to the certificate as an X509v3 extension. May be
- * {@code null}
- * @return a certificate signing request
- */
- static PKCS10CertificationRequest generateCSR(KeyPair keyPair, X500Principal principal, GeneralNames sanList)
- throws IOException, OperatorCreationException {
- Objects.requireNonNull(keyPair, "Key-Pair must not be null");
- Objects.requireNonNull(keyPair.getPublic(), "Public-Key must not be null");
- Objects.requireNonNull(principal, "Principal must not be null");
- JcaPKCS10CertificationRequestBuilder builder = new JcaPKCS10CertificationRequestBuilder(principal, keyPair.getPublic());
- if (sanList != null) {
- ExtensionsGenerator extGen = new ExtensionsGenerator();
- extGen.addExtension(Extension.subjectAlternativeName, false, sanList);
- builder.addAttribute(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, extGen.generate());
- }
-
- return builder.build(new JcaContentSignerBuilder("SHA256withRSA").setProvider(CertUtils.BC_PROV).build(keyPair.getPrivate()));
- }
-
- /**
- * Gets a random serial for a certificate that is generated from a {@link SecureRandom}
- */
- public static BigInteger getSerial() {
- SecureRandom random = new SecureRandom();
- BigInteger serial = new BigInteger(SERIAL_BIT_LENGTH, random);
- assert serial.compareTo(BigInteger.valueOf(0L)) >= 0;
- return serial;
- }
-
- /**
- * Generates a RSA key pair with the provided key size (in bits)
- */
- public static KeyPair generateKeyPair(int keysize) throws NoSuchAlgorithmException {
- // generate a private key
- KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
- keyPairGenerator.initialize(keysize);
- return keyPairGenerator.generateKeyPair();
- }
-
- /**
- * Converts the {@link InetAddress} objects into a {@link GeneralNames} object that is used to represent subject alternative names.
- */
- public static GeneralNames getSubjectAlternativeNames(boolean resolveName, Set addresses) throws SocketException {
- Set generalNameList = new HashSet<>();
- for (InetAddress address : addresses) {
- if (address.isAnyLocalAddress()) {
- // it is a wildcard address
- for (InetAddress inetAddress : InetAddressHelper.getAllAddresses()) {
- addSubjectAlternativeNames(resolveName, inetAddress, generalNameList);
- }
- } else {
- addSubjectAlternativeNames(resolveName, address, generalNameList);
- }
- }
- return new GeneralNames(generalNameList.toArray(new GeneralName[generalNameList.size()]));
- }
-
- @SuppressForbidden(reason = "need to use getHostName to resolve DNS name and getHostAddress to ensure we resolved the name")
- private static void addSubjectAlternativeNames(boolean resolveName, InetAddress inetAddress, Set list) {
- String hostaddress = inetAddress.getHostAddress();
- String ip = NetworkAddress.format(inetAddress);
- list.add(new GeneralName(GeneralName.iPAddress, ip));
- if (resolveName && (inetAddress.isLinkLocalAddress() == false)) {
- String possibleHostName = inetAddress.getHostName();
- if (possibleHostName.equals(hostaddress) == false) {
- list.add(new GeneralName(GeneralName.dNSName, possibleHostName));
- }
- }
- }
-
- /**
- * Creates an X.509 {@link GeneralName} for use as a Common Name in the certificate's Subject Alternative Names
- * extension. A common name is a name with a tag of {@link GeneralName#otherName OTHER}, with an object-id that references
- * the {@link #CN_OID cn} attribute, an explicit tag of '0', and a DER encoded UTF8 string for the name.
- * This usage of using the {@code cn} OID as a Subject Alternative Name is non-standard and will not be
- * recognised by other X.509/TLS implementations.
