From 6f2daa85e3c5da7cef095dd776bb91c9746a0dde Mon Sep 17 00:00:00 2001 From: Vega <603585402@qq.com> Date: Sat, 17 Aug 2019 08:48:56 +0800 Subject: [PATCH] Allow uppercase in keystore setting names (#45222) The elasticsearch keystore was originally backed by a PKCS#12 keystore, which had several limitations. To overcome some of these limitations in encoding, the setting names existing within the keystore were limited to lowercase alphanumberic (with underscore). Now that the keystore is backed by an encrypted blob, this restriction is no longer relevant. This commit relaxes that restriction by allowing uppercase ascii characters as well. closes #43835 --- .../elasticsearch/common/settings/KeyStoreWrapper.java | 2 +- .../common/settings/AddStringKeyStoreCommandTests.java | 8 ++++---- .../common/settings/KeyStoreWrapperTests.java | 6 +++--- .../org/elasticsearch/common/settings/SettingsTests.java | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java b/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java index 7ad69c1eebe..39d45e6e970 100644 --- a/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java +++ b/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java @@ -100,7 +100,7 @@ public class KeyStoreWrapper implements SecureSettings { /** * A regex for the valid characters that a setting name in the keystore may use. */ - private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[a-z0-9_\\-.]+"); + private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[A-Za-z0-9_\\-.]+"); public static final Setting SEED_SETTING = SecureSetting.secureString("keystore.seed", null); diff --git a/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java b/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java index be4fb90fc82..b5e6a31e148 100644 --- a/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java +++ b/server/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java @@ -23,7 +23,6 @@ import java.io.ByteArrayInputStream; import java.io.CharArrayWriter; import java.io.InputStream; import java.nio.charset.StandardCharsets; -import java.util.Locale; import java.util.Map; import org.elasticsearch.cli.Command; @@ -176,14 +175,15 @@ public class AddStringKeyStoreCommandTests extends KeyStoreCommandTestCase { assertThat(e.getMessage(), containsString("The setting name can not be null")); } - public void testUpperCaseInName() throws Exception { + public void testSpecialCharacterInName() throws Exception { createKeystore(""); terminal.addSecretInput("value"); - final String key = randomAlphaOfLength(4) + randomAlphaOfLength(1).toUpperCase(Locale.ROOT) + randomAlphaOfLength(4); + final String key = randomAlphaOfLength(4) + '@' + randomAlphaOfLength(4); final UserException e = expectThrows(UserException.class, () -> execute(key)); + final String exceptionString= "Setting name [" + key + "] does not match the allowed setting name pattern [[A-Za-z0-9_\\-.]+]"; assertThat( e, - hasToString(containsString("Setting name [" + key + "] does not match the allowed setting name pattern [[a-z0-9_\\-.]+]"))); + hasToString(containsString(exceptionString))); } void setInput(String inputStr) { diff --git a/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java b/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java index 7df1b2d6f75..5a1e3790a09 100644 --- a/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java +++ b/server/src/test/java/org/elasticsearch/common/settings/KeyStoreWrapperTests.java @@ -318,12 +318,12 @@ public class KeyStoreWrapperTests extends ESTestCase { } public void testIllegalSettingName() throws Exception { - IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("UpperCase")); + IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("*")); assertTrue(e.getMessage().contains("does not match the allowed setting name pattern")); KeyStoreWrapper keystore = KeyStoreWrapper.create(); - e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("UpperCase", new char[0])); + e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("*", new char[0])); assertTrue(e.getMessage().contains("does not match the allowed setting name pattern")); - e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("UpperCase", new byte[0])); + e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("*", new byte[0])); assertTrue(e.getMessage().contains("does not match the allowed setting name pattern")); } diff --git a/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java b/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java index 561883bb36c..71bacca70c7 100644 --- a/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java +++ b/server/src/test/java/org/elasticsearch/common/settings/SettingsTests.java @@ -498,10 +498,10 @@ public class SettingsTests extends ESTestCase { public void testSecureSettingIllegalName() { IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> - SecureSetting.secureString("UpperCaseSetting", null)); + SecureSetting.secureString("*IllegalName", null)); assertTrue(e.getMessage().contains("does not match the allowed setting name pattern")); e = expectThrows(IllegalArgumentException.class, () -> - SecureSetting.secureFile("UpperCaseSetting", null)); + SecureSetting.secureFile("*IllegalName", null)); assertTrue(e.getMessage().contains("does not match the allowed setting name pattern")); }