Path keystoreFile = keystorePath(configDir); if (Files.exists(keystoreFile) == false) { return null; return new KeyStoreWrapper(formatVersion, hasPassword, dataBytes);
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { if (options.has(forceOption) == false && return; keystore = KeyStoreWrapper.create(); keystore.save(env.configFile(), new char[0] /* always use empty passphrase for auto created keystore */); terminal.println("Created elasticsearch keystore in " + env.configFile()); } else { keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); throw new UserException(ExitCodes.USAGE, "The setting name can not be null"); if (keystore.getSettingNames().contains(setting) && options.has(forceOption) == false) { if (terminal.promptYesNo("Setting " + setting + " already exists. Overwrite?", false) == false) { terminal.println("Exiting without modifying keystore."); keystore.setString(setting, value); } catch (IllegalArgumentException e) { throw new UserException(ExitCodes.DATA_ERROR, "String value must contain only ASCII"); keystore.save(env.configFile(), new char[0]);
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { List<String> settings = arguments.values(options); if (settings.isEmpty()) { throw new UserException(ExitCodes.USAGE, "Must supply at least one setting to remove"); } KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one."); } keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); for (String setting : arguments.values(options)) { if (keystore.getSettingNames().contains(setting) == false) { throw new UserException(ExitCodes.CONFIG, "Setting [" + setting + "] does not exist in the keystore."); } keystore.remove(setting); } keystore.save(env.configFile(), new char[0]); } }
/** Upgrades the format of the keystore, if necessary. */ public static void upgrade(KeyStoreWrapper wrapper, Path configDir, char[] password) throws Exception { // ensure keystore.seed exists if (wrapper.getSettingNames().contains(SEED_SETTING.getKey())) { return; } addBootstrapSeed(wrapper); wrapper.save(configDir, password); }
/** Constructs a new keystore with the given password. */ public static KeyStoreWrapper create() { KeyStoreWrapper wrapper = new KeyStoreWrapper(FORMAT_VERSION, false, null); wrapper.entries.set(new HashMap<>()); addBootstrapSeed(wrapper); return wrapper; }
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one."); } keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); List<String> sortedEntries = new ArrayList<>(keystore.getSettingNames()); Collections.sort(sortedEntries); for (String entry : sortedEntries) { terminal.println(entry); } } }
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { if (options.has(forceOption) == false && return; keystore = KeyStoreWrapper.create(); keystore.save(env.configFile(), new char[0] /* always use empty passphrase for auto created keystore */); terminal.println("Created elasticsearch keystore in " + env.configFile()); } else { keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); if (keystore.getSettingNames().contains(setting) && options.has(forceOption) == false) { if (terminal.promptYesNo("Setting " + setting + " already exists. Overwrite?", false) == false) { terminal.println("Exiting without modifying keystore."); String.join(", ", argumentValues.subList(2, argumentValues.size())) + "] after filepath"); keystore.setFile(setting, Files.readAllBytes(file)); keystore.save(env.configFile(), new char[0]);
static SecureSettings loadSecureSettings(Environment initialEnv) throws BootstrapException { final KeyStoreWrapper keystore; try { keystore = KeyStoreWrapper.load(initialEnv.configFile()); } catch (IOException e) { throw new BootstrapException(e); } try { if (keystore == null) { final KeyStoreWrapper keyStoreWrapper = KeyStoreWrapper.create(); keyStoreWrapper.save(initialEnv.configFile(), new char[0]); return keyStoreWrapper; } else { keystore.decrypt(new char[0] /* TODO: read password from stdin */); KeyStoreWrapper.upgrade(keystore, initialEnv.configFile(), new char[0]); } } catch (Exception e) { throw new BootstrapException(e); } return keystore; }
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { Path keystoreFile = KeyStoreWrapper.keystorePath(env.configFile()); if (Files.exists(keystoreFile)) { if (terminal.promptYesNo("An elasticsearch keystore already exists. Overwrite?", false) == false) { terminal.println("Exiting without creating keystore."); return; } } char[] password = new char[0];// terminal.readSecret("Enter passphrase (empty for no passphrase): "); /* TODO: uncomment when entering passwords on startup is supported char[] passwordRepeat = terminal.readSecret("Enter same passphrase again: "); if (Arrays.equals(password, passwordRepeat) == false) { throw new UserException(ExitCodes.DATA_ERROR, "Passphrases are not equal, exiting."); }*/ KeyStoreWrapper keystore = KeyStoreWrapper.create(); keystore.save(env.configFile(), password); terminal.println("Created elasticsearch keystore in " + env.configFile()); } }
