From 1e24bbbf8aa7329d30b082aa4927074d65f086b6 Mon Sep 17 00:00:00 2001
From: Ryan Liang <jiallian@amazon.com>
Date: Fri, 25 Aug 2023 12:06:53 -0700
Subject: [PATCH] Fixed the exception in keyutils

Signed-off-by: Ryan Liang <jiallian@amazon.com>
---
 .../opensearch/security/http/OnBehalfOfAuthenticator.java  | 2 +-
 src/main/java/org/opensearch/security/util/KeyUtils.java   | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
index 1fcc036f19..467edd8ac4 100644
--- a/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
+++ b/src/main/java/org/opensearch/security/http/OnBehalfOfAuthenticator.java
@@ -78,7 +78,7 @@ private JwtParserBuilder initParserBuilder(final String signingKey) {
         JwtParserBuilder jwtParserBuilder = KeyUtils.createJwtParserBuilderFromSigningKey(signingKey, log);
 
         if (jwtParserBuilder == null) {
-            throw new RuntimeException("Unable to find on behalf of authenticator signing key");
+            throw new OpenSearchSecurityException("Unable to find on behalf of authenticator signing key");
         }
 
         return jwtParserBuilder;
diff --git a/src/main/java/org/opensearch/security/util/KeyUtils.java b/src/main/java/org/opensearch/security/util/KeyUtils.java
index 72d68119c7..4aebf0cb12 100644
--- a/src/main/java/org/opensearch/security/util/KeyUtils.java
+++ b/src/main/java/org/opensearch/security/util/KeyUtils.java
@@ -14,6 +14,7 @@
 import io.jsonwebtoken.JwtParserBuilder;
 import io.jsonwebtoken.Jwts;
 import org.apache.logging.log4j.Logger;
+import org.opensearch.OpenSearchSecurityException;
 import org.opensearch.SpecialPermission;
 import org.opensearch.core.common.Strings;
 
@@ -51,13 +52,13 @@ public JwtParserBuilder run() {
 
                         try {
                             key = getPublicKey(decoded, "RSA");
-                        } catch (Exception e) {
+                        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                             log.debug("No public RSA key, try other algos ({})", e.toString());
                         }
 
                         try {
                             key = getPublicKey(decoded, "EC");
-                        } catch (final Exception e) {
+                        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                             log.debug("No public ECDSA key, try other algos ({})", e.toString());
                         }
 
@@ -68,7 +69,7 @@ public JwtParserBuilder run() {
                         return Jwts.parserBuilder().setSigningKey(decoded);
                     } catch (Throwable e) {
                         log.error("Error while creating JWT authenticator", e);
-                        throw new RuntimeException(e);
+                        throw new OpenSearchSecurityException(e.toString(), e);
                     }
                 }
             }