diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java index 5dc7236b83d8..04195ceb806e 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/CertParsingUtils.java @@ -158,4 +158,5 @@ public static boolean isOrderedCertificateChain(List chain) { } return true; } + } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SslSettingsLoaderTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SslSettingsLoaderTests.java index a0349c85b23a..b3c27983f46b 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SslSettingsLoaderTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/SslSettingsLoaderTests.java @@ -116,6 +116,7 @@ public void testFilterAppliedToKeystore() { assertThat(keyStore.hasKeyMaterial(), is(true)); assumeFalse("Cannot create Key Manager from a PKCS#12 file in FIPS", inFipsJvm()); + assertThat(keyStore.createKeyManager(), notNullValue()); assertThat(keyStore.getKeys(false), hasSize(3)); // testnode_ec, testnode_rsa, testnode_dsa assertThat(keyStore.getKeys(true), hasSize(2)); // testnode_rsa, testnode_dsa diff --git a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java index ac403fa5d81d..d8d4c4f091d6 100644 --- a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java +++ b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/ssl/SSLTrustRestrictionsTests.java @@ -9,7 +9,6 @@ import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.ElasticsearchException; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.ssl.PemUtils; import org.elasticsearch.common.ssl.SslConfiguration; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.core.PathUtils; @@ -79,7 +78,7 @@ public static void setupCertificates() throws Exception { X509Certificate caCert = CertParsingUtils.readX509Certificates(Collections.singletonList(caCertPath))[0]; Path caKeyPath = PathUtils.get(SSLTrustRestrictionsTests.class.getResource ("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/nodes/ca.key").toURI()); - PrivateKey caKey = PemUtils.readPrivateKey(caKeyPath, ""::toCharArray); + PrivateKey caKey = org.elasticsearch.common.ssl.PemUtils.readPrivateKey(caKeyPath, ""::toCharArray); ca = new CertificateInfo(caKey, caKeyPath, caCert, caCertPath); Path trustedCertPath = PathUtils.get(SSLTrustRestrictionsTests.class.getResource @@ -87,7 +86,7 @@ public static void setupCertificates() throws Exception { X509Certificate trustedX509Certificate = CertParsingUtils.readX509Certificates(Collections.singletonList(trustedCertPath))[0]; Path trustedKeyPath = PathUtils.get(SSLTrustRestrictionsTests.class.getResource ("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/nodes/trusted.key").toURI()); - PrivateKey trustedKey = PemUtils.readPrivateKey(trustedKeyPath, ""::toCharArray); + PrivateKey trustedKey = org.elasticsearch.common.ssl.PemUtils.readPrivateKey(trustedKeyPath, ""::toCharArray); trustedCert = new CertificateInfo(trustedKey, trustedKeyPath, trustedX509Certificate, trustedCertPath); Path untrustedCertPath = PathUtils.get(SSLTrustRestrictionsTests.class.getResource @@ -95,7 +94,7 @@ public static void setupCertificates() throws Exception { X509Certificate untrustedX509Certificate = CertParsingUtils.readX509Certificates(Collections.singletonList(untrustedCertPath))[0]; Path untrustedKeyPath = PathUtils.get(SSLTrustRestrictionsTests.class.getResource ("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/nodes/untrusted.key").toURI()); - PrivateKey untrustedKey = PemUtils.readPrivateKey(untrustedKeyPath, ""::toCharArray); + PrivateKey untrustedKey = org.elasticsearch.common.ssl.PemUtils.readPrivateKey(untrustedKeyPath, ""::toCharArray); untrustedCert = new CertificateInfo(untrustedKey, untrustedKeyPath, untrustedX509Certificate, untrustedCertPath); nodeSSL = Settings.builder() diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlMetadataCommand.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlMetadataCommand.java index 7f5389c204d3..0c93ae1c0cdf 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlMetadataCommand.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlMetadataCommand.java @@ -42,7 +42,6 @@ import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.KeyStoreWrapper; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.ssl.PemUtils; import org.elasticsearch.common.util.LocaleUtils; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.core.CheckedFunction; @@ -326,14 +325,14 @@ private static char[] getChars(String password) { private static PrivateKey readSigningKey(Path path, char[] password, Terminal terminal) throws Exception { AtomicReference passwordReference = new AtomicReference<>(password); try { - return PemUtils.readPrivateKey(path, () -> { - if (password != null) { - return password; - } - char[] promptedValue = terminal.readSecret("Enter password for the signing key (" + path.getFileName() + ") : "); - passwordReference.set(promptedValue); - return promptedValue; - }); + return