From 67f939af1d4cf80b0f82092e53b792d4788c98f7 Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Thu, 31 Jan 2019 20:59:50 +1100 Subject: [PATCH] Enable SSL in reindex with security QA tests Update the x-pack/qa/reindex-tests-with-security integration tests to run with TLS enabled on the Rest interface. Backport of: #37600 Relates: #37527 --- .../test/rest/ESRestTestCase.java | 3 +- .../reindex-tests-with-security/build.gradle | 77 ++++++++++++++++-- ...ndexWithSecurityClientYamlTestSuiteIT.java | 31 ++++++- .../test/15_reindex_from_remote.yml | 18 ++-- .../src/test/resources/ssl/README.asciidoc | 28 +++++++ .../src/test/resources/ssl/ca.crt | 20 +++++ .../src/test/resources/ssl/ca.key | 30 +++++++ .../src/test/resources/ssl/ca.p12 | Bin 0 -> 1130 bytes .../src/test/resources/ssl/http.crt | 22 +++++ .../src/test/resources/ssl/http.key | 30 +++++++ 10 files changed, 240 insertions(+), 19 deletions(-) create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/README.asciidoc create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.crt create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.key create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.p12 create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.crt create mode 100644 x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.key diff --git a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java index 06890a9d5a669..3db525037b49c 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java +++ b/test/framework/src/main/java/org/elasticsearch/test/rest/ESRestTestCase.java @@ -709,7 +709,8 @@ protected static void configureClient(RestClientBuilder builder, Settings settin throw new IllegalStateException(TRUSTSTORE_PATH + " is set but points to a non-existing file"); } try { - KeyStore keyStore = KeyStore.getInstance("jks"); + final String keyStoreType = keystorePath.endsWith(".p12") ? "PKCS12" : "jks"; + KeyStore keyStore = KeyStore.getInstance(keyStoreType); try (InputStream is = Files.newInputStream(path)) { keyStore.load(is, keystorePass.toCharArray()); } diff --git a/x-pack/qa/reindex-tests-with-security/build.gradle b/x-pack/qa/reindex-tests-with-security/build.gradle index 0bd51f483eaad..3d415e0e2922a 100644 --- a/x-pack/qa/reindex-tests-with-security/build.gradle +++ b/x-pack/qa/reindex-tests-with-security/build.gradle @@ -1,3 +1,11 @@ +import javax.net.ssl.HttpsURLConnection +import javax.net.ssl.KeyManager +import javax.net.ssl.SSLContext +import javax.net.ssl.TrustManagerFactory +import java.nio.charset.StandardCharsets +import java.security.KeyStore +import java.security.SecureRandom + apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' @@ -9,13 +17,31 @@ dependencies { testCompile project(path: ':modules:reindex') } +forbiddenPatterns { + exclude '**/*.key' + exclude '**/*.pem' + exclude '**/*.p12' + exclude '**/*.jks' +} + +File caFile = project.file('src/test/resources/ssl/ca.p12') + integTestCluster { // Whitelist reindexing from the local node so we can test it. + extraConfigFile 'http.key', project.projectDir.toPath().resolve('src/test/resources/ssl/http.key') + extraConfigFile 'http.crt', project.projectDir.toPath().resolve('src/test/resources/ssl/http.crt') + extraConfigFile 'ca.p12', caFile setting 'reindex.remote.whitelist', '127.0.0.1:*' setting 'xpack.ilm.enabled', 'false' setting 'xpack.security.enabled', 'true' setting 'xpack.ml.enabled', 'false' setting 'xpack.license.self_generated.type', 'trial' + setting 'xpack.security.http.ssl.enabled', 'true' + setting 'xpack.security.http.ssl.certificate', 'http.crt' + setting 'xpack.security.http.ssl.key', 'http.key' + setting 'xpack.security.http.ssl.key_passphrase', 'http-password' + setting 'reindex.ssl.truststore.path', 'ca.p12' + setting 'reindex.ssl.truststore.password', 'password' extraConfigFile 'roles.yml', 'roles.yml' [ test_admin: 'superuser', @@ -31,13 +57,48 @@ integTestCluster { 'bin/elasticsearch-users', 'useradd', user, '-p', 'x-pack-test-password', '-r', role } waitCondition = { node, ant -> - File tmpFile = new File(node.cwd, 'wait.success') - ant.get(src: "http://${node.httpUri()}/_cluster/health?wait_for_nodes=>=${numNodes}&wait_for_status=yellow", - dest: tmpFile.toString(), - username: 'test_admin', - password: 'x-pack-test-password', - ignoreerrors: true, - retries: 10) - return tmpFile.exists() + // Load the CA PKCS#12 file as a truststore + KeyStore ks = KeyStore.getInstance("PKCS12"); + ks.load(caFile.newInputStream(), 'password'.toCharArray()); + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(ks); + + // Configre a SSL context for TLS1.2 using our CA trust manager + SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); + sslContext.init(new KeyManager[0], tmf.getTrustManagers(), new SecureRandom()); + + // Check whether the cluster has started + URL url = new URL("https://${node.httpUri()}/_cluster/health?wait_for_nodes=${numNodes}&wait_for_status=yellow"); + for (int i = 20; i >= 0; i--) { + // we use custom wait logic here for HTTPS + HttpsURLConnection httpURLConnection = null; + try { + logger.info("Trying ${url}"); + httpURLConnection = (HttpsURLConnection) url.openConnection(); + httpURLConnection.setSSLSocketFactory(sslContext.getSocketFactory()); + httpURLConnection.setRequestProperty("Authorization", + "Basic " + Base64.getEncoder().encodeToString("test_admin:x-pack-test-password".getBytes(StandardCharsets.UTF_8))); + httpURLConnection.setRequestMethod("GET"); + httpURLConnection.connect(); + if (httpURLConnection.getResponseCode() == 200) { + logger.info("Cluster has started"); + return true; + } else { + logger.debug("HTTP response was [{}]", httpURLConnection.getResponseCode()); + } + } catch (IOException e) { + if (i == 0) { + logger.error("Failed to call cluster health - " + e) + } + logger.debug("Call to [{}] threw an exception", url, e) + } finally { + if (httpURLConnection != null) { + httpURLConnection.disconnect(); + } + } + // did not start, so wait a bit before trying again + Thread.sleep(750L); + } + return false; } } diff --git a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java index 67ebf16f426ed..76715613e3c36 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java +++ b/x-pack/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/ReindexWithSecurityClientYamlTestSuiteIT.java @@ -7,12 +7,18 @@ import com.carrotsearch.randomizedtesting.annotations.Name; import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; - +import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.settings.SecureString; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.rest.yaml.ClientYamlTestCandidate; import org.elasticsearch.test.rest.yaml.ESClientYamlSuiteTestCase; +import org.junit.AfterClass; +import org.junit.BeforeClass; + +import java.io.FileNotFoundException; +import java.net.URL; +import java.nio.file.Path; import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue; @@ -20,6 +26,8 @@ public class ReindexWithSecurityClientYamlTestSuiteIT extends ESClientYamlSuiteT private static final String USER = "test_admin"; private static final String PASS = "x-pack-test-password"; + private static Path httpTrustStore; + public ReindexWithSecurityClientYamlTestSuiteIT(@Name("yaml") ClientYamlTestCandidate testCandidate) { super(testCandidate); } @@ -29,6 +37,25 @@ public static Iterable parameters() throws Exception { return ESClientYamlSuiteTestCase.createParameters(); } + @BeforeClass + public static void findTrustStore( ) throws Exception { + final URL resource = ReindexWithSecurityClientYamlTestSuiteIT.class.getResource("/ssl/ca.p12"); + if (resource == null) { + throw new FileNotFoundException("Cannot find classpath resource /ssl/ca.p12"); + } + httpTrustStore = PathUtils.get(resource.toURI()); + } + + @AfterClass + public static void cleanupStatics() { + httpTrustStore = null; + } + + @Override + protected String getProtocol() { + return "https"; + } + /** * All tests run as a an administrative user but use es-security-runas-user to become a less privileged user. */ @@ -37,6 +64,8 @@ protected Settings restClientSettings() { String token = basicAuthHeaderValue(USER, new SecureString(PASS.toCharArray())); return Settings.builder() .put(ThreadContext.PREFIX + ".Authorization", token) + .put(TRUSTSTORE_PATH , httpTrustStore) + .put(TRUSTSTORE_PASSWORD, "password") .build(); } } diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/15_reindex_from_remote.yml b/x-pack/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/15_reindex_from_remote.yml index