search

opensearch-project / security

πŸ” Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields
https://opensearch.org/docs/latest/security-plugin/index/
Apache License 2.0
191 stars 273 forks source link

[Backport 2.x] Replace BouncyCastle's OpenBSDBCrypt use with password4j for password hashing and verification #4428

Closed dancristiancecoi closed 3 months ago

dancristiancecoi commented 3 months ago

Manual backport https://github.com/opensearch-project/security/commit/20c524ad994a9cc7d8757999f92f6d2fec6cb8ca from https://github.com/opensearch-project/security/pull/4381.

Auto-merge failed due to slight differences in code between 2.x and main branches.

codecov[bot] commented 3 months ago

Codecov Report

Attention: Patch coverage is 88.67925% with 6 lines in your changes missing coverage. Please review.

Project coverage is 65.37%. Comparing base (932bf72) to head (0039083).

Additional details and impacted files [![Impacted file tree graph](https://app.codecov.io/gh/opensearch-project/security/pull/4428/graphs/tree.svg?width=650&height=150&src=pr&token=rBpySfQXMt&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) ```diff @@ Coverage Diff @@ ## 2.x #4428 +/- ## ========================================== + Coverage 65.36% 65.37% +0.01% ========================================== Files 309 310 +1 Lines 21839 21866 +27 Branches 3547 3550 +3 ========================================== + Hits 14275 14295 +20 - Misses 5802 5803 +1 - Partials 1762 1768 +6 ``` | [Files](https://app.codecov.io/gh/opensearch-project/security/pull/4428?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | Coverage Ξ” | | |---|---|---| | [.../opensearch/security/OpenSearchSecurityPlugin.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2FOpenSearchSecurityPlugin.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9PcGVuU2VhcmNoU2VjdXJpdHlQbHVnaW4uamF2YQ==) | `84.35% <100.00%> (+0.04%)` | :arrow_up: | | [...y/auth/internal/InternalAuthenticationBackend.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fauth%2Finternal%2FInternalAuthenticationBackend.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9hdXRoL2ludGVybmFsL0ludGVybmFsQXV0aGVudGljYXRpb25CYWNrZW5kLmphdmE=) | `72.30% <100.00%> (+0.87%)` | :arrow_up: | | [...security/dlic/rest/api/InternalUsersApiAction.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fdlic%2Frest%2Fapi%2FInternalUsersApiAction.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9kbGljL3Jlc3QvYXBpL0ludGVybmFsVXNlcnNBcGlBY3Rpb24uamF2YQ==) | `81.57% <100.00%> (+0.16%)` | :arrow_up: | | [...security/dlic/rest/api/SecurityRestApiActions.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fdlic%2Frest%2Fapi%2FSecurityRestApiActions.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9kbGljL3Jlc3QvYXBpL1NlY3VyaXR5UmVzdEFwaUFjdGlvbnMuamF2YQ==) | `80.00% <ΓΈ> (ΓΈ)` | | | [...g/opensearch/security/dlic/rest/support/Utils.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fdlic%2Frest%2Fsupport%2FUtils.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9kbGljL3Jlc3Qvc3VwcG9ydC9VdGlscy5qYXZh) | `60.52% <ΓΈ> (-2.89%)` | :arrow_down: | | [...ch/security/securityconf/DynamicConfigFactory.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fsecurityconf%2FDynamicConfigFactory.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9zZWN1cml0eWNvbmYvRHluYW1pY0NvbmZpZ0ZhY3RvcnkuamF2YQ==) | `54.85% <100.00%> (ΓΈ)` | | | [...ain/java/org/opensearch/security/tools/Hasher.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Ftools%2FHasher.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS90b29scy9IYXNoZXIuamF2YQ==) | `6.06% <100.00%> (-10.16%)` | :arrow_down: | | [...y/tools/democonfig/SecuritySettingsConfigurer.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Ftools%2Fdemoconfig%2FSecuritySettingsConfigurer.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS90b29scy9kZW1vY29uZmlnL1NlY3VyaXR5U2V0dGluZ3NDb25maWd1cmVyLmphdmE=) | `76.71% <100.00%> (+0.32%)` | :arrow_up: | | [...earch/security/dlic/rest/api/AccountApiAction.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fdlic%2Frest%2Fapi%2FAccountApiAction.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS9kbGljL3Jlc3QvYXBpL0FjY291bnRBcGlBY3Rpb24uamF2YQ==) | `60.56% <66.66%> (+0.56%)` | :arrow_up: | | [...java/org/opensearch/security/user/UserService.java](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Forg%2Fopensearch%2Fsecurity%2Fuser%2FUserService.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project#diff-c3JjL21haW4vamF2YS9vcmcvb3BlbnNlYXJjaC9zZWN1cml0eS91c2VyL1VzZXJTZXJ2aWNlLmphdmE=) | `57.03% <80.00%> (+0.32%)` | :arrow_up: | | ... and [1 more](https://app.codecov.io/gh/opensearch-project/security/pull/4428?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project) | | ... and [3 files with indirect coverage changes](https://app.codecov.io/gh/opensearch-project/security/pull/4428/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=opensearch-project)