honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changed the base64 encoding of the signatures to be URL safe 

In InternalKeyService, we encode the signatures with base64. For things like scroll id, that need to be placed in URLs it's important that the signature will be URL safe.

Original commit: elastic/x-pack-elasticsearch@138d02d966
This commit is contained in:
uboness 2014-09-25 13:52:55 +02:00
parent b99f7be199
commit b3472bf3dc
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/main/java/org/elasticsearch/shield/key/InternalKeyService.java
View File

@ -27,7 +27,6 @@ import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
@ -96,7 +95,7 @@ public class InternalKeyService extends AbstractComponent implements KeyService
}
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
String sigStr = Base64.encodeBase64String(sig);
String sigStr = Base64.encodeBase64URLSafeString(sig);
return "$$" + sigStr.length() + "$$" + sigStr + text;
}
@ -121,7 +120,9 @@ public class InternalKeyService extends AbstractComponent implements KeyService
String text = signedText.substring(i + 2 + length);
Mac mac = createMac(key);
byte[] sig = mac.doFinal(text.getBytes(Charsets.UTF_8));
if (!Base64.encodeBase64String(sig).equals(sigStr)) {
if (!Base64.encodeBase64URLSafeString(sig).equals(sigStr)) {
throw new SignatureException("tampered signed text");
}
return text;