On Wed, May 18, 2011 at 2:04 AM, Afkham Azeez <[email protected]> wrote:
> This is causing a build break it seems. Also, how are you planning to > getting this fix into the Apache trunk? How do we read the axis2.xml within carbon? Do any carbon code read the axis2.xml and pass to axis2 engine. If so this security processing can be done there as well. thanks, Amila. > > > On Tue, May 17, 2011 at 11:54 AM, <[email protected]> wrote: > >> Author: asela >> Date: Mon May 16 23:24:49 2011 >> New Revision: 94446 >> URL: http://wso2.org/svn/browse/wso2?view=rev&revision=94446 >> >> Log: >> Appling secure vault patch for Axis2 - AXIS2-4725 and Adding method to >> resolve password of NIO SSL and Mail transport. But Please note >> implementation must be in the underline transport code in all defined >> transports, actually not in Axis2. It is Ta ODO item for next release by >> keeping secure vault as WS-commoms or WSO2-commons project. In 3.2.0, we >> are condsider only on email and NIO-SSL >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> >> Modified: branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> (original) >> +++ branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> Mon May 16 23:24:49 2011 >> @@ -96,6 +96,11 @@ >> <artifactId>commons-io</artifactId> >> <scope>test</scope> >> </dependency> >> + <dependency> >> + <groupId>org.wso2.securevault</groupId> >> + <artifactId>org.wso2.securevault</artifactId> >> + <version>1.0.0-SNAPSHOT</version> >> + </dependency> >> </dependencies> >> <scm> >> <connection>scm:svn: >> http://svn.apache.org/repos/asf/axis/axis2/java/core/branches/1_6/modules/kernel >> </connection> >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> (original) >> +++ >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> Mon May 16 23:24:49 2011 >> @@ -53,6 +53,8 @@ >> import org.apache.axis2.util.ThreadContextMigratorUtil; >> import org.apache.commons.logging.Log; >> import org.apache.commons.logging.LogFactory; >> +import org.wso2.securevault.SecretResolver; >> +import org.wso2.securevault.SecretResolverFactory; >> >> import javax.xml.namespace.QName; >> import javax.xml.stream.XMLStreamException; >> @@ -87,7 +89,7 @@ >> public void populateConfig() throws DeploymentException { >> try { >> OMElement config_element = buildOM(); >> - >> + >> axisConfig.setSecretResolver(SecretResolverFactory.create(config_element, >> false)); >> if (!TAG_AXISCONFIG.equals(config_element.getLocalName())) { >> throw new >> DeploymentException(Messages.getMessage("badelementfound", TAG_AXISCONFIG, >> >> config_element.getLocalName())); >> @@ -644,6 +646,7 @@ >> try { >> Iterator itr = transport.getChildrenWithName(new >> QName(TAG_PARAMETER)); >> processParameters(itr, transportIN, axisConfig); >> + resolveTransportPasswords(transportIN); >> // adding to axis2 config >> axisConfig.addTransportIn(transportIN); >> transportReceivers.add(transportIN); >> @@ -692,6 +695,7 @@ >> Iterator itr = transport.getChildrenWithName(new >> QName(TAG_PARAMETER)); >> >> processParameters(itr, transportout, axisConfig); >> + resolveTransportPasswords(transportout); >> // adding to axis2 config >> axisConfig.addTransportOut(transportout); >> } catch (NoClassDefFoundError e) { >> @@ -785,4 +789,69 @@ >> Class phaseClass = >> Loader.loadClass(axisConfig.getSystemClassLoader(), className); >> return (Phase) phaseClass.newInstance(); >> } >> + >> + /** >> + * This is to resolve secured passwords of the transport sender and >> listeners. >> + * But this implementation must be in the underline transport code. >> TODO >> + * This method is just to resolve the Email sender and NIO SSL >> transport passwords. >> + * @param transport Implementations of ParameterInclude >> + */ >> + private void resolveTransportPasswords(ParameterInclude transport) { >> + >> + SecretResolver secretResolver = axisConfig.getSecretResolver(); >> + if(secretResolver.isInitialized()){ >> + String keyStorePassToken = null; >> + String keyStoreKeyPassToken = null; >> + String