Allow uppercase in keystore setting names (#45222)

The elasticsearch keystore was originally backed by a PKCS#12 keystore, which had several limitations. To overcome some of these limitations in encoding, the setting names existing within the keystore were limited to lowercase alphanumberic (with underscore). Now that the keystore is backed by an encrypted blob, this restriction is no longer relevant. This commit relaxes that restriction by allowing uppercase ascii characters as well. closes #43835
2019-08-17 08:48:56 +08:00 · 2019-08-17 08:48:56 +08:00 · 6f2daa85e3
parent 200579bfce
commit 6f2daa85e3
4 changed files with 10 additions and 10 deletions
--- a/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java
+++ b/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java
@ -100,7 +100,7 @@ public class KeyStoreWrapper implements SecureSettings {
    /**
     * A regex for the valid characters that a setting name in the keystore may use.
     */
-    private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[a-z0-9_\\-.]+");
+    private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[A-Za-z0-9_\\-.]+");

    public static final Setting<SecureString> SEED_SETTING = SecureSetting.secureString("keystore.seed", null);

--- a/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java
+++ b/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java
@ -23,7 +23,6 @@ import java.io.ByteArrayInputStream;
 import java.io.CharArrayWriter;
 import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
-import java.util.Locale;
 import java.util.Map;

 import org.elasticsearch.cli.Command;
@ -176,14 +175,15 @@ public class AddStringKeyStoreCommandTests extends KeyStoreCommandTestCase {
        assertThat(e.getMessage(), containsString("The setting name can not be null"));
    }

-    public void testUpperCaseInName() throws Exception {
+    public void testSpecialCharacterInName() throws Exception {
        createKeystore("");
        terminal.addSecretInput("value");
-        final String key = randomAlphaOfLength(4) + randomAlphaOfLength(1).toUpperCase(Locale.ROOT) + randomAlphaOfLength(4);
+        final String key = randomAlphaOfLength(4) + '@' + randomAlphaOfLength(4);
        final UserException e = expectThrows(UserException.class, () -> execute(key));
+        final String exceptionString= "Setting name [" + key + "] does not match the allowed setting name pattern [[A-Za-z0-9_\\-.]+]";
        assertThat(
                e,
-                hasToString(containsString("Setting name [" + key + "] does not match the allowed setting name pattern [[a-z0-9_\\-.]+]")));
+                hasToString(containsString(exceptionString)));
    }

    void setInput(String inputStr) {
--- a/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java
+++ b/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java
@ -318,12 +318,12 @@ public class KeyStoreWrapperTests extends ESTestCase {
    }

    public void testIllegalSettingName() throws Exception {
-        IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("UpperCase"));
+        IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("*"));
        assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
        KeyStoreWrapper keystore = KeyStoreWrapper.create();
-        e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("UpperCase", new char[0]));
+        e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("*", new char[0]));
        assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
-        e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("UpperCase", new byte[0]));
+        e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("*", new byte[0]));
        assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
    }

--- a/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java
+++ b/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java
@ -498,10 +498,10 @@ public class SettingsTests extends ESTestCase {

    public void testSecureSettingIllegalName() {
        IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () ->
-            SecureSetting.secureString("UpperCaseSetting", null));
+            SecureSetting.secureString("*IllegalName", null));
        assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
        e = expectThrows(IllegalArgumentException.class, () ->
-            SecureSetting.secureFile("UpperCaseSetting", null));
+            SecureSetting.secureFile("*IllegalName", null));
        assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
    }