Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Draft] Merge x-pack SSL configuration with libs/ssl-config #72285

Closed
wants to merge 56 commits into from
Closed
Changes from 1 commit
Commits
Show all changes
56 commits
Select commit Hold shift + click to select a range
8a5e5f8
Add test for combining keystore+jdk trust
tvernum Apr 22, 2021
c24f47d
Make SSL Service work with ssl-config lib
tvernum Apr 23, 2021
c74a2a5
Fixes
tvernum Apr 26, 2021
da4ff94
Fix tests for trust config in diagnostic message
tvernum Apr 26, 2021
286dc5e
Fix reloader tests
tvernum Apr 26, 2021
a9649ca
More error message fixes
tvernum Apr 26, 2021
fe5c585
Fix enum usage in ProfileConfigurationsTests
tvernum Apr 26, 2021
653e49c
Resolve secure settings correctly
tvernum Apr 26, 2021
5195409
Update file error messages again
tvernum Apr 26, 2021
e3d92a3
Fix ssl-config tests
tvernum Apr 26, 2021
208fcdd
Fix SSL service error messages
tvernum Apr 26, 2021
cd87b65
Support trust restrictions
tvernum Apr 26, 2021
48db43e
Switch to String instead of Path
tvernum Apr 27, 2021
ec3b63d
Merge branch 'master' into merge-ssl-config
tvernum Apr 28, 2021
f37053b
Remove obsolete config classes from x-pack
tvernum Apr 28, 2021
5d7edd8
Merge branch 'master' into merge-ssl-config
tvernum Apr 29, 2021
21ee816
Sort certificates by path in SSL API
tvernum Apr 30, 2021
51abfde
Fixes to sorting
tvernum May 5, 2021
bb79661
Merge branch 'master' into merge-ssl-config
tvernum May 5, 2021
40ca104
Merge branch 'master' into merge-ssl-config
tvernum May 6, 2021
9af04c5
Fix isExplicitlyConfigured
tvernum May 6, 2021
3f8b0a5
Remove old SSLClientAuth implementation
tvernum May 6, 2021
9e90bd1
Remove old VerificationMode enum
tvernum May 7, 2021
de3cb92
Migrate to libs version of PemUtils
tvernum May 7, 2021
c0884df
Remove redundant methods from CertParsingUtils
tvernum May 7, 2021
497ccc7
Merge branch 'master' into merge-ssl-config
tvernum May 7, 2021
8e2c284
Cleanup SSLConfigurationSettings
tvernum May 10, 2021
7738395
Merge branch 'master' into merge-ssl-config
tvernum May 10, 2021
ff733f6
Fix broken tests
tvernum May 11, 2021
c99dfdb
Switch PKI Realm to use SSL config directly
tvernum May 12, 2021
152d6f1
Fix import
tvernum May 12, 2021
fcf3abf
Merge branch 'master' into merge-ssl-config
tvernum May 13, 2021
c5fc932
Fix NPE in IdP
tvernum May 13, 2021
4c2bac6
Fix SSLConfigurationSettings.realm
tvernum May 13, 2021
b21c60a
Use SslConfigurationKeys in X509KeyPairSettings
tvernum May 13, 2021
5ffc072
Merge branch 'master' into merge-ssl-config
tvernum Jun 4, 2021
3414331
Drop redundant DerParser
tvernum Jun 4, 2021
98ebb59
Slim down CertParsingUtils some more
tvernum Jun 4, 2021
a412308
Slim down SSLConfigurationSettings
tvernum Jun 4, 2021
bbf8359
Fix import
tvernum Jun 4, 2021
a4b4904
Merge branch 'master' into merge-ssl-config
tvernum Jun 7, 2021
6efe92c
Merge branch 'master' into merge-ssl-config
tvernum Jun 9, 2021
463c154
Handle SslConfigExceptions when loading PEM
tvernum Jun 9, 2021
d8a7bcb
Merge branch 'master' into merge-ssl-config
tvernum Jun 10, 2021
fc895f5
Merge branch 'master' into merge-ssl-config
tvernum Jul 1, 2021
b443007
Improve implementation of getKeys
tvernum Jul 2, 2021
4fb2284
Merge branch 'master' into merge-ssl-config
tvernum Jul 2, 2021
7064ae5
Merge branch 'master' into merge-ssl-config
tvernum Jul 16, 2021
4e208a7
Support filtering of KeyStore entries
tvernum Jul 16, 2021
8c2c42f
Merge branch 'master' into merge-ssl-config
tvernum Jul 30, 2021
5fc19c6
Merge branch 'master' into merge-ssl-config
tvernum Aug 3, 2021
9e00478
Merge branch 'master' into merge-ssl-config
tvernum Aug 3, 2021
a2e1c42
Merge branch 'master' into merge-ssl-config
tvernum Aug 5, 2021
a35a7fd
Merge branch 'master' into merge-ssl-config
tvernum Aug 18, 2021
b2e1b6e
Merge branch 'master' into merge-ssl-config
tvernum Aug 18, 2021
66c48c9
Merge branch 'master' into merge-ssl-config
tvernum Sep 22, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Fix reloader tests
tvernum committed Apr 27, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
commit 286dc5e11be9dc0a3b624d1f7463af25262029a6
Original file line number Diff line number Diff line change
@@ -38,7 +38,7 @@ static SslConfigException ioException(String fileType, List<Path> paths, IOExcep
return accessDenied(fileType, paths, (AccessDeniedException) cause);
}
String message = "cannot read configured " + fileType + " [" + pathsToString(paths) + "]";
if (cause != null) {
if (cause != null && cause.getMessage() != null) {
message += " - " + cause.getMessage();
}
return new SslConfigException(message, cause);
Original file line number Diff line number Diff line change
@@ -360,7 +360,7 @@ public void testReloadingKeyStoreException() throws Exception {

latch.await();
assertNotNull(exceptionRef.get());
assertThat(exceptionRef.get(), throwableWithMessage(containsString("failed to initialize SSL KeyManager")));
assertThat(exceptionRef.get(), throwableWithMessage(containsString("cannot read configured [jks] keystore")));
assertThat(sslService.sslContextHolder(config).sslContext(), sameInstance(context));
}

@@ -455,7 +455,7 @@ public void testTrustStoreReloadException() throws Exception {

latch.await();
assertNotNull(exceptionRef.get());
assertThat(exceptionRef.get(), throwableWithMessage(containsString("failed to initialize SSL TrustManager")));
assertThat(exceptionRef.get(), throwableWithMessage(containsString("cannot read configured [jks] keystore (as a truststore)")));
assertThat(sslService.sslContextHolder(config).sslContext(), sameInstance(context));
}

@@ -500,7 +500,7 @@ public void testPEMTrustReloadException() throws Exception {

latch.await();
assertNotNull(exceptionRef.get());
assertThat(exceptionRef.get(), throwableWithMessage(containsString("failed to initialize SSL TrustManager")));
assertThat(exceptionRef.get(), throwableWithMessage(containsString("cannot load PEM certificate_authorities")));
assertThat(sslService.sslContextHolder(config).sslContext(), sameInstance(context));
}

Binary file not shown.