mirror of
https://github.com/elastic/kibana.git
synced 2025-04-23 17:28:26 -04:00
(cherry picked from commit 5b993bed5c)
Co-authored-by: Aleh Zasypkin <aleh.zasypkin@elastic.co>
This commit is contained in:
Kibana Machine
GitHub
parent
12e7949e2b
commit
28e800adc0
5 changed files with 56 additions and 51 deletions
|
|
@ -1,16 +1,22 @@
|
|||
# PKI Fixtures
|
||||
|
||||
* `first_client.p12` and `second_client.p12` - the client certificate bundles signed by the Elastic Stack CA (in `kbn-dev-utils`)
|
||||
and hence trusted by both test Kibana and Elasticsearch servers.
|
||||
* `untrusted_client.p12` - the client certificate bundle trusted by test Kibana server, but not test Elasticsearch test server.
|
||||
* `kibana_ca.crt` and `kibana_ca.key` - the CA certificate and key trusted by test Kibana server only.
|
||||
|
||||
The `first_client.p12` and `second_client.p12` files were generated the same time as the other certificates in `kbn-dev-utils`, using the
|
||||
following commands:
|
||||
The client certificate bundles (`first_client.p12` and `second_client.p12`) are signed by the Elastic Stack CA (in `kbn-dev-utils`)
|
||||
and hence trusted by both test Kibana and Elasticsearch servers. The files were generated the same time as the other certificates
|
||||
in `kbn-dev-utils`, using the following commands:
|
||||
|
||||
```
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 --ca-pass castorepass --name first_client --pass ""
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca $KIBANA_HOME/packages/kbn-dev-utils/certs/ca.p12 --ca-pass castorepass --name second_client --pass ""
|
||||
```
|
||||
|
||||
The CA certificate and key (`kibana_ca.crt` and `kibana_ca.key`) are used to sign client certificates (`untrusted_client.p12`) that are only trusted
|
||||
by Kibana and not Elasticsearch. These files can be generated using the following commands:
|
||||
```
|
||||
export PKI_FIXTURES=$KIBANA_HOME/x-pack/test/security_api_integration/fixtures/pki
|
||||
|
||||
# Extract and rename CA files to kibana_ca.crt and kibana_ca.key
|
||||
bin/elasticsearch-certutil ca --ca-dn "CN=Kibana CA" --days 18250 --pem
|
||||
bin/elasticsearch-certutil cert -days 18250 --ca-key "${PKI_FIXTURES}/kibana_ca.key" --ca-cert "${PKI_FIXTURES}/kibana_ca.crt" --name untrusted_client --pass ""
