diff --git a/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java b/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java index c776a5e29b..09612a71fa 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/Certificates.java @@ -17,153 +17,284 @@ public enum Certificates { ADMIN_CERT( "kirk.pem", - "-----BEGIN CERTIFICATE-----\n" - + "MIIEmDCCA4CgAwIBAgIUZjrlDPP8azRDPZchA/XEsx0X2iYwDQYJKoZIhvcNAQEL\n" - + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt\n" - + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl\n" - + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v\n" - + "dCBDQTAeFw0yMzA4MjkyMDA2MzdaFw0zMzA4MjYyMDA2MzdaME0xCzAJBgNVBAYT\n" - + "AmRlMQ0wCwYDVQQHDAR0ZXN0MQ8wDQYDVQQKDAZjbGllbnQxDzANBgNVBAsMBmNs\n" - + "aWVudDENMAsGA1UEAwwEa2lyazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC\n" - + "ggEBAJVcOAQlCiuB9emCljROAXnlsPbG7PE3kNz2sN+BbGuw686Wgyl3uToVHvVs\n" - + "paMmLUqm1KYz9wMSWTIBZgpJ9hYaIbGxD4RBb7qTAJ8Q4ddCV2f7T4lxao/6ixI+\n" - + "O0l/BG9E3mRGo/r0w+jtTQ3aR2p6eoxaOYbVyEMYtFI4QZTkcgGIPGxm05y8xonx\n" - + "vV5pbSW9L7qAVDzQC8EYGQMMI4ccu0NcHKWtmTYJA/wDPE2JwhngHwbcIbc4cDz6\n" - + "cG0S3FmgiKGuuSqUy35v/k3y7zMHQSdx7DSR2tzhH/bBL/9qGvpT71KKrxPtaxS0\n" - + "bAqPcEkKWDo7IMlGGW7LaAWfGg8CAwEAAaOCASswggEnMAwGA1UdEwEB/wQCMAAw\n" - + "DgYDVR0PAQH/BAQDAgXgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMIHPBgNVHSME\n" - + "gccwgcSAFBeH36Ba62YSp9XQ+LoSRTy3KwCcoYGVpIGSMIGPMRMwEQYKCZImiZPy\n" - + "LGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQRXhh\n" - + "bXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290IENB\n" - + "MSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0GCFHfkrz782p+T9k0G\n" - + "xGeM4+BrehWKMB0GA1UdDgQWBBSjMS8tgguX/V7KSGLoGg7K6XMzIDANBgkqhkiG\n" - + "9w0BAQsFAAOCAQEANMwD1JYlwAh82yG1gU3WSdh/tb6gqaSzZK7R6I0L7slaXN9m\n" - + "y2ErUljpTyaHrdiBFmPhU/2Kj2r+fIUXtXdDXzizx/JdmueT0nG9hOixLqzfoC9p\n" - + "fAhZxM62RgtyZoaczQN82k1/geMSwRpEndFe3OH7arkS/HSbIFxQhAIy229eWe5d\n" - + "1bUzP59iu7f3r567I4ob8Vy7PP+Ov35p7Vv4oDHHwgsdRzX6pvL6mmwVrQ3BfVec\n" - + "h9Dqprr+ukYmjho76g6k5cQuRaB6MxqldzUg+2E7IHQP8MCF+co51uZq2nl33mtp\n" - + "RGr6JbdHXc96zsLTL3saJQ8AWEfu1gbTVrwyRA==\n" + "-----BEGIN CERTIFICATE-----" + + System.lineSeparator() + + "MIIEmDCCA4CgAwIBAgIUZjrlDPP8azRDPZchA/XEsx0X2iYwDQYJKoZIhvcNAQEL" + + System.lineSeparator() + + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt" + + System.lineSeparator() + + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl" + + System.lineSeparator() + + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v" + + System.lineSeparator() + + "dCBDQTAeFw0yMzA4MjkyMDA2MzdaFw0zMzA4MjYyMDA2MzdaME0xCzAJBgNVBAYT" + + System.lineSeparator() + + "AmRlMQ0wCwYDVQQHDAR0ZXN0MQ8wDQYDVQQKDAZjbGllbnQxDzANBgNVBAsMBmNs" + + System.lineSeparator() + + "aWVudDENMAsGA1UEAwwEa2lyazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC" + + System.lineSeparator() + + "ggEBAJVcOAQlCiuB9emCljROAXnlsPbG7PE3kNz2sN+BbGuw686Wgyl3uToVHvVs" + + System.lineSeparator() + + "paMmLUqm1KYz9wMSWTIBZgpJ9hYaIbGxD4RBb7qTAJ8Q4ddCV2f7T4lxao/6ixI+" + + System.lineSeparator() + + "O0l/BG9E3mRGo/r0w+jtTQ3aR2p6eoxaOYbVyEMYtFI4QZTkcgGIPGxm05y8xonx" + + System.lineSeparator() + + "vV5pbSW9L7qAVDzQC8EYGQMMI4ccu0NcHKWtmTYJA/wDPE2JwhngHwbcIbc4cDz6" + + System.lineSeparator() + + "cG0S3FmgiKGuuSqUy35v/k3y7zMHQSdx7DSR2tzhH/bBL/9qGvpT71KKrxPtaxS0" + + System.lineSeparator() + + "bAqPcEkKWDo7IMlGGW7LaAWfGg8CAwEAAaOCASswggEnMAwGA1UdEwEB/wQCMAAw" + + System.lineSeparator() + + "DgYDVR0PAQH/BAQDAgXgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMCMIHPBgNVHSME" + + System.lineSeparator() + + "gccwgcSAFBeH36Ba62YSp9XQ+LoSRTy3KwCcoYGVpIGSMIGPMRMwEQYKCZImiZPy" + + System.lineSeparator() + + "LGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQRXhh" + + System.lineSeparator() + + "bXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290IENB" + + System.lineSeparator() + + "MSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0GCFHfkrz782p+T9k0G" + + System.lineSeparator() + + "xGeM4+BrehWKMB0GA1UdDgQWBBSjMS8tgguX/V7KSGLoGg7K6XMzIDANBgkqhkiG" + + System.lineSeparator() + + "9w0BAQsFAAOCAQEANMwD1JYlwAh82yG1gU3WSdh/tb6gqaSzZK7R6I0L7slaXN9m" + + System.lineSeparator() + + "y2ErUljpTyaHrdiBFmPhU/2Kj2r+fIUXtXdDXzizx/JdmueT0nG9hOixLqzfoC9p" + + System.lineSeparator() + + "fAhZxM62RgtyZoaczQN82k1/geMSwRpEndFe3OH7arkS/HSbIFxQhAIy229eWe5d" + + System.lineSeparator() + + "1bUzP59iu7f3r567I4ob8Vy7PP+Ov35p7Vv4oDHHwgsdRzX6pvL6mmwVrQ3BfVec" + + System.lineSeparator() + + "h9Dqprr+ukYmjho76g6k5cQuRaB6MxqldzUg+2E7IHQP8MCF+co51uZq2nl33mtp" + + System.lineSeparator() + + "RGr6JbdHXc96zsLTL3saJQ8AWEfu1gbTVrwyRA==" + + System.lineSeparator() + "-----END CERTIFICATE-----" ), ADMIN_CERT_KEY( "kirk-key.pem", - "-----BEGIN PRIVATE