[Cleanup] - renamed KeyService/KeyModule to SignatureService/SignatureModule
Also moved to appropriate package Original commit: elastic/x-pack-elasticsearch@cb373314b8
This commit is contained in:
uboness
parent
22eea8aba0
commit
b31beb1e36
|
|
@ -12,7 +12,7 @@ import org.elasticsearch.shield.action.ShieldActionModule;
|
|||
import org.elasticsearch.shield.audit.AuditTrailModule;
|
||||
import org.elasticsearch.shield.authc.AuthenticationModule;
|
||||
import org.elasticsearch.shield.authz.AuthorizationModule;
|
||||
import org.elasticsearch.shield.key.KeyModule;
|
||||
import org.elasticsearch.shield.signature.SignatureModule;
|
||||
import org.elasticsearch.shield.rest.ShieldRestModule;
|
||||
import org.elasticsearch.shield.ssl.SSLModule;
|
||||
import org.elasticsearch.shield.support.AbstractShieldModule;
|
||||
|
|
@ -51,7 +51,7 @@ public class ShieldModule extends AbstractShieldModule.Spawn {
|
|||
new ShieldRestModule(settings),
|
||||
new ShieldActionModule(settings),
|
||||
new SecuredTransportModule(settings),
|
||||
new KeyModule(settings),
|
||||
new SignatureModule(settings),
|
||||
new SSLModule(settings));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -19,8 +19,8 @@ import org.elasticsearch.shield.audit.AuditTrail;
|
|||
import org.elasticsearch.shield.authc.AuthenticationService;
|
||||
import org.elasticsearch.shield.authz.AuthorizationException;
|
||||
import org.elasticsearch.shield.authz.AuthorizationService;
|
||||
import org.elasticsearch.shield.key.KeyService;
|
||||
import org.elasticsearch.shield.key.SignatureException;
|
||||
import org.elasticsearch.shield.signature.SignatureService;
|
||||
import org.elasticsearch.shield.signature.SignatureException;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
|
@ -32,14 +32,14 @@ public class ShieldActionFilter implements ActionFilter {
|
|||
|
||||
private final AuthenticationService authcService;
|
||||
private final AuthorizationService authzService;
|
||||
private final KeyService keyService;
|
||||
private final SignatureService signatureService;
|
||||
private final AuditTrail auditTrail;
|
||||
|
||||
@Inject
|
||||
public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, KeyService keyService, AuditTrail auditTrail) {
|
||||
public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, SignatureService signatureService, AuditTrail auditTrail) {
|
||||
this.authcService = authcService;
|
||||
this.authzService = authzService;
|
||||
this.keyService = keyService;
|
||||
this.signatureService = signatureService;
|
||||
this.auditTrail = auditTrail;
|
||||
}
|
||||
|
||||
|
|
@ -82,7 +82,7 @@ public class ShieldActionFilter implements ActionFilter {
|
|||
if (request instanceof SearchScrollRequest) {
|
||||
SearchScrollRequest scrollRequest = (SearchScrollRequest) request;
|
||||
String scrollId = scrollRequest.scrollId();
|
||||
scrollRequest.scrollId(keyService.unsignAndVerify(scrollId));
|
||||
scrollRequest.scrollId(signatureService.unsignAndVerify(scrollId));
|
||||
return request;
|
||||
}
|
||||
|
||||
|
|
@ -91,7 +91,7 @@ public class ShieldActionFilter implements ActionFilter {
|
|||
List<String> signedIds = clearScrollRequest.scrollIds();
|
||||
List<String> unsignedIds = new ArrayList<>(signedIds.size());
|
||||
for (String signedId : signedIds) {
|
||||
unsignedIds.add(keyService.unsignAndVerify(signedId));
|
||||
unsignedIds.add(signatureService.unsignAndVerify(signedId));
|
||||
}
|
||||
clearScrollRequest.scrollIds(unsignedIds);
|
||||
return request;
|
||||
|
|
@ -110,8 +110,8 @@ public class ShieldActionFilter implements ActionFilter {
|
|||
if (response instanceof SearchResponse) {
|
||||
SearchResponse searchResponse = (SearchResponse) response;
|
||||
String scrollId = searchResponse.getScrollId();
|
||||
if (scrollId != null && !keyService.signed(scrollId)) {
|
||||
searchResponse.scrollId(keyService.sign(scrollId));
|
||||
if (scrollId != null && !signatureService.signed(scrollId)) {
|
||||
searchResponse.scrollId(signatureService.sign(scrollId));
|
||||
}
|
||||
return response;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.shield.User;
|
||||
import org.elasticsearch.shield.audit.AuditTrail;
|
||||
import org.elasticsearch.shield.key.KeyService;
|
||||
import org.elasticsearch.shield.signature.SignatureService;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
