Skip to content

Commit c7f9423

Browse files
Red-GVRed-GV
committed
Removing JKS files
1 parent ddbb5d0 commit c7f9423

File tree

1 file changed

+20
-93
lines changed

1 file changed

+20
-93
lines changed

elasticsearch/utils/logging

Lines changed: 20 additions & 93 deletions
Original file line numberDiff line numberDiff line change
@@ -85,45 +85,6 @@ build_p12_truststores() {
8585

8686
copy_keys_to_secretdir
8787

88-
info "Building required jks files and truststore"
89-
90-
# check for lack of admin.jks
91-
if [[ ! -e $secret_dir/admin.jks ]]; then
92-
build_jks_from_pem "admin" "admin-key" "admin-cert" "admin-ca"
93-
fi
94-
95-
# check for elasticsearch.key and elasticsearch.crt
96-
if [[ -e $secret_dir/elasticsearch.key && -e $secret_dir/elasticsearch.crt && ! -e $secret_dir/searchguard.key ]]; then
97-
build_jks_from_pem "elasticsearch" "elasticsearch.key" "elasticsearch.crt" "admin-ca"
98-
mv $secret_dir/elasticsearch.jks $secret_dir/searchguard.key
99-
fi
100-
101-
# check for logging-es.key and logging-es.crt
102-
if [[ -e $secret_dir/logging-es.key && -e $secret_dir/logging-es.crt && ! -e $secret_dir/key ]]; then
103-
build_jks_from_pem "logging-es" "logging-es.key" "logging-es.crt" "admin-ca"
104-
mv $secret_dir/logging-es.jks $secret_dir/key
105-
fi
106-
107-
if [[ ! -e $secret_dir/truststore ]]; then
108-
keytool \
109-
-import \
110-
-file $secret_dir/admin-ca \
111-
-keystore $secret_dir/truststore \
112-
-storepass tspass \
113-
-noprompt \
114-
-alias sig-ca
115-
fi
116-
117-
if [[ ! -e $secret_dir/searchguard.truststore ]]; then
118-
keytool \
119-
-import \
120-
-file $secret_dir/admin-ca \
121-
-keystore $secret_dir/searchguard.truststore \
122-
-storepass tspass \
123-
-noprompt \
124-
-alias sig-ca
125-
fi
126-
12788
info "Building required p12 files and truststore"
12889

12990
# check for lack of admin.p12
@@ -151,17 +112,27 @@ build_p12_truststores() {
151112
build_p12_truststore "searchguard-truststore" "admin-ca"
152113
fi
153114

154-
info "JKS files will be removed soon and replaced with p12 certs..."
155-
156-
#rm $secret_dir/*.jks
157-
158-
#if [[ -e $secret_dir/truststore ]]; then
159-
# rm $secret_dir/truststore
160-
#fi
115+
info "Removing unnecessary JKS files"
161116

162-
#if [[ -e $secret_dir/searchguard.truststore ]]; then
163-
# rm $secret_dir/searchguard.truststore
164-
#fi
117+
if [[ -e $secret_dir/admin.jks ]]; then
118+
rm $secret_dir/admin.jks
119+
fi
120+
121+
if [[ -e $secret_dir/searchguard.key ]]; then
122+
rm $secret_dir/searchguard.key
123+
fi
124+
125+
if [[ -e $secret_dir/key ]]; then
126+
rm $secret_dir/key
127+
fi
128+
129+
if [[ -e $secret_dir/truststore ]]; then
130+
rm $secret_dir/truststore
131+
fi
132+
133+
if [[ -e $secret_dir/searchguard.truststore ]]; then
134+
rm $secret_dir/searchguard.truststore
135+
fi
165136

166137
# set all files to 600 and dir to 700
167138
chmod -R go-rwx,u+X $secret_dir
@@ -244,50 +215,6 @@ build_p12_from_pem() {
244215
2>/dev/null
245216
}
246217

247-
build_jks_from_pem() {
248-
249-
jks_name=$1
250-
key_name=$2
251-
cert_name=$3
252-
ca_name=$4
253-
254-
openssl \
255-
pkcs12 \
256-
-export \
257-
-in $secret_dir/$cert_name \
258-
-inkey $secret_dir/$key_name \
259-
-out $secret_dir/$jks_name.p12 \
260-
-passout pass:kspass
261-
262-
keytool \
263-
-importkeystore \
264-
-srckeystore $secret_dir/$jks_name.p12 \
265-
-srcstoretype PKCS12 \
266-
-srcstorepass kspass \
267-
-destkeystore $secret_dir/$jks_name.jks \
268-
-deststoretype JKS \
269-
-deststorepass kspass \
270-
-noprompt \
271-
2>/dev/null
272-
273-
keytool \
274-
-changealias \
275-
-keystore $secret_dir/$jks_name.jks \
276-
-storepass kspass \
277-
-alias 1 \
278-
-destalias $jks_name \
279-
2>/dev/null
280-
281-
keytool \
282-
-import \
283-
-file $secret_dir/$ca_name \
284-
-keystore $secret_dir/$jks_name.jks \
285-
-storepass kspass \
286-
-noprompt \
287-
-alias sig-ca \
288-
2>/dev/null
289-
}
290-
291218
build_p12_truststore() {
292219

293220
trust_name=$1

0 commit comments

Comments
 (0)