KEY-----\n" - + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVXDgEJQorgfXp\n" - + "gpY0TgF55bD2xuzxN5Dc9rDfgWxrsOvOloMpd7k6FR71bKWjJi1KptSmM/cDElky\n" - + "AWYKSfYWGiGxsQ+EQW+6kwCfEOHXQldn+0+JcWqP+osSPjtJfwRvRN5kRqP69MPo\n" - + "7U0N2kdqenqMWjmG1chDGLRSOEGU5HIBiDxsZtOcvMaJ8b1eaW0lvS+6gFQ80AvB\n" - + "GBkDDCOHHLtDXBylrZk2CQP8AzxNicIZ4B8G3CG3OHA8+nBtEtxZoIihrrkqlMt+\n" - + "b/5N8u8zB0Encew0kdrc4R/2wS//ahr6U+9Siq8T7WsUtGwKj3BJClg6OyDJRhlu\n" - + "y2gFnxoPAgMBAAECggEAP5TOycDkx+megAWVoHV2fmgvgZXkBrlzQwUG/VZQi7V4\n" - + "ZGzBMBVltdqI38wc5MtbK3TCgHANnnKgor9iq02Z4wXDwytPIiti/ycV9CDRKvv0\n" - + "TnD2hllQFjN/IUh5n4thHWbRTxmdM7cfcNgX3aZGkYbLBVVhOMtn4VwyYu/Mxy8j\n" - + "xClZT2xKOHkxqwmWPmdDTbAeZIbSv7RkIGfrKuQyUGUaWhrPslvYzFkYZ0umaDgQ\n" - + "OAthZew5Bz3OfUGOMPLH61SVPuJZh9zN1hTWOvT65WFWfsPd2yStI+WD/5PU1Doo\n" - + "1RyeHJO7s3ug8JPbtNJmaJwHe9nXBb/HXFdqb976yQKBgQDNYhpu+MYSYupaYqjs\n" - + "9YFmHQNKpNZqgZ4ceRFZ6cMJoqpI5dpEMqToFH7tpor72Lturct2U9nc2WR0HeEs\n" - + "/6tiptyMPTFEiMFb1opQlXF2ae7LeJllntDGN0Q6vxKnQV+7VMcXA0Y8F7tvGDy3\n" - + "qJu5lfvB1mNM2I6y/eMxjBuQhwKBgQC6K41DXMFro0UnoO879pOQYMydCErJRmjG\n" - + "/tZSy3Wj4KA/QJsDSViwGfvdPuHZRaG9WtxdL6kn0w1exM9Rb0bBKl36lvi7o7xv\n" - + "M+Lw9eyXMkww8/F5d7YYH77gIhGo+RITkKI3+5BxeBaUnrGvmHrpmpgRXWmINqr0\n" - + "0jsnN3u0OQKBgCf45vIgItSjQb8zonLz2SpZjTFy4XQ7I92gxnq8X0Q5z3B+o7tQ\n" - + "K/4rNwTju/sGFHyXAJlX+nfcK4vZ4OBUJjP+C8CTjEotX4yTNbo3S6zjMyGQqDI5\n" - + "9aIOUY4pb+TzeUFJX7If5gR+DfGyQubvvtcg1K3GHu9u2l8FwLj87sRzAoGAflQF\n" - + "RHuRiG+/AngTPnZAhc0Zq0kwLkpH2Rid6IrFZhGLy8AUL/O6aa0IGoaMDLpSWUJp\n" - + "nBY2S57MSM11/MVslrEgGmYNnI4r1K25xlaqV6K6ztEJv6n69327MS4NG8L/gCU5\n" - + "3pEm38hkUi8pVYU7in7rx4TCkrq94OkzWJYurAkCgYATQCL/rJLQAlJIGulp8s6h\n" - + "mQGwy8vIqMjAdHGLrCS35sVYBXG13knS52LJHvbVee39AbD5/LlWvjJGlQMzCLrw\n" - + "F7oILW5kXxhb8S73GWcuMbuQMFVHFONbZAZgn+C9FW4l7XyRdkrbR1MRZ2km8YMs\n" - + "/AHmo368d4PSNRMMzLHw8Q==\n" + "-----BEGIN PRIVATE KEY-----" + + System.lineSeparator() + + "MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCVXDgEJQorgfXp" + + System.lineSeparator() + + "gpY0TgF55bD2xuzxN5Dc9rDfgWxrsOvOloMpd7k6FR71bKWjJi1KptSmM/cDElky" + + System.lineSeparator() + + "AWYKSfYWGiGxsQ+EQW+6kwCfEOHXQldn+0+JcWqP+osSPjtJfwRvRN5kRqP69MPo" + + System.lineSeparator() + + "7U0N2kdqenqMWjmG1chDGLRSOEGU5HIBiDxsZtOcvMaJ8b1eaW0lvS+6gFQ80AvB" + + System.lineSeparator() + + "GBkDDCOHHLtDXBylrZk2CQP8AzxNicIZ4B8G3CG3OHA8+nBtEtxZoIihrrkqlMt+" + + System.lineSeparator() + + "b/5N8u8zB0Encew0kdrc4R/2wS//ahr6U+9Siq8T7WsUtGwKj3BJClg6OyDJRhlu" + + System.lineSeparator() + + "y2gFnxoPAgMBAAECggEAP5TOycDkx+megAWVoHV2fmgvgZXkBrlzQwUG/VZQi7V4" + + System.lineSeparator() + + "ZGzBMBVltdqI38wc5MtbK3TCgHANnnKgor9iq02Z4wXDwytPIiti/ycV9CDRKvv0" + + System.lineSeparator() + + "TnD2hllQFjN/IUh5n4thHWbRTxmdM7cfcNgX3aZGkYbLBVVhOMtn4VwyYu/Mxy8j" + + System.lineSeparator() + + "xClZT2xKOHkxqwmWPmdDTbAeZIbSv7RkIGfrKuQyUGUaWhrPslvYzFkYZ0umaDgQ" + + System.lineSeparator() + + "OAthZew5Bz3OfUGOMPLH61SVPuJZh9zN1hTWOvT65WFWfsPd2yStI+WD/5PU1Doo" + + System.lineSeparator() + + "1RyeHJO7s3ug8JPbtNJmaJwHe9nXBb/HXFdqb976yQKBgQDNYhpu+MYSYupaYqjs" + + System.lineSeparator() + + "9YFmHQNKpNZqgZ4ceRFZ6cMJoqpI5dpEMqToFH7tpor72Lturct2U9nc2WR0HeEs" + + System.lineSeparator() + + "/6tiptyMPTFEiMFb1opQlXF2ae7LeJllntDGN0Q6vxKnQV+7VMcXA0Y8F7tvGDy3" + + System.lineSeparator() + + "qJu5lfvB1mNM2I6y/eMxjBuQhwKBgQC6K41DXMFro0UnoO879pOQYMydCErJRmjG" + + System.lineSeparator() + + "/tZSy3Wj4KA/QJsDSViwGfvdPuHZRaG9WtxdL6kn0w1exM9Rb0bBKl36lvi7o7xv" + + System.lineSeparator() + + "M+Lw9eyXMkww8/F5d7YYH77gIhGo+RITkKI3+5BxeBaUnrGvmHrpmpgRXWmINqr0" + + System.lineSeparator() + + "0jsnN3u0OQKBgCf45vIgItSjQb8zonLz2SpZjTFy4XQ7I92gxnq8X0Q5z3B+o7tQ" + + System.lineSeparator() + + "K/4rNwTju/sGFHyXAJlX+nfcK4vZ4OBUJjP+C8CTjEotX4yTNbo3S6zjMyGQqDI5" + + System.lineSeparator() + + "9aIOUY4pb+TzeUFJX7If5gR+DfGyQubvvtcg1K3GHu9u2l8FwLj87sRzAoGAflQF" + + System.lineSeparator() + + "RHuRiG+/AngTPnZAhc0Zq0kwLkpH2Rid6IrFZhGLy8AUL/O6aa0IGoaMDLpSWUJp" + + System.lineSeparator() + + "nBY2S57MSM11/MVslrEgGmYNnI4r1K25xlaqV6K6ztEJv6n69327MS4NG8L/gCU5" + + System.lineSeparator() + + "3pEm38hkUi8pVYU7in7rx4TCkrq94OkzWJYurAkCgYATQCL/rJLQAlJIGulp8s6h" + + System.lineSeparator() + + "mQGwy8vIqMjAdHGLrCS35sVYBXG13knS52LJHvbVee39AbD5/LlWvjJGlQMzCLrw" + + System.lineSeparator() + + "F7oILW5kXxhb8S73GWcuMbuQMFVHFONbZAZgn+C9FW4l7XyRdkrbR1MRZ2km8YMs" + + System.lineSeparator() + + "/AHmo368d4PSNRMMzLHw8Q==" + + System.lineSeparator() + "-----END PRIVATE KEY-----" ), NODE_CERT( "esnode.pem", - "-----BEGIN CERTIFICATE-----\n" - + "MIIEPDCCAySgAwIBAgIUZjrlDPP8azRDPZchA/XEsx0X2iIwDQYJKoZIhvcNAQEL\n" - + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt\n" - + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl\n" - + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v\n" - + "dCBDQTAeFw0yMzA4MjkwNDIzMTJaFw0zMzA4MjYwNDIzMTJaMFcxCzAJBgNVBAYT\n" - + "AmRlMQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDARub2RlMQ0wCwYDVQQLDARub2Rl\n" - + "MRswGQYDVQQDDBJub2RlLTAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA\n" - + "A4IBDwAwggEKAoIBAQCm93kXteDQHMAvbUPNPW5pyRHKDD42XGWSgq0k1D29C/Ud\n" - + "yL21HLzTJa49ZU2ldIkSKs9JqbkHdyK0o8MO6L8dotLoYbxDWbJFW8bp1w6tDTU0\n" - + "HGkn47XVu3EwbfrTENg3jFu+Oem6a/501SzITzJWtS0cn2dIFOBimTVpT/4Zv5qr\n" - + "XA6Cp4biOmoTYWhi/qQl8d0IaADiqoZ1MvZbZ6x76qTrRAbg+UWkpTEXoH1xTc8n\n" - + "dibR7+HP6OTqCKvo1NhE8uP4pY+fWd6b6l+KLo3IKpfTbAIJXIO+M67FLtWKtttD\n" - + "ao94B069skzKk6FPgW/OZh6PRCD0oxOavV+ld2SjAgMBAAGjgcYwgcMwRwYDVR0R\n" - + "BEAwPogFKgMEBQWCEm5vZGUtMC5leGFtcGxlLmNvbYIJbG9jYWxob3N0hxAAAAAA\n" - + "AAAAAAAAAAAAAAABhwR/AAABMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEF\n" - + "BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0/qDQaY10jIo\n" - + "wCjLUpz/HfQXyt8wHwYDVR0jBBgwFoAUF4ffoFrrZhKn1dD4uhJFPLcrAJwwDQYJ\n" - + "KoZIhvcNAQELBQADggEBAD2hkndVih6TWxoe/oOW0i2Bq7ScNO/n7/yHWL04HJmR\n" - + "MaHv/Xjc8zLFLgHuHaRvC02ikWIJyQf5xJt0Oqu2GVbqXH9PBGKuEP2kCsRRyU27\n" - + "zTclAzfQhqmKBTYQ/3lJ3GhRQvXIdYTe+t4aq78TCawp1nSN+vdH/1geG6QjMn5N\n" - + "1FU8tovDd4x8Ib/0dv8RJx+n9gytI8n/giIaDCEbfLLpe4EkV5e5UNpOnRgJjjuy\n" - + "vtZutc81TQnzBtkS9XuulovDE0qI+jQrKkKu8xgGLhgH0zxnPkKtUg2I3Aq6zl1L\n" - + "zYkEOUF8Y25J6WeY88Yfnc0iigI+Pnz5NK8R9GL7TYo=\n" + "-----BEGIN CERTIFICATE-----" + + System.lineSeparator() + + "MIIEPDCCAySgAwIBAgIUZjrlDPP8azRDPZchA/XEsx0X2iIwDQYJKoZIhvcNAQEL" + + System.lineSeparator() + + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt" + + System.lineSeparator() + + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl" + + System.lineSeparator() + + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v" + + System.lineSeparator() + + "dCBDQTAeFw0yMzA4MjkwNDIzMTJaFw0zMzA4MjYwNDIzMTJaMFcxCzAJBgNVBAYT" + + System.lineSeparator() + + "AmRlMQ0wCwYDVQQHDAR0ZXN0MQ0wCwYDVQQKDARub2RlMQ0wCwYDVQQLDARub2Rl" + + System.lineSeparator() + + "MRswGQYDVQQDDBJub2RlLTAuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA" + + System.lineSeparator() + + "A4IBDwAwggEKAoIBAQCm93kXteDQHMAvbUPNPW5pyRHKDD42XGWSgq0k1D29C/Ud" + + System.lineSeparator() + + "yL21HLzTJa49ZU2ldIkSKs9JqbkHdyK0o8MO6L8dotLoYbxDWbJFW8bp1w6tDTU0" + + System.lineSeparator() + + "HGkn47XVu3EwbfrTENg3jFu+Oem6a/501SzITzJWtS0cn2dIFOBimTVpT/4Zv5qr" + + System.lineSeparator() + + "XA6Cp4biOmoTYWhi/qQl8d0IaADiqoZ1MvZbZ6x76qTrRAbg+UWkpTEXoH1xTc8n" + + System.lineSeparator() + + "dibR7+HP6OTqCKvo1NhE8uP4pY+fWd6b6l+KLo3IKpfTbAIJXIO+M67FLtWKtttD" + + System.lineSeparator() + + "ao94B069skzKk6FPgW/OZh6PRCD0oxOavV+ld2SjAgMBAAGjgcYwgcMwRwYDVR0R" + + System.lineSeparator() + + "BEAwPogFKgMEBQWCEm5vZGUtMC5leGFtcGxlLmNvbYIJbG9jYWxob3N0hxAAAAAA" + + System.lineSeparator() + + "AAAAAAAAAAAAAAABhwR/AAABMAsGA1UdDwQEAwIF4DAdBgNVHSUEFjAUBggrBgEF" + + System.lineSeparator() + + "BQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0/qDQaY10jIo" + + System.lineSeparator() + + "wCjLUpz/HfQXyt8wHwYDVR0jBBgwFoAUF4ffoFrrZhKn1dD4uhJFPLcrAJwwDQYJ" + + System.lineSeparator() + + "KoZIhvcNAQELBQADggEBAD2hkndVih6TWxoe/oOW0i2Bq7ScNO/n7/yHWL04HJmR" + + System.lineSeparator() + + "MaHv/Xjc8zLFLgHuHaRvC02ikWIJyQf5xJt0Oqu2GVbqXH9PBGKuEP2kCsRRyU27" + + System.lineSeparator() + + "zTclAzfQhqmKBTYQ/3lJ3GhRQvXIdYTe+t4aq78TCawp1nSN+vdH/1geG6QjMn5N" + + System.lineSeparator() + + "1FU8tovDd4x8Ib/0dv8RJx+n9gytI8n/giIaDCEbfLLpe4EkV5e5UNpOnRgJjjuy" + + System.lineSeparator() + + "vtZutc81TQnzBtkS9XuulovDE0qI+jQrKkKu8xgGLhgH0zxnPkKtUg2I3Aq6zl1L" + + System.lineSeparator() + + "zYkEOUF8Y25J6WeY88Yfnc0iigI+Pnz5NK8R9GL7TYo=" + + System.lineSeparator() + "-----END CERTIFICATE-----" ), NODE_KEY( "esnode-key.pem", - "-----BEGIN PRIVATE KEY-----\n" - + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCm93kXteDQHMAv\n" - + "bUPNPW5pyRHKDD42XGWSgq0k1D29C/UdyL21HLzTJa49ZU2ldIkSKs9JqbkHdyK0\n" - + "o8MO6L8dotLoYbxDWbJFW8bp1w6tDTU0HGkn47XVu3EwbfrTENg3jFu+Oem6a/50\n" - + "1SzITzJWtS0cn2dIFOBimTVpT/4Zv5qrXA6Cp4biOmoTYWhi/qQl8d0IaADiqoZ1\n" - + "MvZbZ6x76qTrRAbg+UWkpTEXoH1xTc8ndibR7+HP6OTqCKvo1NhE8uP4pY+fWd6b\n" - + "6l+KLo3IKpfTbAIJXIO+M67FLtWKtttDao94B069skzKk6FPgW/OZh6PRCD0oxOa\n" - + "vV+ld2SjAgMBAAECggEAQK1+uAOZeaSZggW2jQut+MaN4JHLi61RH2cFgU3COLgo\n" - + "FIiNjFn8f2KKU3gpkt1It8PjlmprpYut4wHI7r6UQfuv7ZrmncRiPWHm9PB82+ZQ\n" - + "5MXYqj4YUxoQJ62Cyz4sM6BobZDrjG6HHGTzuwiKvHHkbsEE9jQ4E5m7yfbVvM0O\n" - + "zvwrSOM1tkZihKSTpR0j2+taji914tjBssbn12TMZQL5ItGnhR3luY8mEwT9MNkZ\n" - + "xg0VcREoAH+pu9FE0vPUgLVzhJ3be7qZTTSRqv08bmW+y1plu80GbppePcgYhEow\n" - + "dlW4l6XPJaHVSn1lSFHE6QAx6sqiAnBz0NoTPIaLyQKBgQDZqDOlhCRciMRicSXn\n" - + "7yid9rhEmdMkySJHTVFOidFWwlBcp0fGxxn8UNSBcXdSy7GLlUtH41W9PWl8tp9U\n" - + "hQiiXORxOJ7ZcB80uNKXF01hpPj2DpFPWyHFxpDkWiTAYpZl68rOlYujxZUjJIej\n" - + "VvcykBC2BlEOG9uZv2kxcqLyJwKBgQDEYULTxaTuLIa17wU3nAhaainKB3vHxw9B\n" - + "Ksy5p3ND43UNEKkQm7K/WENx0q47TA1mKD9i+BhaLod98mu0YZ+BCUNgWKcBHK8c\n" - + "uXpauvM/pLhFLXZ2jvEJVpFY3J79FSRK8bwE9RgKfVKMMgEk4zOyZowS8WScOqiy\n" - + "hnQn1vKTJQKBgElhYuAnl9a2qXcC7KOwRsJS3rcKIVxijzL4xzOyVShp5IwIPbOv\n" - + "hnxBiBOH/JGmaNpFYBcBdvORE9JfA4KMQ2fx53agfzWRjoPI1/7mdUk5RFI4gRb/\n" - + "A3jZRBoopgFSe6ArCbnyQxzYzToG48/Wzwp19ZxYrtUR4UyJct6f5n27AoGBAJDh\n" - + "KIpQQDOvCdtjcbfrF4aM2DPCfaGPzENJriwxy6oEPzDaX8Bu/dqI5Ykt43i/zQrX\n" - + "GpyLaHvv4+oZVTiI5UIvcVO9U8hQPyiz9f7F+fu0LHZs6f7hyhYXlbe3XFxeop3f\n" - + "5dTKdWgXuTTRF2L9dABkA2deS9mutRKwezWBMQk5AoGBALPtX0FrT1zIosibmlud\n" - + "tu49A/0KZu4PBjrFMYTSEWGNJez3Fb2VsJwylVl6HivwbP61FhlYfyksCzQQFU71\n" - + "+x7Nmybp7PmpEBECr3deoZKQ/acNHn0iwb0It+YqV5+TquQebqgwK6WCLsMuiYKT\n" - + "bg/ch9Rhxbq22yrVgWHh6epp\n" + "-----BEGIN PRIVATE KEY-----" + + System.lineSeparator() + + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCm93kXteDQHMAv" + + System.lineSeparator() + + "bUPNPW5pyRHKDD42XGWSgq0k1D29C/UdyL21HLzTJa49ZU2ldIkSKs9JqbkHdyK0" + + System.lineSeparator() + + "o8MO6L8dotLoYbxDWbJFW8bp1w6tDTU0HGkn47XVu3EwbfrTENg3jFu+Oem6a/50" + + System.lineSeparator() + + "1SzITzJWtS0cn2dIFOBimTVpT/4Zv5qrXA6Cp4biOmoTYWhi/qQl8d0IaADiqoZ1" + + System.lineSeparator() + + "MvZbZ6x76qTrRAbg+UWkpTEXoH1xTc8ndibR7+HP6OTqCKvo1NhE8uP4pY+fWd6b" + + System.lineSeparator() + + "6l+KLo3IKpfTbAIJXIO+M67FLtWKtttDao94B069skzKk6FPgW/OZh6PRCD0oxOa" + + System.lineSeparator() + + "vV+ld2SjAgMBAAECggEAQK1+uAOZeaSZggW2jQut+MaN4JHLi61RH2cFgU3COLgo" + + System.lineSeparator() + + "FIiNjFn8f2KKU3gpkt1It8PjlmprpYut4wHI7r6UQfuv7ZrmncRiPWHm9PB82+ZQ" + + System.lineSeparator() + + "5MXYqj4YUxoQJ62Cyz4sM6BobZDrjG6HHGTzuwiKvHHkbsEE9jQ4E5m7yfbVvM0O" + + System.lineSeparator() + + "zvwrSOM1tkZihKSTpR0j2+taji914tjBssbn12TMZQL5ItGnhR3luY8mEwT9MNkZ" + + System.lineSeparator() + + "xg0VcREoAH+pu9FE0vPUgLVzhJ3be7qZTTSRqv08bmW+y1plu80GbppePcgYhEow" + + System.lineSeparator() + + "dlW4l6XPJaHVSn1lSFHE6QAx6sqiAnBz0NoTPIaLyQKBgQDZqDOlhCRciMRicSXn" + + System.lineSeparator() + + "7yid9rhEmdMkySJHTVFOidFWwlBcp0fGxxn8UNSBcXdSy7GLlUtH41W9PWl8tp9U" + + System.lineSeparator() + + "hQiiXORxOJ7ZcB80uNKXF01hpPj2DpFPWyHFxpDkWiTAYpZl68rOlYujxZUjJIej" + + System.lineSeparator() + + "VvcykBC2BlEOG9uZv2kxcqLyJwKBgQDEYULTxaTuLIa17wU3nAhaainKB3vHxw9B" + + System.lineSeparator() + + "Ksy5p3ND43UNEKkQm7K/WENx0q47TA1mKD9i+BhaLod98mu0YZ+BCUNgWKcBHK8c" + + System.lineSeparator() + + "uXpauvM/pLhFLXZ2jvEJVpFY3J79FSRK8bwE9RgKfVKMMgEk4zOyZowS8WScOqiy" + + System.lineSeparator() + + "hnQn1vKTJQKBgElhYuAnl9a2qXcC7KOwRsJS3rcKIVxijzL4xzOyVShp5IwIPbOv" + + System.lineSeparator() + + "hnxBiBOH/JGmaNpFYBcBdvORE9JfA4KMQ2fx53agfzWRjoPI1/7mdUk5RFI4gRb/" + + System.lineSeparator() + + "A3jZRBoopgFSe6ArCbnyQxzYzToG48/Wzwp19ZxYrtUR4UyJct6f5n27AoGBAJDh" + + System.lineSeparator() + + "KIpQQDOvCdtjcbfrF4aM2DPCfaGPzENJriwxy6oEPzDaX8Bu/dqI5Ykt43i/zQrX" + + System.lineSeparator() + + "GpyLaHvv4+oZVTiI5UIvcVO9U8hQPyiz9f7F+fu0LHZs6f7hyhYXlbe3XFxeop3f" + + System.lineSeparator() + + "5dTKdWgXuTTRF2L9dABkA2deS9mutRKwezWBMQk5AoGBALPtX0FrT1zIosibmlud" + + System.lineSeparator() + + "tu49A/0KZu4PBjrFMYTSEWGNJez3Fb2VsJwylVl6HivwbP61FhlYfyksCzQQFU71" + + System.lineSeparator() + + "+x7Nmybp7PmpEBECr3deoZKQ/acNHn0iwb0It+YqV5+TquQebqgwK6WCLsMuiYKT" + + System.lineSeparator() + + "bg/ch9Rhxbq22yrVgWHh6epp" + + System.lineSeparator() + "-----END PRIVATE KEY-----" ), ROOT_CA( "root-ca.pem", - "-----BEGIN CERTIFICATE-----\n" - + "MIIExjCCA66gAwIBAgIUd+SvPvzan5P2TQbEZ4zj4Gt6FYowDQYJKoZIhvcNAQEL\n" - + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt\n" - + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl\n" - + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v\n" - + "dCBDQTAeFw0yMzA4MjkwNDIwMDNaFw0yMzA5MjgwNDIwMDNaMIGPMRMwEQYKCZIm\n" - + "iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ\n" - + "RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290\n" - + "IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwggEiMA0GCSqG\n" - + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEPyN7J9VGPyJcQmCBl5TGwfSzvVdWwoQU\n" - + "j9aEsdfFJ6pBCDQSsj8Lv4RqL0dZra7h7SpZLLX/YZcnjikrYC+rP5OwsI9xEE/4\n" - + "U98CsTBPhIMgqFK6SzNE5494BsAk4cL72dOOc8tX19oDS/PvBULbNkthQ0aAF1dg\n" - + "vbrHvu7hq7LisB5ZRGHVE1k/AbCs2PaaKkn2jCw/b+U0Ml9qPuuEgz2mAqJDGYoA\n" - + "WSR4YXrOcrmPuRqbws464YZbJW898/0Pn/U300ed+4YHiNYLLJp51AMkR4YEw969\n" - + "VRPbWIvLrd0PQBooC/eLrL6rvud/GpYhdQEUx8qcNCKd4bz3OaQ5AgMBAAGjggEW\n" - + "MIIBEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU\n" - + "F4ffoFrrZhKn1dD4uhJFPLcrAJwwgc8GA1UdIwSBxzCBxIAUF4ffoFrrZhKn1dD4\n" - + "uhJFPLcrAJyhgZWkgZIwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJ\n" - + "k/IsZAEZFgdleGFtcGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYD\n" - + "VQQLDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUg\n" - + "Q29tIEluYy4gUm9vdCBDQYIUd+SvPvzan5P2TQbEZ4zj4Gt6FYowDQYJKoZIhvcN\n" - + "AQELBQADggEBAIopqco/k9RSjouTeKP4z0EVUxdD4qnNh1GLSRqyAVe0aChyKF5f\n" - + "qt1Bd1XCY8D16RgekkKGHDpJhGCpel+vtIoXPBxUaGQNYxmJCf5OzLMODlcrZk5i\n" - + "jHIcv/FMeK02NBcz/WQ3mbWHVwXLhmwqa2zBsF4FmPCJAbFLchLhkAv1HJifHbnD\n" - + "jQzlKyl5jxam/wtjWxSm0iyso0z2TgyzY+MESqjEqB1hZkCFzD1xtUOCxbXgtKae\n" - + "dgfHVFuovr3fNLV3GvQk0s9okDwDUcqV7DSH61e5bUMfE84o3of8YA7+HUoPV5Du\n" - + "8sTOKRf7ncGXdDRA8aofW268pTCuIu3+g/Y=\n" + "-----BEGIN CERTIFICATE-----" + + System.lineSeparator() + + "MIIExjCCA66gAwIBAgIUd+SvPvzan5P2TQbEZ4zj4Gt6FYowDQYJKoZIhvcNAQEL" + + System.lineSeparator() + + "BQAwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJk/IsZAEZFgdleGFt" + + System.lineSeparator() + + "cGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYDVQQLDBhFeGFtcGxl" + + System.lineSeparator() + + "IENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUgQ29tIEluYy4gUm9v" + + System.lineSeparator() + + "dCBDQTAeFw0yMzA4MjkwNDIwMDNaFw0yMzA5MjgwNDIwMDNaMIGPMRMwEQYKCZIm" + + System.lineSeparator() + + "iZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEZMBcGA1UECgwQ" + + System.lineSeparator() + + "RXhhbXBsZSBDb20gSW5jLjEhMB8GA1UECwwYRXhhbXBsZSBDb20gSW5jLiBSb290" + + System.lineSeparator() + + "IENBMSEwHwYDVQQDDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0EwggEiMA0GCSqG" + + System.lineSeparator() + + "SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDEPyN7J9VGPyJcQmCBl5TGwfSzvVdWwoQU" + + System.lineSeparator() + + "j9aEsdfFJ6pBCDQSsj8Lv4RqL0dZra7h7SpZLLX/YZcnjikrYC+rP5OwsI9xEE/4" + + System.lineSeparator() + + "U98CsTBPhIMgqFK6SzNE5494BsAk4cL72dOOc8tX19oDS/PvBULbNkthQ0aAF1dg" + + System.lineSeparator() + + "vbrHvu7hq7LisB5ZRGHVE1k/AbCs2PaaKkn2jCw/b+U0Ml9qPuuEgz2mAqJDGYoA" + + System.lineSeparator() + + "WSR4YXrOcrmPuRqbws464YZbJW898/0Pn/U300ed+4YHiNYLLJp51AMkR4YEw969" + + System.lineSeparator() + + "VRPbWIvLrd0PQBooC/eLrL6rvud/GpYhdQEUx8qcNCKd4bz3OaQ5AgMBAAGjggEW" + + System.lineSeparator() + + "MIIBEjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQU" + + System.lineSeparator() + + "F4ffoFrrZhKn1dD4uhJFPLcrAJwwgc8GA1UdIwSBxzCBxIAUF4ffoFrrZhKn1dD4" + + System.lineSeparator() + + "uhJFPLcrAJyhgZWkgZIwgY8xEzARBgoJkiaJk/IsZAEZFgNjb20xFzAVBgoJkiaJ" + + System.lineSeparator() + + "k/IsZAEZFgdleGFtcGxlMRkwFwYDVQQKDBBFeGFtcGxlIENvbSBJbmMuMSEwHwYD" + + System.lineSeparator() + + "VQQLDBhFeGFtcGxlIENvbSBJbmMuIFJvb3QgQ0ExITAfBgNVBAMMGEV4YW1wbGUg" + + System.lineSeparator() + + "Q29tIEluYy4gUm9vdCBDQYIUd+SvPvzan5P2TQbEZ4zj4Gt6FYowDQYJKoZIhvcN" + + System.lineSeparator() + + "AQELBQADggEBAIopqco/k9RSjouTeKP4z0EVUxdD4qnNh1GLSRqyAVe0aChyKF5f" + + System.lineSeparator() + + "qt1Bd1XCY8D16RgekkKGHDpJhGCpel+vtIoXPBxUaGQNYxmJCf5OzLMODlcrZk5i" + + System.lineSeparator() + + "jHIcv/FMeK02NBcz/WQ3mbWHVwXLhmwqa2zBsF4FmPCJAbFLchLhkAv1HJifHbnD" + + System.lineSeparator() + + "jQzlKyl5jxam/wtjWxSm0iyso0z2TgyzY+MESqjEqB1hZkCFzD1xtUOCxbXgtKae" + + System.lineSeparator() + + "dgfHVFuovr3fNLV3GvQk0s9okDwDUcqV7DSH61e5bUMfE84o3of8YA7+HUoPV5Du" + + System.lineSeparator() + + "8sTOKRf7ncGXdDRA8aofW268pTCuIu3+g/Y=" + + System.lineSeparator() + "-----END CERTIFICATE-----" ); diff --git a/src/main/java/org/opensearch/security/tools/democonfig/Installer.java b/src/main/java/org/opensearch/security/tools/democonfig/Installer.java index a89a77c4c3..4880580218 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/Installer.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/Installer.java @@ -149,7 +149,7 @@ static void gatherUserInputs() { if (!cluster_mode) { System.out.println("Cluster mode requires additional setup of:"); - System.out.println(" - Virtual memory (vm.max_map_count)\n"); + System.out.println(" - Virtual memory (vm.max_map_count)" + System.lineSeparator()); cluster_mode = confirmAction(scanner, "Enable cluster mode?"); } } diff --git a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java index e78bc66048..44a6200dd4 100644 --- a/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java +++ b/src/main/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurer.java @@ -194,58 +194,68 @@ static void writeSecurityConfigToOpenSearchYML() { static String buildSecurityConfigString() { StringBuilder securityConfigLines = new StringBuilder(); - securityConfigLines.append("\n") - .append("######## Start OpenSearch Security Demo Configuration ########\n") - .append("# WARNING: revise all the lines below before you go into production\n") + securityConfigLines.append("" + System.lineSeparator()) + .append("######## Start OpenSearch Security Demo Configuration ########" + System.lineSeparator()) + .append("# WARNING: revise all the lines below before you go into production" + System.lineSeparator()) .append("plugins.security.ssl.transport.pemcert_filepath: ") .append(Certificates.NODE_CERT.getFileName()) - .append("\n") + .append("" + System.lineSeparator()) .append("plugins.security.ssl.transport.pemkey_filepath: ") .append(Certificates.NODE_KEY.getFileName()) - .append("\n") + .append("" + System.lineSeparator()) .append("plugins.security.ssl.transport.pemtrustedcas_filepath: ") .append(Certificates.ROOT_CA.getFileName()) - .append("\n") - .append("plugins.security.ssl.transport.enforce_hostname_verification: false\n") - .append("plugins.security.ssl.http.enabled: true\n") + .append("" + System.lineSeparator()) + .append("plugins.security.ssl.transport.enforce_hostname_verification: false" + System.lineSeparator()) + .append("plugins.security.ssl.http.enabled: true" + System.lineSeparator()) .append("plugins.security.ssl.http.pemcert_filepath: ") .append(Certificates.NODE_CERT.getFileName()) - .append("\n") + .append("" + System.lineSeparator()) .append("plugins.security.ssl.http.pemkey_filepath: ") .append(Certificates.NODE_KEY.getFileName()) - .append("\n") + .append("" + System.lineSeparator()) .append("plugins.security.ssl.http.pemtrustedcas_filepath: ") .append(Certificates.ROOT_CA.getFileName()) - .append("\n") - .append("plugins.security.allow_unsafe_democertificates: true\n"); + .append("" + System.lineSeparator()) + .append("plugins.security.allow_unsafe_democertificates: true" + System.lineSeparator()); if (initsecurity) { - securityConfigLines.append("plugins.security.allow_default_init_securityindex: true\n"); + securityConfigLines.append("plugins.security.allow_default_init_securityindex: true" + System.lineSeparator()); } - securityConfigLines.append("plugins.security.authcz.admin_dn:\n - CN=kirk,OU=client,O=client,L=test, C=de\n\n"); - - securityConfigLines.append("plugins.security.audit.type: internal_opensearch\n"); - securityConfigLines.append("plugins.security.enable_snapshot_restore_privilege: true\n"); - securityConfigLines.append("plugins.security.check_snapshot_restore_write_privileges: true\n"); - securityConfigLines.append("plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]\n"); - - securityConfigLines.append("plugins.security.system_indices.enabled: true\n"); - securityConfigLines.append("plugins.security.system_indices.indices: [").append(SYSTEM_INDICES).append("]\n"); + securityConfigLines.append( + "plugins.security.authcz.admin_dn:" + + System.lineSeparator() + + " - CN=kirk,OU=client,O=client,L=test, C=de" + + System.lineSeparator() + + System.lineSeparator() + ); + + securityConfigLines.append("plugins.security.audit.type: internal_opensearch" + System.lineSeparator()); + securityConfigLines.append("plugins.security.enable_snapshot_restore_privilege: true" + System.lineSeparator()); + securityConfigLines.append("plugins.security.check_snapshot_restore_write_privileges: true" + System.lineSeparator()); + securityConfigLines.append( + "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" + System.lineSeparator() + ); + + securityConfigLines.append("plugins.security.system_indices.enabled: true" + System.lineSeparator()); + securityConfigLines.append("plugins.security.system_indices.indices: [") + .append(SYSTEM_INDICES) + .append("]" + System.lineSeparator()); if (!isNetworkHostAlreadyPresent(OPENSEARCH_CONF_FILE)) { if (cluster_mode) { - securityConfigLines.append("network.host: 0.0.0.0\n"); - securityConfigLines.append("node.name: smoketestnode\n"); - securityConfigLines.append("cluster.initial_cluster_manager_nodes: smoketestnode\n"); + securityConfigLines.append("network.host: 0.0.0.0" + System.lineSeparator()); + securityConfigLines.append("node.name: smoketestnode" + System.lineSeparator()); + securityConfigLines.append("cluster.initial_cluster_manager_nodes: smoketestnode" + System.lineSeparator()); } } if (!isNodeMaxLocalStorageNodesAlreadyPresent(OPENSEARCH_CONF_FILE)) { - securityConfigLines.append("node.max_local_storage_nodes: 3\n"); + securityConfigLines.append("node.max_local_storage_nodes: 3" + System.lineSeparator()); } - securityConfigLines.append("######## End OpenSearch Security Demo Configuration ########\n"); + securityConfigLines.append("######## End OpenSearch Security Demo Configuration ########" + System.lineSeparator()); return securityConfigLines.toString(); } @@ -309,7 +319,7 @@ static void createSecurityAdminDemoScript(String securityAdminScriptPath, String // Write securityadmin_demo script FileWriter writer = new FileWriter(securityAdminDemoScriptPath, StandardCharsets.UTF_8); for (String command : securityAdminCommands) { - writer.write(command + "\n"); + writer.write(command + "" + System.lineSeparator()); } writer.close(); } diff --git a/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java b/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java index 427d17d988..325de089ef 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/InstallerTests.java @@ -92,8 +92,10 @@ public void restoreStreams() { public void testPrintScriptHeaders() { printScriptHeaders(); - String expectedOutput = "### OpenSearch Security Demo Installer\n" - + "### ** Warning: Do not use on production or public reachable systems **\n"; + String expectedOutput = "### OpenSearch Security Demo Installer" + + System.lineSeparator() + + "### ** Warning: Do not use on production or public reachable systems **" + + System.lineSeparator(); assertThat(expectedOutput, equalTo(outContent.toString())); } @@ -144,13 +146,14 @@ public void testGatherUserInputs_withoutAssumeYes() { assertThat(cluster_mode, is(false)); // set initsecurity and cluster_mode to no - readInputStream("y\nn\nn\n"); // pass all 3 inputs as y + readInputStream("y" + System.lineSeparator() + "n" + System.lineSeparator() + "n" + System.lineSeparator()); // pass all 3 inputs as + // y gatherUserInputs(); assertThat(outContent.toString(), containsString("Install demo certificates?")); assertThat(outContent.toString(), containsString("Initialize Security Modules?")); assertThat(outContent.toString(), containsString("Cluster mode requires additional setup of:")); - assertThat(outContent.toString(), containsString(" - Virtual memory (vm.max_map_count)\n")); + assertThat(outContent.toString(), containsString(" - Virtual memory (vm.max_map_count)" + System.lineSeparator())); assertThat(outContent.toString(), containsString("Enable cluster mode?")); assertThat(initsecurity, is(false)); @@ -159,13 +162,14 @@ public void testGatherUserInputs_withoutAssumeYes() { outContent.reset(); // set initsecurity and cluster_mode to no - readInputStream("y\ny\ny\n"); // pass all 3 inputs as y + readInputStream("y" + System.lineSeparator() + "y" + System.lineSeparator() + "y" + System.lineSeparator()); // pass all 3 inputs as + // y gatherUserInputs(); assertThat(outContent.toString(), containsString("Install demo certificates?")); assertThat(outContent.toString(), containsString("Initialize Security Modules?")); assertThat(outContent.toString(), containsString("Cluster mode requires additional setup of:")); - assertThat(outContent.toString(), containsString(" - Virtual memory (vm.max_map_count)\n")); + assertThat(outContent.toString(), containsString(" - Virtual memory (vm.max_map_count)" + System.lineSeparator())); assertThat(outContent.toString(), containsString("Enable cluster mode?")); assertThat(initsecurity, is(true)); @@ -177,13 +181,13 @@ public void testGatherUserInputs_withoutAssumeYes() { try { System.setSecurityManager(new NoExitSecurityManager()); - readInputStream("n\nn\nn\n"); + readInputStream("n" + System.lineSeparator() + "n" + System.lineSeparator() + "n" + System.lineSeparator()); gatherUserInputs(); assertThat(outContent.toString(), containsString("Install demo certificates?")); assertThat(outContent.toString(), not(containsString("Initialize Security Modules?"))); assertThat(outContent.toString(), not(containsString("Cluster mode requires additional setup of:"))); - assertThat(outContent.toString(), not(containsString(" - Virtual memory (vm.max_map_count)\n"))); + assertThat(outContent.toString(), not(containsString(" - Virtual memory (vm.max_map_count)" + System.lineSeparator()))); assertThat(outContent.toString(), not(containsString("Enable cluster mode?"))); } catch (SecurityException e) { assertThat(e.getMessage(), equalTo("System.exit(0) blocked to allow