honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Cleanup] - renamed KeyService/KeyModule to SignatureService/SignatureModule 

Also moved to appropriate package

Original commit: elastic/x-pack-elasticsearch@cb373314b8
This commit is contained in:
uboness 2014-11-22 21:46:13 +01:00
parent 22eea8aba0
commit b31beb1e36
15 changed files with 83 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/org/elasticsearch/shield/ShieldModule.java
View File

@ -12,7 +12,7 @@ import org.elasticsearch.shield.action.ShieldActionModule;
import org.elasticsearch.shield.audit.AuditTrailModule; import org.elasticsearch.shield.audit.AuditTrailModule;
import org.elasticsearch.shield.authc.AuthenticationModule; import org.elasticsearch.shield.authc.AuthenticationModule;
import org.elasticsearch.shield.authz.AuthorizationModule; import org.elasticsearch.shield.authz.AuthorizationModule;
import org.elasticsearch.shield.key.KeyModule; import org.elasticsearch.shield.signature.SignatureModule;
import org.elasticsearch.shield.rest.ShieldRestModule; import org.elasticsearch.shield.rest.ShieldRestModule;
import org.elasticsearch.shield.ssl.SSLModule; import org.elasticsearch.shield.ssl.SSLModule;
import org.elasticsearch.shield.support.AbstractShieldModule; import org.elasticsearch.shield.support.AbstractShieldModule;
@ -51,7 +51,7 @@ public class ShieldModule extends AbstractShieldModule.Spawn {
new ShieldRestModule(settings), new ShieldRestModule(settings),
new ShieldActionModule(settings), new ShieldActionModule(settings),
new SecuredTransportModule(settings), new SecuredTransportModule(settings),
new KeyModule(settings), new SignatureModule(settings),
new SSLModule(settings)); new SSLModule(settings));
} }

18
src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java
View File

@ -19,8 +19,8 @@ import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationException;
import org.elasticsearch.shield.authz.AuthorizationService; import org.elasticsearch.shield.authz.AuthorizationService;
import org.elasticsearch.shield.key.KeyService; import org.elasticsearch.shield.signature.SignatureService;
import org.elasticsearch.shield.key.SignatureException; import org.elasticsearch.shield.signature.SignatureException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -32,14 +32,14 @@ public class ShieldActionFilter implements ActionFilter {
private final AuthenticationService authcService; private final AuthenticationService authcService;
private final AuthorizationService authzService; private final AuthorizationService authzService;
private final KeyService keyService; private final SignatureService signatureService;
private final AuditTrail auditTrail; private final AuditTrail auditTrail;
@Inject @Inject
public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, KeyService keyService, AuditTrail auditTrail) { public ShieldActionFilter(AuthenticationService authcService, AuthorizationService authzService, SignatureService signatureService, AuditTrail auditTrail) {
this.authcService = authcService; this.authcService = authcService;
this.authzService = authzService; this.authzService = authzService;
this.keyService = keyService; this.signatureService = signatureService;
this.auditTrail = auditTrail; this.auditTrail = auditTrail;
} }
@ -82,7 +82,7 @@ public class ShieldActionFilter implements ActionFilter {
if (request instanceof SearchScrollRequest) { if (request instanceof SearchScrollRequest) {
SearchScrollRequest scrollRequest = (SearchScrollRequest) request; SearchScrollRequest scrollRequest = (SearchScrollRequest) request;
String scrollId = scrollRequest.scrollId(); String scrollId = scrollRequest.scrollId();
scrollRequest.scrollId(keyService.unsignAndVerify(scrollId)); scrollRequest.scrollId(signatureService.unsignAndVerify(scrollId));
return request; return request;
} }
@ -91,7 +91,7 @@ public class ShieldActionFilter implements ActionFilter {
List<String> signedIds = clearScrollRequest.scrollIds(); List<String> signedIds = clearScrollRequest.scrollIds();
List<String> unsignedIds = new ArrayList<>(signedIds.size()); List<String> unsignedIds = new ArrayList<>(signedIds.size());
for (String signedId : signedIds) { for (String signedId : signedIds) {
unsignedIds.add(keyService.unsignAndVerify(signedId)); unsignedIds.add(signatureService.unsignAndVerify(signedId));
} }
clearScrollRequest.scrollIds(unsignedIds); clearScrollRequest.scrollIds(unsignedIds);
return request; return request;
@ -110,8 +110,8 @@ public class ShieldActionFilter implements ActionFilter {
if (response instanceof SearchResponse) { if (response instanceof SearchResponse) {
SearchResponse searchResponse = (SearchResponse) response; SearchResponse searchResponse = (SearchResponse) response;
String scrollId = searchResponse.getScrollId(); String scrollId = searchResponse.getScrollId();
if (scrollId != null && !keyService.signed(scrollId)) { if (scrollId != null && !signatureService.signed(scrollId)) {
searchResponse.scrollId(keyService.sign(scrollId)); searchResponse.scrollId(signatureService.sign(scrollId));
} }
return response; return response;
} }

