use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class GoogleCloudStorageClientSettings method validateAndCreateProxySettings.
static ProxySettings validateAndCreateProxySettings(final Settings settings, final String clientName) {
final Proxy.Type proxyType = getConfigValue(settings, clientName, PROXY_TYPE_SETTING);
final String proxyHost = getConfigValue(settings, clientName, PROXY_HOST_SETTING);
final int proxyPort = getConfigValue(settings, clientName, PROXY_PORT_SETTING);
final SecureString proxyUserName = getConfigValue(settings, clientName, PROXY_USERNAME_SETTING);
final SecureString proxyPassword = getConfigValue(settings, clientName, PROXY_PASSWORD_SETTING);
// Validate proxy settings
if (proxyType == Proxy.Type.DIRECT && (proxyPort != 0 || Strings.hasText(proxyHost) || Strings.hasText(proxyUserName) || Strings.hasText(proxyPassword))) {
throw new SettingsException("Google Cloud Storage proxy port or host or username or password have been set but proxy type is not defined.");
}
if (proxyType != Proxy.Type.DIRECT && (proxyPort == 0 || Strings.isEmpty(proxyHost))) {
throw new SettingsException("Google Cloud Storage proxy type has been set but proxy host or port is not defined.");
}
if (proxyType == Proxy.Type.DIRECT) {
return ProxySettings.NO_PROXY_SETTINGS;
}
try {
final InetAddress proxyHostAddress = InetAddress.getByName(proxyHost);
return new ProxySettings(proxyType, proxyHostAddress, proxyPort, proxyUserName.toString(), proxyPassword.toString());
} catch (final UnknownHostException e) {
throw new SettingsException("Google Cloud Storage proxy host is unknown.", e);
}
}
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class StreamInput method readSecureString.
public SecureString readSecureString() throws IOException {
BytesReference bytesRef = readBytesReference();
byte[] bytes = BytesReference.toBytes(bytesRef);
try {
return new SecureString(CharArrays.utf8BytesToChars(bytes));
} finally {
Arrays.fill(bytes, (byte) 0);
}
}
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class StreamInput method readOptionalSecureString.
@Nullable
public SecureString readOptionalSecureString() throws IOException {
SecureString value = null;
BytesReference bytesRef = readOptionalBytesReference();
if (bytesRef != null) {
byte[] bytes = BytesReference.toBytes(bytesRef);
try {
value = new SecureString(CharArrays.utf8BytesToChars(bytes));
} finally {
Arrays.fill(bytes, (byte) 0);
}
}
return value;
}
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class Ec2ClientSettings method loadCredentials.
static AWSCredentials loadCredentials(Settings settings) {
try (SecureString key = ACCESS_KEY_SETTING.get(settings);
SecureString secret = SECRET_KEY_SETTING.get(settings);
SecureString sessionToken = SESSION_TOKEN_SETTING.get(settings)) {
if (key.length() == 0 && secret.length() == 0) {
if (sessionToken.length() > 0) {
throw new SettingsException("Setting [{}] is set but [{}] and [{}] are not", SESSION_TOKEN_SETTING.getKey(), ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
logger.debug("Using either environment variables, system properties or instance profile credentials");
return null;
} else {
if (key.length() == 0) {
deprecationLogger.deprecate("ec2_invalid_key_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", SECRET_KEY_SETTING.getKey(), ACCESS_KEY_SETTING.getKey());
}
if (secret.length() == 0) {
deprecationLogger.deprecate("ec2_invalid_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
final AWSCredentials credentials;
if (sessionToken.length() == 0) {
logger.debug("Using basic key/secret credentials");
credentials = new BasicAWSCredentials(key.toString(), secret.toString());
} else {
logger.debug("Using basic session credentials");
credentials = new BasicSessionCredentials(key.toString(), secret.toString(), sessionToken.toString());
}
return credentials;
}
}
}
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class Bootstrap method loadSecureSettings.
static SecureSettings loadSecureSettings(Environment initialEnv) throws BootstrapException {
final KeyStoreWrapper keystore;
try {
keystore = KeyStoreWrapper.load(initialEnv.configDir());
} catch (IOException e) {
throw new BootstrapException(e);
}
SecureString password;
try {
if (keystore != null && keystore.hasPassword()) {
password = readPassphrase(System.in, KeyStoreAwareCommand.MAX_PASSPHRASE_LENGTH);
} else {
password = new SecureString(new char[0]);
}
} catch (IOException e) {
throw new BootstrapException(e);
}
try {
if (keystore == null) {
final KeyStoreWrapper keyStoreWrapper = KeyStoreWrapper.create();
keyStoreWrapper.save(initialEnv.configDir(), new char[0]);
return keyStoreWrapper;
} else {
keystore.decrypt(password.getChars());
KeyStoreWrapper.upgrade(keystore, initialEnv.configDir(), password.getChars());
}
} catch (Exception e) {
throw new BootstrapException(e);
} finally {
password.close();
}
return keystore;
}
Aggregations