From 9a46fbb7dad35651cd0956b765dfd57adbf9aff6 Mon Sep 17 00:00:00 2001 From: Patrick Mueller Date: Fri, 28 Feb 2020 17:23:56 -0500 Subject: [PATCH] change to have kibana --ssl cli option use more recent certs (#57933) * change to have --ssl cli option use more recent certs * also configure 'server.ssl.certificateAuthorities' per PR review * delete theoretically now-unused ssl creds --- src/cli/dev_ssl.js | 22 ---------------------- src/cli/serve/serve.js | 12 +++++------- test/dev_certs/server.crt | 20 -------------------- test/dev_certs/server.key | 27 --------------------------- 4 files changed, 5 insertions(+), 76 deletions(-) delete mode 100644 src/cli/dev_ssl.js delete mode 100644 test/dev_certs/server.crt delete mode 100644 test/dev_certs/server.key diff --git a/src/cli/dev_ssl.js b/src/cli/dev_ssl.js deleted file mode 100644 index 110f44ee57b7d..0000000000000 --- a/src/cli/dev_ssl.js +++ /dev/null @@ -1,22 +0,0 @@ -/* - * Licensed to Elasticsearch B.V. under one or more contributor - * license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright - * ownership. Elasticsearch B.V. licenses this file to you under - * the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -import { resolve } from 'path'; -export const DEV_SSL_CERT_PATH = resolve(__dirname, '../../test/dev_certs/server.crt'); -export const DEV_SSL_KEY_PATH = resolve(__dirname, '../../test/dev_certs/server.key'); diff --git a/src/cli/serve/serve.js b/src/cli/serve/serve.js index be3fc319389d7..29d0fe16ee126 100644 --- a/src/cli/serve/serve.js +++ b/src/cli/serve/serve.js @@ -28,8 +28,6 @@ import { getConfigPath } from '../../core/server/path'; import { bootstrap } from '../../core/server'; import { readKeystore } from './read_keystore'; -import { DEV_SSL_CERT_PATH, DEV_SSL_KEY_PATH } from '../dev_ssl'; - function canRequire(path) { try { require.resolve(path); @@ -90,7 +88,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) { if (opts.ssl) { // @kbn/dev-utils is part of devDependencies - const { CA_CERT_PATH } = require('@kbn/dev-utils'); + const { CA_CERT_PATH, KBN_KEY_PATH, KBN_CERT_PATH } = require('@kbn/dev-utils'); const customElasticsearchHosts = opts.elasticsearch ? opts.elasticsearch.split(',') : [].concat(get('elasticsearch.hosts') || []); @@ -104,6 +102,7 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) { ensureNotDefined('server.ssl.key'); ensureNotDefined('server.ssl.keystore.path'); ensureNotDefined('server.ssl.truststore.path'); + ensureNotDefined('server.ssl.certificateAuthorities'); ensureNotDefined('elasticsearch.ssl.certificateAuthorities'); const elasticsearchHosts = ( @@ -121,10 +120,9 @@ function applyConfigOverrides(rawConfig, opts, extraCliOptions) { }); set('server.ssl.enabled', true); - // TODO: change this cert/key to KBN_CERT_PATH and KBN_KEY_PATH from '@kbn/dev-utils'; will require some work to avoid breaking - // functional tests. Once that is done, the existing test cert/key at DEV_SSL_CERT_PATH and DEV_SSL_KEY_PATH can be deleted. - set('server.ssl.certificate', DEV_SSL_CERT_PATH); - set('server.ssl.key', DEV_SSL_KEY_PATH); + set('server.ssl.certificate', KBN_CERT_PATH); + set('server.ssl.key', KBN_KEY_PATH); + set('server.ssl.certificateAuthorities', CA_CERT_PATH); set('elasticsearch.hosts', elasticsearchHosts); set('elasticsearch.ssl.certificateAuthorities', CA_CERT_PATH); } diff --git a/test/dev_certs/server.crt b/test/dev_certs/server.crt deleted file mode 100644 index c7a39de4b517a..0000000000000 --- a/test/dev_certs/server.crt +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDMDCCAhgCCQCkOD7fnHiQrTANBgkqhkiG9w0BAQUFADBZMQswCQYDVQQGEwJB -VTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0 -cyBQdHkgTHRkMRIwEAYDVQQDEwlsb2NhbGhvc3QwIBcNMTYwMTE5MjExNjQ5WhgP -MjA4NDAyMDYyMTE2NDlaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0 -YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMT -CWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALR63SnR -LW/Dgl0Vuy8gB6KjWwvajRWeXNgvlf6LX56oNsUFREHBLQlC2uT5R26F3tOqCDbs -MFNoyDjMBinXRRFJJ2Sokue7GSsGvBv41LMTHnO/MeCCbEOqghJS/QI89cV+u+Aw -9U+v426KAlCa1sGuE2+3/JvqdBQyheiukmGLiJ0OofpfgpYuFmKi2uYBKU3qzjUx -D01wQ4rCpq5nEnksGhgBeBDnheYmmDsj/wDvnz1exK/WprvTiHQ5MwuIQ4OybwgV -WDF+zv8PXrObrsZvD/ulrjh1cakvnCe2kDYEKMRiHUDesHS2jNJkBUe+FJo4/E3U -pFoYOtdoBe69BIUCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAQhjF91G0R662XJJ7 -jGMudA9VbRVCow8s68I/GWPZmpKxPAxwz0xiv1eFIoiP416LX9amnx3yAmUoN4Wr -Cq0jsgyT1AOiSCdxkvYsqQG3SFVVt5BDLjThH66Vxi7Bach6SyATa1NG588mg7n9 -pPJ4A1rcj+5kZuwnd52kfVLP+535lylwMyoyJa2AskieRPLNSzus2eUDTR6F+9Mb -eLOwp5rMl2nNYfLXUCSqEeC6uPu0yq6Tu0N0SjThfKndd2NU1fk3zyOjxyCIhGPe -G8VhrPY4lkJ9EE9Tuq095jwd1+q9fYzlKZWhOmg+IcOwUMgbgeWpeZTAhUIZAnia -4UH6NA== ------END CERTIFICATE----- diff --git a/test/dev_certs/server.key b/test/dev_certs/server.key deleted file mode 100644 index 5a6dfea9dc7e4..0000000000000 --- a/test/dev_certs/server.key +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAtHrdKdEtb8OCXRW7LyAHoqNbC9qNFZ5c2C+V/otfnqg2xQVE -QcEtCULa5PlHboXe06oINuwwU2jIOMwGKddFEUknZKiS57sZKwa8G/jUsxMec78x -4IJsQ6qCElL9Ajz1xX674DD1T6/jbooCUJrWwa4Tb7f8m+p0FDKF6K6SYYuInQ6h -+l+Cli4WYqLa5gEpTerONTEPTXBDisKmrmcSeSwaGAF4EOeF5iaYOyP/AO+fPV7E -r9amu9OIdDkzC4hDg7JvCBVYMX7O/w9es5uuxm8P+6WuOHVxqS+cJ7aQNgQoxGId -QN6wdLaM0mQFR74Umjj8TdSkWhg612gF7r0EhQIDAQABAoIBADNwfU6o3vFm4OYV -BofU8jgppQ6I2QNbYoz/axnksXkv6oRXDvBK1cI4+tieL/zRTQQ5ByRYRyHO0JpX -lD4iq/3UQtUOsug3TGIWBlFWp5DulxRYXyflJGRY2b/NRW144HfMulGYwqJWuFTO -IwDEUQdczQ9fejEaLsF+8Omzr+b6+mEDewqoHb4mbr7gXMdkK85FU2tjWRHlUR+N -GMXRhQQE7o76UyYwNRbI418LaZitHcVYMKSsyU/+Uo/ivzD793OFzk5sDR9eThgi -B50yK2ClB+1bUfis18TXMtC4mZZeypTWifJpBzIiVLMBuN7/Y0HrSomIzyPC7ytW -5jZWCOECgYEA4k+AEmYOiIfPajT3YfG3y0Dptoup9x6zkzVNZnde3LgGRfezzJ7S -+lGbLNnIiuxAeHwZnyrptO0cgm0+SOCRwGXqySkl14WzD1P684nRwlQkzKv/50mZ -ZMUjM83SuIzh8mLv3F5xQ9td5R/y2kCw4YgyYHvhp1nLxEdwPbjtttkCgYEAzCgr -wlP0Uu5PlaSMKSbtmC6tHGv+kgTLM89V6o71+HiUTG6TWGmM+6XlT1cfVWE+27np -MsYoFTKI/meAeJwm+0pxEwemHgrgffkdmsWpTByLaOY1t/eNHagaLCGm2ZRu/WK7 -oltV18kPijnmFs1uZLvlBkxmkadrVAj/cw5uZ40CgYBFZt/9xHJ8iDmhdnDPBpO4 -r0V9B8Ot1yp24IfF/qGGyqCR4G6xN5u3zELsNDV99QmoaVZqK3zUUUrG7L2HF+da -u2aPHiFOwN+yuaxh90fucmN+qNinkziJYLN09Y/DrOC1toWcbRILH0DiPTP6npAf -+eaJFDSVX8JPhSD0rLupsQKBgEzILuz/NjyadEQLhstTYLiDlYfC9hNkyifKKr30 -1n2EnAHC9Jej2uoqEnwsgBRUZpes7A+0hw6x2uQTeTXjRKXt8Wj+z3MtFBFMx92V -yX5ene/t5PYznFczCeTfIylhsfyKTZdaUoa9j6Kk8+xPht1L7W7Y/Rp6pNsOJ0TW -gJ9hAoGBAOJDNPkmH1hY64bvR6P0zEyedClhxIclPHgCrntFTlspkMj/QY48K6IP -R8SZ5jDpxAquQDgvpiuZRDYMHBRJkUe2VpHJFYGl1MLTfoBYn1IH401ixUSBYxAW -yfE7/zMDZUov2Uu8Muto5R/yNHEKBMOLGjadkADhRIHbW4WG1yVr ------END RSA PRIVATE KEY-----