From 2882f885f16b36524b592a666a4a756d4296c7c6 Mon Sep 17 00:00:00 2001 From: Tomas Dvorak Date: Tue, 7 Jan 2025 10:22:07 +0100 Subject: [PATCH 1/2] Move truststore creator to server package for cloud builds --- .../beans/impl/OpensearchSecurityConfigurationBean.java | 2 +- .../certutil}/TruststoreCreator.java | 5 ++--- .../datanode/integration/DatanodeSecurityTestUtils.java | 2 +- .../certutil}/TruststoreCreatorTest.java | 6 +----- .../java/org/graylog/datanode/ClientCertResourceIT.java | 2 +- 5 files changed, 6 insertions(+), 11 deletions(-) rename data-node/src/main/java/org/graylog/{datanode/configuration => security/certutil}/TruststoreCreator.java (97%) rename data-node/src/test/java/org/graylog/{datanode/configuration => security/certutil}/TruststoreCreatorTest.java (97%) diff --git a/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java b/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java index b48bbddd446e..4f487f587320 100644 --- a/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java +++ b/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java @@ -22,7 +22,6 @@ import org.apache.commons.lang3.RandomStringUtils; import org.graylog.datanode.Configuration; import org.graylog.datanode.configuration.OpensearchConfigurationException; -import org.graylog.datanode.configuration.TruststoreCreator; import org.graylog.datanode.configuration.variants.OpensearchCertificates; import org.graylog.datanode.configuration.variants.OpensearchCertificatesProvider; import org.graylog.datanode.opensearch.configuration.OpensearchConfigurationParams; @@ -31,6 +30,7 @@ import org.graylog.datanode.process.configuration.files.KeystoreConfigFile; import org.graylog.datanode.process.configuration.files.OpensearchSecurityConfigurationFile; import org.graylog.security.certutil.CertConstants; +import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.csr.KeystoreInformation; import org.graylog2.security.JwtSecret; import org.slf4j.Logger; diff --git a/data-node/src/main/java/org/graylog/datanode/configuration/TruststoreCreator.java b/data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java similarity index 97% rename from data-node/src/main/java/org/graylog/datanode/configuration/TruststoreCreator.java rename to data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java index 5cbb5b1f07c3..4db768036009 100644 --- a/data-node/src/main/java/org/graylog/datanode/configuration/TruststoreCreator.java +++ b/data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java @@ -14,15 +14,14 @@ * along with this program. If not, see * . */ -package org.graylog.datanode.configuration; +package org.graylog.security.certutil; import jakarta.annotation.Nonnull; -import org.graylog.security.certutil.CertConstants; +import org.graylog.datanode.configuration.TruststoreUtils; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; -import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import java.nio.file.Path; diff --git a/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java b/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java index b4237d5a60ad..4f7843d8ba0a 100644 --- a/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java +++ b/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java @@ -17,10 +17,10 @@ package org.graylog.datanode.integration; import org.apache.commons.lang3.RandomStringUtils; -import org.graylog.datanode.configuration.TruststoreCreator; import org.graylog.security.certutil.CertutilCa; import org.graylog.security.certutil.CertutilCert; import org.graylog.security.certutil.CertutilHttp; +import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.console.TestableConsole; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; diff --git a/data-node/src/test/java/org/graylog/datanode/configuration/TruststoreCreatorTest.java b/data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java similarity index 97% rename from data-node/src/test/java/org/graylog/datanode/configuration/TruststoreCreatorTest.java rename to data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java index 715b7410b596..67d105e72f1c 100644 --- a/data-node/src/test/java/org/graylog/datanode/configuration/TruststoreCreatorTest.java +++ b/data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java @@ -14,7 +14,7 @@ * along with this program. If not, see * . */ -package org.graylog.datanode.configuration; +package org.graylog.security.certutil; import com.google.common.collect.ImmutableList; import com.google.common.collect.Lists; @@ -28,10 +28,6 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.graylog.security.certutil.CertConstants; -import org.graylog.security.certutil.CertRequest; -import org.graylog.security.certutil.CertificateGenerator; -import org.graylog.security.certutil.KeyPair; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; diff --git a/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java b/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java index ff7cbe1e07eb..07ae27123299 100644 --- a/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java +++ b/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java @@ -27,8 +27,8 @@ import org.bouncycastle.openssl.PEMKeyPair; import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; -import org.graylog.datanode.configuration.TruststoreCreator; import org.graylog.security.certutil.CertConstants; +import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; import org.graylog.testing.completebackend.apis.GraylogApiResponse; From c2830b69148e68d50b4e15c8904b7203c5236233 Mon Sep 17 00:00:00 2001 From: Tomas Dvorak Date: Tue, 7 Jan 2025 13:43:27 +0100 Subject: [PATCH 2/2] Fix truststore creator location --- .../beans/impl/OpensearchSecurityConfigurationBean.java | 2 +- .../datanode/integration/DatanodeSecurityTestUtils.java | 2 +- .../java/org/graylog/datanode/ClientCertResourceIT.java | 2 +- .../main/java/org/graylog2/security}/TruststoreCreator.java | 4 ++-- .../main/java/org/graylog2/security}/TruststoreUtils.java | 2 +- .../java/org/graylog2/security}/TruststoreCreatorTest.java | 6 +++++- 6 files changed, 11 insertions(+), 