Example 1 with SecureString
use of org.elasticsearch.common.settings.SecureString in project elasticsearch by elastic.
the class S3RepositoryTests method testSettingsResolution.
public void testSettingsResolution() throws Exception {
Settings localSettings = Settings.builder().put(Repository.KEY_SETTING.getKey(), "key1").build();
Settings globalSettings = Settings.builder().put(Repositories.KEY_SETTING.getKey(), "key2").build();
assertEquals(new SecureString("key1".toCharArray()), getValue(localSettings, globalSettings, Repository.KEY_SETTING, Repositories.KEY_SETTING));
assertEquals(new SecureString("key1".toCharArray()), getValue(localSettings, Settings.EMPTY, Repository.KEY_SETTING, Repositories.KEY_SETTING));
assertEquals(new SecureString("key2".toCharArray()), getValue(Settings.EMPTY, globalSettings, Repository.KEY_SETTING, Repositories.KEY_SETTING));
assertEquals(new SecureString("".toCharArray()), getValue(Settings.EMPTY, Settings.EMPTY, Repository.KEY_SETTING, Repositories.KEY_SETTING));
assertSettingDeprecationsAndWarnings(new Setting<?>[] { Repository.KEY_SETTING, Repositories.KEY_SETTING });
}
Also used :
Settings(org.elasticsearch.common.settings.Settings)
SecureString(org.elasticsearch.common.settings.SecureString)
Example 2 with SecureString
use of org.elasticsearch.common.settings.SecureString in project elasticsearch by elastic.
the class InternalAwsS3Service method buildConfiguration.
// pkg private for tests
static ClientConfiguration buildConfiguration(Logger logger, Settings repositorySettings, Settings settings, String clientName, Integer maxRetries, String endpoint, boolean useThrottleRetries) {
ClientConfiguration clientConfiguration = new ClientConfiguration();
// the response metadata cache is only there for diagnostics purposes,
// but can force objects from every response to the old generation.
clientConfiguration.setResponseMetadataCacheSize(0);
Protocol protocol = getConfigValue(repositorySettings, settings, clientName, S3Repository.PROTOCOL_SETTING, S3Repository.Repository.PROTOCOL_SETTING, S3Repository.Repositories.PROTOCOL_SETTING);
clientConfiguration.setProtocol(protocol);
String proxyHost = getConfigValue(null, settings, clientName, S3Repository.PROXY_HOST_SETTING, null, CLOUD_S3.PROXY_HOST_SETTING);
if (Strings.hasText(proxyHost)) {
Integer proxyPort = getConfigValue(null, settings, clientName, S3Repository.PROXY_PORT_SETTING, null, CLOUD_S3.PROXY_PORT_SETTING);
try (SecureString proxyUsername = getConfigValue(null, settings, clientName, S3Repository.PROXY_USERNAME_SETTING, null, CLOUD_S3.PROXY_USERNAME_SETTING);
SecureString proxyPassword = getConfigValue(null, settings, clientName, S3Repository.PROXY_PASSWORD_SETTING, null, CLOUD_S3.PROXY_PASSWORD_SETTING)) {
clientConfiguration.withProxyHost(proxyHost).withProxyPort(proxyPort).withProxyUsername(proxyUsername.toString()).withProxyPassword(proxyPassword.toString());
}
}
if (maxRetries != null) {
// If not explicitly set, default to 3 with exponential backoff policy
clientConfiguration.setMaxErrorRetry(maxRetries);
}
clientConfiguration.setUseThrottleRetries(useThrottleRetries);
// #155: we might have 3rd party users using older S3 API version
String awsSigner = CLOUD_S3.SIGNER_SETTING.get(settings);
if (Strings.hasText(awsSigner)) {
logger.debug("using AWS API signer [{}]", awsSigner);
AwsSigner.configureSigner(awsSigner, clientConfiguration, endpoint);
}
TimeValue readTimeout = getConfigValue(null, settings, clientName, S3Repository.READ_TIMEOUT_SETTING, null, CLOUD_S3.READ_TIMEOUT);
clientConfiguration.setSocketTimeout((int) readTimeout.millis());
return clientConfiguration;
}
Also used :
SecureString(org.elasticsearch.common.settings.SecureString)
Protocol(com.amazonaws.Protocol)
ClientConfiguration(com.amazonaws.ClientConfiguration)
SecureString(org.elasticsearch.common.settings.SecureString)
TimeValue(org.elasticsearch.common.unit.TimeValue)
Example 3 with SecureString
use of org.elasticsearch.common.settings.SecureString in project elasticsearch by elastic.
the class InternalSettingsPreparerTests method testSecureSettings.
public void testSecureSettings() {
MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("foo", "secret");
Settings input = Settings.builder().put(baseEnvSettings).setSecureSettings(secureSettings).build();
Environment env = InternalSettingsPreparer.prepareEnvironment(input, null);
Setting<SecureString> fakeSetting = SecureSetting.secureString("foo", null, false);
assertEquals("secret", fakeSetting.get(env.settings()).toString());
}
Also used :
Environment(org.elasticsearch.env.Environment)
MockSecureSettings(org.elasticsearch.common.settings.MockSecureSettings)
MockSecureSettings(org.elasticsearch.common.settings.MockSecureSettings)
Settings(org.elasticsearch.common.settings.Settings)
SecureString(org.elasticsearch.common.settings.SecureString)
Example 4 with SecureString
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class HttpAuthUpstreamHandler method credentialsFromRequest.
