恩，是发现JDBC连Elasticsearch竟然需要白金授权才行，随手搜了下竟然有破解方法，就整理记录下好了。

以下内容摘录自：俊瑶先森 发布的：Elasticsearch 7.x 白金级 破解实践

原理

license中有个signature字段，ES会根据这个字段判断License是否被篡改。只要取消ES的这个判断逻辑，就可以随便篡改License，达到激活的目的了。

我是基于 官方 ES Docker 镜像 7.13.0 版本进行破解的。原则上支持任意版本破解。

破解

提取文件

ES_HOME/modules/x-pack-core/x-pack-core-7.13.0.jar

获取Jar包查看工具Luyten，你可以可以使用其他的工具，GitHub

然后打开x-pack-core-7.13.0.jar这个文件，后续需要选中图中类并导出为java源码（点击File–Save As 另存为java）。

修改源码

org.elasticsearch.license/LicenseVerifier.class 另存后：LicenseVerifier.java

LicenseVerifier.java 修改为：

package org.elasticsearch.license;

import java.nio.*;
import org.elasticsearch.common.bytes.*;
import java.security.*;
import java.util.*;
import org.elasticsearch.common.xcontent.*;
import org.apache.lucene.util.*;
import org.elasticsearch.core.internal.io.*;
import java.io.*;

public class LicenseVerifier
{
    public static boolean verifyLicense(final License license, final byte[] publicKeyData) {
        return true;
    }
    
    public static boolean verifyLicense(final License license) {
        return true;
    }
}

org.elasticsearch.xpack.core/XPackBuild.class 另存后：XPackBuild.java

XPackBuild.java 修改为：

package org.elasticsearch.xpack.core;

import org.elasticsearch.common.io.*;
import java.net.*;
import org.elasticsearch.common.*;
import java.nio.file.*;
import java.io.*;
import java.util.jar.*;

public class XPackBuild
{
    public static final XPackBuild CURRENT;
    private String shortHash;
    private String date;
    
    @SuppressForbidden(reason = "looks up path of xpack.jar directly")
    static Path getElasticsearchCodebase() {
        final URL url = XPackBuild.class.getProtectionDomain().getCodeSource().getLocation();
        try {
            return PathUtils.get(url.toURI());
        }
        catch (URISyntaxException bogus) {
            throw new RuntimeException(bogus);
        }
    }
    
    XPackBuild(final String shortHash, final String date) {
        this.shortHash = shortHash;
        this.date = date;
    }
    
    public String shortHash() {
        return this.shortHash;
    }
    
    public String date() {
        return this.date;
    }
    
    static {
        final Path path = getElasticsearchCodebase();
        String shortHash = null;
        String date = null;
        Label_0109: {
            shortHash = "Unknown";
            date = "Unknown";
        }
        CURRENT = new XPackBuild(shortHash, date);
    }
}

java源代码已经更改完毕，下面就是生成class文件，然后替换原来的class文件即可：

生成Class文件

Linux下执行这段shell，就可以得到2个Java代码对应的class文件：

ES_HOME="/usr/share/elasticsearch"
ES_JAR=$(cd $ES_HOME && ls lib/elasticsearch-[0-9]*.jar)
ESCORE_JAR=$(cd $ES_HOME && ls lib/elasticsearch-core-*.jar)
LUCENE_JAR=$(cd $ES_HOME && ls lib/lucene-core-*.jar)
XPACK_JAR=$(cd $ES_HOME && ls modules/x-pack-core/x-pack-core-*.jar)

javac -cp "${ES_HOME}/${ES_JAR}:${ES_HOME}/${LUCENE_JAR}:${ES_HOME}/${XPACK_JAR}:${ES_HOME}/${ESCORE_JAR}" LicenseVerifier.java
javac -cp "${ES_HOME}/${ES_JAR}:${ES_HOME}/${LUCENE_JAR}:${ES_HOME}/${XPACK_JAR}:${ES_HOME}/${ESCORE_JAR}" XPackBuild.java

解压重新替换并打包

这个方法很多，自己搞定，主要就是把刚才的两个class文件替换到x-pack-core-7.13.0.jar包中的同名文件：

XPackBuild.class => /elk/x-pack/org/elasticsearch/xpack/core/
LicenseVerifier.class => /elk/x-pack/org/elasticsearch/license/

