honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: only log if we actually loaded the system key 

This commit changes the logging to only log if we actually loaded the system key, otherwise
the message is misleading as the key file may not even exist but we output that it was
loaded.

Original commit: elastic/x-pack-elasticsearch@0af7953c64
This commit is contained in:
Jay Modi 2016-10-19 08:36:29 -04:00 committed by GitHub
parent 29e35267c3
commit 9ea1786596
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
elasticsearch/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoService.java
View File

@ -53,7 +53,6 @@ public class CryptoService extends AbstractComponent {
static final String DEFAULT_ENCRYPTION_ALGORITHM = "AES/CTR/NoPadding";
static final String DEFAULT_KEY_ALGORITH = "AES";
static final String ENCRYPTED_TEXT_PREFIX = "::es_encrypted::";
static final byte[] ENCRYPTED_BYTE_PREFIX = ENCRYPTED_TEXT_PREFIX.getBytes(StandardCharsets.UTF_8);
static final int DEFAULT_KEY_LENGTH = 128;
static final int RANDOM_KEY_SIZE = 128;
@ -105,8 +104,10 @@ public class CryptoService extends AbstractComponent {
} catch (NoSuchAlgorithmException nsae) {
throw new ElasticsearchException("failed to start crypto service. could not load encryption key", nsae);
}
if (systemKey != null) {
logger.info("system key [{}] has been loaded", keyFile.toAbsolutePath());
}
}
public static byte[] generateKey() {
return generateSecretKey(KEY_SIZE).getEncoded();