From 6fcb2178dcbd53d9da679ad6b62691b9808b9e02 Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Mon, 5 Jun 2017 15:51:56 -0700
Subject: [PATCH] Settings: Fix secure settings by prefix

This commit fixes a bug in retrieving a sub Settings object for a given
prefix with secure settings. Before this commit the returned Settings
would be filtered by the prefix, but the found setting names would not
have the prefix removed.
---
 .../common/settings/Settings.java             | 19 +++++++++++--------
 .../common/settings/SettingsTests.java        | 10 ++++++++++
 2 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/core/src/main/java/org/elasticsearch/common/settings/Settings.java b/core/src/main/java/org/elasticsearch/common/settings/Settings.java
index eea24179242d5..fc7912c88ac8c 100644
--- a/core/src/main/java/org/elasticsearch/common/settings/Settings.java
+++ b/core/src/main/java/org/elasticsearch/common/settings/Settings.java
@@ -219,7 +219,7 @@ private Object convertMapsToArrays(Map<String, Object> map) {
      */
     public Settings getByPrefix(String prefix) {
         return new Settings(new FilteredMap(this.settings, (k) -> k.startsWith(prefix), prefix), secureSettings == null ? null :
-            new PrefixedSecureSettings(secureSettings, s -> prefix + s, s -> s.startsWith(prefix)));
+            new PrefixedSecureSettings(secureSettings, prefix, s -> s.startsWith(prefix)));
     }
 
     /**
@@ -227,7 +227,7 @@ public Settings getByPrefix(String prefix) {
      */
     public Settings filter(Predicate<String> predicate) {
         return new Settings(new FilteredMap(this.settings, predicate, null), secureSettings == null ? null :
-            new PrefixedSecureSettings(secureSettings, UnaryOperator.identity(), predicate));
+            new PrefixedSecureSettings(secureSettings, "", predicate));
     }
 
     /**
@@ -1281,13 +1281,15 @@ public int size() {
 
     private static class PrefixedSecureSettings implements SecureSettings {
         private final SecureSettings delegate;
-        private final UnaryOperator<String> keyTransform;
+        private final UnaryOperator<String> addPrefix;
+        private final UnaryOperator<String> removePrefix;
         private final Predicate<String> keyPredicate;
         private final SetOnce<Set<String>> settingNames = new SetOnce<>();
 
-        PrefixedSecureSettings(SecureSettings delegate, UnaryOperator<String> keyTransform, Predicate<String> keyPredicate) {
+        PrefixedSecureSettings(SecureSettings delegate, String prefix, Predicate<String> keyPredicate) {
             this.delegate = delegate;
-            this.keyTransform = keyTransform;
+            this.addPrefix = s -> prefix + s;
+            this.removePrefix = s -> s.substring(prefix.length());
             this.keyPredicate = keyPredicate;
         }
 
@@ -1300,7 +1302,8 @@ public boolean isLoaded() {
         public Set<String> getSettingNames() {
             synchronized (settingNames) {
                 if (settingNames.get() == null) {
-                    Set<String> names = delegate.getSettingNames().stream().filter(keyPredicate).collect(Collectors.toSet());
+                    Set<String> names = delegate.getSettingNames().stream()
+                        .filter(keyPredicate).map(removePrefix).collect(Collectors.toSet());
                     settingNames.set(Collections.unmodifiableSet(names));
                 }
             }
@@ -1309,12 +1312,12 @@ public Set<String> getSettingNames() {
 
         @Override
         public SecureString getString(String setting) throws GeneralSecurityException{
-            return delegate.getString(keyTransform.apply(setting));
+            return delegate.getString(addPrefix.apply(setting));
         }
 
         @Override
         public InputStream getFile(String setting) throws GeneralSecurityException{
-            return delegate.getFile(keyTransform.apply(setting));
+            return delegate.getFile(addPrefix.apply(setting));
         }
 
         @Override
diff --git a/core/src/test/java/org/elasticsearch/common/settings/SettingsTests.java b/core/src/test/java/org/elasticsearch/common/settings/SettingsTests.java
index 80ca8cc275a41..96422d8a063f3 100644
--- a/core/src/test/java/org/elasticsearch/common/settings/SettingsTests.java
+++ b/core/src/test/java/org/elasticsearch/common/settings/SettingsTests.java
@@ -515,6 +515,16 @@ public void testPrefixMap() {
         expectThrows(NoSuchElementException.class, () -> prefixIterator.next());
     }
 
+    public void testSecureSettingsPrefix() {
+        MockSecureSettings secureSettings = new MockSecureSettings();
+        secureSettings.setString("test.prefix.foo", "somethingsecure");
+        Settings.Builder builder = Settings.builder();
+        builder.setSecureSettings(secureSettings);
+        Settings settings = builder.build();
+        Settings prefixSettings = settings.getByPrefix("test.prefix.");
+        assertTrue(prefixSettings.names().contains("foo"));
+    }
+
     public void testEmptyFilterMap() {
         Settings.Builder builder = Settings.builder();
         builder.put("a", "a1");