Converted all .asciidoc to .md. (#658)

Signed-off-by: dblock <[email protected]>

.gitattributes

@@ -1 +0,0 @@
-CHANGELOG.asciidoc  merge=union

Vagrantfile

@@ -10,7 +10,7 @@
 # vim: ft=ruby ts=2 sw=2 sts=2 et:
 
 # This Vagrantfile exists to test packaging. Read more about its use in the
-# vagrant section in TESTING.asciidoc.
+# vagrant section in TESTING.md.
 
 # Licensed to Elasticsearch under one or more contributor
 # license agreements. See the NOTICE file distributed with

client/rest-high-level/src/test/resources/org/opensearch/client/security/delegate_pki/README.md

@@ -0,0 +1,24 @@
+All openssl commands use the same configuration file, albeit different sections of it. The OpenSSL Configuration file is located in this directory as `openssl_config.cnf`.
+
+# Instructions on generating self-signed Root CA
+
+The self-signed Root CA, *testRootCA.crt*, and its associated private key in this directory have been generated using the following openssl commands.
+
+    openssl genrsa -out testRootCA.key 2048
+    openssl req -x509 -new -key testRootCA.key -days 1460 -subj "/CN=OpenSearch Test Root CA/OU=opensearch/O=org" -out testRootCA.crt -config ./openssl_config.cnf
+
+# Instructions on generating the Intermediate CA
+
+The `testIntermediateCA.crt` CA certificate is "issued" by the `testRootCA.crt`.
+
+    openssl genrsa -out testIntermediateCA.key 2048
+    openssl req -new -key testIntermediateCA.key -subj "/CN=OpenSearch Test Intermediate CA/OU=OpenSearch/O=org" -out testIntermediateCA.csr -config ./openssl_config.cnf
+    openssl x509 -req -in testIntermediateCA.csr -CA testRootCA.crt -CAkey testRootCA.key -CAcreateserial -out testIntermediateCA.crt -days 1460 -sha256 -extensions v3_ca -extfile ./openssl_config.cnf
+
+# Instructions on generating the Client Certificate
+
+The `testClient.crt` end entity certificate is "issued" by the `testIntermediateCA.crt`.
+
+    openssl genrsa -out testClient.key 2048
+    openssl req -new -key testClient.key -subj "/CN=OpenSearch Test Client/OU=OpenSearch/O=org" -out testClient.csr -config ./openssl_config.cnf
+    openssl x509 -req -in testClient.csr -CA testIntermediateCA.crt -CAkey testIntermediateCA.key -CAcreateserial -out testClient.crt -days 1460 -sha256 -extensions usr_cert -extfile ./openssl_config.cnf

