Skip to content

Commit

Permalink
fixes RT: #6717: Walrus: anyone can access objects on Walrus by submi…
Browse files Browse the repository at this point in the history 
…tting correctly signed requests
  • Loading branch information
Neil Soman committed Mar 26, 2012
1 parent cd658c5 commit eb36703
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions clc/modules/walrus/src/main/java/com/eucalyptus/auth/login/WalrusComponentLoginModule.java
View file
Expand Up @@ -72,6 +72,8 @@

import com.eucalyptus.auth.Accounts;
import com.eucalyptus.auth.AuthException;
import com.eucalyptus.component.Partition;
import com.eucalyptus.component.Partitions;
import com.eucalyptus.component.auth.SystemCredentials;
import com.eucalyptus.auth.api.BaseLoginModule;
import com.eucalyptus.auth.principal.User;
Expand Down Expand Up @@ -105,7 +107,17 @@ public boolean authenticate( WalrusWrappedComponentCredentials credentials ) thr
} finally {
if( !valid && credentials.getCertString() != null ) {
try {
boolean found = false;
X509Certificate nodeCert = Hashes.getPemCert( Base64.decode( credentials.getCertString() ) );
for (Partition part : Partitions.list()) {
if (nodeCert.equals(part.getNodeCertificate())) {
found = true;
break;
}
}
if (!found) {
throw new AuthenticationException("Invalid certificate");
}
if(nodeCert != null) {
PublicKey publicKey = nodeCert.getPublicKey( );
sig = Signature.getInstance( "SHA1withRSA" );
Expand Down

0 comments on commit eb36703

Please sign in to comment.