geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ivan <xhh...@gmail.com>
Subject Re: svn commit: r1305852 - in /geronimo/server/branches/2.1/framework/modules/geronimo-crypto: pom.xml src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
Date Tue, 27 Mar 2012 14:49:51 GMT
The change introduced a circular dependency.

2012/3/27 <xiaming@apache.org>

> Author: xiaming
> Date: Tue Mar 27 14:33:46 2012
> New Revision: 1305852
>
> URL: http://svn.apache.org/viewvc?rev=1305852&view=rev
> Log:
> GERONIMO-6310 Add ConfiguredEncryption gbean, patch provided by Saphen Qiu
>
> Added:
>
>  geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>   (with props)
> Modified:
>    geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
>
>  geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
>
> Modified:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
> URL:
> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml?rev=1305852&r1=1305851&r2=1305852&view=diff
>
> ==============================================================================
> --- geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
> (original)
> +++ geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml
> Tue Mar 27 14:33:46 2012
> @@ -36,6 +36,11 @@
>             <groupId>commons-logging</groupId>
>             <artifactId>commons-logging</artifactId>
>         </dependency>
> +               <dependency>
> +            <groupId>org.apache.geronimo.framework</groupId>
> +            <artifactId>geronimo-system</artifactId>
> +                       <version>${geronimoVersion}</version>
> +        </dependency>
>     </dependencies>
>
>  </project>
>
> Added:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
> URL:
> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java?rev=1305852&view=auto
>
> ==============================================================================
> ---
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
> (added)
> +++
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
> Tue Mar 27 14:33:46 2012
> @@ -0,0 +1,141 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one
> + * or more contributor license agreements.  See the NOTICE file
> + * distributed with this work for additional information
> + * regarding copyright ownership.  The ASF licenses this file
> + * to you under the Apache License, Version 2.0 (the
> + * "License"); you may not use this file except in compliance
> + * with the License.  You may obtain a copy of the License at
> + *
> + *  http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing,
> + * software distributed under the License is distributed on an
> + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
> + * KIND, either express or implied.  See the License for the
> + * specific language governing permissions and limitations
> + * under the License.
> + */
> +
> +package org.apache.geronimo.crypto;
> +
> +import java.io.BufferedInputStream;
> +import java.io.ByteArrayInputStream;
> +import java.io.File;
> +import java.io.FileInputStream;
> +import java.io.FileOutputStream;
> +import java.io.IOException;
> +import java.io.ObjectInputStream;
> +import java.io.ObjectOutputStream;
> +import java.security.SecureRandom;
> +
> +import javax.crypto.spec.SecretKeySpec;
> +
> +import org.apache.geronimo.gbean.GBeanInfo;
> +import org.apache.geronimo.gbean.GBeanInfoBuilder;
> +import org.apache.geronimo.gbean.GBeanLifecycle;
> +import org.apache.geronimo.crypto.AbstractEncryption;
> +import org.apache.geronimo.crypto.EncryptionManager;
> +
> +/**
> + * Like SimpleEncryption except it uses a stored secret key. If the key
> file is
> + * missing, it makes up a new one.
> + *
> + * WARNING: NOT RECOMMENDED. If you lose the secret key file your
> encrypted
> + * passwords will be unavailable. Instead, secure your operationg
> environment
> + * and use something like ldap or a database to store passwords in.
> + *
> + * To use, include something like this in the rmi-naming module of
> + * var/config/config.xml:
> + *
> + * <gbean
> name="org.apache.geronimo.framework/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean"
> + * gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
> <attribute
> + * name="path">var/security/ConfiguredSecretKey.ser</attribute> <reference
> + *
> name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
> + * </gbean>
> + *
> + * @version $Rev$ $Date$
> + */
> +public class ConfiguredEncryption extends AbstractEncryption implements
> +               GBeanLifecycle {
> +
> +       private SecretKeySpec spec;
> +
> +       public ConfiguredEncryption(String location) throws IOException,
> +                       ClassNotFoundException {
> +               File keyFile = new File(location);
> +               ObjectInputStream oin = null;
> +               if (keyFile != null) {
> +                       if (keyFile.exists()) {
> +                               FileInputStream fi = new
> FileInputStream(keyFile);
> +                               try {
> +                                       oin = new ObjectInputStream(fi);
> +                                       spec = (SecretKeySpec)
> oin.readObject();
> +                               } catch (Exception e) {
> +                                       // TODO: handle exception
> +                               } finally {
> +                                       if (oin != null)
> +                                               oin.close();
