Example 16 with SecureString
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class GoogleCloudStorageClientSettings method validateAndCreateProxySettings.
static ProxySettings validateAndCreateProxySettings(final Settings settings, final String clientName) {
final Proxy.Type proxyType = getConfigValue(settings, clientName, PROXY_TYPE_SETTING);
final String proxyHost = getConfigValue(settings, clientName, PROXY_HOST_SETTING);
final int proxyPort = getConfigValue(settings, clientName, PROXY_PORT_SETTING);
final SecureString proxyUserName = getConfigValue(settings, clientName, PROXY_USERNAME_SETTING);
final SecureString proxyPassword = getConfigValue(settings, clientName, PROXY_PASSWORD_SETTING);
// Validate proxy settings
if (proxyType == Proxy.Type.DIRECT && (proxyPort != 0 || Strings.hasText(proxyHost) || Strings.hasText(proxyUserName) || Strings.hasText(proxyPassword))) {
throw new SettingsException("Google Cloud Storage proxy port or host or username or password have been set but proxy type is not defined.");
}
if (proxyType != Proxy.Type.DIRECT && (proxyPort == 0 || Strings.isEmpty(proxyHost))) {
throw new SettingsException("Google Cloud Storage proxy type has been set but proxy host or port is not defined.");
}
if (proxyType == Proxy.Type.DIRECT) {
return ProxySettings.NO_PROXY_SETTINGS;
}
try {
final InetAddress proxyHostAddress = InetAddress.getByName(proxyHost);
return new ProxySettings(proxyType, proxyHostAddress, proxyPort, proxyUserName.toString(), proxyPassword.toString());
} catch (final UnknownHostException e) {
throw new SettingsException("Google Cloud Storage proxy host is unknown.", e);
}
}
Also used :
Proxy(java.net.Proxy)
UnknownHostException(java.net.UnknownHostException)
SecureString(org.opensearch.common.settings.SecureString)
SettingsException(org.opensearch.common.settings.SettingsException)
InetAddress(java.net.InetAddress)
SecureString(org.opensearch.common.settings.SecureString)
Example 17 with SecureString
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class StreamInput method readSecureString.
public SecureString readSecureString() throws IOException {
BytesReference bytesRef = readBytesReference();
byte[] bytes = BytesReference.toBytes(bytesRef);
try {
return new SecureString(CharArrays.utf8BytesToChars(bytes));
} finally {
Arrays.fill(bytes, (byte) 0);
}
}
Also used :
BytesReference(org.opensearch.common.bytes.BytesReference)
SecureString(org.opensearch.common.settings.SecureString)
Example 18 with SecureString
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class StreamInput method readOptionalSecureString.
@Nullable
public SecureString readOptionalSecureString() throws IOException {
SecureString value = null;
BytesReference bytesRef = readOptionalBytesReference();
if (bytesRef != null) {
byte[] bytes = BytesReference.toBytes(bytesRef);
try {
value = new SecureString(CharArrays.utf8BytesToChars(bytes));
} finally {
Arrays.fill(bytes, (byte) 0);
}
}
return value;
}
Also used :
BytesReference(org.opensearch.common.bytes.BytesReference)
SecureString(org.opensearch.common.settings.SecureString)
Nullable(org.opensearch.common.Nullable)
Example 19 with SecureString
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class Ec2ClientSettings method loadCredentials.
static AWSCredentials loadCredentials(Settings settings) {
try (SecureString key = ACCESS_KEY_SETTING.get(settings);
SecureString secret = SECRET_KEY_SETTING.get(settings);
SecureString sessionToken = SESSION_TOKEN_SETTING.get(settings)) {
if (key.length() == 0 && secret.length() == 0) {
if (sessionToken.length() > 0) {
throw new SettingsException("Setting [{}] is set but [{}] and [{}] are not", SESSION_TOKEN_SETTING.getKey(), ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
logger.debug("Using either environment variables, system properties or instance profile credentials");
return null;
} else {
if (key.length() == 0) {
deprecationLogger.deprecate("ec2_invalid_key_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", SECRET_KEY_SETTING.getKey(), ACCESS_KEY_SETTING.getKey());
}
if (secret.length() == 0) {
deprecationLogger.deprecate("ec2_invalid_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
}
final AWSCredentials credentials;
if (sessionToken.length() == 0) {
logger.debug("Using basic key/secret credentials");
credentials = new BasicAWSCredentials(key.toString(), secret.toString());
} else {
logger.debug("Using basic session credentials");
credentials = new BasicSessionCredentials(key.toString(), secret.toString(), sessionToken.toString());
}
return credentials;
}
}
}
Also used :
BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials)
SettingsException(org.opensearch.common.settings.SettingsException)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
AWSCredentials(com.amazonaws.auth.AWSCredentials)
SecureString(org.opensearch.common.settings.SecureString)
BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)
Example 20 with SecureString
use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.
the class Bootstrap method loadSecureSettings.
static SecureSettings loadSecureSettings(Environment initialEnv) throws BootstrapException {
final KeyStoreWrapper keystore;
try {
keystore = KeyStoreWrapper.load(initialEnv.configDir());
} catch (IOException e) {
throw new BootstrapException(e);
}
SecureString password;
try {
if (keystore != null && keystore.hasPassword()) {
password = readPassphrase(System.in, KeyStoreAwareCommand.MAX_PASSPHRASE_LENGTH);
} else {
password = new SecureString(new char[0]);
}
} catch (IOException e) {
throw new BootstrapException(e);
}
try {
if (keystore == null) {
final KeyStoreWrapper keyStoreWrapper = KeyStoreWrapper.create();
keyStoreWrapper.save(initialEnv.configDir(), new char[0]);
return keyStoreWrapper;
} else {
keystore.decrypt(password.getChars());
KeyStoreWrapper.upgrade(keystore, initialEnv.configDir(), password.getChars());
}
} catch (Exception e) {
throw new BootstrapException(e);
} finally {
password.close();
}
return keystore;
}
Also used :
KeyStoreWrapper(org.opensearch.common.settings.KeyStoreWrapper)
IOException(java.io.IOException)
SecureString(org.opensearch.common.settings.SecureString)
UserException(org.opensearch.cli.UserException)
CreationException(org.opensearch.common.inject.CreationException)
URISyntaxException(java.net.URISyntaxException)
OpenSearchException(org.opensearch.OpenSearchException)
IOException(java.io.IOException)
NodeValidationException(org.opensearch.node.NodeValidationException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
Aggregations
SecureString (org.opensearch.common.settings.SecureString)20
OpenSearchException (org.opensearch.OpenSearchException)9
AccessControlException (java.security.AccessControlException)7
CountDownLatch (java.util.concurrent.CountDownLatch)7
AtomicReference (java.util.concurrent.atomic.AtomicReference)7
NodesReloadSecureSettingsResponse (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)7
Environment (org.opensearch.env.Environment)7
RemoteTransportException (org.opensearch.transport.RemoteTransportException)7
Map (java.util.Map)6
PluginsService (org.opensearch.plugins.PluginsService)5
KeyStoreWrapper (org.opensearch.common.settings.KeyStoreWrapper)4
SettingsException (org.opensearch.common.settings.SettingsException)4
IOException (java.io.IOException)3
InputStream (java.io.InputStream)3
BytesReference (org.opensearch.common.bytes.BytesReference)3
InetAddress (java.net.InetAddress)2
UnknownHostException (java.net.UnknownHostException)2
SecureSettings (org.opensearch.common.settings.SecureSettings)2
Settings (org.opensearch.common.settings.Settings)2
AWSCredentials (com.amazonaws.auth.AWSCredentials)1
