From 02aa179db4776da847bc5d6d37d0d540b7d1f5d4 Mon Sep 17 00:00:00 2001 From: Terry Quigley Date: Thu, 18 Apr 2024 17:00:27 +0100 Subject: [PATCH] Fix Blake2b generation by passing salt correctly Signed-off-by: Terry Quigley --- .../security/configuration/MaskedField.java | 2 +- .../security/dlic/dlsfls/FieldMaskedTest.java | 26 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/opensearch/security/configuration/MaskedField.java b/src/main/java/org/opensearch/security/configuration/MaskedField.java index 8cb20ccdfe..d67ecc2783 100644 --- a/src/main/java/org/opensearch/security/configuration/MaskedField.java +++ b/src/main/java/org/opensearch/security/configuration/MaskedField.java @@ -164,7 +164,7 @@ private String customHash(String in) { } private byte[] blake2bHash(byte[] in) { - final Blake2bDigest hash = new Blake2bDigest(null, 32, null, defaultSalt); + final Blake2bDigest hash = new Blake2bDigest(null, 32, defaultSalt, null); hash.update(in, 0, in.length); final byte[] out = new byte[hash.getDigestSize()]; hash.doFinal(out, 0); diff --git a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java index e18eae5780..6f010ba87b 100644 --- a/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java +++ b/src/test/java/org/opensearch/security/dlic/dlsfls/FieldMaskedTest.java @@ -151,9 +151,9 @@ public void testMaskedAggregationsRace() throws Exception { Assert.assertTrue(res.getBody().contains("200.100")); Assert.assertTrue(res.getBody().contains("\"doc_count\" : 30")); Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1")); - Assert.assertFalse(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae")); - Assert.assertFalse(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e")); - Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertFalse(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f")); + Assert.assertFalse(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8")); + Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); Assert.assertEquals( HttpStatus.SC_OK, @@ -164,9 +164,9 @@ public void testMaskedAggregationsRace() throws Exception { Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1")); Assert.assertFalse(res.getBody().contains("100.100")); Assert.assertFalse(res.getBody().contains("200.100")); - Assert.assertTrue(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae")); - Assert.assertTrue(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e")); - Assert.assertTrue(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertTrue(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f")); + Assert.assertTrue(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8")); + Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); for (int i = 0; i < 10; i++) { Assert.assertEquals( @@ -177,9 +177,9 @@ public void testMaskedAggregationsRace() throws Exception { Assert.assertTrue(res.getBody().contains("200.100")); Assert.assertTrue(res.getBody().contains("\"doc_count\" : 30")); Assert.assertTrue(res.getBody().contains("\"doc_count\" : 1")); - Assert.assertFalse(res.getBody().contains("e1623afebfa505884e249a478640ec98094d19a72ac7a89dd0097e28955bb5ae")); - Assert.assertFalse(res.getBody().contains("26a8671e57fefc13504f8c61ced67ac98338261ace1e5bf462038b2f2caae16e")); - Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertFalse(res.getBody().contains("4805f3596e68104d71b922124a61c701798180d5511a21586d9d8d58a1fc593f")); + Assert.assertFalse(res.getBody().contains("cf2061910587994e02f446d59d61d2dbabc5a3a8aea2fa05d08ffe2a12ee8bc8")); + Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); } } @@ -201,7 +201,7 @@ public void testMaskedSearch() throws Exception { Assert.assertTrue(res.getBody().contains("cust2")); Assert.assertTrue(res.getBody().contains("100.100.1.1")); Assert.assertTrue(res.getBody().contains("100.100.2.2")); - Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); Assert.assertEquals( HttpStatus.SC_OK, @@ -213,7 +213,7 @@ public void testMaskedSearch() throws Exception { Assert.assertTrue(res.getBody().contains("cust2")); Assert.assertFalse(res.getBody().contains("100.100.1.1")); Assert.assertFalse(res.getBody().contains("100.100.2.2")); - Assert.assertTrue(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); } @@ -233,7 +233,7 @@ public void testMaskedGet() throws Exception { Assert.assertFalse(res.getBody().contains("cust2")); Assert.assertTrue(res.getBody().contains("100.100.1.1")); Assert.assertFalse(res.getBody().contains("100.100.2.2")); - Assert.assertFalse(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertFalse(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); Assert.assertEquals( HttpStatus.SC_OK, @@ -244,7 +244,7 @@ public void testMaskedGet() throws Exception { Assert.assertFalse(res.getBody().contains("cust2")); Assert.assertFalse(res.getBody().contains("100.100.1.1")); Assert.assertFalse(res.getBody().contains("100.100.2.2")); - Assert.assertTrue(res.getBody().contains("87873bdb698e5f0f60e0b02b76dad1ec11b2787c628edbc95b7ff0e82274b140")); + Assert.assertTrue(res.getBody().contains("0e3f99018654fda6757601e88d4317f1649efae79126eb62c3f8c15105ba47ac")); } }