honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Internal: return better error message in SecurityFilter and InternalKeyService & share signing code 

Closes elastic/elasticsearch#89

Original commit: elastic/x-pack-elasticsearch@a1dcd9c5aa
This commit is contained in:
javanna 2014-09-26 08:48:17 +02:00 committed by Luca Cavanna
parent 402749e12b
commit a57eae4f1f
2 changed files with 14 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/java/org/elasticsearch/shield/SecurityFilter.java
View File

@ -89,7 +89,7 @@ public class SecurityFilter extends AbstractComponent {
} catch (SignatureException se) {
auditTrail.tamperedRequest(user, action, request);
throw new AuthorizationException("Invalid request");
throw new AuthorizationException("Invalid request: " + se.getMessage());
}
}

27
src/main/java/org/elasticsearch/shield/key/InternalKeyService.java
View File

@ -93,9 +93,7 @@ public class InternalKeyService extends AbstractComponent implements KeyService
if (key == null) {
return text;
}
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
String sigStr = Base64.encodeBase64URLSafeString(sig);
String sigStr = signInternal(text);
return "$$" + sigStr.length() + "$$" + sigStr + text;
}
@ -111,23 +109,20 @@ public class InternalKeyService extends AbstractComponent implements KeyService
}
try {
// $$34$$sigtext
int i = signedText.indexOf("$$", 2);
int length = Integer.parseInt(signedText.substring(2, i));
String sigStr = signedText.substring(i + 2, i + 2 + length);
String text = signedText.substring(i + 2 + length);
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
if (!Base64.encodeBase64URLSafeString(sig).equals(sigStr)) {
throw new SignatureException("tampered signed text");
String sig = signInternal(text);
if (!sig.equals(sigStr)) {
throw new SignatureException("the signed texts don't match");
}
return text;
} catch (SignatureException e) {
throw e;
} catch (Throwable t) {
throw new SignatureException("tampered signed text");
throw new SignatureException("error while verifying the signed text", t);
}
}
@ -146,6 +141,12 @@ public class InternalKeyService extends AbstractComponent implements KeyService
}
}
private String signInternal(String text) {
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
return Base64.encodeBase64URLSafeString(sig);
}
private class FileListener extends FileChangesListener {
private final Listener listener;
@ -188,7 +189,5 @@ public class InternalKeyService extends AbstractComponent implements KeyService
};
void onKeyRefresh();
}
}