print statement testing.")); @@ -200,7 +204,8 @@ public void testGatherUserInputs_withoutAssumeYes() { assertThat(initsecurity, is(true)); assertThat(cluster_mode, is(true)); - readInputStream("y\ny\ny\n"); // pass all 3 inputs as y + readInputStream("y" + System.lineSeparator() + "y" + System.lineSeparator() + "y" + System.lineSeparator()); // pass all 3 inputs as + // y gatherUserInputs(); assertThat(outContent.toString(), containsString("Install demo certificates?")); @@ -369,14 +374,22 @@ public void testPrintVariables() { printVariables(); - String expectedOutput = "OpenSearch install type: installType on OS\n" - + "OpenSearch config dir: confDir\n" - + "OpenSearch config file: confFile\n" - + "OpenSearch bin dir: /bin\n" - + "OpenSearch plugins dir: /plugins\n" - + "OpenSearch lib dir: /lib\n" - + "Detected OpenSearch Version: osVersion\n" - + "Detected OpenSearch Security Version: version\n"; + String expectedOutput = "OpenSearch install type: installType on OS" + + System.lineSeparator() + + "OpenSearch config dir: confDir" + + System.lineSeparator() + + "OpenSearch config file: confFile" + + System.lineSeparator() + + "OpenSearch bin dir: /bin" + + System.lineSeparator() + + "OpenSearch plugins dir: /plugins" + + System.lineSeparator() + + "OpenSearch lib dir: /lib" + + System.lineSeparator() + + "Detected OpenSearch Version: osVersion" + + System.lineSeparator() + + "Detected OpenSearch Security Version: version" + + System.lineSeparator(); assertEquals(expectedOutput, outContent.toString()); } @@ -400,19 +413,27 @@ public void testFinishScriptExecution() { String lastLine = SecuritySettingsConfigurer.getSecurityAdminCommands(securityAdminScriptPath)[1]; // Verify the expected output - String expectedOutput = "### Success\n" - + "### Execute this script now on all your nodes and then start all nodes\n" - + "### After the whole cluster is up execute: \n" + String expectedOutput = "### Success" + + System.lineSeparator() + + "### Execute this script now on all your nodes and then start all nodes" + + System.lineSeparator() + + "### After the whole cluster is up execute: " + + System.lineSeparator() + lastLine - + "\n" + + "" + + System.lineSeparator() + "### or run ." + File.separator - + "securityadmin_demo.sh\n" - + "### After that you can also use the Security Plugin ConfigurationGUI\n" + + "securityadmin_demo.sh" + + System.lineSeparator() + + "### After that you can also use the Security Plugin ConfigurationGUI" + + System.lineSeparator() + "### To access your secured cluster open https://: and log in with admin/" + SecuritySettingsConfigurer.ADMIN_PASSWORD - + ".\n" - + "### (Ignore the SSL certificate warning because we installed self-signed demo certificates)\n"; + + "." + + System.lineSeparator() + + "### (Ignore the SSL certificate warning because we installed self-signed demo certificates)" + + System.lineSeparator(); assertEquals(expectedOutput, outContent.toString()); @@ -438,10 +459,14 @@ public void testFinishScriptExecution_withInitSecurityEnabled() { setWritePermissions(securityAdminDemoScriptPath); String lastLine = SecuritySettingsConfigurer.getSecurityAdminCommands(securityAdminScriptPath)[1]; - String expectedOutput = "### Success\n" - + "### Execute this script now on all your nodes and then start all nodes\n" - + "### OpenSearch Security will be automatically initialized.\n" - + "### If you like to change the runtime configuration \n" + String expectedOutput = "### Success" + + System.lineSeparator() + + "### Execute this script now on all your nodes and then start all nodes" + + System.lineSeparator() + + "### OpenSearch Security will be automatically initialized." + + System.lineSeparator() + + "### If you like to change the runtime configuration " + + System.lineSeparator() + "### change the files in .." + File.separator + ".." @@ -450,17 +475,23 @@ public void testFinishScriptExecution_withInitSecurityEnabled() { + File.separator + "config" + File.separator - + "opensearch-security and execute: \n" + + "opensearch-security and execute: " + + System.lineSeparator() + lastLine - + "\n" + + "" + + System.lineSeparator() + "### or run ." + File.separator - + "securityadmin_demo.sh\n" - + "### To use the Security Plugin ConfigurationGUI\n" + + "securityadmin_demo.sh" + + System.lineSeparator() + + "### To use the Security Plugin ConfigurationGUI" + + System.lineSeparator() + "### To access your secured cluster open https://: and log in with admin/" + SecuritySettingsConfigurer.ADMIN_PASSWORD - + ".\n" - + "### (Ignore the SSL certificate warning because we installed self-signed demo certificates)\n"; + + "." + + System.lineSeparator() + + "### (Ignore the SSL certificate warning because we installed self-signed demo certificates)" + + System.lineSeparator(); assertEquals(expectedOutput, outContent.toString()); diff --git a/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java b/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java index 89cbc096fe..4abd4fe132 100644 --- a/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java +++ b/src/test/java/org/opensearch/security/tools/democonfig/SecuritySettingsConfigurerTests.java @@ -188,40 +188,61 @@ public void testConfigFileDoesNotExist() { public void testBuildSecurityConfigString() { String actual = SecuritySettingsConfigurer.buildSecurityConfigString(); - String expected = "\n" - + "######## Start