|
||||
import java.io.IOException;
|
||||
|
|
@ -32,15 +32,15 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
|
||||
private final Realm[] realms;
|
||||
private final AuditTrail auditTrail;
|
||||
private final KeyService keyService;
|
||||
private final SignatureService signatureService;
|
||||
private final boolean signUserHeader;
|
||||
|
||||
@Inject
|
||||
public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, KeyService keyService) {
|
||||
public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, SignatureService signatureService) {
|
||||
super(settings);
|
||||
this.realms = realms.realms();
|
||||
this.auditTrail = auditTrail;
|
||||
this.keyService = keyService;
|
||||
this.signatureService = signatureService;
|
||||
this.signUserHeader = componentSettings.getAsBoolean("sign_user_header", true);
|
||||
}
|
||||
|
||||
|
|
@ -68,13 +68,13 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
String header = (String) message.getHeader(USER_KEY);
|
||||
if (header != null) {
|
||||
if (signUserHeader) {
|
||||
header = keyService.unsignAndVerify(header);
|
||||
header = signatureService.unsignAndVerify(header);
|
||||
}
|
||||
user = decodeUser(header);
|
||||
}
|
||||
if (user == null) {
|
||||
user = authenticateWithRealms(action, message, fallbackUser);
|
||||
header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
|
||||
header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
|
||||
message.putHeader(USER_KEY, header);
|
||||
}
|
||||
message.putInContext(USER_KEY, user);
|
||||
|
|
@ -89,7 +89,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
|
|||
}
|
||||
if (header == null) {
|
||||
message.putInContext(USER_KEY, user);
|
||||
header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
|
||||
header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
|
||||
message.putHeader(USER_KEY, header);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key;
|
||||
package org.elasticsearch.shield.signature;
|
||||
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.elasticsearch.ElasticsearchException;
|
||||
|
|
@ -32,7 +32,7 @@ import java.util.regex.Pattern;
|
|||
/**
|
||||
*
|
||||
*/
|
||||
public class InternalKeyService extends AbstractComponent implements KeyService {
|
||||
public class InternalSignatureService extends AbstractComponent implements SignatureService {
|
||||
|
||||
public static final String FILE_SETTING = "shield.system_key.file";
|
||||
public static final String KEY_ALGO = "HmacSHA512";
|
||||
|
|
@ -48,11 +48,11 @@ public class InternalKeyService extends AbstractComponent implements KeyService
|
|||
private volatile SecretKey key;
|
||||
|
||||
@Inject
|
||||
public InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService) {
|
||||
public InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService) {
|
||||
this(settings, env, watcherService, Listener.NOOP);
|
||||
}
|
||||
|
||||
InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
|
||||
InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
|
||||
super(settings);
|
||||
keyFile = resolveFile(settings, env);
|
||||
key = readKey(keyFile);
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key;
|
||||
package org.elasticsearch.shield.signature;
|
||||
|
||||
import org.elasticsearch.shield.authz.AuthorizationException;
|
||||
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key;
|
||||
package org.elasticsearch.shield.signature;
|
||||
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.shield.support.AbstractShieldModule;
|
||||
|
|
@ -11,14 +11,14 @@ import org.elasticsearch.shield.support.AbstractShieldModule;
|
|||
/**
|
||||
*
|
||||
*/
|
||||
public class KeyModule extends AbstractShieldModule.Node {
|
||||
public class SignatureModule extends AbstractShieldModule.Node {
|
||||
|
||||
public KeyModule(Settings settings) {
|
||||
public SignatureModule(Settings settings) {
|
||||
super(settings);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configureNode() {
|
||||
bind(KeyService.class).to(InternalKeyService.class).asEagerSingleton();
|
||||
bind(SignatureService.class).to(InternalSignatureService.class).asEagerSingleton();
|
||||
}
|
||||
}
|
||||
|
|
@ -3,12 +3,12 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key;
|
||||
