ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject git commit: ARGUS-46-47:DB Password Encryption Implemented
Date Wed, 17 Sep 2014 15:16:26 GMT
Repository: incubator-argus
Updated Branches:
  refs/heads/master ee0a04eb7 -> e5dab0670


ARGUS-46-47:DB Password Encryption Implemented

Signed-off-by: sneethiraj <sneethir@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/e5dab067
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/e5dab067
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/e5dab067

Branch: refs/heads/master
Commit: e5dab0670ac490f8d3a5ef68fd4eb06168ebae8f
Parents: ee0a04e
Author: vperiasamy <vperiasamy@hortonworks.com>
Authored: Wed Sep 17 10:18:08 2014 -0400
Committer: sneethiraj <sneethir@apache.org>
Committed: Wed Sep 17 11:16:09 2014 -0400

----------------------------------------------------------------------
 security-admin/scripts/install.sh               |  35 ++++-
 .../com/xasecure/biz/AssetConnectionMgr.java    |  18 ++-
 .../main/java/com/xasecure/biz/AssetMgr.java    |  14 ++
 .../java/com/xasecure/common/PasswordUtils.java | 143 +++++++++++++++++++
 .../java/com/xasecure/common/db/BaseDao.java    |  17 +++
 .../patch/PatchPasswordEncryption_J10001.java   |  84 +++++++++++
 .../com/xasecure/service/XAssetService.java     |  68 +++++++++
 7 files changed, 375 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/scripts/install.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.sh b/security-admin/scripts/install.sh
index f32422c..35eb94e 100755
--- a/security-admin/scripts/install.sh
+++ b/security-admin/scripts/install.sh
@@ -798,7 +798,39 @@ restart_policymgr(){
 	log "[I] Restarting xapolicymgr DONE";
 
 }
-
+execute_java_patches(){
+	dt=`date '+%s'`
+	tempFile=/tmp/sql_${dt}_$$.sql
+	mysqlexec="${MYSQL_BIN} -u ${db_user} --password="${db_password}" -h ${MYSQL_HOST} ${db_name}"
+	javaFiles=`ls -1 $app_home/WEB-INF/classes/com/xasecure/patch/Patch*.class 2> /dev/null
| awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2)
; }'`
+	for javaPatch in ${javaFiles}
+	do
+		if test -f "$app_home/WEB-INF/classes/com/xasecure/patch/$javaPatch"; then
+			className=$(basename "$javaPatch" .class)
+			version=`echo ${className} | awk -F'_' '{ print $2 }'`
+			if [ "${version}" != "" ]
+			then
+				c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where
version = '${version}' and active = 'Y'"`
+				check_ret_status $? "DBVerionCheck - ${version} Failed."
+				if [ ${c} -eq 0 ]
+				then
+					log "[I] patch ${javaPatch} is being applied..";
+					msg=`java -cp "$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/"
com.xasecure.patch.${className}`
+					check_ret_status $? "Unable to apply patch:$javaPatch"
+					touch ${tempFile}
+					echo >> ${tempFile}
+					echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by)
values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
+					${mysqlexec} < ${tempFile}
+					check_ret_status $? "Update patch - ${javaPatch} has failed."
+					rm -f ${tempFile}
+					log "[I] patch ${javaPatch} has been applied!!";
+				else
+					log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
+				fi
+			fi
+	 	fi
+	done
+}
 init_logfiles
 log " --------- Running XASecure PolicyManager Web Application Install Script --------- "
 log "[I] uname=`uname`"
@@ -821,4 +853,5 @@ update_properties
 do_authentication_setup
 copy_to_webapps
 restart_policymgr
+execute_java_patches
 echo "Installation of XASecure PolicyManager Web Application is completed."