- */
- public static GeneralName createCommonName(String cn) {
- final ASN1Encodable[] sequence = { new ASN1ObjectIdentifier(CN_OID), new DERTaggedObject(true, 0, new DERUTF8String(cn)) };
- return new GeneralName(GeneralName.otherName, new DERSequence(sequence));
- }
-}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateGenerateTool.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateGenerateTool.java
index eb3a92ce5e8..5515978c3ca 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateGenerateTool.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateGenerateTool.java
@@ -11,6 +11,7 @@ import joptsimple.OptionSpec;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
@@ -82,6 +83,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
private static final Pattern ALLOWED_FILENAME_CHAR_PATTERN =
Pattern.compile("[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1," + MAX_FILENAME_LENGTH + "}");
private static final int DEFAULT_KEY_SIZE = 2048;
+ private static final BouncyCastleProvider BC_PROV = new BouncyCastleProvider();
/**
* Wraps the certgen object parser.
@@ -316,10 +318,10 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
static void generateAndWriteCsrs(Path outputFile, Collection certInfo, int keysize) throws Exception {
fullyWriteFile(outputFile, (outputStream, pemWriter) -> {
for (CertificateInformation certificateInformation : certInfo) {
- KeyPair keyPair = CertUtils.generateKeyPair(keysize);
+ KeyPair keyPair = CertGenUtils.generateKeyPair(keysize);
GeneralNames sanList = getSubjectAlternativeNamesValue(certificateInformation.ipAddresses, certificateInformation.dnsNames,
certificateInformation.commonNames);
- PKCS10CertificationRequest csr = CertUtils.generateCSR(keyPair, certificateInformation.name.x500Principal, sanList);
+ PKCS10CertificationRequest csr = CertGenUtils.generateCSR(keyPair, certificateInformation.name.x500Principal, sanList);
final String dirName = certificateInformation.name.filename + "/";
ZipEntry zipEntry = new ZipEntry(dirName);
@@ -361,7 +363,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
if (caCertPath != null) {
assert caKeyPath != null;
final String resolvedCaCertPath = resolvePath(caCertPath).toAbsolutePath().toString();
- Certificate[] certificates = CertUtils.readCertificates(Collections.singletonList(resolvedCaCertPath), env);
+ Certificate[] certificates = CertParsingUtils.readCertificates(Collections.singletonList(resolvedCaCertPath), env);
if (certificates.length != 1) {
throw new IllegalArgumentException("expected a single certificate in file [" + caCertPath + "] but found [" +
certificates.length + "]");
@@ -373,8 +375,8 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
// generate the CA keys and cert
X500Principal x500Principal = new X500Principal(dn);
- KeyPair keyPair = CertUtils.generateKeyPair(keysize);
- Certificate caCert = CertUtils.generateCACertificate(x500Principal, keyPair, days);
+ KeyPair keyPair = CertGenUtils.generateKeyPair(keysize);
+ Certificate caCert = CertGenUtils.generateCACertificate(x500Principal, keyPair, days);
final char[] password;
if (prompt) {
password = terminal.readSecret("Enter password for CA private key: ");
@@ -399,8 +401,8 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
writeCAInfoIfGenerated(outputStream, pemWriter, caInfo);
for (CertificateInformation certificateInformation : certificateInformations) {
- KeyPair keyPair = CertUtils.generateKeyPair(keysize);
- Certificate certificate = CertUtils.generateSignedCertificate(certificateInformation.name.x500Principal,
+ KeyPair keyPair = CertGenUtils.generateKeyPair(keysize);
+ Certificate certificate = CertGenUtils.generateSignedCertificate(certificateInformation.name.x500Principal,
getSubjectAlternativeNamesValue(certificateInformation.ipAddresses, certificateInformation.dnsNames,
certificateInformation.commonNames),
keyPair, caInfo.caCert, caInfo.privateKey, days);
@@ -483,7 +485,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
outputStream.putNextEntry(new ZipEntry(caDirName + "ca.key"));
if (info.password != null && info.password.length > 0) {
