This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git


The following commit(s) were added to refs/heads/main by this push:
     new 6e3b19bd5 AMQ-8987 EncryptableLDAPLoginModule support wider password 
encryption schemes
     new 8214bb839 Merge pull request #857 from Charlie-chenchrl/AMQ-8987
6e3b19bd5 is described below

commit 6e3b19bd5931a569abd3a9397438cef6d1301d60
Author: charlie-aws <[email protected]>
AuthorDate: Fri Jul 8 10:20:27 2022 -0700

    AMQ-8987 EncryptableLDAPLoginModule support wider password encryption 
schemes
---
 .../activemq/jaas/EncryptableLDAPLoginModule.java  |  5 +++++
 .../apache/activemq/jaas/LDAPLoginModuleTest.java  | 22 ++++++++++++++++++++++
 activemq-jaas/src/test/resources/login.config      | 21 +++++++++++++++++++++
 3 files changed, 48 insertions(+)

diff --git 
a/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptableLDAPLoginModule.java
 
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptableLDAPLoginModule.java
index 78128b082..f49d097f5 100644
--- 
a/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptableLDAPLoginModule.java
+++ 
b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptableLDAPLoginModule.java
@@ -23,6 +23,7 @@ import javax.security.auth.callback.CallbackHandler;
 
 import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
 import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
+import org.jasypt.iv.RandomIvGenerator;
 import org.jasypt.properties.EncryptableProperties;
 
 /**
@@ -50,6 +51,10 @@ public class EncryptableLDAPLoginModule extends 
LDAPLoginModule {
         EnvironmentStringPBEConfig envConfig = new 
EnvironmentStringPBEConfig();
         envConfig.setAlgorithm(passwordAlgorithm);
 
+        if (passwordAlgorithm.startsWith("PBE") && 
passwordAlgorithm.contains("AES")) {
+            envConfig.setIvGenerator(new RandomIvGenerator());
+        }
+
         //If the password was set, use it
         //else look up the password from the environment
         if (encryptionPassword == null) {
diff --git 
a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java 
b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
index 208dba2fe..1653355ad 100644
--- 
a/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
+++ 
b/activemq-jaas/src/test/java/org/apache/activemq/jaas/LDAPLoginModuleTest.java
@@ -145,6 +145,28 @@ public class LDAPLoginModuleTest extends 
AbstractLdapTestUnit {
         context.logout();
     }
 
+    @Test
+    public void testAESEncryptedLogin() throws LoginException {
+
+        LoginContext context = new LoginContext("EncryptedAESLDAPLogin", new 
CallbackHandler() {
+            @Override
+            public void handle(Callback[] callbacks) throws IOException, 
UnsupportedCallbackException {
+                for (int i = 0; i < callbacks.length; i++) {
+                    if (callbacks[i] instanceof NameCallback) {
+                        ((NameCallback) callbacks[i]).setName("first");
+                    } else if (callbacks[i] instanceof PasswordCallback) {
+                        ((PasswordCallback) 
callbacks[i]).setPassword("secret".toCharArray());
+                    } else {
+                        throw new UnsupportedCallbackException(callbacks[i]);
+                    }
+                }
+            }
+        });
+        context.login();
+        context.logout();
+    }
+
+
     @Test
     public void testUnauthenticated() throws LoginException {
         LoginContext context = new LoginContext("UnAuthenticatedLDAPLogin", 
new CallbackHandler() {
diff --git a/activemq-jaas/src/test/resources/login.config 
b/activemq-jaas/src/test/resources/login.config
index b5e8cf82a..2dca7b45d 100644
--- a/activemq-jaas/src/test/resources/login.config
+++ b/activemq-jaas/src/test/resources/login.config
@@ -86,6 +86,27 @@ EncryptedLDAPLogin {
         ;
 };
 
+EncryptedAESLDAPLogin {
+    org.apache.activemq.jaas.EncryptableLDAPLoginModule required
+        debug=true
+        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
+        connectionURL="ldap://localhost:1024";
+        connectionUsername="uid=admin,ou=system"
+        
connectionPassword="ENC(l3ZDKzR+ADzlmYr2Csd/CBXnFRd5Jk02JGKaraMHc7NRQp5amOxvHbuUCQNUQ0cE)"
+        connectionProtocol=s
+        authentication=simple
+        userBase="ou=system"
+        userSearchMatching="(uid={0})"
+        userSearchSubtree=false
+        roleBase="ou=system"
+        roleName=dummyRoleName
+        roleSearchMatching="(uid={1})"
+        roleSearchSubtree=false
+        encryptionAlgorithm=PBEWITHHMACSHA256ANDAES_256
+        encryptionPassword="activemq"
+        ;
+};
+
 UnAuthenticatedLDAPLogin {
     org.apache.activemq.jaas.LDAPLoginModule required
         debug=true

Reply via email to