|
||||
```
|
||||
|
||||
If that CA is ever changed, these two files must be regenerated.
|
||||
|
|
|
|||
|
|
@ -1,19 +1,19 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDCjCCAfKgAwIBAgIVAK8/CDsQxdAItvVPu2P72xXx4pbAMA0GCSqGSIb3DQEB
|
||||
CwUAMBQxEjAQBgNVBAMTCUtpYmFuYSBDQTAeFw0xOTA4MTQxNTAwNDFaFw0yMjA4
|
||||
MTMxNTAwNDFaMBQxEjAQBgNVBAMTCUtpYmFuYSBDQTCCASIwDQYJKoZIhvcNAQEB
|
||||
BQADggEPADCCAQoCggEBANDBPAHZvBBtOZ/9aBHVmBFA3QS35wemnT2VwFE6LSUw
|
||||
35Tj3/Vj/1NQAqAqKOUTCE0zQAyDBOGWAa1MadhYC2Fvxt/VUoOJWczeMuO3ktua
|
||||
ybk3xzJJcOSoPjbPBUfQuRQ7GnBJsjyHKgPXIsP6wshQosYZnHPJcZSF1+6N9aGJ
|
||||
psV/ukdLD8oJFq3pv7D9KY/gbAFeVkwWwdx9dqtfT0STGXOOZnLAz8ZmWH2WIt+f
|
||||
t7+9EIv1pIUM6KOqANmhxxyitvka7XdN/ZEnwV/+Is9y/6N0NGaC9BWWoCNAgvuX
|
||||
Ep0R+5qvNtCkL8okLaCc0a/B843e3k7eWuI8ES3Dhg0CAwEAAaNTMFEwHQYDVR0O
|
||||
BBYEFBEp58Oz7rIAbT5O/yOGnSQcasG7MB8GA1UdIwQYMBaAFBEp58Oz7rIAbT5O
|
||||
/yOGnSQcasG7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKZ/
|
||||
ZblM7pEOP77DLePM3NpjJQu73a7vjou2n0ifEq0HYsSMuKverZhhrc4L2PjRM34A
|
||||
NVtcSsjnc2OkhtG6baV8q/GyDtvUXwnfCnI2MxNiVtmX7fWzHZVwkd4GCXnvOd3S
|
||||
IBxzh4OYLV2rTFjo7oUWdDV+nFGVzQhhdlQ/fZ8by6g0qZvKKfe70Z3prmkRRRxz
|
||||
QslJYQwB+cK3rdyAVJDYGbMGcJjM50PR3iM/PqQFAwOcyW9th1CpiHOOmbcQRmCS
|
||||
W7h8A2TDzqvFWOz0QRoldt93vCXkP6PF3UXo2wpSPt8tzd6e0z0+HIyhYGUPstiE
|
||||
zO36/AJiPQicgQK60gI=
|
||||
MIIDDDCCAfSgAwIBAgIVAIed2sWI+TM7QuhtXYYY+U4CKS+7MA0GCSqGSIb3DQEB
|
||||
CwUAMBQxEjAQBgNVBAMTCUtpYmFuYSBDQTAgFw0yMjA4MTcxMTMxNDBaGA8yMTIy
|
||||
MDgxODExMzE0MFowFDESMBAGA1UEAxMJS2liYW5hIENBMIIBIjANBgkqhkiG9w0B
|
||||
AQEFAAOCAQ8AMIIBCgKCAQEAt0LumR5j/LLoSnAvH5kVirPQ1IOUnMcTMrLp03Ou
|
||||
X4xQ/OVGtdXiVwHqW748sUZDVS8pA7eqEboiKHoeaqgad83IA6HiCU7fcxwKwIoP
|
||||
34TTpNCIaOAVPoTcm7ZUhjau2SmeM9nSQns6qoD+jsZ2aMArF/WNEFE21dmYNnHI
|
||||
LM2+LIFErBXcv62yuAJMMy6k6ToOLdlMIEYQRukY1qJEn+ECC5wE19s/hxjHtN0Q
|
||||
CW83sd0mALA67iFdpJ5FhF0VRJIhYLXUPvMTckdsncV7O1nIxCXIAuyVm0viQoEs
|
||||
cdvwCq9QZSkz81SHYngJjZUtjBVmffRnWhvoP/tqfI6oEwIDAQABo1MwUTAdBgNV
|
||||
HQ4EFgQUFYkbkWj8ZmsT1yWerQAxe4K9teMwHwYDVR0jBBgwFoAUFYkbkWj8ZmsT
|
||||
1yWerQAxe4K9teMwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEA
|
||||
ko8gfru3o1ytUcI8iFAgSer9L3UiPYtuhKnwGIfPhVc6/qchoitU/VANXk9/SekJ
|
||||
