This is an automated email from the ASF dual-hosted git repository. liubao pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-servicecomb-java-chassis.git
commit a68659072b142925316ffb8cd7e2eee6c5af9bca Author: liubao <[email protected]> AuthorDate: Mon Nov 5 19:55:40 2018 +0800 [SCB-1009]Supporting configure encrypted password for proxy settings --- .../config/client/ConfigCenterClient.java | 5 +- .../foundation/common/encrypt/Encryption.java | 43 ++++++++++++++ .../foundation/common/encrypt/Encryptions.java | 66 ++++++++++++++++++++++ .../foundation/common/encrypt/NoEncryption.java | 30 ++++++++++ ...ervicecomb.foundation.common.encrypt.Encryption | 18 ++++++ .../foundation/common/encrypt/TestEncryptions.java | 65 +++++++++++++++++++++ .../client/http/AbstractClientPool.java | 2 + .../client/http/HttpClientPool.java | 3 +- 8 files changed, 230 insertions(+), 2 deletions(-) diff --git a/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java b/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java index db5e5ac..aabf1ef 100644 --- a/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java +++ b/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java @@ -40,6 +40,7 @@ import org.apache.commons.lang.StringUtils; import org.apache.servicecomb.config.archaius.sources.ConfigCenterConfigurationSourceImpl; import org.apache.servicecomb.foundation.auth.AuthHeaderProvider; import org.apache.servicecomb.foundation.auth.SignRequest; +import org.apache.servicecomb.foundation.common.encrypt.Encryptions; import org.apache.servicecomb.foundation.common.event.EventManager; import org.apache.servicecomb.foundation.common.net.IpPort; import org.apache.servicecomb.foundation.common.net.NetUtils; @@ -84,6 +85,8 @@ public class ConfigCenterClient { private static final String SSL_KEY = "cc.consumer"; + public static final String PROXY_KEY = "cc.consumer"; + private static final long HEARTBEAT_INTERVAL = 30000; private static final long BOOTUP_WAIT_TIME = 10; @@ -205,7 +208,7 @@ public class ConfigCenterClient { .setHost(ConfigCenterConfig.INSTANCE.getProxyHost()) .setPort(ConfigCenterConfig.INSTANCE.getProxyPort()) .setUsername(ConfigCenterConfig.INSTANCE.getProxyUsername()) - .setPassword(ConfigCenterConfig.INSTANCE.getProxyPasswd()); + .setPassword(Encryptions.decode(ConfigCenterConfig.INSTANCE.getProxyPasswd(), PROXY_KEY)); httpClientOptions.setProxyOptions(proxy); } httpClientOptions.setConnectTimeout(CONFIG_CENTER_CONFIG.getConnectionTimeout()); diff --git a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java new file mode 100644 index 0000000..99be3c4 --- /dev/null +++ b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.foundation.common.encrypt; + +/** + * Interface for users to encode/decode confidential data + */ +public interface Encryption { + default int getOrder() { + return 0; + } + + /** + * decode confidential data + * @param encrypted encrypted data + * @param tags extra information used to do something + * @return plain data + */ + char[] decode(char[] encrypted, String tags); + + /** + * + * @param plain plain data + * @param tags extra information used to do something + * @return encrypted data + */ + char[] encode(char[] plain, String tags); +} diff --git a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java new file mode 100644 index 0000000..8039532 --- /dev/null +++ b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java @@ -0,0 +1,66 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.foundation.common.encrypt; + +import org.apache.servicecomb.foundation.common.utils.SPIServiceUtils; + +import com.google.common.annotations.VisibleForTesting; + +public class Encryptions { + private static Encryption encryption = SPIServiceUtils.getPriorityHighestService(Encryption.class); + + @VisibleForTesting + static void setEncryption(Encryption encryption) { + Encryptions.encryption = encryption; + } + + @VisibleForTesting + static Encryption getEncryption() { + return encryption; + } + + public static String decode(String encrypted, String tags) { + if (encrypted == null) { + return null; + } + char[] result = decode(encrypted.toCharArray(), tags); + if (result == null) { + return null; + } + return new String(result); + } + + public static char[] decode(char[] encrypted, String tags) { + return encryption.decode(encrypted, tags); + } + + public static String encode(String plain, String tags) { + if (plain == null) { + return null; + } + char[] result = encode(plain.toCharArray(), tags); + if (result == null) { + return null; + } + return new String(result); + } + + public static char[] encode(char[] plain, String tags) { + return encryption.encode(plain, tags); + } +} diff --git a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java new file mode 100644 index 0000000..fcae540 --- /dev/null +++ b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java @@ -0,0 +1,30 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.foundation.common.encrypt; + +public class NoEncryption implements Encryption { + @Override + public char[] decode(char[] encrypted, String tags) { + return encrypted; + } + + @Override + public char[] encode(char[] plain, String tags) { + return plain; + } +} diff --git a/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption b/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption new file mode 100644 index 0000000..0e40feb --- /dev/null +++ b/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption @@ -0,0 +1,18 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +org.apache.servicecomb.foundation.common.encrypt.NoEncryption \ No newline at end of file diff --git a/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java b/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java new file mode 100644 index 0000000..74bb90b --- /dev/null +++ b/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java @@ -0,0 +1,65 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.servicecomb.foundation.common.encrypt; + +import org.junit.Assert; +import org.junit.Test; + +public class TestEncryptions { + class MyEncryption implements Encryption { + + @Override + public char[] decode(char[] encrypted, String tags) { + if (tags == null) { + return null; + } + return encrypted; + } + + @Override + public char[] encode(char[] plain, String tags) { + if (tags == null) { + return null; + } + return plain; + } + } + + @Test + public void testEncryptions() { + Assert.assertEquals(Encryptions.decode((String) null, ""), null); + Assert.assertEquals(Encryptions.decode("abcd", ""), "abcd"); + Assert.assertEquals(Encryptions.decode("abcd", null), "abcd"); + Assert.assertEquals(Encryptions.encode((String) null, ""), null); + Assert.assertEquals(Encryptions.encode("abcd", ""), "abcd"); + Assert.assertEquals(Encryptions.decode("abcd", null), "abcd"); + } + + @Test + public void testEncryptionsMy() { + Encryption old = Encryptions.getEncryption(); + Encryptions.setEncryption(new MyEncryption()); + Assert.assertEquals(Encryptions.decode((String) null, ""), null); + Assert.assertEquals(Encryptions.decode("abcd", ""), "abcd"); + Assert.assertEquals(Encryptions.decode("abcd", null), null); + Assert.assertEquals(Encryptions.encode((String) null, ""), null); + Assert.assertEquals(Encryptions.encode("abcd", ""), "abcd"); + Assert.assertEquals(Encryptions.encode("abcd", null), null); + Encryptions.setEncryption(old); + } +} diff --git a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java index be8759a..a631b96 100644 --- a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java +++ b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java @@ -40,6 +40,8 @@ public abstract class AbstractClientPool implements ClientPool { protected static final String SSL_KEY = "sc.consumer"; + public static final String PROXY_KEY = "sc.consumer"; + private ClientPoolManager<HttpClientWithContext> clientMgr; public AbstractClientPool() { diff --git a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java index 0304379..efbee4c 100644 --- a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java +++ b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java @@ -17,6 +17,7 @@ package org.apache.servicecomb.serviceregistry.client.http; +import org.apache.servicecomb.foundation.common.encrypt.Encryptions; import org.apache.servicecomb.foundation.vertx.VertxTLSBuilder; import org.apache.servicecomb.serviceregistry.config.ServiceRegistryConfig; import org.slf4j.Logger; @@ -50,7 +51,7 @@ public final class HttpClientPool extends AbstractClientPool { proxy.setHost(ServiceRegistryConfig.INSTANCE.getProxyHost()); proxy.setPort(ServiceRegistryConfig.INSTANCE.getProxyPort()); proxy.setUsername(ServiceRegistryConfig.INSTANCE.getProxyUsername()); - proxy.setPassword(ServiceRegistryConfig.INSTANCE.getProxyPasswd()); + proxy.setPassword(Encryptions.decode(ServiceRegistryConfig.INSTANCE.getProxyPasswd(), PROXY_KEY)); httpClientOptions.setProxyOptions(proxy); } if (ver == HttpVersion.HTTP_2) {