14
src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
View File

@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.key.KeyService; import org.elasticsearch.shield.signature.SignatureService;
import org.elasticsearch.transport.TransportMessage; import org.elasticsearch.transport.TransportMessage;
import java.io.IOException; import java.io.IOException;
@ -32,15 +32,15 @@ public class InternalAuthenticationService extends AbstractComponent implements
private final Realm[] realms; private final Realm[] realms;
private final AuditTrail auditTrail; private final AuditTrail auditTrail;
private final KeyService keyService; private final SignatureService signatureService;
private final boolean signUserHeader; private final boolean signUserHeader;
@Inject @Inject
public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, KeyService keyService) { public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, SignatureService signatureService) {
super(settings); super(settings);
this.realms = realms.realms(); this.realms = realms.realms();
this.auditTrail = auditTrail; this.auditTrail = auditTrail;
this.keyService = keyService; this.signatureService = signatureService;
this.signUserHeader = componentSettings.getAsBoolean("sign_user_header", true); this.signUserHeader = componentSettings.getAsBoolean("sign_user_header", true);
} }
@ -68,13 +68,13 @@ public class InternalAuthenticationService extends AbstractComponent implements
String header = (String) message.getHeader(USER_KEY); String header = (String) message.getHeader(USER_KEY);
if (header != null) { if (header != null) {
if (signUserHeader) { if (signUserHeader) {
header = keyService.unsignAndVerify(header); header = signatureService.unsignAndVerify(header);
} }
user = decodeUser(header); user = decodeUser(header);
} }
if (user == null) { if (user == null) {
user = authenticateWithRealms(action, message, fallbackUser); user = authenticateWithRealms(action, message, fallbackUser);
header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger); header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
message.putHeader(USER_KEY, header); message.putHeader(USER_KEY, header);
} }
message.putInContext(USER_KEY, user); message.putInContext(USER_KEY, user);
@ -89,7 +89,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
} }
if (header == null) { if (header == null) {
message.putInContext(USER_KEY, user); message.putInContext(USER_KEY, user);
header = signUserHeader ? keyService.sign(encodeUser(user, logger)) : encodeUser(user, logger); header = signUserHeader ? signatureService.sign(encodeUser(user, logger)) : encodeUser(user, logger);
message.putHeader(USER_KEY, header); message.putHeader(USER_KEY, header);
} }
} }

8
src/main/java/org/elasticsearch/shield/key/InternalKeyService.java → src/main/java/org/elasticsearch/shield/signature/InternalSignatureService.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key; package org.elasticsearch.shield.signature;
import org.apache.commons.codec.binary.Base64; import org.apache.commons.codec.binary.Base64;
import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchException;
@ -32,7 +32,7 @@ import java.util.regex.Pattern;
/** /**
* *
*/ */
public class InternalKeyService extends AbstractComponent implements KeyService { public class InternalSignatureService extends AbstractComponent implements SignatureService {
public static final String FILE_SETTING = "shield.system_key.file"; public static final String FILE_SETTING = "shield.system_key.file";
public static final String KEY_ALGO = "HmacSHA512"; public static final String KEY_ALGO = "HmacSHA512";
@ -48,11 +48,11 @@ public class InternalKeyService extends AbstractComponent implements KeyService
private volatile SecretKey key; private volatile SecretKey key;
@Inject @Inject
public InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService) { public InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService) {
this(settings, env, watcherService, Listener.NOOP); this(settings, env, watcherService, Listener.NOOP);
} }
InternalKeyService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) { InternalSignatureService(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
super(settings); super(settings);
keyFile = resolveFile(settings, env); keyFile = resolveFile(settings, env);
key = readKey(keyFile); key = readKey(keyFile);

