diff --git a/docs/changelog/105365.yaml b/docs/changelog/105365.yaml new file mode 100644 index 0000000000000..265e6dccc3915 --- /dev/null +++ b/docs/changelog/105365.yaml @@ -0,0 +1,6 @@ +pr: 105365 +summary: Fix bug in `rule_query` where `text_expansion` errored because it was not + rewritten +area: Application +type: bug +issues: [] diff --git a/docs/reference/security/fips-140-compliance.asciidoc b/docs/reference/security/fips-140-compliance.asciidoc index 785c720dba407..bf880213c2073 100644 --- a/docs/reference/security/fips-140-compliance.asciidoc +++ b/docs/reference/security/fips-140-compliance.asciidoc @@ -8,59 +8,75 @@ government computer security standard used to approve cryptographic modules. {es} offers a FIPS 140-2 compliant mode and as such can run in a FIPS 140-2 configured JVM. -IMPORTANT: The JVM bundled with {es} is not configured for FIPS 140-2. You must +IMPORTANT: The JVM bundled with {es} is not configured for FIPS 140-2. You must configure an external JDK with a FIPS 140-2 certified Java Security Provider. Refer to the {es} https://www.elastic.co/support/matrix#matrix_jvm[JVM support matrix] for -supported JVM configurations. +supported JVM configurations. See https://www.elastic.co/subscriptions[subscriptions] for required licensing. -After configuring your JVM for FIPS 140-2, you can run {es} in FIPS 140-2 mode by -setting the `xpack.security.fips_mode.enabled` to `true` in `elasticsearch.yml`. +Compliance with FIPS 140-2 requires using only FIPS approved / NIST recommended cryptographic algorithms. Generally this can be done by the following: -For {es}, adherence to FIPS 140-2 is ensured by: - -- Using FIPS approved / NIST recommended cryptographic algorithms. -- Delegating the implementation of these cryptographic algorithms to a NIST - validated cryptographic module (available via the Java Security Provider - in use in the JVM). -- Allowing the configuration of {es} in a FIPS 140-2 compliant manner, as - documented below. +- Installation and configuration of a FIPS certified Java security provider. +- Ensuring the configuration of {es} is FIPS 140-2 compliant as documented below. +- Setting `xpack.security.fips_mode.enabled` to `true` in `elasticsearch.yml`. Note - this setting alone is not sufficient to be compliant +with FIPS 140-2. [discrete] -=== Upgrade considerations +=== Configuring {es} for FIPS 140-2 -[IMPORTANT] -==== -include::fips-java17.asciidoc[] -==== +Detailed instructions for the configuration required for FIPS 140-2 compliance is beyond the scope of this document. It is the responsibility +of the user to ensure compliance with FIPS 140-2. {es} has been tested with a specific configuration described below. However, there are +other configurations possible to achieve compliance. +The following is a high-level overview of the required configuration: -If you plan to upgrade your existing cluster to a version that can be run in -a FIPS 140-2 configured JVM, we recommend to first perform a rolling -upgrade to the new version in your existing JVM and perform all necessary -configuration changes in preparation for running in FIPS 140-2 mode. You can then -perform a rolling restart of the nodes, starting each node in a FIPS 140-2 JVM. -During the restart, {es}: +* Use an externally installed Java installation. The JVM bundled with {es} is not configured for FIPS 140-2. +* Install a FIPS certified security provider .jar file(s) in {es}'s `lib` directory. +* Configure Java to use a FIPS certified security provider (xref:java-security-provider[see below]). +* Configure {es}'s security manager to allow use of the FIPS certified provider (xref:java-security-manager[see below]). +* Ensure the keystore and truststore are configured correctly (xref:keystore-fips-password[see below]). +* Ensure the TLS settings are configured correctly (xref:fips-tls[see below]). +* Ensure the password hashing settings are configured correctly (xref:fips-stored-password-hashing[see below]). +* Ensure the cached password hashing settings are configured correctly (xref:fips-cached-password-hashing[see below]). +* Configure `elasticsearch.yml` to use FIPS 140-2 mode, see (xref:configuring-es-yml[below]). +* Verify the security provider is installed and configured correctly (xref:verify-security-provider[see below]). +* Review the upgrade considerations (xref:fips-upgrade-considerations[see below]) and limitations (xref:fips-limitations[see below]). -- Upgrades <> to the latest, compliant format. - A FIPS 140-2 JVM cannot load previous format versions. If your keystore is - not password-protected, you must manually set a password. See - <>. -- Upgrades self-generated trial licenses to the latest FIPS 140-2 compliant format. -If your {subscriptions}[subscription] already supports FIPS 140-2 mode, you -can elect to perform a rolling upgrade while at the same time running each -upgraded node in a FIPS 140-2 JVM. In this case, you would need to also manually -regenerate your `elasticsearch.keystore` and migrate all secure settings to it, -in addition to the necessary configuration changes outlined below, before -starting each node. +[discrete] +[[java-security-provider]] +==== Java security provider + +Detailed instructions for installation and configuration of a FIPS certified Java security provider is beyond the scope of this document. +Specifically, a FIPS certified +https://docs.oracle.com/en/java/javase/17/security/java-cryptography-architecture-jca-reference-guide.html[JCA] and +https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html[JSSE] implementation is required +so that the JVM uses FIPS validated implementations of NIST recommended cryptographic algorithms. + +Elasticsearch has been tested with Bouncy Castle's https://repo1.maven.org/maven2/org/bouncycastle/bc-fips/1.0.2.4/bc-fips-1.0.2.4.jar[bc-fips 1.0.2.4] +and https://repo1.maven.org/maven2/org/bouncycastle/bctls-fips/1.0.17/bctls-fips-1.0.17.jar[bctls-fips 1.0.17]. +Please refer to the [Support Matrix] for details on which combinations of JVM and security provider are supported in FIPS mode. Elasticsearch does not ship with a FIPS certified provider. It is the responsibility of the user +to install and configure the security provider to ensure compliance with FIPS 140-2. Using a FIPS certified provider will ensure that only +approved cryptographic algorithms are used. + +To configure {es} to use additional security provider(s) configure {es}'s <> `java.security.properties` to point to a file +(https://raw.githubusercontent.com/elastic/elasticsearch/main/build-tools-internal/src/main/resources/fips_java.security[example]) in {es}'s +`config` directory. Ensure the FIPS certified security provider is configured with the lowest order. This file should contain the necessary +configuration to instruct Java to use the FIPS certified security provider. [discrete] -=== Configuring {es} for FIPS 140-2 +[[java-security-manager]] +==== Java security manager + +All code running in {es} is subject to the security restrictions enforced by the Java security manager. +The security provider you have installed and configured may require additional permissions in order to function correctly. You can grant these permissions by providing your own +https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html#FileSyntax[Java security policy] + +To configure {es}'s security manager configure the JVM property `java.security.policy` to point a file +(https://raw.githubusercontent.com/elastic/elasticsearch/main/build-tools-internal/src/main/resources/fips_java.policy[example])in {es}'s +`config` directory with the desired permissions. This file should contain the necessary configuration for the Java security manager +to grant the required permissions needed by the security provider. -Apart from setting `xpack.security.fips_mode.enabled`, a number of security -related settings need to be configured accordingly in order to be compliant -and able to run {es} successfully in a FIPS 140-2 configured JVM. [discrete] [[keystore-fips-password]] @@ -78,6 +94,7 @@ Note that when the keystore is password-protected, you must supply the password Elasticsearch starts. [discrete] +[[fips-tls]] ==== TLS SSLv2 and SSLv3 are not allowed by FIPS 140-2, so `SSLv2Hello` and `SSLv3` cannot @@ -172,6 +189,78 @@ hashes using non-compliant algorithms will be discarded and the new ones will be created using the algorithm you have selected. [discrete] +[[configuring-es-yml]] +==== Configure {es} elasticsearch.yml + +* Set `xpack.security.fips_mode.enabled` to `true` in `elasticsearch.yml`. This setting is used to ensure to configure some internal +configuration to be FIPS 140-2 compliant and provides some additional verification. + +* Set `xpack.security.autoconfiguration.enabled` to `false`. This will disable the automatic configuration of the security settings. +Users must ensure that the security settings are configured correctly for FIPS-140-2 compliance. This is only applicable for new installations. + +* Set `xpack.security.authc.password_hashing.algorithm` appropriately see xref:fips-stored-password-hashing[above]. + +* Other relevant security settings. For example, TLS for the transport and HTTP interfaces. (not explicitly covered here or in the example below) + +* Optional: Set `xpack.security.fips_mode.required_providers` in `elasticsearch.yml` to ensure the required security providers (8.13+). +see xref:verify-security-provider[below]. + +[source,yaml] +-------------------------------------------------- +xpack.security.fips_mode.enabled: true +xpack.security.autoconfiguration.enabled: false +xpack.security.fips_mode.required_providers: ["BCFIPS", "BCJSSE"] +xpack.security.authc.password_hashing.algorithm: "pbkdf2_stretch" +-------------------------------------------------- + +[discrete] +[[verify-security-provider]] +==== Verify the security provider is installed + +To verify that the security provider is installed and in use, you can use any of the following steps: + +* Verify the required security providers are configured with the lowest order in the file pointed to by `java.security.properties`. +For example, `security.provider.1` is a lower order than `security.provider.2` + +* Set `xpack.security.fips_mode.required_providers` in `elasticsearch.yml` to the list of required security providers. +This setting is used to ensure that the correct security provider is installed and configured. (8.13+) +If the security provider is not installed correctly, {es} will fail to start. `["BCFIPS", "BCJSSE"]` are the values to +use for Bouncy Castle's FIPS JCE and JSSE certified provider. + +[discrete] +[[fips-upgrade-considerations]] +=== Upgrade considerations +include::fips-java17.asciidoc[] + +[IMPORTANT] +==== +Some encryption algorithms may no longer be available by default in updated FIPS 140-2 security providers. +Notably, Triple DES and PKCS1.5 RSA are now discouraged and https://www.bouncycastle.org/fips-java[Bouncy Castle] now +requires explicit configuration to continue using these algorithms. +==== + +If you plan to upgrade your existing cluster to a version that can be run in +a FIPS 140-2 configured JVM, we recommend to first perform a rolling +upgrade to the new version in your existing JVM and perform all necessary +configuration changes in preparation for running in FIPS 140-2 mode. You can then +perform a rolling restart of the nodes, starting each node in a FIPS 140-2 JVM. +During the restart, {es}: + +- Upgrades <> to the latest, compliant format. +A FIPS 140-2 JVM cannot load previous format versions. If your keystore is +not password-protected, you must manually set a password. See +<>. +- Upgrades self-generated trial licenses to the latest FIPS 140-2 compliant format. + +If your {subscriptions}[subscription] already supports FIPS 140-2 mode, you +can elect to perform a rolling upgrade while at the same time running each +upgraded node in a FIPS 140-2 JVM. In this case, you would need to also manually +regenerate your `elasticsearch.keystore` and migrate all secure settings to it, +in addition to the necessary configuration changes outlined below, before +starting each node. + +[discrete] +[[fips-limitations]] === Limitations Due to the limitations that FIPS 140-2 compliance enforces, a small number of diff --git a/docs/reference/security/fips-java17.asciidoc b/docs/reference/security/fips-java17.asciidoc index ee1c9bf15eba0..dc46a3ec628f5 100644 --- a/docs/reference/security/fips-java17.asciidoc +++ b/docs/reference/security/fips-java17.asciidoc @@ -1,10 +1,7 @@ -{es} {version} requires Java 17 or later. -There is not yet a FIPS-certified security module for Java 17 -that you can use when running {es} {version} in FIPS 140-2 mode. -If you run in FIPS 140-2 mode, you will either need to request -an exception from your security organization to upgrade to {es} {version}, -or remain on {es} 7.x until Java 17 is certified. -ifeval::["{release-state}"=="released"] +{es} 8.0+ requires Java 17 or later. {es} 8.13+ has been tested with https://www.bouncycastle.org/java.html[Bouncy Castle]'s Java 17 +https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/4616[certified] FIPS implementation and is the +recommended Java security provider when running {es} in FIPS 140-2 mode. +Note - {es} does not ship with a FIPS certified security provider and requires explicit installation and configuration. + Alternatively, consider using {ess} in the https://www.elastic.co/industries/public-sector/fedramp[FedRAMP-certified GovCloud region]. -endif::[] \ No newline at end of file diff --git a/server/src/main/java/org/elasticsearch/search/aggregations/bucket/range/InternalBinaryRange.java b/server/src/main/java/org/elasticsearch/search/aggregations/bucket/range/InternalBinaryRange.java index f81a5ffbcaf18..2b5bcd9931f6e 100644 --- a/server/src/main/java/org/elasticsearch/search/aggregations/bucket/range/InternalBinaryRange.java +++ b/server/src/main/java/org/elasticsearch/search/aggregations/bucket/range/InternalBinaryRange.java @@ -12,18 +12,18 @@ import org.elasticsearch.TransportVersions; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; +import org.elasticsearch.core.Releasables; import org.elasticsearch.search.DocValueFormat; import org.elasticsearch.search.aggregations.AggregationReduceContext; import org.elasticsearch.search.aggregations.AggregatorReducer; import org.elasticsearch.search.aggregations.InternalAggregation; import org.elasticsearch.search.aggregations.InternalAggregations; import org.elasticsearch.search.aggregations.InternalMultiBucketAggregation; +import org.elasticsearch.search.aggregations.bucket.FixedMultiBucketAggregatorsReducer; import org.elasticsearch.search.aggregations.support.SamplingContext; import org.elasticsearch.xcontent.XContentBuilder; import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import java.util.Map; import java.util.Objects; @@ -248,50 +248,32 @@ protected AggregatorReducer getLeaderReducer(AggregationReduceContext reduceCont return new AggregatorReducer() { - final List aggregations = new ArrayList<>(size); + final FixedMultiBucketAggregatorsReducer reducer = new FixedMultiBucketAggregatorsReducer<>( + reduceContext, + size, + getBuckets() + ) { + + @Override + protected Bucket createBucket(Bucket proto, long docCount, InternalAggregations aggregations) { + return new Bucket(proto.format, proto.keyed, proto.key, proto.from, proto.to, docCount, aggregations); + } + }; @Override public void accept(InternalAggregation aggregation) { - aggregations.add((InternalBinaryRange) aggregation); + InternalBinaryRange binaryRange = (InternalBinaryRange) aggregation; + reducer.accept(binaryRange.getBuckets()); } @Override public InternalAggregation get() { - reduceContext.consumeBucketsAndMaybeBreak(buckets.size()); - long[] docCounts = new long[buckets.size()]; - InternalAggregations[][] aggs = new InternalAggregations[buckets.size()][]; - for (int i = 0; i < aggs.length; ++i) { - aggs[i] = new InternalAggregations[aggregations.size()]; - } - for (int i = 0; i < aggregations.size(); ++i) { - InternalBinaryRange range = aggregations.get(i); - if (range.buckets.size() != buckets.size()) { - throw new IllegalStateException( - "Expected [" + buckets.size() + "] buckets, but got [" + range.buckets.size() + "]" - ); - } - for (int j = 0; j < buckets.size(); ++j) { - Bucket bucket = range.buckets.get(j); - docCounts[j] += bucket.docCount; - aggs[j][i] = bucket.aggregations; - } - } - List buckets = new ArrayList<>(getBuckets().size()); - for (int i = 0; i < getBuckets().size(); ++i) { - Bucket b = getBuckets().get(i); - buckets.add( - new Bucket( - format, - keyed, - b.key, - b.from, - b.to, - docCounts[i], - InternalAggregations.reduce(Arrays.asList(aggs[i]), reduceContext) - ) - ); - } - return new InternalBinaryRange(name, format, keyed, buckets, metadata); + return new InternalBinaryRange(name, format, keyed, reducer.get(), metadata); + } + + @Override + public void