geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Forrest Xia <forres...@gmail.com>
Subject Re: svn commit: r1305852 - in /geronimo/server/branches/2.1/framework/modules/geronimo-crypto: pom.xml src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
Date Tue, 27 Mar 2012 14:59:03 GMT
Oops, sorry that, just revert the change.

On Tue, Mar 27, 2012 at 10:49 AM, Ivan <xhhsld@gmail.com> wrote:

> The change introduced a circular dependency.
>
> 2012/3/27 <xiaming@apache.org>
>
> Author: xiaming
>> Date: Tue Mar 27 14:33:46 2012
>> New Revision: 1305852
>>
>> URL: http://svn.apache.org/viewvc?rev=1305852&view=rev
>> Log:
>> GERONIMO-6310 Add ConfiguredEncryption gbean, patch provided by Saphen Qiu
>>
>> Added:
>>
>>  geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>>   (with props)
>> Modified:
>>    geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
>>
>>  geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
>>
>> Modified:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
>> URL:
>> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml?rev=1305852&r1=1305851&r2=1305852&view=diff
>>
>> ==============================================================================
>> ---
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
>> (original)
>> +++
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml Tue
>> Mar 27 14:33:46 2012
>> @@ -36,6 +36,11 @@
>>             <groupId>commons-logging</groupId>
>>             <artifactId>commons-logging</artifactId>
>>         </dependency>
>> +               <dependency>
>> +            <groupId>org.apache.geronimo.framework</groupId>
>> +            <artifactId>geronimo-system</artifactId>
>> +                       <version>${geronimoVersion}</version>
>> +        </dependency>
>>     </dependencies>
>>
>>  </project>
>>
>> Added:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>> URL:
>> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java?rev=1305852&view=auto
>>
>> ==============================================================================
>> ---
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>> (added)
>> +++
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>> Tue Mar 27 14:33:46 2012
>> @@ -0,0 +1,141 @@
>> +/*
>> + * Licensed to the Apache Software Foundation (ASF) under one
>> + * or more contributor license agreements.  See the NOTICE file
>> + * distributed with this work for additional information
>> + * regarding copyright ownership.  The ASF licenses this file
>> + * to you under the Apache License, Version 2.0 (the
>> + * "License"); you may not use this file except in compliance
>> + * with the License.  You may obtain a copy of the License at
>> + *
>> + *  http://www.apache.org/licenses/LICENSE-2.0
>> + *
>> + * Unless required by applicable law or agreed to in writing,
>> + * software distributed under the License is distributed on an
>> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
>> + * KIND, either express or implied.  See the License for the
>> + * specific language governing permissions and limitations
>> + * under the License.
>> + */
>> +
>> +package org.apache.geronimo.crypto;
>> +
>> +import java.io.BufferedInputStream;
>> +import java.io.ByteArrayInputStream;
>> +import java.io.File;
>> +import java.io.FileInputStream;
>> +import java.io.FileOutputStream;
>> +import java.io.IOException;
>> +import java.io.ObjectInputStream;
>> +import java.io.ObjectOutputStream;
>> +import java.security.SecureRandom;
>> +
>> +import javax.crypto.spec.SecretKeySpec;
>> +
>> +import org.apache.geronimo.gbean.GBeanInfo;
>> +import org.apache.geronimo.gbean.GBeanInfoBuilder;
>> +import org.apache.geronimo.gbean.GBeanLifecycle;
>> +import org.apache.geronimo.crypto.AbstractEncryption;
>> +import org.apache.geronimo.crypto.EncryptionManager;
>> +
>> +/**
>> + * Like SimpleEncryption except it uses a stored secret key. If the key
>> file is
>> + * missing, it makes up a new one.
>> + *
>> + * WARNING: NOT RECOMMENDED. If you lose the secret key file your
>> encrypted
>> + * passwords will be unavailable. Instead, secure your operationg
>> environment
>> + * and use something like ldap or a database to store passwords in.
>> + *
>> + * To use, include something like this in the rmi-naming module of
>> + * var/config/config.xml:
>> + *
>> + * <gbean
>> name="org.apache.geronimo.framework/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean"
>> + * gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
>> <attribute
>> + * name="path">var/security/ConfiguredSecretKey.ser</attribute>
>> <reference
>> + *
>> name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
>> + * </gbean>
>> + *
>> + * @version $Rev$ $Date$
>> + */
>> +public class ConfiguredEncryption extends AbstractEncryption implements
>> +               GBeanLifecycle {
>> +
>> +       private SecretKeySpec spec;
>> +
>> +       public ConfiguredEncryption(String location) throws IOException,
>> +                       ClassNotFoundException {
>> +               File keyFile = new File(location);
>> +               ObjectInputStream oin = null;
>> +               if (keyFile != null) {
>> +                       if (keyFile.exists()) {
>> +                               FileInputStream fi = new
>> FileInputStream(keyFile);
>> +                               try {
>> +                                       oin = new ObjectInputStream(fi);
>> +                                       spec = (SecretKeySpec)
>> oin.readObject();
>> +                               } catch (Exception e) {
>> +                                       // TODO: handle exception
>> +                               } finally {
>> +                                       if (oin != null)
