Implements AMQ-5123: Optionally support encrypted passwords in ActiveMQ users.properties file.
Project: http://git-wip-us.apache.org/repos/asf/activemq/repo Commit: http://git-wip-us.apache.org/repos/asf/activemq/commit/5da7ab3c Tree: http://git-wip-us.apache.org/repos/asf/activemq/tree/5da7ab3c Diff: http://git-wip-us.apache.org/repos/asf/activemq/diff/5da7ab3c Branch: refs/heads/trunk Commit: 5da7ab3c0ee027a29c328e48614ffe1a69401577 Parents: bc47020 Author: Hiram Chirino <[email protected]> Authored: Thu Mar 27 13:10:28 2014 -0400 Committer: Hiram Chirino <[email protected]> Committed: Thu Mar 27 13:10:28 2014 -0400 ---------------------------------------------------------------------- .../console/command/DecryptCommand.java | 6 ++- .../console/command/EncryptCommand.java | 6 ++- .../activemq/console/command/ShellCommand.java | 15 +++++- activemq-jaas/pom.xml | 5 ++ .../apache/activemq/jaas/EncryptionSupport.java | 52 ++++++++++++++++++++ .../activemq/jaas/PrincipalProperties.java | 4 ++ 6 files changed, 84 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java ---------------------------------------------------------------------- diff --git a/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java b/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java index 6ba22d3..6757786 100644 --- a/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java +++ b/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java @@ -27,7 +27,8 @@ public class DecryptCommand extends EncryptCommand { "Description: Decrypts given text.", "", "Encrypt Options:", - " --password <password> Password to be used by the encryptor.", + " --password <password> Password to be used by the encryptor. Defaults to", + " the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.", " --input <input> Text to be encrypted.", " --version Display the version information.", " -h,-?,--help Display the stop broker help information.", @@ -46,6 +47,9 @@ public class DecryptCommand extends EncryptCommand { @Override protected void runTask(List<String> tokens) throws Exception { + if( password == null ) { + password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD"); + } if (password == null || input == null) { context.printException(new IllegalArgumentException("input and password parameters are mandatory")); return; http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java ---------------------------------------------------------------------- diff --git a/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java b/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java index 6d8172d..ce61ee0 100644 --- a/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java +++ b/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java @@ -27,7 +27,8 @@ public class EncryptCommand extends AbstractCommand { "Description: Encrypts given text.", "", "Encrypt Options:", - " --password <password> Password to be used by the encryptor.", + " --password <password> Password to be used by the encryptor. Defaults to", + " the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.", " --input <input> Text to be encrypted.", " --version Display the version information.", " -h,-?,--help Display the stop broker help information.", @@ -55,6 +56,9 @@ public class EncryptCommand extends AbstractCommand { @Override protected void runTask(List<String> tokens) throws Exception { + if( password == null ) { + password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD"); + } if (password == null || input == null) { context.printException(new IllegalArgumentException("input and password parameters are mandatory")); return; http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java ---------------------------------------------------------------------- diff --git a/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java b/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java index 6c5ccd9..10074aa 100644 --- a/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java +++ b/activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java @@ -157,9 +157,20 @@ public class ShellCommand extends AbstractCommand { ArrayList<Command> getCommands() { ServiceLoader<Command> loader = ServiceLoader.load(Command.class); + Iterator<Command> iterator = loader.iterator(); ArrayList<Command> rc = new ArrayList<Command>(); - for( Command command: loader ) { - rc.add(command); + boolean done = false; + while (!done) { + try { + if( iterator.hasNext() ) { + rc.add(iterator.next()); + } else { + done = true; + } + } catch (ServiceConfigurationError e) { + // it's ok, some commands may not load if their dependencies + // are not available. + } } return rc; } http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-jaas/pom.xml ---------------------------------------------------------------------- diff --git a/activemq-jaas/pom.xml b/activemq-jaas/pom.xml index 2197e3e..d6488d5 100644 --- a/activemq-jaas/pom.xml +++ b/activemq-jaas/pom.xml @@ -105,5 +105,10 @@ <artifactId>slf4j-log4j12</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.jasypt</groupId> + <artifactId>jasypt</artifactId> + <optional>true</optional> + </dependency> </dependencies> </project> http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java ---------------------------------------------------------------------- diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java new file mode 100644 index 0000000..22d6494 --- /dev/null +++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java @@ -0,0 +1,52 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.activemq.jaas; + +import org.jasypt.encryption.pbe.StandardPBEStringEncryptor; +import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig; +import org.jasypt.properties.PropertyValueEncryptionUtils; + +import java.util.ArrayList; +import java.util.Properties; + +/** + * Holds utility methods used work with encrypted values. + */ +public class EncryptionSupport { + + static public void decrypt(Properties props) { + StandardPBEStringEncryptor encryptor = createEncryptor(); + for (Object k : new ArrayList(props.keySet())) { + String key = (String) k; + String value = props.getProperty(key); + if (PropertyValueEncryptionUtils.isEncryptedValue(value)) { + value = PropertyValueEncryptionUtils.decrypt(value, encryptor); + props.setProperty(key, value); + } + } + + } + public static StandardPBEStringEncryptor createEncryptor() { + StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor(); + EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig(); + config.setAlgorithm("PBEWithMD5AndDES"); + config.setPasswordEnvName("ACTIVEMQ_ENCRYPTION_PASSWORD"); + encryptor.setConfig(config); + return encryptor; + } + +} http://git-wip-us.apache.org/repos/asf/activemq/blob/5da7ab3c/activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java ---------------------------------------------------------------------- diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java index 601d0cc..3ff623c 100644 --- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java +++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java @@ -64,4 +64,8 @@ class PrincipalProperties { in.close(); } } + + Properties getPrincipals() { + return principals; + } }