2
src/main/java/org/elasticsearch/shield/key/SignatureException.java → src/main/java/org/elasticsearch/shield/signature/SignatureException.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key; package org.elasticsearch.shield.signature;
import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationException;

8
src/main/java/org/elasticsearch/shield/key/KeyModule.java → src/main/java/org/elasticsearch/shield/signature/SignatureModule.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key; package org.elasticsearch.shield.signature;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.support.AbstractShieldModule; import org.elasticsearch.shield.support.AbstractShieldModule;
@ -11,14 +11,14 @@ import org.elasticsearch.shield.support.AbstractShieldModule;
/** /**
* *
*/ */
public class KeyModule extends AbstractShieldModule.Node { public class SignatureModule extends AbstractShieldModule.Node {
public KeyModule(Settings settings) { public SignatureModule(Settings settings) {
super(settings); super(settings);
} }
@Override @Override
protected void configureNode() { protected void configureNode() {
bind(KeyService.class).to(InternalKeyService.class).asEagerSingleton(); bind(SignatureService.class).to(InternalSignatureService.class).asEagerSingleton();
} }
} }

4
src/main/java/org/elasticsearch/shield/key/KeyService.java → src/main/java/org/elasticsearch/shield/signature/SignatureService.java
View File

@ -3,12 +3,12 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key; package org.elasticsearch.shield.signature;
/** /**
* *
*/ */
public interface KeyService { public interface SignatureService {
/** /**
* Signs the given text and returns the signed text (original text + signature) * Signs the given text and returns the signed text (original text + signature)

8
src/main/java/org/elasticsearch/shield/key/tool/SystemKeyTool.java → src/main/java/org/elasticsearch/shield/signature/tool/SystemKeyTool.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key.tool; package org.elasticsearch.shield.signature.tool;
import org.elasticsearch.common.cli.CliTool; import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolConfig; import org.elasticsearch.common.cli.CliToolConfig;
@ -11,7 +11,7 @@ import org.elasticsearch.common.cli.Terminal;
import org.elasticsearch.common.cli.commons.CommandLine; import org.elasticsearch.common.cli.commons.CommandLine;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.key.InternalKeyService; import org.elasticsearch.shield.signature.InternalSignatureService;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
@ -68,10 +68,10 @@ public class SystemKeyTool extends CliTool {
public ExitStatus execute(Settings settings, Environment env) throws Exception { public ExitStatus execute(Settings settings, Environment env) throws Exception {
Path path = this.path; Path path = this.path;
if (path == null) { if (path == null) {
path = InternalKeyService.resolveFile(settings, env); path = InternalSignatureService.resolveFile(settings, env);
} }
terminal.println(Terminal.Verbosity.VERBOSE, "generating..."); terminal.println(Terminal.Verbosity.VERBOSE, "generating...");
byte[] key = InternalKeyService.generateKey(); byte[] key = InternalSignatureService.generateKey();
terminal.println("Storing generated key in [%s]", path.toAbsolutePath()); terminal.println("Storing generated key in [%s]", path.toAbsolutePath());
Files.write(path, key, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING); Files.write(path, key, StandardOpenOption.CREATE, StandardOpenOption.TRUNCATE_EXISTING);
return ExitStatus.OK; return ExitStatus.OK;

0
src/main/resources/org/elasticsearch/shield/key/tool/syskey-generate.help → src/main/resources/org/elasticsearch/shield/signature/tool/syskey-generate.help
View File

14
src/test/java/org/elasticsearch/integration/ScrollIdSigningTests.java
View File

