diff --git a/src/main/java/org/elasticsearch/shield/ShieldModule.java b/src/main/java/org/elasticsearch/shield/ShieldModule.java index a82085f3474..04df2eb6228 100644 --- a/src/main/java/org/elasticsearch/shield/ShieldModule.java +++ b/src/main/java/org/elasticsearch/shield/ShieldModule.java @@ -12,7 +12,7 @@ import org.elasticsearch.shield.action.ShieldActionModule; import org.elasticsearch.shield.audit.AuditTrailModule; import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.shield.authz.AuthorizationModule; -import org.elasticsearch.shield.key.KeyModule; +import org.elasticsearch.shield.signature.SignatureModule; import org.elasticsearch.shield.rest.ShieldRestModule; import org.elasticsearch.shield.ssl.SSLModule; import org.elasticsearch.shield.support.AbstractShieldModule; @@ -51,7 +51,7 @@ public class ShieldModule extends AbstractShieldModule.Spawn { new ShieldRestModule(settings), new ShieldActionModule(settings), new SecuredTransportModule(settings), - new KeyModule(settings), + new SignatureModule(settings), new SSLModule(settings)); } diff --git a/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java b/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java index a92a53038e9..d72a3b7c86e 100644 --- a/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java +++ b/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java @@ -19,8 +19,8 @@ import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationService; -import org.elasticsearch.shield.key.KeyService; -import org.elasticsearch.shield.key.SignatureException; +import org.elasticsearch.shield.signature.SignatureService; +import org.elasticsearch.shield.signature.SignatureException; import java.util.ArrayList; import java.util.List; @@ -32,14 +32,14 @@ public class ShieldActionFilter implements ActionFilter { private final AuthenticationService authcService; private final AuthorizationService authzService; - private final KeyService keyService; + private final SignatureService signatureService; private final AuditTrail auditTrail; @Inject - public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, KeyService keyService, AuditTrail auditTrail) { + public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, SignatureService signatureService, AuditTrail auditTrail) { this.authcService = authcService; this.authzService = authzService; - this.keyService = keyService; + this.signatureService = signatureService; this.auditTrail = auditTrail; } @@ -82,7 +82,7 @@ public class ShieldActionFilter implements ActionFilter { if (request instanceof SearchScrollRequest) { SearchScrollRequest scrollRequest = (SearchScrollRequest) request; String scrollId = scrollRequest.scrollId(); - scrollRequest.scrollId(keyService.unsignAndVerify(scrollId)); + scrollRequest.scrollId(signatureService.unsignAndVerify(scrollId)); return request; } @@ -91,7 +91,7 @@ public class ShieldActionFilter implements ActionFilter { List signedIds = clearScrollRequest.scrollIds(); List unsignedIds = new ArrayList<>(signedIds.size()); for (String signedId : signedIds) { - unsignedIds.add(keyService.unsignAndVerify(signedId)); + unsignedIds.add(signatureService.unsignAndVerify(signedId)); } clearScrollRequest.scrollIds(unsignedIds); return request; @@ -110,8 +110,8 @@ public class ShieldActionFilter implements ActionFilter { if (response instanceof SearchResponse) { SearchResponse searchResponse = (SearchResponse) response; String scrollId = searchResponse.getScrollId(); - if (scrollId != null && !keyService.signed(scrollId)) { - searchResponse.scrollId(keyService.sign(scrollId)); + if (scrollId != null && !signatureService.signed(scrollId)) { + searchResponse.scrollId(signatureService.sign(scrollId)); } return response; } diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java index 3560f7979a7..70c8350dc37 100644 --- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java +++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java @@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.shield.User; import org.elasticsearch.shield.audit.AuditTrail; -import org.elasticsearch.shield.key.KeyService; +import org.elasticsearch.shield.signature.SignatureService; import org.elasticsearch.transport.TransportMessage; import java.io.IOException; @@ -32,15 +32,15 @@ public class InternalAuthenticationService extends AbstractComponent implements private final Realm[] realms; private final AuditTrail auditTrail; - private final KeyService keyService; + private final SignatureService signatureService; private final boolean signUserHeader; @Inject - public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, KeyService keyService) { + public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, SignatureService signatureService) { super(settings); this.realms = realms.realms(); this.auditTrail = auditTrail; - this.keyService = keyService; + this.signatureService = signatureService; this.signUserHeader = componentSettings.getAsBoolean("sign_user_header", true); } @@ -68,13 +68,13 @@ public class InternalAuthenticationService extends AbstractComponent implements String header = (String) message.getHeader(USER_KEY); if (header != null) { if (signUserHeader) { - header = keyService.unsignAndVerify(header); + header = signatureService.unsignAndVerify(header); } user = decodeUser(header); } if (user == null) { user = authenticateWithRealms(action, message, fallbackUser); - header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger); + header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger); message.putHeader(USER_KEY, header); } message.putInContext(USER_KEY, user); @@ -89,7 +89,7 @@ public class InternalAuthenticationService extends AbstractComponent implements } if (header == null) { message.putInContext(USER_KEY, user); - header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger); + header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger); message.putHeader(USER_KEY, header); } } diff --git a/src/main/java/org/elasticsearch/shield/key/InternalKeyService.java b/src/main/java/org/elasticsearch/shield/signature/InternalSignatureService.java similarity index 94% rename from src/main/java/org/elasticsearch/shield/key/InternalKeyService.java rename to src/main/java/org/elasticsearch/shield/signature/InternalSignatureService.java index 4064cb3ea23..24e48067abf 100644 --- a/src/main/java/org/elasticsearch/shield/key/InternalKeyService.java +++ b/src/main/java/org/elasticsearch/shield/signature/InternalSignatureService.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key; +package org.elasticsearch.shield.signature; import org.apache.commons.codec.binary.Base64; import org.elasticsearch.ElasticsearchException; @@ -32,7 +32,7 @@ import java.util.regex.Pattern; /** * */ -public class InternalKeyService extends AbstractComponent implements KeyService { +public class InternalSignatureService extends AbstractComponent implements SignatureService { public static final String FILE_SETTING = "shield.system_key.file"; public static final String KEY_ALGO = "HmacSHA512"; @@ -48,11 +48,11 @@ public class InternalKeyService extends AbstractComponent implements KeyService private volatile SecretKey key; @Inject - public InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService) { + public InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService) { this(settings, env, watcherService, Listener.NOOP); } - InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) { + InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) { super(settings); keyFile = resolveFile(settings, env); key = readKey(keyFile); diff --git a/src/main/java/org/elasticsearch/shield/key/SignatureException.java b/src/main/java/org/elasticsearch/shield/signature/SignatureException.java similarity index 92% rename from src/main/java/org/elasticsearch/shield/key/SignatureException.java rename to src/main/java/org/elasticsearch/shield/signature/SignatureException.java index 5853625d0da..f2391302f21 100644 --- a/src/main/java/org/elasticsearch/shield/key/SignatureException.java +++ b/src/main/java/org/elasticsearch/shield/signature/SignatureException.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key; +package org.elasticsearch.shield.signature; import org.elasticsearch.shield.authz.AuthorizationException; diff --git a/src/main/java/org/elasticsearch/shield/key/KeyModule.java b/src/main/java/org/elasticsearch/shield/signature/SignatureModule.java similarity index 64% rename from src/main/java/org/elasticsearch/shield/key/KeyModule.java rename to src/main/java/org/elasticsearch/shield/signature/SignatureModule.java index 89a6486d99a..e2af912852b 100644 --- a/src/main/java/org/elasticsearch/shield/key/KeyModule.java +++ b/src/main/java/org/elasticsearch/shield/signature/SignatureModule.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key; +package org.elasticsearch.shield.signature; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.support.AbstractShieldModule; @@ -11,14 +11,14 @@ import org.elasticsearch.shield.support.AbstractShieldModule; /** * */ -public class KeyModule extends AbstractShieldModule.Node { +public class SignatureModule extends AbstractShieldModule.Node { - public KeyModule(Settings settings) { + public SignatureModule(Settings settings) { super(settings); } @Override protected void configureNode() { - bind(KeyService.class).to(InternalKeyService.class).asEagerSingleton(); + bind(SignatureService.class).to(InternalSignatureService.class).asEagerSingleton(); } } diff --git a/src/main/java/org/elasticsearch/shield/key/KeyService.java b/src/main/java/org/elasticsearch/shield/signature/SignatureService.java similarity index 90% rename from src/main/java/org/elasticsearch/shield/key/KeyService.java rename to src/main/java/org/elasticsearch/shield/signature/SignatureService.java index 8dc3fa7f7d4..4c6e1764f2b 100644 --- a/src/main/java/org/elasticsearch/shield/key/KeyService.java +++ b/src/main/java/org/elasticsearch/shield/signature/SignatureService.java @@ -3,12 +3,12 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key; +package org.elasticsearch.shield.signature; /** * */ -public interface KeyService { +public interface SignatureService { /** * Signs the given text and returns the signed text (original text + signature) diff --git a/src/main/java/org/elasticsearch/shield/key/tool/SystemKeyTool.java b/src/main/java/org/elasticsearch/shield/signature/tool/SystemKeyTool.java similarity index 90% rename from src/main/java/org/elasticsearch/shield/key/tool/SystemKeyTool.java rename to src/main/java/org/elasticsearch/shield/signature/tool/SystemKeyTool.java index e7847cf491d..334036094d3 100644 --- a/src/main/java/org/elasticsearch/shield/key/tool/SystemKeyTool.java +++ b/src/main/java/org/elasticsearch/shield/signature/tool/SystemKeyTool.