use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class Ec2ClientSettings method loadCredentials.
static AWSCredentials loadCredentials(Settings settings) {
try (SecureString key = ACCESS_KEY_SETTING.get(settings);
SecureString secret = SECRET_KEY_SETTING.get(settings);
SecureString sessionToken = SESSION_TOKEN_SETTING.get(settings)) {
if (key.length() == 0 && secret.length() == 0) {
if (sessionToken.length() > 0) {
throw new SettingsException("Setting [{}] is set but [{}] and [{}] are not", SESSION_TOKEN_SETTING.getKey(), ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
LOGGER.debug("Using either environment variables, system properties or instance profile credentials");
return null;
} else {
if (key.length() == 0) {
DEPRECATION_LOGGER.deprecated("Setting [{}] is set but [{}] is not, which will be unsupported in future", SECRET_KEY_SETTING.getKey(), ACCESS_KEY_SETTING.getKey());
}
if (secret.length() == 0) {
DEPRECATION_LOGGER.deprecated("Setting [{}] is set but [{}] is not, which will be unsupported in future", ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
final AWSCredentials credentials;
if (sessionToken.length() == 0) {
LOGGER.debug("Using basic key/secret credentials");
credentials = new BasicAWSCredentials(key.toString(), secret.toString());
} else {
LOGGER.debug("Using basic session credentials");
credentials = new BasicSessionCredentials(key.toString(), secret.toString(), sessionToken.toString());
}
return credentials;
}
}
}
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class UserDefinitions method getSecureHash.
private static SecureHash getSecureHash(String password) {
SecureHash hash = null;
try {
hash = SecureHash.of(new SecureString(password.toCharArray()));
} catch (GeneralSecurityException e) {
// do nothing;
}
assertNotNull(hash);
return hash;
}
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class UserActionsTest method testSecureHashIsGeneratedFromPasswordProperty.
@Test
public void testSecureHashIsGeneratedFromPasswordProperty() throws Exception {
GenericProperties<Symbol> properties = new GenericProperties<>(Map.of("password", Literal.of("password")));
SecureHash secureHash = UserActions.generateSecureHash(properties, Row.EMPTY, txnCtx, nodeCtx);
assertThat(secureHash, Matchers.notNullValue());
SecureString password = new SecureString("password".toCharArray());
assertTrue(secureHash.verifyHash(password));
}
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class HttpAuthUpstreamHandler method handleHttpRequest.
private void handleHttpRequest(ChannelHandlerContext ctx, HttpRequest request) {
SSLSession session = getSession(ctx.channel());
Tuple<String, SecureString> credentials = credentialsFromRequest(request, session, settings);
String username = credentials.v1();
SecureString password = credentials.v2();
if (username.equals(authorizedUser)) {
ctx.fireChannelRead(request);
return;
}
InetAddress address = addressFromRequestOrChannel(request, ctx.channel());
ConnectionProperties connectionProperties = new ConnectionProperties(address, Protocol.HTTP, session);
AuthenticationMethod authMethod = authService.resolveAuthenticationType(username, connectionProperties);
if (authMethod == null) {
String errorMessage = String.format(Locale.ENGLISH, "No valid auth.host_based.config entry found for host \"%s\", user \"%s\", protocol \"%s\". Did you enable TLS in your client?", address.getHostAddress(), username, Protocol.HTTP.toString());
sendUnauthorized(ctx.channel(), errorMessage);
} else {
try {
User user = authMethod.authenticate(username, password, connectionProperties);
if (user != null && LOGGER.isTraceEnabled()) {
LOGGER.trace("Authentication succeeded user \"{}\" and method \"{}\".", username, authMethod.name());
}
authorizedUser = username;
ctx.fireChannelRead(request);
} catch (Exception e) {
if (LOGGER.isInfoEnabled()) {
LOGGER.info("{} authentication failed for user={} from connection={}", authMethod.name(), username, connectionProperties.address());
}
sendUnauthorized(ctx.channel(), e.getMessage());
}
}
}
use of org.elasticsearch.common.settings.SecureString in project crate by crate.
the class Headers method extractCredentialsFromHttpBasicAuthHeader.
public static Tuple<String, SecureString> extractCredentialsFromHttpBasicAuthHeader(String authHeaderValue) {
if (authHeaderValue == null || authHeaderValue.isEmpty()) {
return EMPTY_CREDENTIALS_TUPLE;
}
String username;
SecureString password = EMPTY_PASSWORD;
String valueWithoutBasePrefix = authHeaderValue.substring(6);
String decodedCreds = new String(Base64.getDecoder().decode(valueWithoutBasePrefix), StandardCharsets.UTF_8);
int idx = decodedCreds.indexOf(':');
if (idx < 0) {
username = decodedCreds;
} else {
username = decodedCreds.substring(0, idx);
String passwdStr = decodedCreds.substring(idx + 1);
if (passwdStr.length() > 0) {
password = new SecureString(passwdStr.toCharArray());
}
}
return new Tuple<>(username, password);
}
Aggregations