Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use readFully() to read exactly the number of bytes we expect from the Stream #28515

Merged
merged 16 commits into from
May 4, 2018
Merged
Changes from 2 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@
package org.elasticsearch.common.settings;

import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
Expand Down Expand Up @@ -333,10 +331,9 @@ public void decrypt(char[] password) throws GeneralSecurityException, IOExceptio
}

Cipher cipher = createCipher(Cipher.DECRYPT_MODE, password, salt, iv);
try (ByteArrayInputStream bytesStream = new ByteArrayInputStream(encryptedBytes);
CipherInputStream cipherStream = new CipherInputStream(bytesStream, cipher);
DataInputStream input = new DataInputStream(cipherStream)) {

byte decryptedBytes[] = cipher.doFinal(encryptedBytes);
try (ByteArrayInputStream bytesStream = new ByteArrayInputStream(decryptedBytes);
DataInputStream input = new DataInputStream(bytesStream)) {
entries.set(new HashMap<>());
int numEntries = input.readInt();
while (numEntries-- > 0) {
Expand All @@ -349,18 +346,18 @@ public void decrypt(char[] password) throws GeneralSecurityException, IOExceptio
}
entries.get().put(setting, new Entry(entryType, entryBytes));
}
} finally {
Arrays.fill(decryptedBytes, (byte) 0);
}
}

/** Encrypt the keystore entries and return the encrypted data. */
private byte[] encrypt(char[] password, byte[] salt, byte[] iv) throws GeneralSecurityException, IOException {
assert isLoaded();

ByteArrayOutputStream bytes = new ByteArrayOutputStream();
Cipher cipher = createCipher(Cipher.ENCRYPT_MODE, password, salt, iv);
try (CipherOutputStream cipherStream = new CipherOutputStream(bytes, cipher);
DataOutputStream output = new DataOutputStream(cipherStream)) {

ByteArrayOutputStream bytes = new ByteArrayOutputStream();
try (DataOutputStream output = new DataOutputStream(bytes)) {
output.writeInt(entries.get().size());
for (Map.Entry<String, Entry> mapEntry : entries.get().entrySet()) {
output.writeUTF(mapEntry.getKey());
Expand All @@ -369,9 +366,12 @@ private byte[] encrypt(char[] password, byte[] salt, byte[] iv) throws GeneralSe
output.writeInt(entry.bytes.length);
output.write(entry.bytes);
}
return cipher.doFinal(bytes.toByteArray());
} finally {
final int bufferSize = bytes.size();
bytes.reset();
bytes.write(new byte[bufferSize]);
}

return bytes.toByteArray();
}

private void decryptLegacyEntries() throws GeneralSecurityException, IOException {
Expand Down