aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java9
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java9
2 files changed, 14 insertions, 4 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java
index 758f68d6030..7addf83c67c 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/restapi/controller/DecryptionTokenResealer.java
@@ -29,11 +29,16 @@ class DecryptionTokenResealer {
if (!expectedKeyName.equals(keyName)) {
throw new IllegalArgumentException("Token is not generated for the expected key");
}
+ int keyVersion;
try {
- return Integer.parseUnsignedInt(components[1]);
+ keyVersion = Integer.parseInt(components[1]);
} catch (IllegalArgumentException e) {
- throw new IllegalArgumentException("Key version is not a valid unsigned integer");
+ throw new IllegalArgumentException("Key version is not a valid integer");
}
+ if (keyVersion < 0) {
+ throw new IllegalArgumentException("Key version is out of range");
+ }
+ return keyVersion;
}
/**
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java
index cb35c85b960..a4b18a06fb8 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/controller/ControllerApiTest.java
@@ -282,12 +282,17 @@ public class ControllerApiTest extends ControllerContainerTest {
tester.assertResponse(
() -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal",
requestJsonOf(createResealingRequestData("a-really-cool-key.123asdf")), Request.Method.POST),
- "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid unsigned integer\"}",
+ "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}",
400);
tester.assertResponse(
() -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal",
requestJsonOf(createResealingRequestData("a-really-cool-key.-123")), Request.Method.POST),
- "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid unsigned integer\"}",
+ "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is out of range\"}",
+ 400);
+ tester.assertResponse(
+ () -> operatorRequest("http://localhost:8080/controller/v1/access/cores/reseal",
+ requestJsonOf(createResealingRequestData("a-really-cool-key.%d".formatted((long)Integer.MAX_VALUE + 1))), Request.Method.POST),
+ "{\"error-code\":\"BAD_REQUEST\",\"message\":\"Key version is not a valid integer\"}",
400);
}