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key.tool; +package org.elasticsearch.shield.signature.tool; import org.elasticsearch.common.cli.CliTool; import org.elasticsearch.common.cli.CliToolConfig; @@ -11,7 +11,7 @@ import org.elasticsearch.common.cli.Terminal; import org.elasticsearch.common.cli.commons.CommandLine; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.key.InternalKeyService; +import org.elasticsearch.shield.signature.InternalSignatureService; import java.nio.file.Files; import java.nio.file.Path; @@ -68,10 +68,10 @@ public class SystemKeyTool extends CliTool { public ExitStatus execute(Settings settings, Environment env) throws Exception { Path path = this.path; if (path == null) { - path = InternalKeyService.resolveFile(settings, env); + path = InternalSignatureService.resolveFile(settings, env); } terminal.println(Terminal.Verbosity.VERBOSE, "generating..."); - byte[] key = InternalKeyService.generateKey(); + byte[] key = InternalSignatureService.generateKey(); terminal.println("Storing generated key in [%s]", path.toAbsolutePath()); Files.write(path, key, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); return ExitStatus.OK; diff --git a/src/main/resources/org/elasticsearch/shield/key/tool/syskey-generate.help b/src/main/resources/org/elasticsearch/shield/signature/tool/syskey-generate.help similarity index 100% rename from src/main/resources/org/elasticsearch/shield/key/tool/syskey-generate.help rename to src/main/resources/org/elasticsearch/shield/signature/tool/syskey-generate.help diff --git a/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java b/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java index 94d8d0a0641..065e8f3f435 100644 --- a/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java +++ b/src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java @@ -12,8 +12,8 @@ import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.shield.authz.AuthorizationException; -import org.elasticsearch.shield.key.InternalKeyService; -import org.elasticsearch.shield.key.KeyService; +import org.elasticsearch.shield.signature.InternalSignatureService; +import org.elasticsearch.shield.signature.SignatureService; import org.elasticsearch.shield.test.ShieldIntegrationTest; import org.junit.Before; import org.junit.Test; @@ -29,19 +29,19 @@ import static org.hamcrest.Matchers.notNullValue; */ public class ScrollIdSigningTests extends ShieldIntegrationTest { - private KeyService keyService; + private SignatureService signatureService; @Override protected Settings nodeSettings(int nodeOrdinal) { return ImmutableSettings.builder() .put(super.nodeSettings(nodeOrdinal)) - .put(InternalKeyService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey())) + .put(InternalSignatureService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey())) .build(); } @Before public void init() throws Exception { - keyService = internalCluster().getInstance(KeyService.class); + signatureService = internalCluster().getInstance(SignatureService.class); } @Test @@ -124,12 +124,12 @@ public class ScrollIdSigningTests extends ShieldIntegrationTest { } private void assertSigned(String scrollId) { - assertThat(keyService.signed(scrollId), is(true)); + assertThat(signatureService.signed(scrollId), is(true)); } private static byte[] generateKey() { try { - return InternalKeyService.generateKey(); + return InternalSignatureService.generateKey(); } catch (Exception e) { fail("failed to generate key"); return null; diff --git a/src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java b/src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java index 4a7fb065e81..d450742fb48 100644 --- a/src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java +++ b/src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java @@ -14,8 +14,8 @@ import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationService; -import org.elasticsearch.shield.key.KeyService; -import org.elasticsearch.shield.key.SignatureException; +import org.elasticsearch.shield.signature.SignatureService; +import org.elasticsearch.shield.signature.SignatureException; import org.elasticsearch.test.ElasticsearchTestCase; import org.junit.Before; import org.junit.Test; @@ -32,7 +32,7 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase { private AuthenticationService authcService; private AuthorizationService authzService; - private KeyService keyService; + private SignatureService signatureService; private AuditTrail auditTrail; private ShieldActionFilter filter; @@ -40,9 +40,9 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase { public void init() throws Exception { authcService = mock(AuthenticationService.class); authzService = mock(AuthorizationService.class); - keyService = mock(KeyService.class); + signatureService = mock(SignatureService.class); auditTrail = mock(AuditTrail.class); - filter = new ShieldActionFilter(authcService, authzService, keyService, auditTrail); + filter = new ShieldActionFilter(authcService, authzService, signatureService, auditTrail); } @Test @@ -79,8 +79,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase { ActionFilterChain chain = mock(ActionFilterChain.class); User user = mock(User.class); when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user); - when(keyService.signed("signed_scroll_id")).thenReturn(true); - when(keyService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id"); + when(signatureService.signed("signed_scroll_id")).thenReturn(true); + when(signatureService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id"); filter.apply("_action", request, listener, chain); assertThat(request.scrollId(), equalTo("scroll_id")); verify(authzService).authorize(user, "_action", request); @@ -95,8 +95,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase { SignatureException sigException = new SignatureException("bad bad boy"); User user = mock(User.class); when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user); - when(keyService.signed("scroll_id")).thenReturn(true); - doThrow(sigException).when(keyService).unsignAndVerify("scroll_id"); + when(signatureService.signed("scroll_id")).thenReturn(true); + doThrow(sigException).when(signatureService).unsignAndVerify("scroll_id"); filter.apply("_action", request, listener, chain); verify(listener).onFailure(isA(AuthorizationException.class)); verify(auditTrail).tamperedRequest(user, "_action", request); diff --git a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java index 5cb2229bcaa..3c80aa9e016 100644 --- a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java +++ b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java @@ -14,7 +14,7 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.shield.User; import org.elasticsearch.shield.audit.AuditTrail; -import org.elasticsearch.shield.key.KeyService; +import org.elasticsearch.shield.signature.SignatureService; import org.elasticsearch.test.ElasticsearchTestCase; import org.elasticsearch.transport.TransportMessage; import org.junit.Before; @@ -44,7 +44,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { Realm secondRealm; AuditTrail auditTrail; AuthenticationToken token; - KeyService keyService; + SignatureService signatureService; @Before public void init() throws Exception { @@ -57,10 +57,10 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(secondRealm.type()).thenReturn("second"); realms = mock(Realms.class); when(realms.realms()).thenReturn(new Realm[] {firstRealm, secondRealm}); - keyService = mock(KeyService.class); + signatureService = mock(SignatureService.class); auditTrail = mock(AuditTrail.class); - service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, keyService); + service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, signatureService); } @Test @SuppressWarnings("unchecked") @@ -106,7 +106,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { service = spy(service); doReturn(token).when(service).token("_action", message); - when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); User result = service.authenticate("_action", message, null); assertThat(result, notNullValue()); @@ -127,7 +127,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { service = spy(service); doReturn(token).when(service).token("_action", message); - when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); User result = service.authenticate("_action", message, null); assertThat(result, notNullValue()); @@ -149,7 +149,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { verifyZeroInteractions(auditTrail); verifyZeroInteractions(firstRealm); verifyZeroInteractions(secondRealm); - verifyZeroInteractions(keyService); + verifyZeroInteractions(signatureService); assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), notNullValue()); assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), is((Object) user)); } @@ -190,7 +190,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(firstRealm.token(message)).thenReturn(token); when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.authenticate(token)).thenReturn(user); - when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); service = spy(service); doReturn(token).when(service).token("_action", message); User result = service.authenticate("_action", message, null); @@ -232,7 +232,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(firstRealm.token(message)).thenReturn(null); when(secondRealm.token(message)).thenReturn(null); User.Simple user1 = new User.Simple("username", "r1", "r2"); - when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); User user2 = service.authenticate("_action", message, user1); assertThat(user1, sameInstance(user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); @@ -245,7 +245,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(firstRealm.token(message)).thenReturn(token); when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.authenticate(token)).thenReturn(user1); - when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); User user2 = service.authenticate("_action", message, null); assertThat(user1, sameInstance(user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); @@ -258,7 +258,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(firstRealm.token(message)).thenReturn(token); when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.authenticate(token)).thenReturn(user1); - when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); User