Author: gnodet
Date: Tue Sep 14 20:57:32 2010
New Revision: 997094
URL: http://svn.apache.org/viewvc?rev=997094&view=rev
Log:
KARAF-34: Fix jasypt encryption service
Modified:
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
karaf/trunk/jaas/jasypt/src/main/resources/OSGI-INF/blueprint/karaf-jaas-jasypt.xml
karaf/trunk/jaas/jasypt/src/test/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionTest.java
karaf/trunk/jaas/modules/pom.xml
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
Modified:
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
URL:
http://svn.apache.org/viewvc/karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
(original)
+++
karaf/trunk/assembly/src/main/distribution/text/etc/org.apache.karaf.jaas.cfg
Tue Sep 14 20:57:32 2010
@@ -18,6 +18,19 @@
################################################################################
#
+# Boolean enabling / disabling encrypted passwords
+#
+encryption.enabled = false
+
+#
+# Encryption Service name
+# the default one is 'basic'
+# a more powerful one named 'jasypt' is available
+# when installing the encryption feature
+#
+encryption.name =
+
+#
# Set the encryption algorithm to use in Karaf JAAS login module
# Supported encryption algorithms follow:
# MD2
@@ -27,4 +40,12 @@
# SHA-384
# SHA-512
#
-#encryption=MD5
+encryption.algorithm = MD5
+
+#
+# Encoding of the encrypted password.
+# Can be:
+# hexadecimal
+# base64
+#
+encryption.encoding = hexadecimal
Modified:
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
(original)
+++
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
Tue Sep 14 20:57:32 2010
@@ -31,6 +31,11 @@ package org.apache.karaf.jaas.jasypt.imp
import java.util.Map;
import org.apache.karaf.jaas.modules.Encryption;
+import org.apache.karaf.jaas.modules.EncryptionService;
+import org.jasypt.digest.config.DigesterConfig;
+import org.jasypt.digest.config.SimpleDigesterConfig;
+import org.jasypt.digest.config.SimpleStringDigesterConfig;
+import org.jasypt.exceptions.EncryptionInitializationException;
import org.jasypt.util.password.ConfigurablePasswordEncryptor;
/**
@@ -52,9 +57,33 @@ public class JasyptEncryption implements
* @param params encryption parameters
*/
public JasyptEncryption(Map<String,String> params) {
+ SimpleStringDigesterConfig config = new SimpleStringDigesterConfig();
+ for (String key : params.keySet()) {
+ if (EncryptionService.ALGORITHM.equalsIgnoreCase(key)) {
+ config.setAlgorithm(params.get(key));
+ } else if (EncryptionService.ENCODING.equalsIgnoreCase(key)) {
+ config.setStringOutputType(params.get(key));
+ } else if ("providerName".equalsIgnoreCase(key)) {
+ config.setProviderName(params.get(key));
+ } else if ("saltSizeBytes".equalsIgnoreCase(key)) {
+ config.setSaltSizeBytes(params.get(key));
+ } else if ("iterations".equalsIgnoreCase(key)) {
+ config.setIterations(params.get(key));
+ } else if ("providerClassName".equalsIgnoreCase(key)) {
+ config.setProviderClassName(params.get(key));
+ } else if ("saltGeneratorClassName".equalsIgnoreCase(key)) {
+ config.setSaltGeneratorClassName(params.get(key));
+ } else {
+ throw new IllegalArgumentException("Unsupported encryption
parameter: " + key);
+ }
+ }
this.passwordEncryptor = new ConfigurablePasswordEncryptor();
-
- // TODO: configure
+ this.passwordEncryptor.setConfig(config);
+ try {
+ this.passwordEncryptor.encryptPassword("test");
+ } catch (EncryptionInitializationException e) {
+ throw new IllegalArgumentException(e);
+ }
}
/*
Modified:
karaf/trunk/jaas/jasypt/src/main/resources/OSGI-INF/blueprint/karaf-jaas-jasypt.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/jasypt/src/main/resources/OSGI-INF/blueprint/karaf-jaas-jasypt.xml?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/jasypt/src/main/resources/OSGI-INF/blueprint/karaf-jaas-jasypt.xml
(original)
+++
karaf/trunk/jaas/jasypt/src/main/resources/OSGI-INF/blueprint/karaf-jaas-jasypt.xml
Tue Sep 14 20:57:32 2010
@@ -19,58 +19,11 @@
-->
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";>
- <service interface="org.apache.karaf.jaas.modules.Encryption">
+ <service interface="org.apache.karaf.jaas.modules.EncryptionService">
<service-properties>
- <entry key="algorithm" value="MD2" />
