From 146d864ea9eae0288de13aa2391b4f23a84dbc25 Mon Sep 17 00:00:00 2001 From: Andrei Molotkov Date: Tue, 18 Jun 2024 09:23:32 +0000 Subject: [PATCH] Print certificate suffix in debug message --- ydb/core/security/ticket_parser_impl.h | 2 +- ydb/library/security/util.cpp | 38 +++++++++++--------------- ydb/library/security/util.h | 4 +-- 3 files changed, 19 insertions(+), 25 deletions(-) diff --git a/ydb/core/security/ticket_parser_impl.h b/ydb/core/security/ticket_parser_impl.h index 374e68ad19ab..b0100c7c28a9 100644 --- a/ydb/core/security/ticket_parser_impl.h +++ b/ydb/core/security/ticket_parser_impl.h @@ -247,7 +247,7 @@ class TTicketParserImpl : public TActorBootstrapped { return MaskTicket(Signature.AccessKeyId); } if (TokenType == TDerived::ETokenType::Certificate) { - return MaskCertificate(Ticket); + return PrintCertificateSuffix(Ticket); } return MaskTicket(Ticket); } diff --git a/ydb/library/security/util.cpp b/ydb/library/security/util.cpp index 1106213758f2..8a26102a12bc 100644 --- a/ydb/library/security/util.cpp +++ b/ydb/library/security/util.cpp @@ -7,45 +7,39 @@ namespace NKikimr { -namespace { -TString MaskString(TStringBuf str) { +TString MaskTicket(TStringBuf token) { TStringBuilder mask; - if (str.size() >= 16) { - mask << str.substr(0, 4); + if (token.size() >= 16) { + mask << token.substr(0, 4); mask << "****"; - mask << str.substr(str.size() - 4, 4); + mask << token.substr(token.size() - 4, 4); } else { mask << "****"; } mask << " ("; - mask << Sprintf("%08X", Crc32c(str.data(), str.size())); + mask << Sprintf("%08X", Crc32c(token.data(), token.size())); mask << ")"; return mask; } -} - -TString MaskTicket(TStringBuf token) { - return MaskString(token); -} TString MaskTicket(const TString& token) { return MaskTicket(TStringBuf(token)); } -TString MaskCertificate(TStringBuf certificate) { - size_t beginCertificateContent = 0; - if (size_t pos = certificate.find('\n'); pos != TStringBuf::npos) { - beginCertificateContent = pos + 1; - } - size_t endCertificateContent = beginCertificateContent; - if (size_t pos = certificate.rfind("\n-----END"); pos != TStringBuf::npos) { - endCertificateContent = pos; +TString PrintCertificateSuffix(TStringBuf certificate) { + size_t endPos = certificate.rfind("\n-----END"); + if (endPos != TStringBuf::npos && endPos > 0) { + size_t startPos = certificate.rfind("\n", endPos - 1); + if (startPos != TStringBuf::npos) { + size_t len = std::min(endPos - startPos - 1, 16UL); + return TString(certificate.substr(endPos - len, len)); + } } - return MaskString(certificate.substr(beginCertificateContent, endCertificateContent - beginCertificateContent)); + return "certificate"; } -TString MaskCertificate(const TString& token) { - return MaskCertificate(TStringBuf(token)); +TString PrintCertificateSuffix(const TString& certificate) { + return PrintCertificateSuffix(TStringBuf(certificate)); } } // namespace NKikimr diff --git a/ydb/library/security/util.h b/ydb/library/security/util.h index 0097ca968889..b7f183f8b2bd 100644 --- a/ydb/library/security/util.h +++ b/ydb/library/security/util.h @@ -7,8 +7,8 @@ namespace NKikimr { TString MaskTicket(TStringBuf token); TString MaskTicket(const TString& token); - TString MaskCertificate(const TString& certificate); - TString MaskCertificate(TStringBuf certificate); + TString PrintCertificateSuffix(const TString& certificate); + TString PrintCertificateSuffix(TStringBuf certificate); // copy-pasted from template