O9DLVDB9XPDhoAENv+VbssUIRjPTQie5Ek96vbz5E9U7cTs4JPKS7jfc4i1/sifp
|
||||
ESHyDuobfLHfYYCp9pO+h+CJa2hNtkaPMBoxJQmbflm2Fv6fOycBqtBdQqxnerhX
|
||||
0etrVqzD9b5dyayaMaEQf+JKec4wZWVoXbve2hgoLk51wLafgnQEg4tGpnHY2XIb
|
||||
f+hepGmYIhPj+TMQrIvuoVqpj9qbJP+ebiYDM90THesofbi0xZ6rW3AGtrreOGcE
|
||||
2rHqnhb5HP18RNaPUlbp0w==
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
|||
|
|
@ -1,27 +1,27 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEA0ME8Adm8EG05n/1oEdWYEUDdBLfnB6adPZXAUTotJTDflOPf
|
||||
9WP/U1ACoCoo5RMITTNADIME4ZYBrUxp2FgLYW/G39VSg4lZzN4y47eS25rJuTfH
|
||||
Mklw5Kg+Ns8FR9C5FDsacEmyPIcqA9ciw/rCyFCixhmcc8lxlIXX7o31oYmmxX+6
|
||||
R0sPygkWrem/sP0pj+BsAV5WTBbB3H12q19PRJMZc45mcsDPxmZYfZYi35+3v70Q
|
||||
i/WkhQzoo6oA2aHHHKK2+Rrtd039kSfBX/4iz3L/o3Q0ZoL0FZagI0CC+5cSnRH7
|
||||
mq820KQvyiQtoJzRr8Hzjd7eTt5a4jwRLcOGDQIDAQABAoIBACZm5bsRat86uJcN
|
||||
7s8ZE9hYrk/n5MArjlF98tr+cL+etgKVyOVDd/zDgzgjiVJapfRNsUKb95HoHnba
|
||||
z73UtINAJL2YaI15/uMJHSN26bUsTF+eOy6tA++MY6WBf98uLl3iYYK2i+tGkhwS
|
||||
v3p97scazlbS70z9ib9gv9BKnR0R+DTDBACwNtfurOGQh9PDU/e3orsrVBR/kj7o
|
||||
nfjlXZzsuuVdGRHmO2yGoALCx1N0dMpO/ALWDi+phP5Jz6SBo0AGAKfC2tXZJrVz
|
||||
qwHfCPnklIphHHmFkArmrAYZDOHBNtLRFQL8SmfcZOz3HO9er87ct/zAHN5im91s
|
||||
vVZnYQECgYEA90u/q4Ux9A2iaJ4qfDqjM8i+DLezj0ogLLe9OZuBgKfy41bt7ilX
|
||||
4iQ6cmmzq/9x0dM2ydRXTVJ0Ek/0EDgfVxxcWTRSHHrwy+WOnaB0hWkMzwgDak58
|
||||
fhRi5RAhXhCJlUyHsU7FBTYcwQE6I/C971X0AuCH06eEeaHG8HOERzkCgYEA2Bo2
|
||||
cYvRmfL7uh4STWTJkq08ppNDgo1aJ8brc+YtK3v11OZEbnSSmq0rdnDqkvFBmSrJ
|
||||
wHprhs+RGBKBJzI3BMZ9uxOzhufk/xPZrpZie77JFvpzMSbC0WMTpb06QsGk1bu7
|
||||
jqtbNx8OYYF7PVxiuUsZY3sOIZ5b3t9yWeiFwXUCgYB8tcyRGPiaFQ4kKC9Qutl2
|
||||
0fNVwoZg6obTRk288XkbgpbwovQWOO9C8fYvoLKlOIsTv6pPmi/0pHI4ke2JCGR1
|
||||
r626prIJ/s3UZY3IXBSm+tUkyuu9/pq1kl5VGg9ZuolHq3J6rjiZajKR+qZxXYTL
|
||||
X9NQaB7XVBFwrW7/76FzsQKBgCOOVIzkI22AFDjwP7SqM5xFkqgZrM7rMP1AdncQ
|
||||
VThFYhJQfMvrtD9s5KzNMVtSBKgN6ToZKl35AveB++wWEAViH0fLmwtEVmI9wuA9
|
||||
8CBKKM32EUPyC7Xl5lKrys03DUb5Z4e23AA6xOP4KO3UqI2yNJAwrAeOBbGq9Cak
|
||||
4nUNAoGBAKBhG767ePf/5fMrKJnsdxK2+fpP1UglHHTKOxwtLU9xtkUw96g7yzxj
|
||||
5ma66yv1QuGIvAmbLVLCI6MmFvXYQmomoRt2KnYEgxjg8jjXXDdoOsNL87t7l0HA
|
||||
CviL/UR7ZZV28rp5TmexRworu7hC4qer9NZxqV0a7bOLq0+uVda9
|
||||
MIIEpQIBAAKCAQEAt0LumR5j/LLoSnAvH5kVirPQ1IOUnMcTMrLp03OuX4xQ/OVG
|
||||