close() { + Releasables.close(reducer); } }; } diff --git a/server/src/main/java/org/elasticsearch/search/aggregations/bucket/sampler/random/InternalRandomSampler.java b/server/src/main/java/org/elasticsearch/search/aggregations/bucket/sampler/random/InternalRandomSampler.java index c17056cecc053..4dde9cc67b975 100644 --- a/server/src/main/java/org/elasticsearch/search/aggregations/bucket/sampler/random/InternalRandomSampler.java +++ b/server/src/main/java/org/elasticsearch/search/aggregations/bucket/sampler/random/InternalRandomSampler.java @@ -10,8 +10,10 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; +import org.elasticsearch.core.Releasables; import org.elasticsearch.search.aggregations.AggregationReduceContext; import org.elasticsearch.search.aggregations.AggregatorReducer; +import org.elasticsearch.search.aggregations.AggregatorsReducer; import org.elasticsearch.search.aggregations.InternalAggregation; import org.elasticsearch.search.aggregations.InternalAggregations; import org.elasticsearch.search.aggregations.bucket.InternalSingleBucketAggregation; @@ -20,8 +22,6 @@ import org.elasticsearch.xcontent.XContentBuilder; import java.io.IOException; -import java.util.ArrayList; -import java.util.List; import java.util.Map; public class InternalRandomSampler extends InternalSingleBucketAggregation implements Sampler { @@ -79,24 +79,28 @@ protected InternalSingleBucketAggregation newAggregation(String name, long docCo protected AggregatorReducer getLeaderReducer(AggregationReduceContext reduceContext, int size) { return new AggregatorReducer() { long docCount = 0L; - final List subAggregationsList = new ArrayList<>(size); + final AggregatorsReducer subAggregatorReducer = new AggregatorsReducer(reduceContext, size); @Override public void accept(InternalAggregation aggregation) { docCount += ((InternalSingleBucketAggregation) aggregation).getDocCount(); - subAggregationsList.add(((InternalSingleBucketAggregation) aggregation).getAggregations()); + subAggregatorReducer.accept(((InternalSingleBucketAggregation) aggregation).getAggregations()); } @Override public InternalAggregation get() { - InternalAggregations aggs = InternalAggregations.reduce(subAggregationsList, reduceContext); + InternalAggregations aggs = subAggregatorReducer.get(); if (reduceContext.isFinalReduce() && aggs != null) { SamplingContext context = buildContext(); aggs = InternalAggregations.from(aggs.asList().stream().map(agg -> agg.finalizeSampling(context)).toList()); } - return newAggregation(getName(), docCount, aggs); } + + @Override + public void close() { + Releasables.close(subAggregatorReducer); + } }; } diff --git a/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt index a1f78231fa3c4..aba0948092581 100644 --- a/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt +++ b/x-pack/plugin/core/src/test/resources/org/elasticsearch/xpack/security/transport/ssl/certs/simple/samba4.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIVAKswcWOE2Y8orNolWoM5EJbBVQKAMA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIxMDIxNTExNDE1NVoXDTI0MDIxNTExNDE1NVowETEPMA0G -A1UEAxMGc2FtYmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNwa -9+QyLYF7q8jFOmd/1WNnV50KAnfBXti9WShk1rTso1YK3QflWtqcn0BsJFfUmRJ1 -79tTTtUmzcqcXXR/ygc8UAal/Cl19h1G4k3Mwf8tlUAjRbH0D+mM6HrZ4+QrAqwb -tDezz8TBAEuVJmTcbdrI6iA9y+I4PReqF//EyQwHeUbKvNHBF0vqYFHqErrBaKsC -VAFp9QSKjF9uRLk4e7PLJDZm9BbVTbtQ76o2SHNMni0UcriqYbi6npIWCLs5xFg5 -dSJ3SwrgBbm/Hg994miPt5CN7l69e7h3ul6/Af3UfMTM02YQ9T3mQ4evW667kAoW -Gxu2Z1cXcsq9+Qj/TwIDAQABo3sweTAdBgNVHQ4EFgQUN818rPYPElgO2oFSXM0c -GXvD4cAwHwYDVR0jBBgwFoAUdiZF7wZYdLDjDO6NuDRebJFFFnIwLAYDVR0RBCUw -I4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAkGA1UdEwQCMAAw -DQYJKoZIhvcNAQELBQADggEBAGZQ+NnsLNLbS5dvU2XQDrstcgq7JQcoajH+Us86 -/arjs9C1T7GID1wCXSlyR2uuFTYBH89UpX3oChLohnJByy1Mhpi8l+R2odhosgym -psnt7uejh9DWQrPeiL00ohSjXy3dha5VUESAKoyT/rga1YNl4qeY1J7RPM4NkP7l -nJFzJkTpdcfgcDj42OEOKRjSxaGKTQu5OP6/EXmpxxUdXpfoRfP0IiyCHSNl2gfJ -zxFvVlB2cy8O0EnJ4DdpRpzeTW8pMXGZ7flUSvOhT2rn2K1eqRL9q9LRJn/G/5DP -0u2HxjrZSfn40AS1jcasy6Lcvc7Mwz4W0cfc/tSA67WrFzw= +MIIDTjCCAjagAwIBAgIUJFzoNwmi+322wZTgemjEV35/yrIwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjQwMjE1MTQ0ODM3WhcNMjcwMjE0MTQ0ODM3WjARMQ8wDQYD +VQQDEwZzYW1iYTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFrD2n +loHuTCCbcX1pqmRnVj7SXcXsBjY9McXxvpEQ4kCdUBlDp3wC9bkGnt6jxlAvEaXn +ZXHg3DqJbD2GU9vRMapcVR4ptAvZmgpEJBU8FA8E1T1EeMhhIoWsYq2crOf/SLQY +g23tO1vmV5+kPD23KiTzj8errYF1Si/6b0IH7XuRUAUJAJYm4gN3YvNqIUYxO/WG +cOlxp/ssIC7Xj6E8Mcdpcfgm+AzLR/x2edl524GAbLqzuKM2bUoMroeNVwVRYPz5 +9iCi+rRxAlI9M2eIm7Gl+qjXUXN1BQAEpkXcxBxDWaIEomd7rR9yudHWvBl8J3+V +jJBgqhecOq/Z+bqbAgMBAAGjezB5MB0GA1UdDgQWBBSbPXW27/QMTZuLD13NUSmQ +0kxaCDAfBgNVHSMEGDAWgBTZMPxziaiEFpaGeNGBxTr+sWGeXTAsBgNVHREEJTAj +hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3QwCQYDVR0TBAIwADAN +BgkqhkiG9w0BAQsFAAOCAQEAkbnWUXSooivT8FW2PfdTLYDBi18ssdH5g2KU1fNi +E0z+85X1IZaWikGZi3fyj28+GPvRr588EmpPP+IIW9WM5rx3/Gh7elknpwTBYwPo +whuLrKPofEXeM1nUi6nC9QfKDoLWC4B2ztXLD+gcqVHfO/3Q9cs88z9IK4fMAlHu +2dof6SlqVI7AAsqCHaIIuiABW3U81URdtwCJqKt2SUQmpRh6PyAT8rqP7f//gBFF +KyLGOhlEikm+DpFvLNtBHFLL/u9P6u9zV5xyqI4K3wGMAvrTbpicXLJQC6bdIEJR +gFSUL8f6cal5l0ncN6dT3RnpAWwt88xzg8OSMDPWYAyHbw== -----END CERTIFICATE----- diff --git a/x-pack/plugin/ent-search/qa/rest/build.gradle b/x-pack/plugin/ent-search/qa/rest/build.gradle index c9b1557d74a9c..37f1d8f13c850 100644 --- a/x-pack/plugin/ent-search/qa/rest/build.gradle +++ b/x-pack/plugin/ent-search/qa/rest/build.gradle @@ -7,7 +7,7 @@ dependencies { restResources { restApi { - include '_common', 'bulk', 'cluster', 'connector', 'nodes', 'indices', 'index', 'query_ruleset', 'search_application', 'xpack', 'security', 'search' + include '_common', 'bulk', 'cluster', 'connector', 'nodes', 'indices', 'index', 'query_ruleset', 'search_application', 'xpack', 'security', 'search', 'ml' } } diff --git a/x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/260_rule_query_search.yml b/x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/260_rule_query_search.yml index c287209da5bed..40cdb7839c9ed 100644 --- a/x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/260_rule_query_search.yml +++ b/x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/260_rule_query_search.yml @@ -236,4 +236,154 @@ setup: - match: { hits.total.value: 1 } - match: { hits.hits.0._id: 'doc1' } +--- +"Perform a rule query with an organic query that must be rewritten to another query type": + - skip: + version: " - 8.13.99" + reason: Bugfix that was broken in previous versions + + - do: + indices.create: + index: test-index-with-sparse-vector + body: + mappings: + properties: + source_text: + type: keyword + ml.tokens: + type: sparse_vector + + - do: + ml.put_trained_model: + model_id: "text_expansion_model" + body: > + { + "description": "simple model for testing", + "model_type": "pytorch", + "inference_config": { + "text_expansion": { + "tokenization": { + "bert": { + "with_special_tokens": false + } + } + } + } + } + - do: + ml.put_trained_model_vocabulary: + model_id: "text_expansion_model" + body: > + { "vocabulary": ["[PAD]", "[UNK]", "these", "are", "my", "words", "the", "washing", "machine", "is", "leaking", "octopus", "comforter", "smells"] } + - do: + ml.put_trained_model_definition_part: + model_id: "text_expansion_model" + part: 0 + body: > + { + "total_definition_length":2078, + "definition": "UEsDBAAACAgAAAAAAAAAAAAAAAAAAAAAAAAUAA4Ac2ltcGxlbW9kZWwvZGF0YS5wa2xGQgoAWlpaWlpaWlpaWoACY19fdG9yY2hfXwpUaW55VGV4dEV4cGFuc2lvbgpxACmBfShYCAAAAHRyYWluaW5ncQGJWBYAAABfaXNfZnVsbF9iYWNrd2FyZF9ob29rcQJOdWJxAy5QSwcIITmbsFgAAABYAAAAUEsDBBQACAgIAAAAAAAAAAAAAAAAAAAAAAAdAB0Ac2ltcGxlbW9kZWwvY29kZS9fX3RvcmNoX18ucHlGQhkAWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWoWRT4+cMAzF7/spfASJomF3e0Ga3nrrn8vcELIyxAzRhAQlpjvbT19DWDrdquqBA/bvPT87nVUxwsm41xPd+PNtUi4a77KvXs+W8voBAHFSQY3EFCIiHKFp1+p57vs/ShyUccZdoIaz93aBTMR+thbPqru+qKBx8P4q/e8TyxRlmwVctJp66H1YmCyS7WsZwD50A2L5V7pCBADGTTOj0bGGE7noQyqzv5JDfp0o9fZRCWqP37yjhE4+mqX5X3AdFZHGM/2TzOHDpy1IvQWR+OWo3KwsRiKdpcqg4pBFDtm+QJ7nqwIPckrlnGfFJG0uNhOl38Sjut3pCqg26QuZy8BR9In7ScHHrKkKMW0TIucFrGQXCMpdaDO05O6DpOiy8e4kr0Ed/2YKOIhplW8gPr4ntygrd9ixpx3j9UZZVRagl2c6+imWUzBjuf5m+Ch7afphuvvW+r/0dsfn+2N9MZGb9+/SFtCYdhd83CMYp+mGy0LiKNs8y/eUuEA8B/d2z4dfUEsHCFSE3IaCAQAAIAMAAFBLAwQUAAgICAAAAAAAAAAAAAAAAAAAAAAAJwApAHNpbXBsZW1vZGVsL2NvZGUvX190b3JjaF9fLnB5LmRlYnVnX3BrbEZCJQBaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpahZHLbtNAFIZtp03rSVIuLRKXjdk5ojitKJsiFq24lem0KKSqpRIZt55gE9/GM+lNLFgx4i1Ys2aHhIBXgAVICNggHgNm6rqJN2BZGv36/v/MOWeea/Z5RVHurLfRUsfZXOnccx522itrd53O0vLqbaKYtsAKUe1pcege7hm9JNtzM8+kOOzNApIX0A3xBXE6YE7g0UWjg2OaZAJXbKvALOnj2GEHKc496ykLktgNt3Jz17hprCUxFqExe7YIpQkNpO1/kfHhPUdtUAdH2/gfmeYiIFW7IkM6IBP2wrDNbMe3Mjf2ksiK3Hjghg7F2DN9l/omZZl5Mmez2QRk0q4WUUB0+1oh9nDwxGdUXJdXPMRZQs352eGaRPV9s2lcMeZFGWBfKJJiw0YgbCMLBaRmXyy4flx6a667Fch55q05QOq2Jg2ANOyZwplhNsjiohVApo7aa21QnNGW5+4GXv8gxK1beBeHSRrhmLXWVh+0aBhErZ7bx1ejxMOhlR6QU4ycNqGyk8/yNGCWkwY7/RCD7UEQek4QszCgDJAzZtfErA0VqHBy9ugQP9pUfUmgCjVYgWNwHFbhBJyEOgSwBuuwARWZmoI6J9PwLfzEocpRpPrT8DP8wqHG0b4UX+E3DiscvRglXIoi81KKPwioHI5x9EooNKWiy0KOc/T6WF4SssrRuzJ9L2VNRXUhJzj6UKYfS4W/q/5wuh/l4M9R9qsU+y2dpoo2hJzkaEET8r6KRONicnRdK9EbUi6raFVIwNGjsrlbpk6ZPi7TbS3fv3LyNjPiEKzG0aG0tvNb6xw90/whe6ONjnJcUxobHDUqQ8bIOW79BVBLBwhfSmPKdAIAAE4EAABQSwMEAAAICAAAAAAAAAAAAAAAAAAAAAAAABkABQBzaW1wbGVtb2RlbC9jb25zdGFudHMucGtsRkIBAFqAAikuUEsHCG0vCVcEAAAABAAAAFBLAwQAAAgIAAAAAAAAAAAAAAAAAAAAAAAAEwA7AHNpbXBsZW1vZGVsL3ZlcnNpb25GQjcAWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWlpaWjMKUEsHCNGeZ1UCAAAAAgAAAFBLAQIAAAAACAgAAAAAAAAhOZuwWAAAAFgAAAAUAAAAAAAAAAAAAAAAAAAAAABzaW1wbGVtb2RlbC9kYXRhLnBrbFBLAQIAABQACAgIAAAAAABUhNyGggEAACADAAAdAAAAAAAAAAAAAAAAAKgAAABzaW1wbGVtb2RlbC9jb2RlL19fdG9yY2hfXy5weVBLAQIAABQACAgIAAAAAABfSmPKdAIAAE4EAAAnAAAAAAAAAAAAAAAAAJICAABzaW1wbGVtb2RlbC9jb2RlL19fdG9yY2hfXy5weS5kZWJ1Z19wa2xQSwECAAAAAAgIAAAAAAAAbS8JVwQAAAAEAAAAGQAAAAAAAAAAAAAAAACEBQAAc2ltcGxlbW9kZWwvY29uc3RhbnRzLnBrbFBLAQIAAAAACAgAAAAAAADRnmdVAgAAAAIAAAATAAAAAAAAAAAAAAAAANQFAABzaW1wbGVtb2RlbC92ZXJzaW9uUEsGBiwAAAAAAAAAHgMtAAAAAAAAAAAABQAAAAAAAAAFAAAAAAAAAGoBAAAAAAAAUgYAAAAAAABQSwYHAAAAALwHAAAAAAAAAQAAAFBLBQYAAAAABQAFAGoBAABSBgAAAAA=", + "total_parts": 1 + } + - do: + bulk: + index: test-index-with-sparse-vector + refresh: true + body: | + {"index": {}} + {"source_text": "my words comforter", "ml.tokens":{"my":1.0, "words":1.0,"comforter":1.0}} + {"index": {}} + {"source_text": "the machine is leaking", "ml.tokens":{"the":1.0,"machine":1.0,"is":1.0,"leaking":1.0}} + {"index": {}} + {"source_text": "these are my words", "ml.tokens":{"these":1.0,"are":1.0,"my":1.0,"words":1.0}} + {"index": {}} + {"source_text": "the octopus comforter smells", "ml.tokens":{"the":1.0,"octopus":1.0,"comforter":1.0,"smells":1.0}} + {"index": {}} + {"source_text": "the octopus comforter is leaking", "ml.tokens":{"the":1.0,"octopus":1.0,"comforter":1.0,"is":1.0,"leaking":1.0}} + {"index": {}} + {"source_text": "washing machine smells", "ml.tokens":{"washing":1.0,"machine":1.0,"smells":1.0}} + {"index": { "_id": "pinned_doc1" }} + {"source_text": "unrelated pinned doc", "ml.tokens":{"unrelated":1.0,"pinned":1.0,"doc":1.0}} + {"index": { "_id": "pinned_doc2" }} + {"source_text": "another unrelated pinned doc", "ml.tokens":{"another":1.0, "unrelated":1.0,"pinned":1.0,"doc":1.0}} + + - do: + ml.start_trained_model_deployment: + model_id: text_expansion_model + wait_for: started + + - do: + query_ruleset.put: + ruleset_id: combined-ruleset + body: + rules: + - rule_id: rule1 + type: pinned + criteria: + - type: exact + metadata: foo + values: [ bar ] + actions: + ids: + - 'pinned_doc1' + - rule_id: rule2 + type: pinned + criteria: + - type: exact + metadata: foo + values: [ baz ] + actions: + docs: + - '_index': 'test-index-with-sparse-vector' + '_id': 'pinned_doc2' + - do: + search: + body: + query: + rule_query: + organic: + text_expansion: + ml.tokens: + model_id: text_expansion_model + model_text: "octopus comforter smells" + match_criteria: + foo: bar + ruleset_id: combined-ruleset + + - match: { hits.total.value: 5 } + - match: { hits.hits.0._id: 'pinned_doc1' } + + - do: + search: + body: + query: + rule_query: + organic: + text_expansion: + ml.tokens: + model_id: text_expansion_model + model_text: "octopus comforter smells" + match_criteria: + foo: baz + ruleset_id: combined-ruleset + + - match: { hits.total.value: 5 } + - match: { hits.hits.0._id: 'pinned_doc2' } + + - do: + search: + body: + query: + rule_query: + organic: + text_expansion: + ml.tokens: + model_id: text_expansion_model + model_text: "octopus comforter smells" + match_criteria: + foo: puggle + ruleset_id: combined-ruleset + + - match: { hits.total.value: 4 } + diff --git a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsConstants.java b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsConstants.java new file mode 100644 index 0000000000000..9c7f192c19248 --- /dev/null +++ b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsConstants.java @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +package org.elasticsearch.xpack.application.connector.secrets; + +public class ConnectorSecretsConstants { + + public static final String CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE = "[id] of the connector secret cannot be null or empty."; + +} diff --git a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretRequest.java b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretRequest.java index 183362f64ea8f..efc8b2b6c660d 100644 --- a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretRequest.java +++ b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretRequest.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; +import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsConstants; import java.io.IOException; import java.util.Objects; @@ -23,7 +24,7 @@ public class DeleteConnectorSecretRequest extends ActionRequest { private final String id; public DeleteConnectorSecretRequest(String id) { - this.id = Objects.requireNonNull(id); + this.id = id; } public DeleteConnectorSecretRequest(StreamInput in) throws IOException { @@ -46,7 +47,10 @@ public ActionRequestValidationException validate() { ActionRequestValidationException validationException = null; if (Strings.isNullOrEmpty(id)) { - validationException = addValidationError("id missing", validationException); + validationException = addValidationError( + ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE, + validationException + ); } return validationException; diff --git a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequest.java b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequest.java index cf1cc0f563eba..e8792dd3755bd 100644 --- a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequest.java +++ b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequest.java @@ -12,6 +12,7 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; +import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsConstants; import java.io.IOException; import java.util.Objects; @@ -46,7 +47,10 @@ public ActionRequestValidationException validate() { ActionRequestValidationException validationException = null; if (Strings.isNullOrEmpty(id)) { - validationException = addValidationError("id missing", validationException); + validationException = addValidationError( + ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE, + validationException + ); } return validationException; diff --git a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilder.java b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilder.java index 3882b6c61bb2c..11d2945a97354 100644 --- a/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilder.java +++ b/x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilder.java @@ -111,18 +111,6 @@ private RuleQueryBuilder( throw new IllegalArgumentException("rulesetId must not be null or empty"); } - // PinnedQueryBuilder will return an error if we attempt to return more than the maximum number of - // pinned hits. Here, we truncate matching rules rather than return an error. - if (pinnedIds != null && pinnedIds.size() > MAX_NUM_PINNED_HITS) { - HeaderWarning.addWarning("Truncating query rule pinned hits to " + MAX_NUM_PINNED_HITS + " documents"); - pinnedIds = pinnedIds.subList(0, MAX_NUM_PINNED_HITS); - } - - if (pinnedDocs != null && pinnedDocs.size() > MAX_NUM_PINNED_HITS) { - HeaderWarning.addWarning("Truncating query rule pinned hits to " + MAX_NUM_PINNED_HITS + " documents"); - pinnedDocs = pinnedDocs.subList(0, MAX_NUM_PINNED_HITS); - } - this.organicQuery = organicQuery; this.matchCriteria = matchCriteria; this.rulesetId = rulesetId; @@ -174,6 +162,9 @@ protected void doXContent(XContentBuilder builder, Params params) throws IOExcep @Override protected Query doToQuery(SearchExecutionContext context) throws IOException { + // NOTE: this is old query logic, as in 8.12.2+ and 8.13.0+ we will always rewrite this query + // into a pinned