package org.elasticsearch.shield.signature;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public interface KeyService {
|
||||
public interface SignatureService {
|
||||
|
||||
/**
|
||||
* Signs the given text and returns the signed text (original text + signature)
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key.tool;
|
||||
package org.elasticsearch.shield.signature.tool;
|
||||
|
||||
import org.elasticsearch.common.cli.CliTool;
|
||||
import org.elasticsearch.common.cli.CliToolConfig;
|
||||
|
|
@ -11,7 +11,7 @@ import org.elasticsearch.common.cli.Terminal;
|
|||
import org.elasticsearch.common.cli.commons.CommandLine;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.shield.key.InternalKeyService;
|
||||
import org.elasticsearch.shield.signature.InternalSignatureService;
|
||||
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
|
|
@ -68,10 +68,10 @@ public class SystemKeyTool extends CliTool {
|
|||
public ExitStatus execute(Settings settings, Environment env) throws Exception {
|
||||
Path path = this.path;
|
||||
if (path == null) {
|
||||
path = InternalKeyService.resolveFile(settings, env);
|
||||
path = InternalSignatureService.resolveFile(settings, env);
|
||||
}
|
||||
terminal.println(Terminal.Verbosity.VERBOSE, "generating...");
|
||||
byte[] key = InternalKeyService.generateKey();
|
||||
byte[] key = InternalSignatureService.generateKey();
|
||||
terminal.println("Storing generated key in [%s]", path.toAbsolutePath());
|
||||
Files.write(path, key, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
|
||||
return ExitStatus.OK;
|
||||
|
|
@ -12,8 +12,8 @@ import org.elasticsearch.common.settings.ImmutableSettings;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.unit.TimeValue;
|
||||
import org.elasticsearch.shield.authz.AuthorizationException;
|
||||
import org.elasticsearch.shield.key.InternalKeyService;
|
||||
import org.elasticsearch.shield.key.KeyService;
|
||||
import org.elasticsearch.shield.signature.InternalSignatureService;
|
||||
import org.elasticsearch.shield.signature.SignatureService;
|
||||
import org.elasticsearch.shield.test.ShieldIntegrationTest;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
|
@ -29,19 +29,19 @@ import static org.hamcrest.Matchers.notNullValue;
|
|||
*/
|
||||
public class ScrollIdSigningTests extends ShieldIntegrationTest {
|
||||
|
||||
private KeyService keyService;
|
||||
private SignatureService signatureService;
|
||||
|
||||
@Override
|
||||
protected Settings nodeSettings(int nodeOrdinal) {
|
||||
return ImmutableSettings.builder()
|
||||
.put(super.nodeSettings(nodeOrdinal))
|
||||
.put(InternalKeyService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey()))
|
||||
.put(InternalSignatureService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey()))
|
||||
.build();
|
||||
}
|
||||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
keyService = internalCluster().getInstance(KeyService.class);
|
||||
signatureService = internalCluster().getInstance(SignatureService.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -124,12 +124,12 @@ public class ScrollIdSigningTests extends ShieldIntegrationTest {
|
|||
}
|
||||
|
||||
private void assertSigned(String scrollId) {
|
||||
assertThat(keyService.signed(scrollId), is(true));
|
||||
assertThat(signatureService.signed(scrollId), is(true));
|
||||
}
|
||||
|
||||
private static byte[] generateKey() {
|
||||
try {
|
||||
return InternalKeyService.generateKey();
|
||||
return InternalSignatureService.generateKey();
|
||||
} catch (Exception e) {
|
||||
fail("failed to generate key");
|
||||
return null;
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ import org.elasticsearch.shield.audit.AuditTrail;
|
|||
import org.elasticsearch.shield.authc.AuthenticationService;
|
||||
import org.elasticsearch.shield.authz.AuthorizationException;
|
||||
import org.elasticsearch.shield.authz.AuthorizationService;
|
||||
import org.elasticsearch.shield.key.KeyService;
|
||||
import org.elasticsearch.shield.key.SignatureException;
|
||||
import org.elasticsearch.shield.signature.SignatureService;
|
||||
import org.elasticsearch.shield.signature.SignatureException;
|
||||
import org.elasticsearch.test.ElasticsearchTestCase;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
|