@ -12,8 +12,8 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationException;
import org.elasticsearch.shield.key.InternalKeyService; import org.elasticsearch.shield.signature.InternalSignatureService;
import org.elasticsearch.shield.key.KeyService; import org.elasticsearch.shield.signature.SignatureService;
import org.elasticsearch.shield.test.ShieldIntegrationTest; import org.elasticsearch.shield.test.ShieldIntegrationTest;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -29,19 +29,19 @@ import static org.hamcrest.Matchers.notNullValue;
*/ */
public class ScrollIdSigningTests extends ShieldIntegrationTest { public class ScrollIdSigningTests extends ShieldIntegrationTest {
private KeyService keyService; private SignatureService signatureService;
@Override @Override
protected Settings nodeSettings(int nodeOrdinal) { protected Settings nodeSettings(int nodeOrdinal) {
return ImmutableSettings.builder() return ImmutableSettings.builder()
.put(super.nodeSettings(nodeOrdinal)) .put(super.nodeSettings(nodeOrdinal))
.put(InternalKeyService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey())) .put(InternalSignatureService.FILE_SETTING, writeFile(newFolder(), "system_key", generateKey()))
.build(); .build();
} }
@Before @Before
public void init() throws Exception { public void init() throws Exception {
keyService = internalCluster().getInstance(KeyService.class); signatureService = internalCluster().getInstance(SignatureService.class);
} }
@Test @Test
@ -124,12 +124,12 @@ public class ScrollIdSigningTests extends ShieldIntegrationTest {
} }
private void assertSigned(String scrollId) { private void assertSigned(String scrollId) {
assertThat(keyService.signed(scrollId), is(true)); assertThat(signatureService.signed(scrollId), is(true));
} }
private static byte[] generateKey() { private static byte[] generateKey() {
try { try {
return InternalKeyService.generateKey(); return InternalSignatureService.generateKey();
} catch (Exception e) { } catch (Exception e) {
fail("failed to generate key"); fail("failed to generate key");
return null; return null;

18
src/test/java/org/elasticsearch/shield/action/ShieldActionFilterTests.java
View File

@ -14,8 +14,8 @@ import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authz.AuthorizationException; import org.elasticsearch.shield.authz.AuthorizationException;
import org.elasticsearch.shield.authz.AuthorizationService; import org.elasticsearch.shield.authz.AuthorizationService;
import org.elasticsearch.shield.key.KeyService; import org.elasticsearch.shield.signature.SignatureService;
import org.elasticsearch.shield.key.SignatureException; import org.elasticsearch.shield.signature.SignatureException;
import org.elasticsearch.test.ElasticsearchTestCase; import org.elasticsearch.test.ElasticsearchTestCase;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -32,7 +32,7 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
private AuthenticationService authcService; private AuthenticationService authcService;
private AuthorizationService authzService; private AuthorizationService authzService;
private KeyService keyService; private SignatureService signatureService;
private AuditTrail auditTrail; private AuditTrail auditTrail;
private ShieldActionFilter filter; private ShieldActionFilter filter;
@ -40,9 +40,9 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
public void init() throws Exception { public void init() throws Exception {
authcService = mock(AuthenticationService.class); authcService = mock(AuthenticationService.class);
authzService = mock(AuthorizationService.class); authzService = mock(AuthorizationService.class);
keyService = mock(KeyService.class); signatureService = mock(SignatureService.class);
auditTrail = mock(AuditTrail.class); auditTrail = mock(AuditTrail.class);
filter = new ShieldActionFilter(authcService, authzService, keyService, auditTrail); filter = new ShieldActionFilter(authcService, authzService, signatureService, auditTrail);
} }
@Test @Test
@ -79,8 +79,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
ActionFilterChain chain = mock(ActionFilterChain.class); ActionFilterChain chain = mock(ActionFilterChain.class);
User user = mock(User.class); User user = mock(User.class);
when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user); when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user);
when(keyService.signed("signed_scroll_id")).thenReturn(true); when(signatureService.signed("signed_scroll_id")).thenReturn(true);
when(keyService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id"); when(signatureService.unsignAndVerify("signed_scroll_id")).thenReturn("scroll_id");
filter.apply("_action", request, listener, chain); filter.apply("_action", request, listener, chain);
assertThat(request.scrollId(), equalTo("scroll_id")); assertThat(request.scrollId(), equalTo("scroll_id"));
verify(authzService).authorize(user, "_action", request); verify(authzService).authorize(user, "_action", request);
@ -95,8 +95,8 @@ public class ShieldActionFilterTests extends ElasticsearchTestCase {
SignatureException sigException = new SignatureException("bad bad boy"); SignatureException sigException = new SignatureException("bad bad boy");
User user = mock(User.class); User user = mock(User.class);
when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user); when(authcService.authenticate("_action", request, User.SYSTEM)).thenReturn(user);
when(keyService.signed("scroll_id")).thenReturn(true); when(signatureService.signed("scroll_id")).thenReturn(true);
doThrow(sigException).when(keyService).unsignAndVerify("scroll_id"); doThrow(sigException).when(signatureService).unsignAndVerify("scroll_id");
filter.apply("_action", request, listener, chain); filter.apply("_action", request, listener, chain);
verify(listener).onFailure(isA(AuthorizationException.class)); verify(listener).onFailure(isA(AuthorizationException.class));
verify(auditTrail).tamperedRequest(user, "_action", request); verify(auditTrail).tamperedRequest(user, "_action", request);