ensureOpen(); random.nextBytes(iv); byte[] encryptedBytes = encrypt(password, salt, iv); Path keystoreFile = keystorePath(configDir); Files.move(configDir.resolve(tmpFile), keystoreFile, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); PosixFileAttributeView attrs = Files.getFileAttributeView(keystoreFile, PosixFileAttributeView.class);
/** Add the bootstrap seed setting, which may be used as a unique, secure, random value by the node */ public static void addBootstrapSeed(KeyStoreWrapper wrapper) { assert wrapper.getSettingNames().contains(SEED_SETTING.getKey()) == false; SecureRandom random = Randomness.createSecure(); int passwordLength = 20; // Generate 20 character passwords char[] characters = new char[passwordLength]; for (int i = 0; i < passwordLength; ++i) { characters[i] = SEED_CHARS[random.nextInt(SEED_CHARS.length)]; } wrapper.setString(SEED_SETTING.getKey(), characters); Arrays.fill(characters, (char)0); }
/** Constructs a new keystore with the given password. */ static KeyStoreWrapper create(char[] password) throws Exception { KeyStoreWrapper wrapper = new KeyStoreWrapper(FORMAT_VERSION, password.length != 0, NEW_KEYSTORE_TYPE, NEW_KEYSTORE_STRING_KEY_ALGO, NEW_KEYSTORE_FILE_KEY_ALGO, new HashMap<>(), null); KeyStore keyStore = KeyStore.getInstance(NEW_KEYSTORE_TYPE); keyStore.load(null, null); wrapper.keystore.set(keyStore); wrapper.keystorePassword.set(new KeyStore.PasswordProtection(password)); return wrapper; }
Path keystoreFile = keystorePath(configDir); Files.move(configDir.resolve(tmpFile), keystoreFile, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); PosixFileAttributeView attrs = Files.getFileAttributeView(keystoreFile, PosixFileAttributeView.class);
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one."); keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); if (keystore.getSettingNames().contains(setting) && options.has(forceOption) == false) { if (terminal.promptYesNo("Setting " + setting + " already exists. Overwrite?", false) == false) { terminal.println("Exiting without modifying keystore."); String.join(", ", argumentValues.subList(2, argumentValues.size())) + "] after filepath"); keystore.setFile(setting, Files.readAllBytes(file)); keystore.save(env.configFile());
static SecureSettings loadSecureSettings(Environment initialEnv) throws BootstrapException { final KeyStoreWrapper keystore; try { keystore = KeyStoreWrapper.load(initialEnv.configFile()); } catch (IOException e) { throw new BootstrapException(e); } try { if (keystore == null) { final KeyStoreWrapper keyStoreWrapper = KeyStoreWrapper.create(); keyStoreWrapper.save(initialEnv.configFile(), new char[0]); return keyStoreWrapper; } else { keystore.decrypt(new char[0] /* TODO: read password from stdin */); KeyStoreWrapper.upgrade(keystore, initialEnv.configFile(), new char[0]); } } catch (Exception e) { throw new BootstrapException(e); } return keystore; }
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { KeyStoreWrapper keystore = KeyStoreWrapper.load(env.configFile()); if (keystore == null) { throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found. Use 'create' command to create one."); } keystore.decrypt(new char[0] /* TODO: prompt for password when they are supported */); List<String> sortedEntries = new ArrayList<>(keystore.getSettingNames()); Collections.sort(sortedEntries); for (String entry : sortedEntries) { terminal.println(entry); } } }
@Override protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception { Path keystoreFile = KeyStoreWrapper.keystorePath(env.configFile()); if (Files.exists(keystoreFile)) { if (terminal.promptYesNo("An elasticsearch keystore already exists. Overwrite?", false) == false) { terminal.println("Exiting without creating keystore."); return; } } char[] password = new char[0];// terminal.readSecret("Enter passphrase (empty for no passphrase): "); /* TODO: uncomment when entering passwords on startup is supported char[] passwordRepeat = terminal.readSecret("Enter same passphrase again: "); if (Arrays.equals(password, passwordRepeat) == false) { throw new UserException(ExitCodes.DATA_ERROR, "Passphrases are not equal, exiting."); }*/ KeyStoreWrapper keystore = KeyStoreWrapper.create(password); keystore.save(env.configFile()); terminal.println("Created elasticsearch keystore in " + env.configFile()); } }
/** Upgrades the format of the keystore, if necessary. */ public static void upgrade(KeyStoreWrapper wrapper, Path configDir, char[] password) throws Exception { // ensure keystore.seed exists if (wrapper.getSettingNames().contains(SEED_SETTING.getKey())) { return; } addBootstrapSeed(wrapper); wrapper.save(configDir, password); }
ensureOpen(); random.nextBytes(iv); byte[] encryptedBytes = encrypt(password, salt, iv); Path keystoreFile = keystorePath(configDir); Files.move(configDir.resolve(tmpFile), keystoreFile, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); PosixFileAttributeView attrs = Files.getFileAttributeView(keystoreFile, PosixFileAttributeView.class);