OpenSearch Security Demo Configuration ########\n" - + "# WARNING: revise all the lines below before you go into production\n" - + "plugins.security.ssl.transport.pemcert_filepath: esnode.pem\n" - + "plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem\n" - + "plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem\n" - + "plugins.security.ssl.transport.enforce_hostname_verification: false\n" - + "plugins.security.ssl.http.enabled: true\n" - + "plugins.security.ssl.http.pemcert_filepath: esnode.pem\n" - + "plugins.security.ssl.http.pemkey_filepath: esnode-key.pem\n" - + "plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem\n" - + "plugins.security.allow_unsafe_democertificates: true\n" - + "plugins.security.authcz.admin_dn:\n" - + " - CN=kirk,OU=client,O=client,L=test, C=de\n" - + "\n" - + "plugins.security.audit.type: internal_opensearch\n" - + "plugins.security.enable_snapshot_restore_privilege: true\n" - + "plugins.security.check_snapshot_restore_write_privileges: true\n" - + "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]\n" - + "plugins.security.system_indices.enabled: true\n" - + "plugins.security.system_indices.indices: [.plugins-ml-config, .plugins-ml-connector, .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task, .plugins-ml-conversation-meta, .plugins-ml-conversation-interactions, .opendistro-alerting-config, .opendistro-alerting-alert*, .opendistro-anomaly-results*, .opendistro-anomaly-detector*, .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, .opendistro-reports-*, .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, .ql-datasources, .opendistro-asynchronous-search-response*, .replication-metadata-store, .opensearch-knn-models, .geospatial-ip2geo-data*]\n" - + "node.max_local_storage_nodes: 3\n" - + "######## End OpenSearch Security Demo Configuration ########\n"; + String expected = System.lineSeparator() + + "######## Start OpenSearch Security Demo Configuration ########" + + System.lineSeparator() + + "# WARNING: revise all the lines below before you go into production" + + System.lineSeparator() + + "plugins.security.ssl.transport.pemcert_filepath: esnode.pem" + + System.lineSeparator() + + "plugins.security.ssl.transport.pemkey_filepath: esnode-key.pem" + + System.lineSeparator() + + "plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem" + + System.lineSeparator() + + "plugins.security.ssl.transport.enforce_hostname_verification: false" + + System.lineSeparator() + + "plugins.security.ssl.http.enabled: true" + + System.lineSeparator() + + "plugins.security.ssl.http.pemcert_filepath: esnode.pem" + + System.lineSeparator() + + "plugins.security.ssl.http.pemkey_filepath: esnode-key.pem" + + System.lineSeparator() + + "plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem" + + System.lineSeparator() + + "plugins.security.allow_unsafe_democertificates: true" + + System.lineSeparator() + + "plugins.security.authcz.admin_dn:" + + System.lineSeparator() + + " - CN=kirk,OU=client,O=client,L=test, C=de" + + System.lineSeparator() + + System.lineSeparator() + + "plugins.security.audit.type: internal_opensearch" + + System.lineSeparator() + + "plugins.security.enable_snapshot_restore_privilege: true" + + System.lineSeparator() + + "plugins.security.check_snapshot_restore_write_privileges: true" + + System.lineSeparator() + + "plugins.security.restapi.roles_enabled: [\"all_access\", \"security_rest_api_access\"]" + + System.lineSeparator() + + "plugins.security.system_indices.enabled: true" + + System.lineSeparator() + + "plugins.security.system_indices.indices: [.plugins-ml-config, .plugins-ml-connector, .plugins-ml-model-group, .plugins-ml-model, .plugins-ml-task, .plugins-ml-conversation-meta, .plugins-ml-conversation-interactions, .opendistro-alerting-config, .opendistro-alerting-alert*, .opendistro-anomaly-results*, .opendistro-anomaly-detector*, .opendistro-anomaly-checkpoints, .opendistro-anomaly-detection-state, .opendistro-reports-*, .opensearch-notifications-*, .opensearch-notebooks, .opensearch-observability, .ql-datasources, .opendistro-asynchronous-search-response*, .replication-metadata-store, .opensearch-knn-models, .geospatial-ip2geo-data*]" + + System.lineSeparator() + + "node.max_local_storage_nodes: 3" + + System.lineSeparator() + + "######## End OpenSearch Security Demo Configuration ########" + + System.lineSeparator(); assertThat(actual, is(equalTo(expected))); Installer.initsecurity = true; actual = SecuritySettingsConfigurer.buildSecurityConfigString(); - assertThat(actual, containsString("plugins.security.allow_default_init_securityindex: true\n")); + assertThat(actual, containsString("plugins.security.allow_default_init_securityindex: true" + System.lineSeparator())); Installer.cluster_mode = true; actual = SecuritySettingsConfigurer.buildSecurityConfigString(); - assertThat(actual, containsString("network.host: 0.0.0.0\n")); - assertThat(actual, containsString("node.name: smoketestnode\n")); - assertThat(actual, containsString("cluster.initial_cluster_manager_nodes: smoketestnode\n")); + assertThat(actual, containsString("network.host: 0.0.0.0" + System.lineSeparator())); + assertThat(actual, containsString("node.name: smoketestnode" + System.lineSeparator())); + assertThat(actual, containsString("cluster.initial_cluster_manager_nodes: smoketestnode" + System.lineSeparator())); } @Test