> +                                       if (fi != null)
> +                                               fi.close();
> +                               }
> +                       } else {
> +                               SecureRandom random = new SecureRandom();
> +                               random.setSeed(System.currentTimeMillis());
> +                               byte[] bytes = new byte[16];
> +                               random.nextBytes(bytes);
> +                               spec = new SecretKeySpec(bytes, "AES");
> +                               File dir = keyFile.getParentFile();
> +                               if (!dir.exists()) {
> +                                       dir.mkdirs();
> +                               }
> +                               if (!dir.exists() || !dir.isDirectory()) {
> +                                       throw new IllegalStateException(
> +                                                       "Could not create
> directory for secret key spec: "
> +                                                                       +
> dir);
> +                               }
> +                               FileOutputStream out = new
> FileOutputStream(keyFile);
> +                               try {
> +                                       ObjectOutputStream oout = new
> ObjectOutputStream(out);
> +                                       try {
> +                                               oout.writeObject(spec);
> +                                               oout.flush();
> +                                       } finally {
> +                                               oout.close();
> +                                       }
> +                               } finally {
> +                                       out.close();
> +                               }
> +                       }
> +               }
> +       }
> +
> +       public void doStart() throws Exception {
> +               EncryptionManager.setEncryptionPrefix("{Configured}",
> this);
> +       }
> +
> +       public void doStop() throws Exception {
> +       }
> +
> +       public void doFail() {
> +       }
> +
> +       protected SecretKeySpec getSecretKeySpec() {
> +               return spec;
> +       }
> +
> +       public static final GBeanInfo GBEAN_INFO;
> +
> +       static {
> +               GBeanInfoBuilder infoBuilder =
> GBeanInfoBuilder.createStatic(
> +                               ConfiguredEncryption.class, "GBean");
> +               infoBuilder.addAttribute("path", String.class, true, true);
> +               infoBuilder.setConstructor(new String[] { "path" });
> +               GBEAN_INFO = infoBuilder.getBeanInfo();
> +       }
> +
> +       public static GBeanInfo getGBeanInfo() {
> +               return GBEAN_INFO;
> +       }
> +
> +}
>
> Propchange:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>
> ------------------------------------------------------------------------------
>    svn:eol-style = native
>
> Propchange:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>
> ------------------------------------------------------------------------------
>    svn:keywords = Date Revision
>
> Propchange:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
>
> ------------------------------------------------------------------------------
>    svn:mime-type = text/plain
>
> Modified:
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
> URL:
> http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java?rev=1305852&r1=1305851&r2=1305852&view=diff
>
> ==============================================================================
> ---
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
> (original)
> +++
> geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
> Tue Mar 27 14:33:46 2012
> @@ -20,6 +20,7 @@ import java.util.Collections;
>  import java.util.HashMap;
>  import java.util.Map;
>  import java.io.Serializable;
> +import org.apache.geronimo.crypto.ConfiguredEncryption;
>
>  /**
>  * A static class that uses registered Encryption instances to encypt and
> decrypt objects, typically strings.
> @@ -43,15 +44,27 @@ public class EncryptionManager {
>
>     private static final Map<String, Encryption> ENCRYPTORS =
> Collections.synchronizedMap(new HashMap<String, Encryption>());
>     private final static String SIMPLE_ENCRYPTION_PREFIX = "{Simple}";
> +    private static String activeEncryptionPrefix =
> SIMPLE_ENCRYPTION_PREFIX;
> +       private static ConfiguredEncryption ce = null;
>
>     static {
>         ENCRYPTORS.put(SIMPLE_ENCRYPTION_PREFIX,
> SimpleEncryption.INSTANCE);
>         //login properties files used to have this
>         ENCRYPTORS.put("{Standard}", SimpleEncryption.INSTANCE);
> +
> +               String keyFile = System
> +
> .getProperty("org.apache.geronimo.security.encryption.keyfile");
> +
> +               if (keyFile != null && keyFile != "") {
> +                       try {
> +                               ce = new ConfiguredEncryption(keyFile);
> +                               ce.doStart();
> +                       } catch (Exception e) {
> +                               e.printStackTrace();
> +                       }
> +               }
>     }
>
> -    private static String activeEncryptionPrefix =
> SIMPLE_ENCRYPTION_PREFIX;
> -
>     /**
>      * Encryption instances should call this to register themselves.
>      *
>
>
>


-- 
Ivan

Mime
View raw message