Calculate SHA256 fingerprint for enrollment token

A follow up PR for: elastic#73573
BigPandaToo · Jun 23, 2021 · 60f7af6 · 60f7af6
1 parent 7aaf209
commit 60f7af6
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 6 deletions.
diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslDiagnostics.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslDiagnostics.java
@@ -376,7 +376,7 @@ private static String fingerprintDescription(List<X509Certificate> certificates)
 
     private static String fingerprintDescription(X509Certificate certificate) {
         try {
-            final String fingerprint = SslUtil.calculateFingerprint(certificate);
+            final String fingerprint = SslUtil.calculateFingerprint(certificate, "SHA-1");
             return "fingerprint [" + fingerprint + "]";
         } catch (CertificateEncodingException e) {
             return "invalid encoding [" + e.toString() + "]";

diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslUtil.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslUtil.java
@@ -20,8 +20,8 @@ private SslUtil() {
         // utility class
     }
 
-    public static String calculateFingerprint(X509Certificate certificate) throws CertificateEncodingException {
-        final MessageDigest sha1 = messageDigest("SHA-1");
+    public static String calculateFingerprint(X509Certificate certificate, String algorithm) throws CertificateEncodingException {
+        final MessageDigest sha1 = messageDigest(algorithm);
         sha1.update(certificate.getEncoded());
         return toHexString(sha1.digest());
     }

diff --git a/...rity/src/main/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentToken.java b/...rity/src/main/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentToken.java
@@ -214,7 +214,7 @@ protected String getCaFingerprint() throws Exception {
             throw new IllegalStateException("Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration " +
                 "Keystore contains multiple PrivateKey entries where the associated certificate is a CA certificate");
         }
-        return SslUtil.calculateFingerprint(httpCaKeysAndCertificates.get(0).v2());
+        return SslUtil.calculateFingerprint(httpCaKeysAndCertificates.get(0).v2(), "SHA256");
     }
 
     static List<String> getFilteredAddresses(List<String> addresses) throws Exception {

diff --git a/...src/test/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentTokenTests.java b/...src/test/java/org/elasticsearch/xpack/security/enrollment/CreateEnrollmentTokenTests.java
@@ -128,15 +128,15 @@ public void testCreateSuccess() throws Exception {
         Map<String, String> infoNode = getDecoded(tokenNode);
         assertEquals("8.0.0", infoNode.get("ver"));
         assertEquals("[192.168.0.1:9201, 172.16.254.1:9202, [2001:db8:0:1234:0:567:8:1]:9203]", infoNode.get("adr"));
-        assertEquals("598a35cd831ee6bb90e79aa80d6b073cda88b41d", infoNode.get("fgr"));
+        assertEquals("7066aa01e11c5e3e080249edbbe67bca53a2776bbdd802ac4d87b1744de70785", infoNode.get("fgr"));
         assertEquals("RFI2Q3pYa0JEZjhhbVZfNDh5WVg6eDNZcVVfcnFRd20tRVNya0V4Y25PZw==", infoNode.get("key"));
 
         final String tokenKibana = createEnrollmentToken.createNodeEnrollmentToken("elastic", new SecureString("elastic"));
 
         Map<String, String> infoKibana = getDecoded(tokenKibana);
         assertEquals("8.0.0", infoKibana.get("ver"));
         assertEquals("[192.168.0.1:9201, 172.16.254.1:9202, [2001:db8:0:1234:0:567:8:1]:9203]", infoKibana.get("adr"));
-        assertEquals("598a35cd831ee6bb90e79aa80d6b073cda88b41d", infoKibana.get("fgr"));
+        assertEquals("7066aa01e11c5e3e080249edbbe67bca53a2776bbdd802ac4d87b1744de70785", infoKibana.get("fgr"));
         assertEquals("RFI2Q3pYa0JEZjhhbVZfNDh5WVg6eDNZcVVfcnFRd20tRVNya0V4Y25PZw==", infoKibana.get("key"));
     }