2
2
// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
3
3
// See the LICENSE file in the project root for more information
4
4
5
+ using System ;
5
6
using System . IO ;
6
7
using System . IO . Compression ;
7
8
using System . Linq ;
@@ -39,6 +40,12 @@ public override void Run(IEphemeralCluster<EphemeralClusterConfiguration> cluste
39
40
if ( ! cluster . ClusterConfiguration . EnableSsl ) return ;
40
41
41
42
var config = cluster . ClusterConfiguration ;
43
+
44
+ if ( Directory . Exists ( config . FileSystem . CertificatesPath ) )
45
+ {
46
+ cluster . Writer . WriteDiagnostic ( $ "{{{nameof(GenerateCertificatesTask)}}} Skipping certificate generation as ${{{config.FileSystem.CertificatesPath}}} already exists") ;
47
+ return ;
48
+ }
42
49
43
50
var fileSystem = cluster . FileSystem ;
44
51
//due to a bug in certgen this file needs to live in two places
@@ -80,7 +87,12 @@ private static void GenerateCertificates(IEphemeralCluster<EphemeralClusterConfi
80
87
var config = cluster . ClusterConfiguration ;
81
88
var name = config . FileSystem . CertificateFolderName ;
82
89
var path = config . FileSystem . CertificatesPath ;
83
- NewOrCachedCertificates ( cluster , name , path , silentModeConfigFile , writer ) ;
90
+ NewOrCachedCertificates ( cluster , "ca-certificates" , path , writer ,
91
+ zipLocation => GenerateCaCertificate ( config , zipLocation , writer ) ,
92
+ "8.0.0" ) ;
93
+ NewOrCachedCertificates ( cluster , name , path , writer ,
94
+ zipLocation => GenerateCertificate ( config , name , path , zipLocation , silentModeConfigFile , writer )
95
+ ) ;
84
96
}
85
97
86
98
private static void GenerateUnusedCertificates ( IEphemeralCluster < EphemeralClusterConfiguration > cluster ,
@@ -89,16 +101,23 @@ private static void GenerateUnusedCertificates(IEphemeralCluster<EphemeralCluste
89
101
var config = cluster . ClusterConfiguration ;
90
102
var name = config . FileSystem . UnusedCertificateFolderName ;
91
103
var path = config . FileSystem . UnusedCertificatesPath ;
92
- NewOrCachedCertificates ( cluster , name , path , silentModeConfigFile , writer ) ;
104
+ NewOrCachedCertificates ( cluster , "unused-ca-certificates" , path , writer ,
105
+ zipLocation => GenerateCaCertificate ( config , zipLocation , writer ) ,
106
+ "8.0.0" ) ;
107
+ NewOrCachedCertificates ( cluster , name , path , writer ,
108
+ zipLocation => GenerateCertificate ( config , name , path , zipLocation , silentModeConfigFile , writer )
109
+ ) ;
93
110
}
94
111
95
112
private static void NewOrCachedCertificates ( IEphemeralCluster < EphemeralClusterConfiguration > cluster ,
96
- string name , string path , string silentModeConfigFile , IConsoleLineHandler writer )
113
+ string name , string path , IConsoleLineHandler writer , Action < string > generateCertificateAction , string minVersion = null )
97
114
{
98
115
var config = cluster . ClusterConfiguration ;
99
116
var cachedEsHomeFolder = Path . Combine ( config . FileSystem . LocalFolder , cluster . GetCacheFolderName ( ) ) ;
100
117
var zipLocationCache = Path . Combine ( cachedEsHomeFolder , name ) + ".zip" ;
101
118
119
+ if ( minVersion != null && config . Version < minVersion ) return ;
120
+
102
121
if ( File . Exists ( zipLocationCache ) )
103
122
{
104
123
writer . WriteDiagnostic (
