This is an automated email from the ASF dual-hosted git repository.
cziegeler pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/felix-dev.git
The following commit(s) were added to refs/heads/master by this push:
new e121d4158f FELIX-6570 - Components webconsole-plugin shows password in
clear text (#177)
e121d4158f is described below
commit e121d4158f2209a59320f358e29c8224f249143e
Author: Sagar Miglani <[email protected]>
AuthorDate: Thu Oct 13 12:45:52 2022 +0530
FELIX-6570 - Components webconsole-plugin shows password in clear text
(#177)
* FELIX-6570 - Components webconsole-plugin shows password in clear text
* FELIX-6570 - Components webconsole-plugin shows password in clear text
* FELIX-6570 - Components webconsole-plugin shows password in clear text
---
.../plugins/ds/internal/ConfigurationSupport.java | 18 +++++++++
.../plugins/ds/internal/MetatypeSupport.java | 44 ++++++++++++++++++++++
.../plugins/ds/internal/WebConsolePlugin.java | 30 ++++++++++++---
3 files changed, 86 insertions(+), 6 deletions(-)
diff --git
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java
index e0dff3bb7b..749f35289b 100644
---
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java
+++
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java
@@ -22,6 +22,9 @@ import org.osgi.framework.Bundle;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
+import java.util.Collection;
+import java.util.Collections;
+
public class ConfigurationSupport {
private final ServiceTracker<Object, Object> configAdminTracker;
@@ -73,4 +76,19 @@ public class ConfigurationSupport {
}
return false;
}
+
+ /**
+ * Returns a Collection of IDs of Password Attributes Definitions for
given bundle and configuration PIDs
+ * @param bundle The Bundle providing the component
+ * @param configurationPids A non-null configuration pid
+ * @return <code>Collection<String></code>
+ */
+ public Collection<String> getPasswordAttributeDefinitionIds(final Bundle
bundle, final String[] configurationPids) {
+ Object metaTypeService = this.metatypeTracker.getService();
+ if (bundle == null || metaTypeService == null) {
+ return Collections.emptySet();
+ }
+ return new
MetatypeSupport().getPasswordAttributeDefinitionIds(metaTypeService, bundle,
configurationPids);
+ }
+
}
\ No newline at end of file
diff --git
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java
index 3e15da213a..ef10a45123 100644
---
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java
+++
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java
@@ -19,8 +19,15 @@
package org.apache.felix.webconsole.plugins.ds.internal;
import org.osgi.framework.Bundle;
+import org.osgi.service.metatype.AttributeDefinition;
import org.osgi.service.metatype.MetaTypeInformation;
import org.osgi.service.metatype.MetaTypeService;
+import org.osgi.service.metatype.ObjectClassDefinition;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Set;
+import java.util.HashSet;
public class MetatypeSupport
{
@@ -39,4 +46,41 @@ public class MetatypeSupport
}
return false;
}
+
+ public Collection<String> getPasswordAttributeDefinitionIds(final Object
mts, final Bundle bundle, final String[] configurationPids) {
+ MetaTypeService metaTypeService = (MetaTypeService) mts;
+ MetaTypeInformation metaTypeInformation =
metaTypeService.getMetaTypeInformation(bundle);
+ if (metaTypeInformation == null) {
+ return Collections.emptySet();
+ }
+
+ Set<String> allPasswordIds = new HashSet<>();
+ for(String configurationPid: configurationPids) {
+ allPasswordIds.addAll(getPasswordIds(metaTypeInformation,
configurationPid));
+ }
+
+ return allPasswordIds;
+ }
+
+ private Set<String> getPasswordIds(MetaTypeInformation
metaTypeInformation, String configurationPid) {
+ AttributeDefinition[] defs = null;
+ try {
+ ObjectClassDefinition ocd =
metaTypeInformation.getObjectClassDefinition(configurationPid, null);
+ defs = ocd.getAttributeDefinitions(ObjectClassDefinition.ALL);
+ } catch (final IllegalArgumentException ignore) {
+ // just ignore this exception?
+ }
+
+ Set<String> passwordsDefIds = new HashSet<>();
+ if (defs != null) {
+ for (int i = 0; i < defs.length; i++) {
+ if (defs[i].getType() == AttributeDefinition.PASSWORD) {
+ passwordsDefIds.add(defs[i].getID());
+ }
+ }
+ }
+
+ return passwordsDefIds;
+ }
+
}
\ No newline at end of file
diff --git
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java
index f4b38775bd..c2cd13f056 100644
---
a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java
+++
b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java
@@ -477,6 +477,14 @@ class WebConsolePlugin extends SimpleWebConsolePlugin
private void listProperties(JSONWriter jw, ComponentDescriptionDTO desc,
ComponentConfigurationDTO component) throws IOException
{
Map<String, Object> props = component != null ? component.properties :
desc.properties;
+
+ // Is this the right way to get bundle and configuration PID?
+ Bundle bundle =
this.getBundleContext().getBundle(0).getBundleContext().getBundle(desc.bundle.id);
+ String[] configurationPids = desc.configurationPid;
+
+ Collection<String> passwordPropertyIds =
+ this.optionalSupport.getPasswordAttributeDefinitionIds(bundle,
configurationPids);
+
if (props != null)
{
jw.object();
@@ -491,9 +499,14 @@ class WebConsolePlugin extends SimpleWebConsolePlugin
final StringBuilder b = new StringBuilder();
b.append(key).append(" = ");
- Object prop = props.get(key);
- prop = WebConsoleUtil.toString(prop);
- b.append(prop);
+ if (passwordPropertyIds.contains(key)) {
+ b.append("********");
+ } else {
+ Object prop = props.get(key);
+ prop = WebConsoleUtil.toString(prop);
+ b.append(prop);
+ }
+
jw.value(b.toString());
}
jw.endArray();
@@ -512,9 +525,14 @@ class WebConsolePlugin extends SimpleWebConsolePlugin
final StringBuilder b = new StringBuilder();
b.append(key).append(" = ");
- Object prop = props.get(key);
- prop = WebConsoleUtil.toString(prop);
- b.append(prop);
+ if (passwordPropertyIds.contains(key)) {
+ b.append("********");
+ } else {
+ Object prop = props.get(key);
+ prop = WebConsoleUtil.toString(prop);
+ b.append(prop);
+ }
+
jw.value(b.toString());
}
jw.endArray();
