OESE-50 Password from configuration files should now be encrypted for security reasons.
parent
a492e9d891
commit
c82bac4df9
|
@ -0,0 +1,72 @@
|
|||
package net.openesb.standalone.framework;
|
||||
|
||||
import net.openesb.standalone.security.utils.*;
|
||||
import java.security.KeyStoreException;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author David BRASSELY (brasseld at gmail.com)
|
||||
* @author OpenESB Community
|
||||
*/
|
||||
public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
||||
|
||||
private final PasswordManagement manager;
|
||||
|
||||
public KeyStoreUtil() {
|
||||
manager = new PasswordManagement();
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a message using a default key.
|
||||
*
|
||||
* @param clearText the byte array that will be encrypted
|
||||
* @return the encrypted byte array
|
||||
* @exception KeyStoreException if any error occurs retrieving the key to be
|
||||
* used
|
||||
*/
|
||||
@Override
|
||||
public byte[] encrypt(byte[] clearText) throws KeyStoreException {
|
||||
return manager.encrypt(clearText);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypts a message using a default key
|
||||
*
|
||||
* @param cipherText the byte array with the encrypted data
|
||||
* @return the unencrypted byte array
|
||||
* @exception KeyStoreException if any error occurs retrieving the key to be
|
||||
* used
|
||||
*/
|
||||
@Override
|
||||
public byte[] decrypt(byte[] cipherText) throws KeyStoreException {
|
||||
return manager.decrypt(cipherText);
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a message using a default key. The result is a Base64-encoded
|
||||
* string.
|
||||
*
|
||||
* @param clearText a String representing the message to be encrypted
|
||||
* @return a Base64-encoded string representing the encrypted message
|
||||
* @exception KeyStoreException if any error occurs retrieving the key to be
|
||||
* used
|
||||
*/
|
||||
@Override
|
||||
public String encrypt(String clearText) throws KeyStoreException {
|
||||
return manager.encrypt(clearText);
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypts a message using the key identified by keyName. The second
|
||||
* argument must be a Base-64 encoded string
|
||||
*
|
||||
* @param base64EncodedCipherText a Base-64 Encoded string
|
||||
* @return the decrypted message as a String
|
||||
* @exception KeyStoreException if any error occurs retrieving the key to be
|
||||
* used
|
||||
*/
|
||||
@Override
|
||||
public String decrypt(String base64EncodedCipherText) throws KeyStoreException {
|
||||
return manager.decrypt(base64EncodedCipherText);
|
||||
}
|
||||
}
|
|
@ -35,7 +35,7 @@ public class PlatformContext implements com.sun.jbi.platform.PlatformContext {
|
|||
@Inject private Node node;
|
||||
|
||||
private final KeyStoreUtil keyStoreUtil =
|
||||
new net.openesb.standalone.security.utils.KeyStoreUtil();
|
||||
new net.openesb.standalone.framework.KeyStoreUtil();
|
||||
|
||||
private String mInstallRoot = System.getProperty(
|
||||
Constants.OPENESB_HOME_PROP);
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
package net.openesb.standalone.security.realm.shiro;
|
||||
|
||||
import java.security.KeyStoreException;
|
||||
import net.openesb.standalone.security.realm.Realm;
|
||||
import net.openesb.standalone.security.utils.PasswordManagement;
|
||||
import org.apache.shiro.authc.AuthenticationToken;
|
||||
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
|
||||
import org.apache.shiro.realm.text.PropertiesRealm;
|
||||
|
||||
|
||||
|
@ -15,6 +19,22 @@ public class PropertiesRealmConverter implements
|
|||
@Override
|
||||
public PropertiesRealm convert(net.openesb.standalone.security.realm.impl.PropertiesRealm realm) {
|
||||
PropertiesRealm cRealm = new PropertiesRealm();