user2 = service.authenticate("_action", message, User.SYSTEM); assertThat(user1, sameInstance(user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); @@ -282,7 +282,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { when(firstRealm.token(message)).thenReturn(token); when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.authenticate(token)).thenReturn(user1); - when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); User user2 = service.authenticate("_action", message, User.SYSTEM); assertThat(user1, sameInstance(user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); @@ -300,7 +300,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { // checking authentication from the user header message1.putHeader(InternalAuthenticationService.USER_KEY, message.getHeader(InternalAuthenticationService.USER_KEY)); - when(keyService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null)); + when(signatureService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null)); BytesStreamOutput output = new BytesStreamOutput(); message1.writeTo(output); BytesStreamInput input = new BytesStreamInput(output.bytes()); @@ -314,7 +314,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { @Test public void testAutheticate_Transport_ContextAndHeader_NoSigning() throws Exception { Settings settings = ImmutableSettings.builder().put("shield.authc.sign_user_header", false).build(); - service = new InternalAuthenticationService(settings, realms, auditTrail, keyService); + service = new InternalAuthenticationService(settings, realms, auditTrail, signatureService); User user1 = new User.Simple("username", "r1", "r2"); when(firstRealm.token(message)).thenReturn(token); @@ -346,7 +346,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { assertThat(user, equalTo(user1)); verifyZeroInteractions(firstRealm); - verifyZeroInteractions(keyService); + verifyZeroInteractions(signatureService); } @Test @@ -354,7 +354,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { User user = new User.Simple("username", "r1", "r2"); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue()); - when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); service.attachUserHeaderIfMissing(message, user); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user)); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user")); @@ -363,7 +363,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase { message = new InternalMessage(); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue()); - when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); + when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); service.attachUserHeaderIfMissing(message, user); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user)); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user")); diff --git a/src/test/java/org/elasticsearch/shield/key/InternalKeyServiceTests.java b/src/test/java/org/elasticsearch/shield/signature/InternalSignatureServiceTests.java similarity index 81% rename from src/test/java/org/elasticsearch/shield/key/InternalKeyServiceTests.java rename to src/test/java/org/elasticsearch/shield/signature/InternalSignatureServiceTests.java index 5afab558044..4f9620c86a2 100644 --- a/src/test/java/org/elasticsearch/shield/key/InternalKeyServiceTests.java +++ b/src/test/java/org/elasticsearch/shield/signature/InternalSignatureServiceTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key; +package org.elasticsearch.shield.signature; import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.ImmutableSettings; @@ -26,7 +26,7 @@ import static org.hamcrest.Matchers.is; /** * */ -public class InternalKeyServiceTests extends ElasticsearchTestCase { +public class InternalSignatureServiceTests extends ElasticsearchTestCase { private ResourceWatcherService watcherService; private Settings settings; @@ -37,7 +37,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { @Before public void init() throws Exception { keyFile = new File(newTempDir(), "system_key"); - Streams.copy(InternalKeyService.generateKey(), keyFile); + Streams.copy(InternalSignatureService.generateKey(), keyFile); settings = ImmutableSettings.builder() .put("shield.system_key.file", keyFile.getAbsolutePath()) .put("watcher.interval.high", "2s") @@ -55,7 +55,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { @Test public void testSigned() throws Exception { - InternalKeyService service = new InternalKeyService(settings, env, watcherService); + InternalSignatureService service = new InternalSignatureService(settings, env, watcherService); String text = randomAsciiOfLength(10); String signed = service.sign(text); assertThat(service.signed(signed), is(true)); @@ -63,7 +63,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { @Test public void testSignAndUnsign() throws Exception { - InternalKeyService service = new InternalKeyService(settings, env, watcherService); + InternalSignatureService service = new InternalSignatureService(settings, env, watcherService); String text = randomAsciiOfLength(10); String signed = service.sign(text); assertThat(text.equals(signed), is(false)); @@ -73,7 +73,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { @Test public void testSignAndUnsign_NoKeyFile() throws Exception { - InternalKeyService