Permalink
Browse files

fixes RT: #6717: Walrus: anyone can access objects on Walrus by submi…

…tting correctly signed requests
  • Loading branch information...
1 parent cd658c5 commit eb36703c0ba7225de03e15885d5ca12a3f917734 Neil Soman committed Mar 26, 2012
@@ -72,6 +72,8 @@
import com.eucalyptus.auth.Accounts;
import com.eucalyptus.auth.AuthException;
+import com.eucalyptus.component.Partition;
+import com.eucalyptus.component.Partitions;
import com.eucalyptus.component.auth.SystemCredentials;
import com.eucalyptus.auth.api.BaseLoginModule;
import com.eucalyptus.auth.principal.User;
@@ -105,7 +107,17 @@ public boolean authenticate( WalrusWrappedComponentCredentials credentials ) thr
} finally {
if( !valid && credentials.getCertString() != null ) {
try {
+ boolean found = false;
X509Certificate nodeCert = Hashes.getPemCert( Base64.decode( credentials.getCertString() ) );
+ for (Partition part : Partitions.list()) {
+ if (nodeCert.equals(part.getNodeCertificate())) {
+ found = true;
+ break;
+ }
+ }
+ if (!found) {
+ throw new AuthenticationException("Invalid certificate");
+ }
if(nodeCert != null) {
PublicKey publicKey = nodeCert.getPublicKey( );
sig = Signature.getInstance( "SHA1withRSA" );

0 comments on commit eb36703

Please sign in to comment.