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
index 03ac341..5b5e07d 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
@@ -41,6 +41,7 @@ import com.xasecure.hbase.client.HBaseClient;
 import com.xasecure.hive.client.HiveClient;
 import com.xasecure.knox.client.KnoxClient;
 import com.xasecure.storm.client.StormClient;
+import com.xasecure.service.XAssetService;
 import com.xasecure.view.VXAsset;
 
 @Component
@@ -64,6 +65,9 @@ public class AssetConnectionMgr {
 	@Autowired
 	protected XADaoManager xADaoManager;
 	
+	@Autowired
+	XAssetService xAssetService;
+	
 	public AssetConnectionMgr(){
 		hadoopConnectionCache = new HashMap<String, HadoopFS>();
 		hiveConnectionCache = new HashMap<String, HiveClient>();
@@ -81,7 +85,9 @@ public class AssetConnectionMgr {
 				if (hadoopFS == null) {
 				// if it doesn't exist in cache then create the connection
 					String config = asset.getConfig();
-	
+					if(!stringUtil.isEmpty(config)){
+						config=xAssetService.getConfigWithDecryptedPassword(config);
+					}
 					// FIXME remove this once we start using putting config for
 					// default asset "hadoopdev" (should come from properties)
 					if (stringUtil.isEmpty(config)
@@ -150,7 +156,8 @@ public class AssetConnectionMgr {
 				hiveClient = hiveConnectionCache.get(asset.getName());
 				if (hiveClient == null) {
 					String config = asset.getConfig();
-						if (!stringUtil.isEmpty(config)) {
+					if (!stringUtil.isEmpty(config)) {
+						config=xAssetService.getConfigWithDecryptedPassword(config);
 						final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
 								.jsonToMap(config);
 						
@@ -198,6 +205,9 @@ public class AssetConnectionMgr {
 			logger.error("Asset is null", new Throwable());
 		} else {
 			String config = asset.getConfig();
+			if(!stringUtil.isEmpty(config)){
+				config=xAssetService.getConfigWithDecryptedPassword(config);
+			}
 			knoxClient = getKnoxClientByConfig(config);
 		}
 		return knoxClient;
@@ -261,7 +271,9 @@ public class AssetConnectionMgr {
 				if (client == null) {
 					// if it doesn't exist in cache then create the connection
 					String config = asset.getConfig();
-
+					if(!stringUtil.isEmpty(config)){
+						config=xAssetService.getConfigWithDecryptedPassword(config);
+					}
 					// FIXME remove this once we start using putting config for
 					// default asset "dev-hive" (should come from properties)
 					if (stringUtil.isEmpty(config)

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 7c46ac9..da05ab6 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -1202,6 +1202,8 @@ public class AssetMgr extends AssetMgrBase {
 		if (usb != null && usb.isUserAdmin()) {
 
 			String defaultConfig = vXAsset.getConfig();
+			defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,false);
+			vXAsset.setConfig(defaultConfig);
 			VXAsset createdVXAsset = (VXAsset) xAssetService
 					.createResource(vXAsset);
 			String udpatedConfig = vXAsset.getConfig();
@@ -1335,6 +1337,17 @@ public class AssetMgr extends AssetMgrBase {
 	public VXAsset updateXAsset(VXAsset vXAsset) {
 		UserSessionBase usb = ContextUtil.getCurrentUserSession();
 		if (usb != null && usb.isUserAdmin()) {
+			String newConfig=vXAsset.getConfig();
+			HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+					.jsonToMap(newConfig);
+			String password = configMap.get("password");
+			String hiddenPasswordString = PropertiesUtil.getProperty(
+					"xa.password.hidden", "*****");
+			if (password != null && !password.equals(hiddenPasswordString)) {
+				String defaultConfig = vXAsset.getConfig();
+				defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,true);
+				vXAsset.setConfig(defaultConfig);
+			}
 			XXAsset xAsset = xADaoManager.getXXAsset()
 					.getById(vXAsset.getId());
 			