之后把修改后的x-pack-core-7.13.0.jar替换同名文件。

导入License

示例license.json：

{
  "license": {
    "uid": "92c6b41e-59f9-4674-b227-77063c5fa8b0",
    "type": "platinum",
    "issue_date_in_millis": 1642291200000,
    "expiry_date_in_millis": 3107746200000,
    "max_nodes": 100,
    "issued_to": "junyao hong (race)",
    "issuer": "Web Form",
    "signature": "AAAAAwAAAA0kxge9SLSAvWWnMgDEAAABmC9ZN0hjZDBGYnVyRXpCOW5Bb3FjZDAxOWpSbTVoMVZwUzRxVk1PSmkxaktJRVl5MUYvUWh3bHZVUTllbXNPbzBUemtnbWpBbmlWRmRZb25KNFlBR2x0TXc2K2p1Y1VtMG1UQU9TRGZVSGRwaEJGUjE3bXd3LzRqZ05iLzRteWFNekdxRGpIYlFwYkJiNUs0U1hTVlJKNVlXekMrSlVUdFIvV0FNeWdOYnlESDc3MWhlY3hSQmdKSjJ2ZTcvYlBFOHhPQlV3ZHdDQ0tHcG5uOElCaDJ4K1hob29xSG85N0kvTWV3THhlQk9NL01VMFRjNDZpZEVXeUtUMXIyMlIveFpJUkk2WUdveEZaME9XWitGUi9WNTZVQW1FMG1DenhZU0ZmeXlZakVEMjZFT2NvOWxpZGlqVmlHNC8rWVVUYzMwRGVySHpIdURzKzFiRDl4TmM1TUp2VTBOUlJZUlAyV0ZVL2kvVk10L0NsbXNFYVZwT3NSU082dFNNa2prQ0ZsclZ4NTltbU1CVE5lR09Bck93V2J1Y3c9PQAAAQBAD9GxJeiZQonVdEVrn5+frA3tMD18Stcp3fiHVGVdXRzbHQd3N23tTXSyXlqQo0lB/dDt1A4iKh8/Wotp38mFkYq/W/HbJC3hYkJaOQwBPO0aelWYTi4hAxw7c8HSjLf2S4J0dK7LYRW9vfuaK/YrCr42fOGsZ3GX+9WcwbBWT6ONnaJa2dMQRnDsrmcE599LiEz++8GvICWhzfGxjcHk4lsEGmFBC1FajDQsGf/d7oCI3EiNodgSMHtP3u6DZCt8h036wn4gyv5XdH3YauUltsKDmYqGFfD/Udy4kmiKR5qExX4i/K+7q+p4TVJ3GHqgVwtdXGkKiq32qXEqktj6",
    "start_date_in_millis": 1642291200000
  }
}

接下来导入License请确保：

xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false

等更新完升级为白金后再开启配置。

然后加载License到ES中：

$ curl -XPUT -u elastic 'https://localhost:9200/_xpack/license' -H "Content-Type: application/json" -d @license.json
Enter host password for user 'elastic':           # 输入elastic用户密码
{"acknowledged":true,"license_status":"valid"}    # license写入成功

查看License：

$ curl -XGET -uelastic https://localhost:9200/_license
Enter host password for user 'elastic': 
{
  "license" : {
    "status" : "active",
    "uid" : "92c6b41e-59f9-4674-b227-77063c5fa8b0",
    "type" : "platinum",
    "issue_date" : "2019-11-29T00:00:00.000Z",
    "issue_date_in_millis" : 1558051200000,
    "expiry_date" : "2068-06-24T14:50:00.999Z",
    "expiry_date_in_millis" : 2524579200999,
    "max_nodes" : 1000,
    "issued_to" : "pyker",
    "issuer" : "Web Form",
    "start_date_in_millis" : 1558051200000
  }
}

最后，确保 elasticsearch 重启即可。

如本文对您有用，捐赠和留言 将是对我最好的支持~（捐赠可转为站内积分）
如愿意，请向朋友推荐本站，谢谢。

尊重他人劳动成果。转载请务必附上原文链接，我将感激不尽。

与《Elasticsearch 7.x 破解记录》相关的博文：

• RHEL 6.5 Elasticsearch max number of threads [1024] for user 解决办法
• Elasticsearch No search context found for id报错的解决思路
• new elasticsearch package pre-installation script subprocess returned error exit status 1解决方法
• Elasticsearch Unknown properties in plugin descriptor: [jvm, site, isolated] 解决办法
• ElasticSearch CPU和内存占用高的优化记录