From 78cef45d4e88759a95f01e00e28381847834938b Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Thu, 1 Oct 2015 15:35:49 +0200
Subject: [PATCH 1/6] Added IP Ranges support

---
 pom.xml                                       |   6 +
 .../http/auth/InetAddressWhitelist.java       | 209 ++++++++++--------
 2 files changed, 123 insertions(+), 92 deletions(-)

diff --git a/pom.xml b/pom.xml
index 12cc3dd..85ef039 100644
--- a/pom.xml
+++ b/pom.xml
@@ -55,6 +55,12 @@
       <type>test-jar</type>
     </dependency>
 
+    <dependency>
+    	<groupId>commons-net</groupId>
+    	<artifactId>commons-net</artifactId>
+    	<version>3.3</version>
+    	<scope>provided</scope>
+    </dependency>
   </dependencies>
 
   <build>
diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index dd416f2..dc65fd6 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -1,4 +1,7 @@
 package com.asquera.elasticsearch.plugins.http.auth;
+
+import org.apache.commons.net.util.SubnetUtils;
+
 import org.elasticsearch.common.logging.Loggers;
 
 import java.util.ArrayList;
@@ -12,8 +15,8 @@
 
 /**
  *
- * Wraps the configured whitelisted ips.
- * It uses a set of {@link InetAddress} internally.
+ * Wraps the configured whitelisted ips. It uses a set of {@link InetAddress}
+ * internally.
  * <p>
  *
  *
@@ -22,95 +25,117 @@
  */
 
