diff --git a/src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java b/src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java index 1b0d37ac18..7a28b44383 100644 --- a/src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java +++ b/src/main/java/org/opensearch/security/auth/http/saml/SamlFilesystemMetadataResolver.java @@ -29,16 +29,7 @@ public class SamlFilesystemMetadataResolver extends FilesystemMetadataResolver { @Override protected byte[] fetchMetadata() throws ResolverException { - try { - return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata); - } catch (Exception e) { - - if (e instanceof ResolverException) { - throw (ResolverException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(SamlFilesystemMetadataResolver.super::fetchMetadata); } private static File getMetadataFile(String filePath, Settings settings, Path configPath) { diff --git a/src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java b/src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java index bd50cb8a3e..25e6eb4b67 100644 --- a/src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java +++ b/src/main/java/org/opensearch/security/auth/http/saml/SamlHTTPMetadataResolver.java @@ -37,15 +37,7 @@ public class SamlHTTPMetadataResolver extends HTTPMetadataResolver { @Override protected byte[] fetchMetadata() throws ResolverException { - try { - return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata); - } catch (Exception e) { - if (e instanceof ResolverException) { - throw (ResolverException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(SamlHTTPMetadataResolver.super::fetchMetadata); } private static SettingsBasedSSLConfiguratorV4.SSLConfig getSSLConfig(Settings settings, Path configPath) throws Exception { diff --git a/src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java b/src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java index a37b445f05..36432d149e 100644 --- a/src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java +++ b/src/main/java/org/opensearch/security/auth/ldap/util/LdapHelper.java @@ -66,14 +66,8 @@ public static List search( return entries; }); - } catch (Exception e) { - if (e instanceof LdapException) { - throw (LdapException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } + } catch (InvalidNameException e) { + throw new RuntimeException(e); } } diff --git a/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java b/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java index 1bece600ce..feda800ff6 100755 --- a/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java +++ b/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthenticationBackend2.java @@ -87,17 +87,7 @@ public LDAPAuthenticationBackend2(final Settings settings, final Path configPath @Override public User authenticate(AuthenticationContext context) throws OpenSearchSecurityException { - try { - return AccessController.doPrivilegedChecked(() -> authenticate0(context)); - } catch (Exception e) { - if (e instanceof OpenSearchSecurityException) { - throw (OpenSearchSecurityException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(() -> authenticate0(context)); } private User authenticate0(AuthenticationContext context) throws OpenSearchSecurityException { @@ -217,19 +207,7 @@ public Optional impersonate(User user) { } private void authenticateByLdapServer(final Connection connection, final String dn, byte[] password) throws LdapException { - try { - AccessController.doPrivilegedChecked( - () -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password))) - ); - } catch (Exception e) { - if (e instanceof LdapException) { - throw (LdapException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + AccessController.doPrivilegedChecked(() -> connection.getProviderConnection().bind(new BindRequest(dn, new Credential(password)))); } private void authenticateByLdapServerWithSeparateConnection(final String dn, byte[] password) throws LdapException { diff --git a/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java b/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java index f021a1eea4..bdc69fceb3 100755 --- a/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java +++ b/src/main/java/org/opensearch/security/auth/ldap2/LDAPAuthorizationBackend2.java @@ -120,17 +120,7 @@ private static List> convertOldStyleSettingsToNewSty @Override public User addRoles(final User user, AuthenticationContext context) throws OpenSearchSecurityException { - try { - return AccessController.doPrivilegedChecked(() -> addRoles0(user, context)); - } catch (Exception e) { - if (e instanceof OpenSearchSecurityException) { - throw (OpenSearchSecurityException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(() -> addRoles0(user, context)); } private User addRoles0(final User user, AuthenticationContext context) throws OpenSearchSecurityException { diff --git a/src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java b/src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java index caae9e21f3..6ad4575196 100644 --- a/src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java +++ b/src/main/java/org/opensearch/security/auth/ldap2/MakeJava9Happy.java @@ -27,12 +27,7 @@ static ClassLoader getClassLoader() { } if (classLoader == null) { - - try { - return AccessController.doPrivilegedChecked(() -> new Java9CL()); - } catch (Exception e) { - throw new RuntimeException(e); - } + return AccessController.doPrivilegedChecked(() -> new Java9CL()); } return classLoader; diff --git a/src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java b/src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java index c83f0c707a..01c3243222 100644 --- a/src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java +++ b/src/main/java/org/opensearch/security/auth/ldap2/PrivilegedProvider.java @@ -78,17 +78,7 @@ public JndiProviderConfig getProviderConfig() { @Override public ProviderConnection create() throws LdapException { - try { - return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig())); - } catch (Exception e) { - if (e instanceof LdapException) { - throw (LdapException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(() -> new PrivilegedProviderConnection(delegate.create(), getProviderConfig())); } } @@ -103,30 +93,20 @@ public PrivilegedProviderConnection(ProviderConnection delegate, JndiProviderCon } public Response bind(BindRequest request) throws LdapException { - try { - return AccessController.doPrivilegedChecked(() -> { - if (jndiProviderConfig.getClassLoader() != null) { - ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader(); - - try { - Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader()); - return delegate.bind(request); - } finally { - Thread.currentThread().setContextClassLoader(originalClassLoader); - } - } else { + return AccessController.doPrivilegedChecked(() -> { + if (jndiProviderConfig.getClassLoader() != null) { + ClassLoader originalClassLoader = Thread.currentThread().getContextClassLoader(); + + try { + Thread.currentThread().setContextClassLoader(jndiProviderConfig.getClassLoader()); return delegate.bind(request); + } finally { + Thread.currentThread().setContextClassLoader(originalClassLoader); } - }); - } catch (Exception e) { - if (e instanceof LdapException) { - throw (LdapException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; } else { - throw new RuntimeException(e); + return delegate.bind(request); } - } + }); } public Response add(AddRequest request) throws LdapException { diff --git a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java index e569ab4ab7..f3d7fe52d8 100644 --- a/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java +++ b/src/main/java/org/opensearch/security/dlic/rest/support/Utils.java @@ -20,7 +20,6 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; -import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.core.type.TypeReference; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; @@ -149,34 +148,12 @@ public static JsonNode convertJsonToJackson(ToXContent jsonContent, boolean omit } public static byte[] jsonMapToByteArray(Map jsonAsMap) throws IOException { - - try { - return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap)); - } catch (final Exception e) { - if (e instanceof JsonProcessingException) { - throw (JsonProcessingException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(() -> internalMapper.writeValueAsBytes(jsonAsMap)); } public static Map byteArrayToMutableJsonMap(byte[] jsonBytes) throws IOException { - - try { - return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference>() { - })); - } catch (final Exception e) { - if (e instanceof IOException) { - throw (IOException) e; - } else if (e instanceof RuntimeException) { - throw (RuntimeException) e; - } else { - throw new RuntimeException(e); - } - } + return AccessController.doPrivilegedChecked(() -> internalMapper.readValue(jsonBytes, new TypeReference>() { + })); } /** diff --git a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java index a7840f6905..7c421c4803 100644 --- a/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java +++ b/src/main/java/org/opensearch/security/ssl/DefaultSecurityKeyStore.java @@ -870,24 +870,15 @@ private SslContext buildSSLServerContext( final SslProvider sslProvider, final ClientAuth authMode ) throws SSLException { + final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked( + () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode) + ); - try { - final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked( - () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_key, _cert), sslProvider, ciphers, authMode) - ); - - if (_trustedCerts != null && _trustedCerts.length > 0) { - _sslContextBuilder.trustManager(_trustedCerts); - } - - return buildSSLContext0(_sslContextBuilder); - } catch (final Exception e) { - if (e.getCause() instanceof SSLException) { - throw (SSLException) e.getCause(); - } else { - throw new RuntimeException(e); - } + if (_trustedCerts != null && _trustedCerts.length > 0) { + _sslContextBuilder.trustManager(_trustedCerts); } + + return buildSSLContext0(_sslContextBuilder); } private SslContext buildSSLServerContext( @@ -899,23 +890,15 @@ private SslContext buildSSLServerContext( final SslProvider sslProvider, final ClientAuth authMode ) throws SSLException { - try { - final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked( - () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode) - ); - - if (_trustedCerts != null) { - _sslContextBuilder.trustManager(_trustedCerts); - } + final SslContextBuilder _sslContextBuilder = AccessController.doPrivilegedChecked( + () -> configureSSLServerContextBuilder(SslContextBuilder.forServer(_cert, _key, pwd), sslProvider, ciphers, authMode) + ); - return buildSSLContext0(_sslContextBuilder); - } catch (final Exception e) { - if (e.getCause() instanceof SSLException) { - throw (SSLException) e.getCause(); - } else { - throw new RuntimeException(e); - } + if (_trustedCerts != null) { + _sslContextBuilder.trustManager(_trustedCerts); } + + return buildSSLContext0(_sslContextBuilder); } private SslContextBuilder configureSSLServerContextBuilder( diff --git a/src/main/java/org/opensearch/security/ssl/SslConfiguration.java b/src/main/java/org/opensearch/security/ssl/SslConfiguration.java index d5f7d03ac0..ad5f835f53 100644 --- a/src/main/java/org/opensearch/security/ssl/SslConfiguration.java +++ b/src/main/java/org/opensearch/security/ssl/SslConfiguration.java @@ -19,6 +19,7 @@ import java.util.stream.Stream; import java.util.stream.StreamSupport; import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLException; import javax.net.ssl.TrustManagerFactory; import javax.security.auth.x500.X500Principal; @@ -117,7 +118,7 @@ SslContext buildServerSslContext(final boolean validateCertificates) { .trustManager(trustStoreConfiguration.createTrustManagerFactory(validateCertificates, issuerDns)) .build(); }); - } catch (Exception e) { + } catch (SSLException e) { throw new OpenSearchException("Failed to build server SSL context", e); } }