Fixed the exception in keyutils

RyanL1997 · RyanL1997 · commit 1e24bbbf8aa7 · 2023-08-25T12:06:53.000-07:00
Signed-off-by: Ryan Liang &lt;jiallian@amazon.com&gt;
diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
@@ -78,7 +78,7 @@ private JwtParserBuilder initParserBuilder(final String signingKey) {
         JwtParserBuilder jwtParserBuilder = KeyUtils.createJwtParserBuilderFromSigningKey(signingKey, log);
 
         if (jwtParserBuilder == null) {
-            throw new RuntimeException("Unable to find on behalf of authenticator signing key");
+            throw new OpenSearchSecurityException("Unable to find on behalf of authenticator signing key");
         }
 
         return jwtParserBuilder;
diff --git a/src/main/java/org/opensearch/security/util/KeyUtils.java b/src/main/java/org/opensearch/security/util/KeyUtils.java
@@ -14,6 +14,7 @@
 import io.jsonwebtoken.JwtParserBuilder;
 import io.jsonwebtoken.Jwts;
 import org.apache.logging.log4j.Logger;
+import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.SpecialPermission;
 import org.opensearch.core.common.Strings;
 
@@ -51,13 +52,13 @@ public JwtParserBuilder run() {
 
                         try {
                             key = getPublicKey(decoded, "RSA");
-                        } catch (Exception e) {
+                        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                             log.debug("No public RSA key, try other algos ({})", e.toString());
                         }
 
                         try {
                             key = getPublicKey(decoded, "EC");
-                        } catch (final Exception e) {
+                        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                             log.debug("No public ECDSA key, try other algos ({})", e.toString());
                         }
 
@@ -68,7 +69,7 @@ public JwtParserBuilder run() {
                         return Jwts.parserBuilder().setSigningKey(decoded);
                     } catch (Throwable e) {
                         log.error("Error while creating JWT authenticator", e);
-                        throw new RuntimeException(e);
+                        throw new OpenSearchSecurityException(e.toString(), e);
                     }
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ private JwtParserBuilder initParserBuilder(final String signingKey) {`
`78`	`78`	`JwtParserBuilder jwtParserBuilder = KeyUtils.createJwtParserBuilderFromSigningKey(signingKey, log);`
`79`	`79`
`80`	`80`	`if (jwtParserBuilder == null) {`
`81`		`- throw new RuntimeException("Unable to find on behalf of authenticator signing key");`
	`81`	`+ throw new OpenSearchSecurityException("Unable to find on behalf of authenticator signing key");`
`82`	`82`	`}`
`83`	`83`
`84`	`84`	`return jwtParserBuilder;`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`	`import io.jsonwebtoken.JwtParserBuilder;`
`15`	`15`	`import io.jsonwebtoken.Jwts;`
`16`	`16`	`import org.apache.logging.log4j.Logger;`
	`17`	`+import org.opensearch.OpenSearchSecurityException;`
`17`	`18`	`import org.opensearch.SpecialPermission;`
`18`	`19`	`import org.opensearch.core.common.Strings;`
`19`	`20`
`@@ -51,13 +52,13 @@ public JwtParserBuilder run() {`
`51`	`52`
`52`	`53`	`try {`
`53`	`54`	`key = getPublicKey(decoded, "RSA");`
`54`		`- } catch (Exception e) {`
	`55`	`+ } catch (NoSuchAlgorithmException \| InvalidKeySpecException e) {`
`55`	`56`	`log.debug("No public RSA key, try other algos ({})", e.toString());`
`56`	`57`	`}`
`57`	`58`
`58`	`59`	`try {`
`59`	`60`	`key = getPublicKey(decoded, "EC");`
`60`		`- } catch (final Exception e) {`
	`61`	`+ } catch (NoSuchAlgorithmException \| InvalidKeySpecException e) {`
`61`	`62`	`log.debug("No public ECDSA key, try other algos ({})", e.toString());`
`62`	`63`	`}`
`63`	`64`
`@@ -68,7 +69,7 @@ public JwtParserBuilder run() {`
`68`	`69`	`return Jwts.parserBuilder().setSigningKey(decoded);`
`69`	`70`	`} catch (Throwable e) {`
`70`	`71`	`log.error("Error while creating JWT authenticator", e);`
`71`		`- throw new RuntimeException(e);`
	`72`	`+ throw new OpenSearchSecurityException(e.toString(), e);`
`72`	`73`	`}`
`73`	`74`	`}`
`74`	`75`	`}`