@ -32,7 +32,7 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
|
|||
|
||||
private AuthenticationService authcService;
|
||||
private AuthorizationService authzService;
|
||||
private KeyService keyService;
|
||||
private SignatureService signatureService;
|
||||
private AuditTrail auditTrail;
|
||||
private ShieldActionFilter filter;
|
||||
|
||||
|
|
@ -40,9 +40,9 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
|
|||
public void init() throws Exception {
|
||||
authcService = mock(AuthenticationService.class);
|
||||
authzService = mock(AuthorizationService.class);
|
||||
keyService = mock(KeyService.class);
|
||||
signatureService = mock(SignatureService.class);
|
||||
auditTrail = mock(AuditTrail.class);
|
||||
filter = new ShieldActionFilter(authcService, authzService, keyService, auditTrail);
|
||||
filter = new ShieldActionFilter(authcService, authzService, signatureService, auditTrail);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -79,8 +79,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
|
|||
ActionFilterChain chain = mock(ActionFilterChain.class);
|
||||
User user = mock(User.class);
|
||||
when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user);
|
||||
when(keyService.signed("signed_scroll_id")).thenReturn(true);
|
||||
when(keyService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id");
|
||||
when(signatureService.signed("signed_scroll_id")).thenReturn(true);
|
||||
when(signatureService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id");
|
||||
filter.apply("_action", request, listener, chain);
|
||||
assertThat(request.scrollId(), equalTo("scroll_id"));
|
||||
verify(authzService).authorize(user, "_action", request);
|
||||
|
|
@ -95,8 +95,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
|
|||
SignatureException sigException = new SignatureException("bad bad boy");
|
||||
User user = mock(User.class);
|
||||
when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user);
|
||||
when(keyService.signed("scroll_id")).thenReturn(true);
|
||||
doThrow(sigException).when(keyService).unsignAndVerify("scroll_id");
|
||||
when(signatureService.signed("scroll_id")).thenReturn(true);
|
||||
doThrow(sigException).when(signatureService).unsignAndVerify("scroll_id");
|
||||
filter.apply("_action", request, listener, chain);
|
||||
verify(listener).onFailure(isA(AuthorizationException.class));
|
||||
verify(auditTrail).tamperedRequest(user, "_action", request);
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ import org.elasticsearch.common.settings.Settings;
|
|||
import org.elasticsearch.rest.RestRequest;
|
||||
import org.elasticsearch.shield.User;
|
||||
import org.elasticsearch.shield.audit.AuditTrail;
|
||||
import org.elasticsearch.shield.key.KeyService;
|
||||
import org.elasticsearch.shield.signature.SignatureService;
|
||||
import org.elasticsearch.test.ElasticsearchTestCase;
|
||||
import org.elasticsearch.transport.TransportMessage;
|
||||
import org.junit.Before;
|
||||
|
|
@ -44,7 +44,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
Realm secondRealm;
|
||||
AuditTrail auditTrail;
|
||||
AuthenticationToken token;
|
||||
KeyService keyService;
|
||||
SignatureService signatureService;
|
||||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
|
|
@ -57,10 +57,10 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(secondRealm.type()).thenReturn("second");
|
||||
realms = mock(Realms.class);
|
||||
when(realms.realms()).thenReturn(new Realm[] {firstRealm, secondRealm});
|
||||
keyService = mock(KeyService.class);
|
||||
signatureService = mock(SignatureService.class);
|
||||
|
||||
auditTrail = mock(AuditTrail.class);
|
||||
service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, keyService);
|
||||
service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, signatureService);
|
||||
}
|
||||
|
||||
@Test @SuppressWarnings("unchecked")
|
||||
|
|
@ -106,7 +106,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
service = spy(service);
|
||||
doReturn(token).when(service).token("_action", message);
|
||||
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
|
||||
|
||||
User result = service.authenticate("_action", message, null);
|
||||
assertThat(result, notNullValue());
|
||||
|
|
@ -127,7 +127,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
service = spy(service);
|
||||
