Remove X-Pack PemUtils and DerParser #76004
Conversation
This commit removes the PemUtils and DerParser classes from X-Pack and converts all use of those classes to the versions in libs/ssl-config Relates: elastic#68719
|
Pinging @elastic/es-security (Team:Security) |
| + cert.getClass() + ")"); | ||
| } | ||
| } | ||
|
|
There was a problem hiding this comment.
This isn't exactly in scope for this PR, but a test case was using the new method so it made sense to add it now..
| } catch (AccessControlException securityException) { | ||
| throw blockedKeyConfigFile(securityException, environment, KEY_FILE, key); | ||
| } catch (GeneralSecurityException e) { | ||
| throw new IllegalStateException("Error parsing Private Key from: " + keyPath, e); |
There was a problem hiding this comment.
The X-Pack PemUtils would throw this IllegalStateException on GeneralSecurityException but the ssl-config version throws GeneralSecurityException.
This isn't the nicest way to handle it, but my plan is to get rid of this class (PEMKeyConfig) entirely, so I opted for the smallest possible change.
| assertThat(exception, throwableWithMessage( | ||
| "failed to initialize SSL " + sslManagerType + " - " + fileType + " file [" + fileName + "] does not exist")); | ||
| assertThat(exception, instanceOf(ElasticsearchException.class)); | ||
| // This is needed temporarily while we're converting from X-Pack SSL to libs/ssl-config |
There was a problem hiding this comment.
Because we've switched the PEM file reading over to ssl-config, but other scenarios are still using X-Pack, there's a mix of error messages in use.
This if is a temporary measure to keep this PR small, until we unify everything to depend on ssl-config.
|
@elasticmachine update branch |
5 participants
This commit removes the PemUtils and DerParser classes from X-Pack and
converts all use of those classes to the versions in libs/ssl-config
Relates: #68719