b558ad7267718..95b9282f0b16c 100644 --- a/x-pack/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/15_reindex_from_remote.yml +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/15_reindex_from_remote.yml @@ -26,7 +26,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: test_admin password: x-pack-test-password index: source @@ -63,7 +63,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: minimal_user password: x-pack-test-password index: source @@ -109,7 +109,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: readonly_user password: x-pack-test-password index: source @@ -154,7 +154,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: dest_only_user password: x-pack-test-password index: source @@ -196,7 +196,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: test_admin password: x-pack-test-password index: source @@ -255,7 +255,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: can_not_see_hidden_docs_user password: x-pack-test-password index: source @@ -312,7 +312,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: can_not_see_hidden_fields_user password: x-pack-test-password index: source @@ -377,7 +377,7 @@ body: source: remote: - host: http://${host} + host: https://${host} username: test_admin password: badpass index: source @@ -413,7 +413,7 @@ body: source: remote: - host: http://${host} + host: https://${host} index: source dest: index: dest diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/README.asciidoc b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/README.asciidoc new file mode 100644 index 0000000000000..363f39ba012fd --- /dev/null +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/README.asciidoc @@ -0,0 +1,28 @@ += Keystore Details +This document details the steps used to create the certificate and keystore files in this directory. + +== Instructions on generating certificates +The certificates in this directory have been generated using elasticsearch-certutil (7.0.0 SNAPSHOT) + +[source,shell] +----------------------------------------------------------------------------------------------------------- +elasticsearch-certutil ca --pem --out=ca.zip --pass="ca-password" --days=3500 +unzip ca.zip +mv ca/ca.* ./ +----------------------------------------------------------------------------------------------------------- + +[source,shell] +----------------------------------------------------------------------------------------------------------- +elasticsearch-certutil cert --pem --name=http --out=http.zip --pass="http-password" --days=3500 \ + --ca-cert=ca.crt --ca-key=ca.key --ca-pass="ca-password" \ + --dns=localhost --dns=localhost.localdomain --dns=localhost4 --dns=localhost4.localdomain4 --dns=localhost6 --dns=localhost6.localdomain6 \ + --ip=127.0.0.1 --ip=0:0:0:0:0:0:0:1 + +unzip http.zip +mv http/http.