Add more meaningful keystore version mismatch errors (#46291)
This commit changes the version bounds of keystore reading to give better error messages when a user has a too new or too old format. relates #44624
This commit is contained in:
parent
44c4412406
commit
fa9327cdb9
|
@ -20,6 +20,8 @@
|
|||
package org.elasticsearch.common.settings;
|
||||
|
||||
import org.apache.lucene.codecs.CodecUtil;
|
||||
import org.apache.lucene.index.IndexFormatTooNewException;
|
||||
import org.apache.lucene.index.IndexFormatTooOldException;
|
||||
import org.apache.lucene.store.BufferedChecksumIndexInput;
|
||||
import org.apache.lucene.store.ChecksumIndexInput;
|
||||
import org.apache.lucene.store.IOContext;
|
||||
|
@ -40,7 +42,6 @@ import javax.crypto.SecretKeyFactory;
|
|||
import javax.crypto.spec.GCMParameterSpec;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.DataInputStream;
|
||||
|
@ -217,7 +218,16 @@ public class KeyStoreWrapper implements SecureSettings {
|
|||
SimpleFSDirectory directory = new SimpleFSDirectory(configDir);
|
||||
try (IndexInput indexInput = directory.openInput(KEYSTORE_FILENAME, IOContext.READONCE)) {
|
||||
ChecksumIndexInput input = new BufferedChecksumIndexInput(indexInput);
|
||||
int formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION);
|
||||
final int formatVersion;
|
||||
try {
|
||||
formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION);
|
||||
} catch (IndexFormatTooOldException e) {
|
||||
throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too old. " +
|
||||
"You should delete and recreate it in order to upgrade.", e);
|
||||
} catch (IndexFormatTooNewException e) {
|
||||
throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too new. " +
|
||||
"Are you trying to downgrade? You should delete and recreate it in order to downgrade.", e);
|
||||
}
|
||||
byte hasPasswordByte = input.readByte();
|
||||
boolean hasPassword = hasPasswordByte == 1;
|
||||
if (hasPassword == false && hasPasswordByte != 0) {
|
||||
|
|
Loading…
Reference in New Issue