query or the organic query. This logic remains here for backwards compatibility + // with coordinator nodes running versions 8.10.0 - 8.12.1. if ((pinnedIds != null && pinnedIds.isEmpty() == false) && (pinnedDocs != null && pinnedDocs.isEmpty() == false)) { throw new IllegalArgumentException("applied rules contain both pinned ids and pinned docs, only one of ids or docs is allowed"); } @@ -187,21 +178,25 @@ protected Query doToQuery(SearchExecutionContext context) throws IOException { } else { return organicQuery.toQuery(context); } - } - @SuppressWarnings("unchecked") @Override - protected QueryBuilder doRewrite(QueryRewriteContext queryRewriteContext) throws IOException { - if (pinnedIds != null || pinnedDocs != null) { - return this; - } else if (pinnedIdsSupplier != null || pinnedDocsSupplier != null) { - List identifiedPinnedIds = pinnedIdsSupplier != null ? pinnedIdsSupplier.get() : null; - List identifiedPinnedDocs = pinnedDocsSupplier != null ? pinnedDocsSupplier.get() : null; - if (identifiedPinnedIds == null && identifiedPinnedDocs == null) { - return this; // not executed yet + protected QueryBuilder doRewrite(QueryRewriteContext queryRewriteContext) { + if (pinnedIdsSupplier != null && pinnedDocsSupplier != null) { + List identifiedPinnedIds = pinnedIdsSupplier.get(); + List identifiedPinnedDocs = pinnedDocsSupplier.get(); + if (identifiedPinnedIds == null || identifiedPinnedDocs == null) { + return this; // Not executed yet + } else if (identifiedPinnedIds.isEmpty() && identifiedPinnedDocs.isEmpty()) { + return organicQuery; // Nothing to pin here + } else if (identifiedPinnedIds.isEmpty() == false && identifiedPinnedDocs.isEmpty() == false) { + throw new IllegalArgumentException( + "applied rules contain both pinned ids and pinned docs, only one of ids or docs is allowed" + ); + } else if (identifiedPinnedIds.isEmpty() == false) { + return new PinnedQueryBuilder(organicQuery, truncateList(identifiedPinnedIds).toArray(new String[0])); } else { - return new RuleQueryBuilder(organicQuery, matchCriteria, rulesetId, identifiedPinnedIds, identifiedPinnedDocs, null, null); + return new PinnedQueryBuilder(organicQuery, truncateList(identifiedPinnedDocs).toArray(new Item[0])); } } @@ -244,18 +239,19 @@ public void onFailure(Exception e) { }); }); - QueryBuilder newOrganicQuery = organicQuery.rewrite(queryRewriteContext); - RuleQueryBuilder rewritten = new RuleQueryBuilder( - newOrganicQuery, - matchCriteria, - this.rulesetId, - null, - null, - pinnedIdsSetOnce::get, - pinnedDocsSetOnce::get - ); - rewritten.boost(this.boost); - return rewritten; + return new RuleQueryBuilder(organicQuery, matchCriteria, this.rulesetId, null, null, pinnedIdsSetOnce::get, pinnedDocsSetOnce::get) + .boost(this.boost) + .queryName(this.queryName); + } + + private List truncateList(List input) { + // PinnedQueryBuilder will return an error if we attempt to return more than the maximum number of + // pinned hits. Here, we truncate matching rules rather than return an error. + if (input.size() > MAX_NUM_PINNED_HITS) { + HeaderWarning.addWarning("Truncating query rule pinned hits to " + MAX_NUM_PINNED_HITS + " documents"); + return input.subList(0, MAX_NUM_PINNED_HITS); + } + return input; } @Override diff --git a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretActionTests.java b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretActionTests.java index 5d9127527fc3a..503aa0a6304cd 100644 --- a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretActionTests.java +++ b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/DeleteConnectorSecretActionTests.java @@ -9,8 +9,10 @@ import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsConstants; import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils; +import static org.elasticsearch.xpack.application.connector.ConnectorTestUtils.NULL_STRING; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; @@ -29,6 +31,14 @@ public void testValidate_WhenConnectorSecretIdIsEmpty_ExpectValidationError() { ActionRequestValidationException exception = requestWithMissingConnectorId.validate(); assertThat(exception, notNullValue()); - assertThat(exception.getMessage(), containsString("id missing")); + assertThat(exception.getMessage(), containsString(ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE)); + } + + public void testValidate_WhenConnectorSecretIdIsNull_ExpectValidationError() { + DeleteConnectorSecretRequest requestWithMissingConnectorId = new DeleteConnectorSecretRequest(NULL_STRING); + ActionRequestValidationException exception = requestWithMissingConnectorId.validate(); + + assertThat(exception, notNullValue()); + assertThat(exception.getMessage(), containsString(ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE)); } } diff --git a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretActionTests.java b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretActionTests.java index 9fc01e56ee5a0..c60aeffa2911a 100644 --- a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretActionTests.java +++ b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretActionTests.java @@ -9,6 +9,7 @@ import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsConstants; import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils; import static org.hamcrest.Matchers.containsString; @@ -29,6 +30,14 @@ public void testValidate_WhenConnectorSecretIdIsEmpty_ExpectValidationError() { ActionRequestValidationException exception = requestWithMissingConnectorId.validate(); assertThat(exception, notNullValue()); - assertThat(exception.getMessage(), containsString("id missing")); + assertThat(exception.getMessage(), containsString(ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE)); + } + + public void testValidate_WhenConnectorSecretIdIsNull_ExpectValidationError() { + GetConnectorSecretRequest requestWithMissingConnectorId = new GetConnectorSecretRequest(""); + ActionRequestValidationException exception = requestWithMissingConnectorId.validate(); + + assertThat(exception, notNullValue()); + assertThat(exception.getMessage(), containsString(ConnectorSecretsConstants.CONNECTOR_SECRET_ID_NULL_OR_EMPTY_MESSAGE)); } } diff --git a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/syncjob/action/UpdateConnectorSyncJobIngestionStatsActionRequestTests.java b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/syncjob/action/UpdateConnectorSyncJobIngestionStatsActionRequestTests.java index 48ab14558db7e..4f78ad3ffa7e7 100644 --- a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/syncjob/action/UpdateConnectorSyncJobIngestionStatsActionRequestTests.java +++ b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/syncjob/action/UpdateConnectorSyncJobIngestionStatsActionRequestTests.java @@ -47,6 +47,21 @@ public void testValidate_WhenConnectorSyncJobIdIsEmpty_ExpectValidationError() { assertThat(exception.getMessage(), containsString(EMPTY_CONNECTOR_SYNC_JOB_ID_ERROR_MESSAGE)); } + public void testValidate_WhenConnectorSyncJobIdIsNull_ExpectValidationError() { + UpdateConnectorSyncJobIngestionStatsAction.Request request = new UpdateConnectorSyncJobIngestionStatsAction.Request( + null, + 0L, + 0L, + 0L, + 0L, + Instant.now() + ); + ActionRequestValidationException exception = request.validate(); + + assertThat(exception, notNullValue()); + assertThat(exception.getMessage(), containsString(EMPTY_CONNECTOR_SYNC_JOB_ID_ERROR_MESSAGE)); + } + public void testValidate_WhenDeletedDocumentCountIsNegative_ExpectValidationError() { UpdateConnectorSyncJobIngestionStatsAction.Request request = new UpdateConnectorSyncJobIngestionStatsAction.Request( randomAlphaOfLength(10), diff --git a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilderTests.java b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilderTests.java index 1d19011fdd4a9..d4ab8d8f8e6e8 100644 --- a/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilderTests.java +++ b/x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/rules/RuleQueryBuilderTests.java @@ -31,6 +31,7 @@ import org.elasticsearch.xcontent.XContentBuilder; import org.elasticsearch.xcontent.XContentFactory; import org.elasticsearch.xpack.application.LocalStateEnterpriseSearch; +import org.elasticsearch.xpack.searchbusinessrules.SearchBusinessRules; import org.hamcrest.Matchers; import java.io.IOException; @@ -62,7 +63,7 @@ protected void doAssertLuceneQuery(RuleQueryBuilder queryBuilder, Query query, S @Override protected Collection> getPlugins() { - return