@@ -1564,6 +1577,7 @@ public class AssetMgr extends AssetMgrBase {
 				if (existingVXAsset != null
 						&& existingVXAsset.getConfig() != null) {
 					String existingConfig = existingVXAsset.getConfig();
+					existingConfig=xAssetService.getConfigWithDecryptedPassword(existingConfig);
 					HashMap<String, String> existingConfigMap = (HashMap<String, String>) jsonUtil
 							.jsonToMap(existingConfig);
 					String existingPassword = existingConfigMap.get("password");

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java b/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
new file mode 100644
index 0000000..ca7a96e
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
@@ -0,0 +1,143 @@
+package com.xasecure.common;
+import java.io.IOException;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.sun.jersey.core.util.Base64;
+public class PasswordUtils {
+
+	private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ;
+	
+	private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray()
;
+	
+	private static final byte[] SALT = "f77aLYLo".getBytes() ;
+	
+	private static final int ITERATION_COUNT = 17 ;
+	
+	private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ;
+	
+	private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ;
+	
+	private static final String LEN_SEPARATOR_STR = ":" ;		
+	
+	public static String encryptPassword(String aPassword) throws IOException {
+		Map<String, String> env = System.getenv();
+		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+		char[] encryptKey;		
+		if (encryptKeyStr == null) {
+			encryptKey=ENCRYPT_KEY;
+		}else{
+			encryptKey=encryptKeyStr.toCharArray();
+		}
+		String saltStr = env.get("ENCRYPT_SALT") ;
+		byte[] salt;
+		if (saltStr == null) {
+			salt = SALT ;
+		}else{
+			salt=saltStr.getBytes();
+		}
+		String ret = null ;
+		String strToEncrypt = null ;		
+		if (aPassword == null) {
+			strToEncrypt = "" ;
+		}
+		else {
+			strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ;
+		}		
+		try {
+			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+			SecretKey key = skf.generateSecret(keySpec) ;
+			engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT));
+			byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ;
+			ret = new String(Base64.encode(encryptedStr)) ;
+		}
+		catch(Throwable t) {
+			LOG.error("Unable to encrypt password due to error", t);
+			throw new IOException("Unable to encrypt password due to error", t) ;
+		}		
+		return ret ;
+	}
+
+	public static String decryptPassword(String aPassword) throws IOException {
+		String ret = null ;
+		Map<String, String> env = System.getenv();
+		String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+		char[] encryptKey;		
+		if (encryptKeyStr == null) {
+			encryptKey=ENCRYPT_KEY;
+		}else{
+			encryptKey=encryptKeyStr.toCharArray();
+		}
+		String saltStr = env.get("ENCRYPT_SALT") ;
+		byte[] salt;
+		if (saltStr == null) {
+			salt = SALT ;
+		}else{
+			salt=saltStr.getBytes();
+		}
+		try {			
+			byte[] decodedPassword = Base64.decode(aPassword) ;
+			Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+			PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+			SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+			SecretKey key = skf.generateSecret(keySpec) ;
+			engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
+			String decrypted = new String(engine.doFinal(decodedPassword)) ;
+			int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ;
+			if (foundAt > -1) {
+				if (decrypted.length() > foundAt) {
+					ret = decrypted.substring(foundAt+1) ;
+				}
+				else {
+					ret = "" ;
+				}
+			}
+			else {
+				ret = null;
+			}
+		}
+		catch(Throwable t) {
+			LOG.error("Unable to decrypt password due to error", t);
+			throw new IOException("Unable to decrypt password due to error", t) ;
+		}
+		return ret ;
+	}
+	
+	public static void main(String[] args) {		
+		String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ;		
+		for(String password : testPasswords) {
+			try {
+				String ePassword = PasswordUtils.encryptPassword(password) ;
+				String dPassword = PasswordUtils.decryptPassword(ePassword) ;
+				if (password == null ) {
+					if (dPassword != null) {
+						throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
+					}
+					else {
+						System.out.println("Password: [" + password + "] matched after decrypt. Encrypted:
[" + ePassword + "]") ;
+					}
+				}
+				else if (! password.equals(dPassword)) {
+					throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword
+ "]") ;
+				}
+				else {
+					System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: ["
+ ePassword + "]") ;
+				}
+			}
+			catch(IOException ioe) {
+				ioe.printStackTrace(); 
+				System.out.println("Password verification failed for password [" + password + "]:" +
ioe) ;
+			}			
+		}		
+	}
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java b/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
index b41a490..3d22257 100644
--- a/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
+++ b/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
@@ -195,5 +195,22 @@ public abstract class BaseDao<T> {
 	public Long executeCountQueryInSecurityContext(Class<T> clazz, Query query) {
 		return executeCountQueryInSecurityContext(clazz, query, true);
 	}
+	
+	public List<T> getAll() {
+		List<T> ret = null;
+		TypedQuery<T> qry = em.createQuery(
+				"SELECT t FROM " + tClass.getSimpleName() + " t", tClass);
+		ret = qry.getResultList();
+		return ret;
+	}
+
+	public Long getAllCount() {
+		Long ret = null;
+		TypedQuery<Long> qry = em.createQuery(
+				"SELECT count(t) FROM " + tClass.getSimpleName() + " t",
+				Long.class);
+		ret = qry.getSingleResult();
+		return ret;
+	}
 