34
src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
View File

@ -14,7 +14,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.audit.AuditTrail; import org.elasticsearch.shield.audit.AuditTrail;
import org.elasticsearch.shield.key.KeyService; import org.elasticsearch.shield.signature.SignatureService;
import org.elasticsearch.test.ElasticsearchTestCase; import org.elasticsearch.test.ElasticsearchTestCase;
import org.elasticsearch.transport.TransportMessage; import org.elasticsearch.transport.TransportMessage;
import org.junit.Before; import org.junit.Before;
@ -44,7 +44,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
Realm secondRealm; Realm secondRealm;
AuditTrail auditTrail; AuditTrail auditTrail;
AuthenticationToken token; AuthenticationToken token;
KeyService keyService; SignatureService signatureService;
@Before @Before
public void init() throws Exception { public void init() throws Exception {
@ -57,10 +57,10 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(secondRealm.type()).thenReturn("second"); when(secondRealm.type()).thenReturn("second");
realms = mock(Realms.class); realms = mock(Realms.class);
when(realms.realms()).thenReturn(new Realm[] {firstRealm, secondRealm}); when(realms.realms()).thenReturn(new Realm[] {firstRealm, secondRealm});
keyService = mock(KeyService.class); signatureService = mock(SignatureService.class);
auditTrail = mock(AuditTrail.class); auditTrail = mock(AuditTrail.class);
service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, keyService); service = new InternalAuthenticationService(ImmutableSettings.EMPTY, realms, auditTrail, signatureService);
} }
@Test @SuppressWarnings("unchecked") @Test @SuppressWarnings("unchecked")
@ -106,7 +106,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
service = spy(service); service = spy(service);
doReturn(token).when(service).token("_action", message); doReturn(token).when(service).token("_action", message);
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
User result = service.authenticate("_action", message, null); User result = service.authenticate("_action", message, null);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -127,7 +127,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
service = spy(service); service = spy(service);
doReturn(token).when(service).token("_action", message); doReturn(token).when(service).token("_action", message);
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_encoded_user");
User result = service.authenticate("_action", message, null); User result = service.authenticate("_action", message, null);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -149,7 +149,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
verifyZeroInteractions(auditTrail); verifyZeroInteractions(auditTrail);
verifyZeroInteractions(firstRealm); verifyZeroInteractions(firstRealm);
verifyZeroInteractions(secondRealm); verifyZeroInteractions(secondRealm);
verifyZeroInteractions(keyService); verifyZeroInteractions(signatureService);
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), notNullValue()); assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), notNullValue());
assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), is((Object) user)); assertThat(message.getContext().get(InternalAuthenticationService.USER_KEY), is((Object) user));
} }
@ -190,7 +190,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(firstRealm.token(message)).thenReturn(token); when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.supports(token)).thenReturn(true);
when(firstRealm.authenticate(token)).thenReturn(user); when(firstRealm.authenticate(token)).thenReturn(user);
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
service = spy(service); service = spy(service);
doReturn(token).when(service).token("_action", message); doReturn(token).when(service).token("_action", message);
User result = service.authenticate("_action", message, null); User result = service.authenticate("_action", message, null);
@ -232,7 +232,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(firstRealm.token(message)).thenReturn(null); when(firstRealm.token(message)).thenReturn(null);
when(secondRealm.token(message)).thenReturn(null); when(secondRealm.token(message)).thenReturn(null);
User.Simple user1 = new User.Simple("username", "r1", "r2"); User.Simple user1 = new User.Simple("username", "r1", "r2");
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
User user2 = service.authenticate("_action", message, user1); User user2 = service.authenticate("_action", message, user1);
assertThat(user1, sameInstance(user2)); assertThat(user1, sameInstance(user2));
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
@ -245,7 +245,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(firstRealm.token(message)).thenReturn(token); when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.supports(token)).thenReturn(true);
when(firstRealm.authenticate(token)).thenReturn(user1); when(firstRealm.authenticate(token)).thenReturn(user1);
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
