From cdfcfe4a33cc8c1791fb70a1fe104d6beba3174d Mon Sep 17 00:00:00 2001 From: Dan Kortschak Date: Tue, 19 Mar 2024 13:50:53 +1030 Subject: [PATCH] address pr comment --- x-pack/filebeat/input/cel/config_auth.go | 5 ++++- x-pack/filebeat/input/cel/config_okta_auth.go | 6 +++++- x-pack/filebeat/input/httpjson/config_auth.go | 5 ++++- x-pack/filebeat/input/httpjson/config_okta_auth.go | 6 +++++- 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/x-pack/filebeat/input/cel/config_auth.go b/x-pack/filebeat/input/cel/config_auth.go index 9418c25df31e..530a4c6ed0c8 100644 --- a/x-pack/filebeat/input/cel/config_auth.go +++ b/x-pack/filebeat/input/cel/config_auth.go @@ -345,7 +345,10 @@ func (o *oAuth2Config) validateOktaProvider() error { if o.OktaJWKPEM != "" { blk, rest := pem.Decode([]byte(o.OktaJWKPEM)) if rest := bytes.TrimSpace(rest); len(rest) != 0 { - return fmt.Errorf("PEM text has trailing data: %s", rest) + return fmt.Errorf("okta validation error: PEM text has trailing data: %d bytes", len(rest)) + } + if blk == nil { + return errors.New("okta validation error: no PEM data") } _, err := x509.ParsePKCS8PrivateKey(blk.Bytes) if err != nil { diff --git a/x-pack/filebeat/input/cel/config_okta_auth.go b/x-pack/filebeat/input/cel/config_okta_auth.go index a1ee2391aa45..6d319226bf58 100644 --- a/x-pack/filebeat/input/cel/config_okta_auth.go +++ b/x-pack/filebeat/input/cel/config_okta_auth.go @@ -12,6 +12,7 @@ import ( "encoding/base64" "encoding/json" "encoding/pem" + "errors" "fmt" "math/big" "net/http" @@ -162,7 +163,10 @@ func (i *base64int) UnmarshalJSON(b []byte) error { func generateOktaJWTPEM(pemdata string, cnf *oauth2.Config) (string, error) { blk, rest := pem.Decode([]byte(pemdata)) if rest := bytes.TrimSpace(rest); len(rest) != 0 { - return "", fmt.Errorf("PEM text has trailing data: %s", rest) + return "", fmt.Errorf("PEM text has trailing data: %d bytes", len(rest)) + } + if blk == nil { + return "", errors.New("no PEM data") } key, err := x509.ParsePKCS8PrivateKey(blk.Bytes) if err != nil { diff --git a/x-pack/filebeat/input/httpjson/config_auth.go b/x-pack/filebeat/input/httpjson/config_auth.go index 3f22e5131eb8..08367ec63c3c 100644 --- a/x-pack/filebeat/input/httpjson/config_auth.go +++ b/x-pack/filebeat/input/httpjson/config_auth.go @@ -313,7 +313,10 @@ func (o *oAuth2Config) validateOktaProvider() error { if o.OktaJWKPEM != "" { blk, rest := pem.Decode([]byte(o.OktaJWKPEM)) if rest := bytes.TrimSpace(rest); len(rest) != 0 { - return fmt.Errorf("PEM text has trailing data: %s", rest) + return fmt.Errorf("okta validation error: PEM text has trailing data: %d bytes", len(rest)) + } + if blk == nil { + return errors.New("okta validation error: no PEM data") } _, err := x509.ParsePKCS8PrivateKey(blk.Bytes) if err != nil { diff --git a/x-pack/filebeat/input/httpjson/config_okta_auth.go b/x-pack/filebeat/input/httpjson/config_okta_auth.go index 9693ef389ab9..de12d5be49e5 100644 --- a/x-pack/filebeat/input/httpjson/config_okta_auth.go +++ b/x-pack/filebeat/input/httpjson/config_okta_auth.go @@ -12,6 +12,7 @@ import ( "encoding/base64" "encoding/json" "encoding/pem" + "errors" "fmt" "math/big" "net/http" @@ -160,7 +161,10 @@ func (i *base64int) UnmarshalJSON(b []byte) error { func generateOktaJWTPEM(pemdata string, cnf *oauth2.Config) (string, error) { blk, rest := pem.Decode([]byte(pemdata)) if rest := bytes.TrimSpace(rest); len(rest) != 0 { - return "", fmt.Errorf("PEM text has trailing data: %s", rest) + return "", fmt.Errorf("PEM text has trailing data: %d bytes", len(rest)) + } + if blk == nil { + return "", errors.New("no PEM data") } key, err := x509.ParsePKCS8PrivateKey(blk.Bytes) if err != nil {