List of usage examples for org.apache.lucene.store SimpleFSDirectory createOutput
@Override
public IndexOutput createOutput(String name, IOContext context) throws IOException
From source file:org.elasticsearch.common.settings.KeyStoreWrapper.java
License:Apache License
/** Write the keystore to the given config directory. */ void save(Path configDir) throws Exception { char[] password = this.keystorePassword.get().getPassword(); SimpleFSDirectory directory = new SimpleFSDirectory(configDir); // write to tmp file first, then overwrite String tmpFile = KEYSTORE_FILENAME + ".tmp"; try (IndexOutput output = directory.createOutput(tmpFile, IOContext.DEFAULT)) { CodecUtil.writeHeader(output, KEYSTORE_FILENAME, FORMAT_VERSION); output.writeByte(password.length == 0 ? (byte) 0 : (byte) 1); output.writeString(type);/* w ww .ja v a2 s. co m*/ output.writeString(secretFactory.getAlgorithm()); ByteArrayOutputStream keystoreBytesStream = new ByteArrayOutputStream(); keystore.get().store(keystoreBytesStream, password); byte[] keystoreBytes = keystoreBytesStream.toByteArray(); output.writeInt(keystoreBytes.length); output.writeBytes(keystoreBytes, keystoreBytes.length); CodecUtil.writeFooter(output); } Path keystoreFile = keystorePath(configDir); Files.move(configDir.resolve(tmpFile), keystoreFile, StandardCopyOption.REPLACE_EXISTING, StandardCopyOption.ATOMIC_MOVE); PosixFileAttributeView attrs = Files.getFileAttributeView(keystoreFile, PosixFileAttributeView.class); if (attrs != null) { // don't rely on umask: ensure the keystore has minimal permissions attrs.setPermissions(PosixFilePermissions.fromString("rw-------")); } }
From source file:org.elasticsearch.xpack.security.FIPS140SecureSettingsBootstrapCheckTests.java
License:Open Source License
private void generateV2Keystore(Environment env) throws Exception { Path configDir = env.configFile(); SimpleFSDirectory directory = new SimpleFSDirectory(configDir); byte[] fileBytes = new byte[20]; random().nextBytes(fileBytes);/*from w w w . ja v a2 s .c om*/ try (IndexOutput output = directory.createOutput("elasticsearch.keystore", IOContext.DEFAULT)) { CodecUtil.writeHeader(output, "elasticsearch.keystore", 2); output.writeByte((byte) 0); // hasPassword = false output.writeString("PKCS12"); output.writeString("PBE"); // string algo output.writeString("PBE"); // file algo output.writeVInt(2); // num settings output.writeString("string_setting"); output.writeString("STRING"); output.writeString("file_setting"); output.writeString("FILE"); SecretKeyFactory secretFactory = SecretKeyFactory.getInstance("PBE"); KeyStore keystore = KeyStore.getInstance("PKCS12"); keystore.load(null, null); SecretKey secretKey = secretFactory.generateSecret(new PBEKeySpec("stringSecretValue".toCharArray())); KeyStore.ProtectionParameter protectionParameter = new KeyStore.PasswordProtection(new char[0]); keystore.setEntry("string_setting", new KeyStore.SecretKeyEntry(secretKey), protectionParameter); byte[] base64Bytes = Base64.getEncoder().encode(fileBytes); char[] chars = new char[base64Bytes.length]; for (int i = 0; i < chars.length; ++i) { chars[i] = (char) base64Bytes[i]; // PBE only stores the lower 8 bits, so this narrowing is ok } secretKey = secretFactory.generateSecret(new PBEKeySpec(chars)); keystore.setEntry("file_setting", new KeyStore.SecretKeyEntry(secretKey), protectionParameter); ByteArrayOutputStream keystoreBytesStream = new ByteArrayOutputStream(); keystore.store(keystoreBytesStream, new char[0]); byte[] keystoreBytes = keystoreBytesStream.toByteArray(); output.writeInt(keystoreBytes.length); output.writeBytes(keystoreBytes, keystoreBytes.length); CodecUtil.writeFooter(output); } }