@VisibleForTesting
static Tuple<String, SecureString> credentialsFromRequest(HttpRequest request, @Nullable SSLSession session, Settings settings) {
String username = null;
if (request.headers().contains(HttpHeaderNames.AUTHORIZATION.toString())) {
// Prefer Http Basic Auth
return Headers.extractCredentialsFromHttpBasicAuthHeader(request.headers().get(HttpHeaderNames.AUTHORIZATION.toString()));
} else {
// prefer commonName as userName over AUTH_TRUST_HTTP_DEFAULT_HEADER user
if (session != null) {
try {
Certificate certificate = session.getPeerCertificates()[0];
username = SSL.extractCN(certificate);
} catch (ArrayIndexOutOfBoundsException | SSLPeerUnverifiedException ignored) {
// client cert is optional
}
}
if (username == null) {
username = AuthSettings.AUTH_TRUST_HTTP_DEFAULT_HEADER.get(settings);
}
}
return new Tuple<>(username, null);
}
Also used :
SSLPeerUnverifiedException(javax.net.ssl.SSLPeerUnverifiedException)
SecureString(org.elasticsearch.common.settings.SecureString)
Tuple(io.crate.common.collections.Tuple)
Certificate(java.security.cert.Certificate)
VisibleForTesting(io.crate.common.annotations.VisibleForTesting)
Example 5 with SecureString
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class UserActions method getUserPasswordProperty.
@VisibleForTesting
@Nullable
static SecureString getUserPasswordProperty(GenericProperties<Symbol> userStmtProperties, Row parameters, TransactionContext txnCtx, NodeContext nodeCtx) throws IllegalArgumentException {
Function<? super Symbol, Object> eval = x -> SymbolEvaluator.evaluate(txnCtx, nodeCtx, x, parameters, SubQueryResults.EMPTY);
Map<String, Object> properties = userStmtProperties.map(eval).properties();
final String PASSWORD_PROPERTY = "password";
for (String key : properties.keySet()) {
if (PASSWORD_PROPERTY.equals(key)) {
String value = DataTypes.STRING.sanitizeValue(properties.get(key));
if (value != null) {
return new SecureString(value.toCharArray());
}
// Password will be reset
return null;
} else {
throw new IllegalArgumentException(String.format(Locale.ENGLISH, "\"%s\" is not a valid user property", key));
}
}
return null;
}
Also used :
TransactionContext(io.crate.metadata.TransactionContext)
NodeContext(io.crate.metadata.NodeContext)
GenericProperties(io.crate.sql.tree.GenericProperties)
Function(java.util.function.Function)
SymbolEvaluator(io.crate.analyze.SymbolEvaluator)
GeneralSecurityException(java.security.GeneralSecurityException)
Row(io.crate.data.Row)
Symbol(io.crate.expression.symbol.Symbol)
DataTypes(io.crate.types.DataTypes)
Locale(java.util.Locale)
Map(java.util.Map)
SubQueryResults(io.crate.planner.operators.SubQueryResults)
SecureString(org.elasticsearch.common.settings.SecureString)
VisibleForTesting(io.crate.common.annotations.VisibleForTesting)
Nullable(javax.annotation.Nullable)
SecureString(org.elasticsearch.common.settings.SecureString)
SecureString(org.elasticsearch.common.settings.SecureString)
VisibleForTesting(io.crate.common.annotations.VisibleForTesting)
Nullable(javax.annotation.Nullable)
Aggregations
SecureString (org.elasticsearch.common.settings.SecureString)18
Test (org.junit.Test)7
Symbol (io.crate.expression.symbol.Symbol)4
GenericProperties (io.crate.sql.tree.GenericProperties)4
SecureHash (io.crate.user.SecureHash)3
User (io.crate.user.User)3
VisibleForTesting (io.crate.common.annotations.VisibleForTesting)2
Tuple (io.crate.common.collections.Tuple)2
GeneralSecurityException (java.security.GeneralSecurityException)2
Nullable (javax.annotation.Nullable)2
SSLPeerUnverifiedException (javax.net.ssl.SSLPeerUnverifiedException)2
Settings (org.elasticsearch.common.settings.Settings)2
ClientConfiguration (com.amazonaws.ClientConfiguration)1
Protocol (com.amazonaws.Protocol)1
AWSCredentials (com.amazonaws.auth.AWSCredentials)1
BasicAWSCredentials (com.amazonaws.auth.BasicAWSCredentials)1
BasicSessionCredentials (com.amazonaws.auth.BasicSessionCredentials)1
SQLOperations (io.crate.action.sql.SQLOperations)1
SymbolEvaluator (io.crate.analyze.SymbolEvaluator)1
AlwaysOKAuthentication (io.crate.auth.AlwaysOKAuthentication)1