try {
- PEMEncryptor encryptor = new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(CertUtils.BC_PROV).build(info.password);
+ PEMEncryptor encryptor = new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(BC_PROV).build(info.password);
pemWriter.writeObject(info.privateKey, encryptor);
} finally {
// we can safely nuke the password chars now
@@ -584,8 +586,8 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
private static PrivateKey readPrivateKey(String path, char[] password, Terminal terminal, boolean prompt)
throws Exception {
AtomicReference passwordReference = new AtomicReference<>(password);
- try (Reader reader = Files.newBufferedReader(resolvePath(path), StandardCharsets.UTF_8)) {
- return CertUtils.readPrivateKey(reader, () -> {
+ try {
+ return PemUtils.readPrivateKey(resolvePath(path), () -> {
if (password != null || prompt == false) {
return password;
}
@@ -611,7 +613,7 @@ public class CertificateGenerateTool extends EnvironmentAwareCommand {
}
for (String cn : commonNames) {
- generalNameList.add(CertUtils.createCommonName(cn));
+ generalNameList.add(CertGenUtils.createCommonName(cn));
}
if (generalNameList.isEmpty()) {
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateTool.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateTool.java
index 60e3b3e556a..dd90df4dd6a 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateTool.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertificateTool.java
@@ -12,6 +12,7 @@ import joptsimple.OptionSpecBuilder;
import org.bouncycastle.asn1.DERIA5String;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptor;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder;
@@ -87,6 +88,7 @@ public class CertificateTool extends LoggingAwareMultiCommand {
private static final String DEFAULT_CERT_ZIP = "certificate-bundle.zip";
private static final String DEFAULT_CA_ZIP = "elastic-stack-ca.zip";
private static final String DEFAULT_CA_P12 = "elastic-stack-ca.p12";
+ private static final BouncyCastleProvider BC_PROV = new BouncyCastleProvider();
static final String DEFAULT_CERT_NAME = "instance";
@@ -334,7 +336,7 @@ public class CertificateTool extends LoggingAwareMultiCommand {
char[] passwordOption = getChars(caPasswordSpec.value(options));
Map keys = withPassword("CA (" + path + ")", passwordOption,
- terminal, password -> CertUtils.readPkcs12KeyPairs(path, password, a -> password, env));
+ terminal, password -> CertParsingUtils.readPkcs12KeyPairs(path, password, a -> password));
if (keys.size() != 1) {
throw new IllegalArgumentException("expected a single key in file [" + path.toAbsolutePath() + "] but found [" +
@@ -353,7 +355,7 @@ public class CertificateTool extends LoggingAwareMultiCommand {
String password = caPasswordSpec.value(options);
final String resolvedCaCertPath = cert.toAbsolutePath().toString();
- Certificate[] certificates = CertUtils.readCertificates(Collections.singletonList(resolvedCaCertPath), env);
+ Certificate[] certificates = CertParsingUtils.readCertificates(Collections.singletonList(resolvedCaCertPath), env);
if (certificates.length != 1) {
throw new IllegalArgumentException("expected a single certificate in file [" + resolvedCaCertPath + "] but found [" +
certificates.length + "]");
@@ -369,8 +371,8 @@ public class CertificateTool extends LoggingAwareMultiCommand {
dn = AUTO_GEN_CA_DN;
}
X500Principal x500Principal = new X500Principal(dn);
- KeyPair keyPair = CertUtils.generateKeyPair(getKeySize(options));
- X509Certificate caCert = CertUtils.generateCACertificate(x500Principal, keyPair, getDays(options));
+ KeyPair keyPair = CertGenUtils.generateKeyPair(getKeySize(options));
+ X509Certificate caCert = CertGenUtils.generateCACertificate(x500Principal, keyPair, getDays(options));
if (options.hasArgument(caPasswordSpec)) {
char[] password = getChars(caPasswordSpec.value(options));
@@ -612,10 +614,10 @@ public class CertificateTool extends LoggingAwareMultiCommand {
void generateAndWriteCsrs(Path output, int keySize, Collection certInfo) throws Exception {
fullyWriteZipFile(output, (outputStream, pemWriter) -> {