User user2 = service.authenticate("_action", message, null); User user2 = service.authenticate("_action", message, null);
assertThat(user1, sameInstance(user2)); assertThat(user1, sameInstance(user2));
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
@ -258,7 +258,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(firstRealm.token(message)).thenReturn(token); when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.supports(token)).thenReturn(true);
when(firstRealm.authenticate(token)).thenReturn(user1); when(firstRealm.authenticate(token)).thenReturn(user1);
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
User user2 = service.authenticate("_action", message, User.SYSTEM); User user2 = service.authenticate("_action", message, User.SYSTEM);
assertThat(user1, sameInstance(user2)); assertThat(user1, sameInstance(user2));
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
@ -282,7 +282,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
when(firstRealm.token(message)).thenReturn(token); when(firstRealm.token(message)).thenReturn(token);
when(firstRealm.supports(token)).thenReturn(true); when(firstRealm.supports(token)).thenReturn(true);
when(firstRealm.authenticate(token)).thenReturn(user1); when(firstRealm.authenticate(token)).thenReturn(user1);
when(keyService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user1, null))).thenReturn("_signed_user");
User user2 = service.authenticate("_action", message, User.SYSTEM); User user2 = service.authenticate("_action", message, User.SYSTEM);
assertThat(user1, sameInstance(user2)); assertThat(user1, sameInstance(user2));
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user2));
@ -300,7 +300,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
// checking authentication from the user header // checking authentication from the user header
message1.putHeader(InternalAuthenticationService.USER_KEY, message.getHeader(InternalAuthenticationService.USER_KEY)); message1.putHeader(InternalAuthenticationService.USER_KEY, message.getHeader(InternalAuthenticationService.USER_KEY));
when(keyService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null)); when(signatureService.unsignAndVerify("_signed_user")).thenReturn(InternalAuthenticationService.encodeUser(user1, null));
BytesStreamOutput output = new BytesStreamOutput(); BytesStreamOutput output = new BytesStreamOutput();
message1.writeTo(output); message1.writeTo(output);
BytesStreamInput input = new BytesStreamInput(output.bytes()); BytesStreamInput input = new BytesStreamInput(output.bytes());
@ -314,7 +314,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
@Test @Test
public void testAutheticate_Transport_ContextAndHeader_NoSigning() throws Exception { public void testAutheticate_Transport_ContextAndHeader_NoSigning() throws Exception {
Settings settings = ImmutableSettings.builder().put("shield.authc.sign_user_header", false).build(); Settings settings = ImmutableSettings.builder().put("shield.authc.sign_user_header", false).build();
service = new InternalAuthenticationService(settings, realms, auditTrail, keyService); service = new InternalAuthenticationService(settings, realms, auditTrail, signatureService);
User user1 = new User.Simple("username", "r1", "r2"); User user1 = new User.Simple("username", "r1", "r2");
when(firstRealm.token(message)).thenReturn(token); when(firstRealm.token(message)).thenReturn(token);
@ -346,7 +346,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
assertThat(user, equalTo(user1)); assertThat(user, equalTo(user1));
verifyZeroInteractions(firstRealm); verifyZeroInteractions(firstRealm);
verifyZeroInteractions(keyService); verifyZeroInteractions(signatureService);
} }
@Test @Test
@ -354,7 +354,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
User user = new User.Simple("username", "r1", "r2"); User user = new User.Simple("username", "r1", "r2");
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue());
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
service.attachUserHeaderIfMissing(message, user); service.attachUserHeaderIfMissing(message, user);
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user")); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));
@ -363,7 +363,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
message = new InternalMessage(); message = new InternalMessage();
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), nullValue());
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue()); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), nullValue());
when(keyService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user"); when(signatureService.sign(InternalAuthenticationService.encodeUser(user, null))).thenReturn("_signed_user");
service.attachUserHeaderIfMissing(message, user); service.attachUserHeaderIfMissing(message, user);
assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user)); assertThat(message.getFromContext(InternalAuthenticationService.USER_KEY), sameInstance((Object) user));
assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user")); assertThat(message.getHeader(InternalAuthenticationService.USER_KEY), equalTo((Object) "_signed_user"));

