Skip to content

Commit

Permalink
Add more meaningful keystore version mismatch errors (#46291)
Browse files Browse the repository at this point in the history
This commit changes the version bounds of keystore reading to give
better error messages when a user has a too new or too old format.

relates #44624
  • Loading branch information
rjernst authored Sep 11, 2019
1 parent f907b60 commit 78e5df4
Showing 1 changed file with 12 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@
package org.elasticsearch.common.settings;

import org.apache.lucene.codecs.CodecUtil;
import org.apache.lucene.index.IndexFormatTooNewException;
import org.apache.lucene.index.IndexFormatTooOldException;
import org.apache.lucene.store.BufferedChecksumIndexInput;
import org.apache.lucene.store.ChecksumIndexInput;
import org.apache.lucene.store.IOContext;
Expand All @@ -40,7 +42,6 @@
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.DataInputStream;
Expand Down Expand Up @@ -217,7 +218,16 @@ public static KeyStoreWrapper load(Path configDir) throws IOException {
SimpleFSDirectory directory = new SimpleFSDirectory(configDir);
try (IndexInput indexInput = directory.openInput(KEYSTORE_FILENAME, IOContext.READONCE)) {
ChecksumIndexInput input = new BufferedChecksumIndexInput(indexInput);
int formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION);
final int formatVersion;
try {
formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION);
} catch (IndexFormatTooOldException e) {
throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too old. " +
"You should delete and recreate it in order to upgrade.", e);
} catch (IndexFormatTooNewException e) {
throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too new. " +
"Are you trying to downgrade? You should delete and recreate it in order to downgrade.", e);
}
byte hasPasswordByte = input.readByte();
boolean hasPassword = hasPasswordByte == 1;
if (hasPassword == false && hasPasswordByte != 0) {
Expand Down

0 comments on commit 78e5df4

Please sign in to comment.