trustStorePassToken = null; >> + String emailSenderPassword = null; >> + if (transport instanceof TransportOutDescription){ >> + keyStorePassToken = >> "Axis2.Https.Sender.KeyStore.Password"; >> + keyStoreKeyPassToken = >> "Axis2.Https.Sender.KeyStore.KeyPassword"; >> + trustStorePassToken = >> "Axis2.Https.Sender.TrustStore.Password"; >> + emailSenderPassword = "Axis2.Mailto.Parameter.Password"; >> + } >> + if (transport instanceof TransportInDescription){ >> + keyStorePassToken = >> "Axis2.Https.Listener.KeyStore.Password"; >> + keyStoreKeyPassToken = >> "Axis2.Https.Listener.KeyStore.KeyPassword"; >> + trustStorePassToken = >> "Axis2.Https.Listener.TrustStore.Password"; >> + } >> + >> + Parameter keyParam = transport.getParameter("keystore"); >> + Parameter trustParam = transport.getParameter("truststore"); >> + Parameter emailPasswordParam = >> transport.getParameter("mail.smtp.password"); >> + >> + if (keyParam != null) { >> + OMElement ksEle = >> keyParam.getParameterElement().getFirstElement(); >> + if(ksEle != null){ >> + OMElement storePasswordElement = >> ksEle.getFirstChildWithName(new QName("Password")); >> + OMElement keyPasswordElement = >> ksEle.getFirstChildWithName(new QName("KeyPassword")); >> + if(secretResolver.isTokenProtected(keyStorePassToken) >> && storePasswordElement != null){ >> + String storePassword = >> secretResolver.resolve(keyStorePassToken); >> + ksEle.getFirstChildWithName(new >> QName("Password")).setText(storePassword ); >> + >> + } >> + >> if(secretResolver.isTokenProtected(keyStoreKeyPassToken) && >> keyPasswordElement != null){ >> + String keyPassword = >> secretResolver.resolve(keyStoreKeyPassToken); >> + ksEle.getFirstChildWithName(new >> QName("KeyPassword")).setText(keyPassword); >> + } >> + } >> + } >> + >> + if (trustParam != null) { >> + OMElement tsEle = >> trustParam.getParameterElement().getFirstElement(); >> + if(tsEle != null){ >> + OMElement storePasswordElement = >> tsEle.getFirstChildWithName(new QName("Password")); >> + >> if(secretResolver.isTokenProtected(trustStorePassToken) && >> storePasswordElement != null){ >> + String storePassword = >> secretResolver.resolve(trustStorePassToken); >> + tsEle.getFirstChildWithName(new >> QName("Password")).setText(storePassword ); >> + } >> + } >> + } >> + >> + if(secretResolver.isTokenProtected(emailSenderPassword) && >> emailPasswordParam != null) { >> + String emailPassword = >> secretResolver.resolve(emailSenderPassword); >> + emailPasswordParam.setValue(emailPassword); >> + } >> + } >> + } >> } >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> (original) >> +++ >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> Mon May 16 23:24:49 2011 >> @@ -68,6 +68,7 @@ >> import org.apache.axis2.util.JavaUtils; >> import org.apache.commons.logging.Log; >> import org.apache.commons.logging.LogFactory; >> +import org.wso2.securevault.SecretResolver; >> >> /** >> * Class AxisConfiguration >> @@ -167,6 +168,12 @@ >> private TransactionConfiguration transactionConfiguration; >> >> /** >> + * To secure the password in axis2.xml. SecretResolver must be >> initialized >> + * When building axis configuration >> + */ >> + private SecretResolver secretResolver; >> + >> + /** >> * Constructor AxisConfiguration. >> */ >> public AxisConfiguration() { >> @@ -1545,4 +1552,12 @@ >> } >> return childFirstClassLoading; >> } >> + >> + public SecretResolver getSecretResolver() { >> + return secretResolver; >> + } >> + >> + public void setSecretResolver(SecretResolver secretResolver) { >> + this.secretResolver = secretResolver; >> + } >> } >> _______________________________________________ >> Carbon-commits mailing list >> [email protected] >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-commits >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > > > _______________________________________________ > Carbon-commits mailing list > [email protected] > https://wso2.org/cgi-bin/mailman/listinfo/carbon-commits > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