for (CertificateInformation certificateInformation : certInfo) {
- KeyPair keyPair = CertUtils.generateKeyPair(keySize);
+ KeyPair keyPair = CertGenUtils.generateKeyPair(keySize);
GeneralNames sanList = getSubjectAlternativeNamesValue(certificateInformation.ipAddresses,
certificateInformation.dnsNames, certificateInformation.commonNames);
- PKCS10CertificationRequest csr = CertUtils.generateCSR(keyPair, certificateInformation.name.x500Principal, sanList);
+ PKCS10CertificationRequest csr = CertGenUtils.generateCSR(keyPair, certificateInformation.name.x500Principal, sanList);
final String dirName = certificateInformation.name.filename + "/";
ZipEntry zipEntry = new ZipEntry(dirName);
@@ -819,8 +821,8 @@ public class CertificateTool extends LoggingAwareMultiCommand {
private CertificateAndKey generateCertificateAndKey(CertificateInformation certificateInformation, CAInfo caInfo,
int keySize, int days) throws Exception {
- KeyPair keyPair = CertUtils.generateKeyPair(keySize);
- Certificate certificate = CertUtils.generateSignedCertificate(certificateInformation.name.x500Principal,
+ KeyPair keyPair = CertGenUtils.generateKeyPair(keySize);
+ Certificate certificate = CertGenUtils.generateSignedCertificate(certificateInformation.name.x500Principal,
getSubjectAlternativeNamesValue(certificateInformation.ipAddresses, certificateInformation.dnsNames,
certificateInformation.commonNames),
keyPair, caInfo.certAndKey.cert, caInfo.certAndKey.key, days);
@@ -916,7 +918,7 @@ public class CertificateTool extends LoggingAwareMultiCommand {
}
private static PEMEncryptor getEncrypter(char[] password) {
- return new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(CertUtils.BC_PROV).build(password);
+ return new JcePEMEncryptorBuilder("DES-EDE3-CBC").setProvider(BC_PROV).build(password);
}
private static T withPassword(String description, char[] password, Terminal terminal,
@@ -1015,8 +1017,8 @@ public class CertificateTool extends LoggingAwareMultiCommand {
private static PrivateKey readPrivateKey(Path path, char[] password, Terminal terminal)
throws Exception {
AtomicReference passwordReference = new AtomicReference<>(password);
- try (Reader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
- return CertUtils.readPrivateKey(reader, () -> {
+ try {
+ return PemUtils.readPrivateKey(path, () -> {
if (password != null) {
return password;
}
@@ -1042,7 +1044,7 @@ public class CertificateTool extends LoggingAwareMultiCommand {
}
for (String cn : commonNames) {
- generalNameList.add(CertUtils.createCommonName(cn));
+ generalNameList.add(CertGenUtils.createCommonName(cn));
}
if (generalNameList.isEmpty()) {
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DefaultJDKTrustConfig.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DefaultJDKTrustConfig.java
index 073fc06c137..ff818bb09f5 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DefaultJDKTrustConfig.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DefaultJDKTrustConfig.java
@@ -34,7 +34,7 @@ class DefaultJDKTrustConfig extends TrustConfig {
@Override
X509ExtendedTrustManager createTrustManager(@Nullable Environment environment) {
try {
- return CertUtils.trustManager(null, TrustManagerFactory.getDefaultAlgorithm());
+ return CertParsingUtils.trustManager(null, TrustManagerFactory.getDefaultAlgorithm());
} catch (Exception e) {
throw new ElasticsearchException("failed to initialize a TrustManagerFactory", e);
}
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DerParser.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DerParser.java
new file mode 100644
index 00000000000..fedbbb31947
--- /dev/null
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/DerParser.java
@@ -0,0 +1,285 @@
+/*
+ Copyright (c) 1998-2010 AOL Inc.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+ */
+
+package org.elasticsearch.xpack.core.ssl;
+
+
+import org.elasticsearch.common.hash.MessageDigests;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+
+/**
+ * A bare-minimum ASN.1 DER decoder, just having enough functions to
+ * decode PKCS#1 private keys in order to remain JCE/JVM agnostic.