Collections.singletonList(LocalStateEnterpriseSearch.class); + return List.of(LocalStateEnterpriseSearch.class, SearchBusinessRules.class); } public void testIllegalArguments() { diff --git a/x-pack/plugin/esql/qa/testFixtures/src/main/resources/show.csv-spec b/x-pack/plugin/esql/qa/testFixtures/src/main/resources/show.csv-spec index 8d86563f78938..6887a1bbe9069 100644 --- a/x-pack/plugin/esql/qa/testFixtures/src/main/resources/show.csv-spec +++ b/x-pack/plugin/esql/qa/testFixtures/src/main/resources/show.csv-spec @@ -6,15 +6,15 @@ v:long ; # TODO: switch this test to ``&format=csv&delimiter=|` output -showFunctions#[skip:-8.12.99] +showFunctions#[skip:-8.13.99] show functions; name:keyword | synopsis:keyword | argNames:keyword | argTypes:keyword | argDescriptions:keyword |returnType:keyword | description:keyword | optionalArgs:boolean | variadic:boolean | isAggregation:boolean abs |"double|integer|long|unsigned_long abs(n:double|integer|long|unsigned_long)" |n |"double|integer|long|unsigned_long" | "" |"double|integer|long|unsigned_long" | "Returns the absolute value." | false | false | false -acos |"double acos(n:double|integer|long|unsigned_long)" |n |"double|integer|long|unsigned_long" | "" |double | "The arccosine of an angle, expressed in radians." | false | false | false -asin |"double asin(n:double|integer|long|unsigned_long)"|n |"double|integer|long|unsigned_long" | "" |double | "Inverse sine trigonometric function." | false | false | false -atan |"double atan(n:double|integer|long|unsigned_long)" |n |"double|integer|long|unsigned_long" | "" |double | "Inverse tangent trigonometric function." | false | false | false -atan2 |"double atan2(y:double|integer|long|unsigned_long, x:double|integer|long|unsigned_long)" |[y, x] |["double|integer|long|unsigned_long", "double|integer|long|unsigned_long"] |["", ""] |double | "The angle between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane." | [false, false] | false | false +acos |"double acos(n:double|integer|long|unsigned_long)" |n |"double|integer|long|unsigned_long" | "Number between -1 and 1" |double | "The arccosine of an angle, expressed in radians." | false | false | false +asin |"double asin(n:double|integer|long|unsigned_long)"|n |"double|integer|long|unsigned_long" | "Number between -1 and 1" |double | "Inverse sine trigonometric function." | false | false | false +atan |"double atan(n:double|integer|long|unsigned_long)" |n |"double|integer|long|unsigned_long" | "A number" |double | "Inverse tangent trigonometric function." | false | false | false +atan2 |"double atan2(y:double|integer|long|unsigned_long, x:double|integer|long|unsigned_long)" |[y, x] |["double|integer|long|unsigned_long", "double|integer|long|unsigned_long"] |["y coordinate", "x coordinate"] |double | "The angle between the positive x-axis and the ray from the origin to the point (x , y) in the Cartesian plane." | [false, false] | false | false auto_bucket |"double|date auto_bucket(field:integer|long|double|date, buckets:integer, from:integer|long|double|date|string, to:integer|long|double|date|string)" |[field, buckets, from, to] |["integer|long|double|date", "integer", "integer|long|double|date|string", "integer|long|double|date|string"] |["", "", "", ""] | "double|date" | "Creates human-friendly buckets and returns a datetime value for each row that corresponds to the resulting bucket the row falls into." | [false, false, false, false] | false | false avg |"double avg(field:double|integer|long)" |field |"double|integer|long" | "" |double | "The average of a numeric field." | false | false | true case |"boolean|cartesian_point|date|double|geo_point|integer|ip|keyword|long|text|unsigned_long|version case(condition:boolean, rest...:boolean|cartesian_point|date|double|geo_point|integer|ip|keyword|long|text|unsigned_long|version)" |[condition, rest] |["boolean", "boolean|cartesian_point|date|double|geo_point|integer|ip|keyword|long|text|unsigned_long|version"] |["", ""] |"boolean|cartesian_point|date|double|geo_point|integer|ip|keyword|long|text|unsigned_long|version" | "Accepts pairs of conditions and values. The function returns the value that belongs to the first condition that evaluates to true." | [false, false] | true | false diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Acos.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Acos.java index 603ef86af6c64..d2e0e8f025665 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Acos.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Acos.java @@ -22,7 +22,10 @@ */ public class Acos extends AbstractTrigonometricFunction { @FunctionInfo(returnType = "double", description = "The arccosine of an angle, expressed in radians.") - public Acos(Source source, @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }) Expression n) { + public Acos( + Source source, + @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }, description = "Number between -1 and 1") Expression n + ) { super(source, n); } diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Asin.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Asin.java index f66409921ad2f..38b70cea0350c 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Asin.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Asin.java @@ -22,7 +22,10 @@ */ public class Asin extends AbstractTrigonometricFunction { @FunctionInfo(returnType = "double", description = "Inverse sine trigonometric function.") - public Asin(Source source, @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }) Expression n) { + public Asin( + Source source, + @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }, description = "Number between -1 and 1") Expression n + ) { super(source, n); } diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan.java index 8f0ad96f96e8c..071379820922a 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan.java @@ -22,7 +22,10 @@ */ public class Atan extends AbstractTrigonometricFunction { @FunctionInfo(returnType = "double", description = "Inverse tangent trigonometric function.") - public Atan(Source source, @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }) Expression n) { + public Atan( + Source source, + @Param(name = "n", type = { "double", "integer", "long", "unsigned_long" }, description = "A number") Expression n + ) { super(source, n); } diff --git a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan2.java b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan2.java index 5b0a795996440..b69a536c2df84 100644 --- a/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan2.java +++ b/x-pack/plugin/esql/src/main/java/org/elasticsearch/xpack/esql/expression/function/scalar/math/Atan2.java @@ -38,8 +38,8 @@ public class Atan2 extends EsqlScalarFunction { ) public Atan2( Source source, - @Param(name = "y", type = { "double", "integer", "long", "unsigned_long" }) Expression y, - @Param(name = "x", type = { "double", "integer", "long", "unsigned_long" }) Expression x + @Param(name = "y", type = { "double", "integer", "long", "unsigned_long" }, description = "y coordinate") Expression y, + @Param(name = "x", type = { "double", "integer", "long", "unsigned_long" }, description = "x coordinate") Expression x ) { super(source, List.of(y, x)); this.y = y; diff --git a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks index ab82846740752..b497bdbd0585c 100644 Binary files a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks and b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/ADtrust.jks differ diff --git a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_ca.crt b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_ca.crt index df7b319d1e313..a3281c92af704 100644 --- a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_ca.crt +++ b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_ca.