OESE-50 Password from configuration files should now be encrypted for security reasons.

openesb-standalone-container/src/main/java/net/openesb/standalone/framework/KeyStoreUtil.java

@@ -0,0 +1,72 @@
+package net.openesb.standalone.framework;
+
+import net.openesb.standalone.security.utils.*;
+import java.security.KeyStoreException;
+
+/**
+ *
+ * @author David BRASSELY (brasseld at gmail.com)
+ * @author OpenESB Community
+ */
+public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
+
+    private final PasswordManagement manager;
+
+    public KeyStoreUtil() {
+        manager = new PasswordManagement();
+    }
+
+    /**
+     * Encrypts a message using a default key.
+     *
+     * @param clearText the byte array that will be encrypted
+     * @return the encrypted byte array
+     * @exception KeyStoreException if any error occurs retrieving the key to be
+     * used
+     */
+    @Override
+    public byte[] encrypt(byte[] clearText) throws KeyStoreException {
+        return manager.encrypt(clearText);
+    }
+
+    /**
+     * Decrypts a message using a default key
+     *
+     * @param cipherText the byte array with the encrypted data
+     * @return the unencrypted byte array
+     * @exception KeyStoreException if any error occurs retrieving the key to be
+     * used
+     */
+    @Override
+    public byte[] decrypt(byte[] cipherText) throws KeyStoreException {
+        return manager.decrypt(cipherText);
+    }
+
+    /**
+     * Encrypts a message using a default key. The result is a Base64-encoded
+     * string.
+     *
+     * @param clearText a String representing the message to be encrypted
+     * @return a Base64-encoded string representing the encrypted message
+     * @exception KeyStoreException if any error occurs retrieving the key to be
+     * used
+     */
+    @Override
+    public String encrypt(String clearText) throws KeyStoreException {
+        return manager.encrypt(clearText);
+    }
+
+    /**
+     * Decrypts a message using the key identified by keyName. The second
+     * argument must be a Base-64 encoded string
+     *
+     * @param base64EncodedCipherText a Base-64 Encoded string
+     * @return the decrypted message as a String
+     * @exception KeyStoreException if any error occurs retrieving the key to be
+     * used
+     */
+    @Override
+    public String decrypt(String base64EncodedCipherText) throws KeyStoreException {
+        return manager.decrypt(base64EncodedCipherText);
+    }
+}

openesb-standalone-container/src/main/java/net/openesb/standalone/framework/PlatformContext.java

@@ -35,7 +35,7 @@ public class PlatformContext implements com.sun.jbi.platform.PlatformContext {
     @Inject private Node node;
     
     private final KeyStoreUtil keyStoreUtil =
-            new net.openesb.standalone.security.utils.KeyStoreUtil();
+            new net.openesb.standalone.framework.KeyStoreUtil();
     
     private String mInstallRoot = System.getProperty(
             Constants.OPENESB_HOME_PROP);

openesb-standalone-container/src/main/java/net/openesb/standalone/security/realm/shiro/PropertiesRealmConverter.java

@@ -1,6 +1,10 @@
 package net.openesb.standalone.security.realm.shiro;
 
+import java.security.KeyStoreException;
 import net.openesb.standalone.security.realm.Realm;
+import net.openesb.standalone.security.utils.PasswordManagement;
+import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
 import org.apache.shiro.realm.text.PropertiesRealm;
 
 
@@ -15,6 +19,22 @@ public class PropertiesRealmConverter implements
     @Override
     public PropertiesRealm convert(net.openesb.standalone.security.realm.impl.PropertiesRealm realm) {
         PropertiesRealm cRealm = new PropertiesRealm();
+        cRealm.setCredentialsMatcher(new SimpleCredentialsMatcher() {
+            
+            private final PasswordManagement manager = new PasswordManagement();
+            
+            @Override
+            protected Object getCredentials(AuthenticationToken token) {
+                char [] credentials = (char []) token.getCredentials();
+                
+                try {
+                    return manager.encrypt(new String(credentials));
+                } catch (KeyStoreException ke) {
+                    return null;
+                }
+            }
+        });
+        
         cRealm.setResourcePath(realm.getPath());
         
         if (realm.isReload()) {

openesb-standalone-container/src/main/java/net/openesb/standalone/security/utils/PasswordManagement.java

@@ -12,7 +12,7 @@ import sun.misc.BASE64Encoder;
  * @author David BRASSELY (brasseld at gmail.com)
  * @author OpenESB Community
  */
-public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
+public class PasswordManagement {
 
     private final BASE64Encoder mBase64Encoder;
     private final BASE64Decoder mBase64Decoder;
@@ -20,20 +20,11 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
     private final static String encryptionKey = "A12EF89A23C6A5B7";
     private final static String IV = "A12EF89A23C6A5B7";
     
-    public KeyStoreUtil() {
+    public PasswordManagement() {
         mBase64Encoder = new BASE64Encoder();
         mBase64Decoder = new BASE64Decoder();
     }
     
-    /**
-     * Encrypts a message using a default key. 
-     *
-     * @param        clearText the byte array that will be encrypted
-     * @return       the encrypted byte array
-     * @exception    KeyStoreException if any error occurs retrieving the
-     * key to be used
-     */
-    @Override
     public byte[] encrypt(byte[] clearText) throws KeyStoreException {
         try {
             SecretKeySpec key = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
@@ -61,7 +52,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
      * @exception    KeyStoreException if any error occurs retrieving the
      * key to be used
      */
-    @Override
     public byte[] decrypt(byte[] cipherText) throws KeyStoreException {
         try {
             SecretKeySpec key = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
@@ -90,7 +80,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
      * @exception    KeyStoreException if any error occurs retrieving the
      * key to be used
      */
-    @Override
     public String encrypt(String clearText) throws KeyStoreException {
         try {
             byte[] cipherText = encrypt(clearText.getBytes());
@@ -109,7 +98,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
      * @exception    KeyStoreException if any error occurs retrieving the
      * key to be used
      */
-    @Override
     public String decrypt(String base64EncodedCipherText) throws KeyStoreException {
         try {
             byte[] clearText = decrypt(mBase64Decoder.decodeBuffer(base64EncodedCipherText));
@@ -118,4 +106,16 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
             throw new KeyStoreException(ex);
         }
     }
+    
+    public static void main(String[] args) throws Exception {
+        
+        if (args.length > 0 && !args[0].trim().isEmpty()) {
+            String clearPassword = args[0];
+            System.out.println("Generate encrypted password for <" + clearPassword +">");
+            String encryptedPassword = new PasswordManagement().encrypt(clearPassword);
+            System.out.println("Encrypted password is: " + encryptedPassword);
+        } else {
+            System.out.println("Please provide a password argument !");
+        }
+    }
 }

openesb-standalone-packaging/src/main/resources/config/mgmt-users.properties

@@ -1,3 +1,3 @@
 
 # Management users
-user.admin = admin
+user.admin = k/QoMtE5dntUkaQgU1KQ8w==