 public class InetAddressWhitelist {
-  private Set<InetAddress> whitelist;
-  /**
-   *
-   *
-   * @param whitelist
-   */
-  public InetAddressWhitelist(Set<InetAddress> whitelist) {
-    this.whitelist = whitelist;
-  }
-
-  /**
-   *
-   *
-   * @param sWhitelist
-   *
-   */
-  public InetAddressWhitelist(String[] sWhitelist) {
-    this(toInetAddress(Arrays.asList(sWhitelist)));
-  }
-
-  /**
-   * Checks the request ip for inclusion.
-   * Since that ip comes in a {@link InetAddress} representation, it is checked
-   * against the whitelist.
-   *
-   * @param candidate
-   * @return if the ip is included in the whitelist
-   */
-  public Boolean contains(InetAddress candidate) {
-    return this.whitelist.contains(candidate);
-  }
-
-  /**
-   *
-   * Checks the xForwardedFor defined client ip for inclusion.
-   * Since that ip comes in a String representation, it is checked against
-   * the String representation of the defined whitelist.
-   *
-   * @param candidate
-   * @return if the ip is included in the String representation of the
-   * whitelist ips
-   */
-  public Boolean contains(String candidate) {
-    return getStringWhitelist().contains(candidate);
-  }
-
-  /**
-   * @return set of the string representations of the whitelist
-   */
-  Set<String> getStringWhitelist() {
-    Iterator<InetAddress> iterator = this.whitelist.iterator();
-    Set<String> set = new HashSet<String>();
-    while (iterator.hasNext()) {
-      InetAddress next = iterator.next();
-      set.add(next.getHostAddress());
-    }
-    return set;
-  }
-
-  /**
-   * when an configured InetAddress is Unkown or Invalid it is dropped from the
-   * whitelist
-   *
-   * @param  ips a list of string ips
-   * @return a list of {@link InetAddress} objects
-   *
-   */
-  static Set<InetAddress> toInetAddress(List<String> ips) {
-    List<InetAddress> listIps = new ArrayList<InetAddress>();
-    Iterator<String> iterator = ips.iterator();
-    while (iterator.hasNext()) {
-      String next = iterator.next();
-      try {
-        listIps.add(InetAddress.getByName(next));
-      } catch (UnknownHostException e) {
-        String template = "an ip set in the whitelist settings raised an " +
-          "UnknownHostException: {}, dropping it";
-        Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
-      }
-    }
-    return new HashSet<InetAddress>(listIps);
-  }
-
-  /**
-   * delegate method
-   */
-  @Override
-  public String toString() {
-    return whitelist.toString();
-  }
+	private Set<InetAddress> whitelist;
+
+	/**
+	 *
+	 *
+	 * @param whitelist
+	 */
+	public InetAddressWhitelist(Set<InetAddress> whitelist) {
+		this.whitelist = whitelist;
+	}
+
+	/**
+	 *
+	 *
+	 * @param sWhitelist
+	 *
+	 */
+	public InetAddressWhitelist(String[] sWhitelist) {
+		this(toInetAddress(Arrays.asList(sWhitelist)));
+	}
+
+	/**
+	 * Checks the request ip for inclusion. Since that ip comes in a
+	 * {@link InetAddress} representation, it is checked against the whitelist.
+	 *
+	 * @param candidate
+	 * @return if the ip is included in the whitelist
+	 */
+	public Boolean contains(InetAddress candidate) {
+		return this.whitelist.contains(candidate);
+	}
+
+	/**
+	 *
+	 * Checks the xForwardedFor defined client ip for inclusion. Since that ip
+	 * comes in a String representation, it is checked against the String
+	 * representation of the defined whitelist.
+	 *
+	 * @param candidate
+	 * @return if the ip is included in the String representation of the
+	 *         whitelist ips
+	 */
+	public Boolean contains(String candidate) {
+		return getStringWhitelist().contains(candidate);
+	}
+
+	/**
+	 * @return set of the string representations of the whitelist
+	 */
+	Set<String> getStringWhitelist() {
+		Iterator<InetAddress> iterator = this.whitelist.iterator();
+		Set<String> set = new HashSet<String>();
+		while (iterator.hasNext()) {
+			InetAddress next = iterator.next();
+			set.add(next.getHostAddress());
+		}
+		return set;
+	}
+
+	/**
+	 * when an configured InetAddress is Unkown or Invalid it is dropped from
+	 * the whitelist
+	 *
+	 * @param ips
+	 *            a list of string ips
+	 * @return a list of {@link InetAddress} objects
+	 *
+	 */
+	static Set<InetAddress> toInetAddress(List<String> ips) {
+		List<InetAddress> listIps = new ArrayList<InetAddress>();
+		Iterator<String> iterator = ips.iterator();
+		while (iterator.hasNext()) {
+			String next = iterator.next();
+			if (next == null) {
+				continue;
+			}
+
+			try {
+				if (next.contains("/")) {
+					SubnetUtils subnetUtils = new SubnetUtils(next);
+					String[] allAddressesInRange = subnetUtils.getInfo().getAllAddresses();
+					for (String addressInRange : allAddressesInRange) {
+						listIps.add(InetAddress.getByName(addressInRange));
+					}
+				} else {
+					listIps.add(InetAddress.getByName(next));
+				}
+			} catch (UnknownHostException e) {
+				String template = "an ip set in the whitelist settings raised an "
+						+ "UnknownHostException: {}, dropping it";
+				Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
+			}
+		}
+
+		try {
+			listIps.add(InetAddress.getByName("localhost"));
+		} catch (UnknownHostException e) {
+			String template = "an ip set in the whitelist settings raised an "
+					+ "UnknownHostException: {}, dropping it";
+			Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
+		}
+
+		return new HashSet<InetAddress>(listIps);
+	}
+
+	/**
+	 * delegate method
+	 */
+	@Override
+	public String toString() {
+		return whitelist.toString();
+	}
 
 }

From 1b6e1f779564110e4f14e90d2bc05478713f3ad3 Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Thu, 1 Oct 2015 17:14:32 +0200
Subject: [PATCH 2/6] Error fixed