16
src/test/java/org/elasticsearch/shield/key/InternalKeyServiceTests.java → src/test/java/org/elasticsearch/shield/signature/InternalSignatureServiceTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key; package org.elasticsearch.shield.signature;
import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.ImmutableSettings;
@ -26,7 +26,7 @@ import static org.hamcrest.Matchers.is;
/** /**
* *
*/ */
public class InternalKeyServiceTests extends ElasticsearchTestCase { public class InternalSignatureServiceTests extends ElasticsearchTestCase {
private ResourceWatcherService watcherService; private ResourceWatcherService watcherService;
private Settings settings; private Settings settings;
@ -37,7 +37,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
@Before @Before
public void init() throws Exception { public void init() throws Exception {
keyFile = new File(newTempDir(), "system_key"); keyFile = new File(newTempDir(), "system_key");
Streams.copy(InternalKeyService.generateKey(), keyFile); Streams.copy(InternalSignatureService.generateKey(), keyFile);
settings = ImmutableSettings.builder() settings = ImmutableSettings.builder()
.put("shield.system_key.file", keyFile.getAbsolutePath()) .put("shield.system_key.file", keyFile.getAbsolutePath())
.put("watcher.interval.high", "2s") .put("watcher.interval.high", "2s")
@ -55,7 +55,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
@Test @Test
public void testSigned() throws Exception { public void testSigned() throws Exception {
InternalKeyService service = new InternalKeyService(settings, env, watcherService); InternalSignatureService service = new InternalSignatureService(settings, env, watcherService);
String text = randomAsciiOfLength(10); String text = randomAsciiOfLength(10);
String signed = service.sign(text); String signed = service.sign(text);
assertThat(service.signed(signed), is(true)); assertThat(service.signed(signed), is(true));
@ -63,7 +63,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
@Test @Test
public void testSignAndUnsign() throws Exception { public void testSignAndUnsign() throws Exception {
InternalKeyService service = new InternalKeyService(settings, env, watcherService); InternalSignatureService service = new InternalSignatureService(settings, env, watcherService);
String text = randomAsciiOfLength(10); String text = randomAsciiOfLength(10);
String signed = service.sign(text); String signed = service.sign(text);
assertThat(text.equals(signed), is(false)); assertThat(text.equals(signed), is(false));
@ -73,7 +73,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
@Test @Test
public void testSignAndUnsign_NoKeyFile() throws Exception { public void testSignAndUnsign_NoKeyFile() throws Exception {
InternalKeyService service = new InternalKeyService(ImmutableSettings.EMPTY, env, watcherService); InternalSignatureService service = new InternalSignatureService(ImmutableSettings.EMPTY, env, watcherService);
String text = randomAsciiOfLength(10); String text = randomAsciiOfLength(10);
String signed = service.sign(text); String signed = service.sign(text);
assertThat(text, equalTo(signed)); assertThat(text, equalTo(signed));
@ -84,7 +84,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
@Test @Test
public void testReloadKey() throws Exception { public void testReloadKey() throws Exception {
final CountDownLatch latch = new CountDownLatch(1); final CountDownLatch latch = new CountDownLatch(1);
InternalKeyService service = new InternalKeyService(settings, env, watcherService, new InternalKeyService.Listener() { InternalSignatureService service = new InternalSignatureService(settings, env, watcherService, new InternalSignatureService.Listener() {
@Override @Override
public void onKeyRefresh() { public void onKeyRefresh() {
latch.countDown(); latch.countDown();
@ -98,7 +98,7 @@ public class InternalKeyServiceTests extends ElasticsearchTestCase {
// and so the resource watcher will pick up the change. // and so the resource watcher will pick up the change.
sleep(1000); sleep(1000);
Streams.copy(InternalKeyService.generateKey(), keyFile); Streams.copy(InternalSignatureService.generateKey(), keyFile);
if (!latch.await(10, TimeUnit.SECONDS)) { if (!latch.await(10, TimeUnit.SECONDS)) {
fail("waiting too long for test to complete. Expected callback is not called"); fail("waiting too long for test to complete. Expected callback is not called");
} }

