Skip to content
Browse files

fixes RT: #6717: Walrus: anyone can access objects on Walrus by submi…

…tting correctly signed requests
  • Loading branch information...
2 parents a3d2b46 + eb36703 commit 854ac92f6e15a00524729bef9af89f95cf34528d Neil Soman committed Mar 27, 2012
View
12 clc/modules/walrus/src/main/java/com/eucalyptus/auth/login/WalrusComponentLoginModule.java
@@ -72,6 +72,8 @@
import com.eucalyptus.auth.Accounts;
import com.eucalyptus.auth.AuthException;
+import com.eucalyptus.component.Partition;
+import com.eucalyptus.component.Partitions;
import com.eucalyptus.component.auth.SystemCredentials;
import com.eucalyptus.auth.api.BaseLoginModule;
import com.eucalyptus.auth.principal.User;
@@ -105,7 +107,17 @@ public boolean authenticate( WalrusWrappedComponentCredentials credentials ) thr
} finally {
if( !valid && credentials.getCertString() != null ) {
try {
+ boolean found = false;
X509Certificate nodeCert = Hashes.getPemCert( Base64.decode( credentials.getCertString() ) );
+ for (Partition part : Partitions.list()) {
+ if (nodeCert.equals(part.getNodeCertificate())) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ throw new AuthenticationException("Invalid certificate");
+ }
if(nodeCert != null) {
PublicKey publicKey = nodeCert.getPublicKey( );
sig = Signature.getInstance( "SHA1withRSA" );

0 comments on commit 854ac92

Please sign in to comment.
Something went wrong with that request. Please try again.