参考博文链接

docker 版X-pack 6.3.0破解

操作前提

已经像这篇博文一样部署好了elasticsearch、kibana，并成功配置tls，即能够通过https访问，访问的时候需要输入用户名和密码。
docker-compose安装elasticsearch、kibana,并配置tls,使用filebeat发送日志给es

把docker中的x-pack jar包拷贝出来

新建一个目录xpack，切换到该目录，使用以下命令找出elasticsearch的docker容器id：

$ sudo docker ps |grep elasticsearch
4b663e938ec8        docker.elastic.co/elasticsearch/elasticsearch:6.3.2   "/usr/local/bin/do..."   3 hours ago         Up 11 minutes             9200/tcp, 9300/tcp                 es02
ffe36b1d3634        docker.elastic.co/elasticsearch/elasticsearch:6.3.2   "/usr/local/bin/do..."   3 hours ago         Up 11 minutes (healthy)   0.0.0.0:9200->9200/tcp, 9300/tcp   es01

第一列2个字符串就是容器id，使用如下命令把x-pack jar包复制到当前目录。

sudo docker cp   4b663e938ec8:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar .

由于编译x-pack里的java文件需要elasticsearch的jar包，因此把elasticsearch lib目录下的jar文件全部复制出来。

sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/HdrHistogram-2.1.9.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-cli-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-core-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-launchers-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-secure-sm-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/elasticsearch-x-content-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/hppc-0.7.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-core-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-cbor-2.8.10.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-smile-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jackson-dataformat-yaml-2.8.10.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jna-4.5.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/joda-time-2.9.9.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jopt-simple-5.0.2.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/jts-core-1.15.0.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-1.2-api-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-api-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/log4j-core-2.9.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-analyzers-common-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-backward-codecs-7.3.1.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-core-7.3.1.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-grouping-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-highlighter-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-join-7.3.1.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-memory-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-misc-7.3.1.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-queries-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-queryparser-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-sandbox-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial-extras-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-spatial3d-7.3.1.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/lucene-suggest-7.3.1.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/plugin-classloader-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/plugin-cli-6.3.2.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/snakeyaml-1.17.jar  .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/spatial4j-0.7.jar .;
sudo docker cp4b663e938ec8:/usr/share/elasticsearch/lib/t-digest-3.2.jar .;

luyten反编译x-pack-core-6.3.2.jar并修改2个文件

新建一个java工程，把刚刚复制出来的jar包全部加入到buildpath。
然后用luyten打开x-pack-core-6.3.2.jar，打开以下2个文件：
luyten项目地址:https://github.com/deathmarine/Luyten
org.elasticsearch.license.LicenseVerifier.class
org.elasticsearch.xpack.core.XPackBuild.class
使用luyten的另存为功能另存为.java文件。复制到eclipse或者idea中,按照文件头的package信息创建java package。

修改LicenseVerifier.java

LicenseVerifier 中有两个静态方法，这就是验证授权文件是否有效的方法，我们把它修改为全部返回true.

package org.elasticsearch.license;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] encryptedPublicKeyData) {
        return true;
    }

    public static boolean verifyLicense(final License license) {
        return true;
    }
}

修改XPackBuild.java

XPackBuild 中最后一个静态代码块中 try的部分全部删除，这部分会验证jar包是否被修改.

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.io.PathUtils;

import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Path;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;

    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }

    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }

    public String shortHash() {
        return this.shortHash;
    }

    public String date() {
        return this.date;
    }

    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0157: {
            //去掉代码块中的这部分代码
//            if (path.toString().endsWith(".jar")) {
//                try {
//                    final JarInputStream jar = new JarInputStream(Files.newInputStream(path, new OpenOption[0]));
//                    Throwable t = null;
//                    try {
//                        final Manifest manifest = jar.getManifest();
//                        shortHash = manifest.getMainAttributes().getValue("Change");
//                        date = manifest.getMainAttributes().getValue("Build-Date");
//                    }
//                    catch (Throwable t2) {
//                        t = t2;
//                        throw t2;
//                    }
//                    finally {
//                        if (t != null) {
//                            try {
//                                jar.close();
//                            }
//                            catch (Throwable t3) {
//                                t.addSuppressed(t3);
//                            }
//                        }
//                        else {
//                            jar.close();
//                        }
//                    }
//                    break Label_0157;
//                }
//                catch (IOException e) {
//                    throw new RuntimeException(e);
//                }
//            }
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

修改完成之后，把这2个.java文件编译成.class文件，然后使用WinRAR打开x-pack-core-6.3.2.jar,并把2个.classs文件拖入到对应的目录。

替换容器里边的x-pack-core-6.3.2.jar文件

上传到操作目录，使用如下命令把替换完成的x-pack-core-6.3.2.jar的文件复制到正在运行的容器当中。

sudo docker cp x-pack-core-6.3.2.jar ffe36b1d3634:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar;
sudo docker cp x-pack-core-6.3.2.jar 4b663e938ec8:/usr/share/elasticsearch/modules/x-pack/x-pack-core/x-pack-core-6.3.2.jar;

2个容器都要复制，然后重启elasticsearch容器：

sudo docker restart ffe36b1d3634;
sudo docker restart 4b663e938ec8;

导入授权文件

先从官网申请basic授权文件https://license.elastic.co/registration

下载下来的授权文件是个json文件，文件内容类似如下：

{
    "license": {
        "uid": "b5fa3f5d-af81-4c80-a100-937800c58666",
        "type": "platinum",# 修改授权为白金版本
        "issue_date_in_millis": 1534032000000,
        "expiry_date_in_millis": 3043001166000,#修改到期时间为2066-06-06
        "max_nodes": 100, # 修改最大节点数
        "issued_to": "Wang Xianfeng (SV)",
        "issuer": "Web Form",
        "signature": "AAAAAwAAAA0SP2G6iMVyYkC1Df6HAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBmsCMMVSDAn976bQ4h6zE9ounjKVy/8SaiOZEDR14SVZ++lBxVURl31VFDHhvxgoexYtyOfdQppPTJ/t8YNzlAfoc/6tE6u2AUiPaZlgGtraN9WZUB5+VGTXMgGX+QbIq9lCEazvKnRTlVkxY4JHcqCiaGEc4WjGm/tE9Ra8uFbme9jPdumJw2Yqenn69MRR5gRBSOVCmH46u0qmztC1cuLU2QuDWxAh1vxlZ+ZcqSlXnqOLKNEp80kl48ejk8qHBiQbp9B9kqJG1A7E0yF6xx2cGqsrGcWPVwDRq+yArxQqIYctX5RaI07tw6tB+sN1vDJT7t2urKZE6CSp1TKyfU",
        "start_date_in_millis": 1534032000000
    }
}

时间戳、时间转换
https://tool.lu/timestamp

然后使用kibana导入授权文件，登录kibana，management->listence management,上传修改完成的json文件即可。