elastic · rjernst · Jan 26, 2018 · Jan 17, 2018 · Jan 18, 2018 · Jan 18, 2018
diff --git a/...bution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java b/...bution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/InstallPluginCommand.java
@@ -811,8 +811,8 @@ private void createKeystoreIfNeeded(Terminal terminal, Environment env, PluginIn
         KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile());
         if (keystore == null) {
             terminal.println("Elasticsearch keystore is required by plugin [" + info.getName() + "], creating...");
-            keystore = KeyStoreWrapper.create(new char[0]);
-            keystore.save(env.configFile());
+            keystore = KeyStoreWrapper.create();
+            keystore.save(env.configFile(), new char[0]);
         }
     }
 

diff --git a/...n/tools/plugin-cli/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java b/...n/tools/plugin-cli/src/test/java/org/elasticsearch/plugins/InstallPluginCommandTests.java
@@ -1138,8 +1138,8 @@ public void testKeystoreNotRequired() throws Exception {
 
     public void testKeystoreRequiredAlreadyExists() throws Exception {
         Tuple<Path, Environment> env = createEnv(fs, temp);
-        KeyStoreWrapper keystore = KeyStoreWrapper.create(new char[0]);
-        keystore.save(env.v2().configFile());
+        KeyStoreWrapper keystore = KeyStoreWrapper.create();
+        keystore.save(env.v2().configFile(), new char[0]);
         byte[] expectedBytes = Files.readAllBytes(KeyStoreWrapper.keystorePath(env.v2().configFile()));
         Path pluginDir = createPluginDir(temp);
         String pluginZip = createPluginUrl("fake", pluginDir, "requires.keystore", "true");

diff --git a/server/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java b/server/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java
@@ -232,7 +232,7 @@ static SecureSettings loadSecureSettings(Environment initialEnv) throws Bootstra
 
         try {
             keystore.decrypt(new char[0] /* TODO: read password from stdin */);
-            KeyStoreWrapper.upgrade(keystore, initialEnv.configFile());
+            KeyStoreWrapper.upgrade(keystore, initialEnv.configFile(), new char[0]);
         } catch (Exception e) {
             throw new BootstrapException(e);
         }

diff --git a/server/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java b/server/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java
@@ -66,8 +66,8 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
                 terminal.println("Exiting without creating keystore.");
                 return;
             }
-            keystore = KeyStoreWrapper.create(new char[0] /* always use empty passphrase for auto created keystore */);
-            keystore.save(env.configFile());
+            keystore = KeyStoreWrapper.create();
+            keystore.save(env.configFile(), new char[0] /* always use empty passphrase for auto created keystore */);
             terminal.println("Created elasticsearch keystore in " + env.configFile());
         } else {
             keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
@@ -97,7 +97,7 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
                 String.join(", ", argumentValues.subList(2, argumentValues.size())) + "] after filepath");
         }
         keystore.setFile(setting, Files.readAllBytes(file));
-        keystore.save(env.configFile());
+        keystore.save(env.configFile(), new char[0]);
     }
 
     @SuppressForbidden(reason="file arg for cli")

diff --git a/server/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java b/server/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java
@@ -63,8 +63,8 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
                 terminal.println("Exiting without creating keystore.");
                 return;
             }
-            keystore = KeyStoreWrapper.create(new char[0] /* always use empty passphrase for auto created keystore */);
-            keystore.save(env.configFile());
+            keystore = KeyStoreWrapper.create();
+            keystore.save(env.configFile(), new char[0] /* always use empty passphrase for auto created keystore */);
             terminal.println("Created elasticsearch keystore in " + env.configFile());
         } else {
             keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */);
@@ -94,6 +94,6 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
         } catch (IllegalArgumentException e) {
             throw new UserException(ExitCodes.DATA_ERROR, "String value must contain only ASCII");
         }
-        keystore.save(env.configFile());
+        keystore.save(env.configFile(), new char[0]);
     }
 }
diff --git a/server/src/main/java/org/elasticsearch/common/settings/CreateKeyStoreCommand.java b/server/src/main/java/org/elasticsearch/common/settings/CreateKeyStoreCommand.java
@@ -54,8 +54,8 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
             throw new UserException(ExitCodes.DATA_ERROR, "Passphrases are not equal, exiting.");
         }*/
 
-        KeyStoreWrapper keystore = KeyStoreWrapper.create(password);
-        keystore.save(env.configFile());
+        KeyStoreWrapper keystore = KeyStoreWrapper.create();
+        keystore.save(env.configFile(), password);
         terminal.println("Created elasticsearch keystore in " + env.configFile());
     }
 }