+ <entry key="name" value="jasypt" />
</service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="MD2" />
- </bean>
- </service>
-
- <service interface="org.apache.karaf.jaas.modules.Encryption">
- <service-properties>
- <entry key="algorithm" value="MD5" />
- </service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="MD5" />
- </bean>
- </service>
-
- <service interface="org.apache.karaf.jaas.modules.Encryption">
- <service-properties>
- <entry key="algorithm" value="SHA-1" />
- </service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="SHA-1" />
- </bean>
- </service>
-
- <service interface="org.apache.karaf.jaas.modules.Encryption">
- <service-properties>
- <entry key="algorithm" value="SHA-256" />
- </service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="SHA-256" />
- </bean>
- </service>
-
- <service interface="org.apache.karaf.jaas.modules.Encryption">
- <service-properties>
- <entry key="algorithm" value="SHA-384" />
- </service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="SHA-384" />
- </bean>
- </service>
-
- <service interface="org.apache.karaf.jaas.modules.Encryption">
- <service-properties>
- <entry key="algorithm" value="SHA-512" />
- </service-properties>
- <bean class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryption">
- <argument value="SHA-512" />
- </bean>
+ <bean
class="org.apache.karaf.jaas.jasypt.impl.JasyptEncryptionService"/>
</service>
</blueprint>
\ No newline at end of file
Modified:
karaf/trunk/jaas/jasypt/src/test/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionTest.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/jasypt/src/test/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionTest.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/jasypt/src/test/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionTest.java
(original)
+++
karaf/trunk/jaas/jasypt/src/test/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionTest.java
Tue Sep 14 20:57:32 2010
@@ -14,7 +14,11 @@
*/
package org.apache.karaf.jaas.jasypt.impl;
+import java.util.HashMap;
+import java.util.Map;
+
import junit.framework.TestCase;
+import org.apache.karaf.jaas.modules.EncryptionService;
/**
* <p>
@@ -32,7 +36,9 @@ public class JasyptEncryptionTest extend
* @see junit.framework.TestCase#setUp()
*/
public void setUp() {
- this.encryption = new JasyptEncryption("MD5");
+ Map<String,String> props = new HashMap<String,String>();
+ props.put(EncryptionService.ALGORITHM, "MD5");
+ this.encryption = new JasyptEncryption(props);
}
/**
Modified: karaf/trunk/jaas/modules/pom.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/pom.xml?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
--- karaf/trunk/jaas/modules/pom.xml (original)
+++ karaf/trunk/jaas/modules/pom.xml Tue Sep 14 20:57:32 2010
@@ -47,6 +47,11 @@
</dependency>
<dependency>
+ <groupId>org.apache.karaf</groupId>
+ <artifactId>org.apache.karaf.util</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</dependency>
@@ -89,6 +94,9 @@
org.apache.aries.blueprint.ext,
*
</Import-Package>
+ <Private-Package>
+ org.apache.karaf.util
+ </Private-Package>
<_versionpolicy>${bnd.version.policy}</_versionpolicy>
</instructions>
</configuration>
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
Tue Sep 14 20:57:32 2010
@@ -100,7 +100,7 @@ public abstract class AbstractKarafLogin
} else {
String name = encOpts.remove("name");
if (debug) {
- if (name != null) {
+ if (name != null && name.length() > 0) {
LOG.debug("Encryption is enabled. Using service " +
name + " with options " + encOpts);
} else {
LOG.debug("Encryption is enabled. Using options " +
encOpts);
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
Tue Sep 14 20:57:32 2010
@@ -21,8 +21,19 @@ import java.util.Map;
public interface EncryptionService {
String ALGORITHM = "algorithm";
+
+ String ALGORITHM_MD2 = "MD2";
+ String ALGORITHM_MD5 = "MD5";
+ String ALGORITHM_SHA1 = "SHA-1";
+ String ALGORITHM_SHA256 = "SHA-256";
+ String ALGORITHM_SHA384 = "SHA-384";
+ String ALGORITHM_SHA512 = "SHA-512";
+
String ENCODING = "encoding";
+ String ENCODING_HEXADECIMAL = "hexadecimal";
+ String ENCODING_BASE64 = "base64";
+
/**
* Create an encryption service with the specified parameters.
* If the parameters are not supported, a <code>null</code> should
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
Tue Sep 14 20:57:32 2010
@@ -30,32 +30,34 @@ public class BasicEncryption implements
private static final Logger log =
LoggerFactory.getLogger(BasicEncryption.class);
- private String digest;
+ private String algorithm;
private String encoding;
private MessageDigest md;
public BasicEncryption(Map<String, String> params) {
for (String key : params.keySet()) {
if (EncryptionService.ALGORITHM.equalsIgnoreCase(key)) {
- digest = params.get(key);
+ algorithm = params.get(key);
} else if (EncryptionService.ENCODING.equalsIgnoreCase(key)) {
encoding = params.get(key);
} else {
throw new IllegalArgumentException("Unsupported encryption
parameter: " + key);
}
}
- if (digest == null) {
+ if (algorithm == null) {
throw new IllegalArgumentException("Digest algorithm must be
specified");
}
- // Check if the digest algorithm is available
+ // Check if the algorithm algorithm is available
try {
- md = MessageDigest.getInstance(digest);
+ md = MessageDigest.getInstance(algorithm);
} catch (NoSuchAlgorithmException e) {
- log.error("Initialization failed. Digest algorithm " + digest + "
is not available.", e);
+ log.error("Initialization failed. Digest algorithm " + algorithm +
" is not available.", e);
throw new IllegalArgumentException("Unable to configure login
module: " + e.getMessage(), e);
}
- if (encoding != null && !"hex".equalsIgnoreCase(encoding) &&
!"base64".equalsIgnoreCase(encoding)) {
- log.error("Initialization failed. Digest Encoding " + encoding + "
is not supported.");
+ if (encoding != null && encoding.length() > 0
+ &&
!EncryptionService.ENCODING_HEXADECIMAL.equalsIgnoreCase(encoding)
+ &&
!EncryptionService.ENCODING_BASE64.equalsIgnoreCase(encoding)) {
+ log.error("Initialization failed. Digest encoding " + encoding + "
is not supported.");
throw new IllegalArgumentException(
"Unable to configure login module. Digest Encoding " +
encoding + " not supported.");
}
@@ -67,9 +69,9 @@ public class BasicEncryption implements
}
// Digest the user provided password
byte[] data = md.digest(password.getBytes());
- if (encoding == null || "hex".equalsIgnoreCase(encoding)) {
+ if (encoding == null || encoding.length() == 0 ||
EncryptionService.ENCODING_HEXADECIMAL.equalsIgnoreCase(encoding)) {
return hexEncode(data);
- } else if ("base64".equalsIgnoreCase(encoding)) {
+ } else if
(EncryptionService.ENCODING_BASE64.equalsIgnoreCase(encoding)) {
return base64Encode(data);
} else {
throw new IllegalArgumentException(
@@ -86,9 +88,9 @@ public class BasicEncryption implements
}
// both are non-null
String encoded = encryptPassword(provided);
- if (encoding == null || "hex".equalsIgnoreCase(encoding)) {
+ if (encoding == null || encoding.length() == 0 ||
EncryptionService.ENCODING_HEXADECIMAL.equalsIgnoreCase(encoding)) {
return real.equalsIgnoreCase(encoded);
- } else if ("base64".equalsIgnoreCase(encoding)) {
+ } else if
(EncryptionService.ENCODING_BASE64.equalsIgnoreCase(encoding)) {
return real.equals(encoded);
}
return false;
Modified:
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
(original)
+++
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
Tue Sep 14 20:57:32 2010
@@ -17,13 +17,10 @@
package org.apache.karaf.jaas.modules.properties;
import java.io.File;
-import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Principal;
import java.util.HashSet;
import java.util.Map;
-import java.util.Properties;
-
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
@@ -39,6 +36,7 @@ import org.apache.karaf.jaas.modules.Abs
import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.RolePrincipal;
import org.apache.karaf.jaas.modules.UserPrincipal;
+import org.apache.karaf.util.Properties;
/**
* <p>
@@ -64,10 +62,10 @@ public class PropertiesLoginModule exten
}
public boolean login() throws LoginException {
- Properties users = new Properties();
File f = new File(usersFile);
+ Properties users;
try {
- users.load(new java.io.FileInputStream(f));
+ users = new Properties(f);
} catch (IOException ioe) {
throw new LoginException("Unable to load user properties file " +
f);
}
@@ -135,9 +133,7 @@ public class PropertiesLoginModule exten
if (debug) {
LOG.debug("Store the users properties file.");
}
- // TODO use Karaf Properties (to maintain comments, etc)
- // TODO close the stream to avoid leaks
- users.store(new FileOutputStream(f), null);
+ users.save();
} catch (IOException ioe) {
LOG.warn("Unable to write user properties file " + f, ioe);
}
Modified:
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
URL:
http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml?rev=997094&r1=997093&r2=997094&view=diff
==============================================================================
---
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
(original)
+++
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
Tue Sep 14 20:57:32 2010
@@ -32,18 +32,24 @@
<!-- AdminConfig property place holder for the org.apache.karaf.jaas -->
<cm:property-placeholder persistent-id="org.apache.karaf.jaas">
<cm:default-properties>
- <cm:property name="encryption.digest" value="" />
+ <cm:property name="encryption.name" value="" />
+ <cm:property name="encryption.enabled" value="false" />
+ <cm:property name="encryption.algorithm" value="MD5" />
+ <cm:property name="encryption.encoding" value="" />
</cm:default-properties>
</cm:property-placeholder>
<jaas:config name="karaf">
<jaas:module
className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule"
flags="required">
users = $[karaf.base]/etc/users.properties
- encryption.digest = ${encryption.digest}
+ encryption.name = ${encryption.name}
+ encryption.enabled = ${encryption.enabled}
+ encryption.algorithm = ${encryption.algorithm}
+ encryption.encoding = ${encryption.encoding}
</jaas:module>
</jaas:config>
- <service interface="org.apache.karaf.jaas.modules.EncrypionService">
+ <service interface="org.apache.karaf.jaas.modules.EncryptionService"
ranking="-1">
<service-properties>
<entry key="name" value="basic"/>
</service-properties>
