Search in sources :

Example 16 with SecureString

use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.

the class GoogleCloudStorageClientSettings method validateAndCreateProxySettings.

static ProxySettings validateAndCreateProxySettings(final Settings settings, final String clientName) {
    final Proxy.Type proxyType = getConfigValue(settings, clientName, PROXY_TYPE_SETTING);
    final String proxyHost = getConfigValue(settings, clientName, PROXY_HOST_SETTING);
    final int proxyPort = getConfigValue(settings, clientName, PROXY_PORT_SETTING);
    final SecureString proxyUserName = getConfigValue(settings, clientName, PROXY_USERNAME_SETTING);
    final SecureString proxyPassword = getConfigValue(settings, clientName, PROXY_PASSWORD_SETTING);
    // Validate proxy settings
    if (proxyType == Proxy.Type.DIRECT && (proxyPort != 0 || Strings.hasText(proxyHost) || Strings.hasText(proxyUserName) || Strings.hasText(proxyPassword))) {
        throw new SettingsException("Google Cloud Storage proxy port or host or username or password have been set but proxy type is not defined.");
    }
    if (proxyType != Proxy.Type.DIRECT && (proxyPort == 0 || Strings.isEmpty(proxyHost))) {
        throw new SettingsException("Google Cloud Storage proxy type has been set but proxy host or port is not defined.");
    }
    if (proxyType == Proxy.Type.DIRECT) {
        return ProxySettings.NO_PROXY_SETTINGS;
    }
    try {
        final InetAddress proxyHostAddress = InetAddress.getByName(proxyHost);
        return new ProxySettings(proxyType, proxyHostAddress, proxyPort, proxyUserName.toString(), proxyPassword.toString());
    } catch (final UnknownHostException e) {
        throw new SettingsException("Google Cloud Storage proxy host is unknown.", e);
    }
}
Also used : Proxy(java.net.Proxy) UnknownHostException(java.net.UnknownHostException) SecureString(org.opensearch.common.settings.SecureString) SettingsException(org.opensearch.common.settings.SettingsException) InetAddress(java.net.InetAddress) SecureString(org.opensearch.common.settings.SecureString)

Example 17 with SecureString

use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.

the class StreamInput method readSecureString.

public SecureString readSecureString() throws IOException {
    BytesReference bytesRef = readBytesReference();
    byte[] bytes = BytesReference.toBytes(bytesRef);
    try {
        return new SecureString(CharArrays.utf8BytesToChars(bytes));
    } finally {
        Arrays.fill(bytes, (byte) 0);
    }
}
Also used : BytesReference(org.opensearch.common.bytes.BytesReference) SecureString(org.opensearch.common.settings.SecureString)

Example 18 with SecureString

use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.

the class StreamInput method readOptionalSecureString.

@Nullable
public SecureString readOptionalSecureString() throws IOException {
    SecureString value = null;
    BytesReference bytesRef = readOptionalBytesReference();
    if (bytesRef != null) {
        byte[] bytes = BytesReference.toBytes(bytesRef);
        try {
            value = new SecureString(CharArrays.utf8BytesToChars(bytes));
        } finally {
            Arrays.fill(bytes, (byte) 0);
        }
    }
    return value;
}
Also used : BytesReference(org.opensearch.common.bytes.BytesReference) SecureString(org.opensearch.common.settings.SecureString) Nullable(org.opensearch.common.Nullable)

Example 19 with SecureString

use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.

the class Ec2ClientSettings method loadCredentials.