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUZTmHgM9YKX8muNbP2IYiv2sfeswwDQYJKoZIhvcNAQEL -BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l -cmF0ZWQgQ0EwHhcNMjEwMjE1MTEzODA2WhcNMjQwMjE1MTEzODA2WjA0MTIwMAYD -VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1zqGsmaweuY5dMpg8kLdnt -AoDQ1yqQ+Zf7YSv10RK8Gf2DI61cliFd2Ten9Kd3RBg5RKtEXxHDiQkvSam+Eceh -noV+BfA6DYGGlpnAJFsH5OaFQOUqZJPqDet1Xqh6ylaOMASDyMpqg+sDag9wLAWl -OHvA4kgg6F7ZWM1cwig6D4i4Y+U2k3G1KivrGSvEc7Zs1dLsjg4tYfW7bCSQu7yL -92oepozP9rgXF58SvR+4i1iu7P1r769R1WUMCHJ98f9rXDHHdsS1WMfTsuTP9h2t -TJSBGkrQKtZ0v+7oe2yKArFGF+U9FuZVD1D2Fc4dTDMxpCALF6TeIK6FFxC7FSEC -AwEAAaNTMFEwHQYDVR0OBBYEFHYmRe8GWHSw4wzujbg0XmyRRRZyMB8GA1UdIwQY -MBaAFHYmRe8GWHSw4wzujbg0XmyRRRZyMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBADZ5ddmAODL7QeZHkUrUKtGkMWK0WpdlQKx3XkxDod4DM8cI -OaKVUhJznt5ShPCMYZ3+EbTAZhaJUnxdUrulTh8UW0ezDFcnninkzVJ1K2tlYurF -CgrOpr+ni1T08pWrOQHKgFYRqJpme7TgScXCnuqCG0AaC5Ey6O1WhmjRl7aXbUx1 -IgsxtjjN0F3GispWGlLhfXvTR1NRPXLnpyv2aWn0enCdJURsvKuHcMtXSqRlWZ3q -LNDcfunhIuX7MzJ75DytM9vAQEeGMlUHnVk+jXTRuKUEGysq2DrAB8CcW8X5rRHC -nEhqNXWaHabV4NFSGyDxWfCHPVCzuEcni83/jyk= +MIIDSjCCAjKgAwIBAgIVAOtlFYTeA4VeumO8mgMu/nMuJRxRMA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTI0MDIxNTE0NDc0NFoXDTI3MDIxNDE0NDc0NFowNDEyMDAG +A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXFQRa1KKGfLNaRbiwHeK2 +kTBab7tqVS6fFmzsTTNIKf1ILYF6kxfHxsiN1jM8tVU5n0Kirqe8eRVAQn/4Hj09 +I8dhVLmvYI/BfioZWU0MXLk0aA2nUm5dk9eVkLaZSaVDZu57XrvL/s2Ezd71JpOJ +d+l9zQLNxrhvhTgw3sV53KURQip8UoisSXjbyBG5eq3Ck1DfdZ0lrXoTM/cgGp3i +yMk/oPUW2rSHYYxUOzH/SEKTfXQBXKUWbpmTMpsVv8daFi1s+DX2rKXQ1+eCR9rv +eFcoSCVQv9Q+eQcx53yLheV1TvXJ2oqqbKlBWHrkvKw9ooaEouqBV4Mbnnp/BmrP +AgMBAAGjUzBRMB0GA1UdDgQWBBTZMPxziaiEFpaGeNGBxTr+sWGeXTAfBgNVHSME +GDAWgBTZMPxziaiEFpaGeNGBxTr+sWGeXTAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQARiXwCC8afr98gtGGAG9gJLE6ivfP2Lypoc2PO37Ew1zfc +2UqUYtdmcFvxK0XhEpwbBHxOUJSYMWN+ULoagp2cpbDswZldi7MGdxCu2bK/zYiR +snXMxoYqsJaDqL8HoOV8A12ViaoVCQZeaq0OZ4/NrTRCcPzx+Yru9ZWfgG+4gDbC +hxnDJBY81ju8fhfAcCGuxApPE9fkwFwwVr5nwCbAl7Qotliol/h1eV35hPocyUVz +AxOW2Foc7ehru6NynnEAqOhjcTwMlZCKt0b4kPz2kd+9vL1ZKc/hjNX6Q6sW1N6V +z9Gu6uSsIiM8brs5/zhaRI6EGoOqo4xON5+1ejyh -----END CERTIFICATE----- diff --git a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_cert.crt b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_cert.crt index a1f78231fa3c4..aba0948092581 100644 --- a/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_cert.crt +++ b/x-pack/plugin/security/src/test/resources/org/elasticsearch/xpack/security/authc/ldap/support/smb_cert.crt @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIVAKswcWOE2Y8orNolWoM5EJbBVQKAMA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIxMDIxNTExNDE1NVoXDTI0MDIxNTExNDE1NVowETEPMA0G -A1UEAxMGc2FtYmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNwa -9+QyLYF7q8jFOmd/1WNnV50KAnfBXti9WShk1rTso1YK3QflWtqcn0BsJFfUmRJ1 -79tTTtUmzcqcXXR/ygc8UAal/Cl19h1G4k3Mwf8tlUAjRbH0D+mM6HrZ4+QrAqwb -tDezz8TBAEuVJmTcbdrI6iA9y+I4PReqF//EyQwHeUbKvNHBF0vqYFHqErrBaKsC -VAFp9QSKjF9uRLk4e7PLJDZm9BbVTbtQ76o2SHNMni0UcriqYbi6npIWCLs5xFg5 -dSJ3SwrgBbm/Hg994miPt5CN7l69e7h3ul6/Af3UfMTM02YQ9T3mQ4evW667kAoW -Gxu2Z1cXcsq9+Qj/TwIDAQABo3sweTAdBgNVHQ4EFgQUN818rPYPElgO2oFSXM0c -GXvD4cAwHwYDVR0jBBgwFoAUdiZF7wZYdLDjDO6NuDRebJFFFnIwLAYDVR0RBCUw -I4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAkGA1UdEwQCMAAw -DQYJKoZIhvcNAQELBQADggEBAGZQ+NnsLNLbS5dvU2XQDrstcgq7JQcoajH+Us86 -/arjs9C1T7GID1wCXSlyR2uuFTYBH89UpX3oChLohnJByy1Mhpi8l+R2odhosgym -psnt7uejh9DWQrPeiL00ohSjXy3dha5VUESAKoyT/rga1YNl4qeY1J7RPM4NkP7l -nJFzJkTpdcfgcDj42OEOKRjSxaGKTQu5OP6/EXmpxxUdXpfoRfP0IiyCHSNl2gfJ -zxFvVlB2cy8O0EnJ4DdpRpzeTW8pMXGZ7flUSvOhT2rn2K1eqRL9q9LRJn/G/5DP -0u2HxjrZSfn40AS1jcasy6Lcvc7Mwz4W0cfc/tSA67WrFzw= +MIIDTjCCAjagAwIBAgIUJFzoNwmi+322wZTgemjEV35/yrIwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjQwMjE1MTQ0ODM3WhcNMjcwMjE0MTQ0ODM3WjARMQ8wDQYD +VQQDEwZzYW1iYTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFrD2n +loHuTCCbcX1pqmRnVj7SXcXsBjY9McXxvpEQ4kCdUBlDp3wC9bkGnt6jxlAvEaXn +ZXHg3DqJbD2GU9vRMapcVR4ptAvZmgpEJBU8FA8E1T1EeMhhIoWsYq2crOf/SLQY +g23tO1vmV5+kPD23KiTzj8errYF1Si/6b0IH7XuRUAUJAJYm4gN3YvNqIUYxO/WG +cOlxp/ssIC7Xj6E8Mcdpcfgm+AzLR/x2edl524GAbLqzuKM2bUoMroeNVwVRYPz5 +9iCi+rRxAlI9M2eIm7Gl+qjXUXN1BQAEpkXcxBxDWaIEomd7rR9yudHWvBl8J3+V +jJBgqhecOq/Z+bqbAgMBAAGjezB5MB0GA1UdDgQWBBSbPXW27/QMTZuLD13NUSmQ +0kxaCDAfBgNVHSMEGDAWgBTZMPxziaiEFpaGeNGBxTr+sWGeXTAsBgNVHREEJTAj +hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3QwCQYDVR0TBAIwADAN +BgkqhkiG9w0BAQsFAAOCAQEAkbnWUXSooivT8FW2PfdTLYDBi18ssdH5g2KU1fNi +E0z+85X1IZaWikGZi3fyj28+GPvRr588EmpPP+IIW9WM5rx3/Gh7elknpwTBYwPo +whuLrKPofEXeM1nUi6nC9QfKDoLWC4B2ztXLD+gcqVHfO/3Q9cs88z9IK4fMAlHu +2dof6SlqVI7AAsqCHaIIuiABW3U81URdtwCJqKt2SUQmpRh6PyAT8rqP7f//gBFF +KyLGOhlEikm+DpFvLNtBHFLL/u9P6u9zV5xyqI4K3wGMAvrTbpicXLJQC6bdIEJR +gFSUL8f6cal5l0ncN6dT3RnpAWwt88xzg8OSMDPWYAyHbw== -----END CERTIFICATE----- diff --git a/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.key b/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.key index c490e0477f8f5..1f359f3bd9c71 100644 --- a/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.key +++ b/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.key @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAzXOoayZrB65jl0ymDyQt2e0CgNDXKpD5l/thK/XRErwZ/YMj -rVyWIV3ZN6f0p3dEGDlEq0RfEcOJCS9Jqb4Rx6GehX4F8DoNgYaWmcAkWwfk5oVA -5Spkk+oN63VeqHrKVo4wBIPIymqD6wNqD3AsBaU4e8DiSCDoXtlYzVzCKDoPiLhj -5TaTcbUqK+sZK8RztmzV0uyODi1h9btsJJC7vIv3ah6mjM/2uBcXnxK9H7iLWK7s -/Wvvr1HVZQwIcn3x/2tcMcd2xLVYx9Oy5M/2Ha1MlIEaStAq1nS/7uh7bIoCsUYX -5T0W5lUPUPYVzh1MMzGkIAsXpN4groUXELsVIQIDAQABAoIBAQC95K7ACsxWVysZ -xvCdghUXHed4ZI7bexAXF3OjDBtoM4/aL4GkVLU2teV1ebm5p5S6xwPfQNyWMKLS -aHCvgUwxtgIs5GRcu2uMUneUOHHh6ZP6NSPcLKi1xlmDTgJlusiV4+oh4iSOYpD3 -gTpgdo9Z0HI6f/cmL7RXJpDbj2atggKZVeSln0BYYRkNcuskPfCK3mPzOYJF5V9T -YbtnaTij72d9v7w181JRHRJQzL6jN0FiIl8BoUmepws+FMXW3lyX/jZ7unf8idTm -9d1cT7OfKThMzY+OzapJHZLl85rCAq4B617ovDHVx1lbNviBiBoTNQIjSNmgkgXk -WUZ2m0KBAoGBAP1WBkAjNuF1/HdGAgge8bPWU6SqJe1Gy25ZkRLkKxp6701EvC+p -a6OuuFonDZLTuTPDgL/v78HQMwQR+QULerAyfwCJDAXIHMFNSvAP/jzEbg4sKRp/ -0ZVUvjedxtADeHIs3SbNEt1P4A+g5U1Is5XGdeKe16zaxfXfy0VA8onZAoGBAM+c -uuNX9FxRrVDUiEIJJFADD/VePXR7YSbjUoLvLtlms4ObOUrnJZJ0IsWxkY4AnDv/ -F0PVA0uMZtVK28BZt1SsYLrKu4KbGPqJy9ArKCAeWuk3DK19XJ8heUkrprEKmQPq -kbIy+LU9MaUKg5pThh1T+uG3QA7liFixxW4KB9CJAoGBAPCWZMM+bh06LrSbMMzD -jmlqzu6fg/tN815uAx98vw6b1217LHjbHdVJ1dwQIIzjM4xcS4Z8eCaI8hoYc3R+ -DVsN6Zz5ighnnh9ZpyRLG/hb1+TvvW1kHAcEfs1Usn3T/ev4fWIe+Z5h//j3pSx7 -Mcm4uzWoAk0vSzcQ/PtdDbkpAoGAf9k+ZV32hxttJYeb2T6T9AnOvAUqxx5rd20p -lKQCL7LE/ViLcYriYkvOVfvBbLcHfxLZmtYET3PIp7SPmuYktanpb14FFqq4OSC+ -OBU7gnvu9AsIbZXzgbM1Y0/UONYT4IuE6T3mVoW2mrHc1R52Sn060+DrO8Exs5zV -vavDoDECgYBN2KF83fdixXCIDizrlJb3mbkhvLoOX+Q3iuJcOLvVrnFo9mGuXhXi -+2K9kVxihqgupRBoR8H60iTB/N3KGvqs4nffDu/lTO4nM9bA13CAVB1JzJG2uh1Y -jFc9zdB4obKShS41VjdTtCh5xi1icX+n8/CGb5TCF8W4ORO8mn9TNg== +MIIEoQIBAAKCAQEA1xUEWtSihnyzWkW4sB3itpEwWm+7alUunxZs7E0zSCn9SC2B +epMXx8bIjdYzPLVVOZ9Coq6nvHkVQEJ/+B49PSPHYVS5r2CPwX4qGVlNDFy5NGgN +p1JuXZPXlZC2mUmlQ2bue167y/7NhM3e9SaTiXfpfc0Czca4b4U4MN7FedylEUIq +fFKIrEl428gRuXqtwpNQ33WdJa16EzP3IBqd4sjJP6D1Ftq0h2GMVDsx/0hCk310 +AVylFm6ZkzKbFb/HWhYtbPg19qyl0Nfngkfa73hXKEglUL/UPnkHMed8i4XldU71 +ydqKqmypQVh65LysPaKGhKLqgVeDG556fwZqzwIDAQABAoIBABE76o4Up7Pls2wH +q4Ar2jS4IYsS6jjfpngHkKbGm4CsIf1x7VloW+lyxjMx910P8p+cC/eDzdujoCOh +WyZYgJ5biuhY+kqmjsj5q7SS8UI3qSdyhwA3R1ym3LQWqmr8pF9oP10R/t5JBn1z +uZUkiCyQYoc6sX987YkSFankz9IEdGRg2xJx9i2Iao5oDHmLUqDMzBS2TcKTv7LN +/pZQEPo/Dsvkvo5DDD6a6aBlLBCs5YcoBbtA2HeknSJRPFRay196sIh8yRcQ0WuK +zLeJvh57OK/J/Jm8jUrpYcDKEFDocFHeopRcXCbQlV1bXnuEJDNfAT/KLo5fkT3N +Xa2nrFECgYEA+ipKdR2vJjNXLSJmLO7tl63W+yESg1bLklXqMKf7WKvBEbrpeJgi +3o+HhxBrKKqBz/Y4O9x+xHhYlbWtm/6Wc9K72wmWEMf0hGevjRxM3eqqWB+7qSJ9 +qYXtwANKR/SMongos0Gavts7XLZK6exkE7RypMrU28P1jb+BQsg56n0CgYEA3Bk/ +sIdf+4Fus0KyUemZIp6xPfpUjOlccrasWA2GGfmi8xOTQn++s3ht0V04kMPHm5gH +AQ9S48+pCczDn9JFtjeH0h6dYVi+7of9NqHa3OXt++WL2T2jvum/iaK2PcW0NHqd +3owSJD+rrx4cXImW2LbKUo73L3CcxOapxYaA4DsCgYBPOaN48ZyteWbrWVCIfGZs +Odayk2e8hnlT77eKDzjvfP1Y8xvLYErytvvRz2ZQa6dOyAhJFOxkpkRPrUi89WSK +a7uog6Gt0NVkNT4Ib2T8hrvJysrwpoarcEm6HJCitxTuwyUImAc82Es1clnJOV78 +SpJgFAhTTPzwFi0GjEijNQKBgQC8xKrrLDAV9RyMgleOCVtdZd192oVJlZvEhwep +PXAWNxSahd922Tklk9QcDGfHQSKhP/JB5nKhEClaTlQ5bo57iYTjoX45T3PyAJAb +mxWq/0jtEiKvXz5hLvkngnXq5PV5TPC5PkkQ7crBloGcnCTUGXHM/PDjryHFfk99 +Ka6+oQJ/ZUPIxj8Lvu7oTVEFPczkM0iTgO1YolY/Z/E+a5suS4FaT5U5Ar9W8E5m +7FLh65QXVMsjxnP+DNSqqNuSpqsyTWFMGtwFIueGRbCnCMN+GBy07fMKC7JLnXmB +Vxf3WwwQ5Crncqn87o0m/mhf/ovsXbGFqqRSJrA0vJifi5D36Q== -----END RSA PRIVATE KEY----- diff --git a/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.pem b/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.pem index df7b319d1e313..a3281c92af704 100644 --- a/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.pem +++ b/x-pack/test/smb-fixture/src/main/resources/smb/certs/ca.