doReturn(token).when(service).token("_action", message);
|
||||
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
|
||||
|
||||
User result = service.authenticate("_action", message, null);
|
||||
assertThat(result, notNullValue());
|
||||
|
|
@ -149,7 +149,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
verifyZeroInteractions(auditTrail);
|
||||
verifyZeroInteractions(firstRealm);
|
||||
verifyZeroInteractions(secondRealm);
|
||||
verifyZeroInteractions(keyService);
|
||||
verifyZeroInteractions(signatureService);
|
||||
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), notNullValue());
|
||||
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), is((Object) user));
|
||||
}
|
||||
|
|
@ -190,7 +190,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(firstRealm.token(message)).thenReturn(token);
|
||||
when(firstRealm.supports(token)).thenReturn(true);
|
||||
when(firstRealm.authenticate(token)).thenReturn(user);
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
service = spy(service);
|
||||
doReturn(token).when(service).token("_action", message);
|
||||
User result = service.authenticate("_action", message, null);
|
||||
|
|
@ -232,7 +232,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(firstRealm.token(message)).thenReturn(null);
|
||||
when(secondRealm.token(message)).thenReturn(null);
|
||||
User.Simple user1 = new User.Simple("username", "r1", "r2");
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
User user2 = service.authenticate("_action", message, user1);
|
||||
assertThat(user1, sameInstance(user2));
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
|
||||
|
|
@ -245,7 +245,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(firstRealm.token(message)).thenReturn(token);
|
||||
when(firstRealm.supports(token)).thenReturn(true);
|
||||
when(firstRealm.authenticate(token)).thenReturn(user1);
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
User user2 = service.authenticate("_action", message, null);
|
||||
assertThat(user1, sameInstance(user2));
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
|
||||
|
|
@ -258,7 +258,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(firstRealm.token(message)).thenReturn(token);
|
||||
when(firstRealm.supports(token)).thenReturn(true);
|
||||
when(firstRealm.authenticate(token)).thenReturn(user1);
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
User user2 = service.authenticate("_action", message, User.SYSTEM);
|
||||
assertThat(user1, sameInstance(user2));
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
|
||||
|
|
@ -282,7 +282,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
when(firstRealm.token(message)).thenReturn(token);
|
||||
when(firstRealm.supports(token)).thenReturn(true);
|
||||
when(firstRealm.authenticate(token)).thenReturn(user1);
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
|
||||
User user2 = service.authenticate("_action", message, User.SYSTEM);
|
||||
assertThat(user1, sameInstance(user2));
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
|
||||
|
|
@ -300,7 +300,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
|
||||
// checking authentication from the user header
|
||||
message1.putHeader(InternalAuthenticationService.USER_KEY, message.getHeader(InternalAuthenticationService.USER_KEY));
|
||||
when(keyService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null));
|
||||
when(signatureService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null));
|
||||
BytesStreamOutput output = new BytesStreamOutput();
|
||||
message1.writeTo(output);
|
||||
BytesStreamInput input = new BytesStreamInput(output.bytes());
|
||||
|
|
@ -314,7 +314,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
@Test
|
||||
public void testAutheticate_Transport_ContextAndHeader_NoSigning() throws Exception {
|
||||
Settings settings = ImmutableSettings.builder().put("shield.authc.sign_user_header", false).build();
|
||||
service = new InternalAuthenticationService(settings, realms, auditTrail, keyService);
|
||||
service = new InternalAuthenticationService(settings, realms, auditTrail, signatureService);
|
||||
|
||||
User user1 = new User.Simple("username", "r1", "r2");
|
||||
when(firstRealm.token(message)).thenReturn(token);
|
||||
|
|
@ -346,7 +346,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