static AWSCredentials loadCredentials(Settings settings) {
    try (SecureString key = ACCESS_KEY_SETTING.get(settings);
        SecureString secret = SECRET_KEY_SETTING.get(settings);
        SecureString sessionToken = SESSION_TOKEN_SETTING.get(settings)) {
        if (key.length() == 0 && secret.length() == 0) {
            if (sessionToken.length() > 0) {
                throw new SettingsException("Setting [{}] is set but [{}] and [{}] are not", SESSION_TOKEN_SETTING.getKey(), ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
            }
            logger.debug("Using either environment variables, system properties or instance profile credentials");
            return null;
        } else {
            if (key.length() == 0) {
                deprecationLogger.deprecate("ec2_invalid_key_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", SECRET_KEY_SETTING.getKey(), ACCESS_KEY_SETTING.getKey());
            }
            if (secret.length() == 0) {
                deprecationLogger.deprecate("ec2_invalid_settings", "Setting [{}] is set but [{}] is not, which will be unsupported in future", ACCESS_KEY_SETTING.getKey(), SECRET_KEY_SETTING.getKey());
            }
            final AWSCredentials credentials;
            if (sessionToken.length() == 0) {
                logger.debug("Using basic key/secret credentials");
                credentials = new BasicAWSCredentials(key.toString(), secret.toString());
            } else {
                logger.debug("Using basic session credentials");
                credentials = new BasicSessionCredentials(key.toString(), secret.toString(), sessionToken.toString());
            }
            return credentials;
        }
    }
}
Also used : BasicSessionCredentials(com.amazonaws.auth.BasicSessionCredentials) SettingsException(org.opensearch.common.settings.SettingsException) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials) AWSCredentials(com.amazonaws.auth.AWSCredentials) SecureString(org.opensearch.common.settings.SecureString) BasicAWSCredentials(com.amazonaws.auth.BasicAWSCredentials)

Example 20 with SecureString

use of org.opensearch.common.settings.SecureString in project OpenSearch by opensearch-project.

the class Bootstrap method loadSecureSettings.

static SecureSettings loadSecureSettings(Environment initialEnv) throws BootstrapException {
    final KeyStoreWrapper keystore;
    try {
        keystore = KeyStoreWrapper.load(initialEnv.configDir());
    } catch (IOException e) {
        throw new BootstrapException(e);
    }
    SecureString password;
    try {
        if (keystore != null && keystore.hasPassword()) {
            password = readPassphrase(System.in, KeyStoreAwareCommand.MAX_PASSPHRASE_LENGTH);
        } else {
            password = new SecureString(new char[0]);
        }
    } catch (IOException e) {
        throw new BootstrapException(e);
    }
    try {
        if (keystore == null) {
            final KeyStoreWrapper keyStoreWrapper = KeyStoreWrapper.create();
            keyStoreWrapper.save(initialEnv.configDir(), new char[0]);
            return keyStoreWrapper;
        } else {
            keystore.decrypt(password.getChars());
            KeyStoreWrapper.upgrade(keystore, initialEnv.configDir(), password.getChars());
        }
    } catch (Exception e) {
        throw new BootstrapException(e);
    } finally {
        password.close();
    }
    return keystore;
}
Also used : KeyStoreWrapper(org.opensearch.common.settings.KeyStoreWrapper) IOException(java.io.IOException) SecureString(org.opensearch.common.settings.SecureString) UserException(org.opensearch.cli.UserException) CreationException(org.opensearch.common.inject.CreationException) URISyntaxException(java.net.URISyntaxException) OpenSearchException(org.opensearch.OpenSearchException) IOException(java.io.IOException) NodeValidationException(org.opensearch.node.NodeValidationException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) UnsupportedEncodingException(java.io.UnsupportedEncodingException)

Aggregations

SecureString (org.opensearch.common.settings.SecureString)20 OpenSearchException (org.opensearch.OpenSearchException)9 AccessControlException (java.security.AccessControlException)7 CountDownLatch (java.util.concurrent.CountDownLatch)7 AtomicReference (java.util.concurrent.atomic.AtomicReference)7 NodesReloadSecureSettingsResponse (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)7 Environment (org.opensearch.env.Environment)7 RemoteTransportException (org.opensearch.transport.RemoteTransportException)7 Map (java.util.Map)6 PluginsService (org.opensearch.plugins.PluginsService)5 KeyStoreWrapper (org.opensearch.common.settings.KeyStoreWrapper)4 SettingsException (org.opensearch.common.settings.SettingsException)4 IOException (java.io.IOException)3 InputStream (java.io.InputStream)3 BytesReference (org.opensearch.common.bytes.BytesReference)3 InetAddress (java.net.InetAddress)2 UnknownHostException (java.net.UnknownHostException)2 SecureSettings (org.opensearch.common.settings.SecureSettings)2 Settings (org.opensearch.common.settings.Settings)2 AWSCredentials (com.amazonaws.auth.AWSCredentials)1