This is an automated email from the ASF dual-hosted git repository.
arnold pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/fineract.git
The following commit(s) were added to refs/heads/develop by this push:
new 63ee58aab FINERACT-2085: Implementation for decrypting database
passwords with CLI tooling
63ee58aab is described below
commit 63ee58aabd259558bd0fedd9714d279b8da76f50
Author: Arnold Galovics <[email protected]>
AuthorDate: Tue May 21 10:00:57 2024 +0200
FINERACT-2085: Implementation for decrypting database passwords with CLI
tooling
---
.../database/DatabasePasswordDecryptor.java | 42 ++++++++++++++++++++++
.../database/DatabasePasswordEncryptor.java | 7 +++-
2 files changed, 48 insertions(+), 1 deletion(-)
diff --git
a/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordDecryptor.java
b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordDecryptor.java
new file mode 100644
index 000000000..582249e6f
--- /dev/null
+++
b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordDecryptor.java
@@ -0,0 +1,42 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.fineract.infrastructure.core.service.database;
+
+import static
org.apache.fineract.infrastructure.core.service.database.DatabasePasswordEncryptor.DEFAULT_ENCRYPTION;
+
+import java.text.MessageFormat;
+import org.apache.fineract.infrastructure.security.utils.EncryptionUtil;
+
+public final class DatabasePasswordDecryptor {
+
+ private DatabasePasswordDecryptor() {}
+
+ @SuppressWarnings("checkstyle:regexpsinglelinejava")
+ public static void main(String[] args) {
+ if (args.length < 2) {
+ System.out.println(
+ "Usage: java -cp fineract-provider.jar
-Dloader.main=org.apache.fineract.infrastructure.core.service.database.DatabasePasswordDecryptor
org.springframework.boot.loader.launch.PropertiesLauncher <masterPassword>
<base64Password>");
+ System.exit(1);
+ }
+ String masterPassword = args[0];
+ String base64Password = args[1];
+ String decryptedPassword =
EncryptionUtil.decryptFromBase64(DEFAULT_ENCRYPTION, masterPassword,
base64Password);
+ System.out.println(MessageFormat.format("The decrypted password: {0}",
decryptedPassword));
+ }
+}
diff --git
a/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordEncryptor.java
b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordEncryptor.java
index 161e84b7f..b806ded0e 100644
---
a/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordEncryptor.java
+++
b/fineract-core/src/main/java/org/apache/fineract/infrastructure/core/service/database/DatabasePasswordEncryptor.java
@@ -40,13 +40,14 @@ public class DatabasePasswordEncryptor implements
PasswordEncryptor {
public static void main(String[] args) {
if (args.length < 2) {
System.out.println(
- "Usage: java -cp fineract-provider.jar java
-Dloader.main=org.apache.fineract.infrastructure.core.service.database.DatabasePasswordEncryptor
org.springframework.boot.loader.PropertiesLauncher <masterPassword>
<plainPassword>");
+ "Usage: java -cp fineract-provider.jar
-Dloader.main=org.apache.fineract.infrastructure.core.service.database.DatabasePasswordEncryptor
org.springframework.boot.loader.launch.PropertiesLauncher <masterPassword>
<plainPassword>");
System.exit(1);
}
String masterPassword = args[0];
String plainPassword = args[1];
String encryptedPassword =
EncryptionUtil.encryptToBase64(DEFAULT_ENCRYPTION, masterPassword,
plainPassword);
System.out.println(MessageFormat.format("The encrypted password: {0}",
encryptedPassword));
+ System.out.println(MessageFormat.format("The master password hash is:
{0}", getPasswordHash(masterPassword)));
}
@Override
@@ -74,6 +75,10 @@ public class DatabasePasswordEncryptor implements
PasswordEncryptor {
.map(FineractProperties::getTenant) //
.map(FineractProperties.FineractTenantProperties::getMasterPassword) //
.orElse(fineractProperties.getDatabase().getDefaultMasterPassword());
+ return getPasswordHash(masterPassword);
+ }
+
+ private static String getPasswordHash(String masterPassword) {
return BCrypt.hashpw(masterPassword.getBytes(StandardCharsets.UTF_8),
BCrypt.gensalt());
}