---
 .../com/asquera/elasticsearch/plugins/http/HttpBasicServer.java | 2 +-
 .../elasticsearch/plugins/http/auth/InetAddressWhitelist.java   | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/HttpBasicServer.java b/src/main/java/com/asquera/elasticsearch/plugins/http/HttpBasicServer.java
index 2590060..1311fc9 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/HttpBasicServer.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/HttpBasicServer.java
@@ -158,7 +158,7 @@ private boolean authBasic(final HttpRequest request) {
                 String givenPass = userAndPassword[1];
                 if (this.user.equals(givenUser) && this.password.equals(givenPass))
                     return true;
-            }
+            }            
         } catch (Exception e) {
             logger.warn("Retrieving of user and password failed for " + decoded + " ," + e.getMessage());
         }
diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index dc65fd6..42745a0 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -107,6 +107,8 @@ static Set<InetAddress> toInetAddress(List<String> ips) {
 					SubnetUtils subnetUtils = new SubnetUtils(next);
 					String[] allAddressesInRange = subnetUtils.getInfo().getAllAddresses();
 					for (String addressInRange : allAddressesInRange) {
+						// Remove "/" that is in front of every address by default.
+						addressInRange = addressInRange.substring(1);
 						listIps.add(InetAddress.getByName(addressInRange));
 					}
 				} else {

From 0bbe3cacea9a09d8eead621e4c6c09c2e4a42c2e Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Thu, 1 Oct 2015 18:09:44 +0200
Subject: [PATCH 3/6] Fixed errors

---
 .../elasticsearch/plugins/http/auth/InetAddressWhitelist.java   | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index 42745a0..dc65fd6 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -107,8 +107,6 @@ static Set<InetAddress> toInetAddress(List<String> ips) {
 					SubnetUtils subnetUtils = new SubnetUtils(next);
 					String[] allAddressesInRange = subnetUtils.getInfo().getAllAddresses();
 					for (String addressInRange : allAddressesInRange) {
-						// Remove "/" that is in front of every address by default.
-						addressInRange = addressInRange.substring(1);
 						listIps.add(InetAddress.getByName(addressInRange));
 					}
 				} else {

From dc340a12923e25da3c8c347a0128099e3bd9a087 Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Fri, 2 Oct 2015 12:53:16 +0200
Subject: [PATCH 4/6] Removed changed behavior

---
 .../plugins/http/auth/InetAddressWhitelist.java           | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index dc65fd6..a4f3355 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -119,14 +119,6 @@ static Set<InetAddress> toInetAddress(List<String> ips) {
 			}
 		}
 
-		try {
-			listIps.add(InetAddress.getByName("localhost"));
-		} catch (UnknownHostException e) {
-			String template = "an ip set in the whitelist settings raised an "
-					+ "UnknownHostException: {}, dropping it";
-			Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
-		}
-
 		return new HashSet<InetAddress>(listIps);
 	}
 

From 127e81e674158921abbce702599979eea51fb5c1 Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Fri, 2 Oct 2015 12:56:58 +0200
Subject: [PATCH 5/6] Added localhost, as requested in test

---
 .../plugins/http/auth/InetAddressWhitelist.java            | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index a4f3355..b87f406 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -99,6 +99,13 @@ static Set<InetAddress> toInetAddress(List<String> ips) {
 		while (iterator.hasNext()) {
 			String next = iterator.next();
 			if (next == null) {
+				try {
+					listIps.add(InetAddress.getByName("localhost"));
+				} catch (UnknownHostException e) {
+					String template = "an ip set in the whitelist settings raised an "
+							+ "UnknownHostException: {}, dropping it";
+					Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
+				}
 				continue;
 			}
 

From b7beb180f77b584dbf6db795027bad01a9e5855f Mon Sep 17 00:00:00 2001
From: "tim.csitkovics" <tim.csitkovics@digitec.ch>
Date: Wed, 7 Oct 2015 10:11:47 +0200
Subject: [PATCH 6/6] Small refactoring

---
 .../plugins/http/auth/InetAddressWhitelist.java          | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
index b87f406..dc0e149 100644
--- a/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
+++ b/src/main/java/com/asquera/elasticsearch/plugins/http/auth/InetAddressWhitelist.java
@@ -99,14 +99,7 @@ static Set<InetAddress> toInetAddress(List<String> ips) {
 		while (iterator.hasNext()) {
 			String next = iterator.next();
 			if (next == null) {
-				try {
-					listIps.add(InetAddress.getByName("localhost"));
-				} catch (UnknownHostException e) {
-					String template = "an ip set in the whitelist settings raised an "
-							+ "UnknownHostException: {}, dropping it";
-					Loggers.getLogger(InetAddressWhitelist.class).info(template, e.getMessage());
-				}
-				continue;
+				next = "localhost";
 			}
 
 			try {