org.elasticsearch.common.ssl.PemUtils.readPrivateKey(path, () -> { + if (password != null) { + return password; + } + char[] promptedValue = terminal.readSecret("Enter password for the signing key (" + path.getFileName() + ") : "); + passwordReference.set(promptedValue); + return promptedValue; + }); } finally { if (passwordReference.get() != null) { Arrays.fill(passwordReference.get(), (char) 0); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java index 4b44beee7391..07deb0b49715 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java @@ -14,7 +14,6 @@ import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; -import org.elasticsearch.common.ssl.PemUtils; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.core.Tuple; import org.elasticsearch.env.Environment; @@ -421,7 +420,7 @@ public void testCreateCredentialFromPemFiles() throws Exception { final Path dir = createTempDir("encryption"); final Path encryptionKeyPath = getDataPath("encryption.key"); final Path destEncryptionKeyPath = dir.resolve("encryption.key"); - final PrivateKey encryptionKey = PemUtils.readPrivateKey(encryptionKeyPath, "encryption"::toCharArray); + final PrivateKey encryptionKey = org.elasticsearch.common.ssl.PemUtils.readPrivateKey(encryptionKeyPath, "encryption"::toCharArray); final Path encryptionCertPath = getDataPath("encryption.crt"); final Path destEncryptionCertPath = dir.resolve("encryption.crt"); final X509Certificate encryptionCert = CertParsingUtils.readX509Certificates(Collections.singletonList(encryptionCertPath))[0]; diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/AbstractSimpleSecurityTransportTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/AbstractSimpleSecurityTransportTestCase.java index b45968754c26..5313db62bbb6 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/AbstractSimpleSecurityTransportTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/AbstractSimpleSecurityTransportTestCase.java @@ -344,7 +344,7 @@ public void testSecurityClientAuthenticationConfigs() throws Exception { } // test profile required client authentication - value = randomCapitalization(SslClientAuthenticationMode.REQUIRED); + value = randomCapitalization(SslClientAuthenticationMode.REQUIRED);; settings = Settings.builder() .put("transport.profiles.client.port", "8000-9000") .put("transport.profiles.client.xpack.security.ssl.enabled", true) diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java index 08b1cdc42b75..8b21e2cc1376 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SSLDriverTests.java @@ -35,7 +35,8 @@ public class SSLDriverTests extends ESTestCase { - private final IntFunction pageAllocator = (n) -> new Page(ByteBuffer.allocate(n), () -> {}); + private final IntFunction pageAllocator = (n) -> new Page(ByteBuffer.allocate(n), () -> { + }); private final InboundChannelBuffer networkReadBuffer = new InboundChannelBuffer(pageAllocator); private final InboundChannelBuffer applicationBuffer = new InboundChannelBuffer(pageAllocator); @@ -74,7 +75,8 @@ public void testDataStoredInOutboundBufferIsClosed() throws Exception { handshake(clientDriver, serverDriver); ByteBuffer[] buffers = {ByteBuffer.wrap("ping".getBytes(StandardCharsets.UTF_8))}; - serverDriver.write(new FlushOperation(buffers, (v, e) -> {})); + serverDriver.write(new FlushOperation(buffers, (v, e) -> { + })); expectThrows(SSLException.class, serverDriver::close); assertEquals(0, openPages.get()); @@ -411,7 +413,8 @@ private void sendHandshakeMessages(SSLDriver sendDriver, SSLDriver receiveDriver } private void sendAppData(SSLDriver sendDriver, ByteBuffer[] message) throws IOException { - FlushOperation flushOperation = new FlushOperation(message, (r, l) -> {}); + FlushOperation flushOperation = new FlushOperation(message, (r, l) -> { + }); while (flushOperation.isFullyFlushed() == false) { sendDriver.write(flushOperation); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransportTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransportTests.java index fd82652af9f5..edde217807ca 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransportTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/transport/nio/SecurityNioHttpServerTransportTests.java @@ -205,4 +205,5 @@ public void testNoExceptionWhenConfiguredWithoutSslKeySSLDisabled() { xContentRegistry(), new NullDispatcher(), mock(IPFilter.class), sslService, nioGroupFactory, randomClusterSettings()); } + } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java index 624ca59831f5..5c0a61743e3a 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/common/http/HttpClientTests.java @@ -22,6 +22,7 @@ import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; +import org.elasticsearch.common.ssl.SslVerificationMode; import org.elasticsearch.common.unit.ByteSizeUnit; import org.elasticsearch.common.unit.ByteSizeValue; import org.elasticsearch.core.TimeValue;