* ./ +----------------------------------------------------------------------------------------------------------- + +[source,shell] +----------------------------------------------------------------------------------------------------------- +keytool -importcert -file ca.crt -keystore ca.p12 -storetype PKCS12 -storepass "password" -alias ca +----------------------------------------------------------------------------------------------------------- diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.crt b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.crt new file mode 100644 index 0000000000000..dcbe636e2a594 --- /dev/null +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIVAMp4ojQbvgxx3HBRFHadTvCjFn1+MA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTE4MTIxMzA2MDU0OVoXDTI4MDcxMzA2MDU0OVowNDEyMDAG +A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCDtMpBiqR2EaLHC8jNojf9 +G4xlqFYj+pLzQidPHQlmqEDYYpSUmSVxh2GT7f6VQ7acdlFecSIfbvngGE94aBFB +sSQwzrjk0Bgq3+31nQDdM9DwHPQxYWdq20mxs0qztfpV0BfzsS4hdTHVK3ZvtaN8 +D+FTTvugM/e/PZxEXa2yFVt7GfCe2mF6DLvJpm86Eeyfr9HPZc6QK2vKaNkeaFSr +WFyovb8ivLb6yGMQva/fnQRAJNLZi0YnsMwUhn/Xe1MyfeRyLmkLvF+Q3XwiYInt +0721DMUH4VYaQ2EV76g3v0mxvbCdHMCRVudvlqiO3y4AXyq9RDJ5f3AZIEX8aBAr +AgMBAAGjUzBRMB0GA1UdDgQWBBTln4o7tJW/VyYSNJXbgrYYnIR3czAfBgNVHSME +GDAWgBTln4o7tJW/VyYSNJXbgrYYnIR3czAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQB8AzUs0DIVmuasZoN5ftBOzNB2XUHI3p95Yju3lF+9E0i4 +ZyAjqcQoNaDSHrd9bzhmQuLiPmN+dPEwGNhlg5ddclthfwY4qy+IxoIUM6L/vFlF +ApPx+XZK3zZtv/kXqjz8ZWA8Qj4BVWOo3XK4HodJkoMDIkhWPQXlA8BEJDNUnirl +8HTlibnihKvzGmZHEWvgm6YrUyS4YknUvafROW/EUm4Gl4zniFuLG8VVN/2dbJmy +v2xMsqji8Pf+2ZnZ/aXS0bg4hzGyPBljoifEI7lj0twg5zpEXeCZJ7BgsoFicgve +iYZV9yrDBHognEbFAIywiK3+GXrqAkvB/OQiGCTM +-----END CERTIFICATE----- diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.key b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.key new file mode 100644 index 0000000000000..048993cae880a --- /dev/null +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,2DF8E98BAAF74EB5 + +Y5r4e8s5XV7aUr12V0PSfr1+67J+Ao6fAG0fjxM0M7Qv3IIghS9OdW0YKoWc8h8e +tlJbSrEAnpvopROqCXh860XCdGrDwwTKVEnazgvXb64+CIcVuZXK/HesrBiQIUwz +O/rZKN8HKtM5KTfVqpCtNsCu6TDenkHUEz5uOaG3p3/rvhFtsGp/4PGt5slYt/Z8 +g5J0EJeLwRgJaRVR70/3LhmUryZxM4TPMvHjCU7GI4YbXzFzp8qbRSujWr4/l5qm +4Piid3pyxN1L47TviB6jRWt7XZrOcvr7Glqjuz0ak9beUyidL3QUJAgZGQD9O6zj +iPaGI/9AF01fAo9J8N7LDmGacPz9dvpvIsXOXfz+7COtXhKki2VqEx/XwWHz2opw +82uMj59bSBrCzf+Y417G60Me/mPuYdxiqRoFKsszrsH7HiQgQroBM/X8Trq6OmXc +CGDsYO0tUT0xYVFoW1j3rMGh4wV9z5G3LSKFtO54uHdGUmJUSFATcwOnME9acUUj +jG9qCn/dIkXjKIZ/jwaaA65GG/P60VGOJG+AjHbiBbEPXD/IA++Y4X2M2H4jvQrr +oG7bLD4Zaa/B88Jv7ymZh88SCZpYqd0I96G5DSzlzoNpqLwhNmcdy+ViSIqlFfD9 +HpbQwT0mQJeUPj8KmXtOl2GVunwNkdBEaRURXiD4l9CPCmFXGb1RKt02RY6Nvf6X +w9/SvipGsCaGbALoQb1UvKiL7JqU9eYoslYb84A+abbPQtiy7MBZqbyhNQ2PI2ct +FV1z+h5GV/wzI1y+CWeCJWhjysShMBNv/eOfp8iStkIqI7M+2qKHyzMusqZxov3Y +8QgcQqbDSR/mWZ4Kl1/h/RC+qPy20bgeYAT5VvXhBasu7Mzq+5qiZ+T9FK/nTkq6 +xLMYGLbFe2tRWJMBxeHVu/YuG8gwjWVrhalfFmWeh2skqPIeymGpTxU42XUaI4zr +7CVoyWalnMYZWbGculaVFutSyIlqshY0w56PXVpt5usow968rTw+Nf8YeQ/pLFi4 +r0fteQSOEXdwGgy8/fcvhzaPbgJfTcIbaRgP89q/HORYDjm/P03jHXmiT11ZeF84 +pqtGRTJqCbL7n/vc/5gXdvYt88alxEn9sIyhNugpXWp9EJefnyUscxI036wbBK4O +sNSewqIpp+kGn/Xf/PqfkKQVZkA9YacMcPiKoGVYExoujukfeHwZ/jq7geOqYa+H ++NPUd5VS8lxX/lhAt3Nit97UnJ2oQvbHsV/+eJ65/1e41hS0h1xpzd4HLhDoQEfV +Q0L+1h9cbwU/IyUXK+4fr4nUNolSYNzXfurGKDLVtjFpR+naupr2CwQU7gKHKikF +7GuogsTbtK9L3jkIla/lYTqKiJlz/vA6erTmI06aENt0DnnVKPaQZhJ8571lKmRV +xe+e56R4s0AZBOpZjykkr7hDWQ2QGwbgKOYHF9KRl/yQZwD1ezRu3feSUdPkRrLY +efPH24L0jEampqIhx4XGFbhYX/WnuvneA2oiswmB4zR4YT2F8PeMw4gd3t0nGljz +U/NbbQ7P5ZP8JjQbHecSIZf262mHCGuWtnul9T4DjTubyD3LO6AXxw== +-----END RSA PRIVATE KEY----- diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.p12 b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/ca.p12 new file mode 100644 index 0000000000000000000000000000000000000000..78e8e5a97ef4e398e10e90c8666ca3d76cad3014 GIT binary patch literal 1130 zcmV-w1eN$$ zLrxrqyGpH=-*iD~x{F&1K-)Xcxdk$(hU~zJ(2WT#YVrg42ISA^#pEWx6k+x_GM4bf zw)6o-vu>54r8YQB;J?O0_jZJ-ff)jkw6>=v<2-AntN0SWFIoa#Dk$xLt<92u8u-A6 zehO8Y;w1>cCJJG&<&~*7ST%V@ENr-u@x)YXG{LMVy0Z@L(dgzwa5*Ir-Eja0&T@7+ zq@02!fEqvjQzbtX#pFuK%rv)?y@zj&A)WD!=8S}xbO!~yG0d()`v@`5Nop&`e+EOM z0caspBLzWH9XlAELjxHF|E`HOYh@Giz3~=Ow$@aj(mJg^U5NQ_U0ge3rIdun-CnGGHKoI@>$M*pOW zJ)|H$m5*$_@s1WubTYZa4gRc8^v^A_?$lwcEU#*rE#2V4kEDd64^^f6`&VtR4SIpZ zgY+}{aPM~l8{>~ojfF1?5s+5m_dy3nSIAx5w2(Hg?Eci?FXLMo9$8xMUMP-`mrVSa zgb{$e8AB^oSxB<71yaRb;kpCp2FCX z;jcK07d)VB_@50wa#r!r)k~fr$VomJMW=1np=X66I2#70^_+~RqMifKrj%aO&a%Xb zxeot)Y(H;E?fG36tFc(kRM;r3rA%2|!6ii% z!#~%j&awt`4V}A6NCmQiC?;YwB4le;fpO!Y=Y4+}1?AYmE7622!t0|&Z@UZWh!etS zE$yYKU;xGH@%mNUxFKb9mqZc6UrQR{F&Ez_X43rP0OpWqU_FoA9j^!izuVvMPu0>; z9(E-yOa&c)yT$c3h5oJl3|nl%v(-@-1ec+h`koi9?bAQ`|`3t!PW{$bTmchRxB>Vu;=Gwh{;Km}^$K?qsDXjK4jePx;CSQnVu z@yKRziswH}*(6D8{n>iPs=)yGB*m#g7T*4(gFS0(YtmeD_Y$}m1KAutIB1uG5%0vZJX1QhI{ wI^l>bEBn06A+0s{etppvExFaQ7m literal 0 HcmV?d00001 diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.crt b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.crt new file mode 100644 index 0000000000000..a41d892f100dc --- /dev/null +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDszCCApugAwIBAgIVAImurbHhcSbc4LTPdTawV03y+KXtMA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTE4MTIxNDA1MDcwNloXDTI4MDcxNDA1MDcwNlowDzENMAsG +A1UEAxMEaHR0cDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAI5zBwHm +5kwiV3tYlOl0AEruYNUjRfYwQ2OtBIILCgnu0USMx4r1I6IoHDuLl9Z197I1UfSF +c49hG5U82gAFtWblYoITPkzW50sSB7un/rehXkwTIMbl0i024rWQfGGj6uGHmlU4 +T+2YWZNksdGEWx7pcG9WZ4r7rjCy7A0SbewhHmD9SxxZgfsW2UI1bu/iXKC8cb7L +DYBnYCDiYheAA3zOPm1zIB12BDsMuFBF4vIEHlxwOH9pH8jC6vuSEnMqTct81uN9 +6EwhPvEixrklffj3XDDYYQzoyF3yiabBt3PTm5v56IadcxjQZT/S5fGBuApTLfdV +w6aCzxTa0vEx0k0CAwEAAaOB4DCB3TAdBgNVHQ4EFgQUwQ35Nzes5weOuudemw3z +MK9ZlkcwHwYDVR0jBBgwFoAU5Z+KO7SVv1cmEjSV24K2GJyEd3MwgY8GA1UdEQSB +hzCBhIIJbG9jYWxob3N0ghdsb2NhbGhvc3Q2LmxvY2FsZG9tYWluNocEfwAAAYcQ +AAAAAAAAAAAAAAAAAAAAAYIKbG9jYWxob3N0NIIKbG9jYWxob3N0NoIVbG9jYWxo +b3N0LmxvY2FsZG9tYWlughdsb2NhbGhvc3Q0LmxvY2FsZG9tYWluNDAJBgNVHRME +AjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBQ7B6jdsMjT7qHQJV68kVdrJwDLekpWPvQ +f+YgPZaWkQoVI7rpBJGm7ZY49RI61JLA1SDxjHS3wL3EYRo1FuXwQj6K/h9wxrpn +is1Ib9IewxeueGhi0DMr+Wf5Nh6cDC7I0Uftr2NJsmwivZV9ZlECjckpIZjwIHpb +imtb27MBcVzWjVLL+NLDa2upuVVYdeiuIcbpMqjOFW7mn6/FczgbMjg8zOQG7+fF +pUEduOJDkmxLe14aKagqyaZDMpX1g1CiM3V899/kYXMPPP9F5f7WOg0+QGfBSig3 +3KNPfiQyaIeIePhtRC4iPgP1WI5QaiOVd0GwNwp1W39GeJv6/Wit +-----END CERTIFICATE----- diff --git a/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.key b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.key new file mode 100644 index 0000000000000..5a789a2e1553e --- /dev/null +++ b/x-pack/qa/reindex-tests-with-security/src/test/resources/ssl/http.key @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,73350501C44BDD9D + +3LAGS/e2rkuTBIyIVhFEFy/uG4gUJlJ+5rBTYkmxIfZWkUin+yEoThvJsYptiXCr +hjDIXhZkob2NVfEae9KRW6rETs/7ZwZfR5XpgeYbre8/JyfEo0I5QvcatZMAJ6Gz +3UEXnjIxrowg3voRW12oa6ppa8K1zwfr5y7GscCuJvL/eBp+/TkFAtCbcLwnvUBI +rZ3VjsUO5VvElRgmttI8L9zyt6KJA2laM6D/DZW25JYa++BNkFMBxP7DiEl+fmGL +x1d+ozHVxcxVANO/UrtkvBqyF5M9S69vbz0XSCZX/oV/a0IuzzHiZy0YnK2TPKZw +V6IgFPACzBoh4NSL/BKFmbw5jefQ11n80bGgQL7ijaKp0+1CdDo+0/My6RnpbbGK +lcKpPLTtkSL7/xD3YMbFZ/XbXBu14j8G5zZ3rD+QMYle+tVOJz5TALSEhqWZraS4 +eNnjUaodChAzolZep6fIL3lyy/2rWs0QmWxLR92NjfSp8C2yw2c0X9FrsTXiCiWS +N+1+Pd3j+IRH0r+p9BPvTWRIXHotm6MmhOhyQarj4+6bE6JYcQST7bu4d9c2ng9c +VyWNWh0MgVMeBxIZ5EIbX8oZSOHhAQco0lqazydNc5t2A4KzvSrkog4EH7Bm4Tqc +b0YiqL4A7Ars0qzVRngd+/Xmpzx+zJKTRw/klb3RzsfGmrzgcdMqLJh9vcwV74Et +m7M5+q8wwyQkj+u1c8YS9bqCbo7R3aw8iImg9AGiP0Tx646AspUUm9FO7SnASxb1 +e5+Hen0ggrMlX3iopUBHApmhkPYODKTlh0JyyVFidnDAJ5QV4RhAiTGdRE7GQMuv +2E9NnOk6Tkag5QAMiI9i8IhfMF3805OJAmvoindRT2cLYy1EjK42ohhkIOuD1SK/ +15NbNFe32f2QuHlkpk8xpj2yzJwk/tBBGAUqmmB1MjP1xnVrLlGPp/Dowq7lU6zk +iH+jzIL2EAIMjfHLarJAhVzzmY+hpotUTku5iBzYDIwjL8k9nB44WnYhkTJhqp6G +IF85G31SXo5qUXguZ31/yZoaepmi26uZH+737V4ni39JuI/5KXqZCrlkfO0IkSZH +X0Lmzgg5m6gVvilCdN67CYz4Px433/tj89FNyKqBodo2v7WekkHCvZEo52skwgCm +t5C/G4HZeGui8DErK3e+ePZd5aQ6KdVMMBZF46MpAgakLRtgHO63AjI9U8SjohwP +7AnVRaK7dTnueMW/00FdtK1QGBdeLcuiWdEKUs4NBrl00SuAXgadaeGkRuOtqOBx +0aKfKtRlFHQ2shUR8eixKwtGx1awQ25xo4HMfI8xk+waN4ieWiMNjNaXGUHLYF7f +qIxURNS/RSzpQevoDHg/lYzgiVtvqgEmH8mjURHq91MU9iM0qn7i05Yn33zFl5y9 +AHavhhM8qFDJ14LefTEAx39aJ0ZdeskBVPzYpXv6qlA4uDscJkOUuDG2vJxIlSnb +GeM1yqmbCrtYqJv5ygfNTQ+xycnwZAcRcxkdjenJ1XJscj8T2jUJAfL7qEUp+fMO +AodfQLZL40THoCy6AFZlFSy2mvr1yZ995Z7dyq30HpJE7BqH/z/4HpMn1rjTT/aE +-----END RSA PRIVATE KEY-----