diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-02-13 12:49:45 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-13 12:49:45 +0100 |
commit | ce4df1f6d339f52a4d4cafcadef59863ee5a73c6 (patch) | |
tree | 3ea4f052f2de41066625b950f8d4c2fcc5f09f0b | |
parent | fa526bcc311ae6080905b61fb9248aca82aa4991 (diff) | |
parent | 22e2c7b92c6a9aa6aba7d632711fcd9cfb1afdfd (diff) |
Merge pull request #26007 from vespa-engine/vekterli/improve-key-version-handling
Improve key version handling
2 files changed, 14 insertions, 4 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java index 758f68d6030..7addf83c67c 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java @@ -29,11 +29,16 @@ class DecryptionTokenResealer { if (!expectedKeyName.equals(keyName)) { throw new IllegalArgumentException("Token is not generated for the expected key"); } + int keyVersion; try { - return Integer.parseUnsignedInt(components[1]); + keyVersion = Integer.parseInt(components[1]); } catch (IllegalArgumentException e) { - throw new IllegalArgumentException("Key version is not a valid unsigned integer"); + throw new IllegalArgumentException("Key version is not a valid integer"); } + if (keyVersion < 0) { + throw new IllegalArgumentException("Key version is out of range"); + } + return keyVersion; } /** diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java index cb35c85b960..a4b18a06fb8 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java @@ -282,12 +282,17 @@ public class ControllerApiTest extends ControllerContainerTest { tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", requestJsonOf(createResealingRequestData("a-really-cool-key.123asdf")), Request.Method.POST), - "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid unsigned integer\"}", + "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}", 400); tester.assertResponse( () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", requestJsonOf(createResealingRequestData("a-really-cool-key.-123")), Request.Method.POST), - "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid unsigned integer\"}", + "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is out of range\"}", + 400); + tester.assertResponse( + () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal", + requestJsonOf(createResealingRequestData("a-really-cool-key.%d".formatted((long)Integer.MAX_VALUE + 1))), Request.Method.POST), + "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}", 400); } |