12
src/test/java/org/elasticsearch/shield/key/tool/SystemKeyToolTests.java → src/test/java/org/elasticsearch/shield/signature/tool/SystemKeyToolTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License; * or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License. * you may not use this file except in compliance with the Elastic License.
*/ */
package org.elasticsearch.shield.key.tool; package org.elasticsearch.shield.signature.tool;
import org.elasticsearch.common.cli.CliTool; import org.elasticsearch.common.cli.CliTool;
import org.elasticsearch.common.cli.CliToolTestCase; import org.elasticsearch.common.cli.CliToolTestCase;
@ -12,7 +12,7 @@ import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.key.InternalKeyService; import org.elasticsearch.shield.signature.InternalSignatureService;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.junit.Before; import org.junit.Before;
import org.junit.Test; import org.junit.Test;
@ -21,7 +21,7 @@ import java.io.File;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
import static org.elasticsearch.shield.key.tool.SystemKeyTool.Generate; import static org.elasticsearch.shield.signature.tool.SystemKeyTool.Generate;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.mock; import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when; import static org.mockito.Mockito.when;
@ -64,7 +64,7 @@ public class SystemKeyToolTests extends CliToolTestCase {
CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env); CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env);
assertThat(status, is(CliTool.ExitStatus.OK)); assertThat(status, is(CliTool.ExitStatus.OK));
byte[] bytes = Streams.copyToByteArray(path.toFile()); byte[] bytes = Streams.copyToByteArray(path.toFile());
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
} }
@Test @Test
@ -77,7 +77,7 @@ public class SystemKeyToolTests extends CliToolTestCase {
CliTool.ExitStatus status = generate.execute(settings, env); CliTool.ExitStatus status = generate.execute(settings, env);
assertThat(status, is(CliTool.ExitStatus.OK)); assertThat(status, is(CliTool.ExitStatus.OK));
byte[] bytes = Streams.copyToByteArray(path.toFile()); byte[] bytes = Streams.copyToByteArray(path.toFile());
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
} }
@Test @Test
@ -91,6 +91,6 @@ public class SystemKeyToolTests extends CliToolTestCase {
CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env); CliTool.ExitStatus status = generate.execute(ImmutableSettings.EMPTY, env);
assertThat(status, is(CliTool.ExitStatus.OK)); assertThat(status, is(CliTool.ExitStatus.OK));
byte[] bytes = Streams.copyToByteArray(path.toFile()); byte[] bytes = Streams.copyToByteArray(path.toFile());
assertThat(bytes.length, is(InternalKeyService.KEY_SIZE / 8)); assertThat(bytes.length, is(InternalSignatureService.KEY_SIZE / 8));
} }
} }

6
src/test/java/org/elasticsearch/test/ShieldRestTests.java
View File

@ -17,7 +17,7 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.PluginsService; import org.elasticsearch.plugins.PluginsService;
import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.key.InternalKeyService; import org.elasticsearch.shield.signature.InternalSignatureService;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.transport.netty.NettySecuredTransport; import org.elasticsearch.shield.transport.netty.NettySecuredTransport;
import org.elasticsearch.test.rest.ElasticsearchRestTests; import org.elasticsearch.test.rest.ElasticsearchRestTests;
@ -76,7 +76,7 @@ public class ShieldRestTests extends ElasticsearchRestTests {
if (enabled) { if (enabled) {
final byte[] key; final byte[] key;
try { try {
key = InternalKeyService.generateKey(); key = InternalSignatureService.generateKey();
} catch (Exception e) { } catch (Exception e) {
throw new RuntimeException(e); throw new RuntimeException(e);
} }
@ -99,7 +99,7 @@ public class ShieldRestTests extends ElasticsearchRestTests {
String keyFile = writeFile(folder, "system_key", key); String keyFile = writeFile(folder, "system_key", key);
ImmutableSettings.Builder builder = ImmutableSettings.builder() ImmutableSettings.Builder builder = ImmutableSettings.builder()
.put(InternalKeyService.FILE_SETTING, keyFile) .put(InternalSignatureService.FILE_SETTING, keyFile)
.put("request.headers.Authorization", basicAuthHeaderValue(DEFAULT_USER_NAME, SecuredStringTests.build(DEFAULT_PASSWORD))) .put("request.headers.Authorization", basicAuthHeaderValue(DEFAULT_USER_NAME, SecuredStringTests.build(DEFAULT_PASSWORD)))
.put("discovery.zen.ping.multicast.enabled", false) .put("discovery.zen.ping.multicast.enabled", false)
.put("discovery.type", "zen") .put("discovery.type", "zen")