assertThat(user, equalTo(user1));
|
||||
verifyZeroInteractions(firstRealm);
|
||||
|
||||
verifyZeroInteractions(keyService);
|
||||
verifyZeroInteractions(signatureService);
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -354,7 +354,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
User user = new User.Simple("username", "r1", "r2");
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue());
|
||||
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue());
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
service.attachUserHeaderIfMissing(message, user);
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
|
||||
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
|
||||
|
|
@ -363,7 +363,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
|
|||
message = new InternalMessage();
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue());
|
||||
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue());
|
||||
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
|
||||
service.attachUserHeaderIfMissing(message, user);
|
||||
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
|
||||
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key;
|
||||
package org.elasticsearch.shield.signature;
|
||||
|
||||
import org.elasticsearch.common.io.Streams;
|
||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||
|
|
@ -26,7 +26,7 @@ import static org.hamcrest.Matchers.is;
|
|||
/**
|
||||
*
|
||||
*/
|
||||
public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
||||
public class InternalSignatureServiceTests extends ElasticsearchTestCase {
|
||||
|
||||
private ResourceWatcherService watcherService;
|
||||
private Settings settings;
|
||||
|
|
@ -37,7 +37,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
@Before
|
||||
public void init() throws Exception {
|
||||
keyFile = new File(newTempDir(), "system_key");
|
||||
Streams.copy(InternalKeyService.generateKey(), keyFile);
|
||||
Streams.copy(InternalSignatureService.generateKey(), keyFile);
|
||||
settings = ImmutableSettings.builder()
|
||||
.put("shield.system_key.file", keyFile.getAbsolutePath())
|
||||
.put("watcher.interval.high", "2s")
|
||||
|
|
@ -55,7 +55,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
|
||||
@Test
|
||||
public void testSigned() throws Exception {
|
||||
InternalKeyService service = new InternalKeyService(settings, env, watcherService);
|
||||
InternalSignatureService service = new InternalSignatureService(settings, env, watcherService);
|
||||
String text = randomAsciiOfLength(10);
|
||||
String signed = service.sign(text);
|
||||
assertThat(service.signed(signed), is(true));
|
||||
|
|
@ -63,7 +63,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
|
||||
@Test
|
||||
public void testSignAndUnsign() throws Exception {
|
||||
InternalKeyService service = new InternalKeyService(settings, env, watcherService);
|
||||
InternalSignatureService service = new InternalSignatureService(settings, env, watcherService);
|
||||
String text = randomAsciiOfLength(10);
|
||||
String signed = service.sign(text);
|
||||
assertThat(text.equals(signed), is(false));
|
||||
|
|
@ -73,7 +73,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
|
||||
@Test
|
||||
public void testSignAndUnsign_NoKeyFile() throws Exception {
|
||||
InternalKeyService service = new InternalKeyService(ImmutableSettings.EMPTY, env, watcherService);
|
||||
InternalSignatureService service = new InternalSignatureService(ImmutableSettings.EMPTY, env, watcherService);
|
||||
String text = randomAsciiOfLength(10);
|
||||
String signed = service.sign(text);
|
||||
assertThat(text, equalTo(signed));
|
||||
|
|
@ -84,7 +84,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
@Test
|
||||
public void testReloadKey() throws Exception {
|
||||
final CountDownLatch latch = new CountDownLatch(1);
|
||||
InternalKeyService service = new InternalKeyService(settings, env, watcherService, new InternalKeyService.Listener() {
|
||||
InternalSignatureService service = new InternalSignatureService(settings, env, watcherService, new InternalSignatureService.Listener() {
|
||||
@Override
|
||||
public void onKeyRefresh() {
|
||||
latch.countDown();
|
||||
|
|
@ -98,7 +98,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
|
|||
// and so the resource watcher will pick up the change.
