From 78e5df412f783fb2356a6cd76dbe304d7c3d2c0c Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Wed, 11 Sep 2019 09:53:52 -0700 Subject: [PATCH] Add more meaningful keystore version mismatch errors (#46291) This commit changes the version bounds of keystore reading to give better error messages when a user has a too new or too old format. relates #44624 --- .../common/settings/KeyStoreWrapper.java | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java b/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java index 44bcd24981862..db37892265507 100644 --- a/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java +++ b/server/src/main/java/org/elasticsearch/common/settings/KeyStoreWrapper.java @@ -20,6 +20,8 @@ package org.elasticsearch.common.settings; import org.apache.lucene.codecs.CodecUtil; +import org.apache.lucene.index.IndexFormatTooNewException; +import org.apache.lucene.index.IndexFormatTooOldException; import org.apache.lucene.store.BufferedChecksumIndexInput; import org.apache.lucene.store.ChecksumIndexInput; import org.apache.lucene.store.IOContext; @@ -40,7 +42,6 @@ import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; - import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.DataInputStream; @@ -217,7 +218,16 @@ public static KeyStoreWrapper load(Path configDir) throws IOException { SimpleFSDirectory directory = new SimpleFSDirectory(configDir); try (IndexInput indexInput = directory.openInput(KEYSTORE_FILENAME, IOContext.READONCE)) { ChecksumIndexInput input = new BufferedChecksumIndexInput(indexInput); - int formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION); + final int formatVersion; + try { + formatVersion = CodecUtil.checkHeader(input, KEYSTORE_FILENAME, MIN_FORMAT_VERSION, FORMAT_VERSION); + } catch (IndexFormatTooOldException e) { + throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too old. " + + "You should delete and recreate it in order to upgrade.", e); + } catch (IndexFormatTooNewException e) { + throw new IllegalStateException("The Elasticsearch keystore [" + keystoreFile + "] format is too new. " + + "Are you trying to downgrade? You should delete and recreate it in order to downgrade.", e); + } byte hasPasswordByte = input.readByte(); boolean hasPassword = hasPasswordByte == 1; if (hasPassword == false && hasPasswordByte != 0) {