 }

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
b/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
new file mode 100644
index 0000000..9392510
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
@@ -0,0 +1,84 @@
+package com.xasecure.patch;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.xasecure.common.StringUtil;
+import com.xasecure.db.XADaoManager;
+import com.xasecure.entity.XXAsset;
+import com.xasecure.service.XAssetService;
+import com.xasecure.util.CLIUtil;
+
+@Component
+public class PatchPasswordEncryption_J10001 extends BaseLoader {
+	static Logger logger = Logger.getLogger(PatchPasswordEncryption_J10001.class);
+	int lineCount = 0;
+	
+	@Autowired
+	XADaoManager xaDaoManager;
+	
+	@Autowired
+	StringUtil stringUtil;
+	
+	@Autowired
+	XAssetService xAssetService;
+	
+	public PatchPasswordEncryption_J10001() {
+	}
+	
+
+	@Override
+	public void printStats() {
+		logger.info("Time taken so far:" + timeTakenSoFar(lineCount)
+				+ ", moreToProcess=" + isMoreToProcess());
+		print(lineCount, "Processed lines");
+	}
+
+	@Override
+	public void execLoad() {
+		encryptLookupUserPassword();
+	}
+
+	private void encryptLookupUserPassword() {
+		List<XXAsset> xAssetList = xaDaoManager.getXXAsset().getAll();
+		String oldConfig=null;
+		String newConfig=null;
+		for (XXAsset xAsset : xAssetList) {		
+			oldConfig=null;
+			newConfig=null;
+			oldConfig=xAsset.getConfig();
+			if(!stringUtil.isEmpty(oldConfig)){
+				newConfig=xAssetService.getConfigWithEncryptedPassword(oldConfig,false);
+				xAsset.setConfig(newConfig);
+				xaDaoManager.getXXAsset().update(xAsset);
+			}
+			lineCount++;
+			logger.info("Lookup Password updated for Asset : "
+					+ xAsset.getName());
+			logger.info("oldconfig : "+ oldConfig);
+			logger.info("newConfig : "+ newConfig);
+			print(lineCount, "Total updated assets count : ");
+		}
+	}
+
+	public static void main(String[] args) {
+		logger.info("main()");
+		try {
+			PatchPasswordEncryption_J10001 loader = (PatchPasswordEncryption_J10001) CLIUtil
+					.getBean(PatchPasswordEncryption_J10001.class);
+			//loader.init();
+			while (loader.isMoreToProcess()) {
+				loader.load();
+			}
+			logger.info("Load complete. Exiting!!!");
+			System.exit(0);
+		}catch (Exception e) {
+			logger.error("Error loading", e);
+			System.exit(1);
+		}
+	}
+
+}

http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/service/XAssetService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XAssetService.java b/security-admin/src/main/java/com/xasecure/service/XAssetService.java
index 5463817..3b3d651 100644
--- a/security-admin/src/main/java/com/xasecure/service/XAssetService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XAssetService.java
@@ -19,6 +19,7 @@
 
  package com.xasecure.service;
 