|
||||
sleep(1000);
|
||||
|
||||
Streams.copy(InternalKeyService.generateKey(), keyFile);
|
||||
Streams.copy(InternalSignatureService.generateKey(), keyFile);
|
||||
if (!latch.await(10, TimeUnit.SECONDS)) {
|
||||
fail("waiting too long for test to complete. Expected callback is not called");
|
||||
}
|
||||
|
|
@ -3,7 +3,7 @@
|
|||
* or more contributor license agreements. Licensed under the Elastic License;
|
||||
* you may not use this file except in compliance with the Elastic License.
|
||||
*/
|
||||
package org.elasticsearch.shield.key.tool;
|
||||
package org.elasticsearch.shield.signature.tool;
|
||||
|
||||
import org.elasticsearch.common.cli.CliTool;
|
||||
import org.elasticsearch.common.cli.CliToolTestCase;
|
||||
|
|
@ -12,7 +12,7 @@ import org.elasticsearch.common.io.Streams;
|
|||
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.shield.key.InternalKeyService;
|
||||
import org.elasticsearch.shield.signature.InternalSignatureService;
|
||||
import org.elasticsearch.shield.ShieldPlugin;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
|
@ -21,7 +21,7 @@ import java.io.File;
|
|||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
|
||||
import static org.elasticsearch.shield.key.tool.SystemKeyTool.Generate;
|
||||
import static org.elasticsearch.shield.signature.tool.SystemKeyTool.Generate;
|
||||
import static org.hamcrest.Matchers.*;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
|
@ -64,7 +64,7 @@ public class SystemKeyToolTests extends CliToolTestCase {
|
|||
CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env);
|
||||
assertThat(status, is(CliTool.ExitStatus.OK));
|
||||
byte[] bytes = Streams.copyToByteArray(path.toFile());
|
||||
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8));
|
||||
assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -77,7 +77,7 @@ public class SystemKeyToolTests extends CliToolTestCase {
|
|||
CliTool.ExitStatus status = generate.execute(settings, env);
|
||||
assertThat(status, is(CliTool.ExitStatus.OK));
|
||||
byte[] bytes = Streams.copyToByteArray(path.toFile());
|
||||
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8));
|
||||
assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
@ -91,6 +91,6 @@ public class SystemKeyToolTests extends CliToolTestCase {
|
|||
CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env);
|
||||
assertThat(status, is(CliTool.ExitStatus.OK));
|
||||
byte[] bytes = Streams.copyToByteArray(path.toFile());
|
||||
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8));
|
||||
assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
|
||||
}
|
||||
}
|
||||
|
|
@ -17,7 +17,7 @@ import org.elasticsearch.common.settings.ImmutableSettings;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.plugins.PluginsService;
|
||||
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
||||
import org.elasticsearch.shield.key.InternalKeyService;
|
||||
import org.elasticsearch.shield.signature.InternalSignatureService;
|
||||
import org.elasticsearch.shield.ShieldPlugin;
|
||||
import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
|
||||
import org.elasticsearch.test.rest.ElasticsearchRestTests;
|
||||
|
|
@ -76,7 +76,7 @@ public class ShieldRestTests extends ElasticsearchRestTests {
|
|||
if (enabled) {
|
||||
final byte[] key;
|
||||
try {
|
||||
key = InternalKeyService.generateKey();
|
||||
key = InternalSignatureService.generateKey();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
|
@ -99,7 +99,7 @@ public class ShieldRestTests extends ElasticsearchRestTests {
|
|||
String keyFile = writeFile(folder, "system_key", key);
|
||||
|
||||
ImmutableSettings.Builder builder = ImmutableSettings.builder()
|
||||
.put(InternalKeyService.FILE_SETTING, keyFile)
|
||||
.put(InternalSignatureService.FILE_SETTING, keyFile)
|
||||
.put("request.headers.Authorization", basicAuthHeaderValue(DEFAULT_USER_NAME, SecuredStringTests.build(DEFAULT_PASSWORD)))
|
||||
.put("discovery.zen.ping.multicast.enabled", false)
|
||||
.put("discovery.type", "zen")
|
||||
|
|
|
|||
Loading…
Reference in New Issue