>> +                                               oin.close();
>> +                                       if (fi != null)
>> +                                               fi.close();
>> +                               }
>> +                       } else {
>> +                               SecureRandom random = new SecureRandom();
>> +
>> random.setSeed(System.currentTimeMillis());
>> +                               byte[] bytes = new byte[16];
>> +                               random.nextBytes(bytes);
>> +                               spec = new SecretKeySpec(bytes, "AES");
>> +                               File dir = keyFile.getParentFile();
>> +                               if (!dir.exists()) {
>> +                                       dir.mkdirs();
>> +                               }
>> +                               if (!dir.exists() || !dir.isDirectory()) {
>> +                                       throw new IllegalStateException(
>> +                                                       "Could not create
>> directory for secret key spec: "
>> +                                                                       +
>> dir);
>> +                               }
>> +                               FileOutputStream out = new
>> FileOutputStream(keyFile);
>> +                               try {
>> +                                       ObjectOutputStream oout = new
>> ObjectOutputStream(out);
>> +                                       try {
>> +                                               oout.writeObject(spec);
>> +                                               oout.flush();
>> +                                       } finally {
>> +                                               oout.close();
>> +                                       }
>> +                               } finally {
>> +                                       out.close();
>> +                               }
>> +                       }
>> +               }
>> +       }
>> +
>> +       public void doStart() throws Exception {
>> +               EncryptionManager.setEncryptionPrefix("{Configured}",
>> this);
>> +       }
>> +
>> +       public void doStop() throws Exception {
>> +       }
>> +
>> +       public void doFail() {
>> +       }
>> +
>> +       protected SecretKeySpec getSecretKeySpec() {
>> +               return spec;
>> +       }
>> +
>> +       public static final GBeanInfo GBEAN_INFO;
>> +
>> +       static {
>> +               GBeanInfoBuilder infoBuilder =
>> GBeanInfoBuilder.createStatic(
>> +                               ConfiguredEncryption.class, "GBean");
>> +               infoBuilder.addAttribute("path", String.class, true,
>> true);
>> +               infoBuilder.setConstructor(new String[] { "path" });
>> +               GBEAN_INFO = infoBuilder.getBeanInfo();
>> +       }
>> +
>> +       public static GBeanInfo getGBeanInfo() {
>> +               return GBEAN_INFO;
>> +       }
>> +
>> +}
>>
>> Propchange:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>>
>> ------------------------------------------------------------------------------
>>    svn:eol-style = native
>>
>> Propchange:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>>
>> ------------------------------------------------------------------------------
>>    svn:keywords = Date Revision
>>
>> Propchange:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>>
>> ------------------------------------------------------------------------------
>>    svn:mime-type = text/plain
>>
>> Modified:
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
>> URL:
>> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java?rev=1305852&r1=1305851&r2=1305852&view=diff
>>
>> ==============================================================================
>> ---
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
>> (original)
>> +++
>> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
>> Tue Mar 27 14:33:46 2012
>> @@ -20,6 +20,7 @@ import java.util.Collections;
>>  import java.util.HashMap;
>>  import java.util.Map;
>>  import java.io.Serializable;
>> +import org.apache.geronimo.crypto.ConfiguredEncryption;
>>
>>  /**
>>  * A static class that uses registered Encryption instances to encypt and
>> decrypt objects, typically strings.
>> @@ -43,15 +44,27 @@ public class EncryptionManager {
>>
>>     private static final Map<String, Encryption> ENCRYPTORS =
>> Collections.synchronizedMap(new HashMap<String, Encryption>());
>>     private final static String SIMPLE_ENCRYPTION_PREFIX = "{Simple}";
>> +    private static String activeEncryptionPrefix =
>> SIMPLE_ENCRYPTION_PREFIX;
>> +       private static ConfiguredEncryption ce = null;
>>
>>     static {
>>         ENCRYPTORS.put(SIMPLE_ENCRYPTION_PREFIX,
>> SimpleEncryption.INSTANCE);
>>         //login properties files used to have this
>>         ENCRYPTORS.put("{Standard}", SimpleEncryption.INSTANCE);
>> +
>> +               String keyFile = System
>> +
>> .getProperty("org.apache.geronimo.security.encryption.keyfile");
>> +
>> +               if (keyFile != null && keyFile != "") {
>> +                       try {
>> +                               ce = new ConfiguredEncryption(keyFile);
>> +                               ce.doStart();
>> +                       } catch (Exception e) {
>> +                               e.printStackTrace();
>> +                       }
>> +               }
>>     }
>>
>> -    private static String activeEncryptionPrefix =
>> SIMPLE_ENCRYPTION_PREFIX;
>> -
>>     /**
>>      * Encryption instances should call this to register themselves.
>>      *
>>
>>
>>
>
>
> --
> Ivan
>



-- 
Thanks!

Regards, Forrest

Mime
View raw message