tdXiVwHqW748sUZDVS8pA7eqEboiKHoeaqgad83IA6HiCU7fcxwKwIoP34TTpNCI
|
||||
aOAVPoTcm7ZUhjau2SmeM9nSQns6qoD+jsZ2aMArF/WNEFE21dmYNnHILM2+LIFE
|
||||
rBXcv62yuAJMMy6k6ToOLdlMIEYQRukY1qJEn+ECC5wE19s/hxjHtN0QCW83sd0m
|
||||
ALA67iFdpJ5FhF0VRJIhYLXUPvMTckdsncV7O1nIxCXIAuyVm0viQoEscdvwCq9Q
|
||||
ZSkz81SHYngJjZUtjBVmffRnWhvoP/tqfI6oEwIDAQABAoIBAA3dNGvFDs9pQYWQ
|
||||
IyCC1kxd+ih5o96QePVW77WdhM2Zse7P8Z+EBNGMRYyXQcQvipyBKtsrI+SfbkId
|
||||
qvtqqEXz/XO45X7KxsDQmEekqjrAs7o+RHOasEDAkGf/TTmyHVw0d9F4Yx3AcNnB
|
||||
VIC8puyZzSjM3NUlL77R7WABD6HD9hrVWvugTkX9qfVMPoZQHI/vg+pdO0/7P3NB
|
||||
HIQVkLtuaU1OTQe+S8DMfNnFeEMQAk9qkO3qfD/VwEEwTdc9Lpn+2tzDrm+NGI/j
|
||||
tUrACsCYZ/4Yb85hjyJTP3uPs7WF2MVRCQtT5kMO3I+dqVaRPbT4+Lfzz94nFhpu
|
||||
hsEVcUECgYEA0ZkZ+LxTFHAAnJP5s/5D0mdNeGncu/Kxti/xw8vso9par0YXNbxH
|
||||
cyWsoWpe0UdhpX6MonK7d5tF6G1xUuD7xcBablXFFvIlLLzBH5GjMSmEsNNlkuYg
|
||||
GqpijhiLD08zeim+w7eEKTvlwO7j8PIJrPjd2TEGhQV56zI8qMeaHLECgYEA39U2
|
||||
deptfR4B+ZbbRPHCtZcXCR8czKFQOYjXVMYITZb+zG9qC57DBIBj6AHhLHPDJcyf
|
||||
FSMAUgXR2XCQPOk9R0wr4fIgzNRrK/NeLBTXwYRmQddTKYEarcEuoZKdCBvdhldl
|
||||
vUxr2laChNockQFwo3frW0V3chSpNDkwL7Tx8gMCgYEAo63HDWqsCnrIz33zcy9t
|
||||
8WKAqjcpjJCjXR4l0/xtKSv8w4Gd4HXO6koSfN9felkfFSk1VCr64RWdyzukUs+l
|
||||
bjGfrShHyHqCs2QYALov0dWVbK05VjVl/szuN/9MoUD9dzogYiDvEXBYJImp8eBh
|
||||
0/Vo8hKJ/9ld82EA4+E0JZECgYEA2TlgexshWtVucTzYW5aMshKJho6tMmIzK0ME
|
||||
Rv9RO4uYh+pwbgqLlKjNTHHWh39pGhv1H1wyiWegendlY9evYqwnwkVrU52qzKKI
|
||||
+BraMLI/UxKXYKYssAfVK3TP9PimCiRzVjz+RozCahAKvSc6m0pcHN3Tx+EJPOdr
|
||||
PkFKtOUCgYEAiGWfnMpCxL9puHOd7BFm0JRtdGaXyG77JV9WLSAf+SaklTcUp7Jk
|
||||
TKKA8IqCO1xTfMHGLDPmsXSip04+Fy438ho7DmtHbasDmdStA9sF4icOAjx4Q2Oa
|
||||
5pMD79JCdROhIAty6/bTWn+irf0GKFEcmerAzOuDmnztnEQBiRBD8Fs=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
|
|
|
|||
Binary file not shown.
|
|
@ -42,8 +42,7 @@ export default function ({ getService }: FtrProviderContext) {
|
|||
expect(cookie.maxAge).to.be(0);
|
||||
}
|
||||
|
||||
// FAILING ES PROMOTION: https://github.com/elastic/kibana/issues/138784
|
||||
describe.skip('PKI authentication', () => {
|
||||
describe('PKI authentication', () => {
|
||||
before(async () => {
|
||||
await getService('esSupertest')
|
||||
.post('/_security/role_mapping/first_client_pki')
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue