Author: alexoree
Date: Thu May 30 15:09:31 2013
New Revision: 1487886
URL: http://svn.apache.org/r1487886
Log:
Adding command line utility for encrypting and hashing passwords (windows
only). Perhaps this can be redone as a maven command
Adding MD5 based XML user store (MD5XMLDocAuthenticator.java)
Adding tests for MD5XMLDocAuthenticator
This is partial solution for JIRA JUDDI-618
Added:
juddi/trunk/bin/
juddi/trunk/bin/cryptor-dev.bat
juddi/trunk/bin/md5crypt.bat
juddi/trunk/bin/md5cryptdev.bat
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/MD5XMLDocAuthenticator.java
- copied, changed from r1486692,
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
juddi/trunk/juddi-core/src/test/resources/juddi-users-hashed.xml
- copied, changed from r1486692,
juddi/trunk/juddi-core/src/test/resources/juddi-users-encrypted.xml
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/XMLDocAuthenticator.java
juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java
Added: juddi/trunk/bin/cryptor-dev.bat
URL:
http://svn.apache.org/viewvc/juddi/trunk/bin/cryptor-dev.bat?rev=1487886&view=auto
==============================================================================
--- juddi/trunk/bin/cryptor-dev.bat (added)
+++ juddi/trunk/bin/cryptor-dev.bat Thu May 30 15:09:31 2013
@@ -0,0 +1 @@
+java -cp
../juddi-tomcat/target/tomcat/apache-tomcat-6.0.26/webapps/juddiv3/WEB-INF/lib/*
org.apache.juddi.v3.auth.CrytorUtil org.apache.juddi.cryptor.DefaultCryptor
\ No newline at end of file
Added: juddi/trunk/bin/md5crypt.bat
URL:
http://svn.apache.org/viewvc/juddi/trunk/bin/md5crypt.bat?rev=1487886&view=auto
==============================================================================
--- juddi/trunk/bin/md5crypt.bat (added)
+++ juddi/trunk/bin/md5crypt.bat Thu May 30 15:09:31 2013
@@ -0,0 +1 @@
+rem TODO, this needs to created based on the deployment package, perhaps with
tomcat
\ No newline at end of file
Added: juddi/trunk/bin/md5cryptdev.bat
URL:
http://svn.apache.org/viewvc/juddi/trunk/bin/md5cryptdev.bat?rev=1487886&view=auto
==============================================================================
--- juddi/trunk/bin/md5cryptdev.bat (added)
+++ juddi/trunk/bin/md5cryptdev.bat Thu May 30 15:09:31 2013
@@ -0,0 +1 @@
+java -cp
../juddi-tomcat/target/tomcat/apache-tomcat-6.0.26/webapps/juddiv3/WEB-INF/lib/*;
org.apache.juddi.v3.auth.MD5XMLDocAuthenticator
\ No newline at end of file
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java?rev=1487886&r1=1487885&r2=1487886&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
(original)
+++ juddi/trunk/juddi-core/src/main/java/org/apache/juddi/config/Property.java
Thu May 30 15:09:31 2013
@@ -1,5 +1,8 @@
package org.apache.juddi.config;
+import org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator;
+import org.apache.juddi.v3.auth.MD5XMLDocAuthenticator;
+
public interface Property {
public final static String
JDDU_SUBSCRIPTION_MAXENTITIES="juddi.subscription.maxentities";
public final static String JUDDI_ROOT_PUBLISHER = "juddi.root.publisher";
@@ -50,7 +53,14 @@ public interface Property {
public final static String DEFAULT_CRYPTOR =
"org.apache.juddi.cryptor.DefaultCryptor";
public final static String DEFAULT_USERSFILE = "juddi-users.properties";
public final static String DEFAULT_XML_USERSFILE = "juddi-users.xml";
+ /**
+ * @see CryptedXMLDocAuthenticator
+ */
public final static String DEFAULT_ENCRYPTED_XML_USERSFILE =
"juddi-users-encrypted.xml";
+ /**
+ * @see MD5XMLDocAuthenticator
+ */
+ public final static String DEFAULT_HASHED_XML_USERSFILE =
"juddi-users-hashed.xml";
public final static String DEFAULT_SECURITY_DOMAIN = "java:/jaas/other";
public final static boolean DEFAULT_LOAD_INSTALL_DATA = true;
public final static String DEFAULT_BASE_URL =
"http://localhost:8080/juddiv3";;
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java?rev=1487886&r1=1487885&r2=1487886&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/cryptor/CryptorFactory.java
Thu May 30 15:09:31 2013
@@ -49,6 +49,32 @@ public abstract class CryptorFactory {
cryptor = createCryptor();
return cryptor;
}
+
+
+ public static Cryptor getCryptor(String className) throws Exception {
+ Class<?> cryptorClass = null;
+ try {
+ // Use Loader to locate & load the Cryptor
implementation
+ cryptorClass = ClassUtil.forName(className,
CryptorFactory.class);
+ }
+ catch(ClassNotFoundException e) {
+ log.error("The specified Cryptor class '" + className +
"' was not found in classpath.");
+ log.error(e);
+ throw e;
+ }
+
+ try {
+ // try to instantiate the Cryptor implementation
+ cryptor = (Cryptor)cryptorClass.newInstance();
+ }
+ catch(Exception e) {
+ log.error("Exception while attempting to instantiate
the implementation of Cryptor: " + cryptorClass.getName() + "\n" +
e.getMessage());
+ log.error(e);
+ throw e;
+ }
+
+ return cryptor;
+ }
/*
* Returns a new instance of a Cryptor.
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java?rev=1487886&r1=1487885&r2=1487886&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
Thu May 30 15:09:31 2013
@@ -55,6 +55,10 @@ public class CryptedXMLDocAuthenticator
public CryptedXMLDocAuthenticator() throws JAXBException, IOException,
ConfigurationException {
super();
}
+
+ private CryptedXMLDocAuthenticator(boolean b) {
+ super(b);
+ }
@Override
protected String getFilename() throws ConfigurationException {
return
AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE,
Property.DEFAULT_ENCRYPTED_XML_USERSFILE);
Copied:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/MD5XMLDocAuthenticator.java
(from r1486692,
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java)
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/MD5XMLDocAuthenticator.java?p2=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/MD5XMLDocAuthenticator.java&p1=juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java&r1=1486692&r2=1487886&rev=1487886&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/CryptedXMLDocAuthenticator.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/MD5XMLDocAuthenticator.java
Thu May 30 15:09:31 2013
@@ -18,22 +18,13 @@
package org.apache.juddi.v3.auth;
import java.io.IOException;
-import java.security.InvalidAlgorithmParameterException;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-
-import javax.crypto.BadPaddingException;
-import javax.crypto.IllegalBlockSizeException;
-import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.JAXBException;
-
+import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.juddi.config.AppConfig;
import org.apache.juddi.config.Property;
-import org.apache.juddi.cryptor.Cryptor;
-import org.apache.juddi.cryptor.CryptorFactory;
import org.apache.juddi.v3.error.AuthenticationException;
import org.apache.juddi.v3.error.ErrorMessage;
import org.apache.juddi.v3.error.FatalErrorException;
@@ -41,9 +32,10 @@ import org.apache.juddi.v3.error.Registr
import org.apache.juddi.v3.error.UnknownUserException;
/**
- * @author Anou Manavalan
+ * Uses MD5 hashes for passwords
+ * @author Alex O'Ree
*/
-public class CryptedXMLDocAuthenticator extends XMLDocAuthenticator {
+public class MD5XMLDocAuthenticator extends XMLDocAuthenticator {
private Log logger = LogFactory.getLog(this.getClass());
/**
@@ -52,12 +44,19 @@ public class CryptedXMLDocAuthenticator
* @throws ConfigurationException
*
*/
- public CryptedXMLDocAuthenticator() throws JAXBException, IOException,
ConfigurationException {
+ public MD5XMLDocAuthenticator() throws JAXBException, IOException,
ConfigurationException {
super();
}
+ /**
+ * A private constructor used for calculating hashes only
+ * @param x
+ */
+ private MD5XMLDocAuthenticator(boolean x) {
+ super(x);
+ }
@Override
protected String getFilename() throws ConfigurationException {
- return
AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE,
Property.DEFAULT_ENCRYPTED_XML_USERSFILE);
+ return
AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE,
Property.DEFAULT_HASHED_XML_USERSFILE);
}
/**
*
@@ -65,42 +64,21 @@ public class CryptedXMLDocAuthenticator
public String authenticate(String userID, String credential)
throws AuthenticationException, FatalErrorException {
preProcess(userID, credential);
- String encryptedCredential = encrypt(credential);
+ String encryptedCredential = hash(credential);
return postProcess(userID, encryptedCredential);
}
/**
*
*/
- private String encrypt(String str) throws FatalErrorException {
+ private String hash(String str) throws FatalErrorException {
try {
- Cryptor cryptor = (Cryptor) CryptorFactory.getCryptor();
- return cryptor.encrypt(str);
- } catch (InvalidKeyException e) {
- logger.error("Invalid Key Exception in crypting the
password", e);
+ return DigestUtils.md5Hex(str) ;
+ //return instance..encrypt(str);
+ } catch (Exception e) {
+ logger.error("Exception caught hashing password", e);
throw new FatalErrorException(new ErrorMessage(
"errors.auth.cryptor.InvalidKey",
e.getMessage()));
- } catch (NoSuchPaddingException e) {
- logger.error("Padding Exception in crypting the
password", e);
- throw new FatalErrorException(new ErrorMessage(
- "errors.auth.cryptor.Padding",
e.getMessage()));
- } catch (NoSuchAlgorithmException e) {
- logger.error("Algorithm Exception in crypting the
password", e);
- throw new FatalErrorException(new ErrorMessage(
- "errors.auth.cryptor.Algorithm",
e.getMessage()));
- } catch (InvalidAlgorithmParameterException e) {
- logger.error("Algorithm parameter Exception in crypting
the password",
- e);
- throw new FatalErrorException(new ErrorMessage(
- "errors.auth.cryptor.AlgorithmParam",
e.getMessage()));
- } catch (IllegalBlockSizeException e) {
- logger.error("Block size Exception in crypting the
password", e);
- throw new FatalErrorException(new ErrorMessage(
- "errors.auth.cryptor.BlockSize",
e.getMessage()));
- } catch (BadPaddingException e) {
- logger.error("Bad Padding Exception in crypting the
password", e);
- throw new FatalErrorException(new ErrorMessage(
- "errors.auth.cryptor.BadPadding",
e.getMessage()));
- }
+ }
}
/**
* @param userID
@@ -141,4 +119,11 @@ public class CryptedXMLDocAuthenticator
}
return userID;
}
+
+ public static void main(String[] args) throws Exception
+ {
+ System.out.print("Password: ");
+ char[] readPassword = System.console().readPassword();
+ System.out.println("Cipher: " + new
MD5XMLDocAuthenticator(true).hash(new String(readPassword)));
+ }
}
Modified:
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/XMLDocAuthenticator.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/XMLDocAuthenticator.java?rev=1487886&r1=1487885&r2=1487886&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/XMLDocAuthenticator.java
(original)
+++
juddi/trunk/juddi-core/src/main/java/org/apache/juddi/v3/auth/XMLDocAuthenticator.java
Thu May 30 15:09:31 2013
@@ -19,7 +19,9 @@ package org.apache.juddi.v3.auth;
import java.io.IOException;
import java.io.InputStream;
+import java.util.HashMap;
import java.util.Hashtable;
+import java.util.Map;
import javax.persistence.EntityManager;
import javax.persistence.EntityTransaction;
@@ -66,7 +68,7 @@ public class XMLDocAuthenticator impleme
{
private static Log log = LogFactory.getLog(AuthenticatorFactory.class);
/** Container for the user credentials */
- Hashtable<String,User> userTable;
+ Map<String,User> userTable;
/**
*
@@ -74,6 +76,13 @@ public class XMLDocAuthenticator impleme
public XMLDocAuthenticator() throws JAXBException, IOException,
ConfigurationException {
readUserFile();
}
+
+ /**
+ * an empty constructor
+ */
+ public XMLDocAuthenticator(boolean b) {
+
+ }
protected String getFilename() throws ConfigurationException {
return
AppConfig.getConfiguration().getString(Property.JUDDI_USERSFILE,
Property.DEFAULT_XML_USERSFILE);
@@ -87,7 +96,7 @@ public class XMLDocAuthenticator impleme
*/
public synchronized void readUserFile() throws JAXBException,
IOException, ConfigurationException
{
- userTable = new Hashtable<String,User>();
+ userTable = new HashMap<String, User> ();
String usersFileName = getFilename();
log.info("Reading jUDDI Users File: " + usersFileName + "...");
InputStream stream = ClassUtil.getResource(usersFileName,
this.getClass()).openStream();
Modified:
juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java?rev=1487886&r1=1487885&r2=1487886&view=diff
==============================================================================
---
juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java
(original)
+++
juddi/trunk/juddi-core/src/test/java/org/apache/juddi/auth/AuthenticatorTest.java
Thu May 30 15:09:31 2013
@@ -30,6 +30,7 @@ import org.apache.juddi.v3.auth.Authenti
import org.apache.juddi.v3.auth.CryptedXMLDocAuthenticator;
import org.apache.juddi.v3.auth.JUDDIAuthenticator;
import org.apache.juddi.v3.auth.JuddiUsers;
+import org.apache.juddi.v3.auth.MD5XMLDocAuthenticator;
import org.apache.juddi.v3.auth.User;
import org.apache.juddi.v3.auth.XMLDocAuthenticator;
import org.apache.juddi.v3.error.AuthenticationException;
@@ -172,4 +173,26 @@ public class AuthenticatorTest
Authenticator auth = new CryptedXMLDocAuthenticator();
auth.authenticate("anou_mana","badpass");
}
+
+
+ @Test
+ public void testMD5XMLDocAuthenticator()
+ {
+ try {
+ Authenticator auth = new CryptedXMLDocAuthenticator();
+ auth.authenticate("anou_mana","password");
+ auth.authenticate("bozo","clown");
+ auth.authenticate("sviens","password");
+ } catch (Exception e) {
+ logger.error(e.getMessage(),e);
+ Assert.fail("unexpected");
+ }
+ }
+
+ @Test(expected=UnknownUserException.class)
+ public void testBadMD5XMLDocAuthenticator() throws Exception
+ {
+ Authenticator auth = new MD5XMLDocAuthenticator();
+ auth.authenticate("anou_mana","badpass");
+ }
}
Copied: juddi/trunk/juddi-core/src/test/resources/juddi-users-hashed.xml (from
r1486692, juddi/trunk/juddi-core/src/test/resources/juddi-users-encrypted.xml)
URL:
http://svn.apache.org/viewvc/juddi/trunk/juddi-core/src/test/resources/juddi-users-hashed.xml?p2=juddi/trunk/juddi-core/src/test/resources/juddi-users-hashed.xml&p1=juddi/trunk/juddi-core/src/test/resources/juddi-users-encrypted.xml&r1=1486692&r2=1487886&rev=1487886&view=diff
==============================================================================
--- juddi/trunk/juddi-core/src/test/resources/juddi-users-encrypted.xml
(original)
+++ juddi/trunk/juddi-core/src/test/resources/juddi-users-hashed.xml Thu May 30
15:09:31 2013
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<juddi-users>
- <user userid="anou_mana" password="+j/kXkZJftwTFTBH6Cf6IQ=="/>
- <user userid="bozo" password="Na2Ait+2aW0="/>
- <user userid="sviens" password="+j/kXkZJftwTFTBH6Cf6IQ=="/>
+ <user userid="anou_mana" password="5f4dcc3b5aa765d61d8327deb882cf99"/>
+ <user userid="bozo" password="8b61c11eb8baedd53d2e99d1a01fa7bb"/>
+ <user userid="sviens" password="5f4dcc3b5aa765d61d8327deb882cf99"/>
</juddi-users>
\ No newline at end of file
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
