diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/NotEntitledException.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/NotEntitledException.java index daccd198ab922..8366bd7448544 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/NotEntitledException.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/api/NotEntitledException.java @@ -9,12 +9,10 @@ package org.elasticsearch.entitlement.runtime.api; -public class NotEntitledException extends SecurityException { +import java.security.AccessControlException; + +public class NotEntitledException extends AccessControlException { public NotEntitledException(String message) { super(message); } - - public NotEntitledException(String message, Throwable cause) { - super(message, cause); - } } diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemKeyConfig.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemKeyConfig.java index b1ddb89cdee7c..069f042521902 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemKeyConfig.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemKeyConfig.java @@ -10,11 +10,9 @@ package org.elasticsearch.common.ssl; import org.elasticsearch.core.Tuple; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; import java.io.IOException; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.PrivateKey; @@ -126,10 +124,8 @@ private PrivateKey getPrivateKey(Path path) { throw new SslConfigException("could not load ssl private key file [" + path + "]"); } return privateKey; - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure(KEY_FILE_TYPE, List.of(path), e, configBasePath); - } catch (NotEntitledException e) { - throw SslFileUtil.notEntitledFailure(KEY_FILE_TYPE, List.of(path), e, configBasePath); } catch (IOException e) { throw SslFileUtil.ioException(KEY_FILE_TYPE, List.of(path), e); } catch (GeneralSecurityException e) { @@ -140,7 +136,7 @@ private PrivateKey getPrivateKey(Path path) { private List getCertificates(Path path) { try { return PemUtils.readCertificates(Collections.singleton(path)); - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure(CERT_FILE_TYPE, List.of(path), e, configBasePath); } catch (IOException e) { throw SslFileUtil.ioException(CERT_FILE_TYPE, List.of(path), e); diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemTrustConfig.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemTrustConfig.java index 04ea83ce6fa11..16aa02ef694d8 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemTrustConfig.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemTrustConfig.java @@ -9,12 +9,9 @@ package org.elasticsearch.common.ssl; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; - import java.io.IOException; import java.io.InputStream; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.cert.Certificate; @@ -99,10 +96,8 @@ private Path resolveFile(String other) { private List readCertificates(List paths) { try { return PemUtils.readCertificates(paths); - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure(CA_FILE_TYPE, paths, e, basePath); - } catch (NotEntitledException e) { - throw SslFileUtil.notEntitledFailure(CA_FILE_TYPE, paths, e, basePath); } catch (IOException e) { throw SslFileUtil.ioException(CA_FILE_TYPE, paths, e); } catch (GeneralSecurityException e) { diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java index bb9c8d69513ba..8b11356d26fcd 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/PemUtils.java @@ -10,7 +10,6 @@ package org.elasticsearch.common.ssl; import org.elasticsearch.core.CharArrays; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; import java.io.BufferedReader; import java.io.IOException; @@ -19,7 +18,6 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.AlgorithmParameters; import java.security.GeneralSecurityException; import java.security.KeyFactory; @@ -111,10 +109,8 @@ public static PrivateKey readPrivateKey(Path path, Supplier passwordSupp throw new SslConfigException("could not load ssl private key file [" + path + "]"); } return privateKey; - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure("PEM private key", List.of(path), e, null); - } catch (NotEntitledException e) { - throw SslFileUtil.notEntitledFailure("PEM private key", List.of(path), e, null); } catch (IOException e) { throw SslFileUtil.ioException("PEM private key", List.of(path), e); } catch (GeneralSecurityException e) { diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslFileUtil.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslFileUtil.java index e94ef627ec36f..e715b86d6cfb5 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslFileUtil.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/SslFileUtil.java @@ -16,7 +16,6 @@ import java.nio.file.AccessDeniedException; import java.nio.file.NoSuchFileException; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.GeneralSecurityException; import java.security.UnrecoverableKeyException; import java.util.List; @@ -84,7 +83,7 @@ static SslConfigException notEntitledFailure(String fileType, List paths, return innerAccessControlFailure(fileType, paths, cause, basePath); } - static SslConfigException accessControlFailure(String fileType, List paths, AccessControlException cause, Path basePath) { + static SslConfigException accessControlFailure(String fileType, List paths, SecurityException cause, Path basePath) { return innerAccessControlFailure(fileType, paths, cause, basePath); } diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java index af400d5dce6f1..d1583297599d4 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreKeyConfig.java @@ -11,11 +11,9 @@ import org.elasticsearch.core.Nullable; import org.elasticsearch.core.Tuple; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; import java.io.IOException; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.KeyStoreException; @@ -167,10 +165,8 @@ private KeyStore processKeyStore(KeyStore keyStore) { private KeyStore readKeyStore(Path path) { try { return KeyStoreUtil.readKeyStore(path, type, storePassword); - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure("[" + type + "] keystore", List.of(path), e, configBasePath); - } catch (NotEntitledException e) { - throw SslFileUtil.notEntitledFailure("[" + type + "] keystore", List.of(path), e, configBasePath); } catch (IOException e) { throw SslFileUtil.ioException("[" + type + "] keystore", List.of(path), e); } catch (GeneralSecurityException e) { diff --git a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java index 16c57f7dfc821..52850ba6a0030 100644 --- a/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java +++ b/libs/ssl-config/src/main/java/org/elasticsearch/common/ssl/StoreTrustConfig.java @@ -9,11 +9,8 @@ package org.elasticsearch.common.ssl; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; - import java.io.IOException; import java.nio.file.Path; -import java.security.AccessControlException; import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.cert.X509Certificate; @@ -95,10 +92,8 @@ public X509ExtendedTrustManager createTrustManager() { private KeyStore readKeyStore(Path path) { try { return KeyStoreUtil.readKeyStore(path, type, password); - } catch (AccessControlException e) { + } catch (SecurityException e) { throw SslFileUtil.accessControlFailure(fileTypeForException(), List.of(path), e, configBasePath); - } catch (NotEntitledException e) { - throw SslFileUtil.notEntitledFailure(fileTypeForException(), List.of(path), e, configBasePath); } catch (IOException e) { throw SslFileUtil.ioException(fileTypeForException(), List.of(path), e, getAdditionalErrorDetails()); } catch (GeneralSecurityException e) { diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.java index 8d77852c88ac8..e75fe0ab26f35 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfigurationReloader.java @@ -12,7 +12,6 @@ import org.elasticsearch.action.support.PlainActionFuture; import org.elasticsearch.common.ssl.SslConfiguration; import org.elasticsearch.core.TimeValue; -import org.elasticsearch.entitlement.runtime.api.NotEntitledException; import org.elasticsearch.watcher.FileChangesListener; import org.elasticsearch.watcher.FileWatcher; import org.elasticsearch.watcher.ResourceWatcherService; @@ -20,7 +19,6 @@ import java.io.IOException; import java.nio.file.Path; -import java.security.AccessControlException; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; @@ -110,7 +108,7 @@ private static void startWatching( fileWatcher.addListener(changeListener); try { resourceWatcherService.add(fileWatcher, Frequency.HIGH); - } catch (IOException | AccessControlException | NotEntitledException e) { + } catch (IOException | SecurityException e) { logger.error("failed to start watching directory [{}] for ssl configurations [{}] - {}", path, configurations, e); } });