+ *
+ * Based on https://github.com/groovenauts/jmeter_oauth_plugin/blob/master/jmeter/src/
+ * main/java/org/apache/jmeter/protocol/oauth/sampler/PrivateKeyReader.java
+ */
+class DerParser {
+ // Constructed Flag
+ private static final int CONSTRUCTED = 0x20;
+
+ // Tag and data types
+ private static final int INTEGER = 0x02;
+ private static final int OCTET_STRING = 0x04;
+ private static final int OBJECT_OID = 0x06;
+ private static final int NUMERIC_STRING = 0x12;
+ private static final int PRINTABLE_STRING = 0x13;
+ private static final int VIDEOTEX_STRING = 0x15;
+ private static final int IA5_STRING = 0x16;
+ private static final int GRAPHIC_STRING = 0x19;
+ private static final int ISO646_STRING = 0x1A;
+ private static final int GENERAL_STRING = 0x1B;
+
+ private static final int UTF8_STRING = 0x0C;
+ private static final int UNIVERSAL_STRING = 0x1C;
+ private static final int BMP_STRING = 0x1E;
+
+
+ private InputStream derInputStream;
+ private int maxAsnObjectLength;
+
+ DerParser(byte[] bytes) {
+ this.derInputStream = new ByteArrayInputStream(bytes);
+ this.maxAsnObjectLength = bytes.length;
+ }
+
+ Asn1Object readAsn1Object() throws IOException {
+ int tag = derInputStream.read();
+ if (tag == -1) {
+ throw new IOException("Invalid DER: stream too short, missing tag");
+ }
+ int length = getLength();
+ // getLength() can return any 32 bit integer, so ensure that a corrupted encoding won't
+ // force us into allocating a very large array
+ if (length > maxAsnObjectLength) {
+ throw new IOException("Invalid DER: size of ASN.1 object to be parsed appears to be larger than the size of the key file " +
+ "itself.");
+ }
+ byte[] value = new byte[length];
+ int n = derInputStream.read(value);
+ if (n < length) {
+ throw new IOException("Invalid DER: stream too short, missing value. " +
+ "Could only read " + n + " out of " + length + " bytes");
+ }
+ return new Asn1Object(tag, length, value);
+
+ }
+
+ /**
+ * Decode the length of the field. Can only support length
+ * encoding up to 4 octets.
+ *
+ *
In BER/DER encoding, length can be encoded in 2 forms,
+ *
+ *
Short form. One octet. Bit 8 has value "0" and bits 7-1
+ * give the length.
+ *
+ *
Long form. Two to 127 octets (only 4 is supported here).
+ * Bit 8 of first octet has value "1" and bits 7-1 give the
+ * number of additional length octets. Second and following
+ * octets give the length, base 256, most significant digit first.
+ *
+ *
+ *
+ * @return The length as integer
+ * @throws IOException
+ */
+ private int getLength() throws IOException {
+
+ int i = derInputStream.read();
+ if (i == -1)
+ throw new IOException("Invalid DER: length missing");
+
+ // A single byte short length
+ if ((i & ~0x7F) == 0)
+ return i;
+
+ int num = i & 0x7F;
+
+ // We can't handle length longer than 4 bytes
+ if (i >= 0xFF || num > 4)
+ throw new IOException("Invalid DER: length field too big ("
+ + i + ")"); //$NON-NLS-1$
+
+ byte[] bytes = new byte[num];
+ int n = derInputStream.read(bytes);
+ if (n < num)
+ throw new IOException("Invalid DER: length too short");
+
+ return new BigInteger(1, bytes).intValue();
+ }
+
+
+ /**
+ * An ASN.1 TLV. The object is not parsed. It can
+ * only handle integers.
+ *
+ * @author zhang
+ */
+ static class Asn1Object {
+
+ protected final int type;
+ protected final int length;
+ protected final byte[] value;
+ protected final int tag;
+
+ /**
+ * Construct a ASN.1 TLV. The TLV could be either a
+ * constructed or primitive entity.
+ *
+ *
The first byte in DER encoding is made of following fields,
+ *