7 deletions(-) rename {data-node/src/main/java/org/graylog/security/certutil => graylog2-server/src/main/java/org/graylog2/security}/TruststoreCreator.java (98%) rename {data-node/src/main/java/org/graylog/datanode/configuration => graylog2-server/src/main/java/org/graylog2/security}/TruststoreUtils.java (98%) rename {data-node/src/test/java/org/graylog/security/certutil => graylog2-server/src/test/java/org/graylog2/security}/TruststoreCreatorTest.java (97%) diff --git a/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java b/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java index 4f487f587320..b82f0e26e7ca 100644 --- a/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java +++ b/data-node/src/main/java/org/graylog/datanode/opensearch/configuration/beans/impl/OpensearchSecurityConfigurationBean.java @@ -30,9 +30,9 @@ import org.graylog.datanode.process.configuration.files.KeystoreConfigFile; import org.graylog.datanode.process.configuration.files.OpensearchSecurityConfigurationFile; import org.graylog.security.certutil.CertConstants; -import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.csr.KeystoreInformation; import org.graylog2.security.JwtSecret; +import org.graylog2.security.TruststoreCreator; import org.slf4j.Logger; import org.slf4j.LoggerFactory; diff --git a/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java b/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java index 4f7843d8ba0a..f278700c2397 100644 --- a/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java +++ b/data-node/src/test/java/org/graylog/datanode/integration/DatanodeSecurityTestUtils.java @@ -20,10 +20,10 @@ import org.graylog.security.certutil.CertutilCa; import org.graylog.security.certutil.CertutilCert; import org.graylog.security.certutil.CertutilHttp; -import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.console.TestableConsole; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; +import org.graylog2.security.TruststoreCreator; import java.io.IOException; import java.nio.file.Path; diff --git a/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java b/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java index 07ae27123299..a2c5b94cb1ff 100644 --- a/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java +++ b/full-backend-tests/src/test/java/org/graylog/datanode/ClientCertResourceIT.java @@ -28,7 +28,6 @@ import org.bouncycastle.openssl.PEMParser; import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter; import org.graylog.security.certutil.CertConstants; -import org.graylog.security.certutil.TruststoreCreator; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; import org.graylog.testing.completebackend.apis.GraylogApiResponse; @@ -36,6 +35,7 @@ import org.graylog.testing.containermatrix.SearchServer; import org.graylog.testing.containermatrix.annotations.ContainerMatrixTest; import org.graylog.testing.containermatrix.annotations.ContainerMatrixTestsConfiguration; +import org.graylog2.security.TruststoreCreator; import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManagerFactory; diff --git a/data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java b/graylog2-server/src/main/java/org/graylog2/security/TruststoreCreator.java similarity index 98% rename from data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java rename to graylog2-server/src/main/java/org/graylog2/security/TruststoreCreator.java index 4db768036009..06eda5d0bf65 100644 --- a/data-node/src/main/java/org/graylog/security/certutil/TruststoreCreator.java +++ b/graylog2-server/src/main/java/org/graylog2/security/TruststoreCreator.java @@ -14,10 +14,10 @@ * along with this program. If not, see * . */ -package org.graylog.security.certutil; +package org.graylog2.security; import jakarta.annotation.Nonnull; -import org.graylog.datanode.configuration.TruststoreUtils; +import org.graylog.security.certutil.CertConstants; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation; diff --git a/data-node/src/main/java/org/graylog/datanode/configuration/TruststoreUtils.java b/graylog2-server/src/main/java/org/graylog2/security/TruststoreUtils.java similarity index 98% rename from data-node/src/main/java/org/graylog/datanode/configuration/TruststoreUtils.java rename to graylog2-server/src/main/java/org/graylog2/security/TruststoreUtils.java index c7a300530f46..badf6baec702 100644 --- a/data-node/src/main/java/org/graylog/datanode/configuration/TruststoreUtils.java +++ b/graylog2-server/src/main/java/org/graylog2/security/TruststoreUtils.java @@ -14,7 +14,7 @@ * along with this program. If not, see * . */ -package org.graylog.datanode.configuration; +package org.graylog2.security; import jakarta.annotation.Nonnull; import org.slf4j.Logger; diff --git a/data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java b/graylog2-server/src/test/java/org/graylog2/security/TruststoreCreatorTest.java similarity index 97% rename from data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java rename to graylog2-server/src/test/java/org/graylog2/security/TruststoreCreatorTest.java index 67d105e72f1c..e8ed3c7b2350 100644 --- a/data-node/src/test/java/org/graylog/security/certutil/TruststoreCreatorTest.java +++ b/graylog2-server/src/test/java/org/graylog2/security/TruststoreCreatorTest.java @@ -14,7 +14,7 @@ * along with this program. If not, see * . */ -package org.graylog.security.certutil; +package org.graylog2.security; import com.google.common.collect.ImmutableList; import com.google.common.collect.Lists; @@ -28,6 +28,10 @@ import org.bouncycastle.operator.ContentSigner; import org.bouncycastle.operator.OperatorCreationException; import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import org.graylog.security.certutil.CertConstants; +import org.graylog.security.certutil.CertRequest; +import org.graylog.security.certutil.CertificateGenerator; +import org.graylog.security.certutil.KeyPair; import org.graylog.security.certutil.csr.FilesystemKeystoreInformation; import org.graylog.security.certutil.csr.InMemoryKeystoreInformation; import org.graylog.security.certutil.csr.KeystoreInformation;