Allow uppercase in keystore setting names (#45222)
The elasticsearch keystore was originally backed by a PKCS#12 keystore, which had several limitations. To overcome some of these limitations in encoding, the setting names existing within the keystore were limited to lowercase alphanumberic (with underscore). Now that the keystore is backed by an encrypted blob, this restriction is no longer relevant. This commit relaxes that restriction by allowing uppercase ascii characters as well. closes #43835
This commit is contained in:
parent
200579bfce
commit
6f2daa85e3
|
@ -100,7 +100,7 @@ public class KeyStoreWrapper implements SecureSettings {
|
||||||
/**
|
/**
|
||||||
* A regex for the valid characters that a setting name in the keystore may use.
|
* A regex for the valid characters that a setting name in the keystore may use.
|
||||||
*/
|
*/
|
||||||
private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[a-z0-9_\\-.]+");
|
private static final Pattern ALLOWED_SETTING_NAME = Pattern.compile("[A-Za-z0-9_\\-.]+");
|
||||||
|
|
||||||
public static final Setting<SecureString> SEED_SETTING = SecureSetting.secureString("keystore.seed", null);
|
public static final Setting<SecureString> SEED_SETTING = SecureSetting.secureString("keystore.seed", null);
|
||||||
|
|
||||||
|
|
|
@ -23,7 +23,6 @@ import java.io.ByteArrayInputStream;
|
||||||
import java.io.CharArrayWriter;
|
import java.io.CharArrayWriter;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
import java.util.Locale;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.elasticsearch.cli.Command;
|
import org.elasticsearch.cli.Command;
|
||||||
|
@ -176,14 +175,15 @@ public class AddStringKeyStoreCommandTests extends KeyStoreCommandTestCase {
|
||||||
assertThat(e.getMessage(), containsString("The setting name can not be null"));
|
assertThat(e.getMessage(), containsString("The setting name can not be null"));
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testUpperCaseInName() throws Exception {
|
public void testSpecialCharacterInName() throws Exception {
|
||||||
createKeystore("");
|
createKeystore("");
|
||||||
terminal.addSecretInput("value");
|
terminal.addSecretInput("value");
|
||||||
final String key = randomAlphaOfLength(4) + randomAlphaOfLength(1).toUpperCase(Locale.ROOT) + randomAlphaOfLength(4);
|
final String key = randomAlphaOfLength(4) + '@' + randomAlphaOfLength(4);
|
||||||
final UserException e = expectThrows(UserException.class, () -> execute(key));
|
final UserException e = expectThrows(UserException.class, () -> execute(key));
|
||||||
|
final String exceptionString= "Setting name [" + key + "] does not match the allowed setting name pattern [[A-Za-z0-9_\\-.]+]";
|
||||||
assertThat(
|
assertThat(
|
||||||
e,
|
e,
|
||||||
hasToString(containsString("Setting name [" + key + "] does not match the allowed setting name pattern [[a-z0-9_\\-.]+]")));
|
hasToString(containsString(exceptionString)));
|
||||||
}
|
}
|
||||||
|
|
||||||
void setInput(String inputStr) {
|
void setInput(String inputStr) {
|
||||||
|
|
|
@ -318,12 +318,12 @@ public class KeyStoreWrapperTests extends ESTestCase {
|
||||||
}
|
}
|
||||||
|
|
||||||
public void testIllegalSettingName() throws Exception {
|
public void testIllegalSettingName() throws Exception {
|
||||||
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("UpperCase"));
|
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> KeyStoreWrapper.validateSettingName("*"));
|
||||||
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
||||||
KeyStoreWrapper keystore = KeyStoreWrapper.create();
|
KeyStoreWrapper keystore = KeyStoreWrapper.create();
|
||||||
e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("UpperCase", new char[0]));
|
e = expectThrows(IllegalArgumentException.class, () -> keystore.setString("*", new char[0]));
|
||||||
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
||||||
e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("UpperCase", new byte[0]));
|
e = expectThrows(IllegalArgumentException.class, () -> keystore.setFile("*", new byte[0]));
|
||||||
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -498,10 +498,10 @@ public class SettingsTests extends ESTestCase {
|
||||||
|
|
||||||
public void testSecureSettingIllegalName() {
|
public void testSecureSettingIllegalName() {
|
||||||
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () ->
|
IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () ->
|
||||||
SecureSetting.secureString("UpperCaseSetting", null));
|
SecureSetting.secureString("*IllegalName", null));
|
||||||
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
||||||
e = expectThrows(IllegalArgumentException.class, () ->
|
e = expectThrows(IllegalArgumentException.class, () ->
|
||||||
SecureSetting.secureFile("UpperCaseSetting", null));
|
SecureSetting.secureFile("*IllegalName", null));
|
||||||
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
assertTrue(e.getMessage().contains("does not match the allowed setting name pattern"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue