Skip to content

Commit

Permalink
Breaks admin password setter into two methods
Browse files Browse the repository at this point in the history 
Signed-off-by: Darshit Chanpura <[email protected]>
  • Loading branch information
@DarshitChanpura
DarshitChanpura committed Nov 9, 2023
1 parent d0e6459 commit af7585c
Showing 1 changed file with 48 additions and 50 deletions.
98 changes: 48 additions & 50 deletions src/main/java/org/opensearch/security/tools/InstallDemoConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -327,9 +327,12 @@ private static void checkIfSecurityPluginIsAlreadyConfigured() {
System.exit(skip_updates ? 1 : 0);
}
}
} catch (IOException e) {}
} catch (IOException e) {
System.err.println("Error reading configuration file.");
System.exit(-1);
}
} else {
System.out.println("OpenSearch configuration file does not exist. Quit.");
System.err.println("OpenSearch configuration file does not exist. Quit.");
System.exit(-1);
}
}
Expand Down Expand Up @@ -386,41 +389,48 @@ private static void setAdminPassword() {
System.out.println("\t\tADMIN PASSWORD SET TO: " + ADMIN_PASSWORD);
System.out.println("\t***************************************************");

String hashedAdminPassword = Hasher.hash(ADMIN_PASSWORD.toCharArray());
writePasswordToInternalUsersFile(ADMIN_PASSWORD, INTERNAL_USERS_FILE_PATH);

if (hashedAdminPassword.isEmpty()) {
System.out.println("Hash the admin password failure, see console for details");
System.exit(-1);
}
} catch (IOException e) {
System.out.println("Exception: " + e.getMessage());
System.exit(-1);
}
}

Path tempFilePath = Paths.get(INTERNAL_USERS_FILE_PATH + ".tmp");
Path internalUsersPath = Paths.get(INTERNAL_USERS_FILE_PATH);
/**
* Generate password hash and update it in the internal_users.yml file
* @param adminPassword the password to be hashed and updated
* @param internalUsersFile the file path string to internal_users.yml file
* @throws IOException while reading, writing to files
*/
private static void writePasswordToInternalUsersFile(String adminPassword, String internalUsersFile) throws IOException {
String hashedAdminPassword = Hasher.hash(adminPassword.toCharArray());

try (
BufferedReader reader = new BufferedReader(new FileReader(INTERNAL_USERS_FILE_PATH));
BufferedWriter writer = new BufferedWriter(new FileWriter(tempFilePath.toFile()))
) {
String line;
while ((line = reader.readLine()) != null) {
if (line.matches(" *hash: *\"\\$2a\\$12\\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\"")) {
line = line.replace(
"\"$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\"",
"\"" + hashedAdminPassword + "\""
);
}
writer.write(line + System.lineSeparator());
}
}
if (hashedAdminPassword.isEmpty()) {
System.out.println("Hash the admin password failure, see console for details");
System.exit(-1);
}

try {
Files.move(tempFilePath, internalUsersPath, java.nio.file.StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e) {
throw new IOException("Unable to update the internal users file with the hashed password.");
}
Path tempFilePath = Paths.get(internalUsersFile + ".tmp");
Path internalUsersPath = Paths.get(internalUsersFile);

try (
BufferedReader reader = new BufferedReader(new FileReader(internalUsersFile));
BufferedWriter writer = new BufferedWriter(new FileWriter(tempFilePath.toFile()))
) {
String line;
while ((line = reader.readLine()) != null) {
if (line.matches(" *hash: *\"\\$2a\\$12\\$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\"")) {
line = line.replace(
"\"$2a$12$VcCDgh2NDk07JGN0rjGbM.Ad41qVR/YFJcgHp0UGns5JDymv..TOG\"",
"\"" + hashedAdminPassword + "\""
);
}
writer.write(line + System.lineSeparator());
}
Files.move(tempFilePath, internalUsersPath, java.nio.file.StandardCopyOption.REPLACE_EXISTING);
} catch (IOException e) {
System.out.println("Exception: " + e.getMessage());
System.exit(-1);
throw new IOException("Unable to update the internal users file with the hashed password.");
}
}

Expand All @@ -434,25 +444,10 @@ public static void createDemoCertificates() {
FileWriter fileWriter = new FileWriter(filePath);
fileWriter.write(cert.getContent());
fileWriter.close();
setFilePermissions(filePath);
} catch (IOException e) {
System.err.println("Error writing certificate to file: " + cert.getFileName());
}
}
}

/**
* Set permission to given file
* @param filePath the path to the file whose permissions need to be set
*/
private static void setFilePermissions(String filePath) {
try {
File file = new File(filePath);
if (!file.setReadable(true, false) || !file.setWritable(false, false) || !file.setExecutable(false, false)) {
throw new IOException("Failed to set file permissions for: " + filePath);
System.err.println("Error writing certificate file: " + cert.getFileName());
System.exit(-1);
}
} catch (IOException e) {
System.err.println("Error setting file permissions for: " + filePath);
}
}

Expand All @@ -464,7 +459,10 @@ private static void writeSecurityConfigToOpenSearchYML() {

try (FileWriter writer = new FileWriter(OPENSEARCH_CONF_FILE, true)) {
writer.write(securityConfig);
} catch (IOException e) {}
} catch (IOException e) {
System.err.println("Exception writing security configuration to opensearch.yml.");
System.exit(-1);
}
}

/**
Expand Down Expand Up @@ -851,5 +849,5 @@ public String getContent() {
*/
enum ExecutionEnvironment {
demo, // default value
test; // to be used only for tests
test // to be used only for tests
}

0 comments on commit af7585c

Please sign in to comment.