@@ -110,7 +129,7 @@ private static void NewOrCachedCertificates(IEphemeralCluster<EphemeralClusterCo
110
129
var zipLocation = config . Version >= "6.3.0"
111
130
? Path . Combine ( config . FileSystem . ConfigPath , name ) + ".zip"
112
131
: Path . Combine ( config . FileSystem . ConfigPath , "x-pack" , name ) + ".zip" ;
113
- GenerateCertificate ( config , name , path , zipLocation , silentModeConfigFile , writer ) ;
132
+ generateCertificateAction ( zipLocation ) ;
114
133
115
134
if ( ! File . Exists ( zipLocationCache ) )
116
135
{
@@ -133,17 +152,17 @@ private static void GenerateCertificate(EphemeralClusterConfiguration config, st
133
152
: Path . Combine ( fs . ElasticsearchHome , "bin" , "elasticsearch-certutil" ) + BinarySuffix
134
153
: Path . Combine ( fs . ElasticsearchHome , "bin" , "x-pack" , "certgen" ) + BinarySuffix ;
135
154
136
-
137
- if ( ! Directory . Exists ( path ) )
138
- {
139
- if ( config . Version < "7 .0.0" )
140
- ExecuteBinary ( config , writer , binary , "generating ssl certificates for this session" ,
141
- "-in" , silentModeConfigFile , "-out" , @out ) ;
142
- else
143
- ExecuteBinary ( config , writer , binary , "generating ssl certificates for this session" ,
144
- "cert ",
145
- "-in ", silentModeConfigFile , "-out" , @out ) ;
146
- }
155
+ if ( config . Version < "7.0.0" )
156
+ ExecuteBinary ( config , writer , binary , "generating ssl certificates for this session" ,
157
+ "-in" , silentModeConfigFile , "-out" , @out ) ;
158
+ else if ( config . Version < "8 .0.0" )
159
+ ExecuteBinary ( config , writer , binary , "generating ssl certificates for this session" ,
160
+ "cert" ,
161
+ "--in" , silentModeConfigFile , "--out" , @out ) ;
162
+ else
163
+ ExecuteBinary ( config , writer , binary , "generating ssl certificates for this session ",
164
+ "cert ", "--pem" ,
165
+ "--in" , silentModeConfigFile , "--out" , @out , "--ca-cert" , fs . CaCertificate , "--ca-key" , fs . CaPrivateKey ) ;
147
166
148
167
var badLocation = Path . Combine ( config . FileSystem . ElasticsearchHome , "config" , "x-pack" , @out ) ;
149
168
//not necessary anymore now that we patch .in.bat i think
@@ -154,14 +173,25 @@ private static void GenerateCertificate(EphemeralClusterConfiguration config, st
154
173
}
155
174
}
156
175
176
+ private static void GenerateCaCertificate ( EphemeralClusterConfiguration config ,
177
+ string zipLocation , IConsoleLineHandler writer )
178
+ {
179
+ if ( config . Version < "8.0.0" ) return ;
180
+
181
+ var binary = Path . Combine ( config . FileSystem . ElasticsearchHome , "bin" , "elasticsearch-certutil" ) + BinarySuffix ;
182
+
183
+ ExecuteBinary ( config , writer , binary , "generating CA certificate for this session" ,
184
+ "ca" , "--pem" , "--out" , zipLocation ) ;
185
+ }
186
+
157
187
158
188
private static void UnpackCertificatesZip ( string zipLocation , string outFolder , IConsoleLineHandler writer )
159
189
{
160
- if ( Directory . Exists ( outFolder ) ) return ;
161
-
162
190
writer . WriteDiagnostic ( $ "{{{nameof(GenerateCertificatesTask)}}} unzipping certificates to { outFolder } ") ;
163
191
Directory . CreateDirectory ( outFolder ) ;
192
+
164
193
ZipFile . ExtractToDirectory ( zipLocation , outFolder ) ;
194
+
165
195
}
166
196
}
167
197
}
0 commit comments