|
||||
cRealm.setCredentialsMatcher(new SimpleCredentialsMatcher() {
|
||||
|
||||
private final PasswordManagement manager = new PasswordManagement();
|
||||
|
||||
@Override
|
||||
protected Object getCredentials(AuthenticationToken token) {
|
||||
char [] credentials = (char []) token.getCredentials();
|
||||
|
||||
try {
|
||||
return manager.encrypt(new String(credentials));
|
||||
} catch (KeyStoreException ke) {
|
||||
return null;
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
cRealm.setResourcePath(realm.getPath());
|
||||
|
||||
if (realm.isReload()) {
|
||||
|
|
|
@ -12,7 +12,7 @@ import sun.misc.BASE64Encoder;
|
|||
* @author David BRASSELY (brasseld at gmail.com)
|
||||
* @author OpenESB Community
|
||||
*/
|
||||
public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
||||
public class PasswordManagement {
|
||||
|
||||
private final BASE64Encoder mBase64Encoder;
|
||||
private final BASE64Decoder mBase64Decoder;
|
||||
|
@ -20,20 +20,11 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
|||
private final static String encryptionKey = "A12EF89A23C6A5B7";
|
||||
private final static String IV = "A12EF89A23C6A5B7";
|
||||
|
||||
public KeyStoreUtil() {
|
||||
public PasswordManagement() {
|
||||
mBase64Encoder = new BASE64Encoder();
|
||||
mBase64Decoder = new BASE64Decoder();
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypts a message using a default key.
|
||||
*
|
||||
* @param clearText the byte array that will be encrypted
|
||||
* @return the encrypted byte array
|
||||
* @exception KeyStoreException if any error occurs retrieving the
|
||||
* key to be used
|
||||
*/
|
||||
@Override
|
||||
public byte[] encrypt(byte[] clearText) throws KeyStoreException {
|
||||
try {
|
||||
SecretKeySpec key = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
|
||||
|
@ -61,7 +52,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
|||
* @exception KeyStoreException if any error occurs retrieving the
|
||||
* key to be used
|
||||
*/
|
||||
@Override
|
||||
public byte[] decrypt(byte[] cipherText) throws KeyStoreException {
|
||||
try {
|
||||
SecretKeySpec key = new SecretKeySpec(encryptionKey.getBytes("UTF-8"), "AES");
|
||||
|
@ -90,7 +80,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
|||
* @exception KeyStoreException if any error occurs retrieving the
|
||||
* key to be used
|
||||
*/
|
||||
@Override
|
||||
public String encrypt(String clearText) throws KeyStoreException {
|
||||
try {
|
||||
byte[] cipherText = encrypt(clearText.getBytes());
|
||||
|
@ -109,7 +98,6 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
|||
* @exception KeyStoreException if any error occurs retrieving the
|
||||
* key to be used
|
||||
*/
|
||||
@Override
|
||||
public String decrypt(String base64EncodedCipherText) throws KeyStoreException {
|
||||
try {
|
||||
byte[] clearText = decrypt(mBase64Decoder.decodeBuffer(base64EncodedCipherText));
|
||||
|
@ -118,4 +106,16 @@ public class KeyStoreUtil implements com.sun.jbi.security.KeyStoreUtil {
|
|||
throw new KeyStoreException(ex);
|
||||
}
|
||||
}
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
if (args.length > 0 && !args[0].trim().isEmpty()) {
|
||||
String clearPassword = args[0];
|
||||
System.out.println("Generate encrypted password for <" + clearPassword +">");
|
||||
String encryptedPassword = new PasswordManagement().encrypt(clearPassword);
|
||||
System.out.println("Encrypted password is: " + encryptedPassword);
|
||||
} else {
|
||||
System.out.println("Please provide a password argument !");
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,3 +1,3 @@
|
|||
|
||||
# Management users
|
||||
user.admin = admin
|
||||
user.admin = k/QoMtE5dntUkaQgU1KQ8w==
|
Loading…
Reference in New Issue