+import java.io.IOException;
 import java.lang.reflect.Field;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -30,6 +31,7 @@ import java.util.regex.Pattern;
 
 import com.xasecure.common.JSONUtil;
 import com.xasecure.common.MessageEnums;
+import com.xasecure.common.PasswordUtils;
 import com.xasecure.common.PropertiesUtil;
 import com.xasecure.common.SearchField;
 import com.xasecure.common.SearchField.DATA_TYPE;
@@ -177,6 +179,17 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset>
{
 		return entry;
 	}
 	
+	private Entry<String, String> getIsEncryptedEntry(Map<String, String> configMap){
+		Entry<String, String> entry = null;		
+		for(Entry<String, String> e : configMap.entrySet()) {
+			if(e.getKey().toLowerCase().contains("isencrypted")){
+				entry = e;
+				break;
+			}
+		}
+		return entry;
+	}
+	
 	public void validateConfig(VXAsset vObj) {
 		HashMap<String, Object> configrationMap = null;
 		if (vObj.getAssetType() == AppConstants.ASSET_HDFS) {
@@ -329,4 +342,59 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset>
{
 		
 		return trxLogList;
 	}
+	
+	public String getConfigWithEncryptedPassword(String config,boolean isForced){
+		try {
+			if (config != null && !config.isEmpty()) {
+				Map<String, String> configMap = jsonUtil.jsonToMap(config);
+				Entry<String, String> passwordEntry = getPasswordEntry(configMap);
+				Entry<String, String> isEncryptedEntry = getIsEncryptedEntry(configMap);
+				if (passwordEntry != null){
+					if(isEncryptedEntry==null || !isEncryptedEntry.getValue().equalsIgnoreCase("true")||isForced==true){
+						String password=passwordEntry.getValue();
+						String encryptPassword=PasswordUtils.encryptPassword(password);
+						String decryptPassword=PasswordUtils.decryptPassword(encryptPassword);
+						if(decryptPassword.equalsIgnoreCase(password)){
+							configMap.put(passwordEntry.getKey(),
+									encryptPassword);
+							configMap.put("isencrypted", "true");
+						}
+					}
+				}
+				config = jsonUtil.readMapToString(configMap);
+			}										
+		} catch (IOException e) {
+			String errorMessage = "Password encryption error";
+			throw restErrorUtil.createRESTException(errorMessage,
+					MessageEnums.INVALID_INPUT_DATA, null, null,
+					e.getMessage());	
+		}
+		return config;
+	}
+	public String getConfigWithDecryptedPassword(String config){
+		try {
+			if (config != null && !config.isEmpty()) {
+				Map<String, String> configMap = jsonUtil.jsonToMap(config);
+				Entry<String, String> passwordEntry = getPasswordEntry(configMap);
+				Entry<String, String> isEncryptedEntry = getIsEncryptedEntry(configMap);
+				if (isEncryptedEntry!=null && passwordEntry != null){					
+					if (!stringUtil.isEmpty(isEncryptedEntry.getValue())
+							&& isEncryptedEntry.getValue().equalsIgnoreCase(
+									"true")) {
+						String encryptPassword = passwordEntry.getValue();
+						String decryptPassword = PasswordUtils
+								.decryptPassword(encryptPassword);
+						configMap.put(passwordEntry.getKey(), decryptPassword);
+					}
+				}
+				config = jsonUtil.readMapToString(configMap);
+			}										
+		} catch (IOException e) {
+			String errorMessage = "Password decryption error";
+			throw restErrorUtil.createRESTException(errorMessage,
+					MessageEnums.INVALID_INPUT_DATA, null, null,
+					e.getMessage());	
+		}
+		return config;
+	}
 }


Mime
View raw message