libs/ssl-config/src/test/resources/certs/pem-utils/README.md

@@ -0,0 +1,125 @@
+# Instructions on generating self-signed certificates
+
+The certificates in this directory have been generated using the
+following openssl configuration and commands.
+
+OpenSSL Configuration File is located in this directory as
+`openssl_config.cnf`.
+
+The `alt_names` section provides the Subject Alternative Names for each
+certificate. This is necessary for testing with hostname verification
+enabled.
+
+    openssl req -new -x509 -extensions v3_req -out <NAME>.cert -keyout <NAME>.pem -days 1460 -config config.cnf
+
+When prompted the password is always set to the value of &lt;NAME&gt;.
+
+Because we intend to import these certificates into a Java Keystore
+file, they certificate and private key must be combined in a PKCS12
+certificate.
+
+    openssl pkcs12 -export -name <NAME> -in <NAME>.cert -inkey <NAME>.pem -out <NAME>.p12
+
+# Creating the Keystore
+
+We need to create a keystore from the created PKCS12 certificate.
+
+    keytool -importkeystore -destkeystore <NAME>.jks -srckeystore <NAME>.p12 -srcstoretype pkcs12 -alias <NAME>
+
+The keystore is now created and has the private/public key pair. You can
+import additional trusted certificates using `keytool -importcert`. When
+doing so make sure to specify an alias so that others can recreate the
+keystore if necessary.
+
+## Changes and additions for removing Bouncy Castle Dependency
+
+`testnode-unprotected.pem` is simply the decrypted `testnode.pem`
+
+    openssl rsa -in testnode.pem -out testnode-unprotected.pem
+
+`rsa_key_pkcs8_plain.pem` is the same plaintext key encoded in `PKCS#8`
+
+    openssl pkcs8 -topk8 -inform PEM -outform PEM -in testnode-unprotected.pem -out rsa_key_pkcs8_plain.pem -nocrypt
+
+`testnode-aes{128,192,256}.pem` is the testnode.pem private key,
+encrypted with `AES-128`, `AES-192` and `AES-256` respectively, encoded
+in `PKCS#1`
+
+    openssl rsa -aes128 -in testnode-unprotected.pem -out testnode-aes128.pem
+
+    openssl rsa -aes192 -in testnode-unprotected.pem -out testnode-aes192.pem
+
+    openssl rsa -aes256 -in testnode-unprotected.pem -out testnode-aes256.pem
+
+Adding `DSA` and `EC` Keys to the Keystore
+
+    keytool -genkeypair -keyalg DSA -alias testnode_dsa -keystore testnode.jks -storepass testnode \
+            -keypass testnode -validity 10000 -keysize 1024 -dname "CN=OpenSearch Test Node" \
+            -ext SAN=dns:localhost,dns:localhost.localdomain,dns:localhost4,dns:localhost4.localdomain4,dns:localhost6,dns:localhost6.localdomain6,ip:127.0.0.1,ip:0:0:0:0:0:0:0:1
+
+    keytool -genkeypair -keyalg EC -alias testnode_ec -keystore testnode.jks -storepass testnode \
+            -keypass testnode -validity 10000 -keysize 256 -dname "CN=OpenSearch Test Node" \
+            -ext SAN=dns:localhost,dns:localhost.localdomain,dns:localhost4,dns:localhost4.localdomain4,dns:localhost6,dns:localhost6.localdomain6,ip:127.0.0.1,ip:0:0:0:0:0:0:0:1
+
+Exporting the `DSA` and `EC` private keys from the keystore
+
+    keytool -importkeystore -srckeystore testnode.jks -destkeystore dsa.p12 -deststoretype PKCS12 \
+            -srcalias testnode_dsa -deststorepass testnode -destkeypass testnode
+
+    openssl pkcs12 -in dsa.p12 -nodes -nocerts | openssl pkcs8 -topk8 -nocrypt -outform pem \
+            -out dsa_key_pkcs8_plain.pem
+
+    keytool -importkeystore -srckeystore testnode.jks -destkeystore ec.p12 -deststoretype PKCS12 \
+                    -srcalias testnode_ec -deststorepass testnode -destkeypass testnode
+
+    openssl pkcs12 -in ec.p12 -nodes -nocerts | openssl pkcs8 -topk8 -nocrypt -outform pem \
+                    -out ec_key_pkcs8_plain.pem
+
+Create `PKCS#8` encrypted key from the encrypted `PKCS#1` encoded
+`testnode.pem`
+
+    openssl pkcs8 -topk8 -inform PEM -outform PEM -in testnode.pem -out key_pkcs8_encrypted.pem
+
+    ssh-keygen -t ed25519 -f key_unsupported.pem
+
+Convert `prime256v1-key-noparam.pem` to `PKCS#8` format
+
+    openssl pkcs8 -topk8 -in prime256v1-key-noparam.pem -nocrypt -out prime256v1-key-noparam-pkcs8.pem
+
+Generate the keys and self-signed certificates in `nodes/self/` :
+
+    openssl req -newkey rsa:2048 -keyout n1.c1.key -x509 -days 3650 -subj "/CN=n1.c1" -reqexts SAN \
+            -extensions SAN -config <(cat /etc/ssl/openssl.cnf \
+            <(printf "[SAN]\nsubjectAltName=otherName.1:2.5.4.3;UTF8:node1.cluster1")) -out n1.c1.crt
+
+Create a `CA` keypair for testing
+
+    openssl req -newkey rsa:2048 -nodes -keyout ca.key -x509 -subj "/CN=certAuth" -days 10000 -out ca.crt
+
+Generate Certificates signed with our CA for testing
+
+     openssl req -new -newkey rsa:2048 -keyout n2.c2.key -reqexts SAN -extensions SAN \
+             -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=otherName.1:2.5.4.3;UTF8:node2.cluster2"))\
+             -out n2.c2.csr
+
+    openssl x509 -req -in n2.c2.csr -extensions SAN -CA ca.crt -CAkey ca.key -CAcreateserial \
+           -extfile <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=otherName.1:2.5.4.3;UTF8:node2.cluster2"))\
+           -out n2.c2.crt -days 10000
+
+# Generate EC keys using various curves for testing
+
+    openssl ecparam -list_curves
+
+will list all the available curves in a given system. For the purposes
+of the tests here, the following curves were used to generate ec keys
+named accordingly:
+
+    openssl ecparam -name secp256r1 -genkey -out private_secp256r1.pem
+    openssl ecparam -name secp384r1 -genkey -out private_secp384r1.pem
+    openssl ecparam -name secp521r1 -genkey -out private_secp521r1.pem
+
+and the respective certificates
+
+    openssl req -x509 -extensions v3_req -key private_secp256r1.pem -out certificate_secp256r1.pem -days 1460 -config openssl_config.cnf
+    openssl req -x509 -extensions v3_req -key private_secp384r1.pem -out certificate_secp384r1.pem -days 1460 -config openssl_config.cnf
+    openssl req -x509 -extensions v3_req -key private_secp521r1.pem -out certificate_secp521r1.pem -days 1460 -config openssl_config.cnf

qa/os/README.md

@@ -17,7 +17,7 @@ tests should be added to this set of tests if possible.
 
 ## Running these tests
 
-See the section in [TESTING.asciidoc](../../TESTING.asciidoc#testing-packaging)
+See the section in [TESTING.md](../../TESTING.md#testing-packaging)
 
 ## Adding a new test class