service = new InternalKeyService(ImmutableSettings.EMPTY, env, watcherService); + InternalSignatureService service = new InternalSignatureService(ImmutableSettings.EMPTY, env, watcherService); String text = randomAsciiOfLength(10); String signed = service.sign(text); assertThat(text, equalTo(signed)); @@ -84,7 +84,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { @Test public void testReloadKey() throws Exception { final CountDownLatch latch = new CountDownLatch(1); - InternalKeyService service = new InternalKeyService(settings, env, watcherService, new InternalKeyService.Listener() { + InternalSignatureService service = new InternalSignatureService(settings, env, watcherService, new InternalSignatureService.Listener() { @Override public void onKeyRefresh() { latch.countDown(); @@ -98,7 +98,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase { // and so the resource watcher will pick up the change. sleep(1000); - Streams.copy(InternalKeyService.generateKey(), keyFile); + Streams.copy(InternalSignatureService.generateKey(), keyFile); if (!latch.await(10, TimeUnit.SECONDS)) { fail("waiting too long for test to complete. Expected callback is not called"); } diff --git a/src/test/java/org/elasticsearch/shield/key/tool/SystemKeyToolTests.java b/src/test/java/org/elasticsearch/shield/signature/tool/SystemKeyToolTests.java similarity index 88% rename from src/test/java/org/elasticsearch/shield/key/tool/SystemKeyToolTests.java rename to src/test/java/org/elasticsearch/shield/signature/tool/SystemKeyToolTests.java index 8d126b12b50..88108cb59bb 100644 --- a/src/test/java/org/elasticsearch/shield/key/tool/SystemKeyToolTests.java +++ b/src/test/java/org/elasticsearch/shield/signature/tool/SystemKeyToolTests.java @@ -3,7 +3,7 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ -package org.elasticsearch.shield.key.tool; +package org.elasticsearch.shield.signature.tool; import org.elasticsearch.common.cli.CliTool; import org.elasticsearch.common.cli.CliToolTestCase; @@ -12,7 +12,7 @@ import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.env.Environment; -import org.elasticsearch.shield.key.InternalKeyService; +import org.elasticsearch.shield.signature.InternalSignatureService; import org.elasticsearch.shield.ShieldPlugin; import org.junit.Before; import org.junit.Test; @@ -21,7 +21,7 @@ import java.io.File; import java.nio.file.Files; import java.nio.file.Path; -import static org.elasticsearch.shield.key.tool.SystemKeyTool.Generate; +import static org.elasticsearch.shield.signature.tool.SystemKeyTool.Generate; import static org.hamcrest.Matchers.*; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -64,7 +64,7 @@ public class SystemKeyToolTests extends CliToolTestCase { CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env); assertThat(status, is(CliTool.ExitStatus.OK)); byte[] bytes = Streams.copyToByteArray(path.toFile()); - assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); + assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8)); } @Test @@ -77,7 +77,7 @@ public class SystemKeyToolTests extends CliToolTestCase { CliTool.ExitStatus status = generate.execute(settings, env); assertThat(status, is(CliTool.ExitStatus.OK)); byte[] bytes = Streams.copyToByteArray(path.toFile()); - assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); + assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8)); } @Test @@ -91,6 +91,6 @@ public class SystemKeyToolTests extends CliToolTestCase { CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env); assertThat(status, is(CliTool.ExitStatus.OK)); byte[] bytes = Streams.copyToByteArray(path.toFile()); - assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); + assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8)); } } diff --git a/src/test/java/org/elasticsearch/test/ShieldRestTests.java b/src/test/java/org/elasticsearch/test/ShieldRestTests.java index fcf1ea2a9e5..a5465e31331 100644 --- a/src/test/java/org/elasticsearch/test/ShieldRestTests.java +++ b/src/test/java/org/elasticsearch/test/ShieldRestTests.java @@ -17,7 +17,7 @@ import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.plugins.PluginsService; import org.elasticsearch.shield.authc.support.SecuredStringTests; -import org.elasticsearch.shield.key.InternalKeyService; +import org.elasticsearch.shield.signature.InternalSignatureService; import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.transport.netty.NettySecuredTransport; import org.elasticsearch.test.rest.ElasticsearchRestTests; @@ -76,7 +76,7 @@ public class ShieldRestTests extends ElasticsearchRestTests { if (enabled) { final byte[] key; try { - key = InternalKeyService.generateKey(); + key = InternalSignatureService.generateKey(); } catch (Exception e) { throw new RuntimeException(e); } @@ -99,7 +99,7 @@ public class ShieldRestTests extends ElasticsearchRestTests { String keyFile = writeFile(folder, "system_key", key); ImmutableSettings.Builder builder = ImmutableSettings.builder() - .put(InternalKeyService.FILE_SETTING, keyFile) + .put(InternalSignatureService.FILE_SETTING, keyFile) .put("request.headers.Authorization", basicAuthHeaderValue(DEFAULT_USER_NAME, SecuredStringTests.build(DEFAULT_PASSWORD))) .put("discovery.zen.ping.multicast.enabled", false) .put("discovery.type", "zen")