From d58af0549ee3824d7c325678116297afbd3dac73 Mon Sep 17 00:00:00 2001 From: Ryan Liang Date: Mon, 24 Jul 2023 13:26:33 -0700 Subject: [PATCH] Fix runtime exception in obo authenticator Signed-off-by: Ryan Liang --- .../security/http/OnBehalfOfAuthenticator.java | 12 +++++++----- .../security/securityconf/impl/v7/ConfigV7.java | 8 +++++++- .../java/org/opensearch/security/util/keyUtil.java | 4 ++-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java index e5b1324211..dd1639c981 100644 --- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java +++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java @@ -54,13 +54,10 @@ public class OnBehalfOfAuthenticator implements HTTPAuthenticator { public OnBehalfOfAuthenticator(Settings settings) { oboEnabled = Boolean.valueOf(settings.get("on_behalf_of_enabled")); encryptionKey = settings.get("encryption_key"); - jwtParser = initParser(settings.get("signing_key"), oboEnabled); + jwtParser = initParser(settings.get("signing_key")); } - private JwtParser initParser(final String signingKey, final Boolean oboEnabled) { - if (oboEnabled != true) { - throw new RuntimeException("On-behalf-of authentication has been disabled"); - } + private JwtParser initParser(final String signingKey) { JwtParser _jwtParser = keyUtil.keyAlgorithmCheck(signingKey, log); if (_jwtParser != null) { return _jwtParser; @@ -133,6 +130,11 @@ public AuthCredentials run() { } private AuthCredentials extractCredentials0(final RestRequest request) { + if (oboEnabled != true) { + log.error("On-behalf-of authentication has been disabled"); + return null; + } + if (jwtParser == null) { log.error("Missing Signing Key. JWT authentication will not work"); return null; diff --git a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java index d0fcd941be..8d4ab133bf 100644 --- a/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java +++ b/src/main/java/org/opensearch/security/securityconf/impl/v7/ConfigV7.java @@ -523,7 +523,13 @@ public void setEncryptionKey(String encryptionKey) { @Override public String toString() { - return "OnBehalfOf [ on_behalf_of=" + oboEnabled + ", signing_key=" + signingKey + ", encryption_key=" + encryptionKey + "]"; + return "OnBehalfOf [ on_behalf_of_enabled=" + + oboEnabled + + ", signing_key=" + + signingKey + + ", encryption_key=" + + encryptionKey + + "]"; } } diff --git a/src/main/java/org/opensearch/security/util/keyUtil.java b/src/main/java/org/opensearch/security/util/keyUtil.java index 214af6da31..2dc7d1e72b 100644 --- a/src/main/java/org/opensearch/security/util/keyUtil.java +++ b/src/main/java/org/opensearch/security/util/keyUtil.java @@ -52,10 +52,10 @@ public static JwtParser keyAlgorithmCheck(final String signingKey, final Logger } if (Objects.nonNull(key)) { - return Jwts.parser().setSigningKey(key); + return Jwts.parserBuilder().setSigningKey(key).build(); } - return Jwts.parser().setSigningKey(decoded); + return Jwts.parserBuilder().setSigningKey(decoded).build(); } catch (Throwable e) { log.error("Error while creating JWT authenticator", e); throw new RuntimeException(e);