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDSTCCAjGgAwIBAgIUZTmHgM9YKX8muNbP2IYiv2sfeswwDQYJKoZIhvcNAQEL -BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l -cmF0ZWQgQ0EwHhcNMjEwMjE1MTEzODA2WhcNMjQwMjE1MTEzODA2WjA0MTIwMAYD -VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC -ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM1zqGsmaweuY5dMpg8kLdnt -AoDQ1yqQ+Zf7YSv10RK8Gf2DI61cliFd2Ten9Kd3RBg5RKtEXxHDiQkvSam+Eceh -noV+BfA6DYGGlpnAJFsH5OaFQOUqZJPqDet1Xqh6ylaOMASDyMpqg+sDag9wLAWl -OHvA4kgg6F7ZWM1cwig6D4i4Y+U2k3G1KivrGSvEc7Zs1dLsjg4tYfW7bCSQu7yL -92oepozP9rgXF58SvR+4i1iu7P1r769R1WUMCHJ98f9rXDHHdsS1WMfTsuTP9h2t -TJSBGkrQKtZ0v+7oe2yKArFGF+U9FuZVD1D2Fc4dTDMxpCALF6TeIK6FFxC7FSEC -AwEAAaNTMFEwHQYDVR0OBBYEFHYmRe8GWHSw4wzujbg0XmyRRRZyMB8GA1UdIwQY -MBaAFHYmRe8GWHSw4wzujbg0XmyRRRZyMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI -hvcNAQELBQADggEBADZ5ddmAODL7QeZHkUrUKtGkMWK0WpdlQKx3XkxDod4DM8cI -OaKVUhJznt5ShPCMYZ3+EbTAZhaJUnxdUrulTh8UW0ezDFcnninkzVJ1K2tlYurF -CgrOpr+ni1T08pWrOQHKgFYRqJpme7TgScXCnuqCG0AaC5Ey6O1WhmjRl7aXbUx1 -IgsxtjjN0F3GispWGlLhfXvTR1NRPXLnpyv2aWn0enCdJURsvKuHcMtXSqRlWZ3q -LNDcfunhIuX7MzJ75DytM9vAQEeGMlUHnVk+jXTRuKUEGysq2DrAB8CcW8X5rRHC -nEhqNXWaHabV4NFSGyDxWfCHPVCzuEcni83/jyk= +MIIDSjCCAjKgAwIBAgIVAOtlFYTeA4VeumO8mgMu/nMuJRxRMA0GCSqGSIb3DQEB +CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu +ZXJhdGVkIENBMB4XDTI0MDIxNTE0NDc0NFoXDTI3MDIxNDE0NDc0NFowNDEyMDAG +A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXFQRa1KKGfLNaRbiwHeK2 +kTBab7tqVS6fFmzsTTNIKf1ILYF6kxfHxsiN1jM8tVU5n0Kirqe8eRVAQn/4Hj09 +I8dhVLmvYI/BfioZWU0MXLk0aA2nUm5dk9eVkLaZSaVDZu57XrvL/s2Ezd71JpOJ +d+l9zQLNxrhvhTgw3sV53KURQip8UoisSXjbyBG5eq3Ck1DfdZ0lrXoTM/cgGp3i +yMk/oPUW2rSHYYxUOzH/SEKTfXQBXKUWbpmTMpsVv8daFi1s+DX2rKXQ1+eCR9rv +eFcoSCVQv9Q+eQcx53yLheV1TvXJ2oqqbKlBWHrkvKw9ooaEouqBV4Mbnnp/BmrP +AgMBAAGjUzBRMB0GA1UdDgQWBBTZMPxziaiEFpaGeNGBxTr+sWGeXTAfBgNVHSME +GDAWgBTZMPxziaiEFpaGeNGBxTr+sWGeXTAPBgNVHRMBAf8EBTADAQH/MA0GCSqG +SIb3DQEBCwUAA4IBAQARiXwCC8afr98gtGGAG9gJLE6ivfP2Lypoc2PO37Ew1zfc +2UqUYtdmcFvxK0XhEpwbBHxOUJSYMWN+ULoagp2cpbDswZldi7MGdxCu2bK/zYiR +snXMxoYqsJaDqL8HoOV8A12ViaoVCQZeaq0OZ4/NrTRCcPzx+Yru9ZWfgG+4gDbC +hxnDJBY81ju8fhfAcCGuxApPE9fkwFwwVr5nwCbAl7Qotliol/h1eV35hPocyUVz +AxOW2Foc7ehru6NynnEAqOhjcTwMlZCKt0b4kPz2kd+9vL1ZKc/hjNX6Q6sW1N6V +z9Gu6uSsIiM8brs5/zhaRI6EGoOqo4xON5+1ejyh -----END CERTIFICATE----- diff --git a/x-pack/test/smb-fixture/src/main/resources/smb/certs/cert.pem b/x-pack/test/smb-fixture/src/main/resources/smb/certs/cert.pem index a1f78231fa3c4..aba0948092581 100644 --- a/x-pack/test/smb-fixture/src/main/resources/smb/certs/cert.pem +++ b/x-pack/test/smb-fixture/src/main/resources/smb/certs/cert.pem @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDTzCCAjegAwIBAgIVAKswcWOE2Y8orNolWoM5EJbBVQKAMA0GCSqGSIb3DQEB -CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu -ZXJhdGVkIENBMB4XDTIxMDIxNTExNDE1NVoXDTI0MDIxNTExNDE1NVowETEPMA0G -A1UEAxMGc2FtYmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoNwa -9+QyLYF7q8jFOmd/1WNnV50KAnfBXti9WShk1rTso1YK3QflWtqcn0BsJFfUmRJ1 -79tTTtUmzcqcXXR/ygc8UAal/Cl19h1G4k3Mwf8tlUAjRbH0D+mM6HrZ4+QrAqwb -tDezz8TBAEuVJmTcbdrI6iA9y+I4PReqF//EyQwHeUbKvNHBF0vqYFHqErrBaKsC -VAFp9QSKjF9uRLk4e7PLJDZm9BbVTbtQ76o2SHNMni0UcriqYbi6npIWCLs5xFg5 -dSJ3SwrgBbm/Hg994miPt5CN7l69e7h3ul6/Af3UfMTM02YQ9T3mQ4evW667kAoW -Gxu2Z1cXcsq9+Qj/TwIDAQABo3sweTAdBgNVHQ4EFgQUN818rPYPElgO2oFSXM0c -GXvD4cAwHwYDVR0jBBgwFoAUdiZF7wZYdLDjDO6NuDRebJFFFnIwLAYDVR0RBCUw -I4IJbG9jYWxob3N0hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAkGA1UdEwQCMAAw -DQYJKoZIhvcNAQELBQADggEBAGZQ+NnsLNLbS5dvU2XQDrstcgq7JQcoajH+Us86 -/arjs9C1T7GID1wCXSlyR2uuFTYBH89UpX3oChLohnJByy1Mhpi8l+R2odhosgym -psnt7uejh9DWQrPeiL00ohSjXy3dha5VUESAKoyT/rga1YNl4qeY1J7RPM4NkP7l -nJFzJkTpdcfgcDj42OEOKRjSxaGKTQu5OP6/EXmpxxUdXpfoRfP0IiyCHSNl2gfJ -zxFvVlB2cy8O0EnJ4DdpRpzeTW8pMXGZ7flUSvOhT2rn2K1eqRL9q9LRJn/G/5DP -0u2HxjrZSfn40AS1jcasy6Lcvc7Mwz4W0cfc/tSA67WrFzw= +MIIDTjCCAjagAwIBAgIUJFzoNwmi+322wZTgemjEV35/yrIwDQYJKoZIhvcNAQEL +BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l +cmF0ZWQgQ0EwHhcNMjQwMjE1MTQ0ODM3WhcNMjcwMjE0MTQ0ODM3WjARMQ8wDQYD +VQQDEwZzYW1iYTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFrD2n +loHuTCCbcX1pqmRnVj7SXcXsBjY9McXxvpEQ4kCdUBlDp3wC9bkGnt6jxlAvEaXn +ZXHg3DqJbD2GU9vRMapcVR4ptAvZmgpEJBU8FA8E1T1EeMhhIoWsYq2crOf/SLQY +g23tO1vmV5+kPD23KiTzj8errYF1Si/6b0IH7XuRUAUJAJYm4gN3YvNqIUYxO/WG +cOlxp/ssIC7Xj6E8Mcdpcfgm+AzLR/x2edl524GAbLqzuKM2bUoMroeNVwVRYPz5 +9iCi+rRxAlI9M2eIm7Gl+qjXUXN1BQAEpkXcxBxDWaIEomd7rR9yudHWvBl8J3+V +jJBgqhecOq/Z+bqbAgMBAAGjezB5MB0GA1UdDgQWBBSbPXW27/QMTZuLD13NUSmQ +0kxaCDAfBgNVHSMEGDAWgBTZMPxziaiEFpaGeNGBxTr+sWGeXTAsBgNVHREEJTAj +hwR/AAABhxAAAAAAAAAAAAAAAAAAAAABgglsb2NhbGhvc3QwCQYDVR0TBAIwADAN +BgkqhkiG9w0BAQsFAAOCAQEAkbnWUXSooivT8FW2PfdTLYDBi18ssdH5g2KU1fNi +E0z+85X1IZaWikGZi3fyj28+GPvRr588EmpPP+IIW9WM5rx3/Gh7elknpwTBYwPo +whuLrKPofEXeM1nUi6nC9QfKDoLWC4B2ztXLD+gcqVHfO/3Q9cs88z9IK4fMAlHu +2dof6SlqVI7AAsqCHaIIuiABW3U81URdtwCJqKt2SUQmpRh6PyAT8rqP7f//gBFF +KyLGOhlEikm+DpFvLNtBHFLL/u9P6u9zV5xyqI4K3wGMAvrTbpicXLJQC6bdIEJR +gFSUL8f6cal5l0ncN6dT3RnpAWwt88xzg8OSMDPWYAyHbw== -----END CERTIFICATE----- diff --git a/x-pack/test/smb-fixture/src/main/resources/smb/certs/key.pem b/x-pack/test/smb-fixture/src/main/resources/smb/certs/key.pem index 2def63ef63914..fbdbb5a48e1c2 100644 --- a/x-pack/test/smb-fixture/src/main/resources/smb/certs/key.pem +++ b/x-pack/test/smb-fixture/src/main/resources/smb/certs/key.pem @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAoNwa9+QyLYF7q8jFOmd/1WNnV50KAnfBXti9WShk1rTso1YK -3QflWtqcn0BsJFfUmRJ179tTTtUmzcqcXXR/ygc8UAal/Cl19h1G4k3Mwf8tlUAj -RbH0D+mM6HrZ4+QrAqwbtDezz8TBAEuVJmTcbdrI6iA9y+I4PReqF//EyQwHeUbK -vNHBF0vqYFHqErrBaKsCVAFp9QSKjF9uRLk4e7PLJDZm9BbVTbtQ76o2SHNMni0U -criqYbi6npIWCLs5xFg5dSJ3SwrgBbm/Hg994miPt5CN7l69e7h3ul6/Af3UfMTM -02YQ9T3mQ4evW667kAoWGxu2Z1cXcsq9+Qj/TwIDAQABAoIBAFyLRNio6FVV0Rib -gRyAvwK9FY9KQZ/51b4DY6wPmTQNErdFoSpYiJMkgkb8gTrHbQBDpqY/wEXyS0jJ -7/u0MnDAiOphaM0R7VOStF0t9UcGz+q145UNNCSTcQWu5/w8IKKA8c9U3JYD1CWf -Vkeob0ikPkK0GdlaZJCBNNJpy4T+BOR5D3U7o0Lz3aDExR4ExHWI1+U6xwnOFYxC -VtdKFyzYuT2bOk5E2Y0oi9EhEmJBlIvQ6p3rDPppXmbuTcCNszKal1EyYZePeke/ -iovJZ7+pQS1QsQoXK5el5N2UFM9oAwfARnM8N+yyW5lEV629wVbrYp1WYYefs12e -zGvDqEECgYEA1Vqszj8+RP7FdpCY1jFrvCIRSuIH6KKTD+6mEVcm2GXIZZlI5UGB -U6ZQ+VNxTL6wKPOqqK39jp46HPyvjIwLLwTHNSSLpgAAhBlgR6ZYTW1ImscIsJ5q -dageElmZgRLAmEEF4kx2iJNtTO/YGBqvpf6Q4sbWufO1ARbPQsg7RGMCgYEAwQNL -JPgKtYTzFYnamyq7zWvhfOdWXBVNCT0l0I9FCYKcNtc2yDEme2TOtwkKxcY+1EVj -CTCDabob3EJA6OCAG7GDXrpxbY1o3BB1XtbMnu7KPM/RlcG/qY1qE6kPpCMUevjb -qZfrRkVkH8sTsTQj+Ok4ECBVuUYpJ9BDHNK5fyUCgYAtq8xkFhuxT0xb1hYxe8DR -NAW5nusMfIi4l2CLQ7m4Bwm/3fFByiTyEB8zUA5n3EX/bjGxDBXECtDr1ZeKoYvf -U8mE8b7HGScDIB+BFvW+FU++ei69CBxH9WYCjZWTkL0Tmo+04qNZFx4Foy4B8ux4 -vyaqtN/QTIAJrKVPaWduewKBgC8goL58GhFMTxZZPJlai9SSnNIkoj+Fq/OvjIYq -FU9HJuF1Fxk2dxD2AktK1+iGiVzHPHFH+S5dlOPpAXRbLKyWYV9F4uA/APWKxz3K -8Nd1sse6bpBEaIn7z4TRaNJJBn0oOmpkf7v+wX3J1hsUghwKxfeaDZRZfz8LaPem -tEhJAoGAYikg/Vvw6VUtnDfl0bmC9GRUYrrXpdiz7FlbK6VPe9rs42a5HyrQqVBC -P24wBGfzwFqaTzD/ngodNfnyjNkywChNC18tV3IVbEW5udhX7IJV2Lz52aZBGryK -qt/MXIOtlgjx1hMqfsM3QoMxxyAvwY3tC8vevm3k8yzGfe7Vxb8= +MIIEpAIBAAKCAQEAxaw9p5aB7kwgm3F9aapkZ1Y+0l3F7AY2PTHF8b6REOJAnVAZ +Q6d8AvW5Bp7eo8ZQLxGl52Vx4Nw6iWw9hlPb0TGqXFUeKbQL2ZoKRCQVPBQPBNU9 +RHjIYSKFrGKtnKzn/0i0GINt7Ttb5lefpDw9tyok84/Hq62BdUov+m9CB+17kVAF +CQCWJuIDd2LzaiFGMTv1hnDpcaf7LCAu14+hPDHHaXH4JvgMy0f8dnnZeduBgGy6 +s7ijNm1KDK6HjVcFUWD8+fYgovq0cQJSPTNniJuxpfqo11FzdQUABKZF3MQcQ1mi +BKJne60fcrnR1rwZfCd/lYyQYKoXnDqv2fm6mwIDAQABAoIBAAfOUXD4xJDAeNkq +liVCEUzzXu+3vEUhyaqI+KQfPmNIS/zqWNUPHBqR0YitZWVaQ3hYXhDRNLoIeFdM +6vEPBrMwHuYehl5nOcCSEK24Lw58TEuIkC7QBjmvv0+bZfe17ENsf5AoQIMJwQtL +koZNyrIc+/CSUPQ6mc4j69kb46Okb1T1BvlIJrvzAlb6RTvJD1IjCJFj7Tn5yXjF +mbCynwrOvlc5E2XQHlGbabQGf8uHIlu7P6+L4vPwP26t2nIVSY+1G9/IF0sW9PH7 +EFsdovxYlsKBAX6IdjEi65347IglmCloAcuRz1AOGys8dgPitkDNL2CMgdXuOuj1 +ONkpZ4ECgYEA9FEVK/Gpb0eHlWVJMu5bGa3yADpxUwy5xO7eOd103m39tSUXOw6E +LLb5AHcYkwsOGsz0KrsVPOLC69kQpvaxr2duIzs085x9XikxlDDLJzIfnLgVv7Ib +CSvRR3R8FSAuXxIa68Yx5rG910dcQV3nl8iFzCHcmH9ECI6NQohELisCgYEAzyAl +F8ZQbIA4LPvh8PKlBpuWc3lzqALmv64dtQvhBL3N39J1YpiyxjCgKljIKu5Qk+t/ +WLJAPAHXJCTZgzdQsmcc1U39ziUhJFVEcXfVP777+O0gQwIzLZcKGc9rOoXFlblW +7UjEGbrCQITS9Ir1iBSgfw04PUcUd5dbvWek3VECgYEAjFhTkCXHTgxJ/3Dqhp5T +qMG6ZZUs6idCQ7Vv5M+pRejrN/axjJQ/KyyEh1biv/02wgCANle30Hz2ueK8ZR0L +XxZMN2LYfSSlA8UoHNeWq9JoRG+e1rqqOy93jdOFP+F3oddVraDxo3Lw+cydW1Nl +KVTgPy4oeVWKMFwrG1AJ0ncCgYEAwPxbc051CtNhBBDg0UbUGlcHlKo55/ZkF37c +8R6TV36d/wiyFN7f26fc4/f68X1BGMHY0sSq8v5n/aZUAF2e08sdY2WasOOJgLft +4Kddy1pgnewbHjRDiRvs7mWDrHCNy9Z3tvkQtkR7z++yOuXqphNKA3dGylmbKV6e +vNiAFTECgYBAQyPzQTVSyS950qd5U87EsWKBKRRr0STW+ualYBsbDe4Mt5NlPdJm +WUhUPNkOObFZgVOJEzVYCfiuWu/XOe/PZgdG3hxtaRrRr4WTCt+T7pUhOTaTQM2C +lxTVrBYqlYMLrD+ZJtSJSRfgII4i6JBynH5aVxVjq6Hv2uZyTXcAgg== -----END RSA PRIVATE KEY-----