liubao68 closed pull request #981: [SCB-1009]Supporting configure encrypted
password for proxy settings
URL: https://github.com/apache/incubator-servicecomb-java-chassis/pull/981
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git
a/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java
b/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java
index db5e5ac6d..aabf1ef75 100644
---
a/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java
+++
b/dynamic-config/config-cc/src/main/java/org/apache/servicecomb/config/client/ConfigCenterClient.java
@@ -40,6 +40,7 @@
import
org.apache.servicecomb.config.archaius.sources.ConfigCenterConfigurationSourceImpl;
import org.apache.servicecomb.foundation.auth.AuthHeaderProvider;
import org.apache.servicecomb.foundation.auth.SignRequest;
+import org.apache.servicecomb.foundation.common.encrypt.Encryptions;
import org.apache.servicecomb.foundation.common.event.EventManager;
import org.apache.servicecomb.foundation.common.net.IpPort;
import org.apache.servicecomb.foundation.common.net.NetUtils;
@@ -84,6 +85,8 @@
private static final String SSL_KEY = "cc.consumer";
+ public static final String PROXY_KEY = "cc.consumer";
+
private static final long HEARTBEAT_INTERVAL = 30000;
private static final long BOOTUP_WAIT_TIME = 10;
@@ -205,7 +208,7 @@ private HttpClientOptions createHttpClientOptions() {
.setHost(ConfigCenterConfig.INSTANCE.getProxyHost())
.setPort(ConfigCenterConfig.INSTANCE.getProxyPort())
.setUsername(ConfigCenterConfig.INSTANCE.getProxyUsername())
- .setPassword(ConfigCenterConfig.INSTANCE.getProxyPasswd());
+
.setPassword(Encryptions.decode(ConfigCenterConfig.INSTANCE.getProxyPasswd(),
PROXY_KEY));
httpClientOptions.setProxyOptions(proxy);
}
httpClientOptions.setConnectTimeout(CONFIG_CENTER_CONFIG.getConnectionTimeout());
diff --git
a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java
new file mode 100644
index 000000000..99be3c47b
--- /dev/null
+++
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryption.java
@@ -0,0 +1,43 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.foundation.common.encrypt;
+
+/**
+ * Interface for users to encode/decode confidential data
+ */
+public interface Encryption {
+ default int getOrder() {
+ return 0;
+ }
+
+ /**
+ * decode confidential data
+ * @param encrypted encrypted data
+ * @param tags extra information used to do something
+ * @return plain data
+ */
+ char[] decode(char[] encrypted, String tags);
+
+ /**
+ *
+ * @param plain plain data
+ * @param tags extra information used to do something
+ * @return encrypted data
+ */
+ char[] encode(char[] plain, String tags);
+}
diff --git
a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java
new file mode 100644
index 000000000..8039532e2
--- /dev/null
+++
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/Encryptions.java
@@ -0,0 +1,66 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.foundation.common.encrypt;
+
+import org.apache.servicecomb.foundation.common.utils.SPIServiceUtils;
+
+import com.google.common.annotations.VisibleForTesting;
+
+public class Encryptions {
+ private static Encryption encryption =
SPIServiceUtils.getPriorityHighestService(Encryption.class);
+
+ @VisibleForTesting
+ static void setEncryption(Encryption encryption) {
+ Encryptions.encryption = encryption;
+ }
+
+ @VisibleForTesting
+ static Encryption getEncryption() {
+ return encryption;
+ }
+
+ public static String decode(String encrypted, String tags) {
+ if (encrypted == null) {
+ return null;
+ }
+ char[] result = decode(encrypted.toCharArray(), tags);
+ if (result == null) {
+ return null;
+ }
+ return new String(result);
+ }
+
+ public static char[] decode(char[] encrypted, String tags) {
+ return encryption.decode(encrypted, tags);
+ }
+
+ public static String encode(String plain, String tags) {
+ if (plain == null) {
+ return null;
+ }
+ char[] result = encode(plain.toCharArray(), tags);
+ if (result == null) {
+ return null;
+ }
+ return new String(result);
+ }
+
+ public static char[] encode(char[] plain, String tags) {
+ return encryption.encode(plain, tags);
+ }
+}
diff --git
a/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java
new file mode 100644
index 000000000..f3f23c270
--- /dev/null
+++
b/foundations/foundation-common/src/main/java/org/apache/servicecomb/foundation/common/encrypt/NoEncryption.java
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.foundation.common.encrypt;
+
+public class NoEncryption implements Encryption {
+ @Override
+ public int getOrder() {
+ return 100;
+ }
+
+ @Override
+ public char[] decode(char[] encrypted, String tags) {
+ return encrypted;
+ }
+
+ @Override
+ public char[] encode(char[] plain, String tags) {
+ return plain;
+ }
+}
diff --git
a/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption
b/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption
new file mode 100644
index 000000000..0e40feb3d
--- /dev/null
+++
b/foundations/foundation-common/src/main/resources/META-INF/services/org.apache.servicecomb.foundation.common.encrypt.Encryption
@@ -0,0 +1,18 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+org.apache.servicecomb.foundation.common.encrypt.NoEncryption
\ No newline at end of file
diff --git
a/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java
b/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java
new file mode 100644
index 000000000..74bb90b76
--- /dev/null
+++
b/foundations/foundation-common/src/test/java/org/apache/servicecomb/foundation/common/encrypt/TestEncryptions.java
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.servicecomb.foundation.common.encrypt;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+public class TestEncryptions {
+ class MyEncryption implements Encryption {
+
+ @Override
+ public char[] decode(char[] encrypted, String tags) {
+ if (tags == null) {
+ return null;
+ }
+ return encrypted;
+ }
+
+ @Override
+ public char[] encode(char[] plain, String tags) {
+ if (tags == null) {
+ return null;
+ }
+ return plain;
+ }
+ }
+
+ @Test
+ public void testEncryptions() {
+ Assert.assertEquals(Encryptions.decode((String) null, ""), null);
+ Assert.assertEquals(Encryptions.decode("abcd", ""), "abcd");
+ Assert.assertEquals(Encryptions.decode("abcd", null), "abcd");
+ Assert.assertEquals(Encryptions.encode((String) null, ""), null);
+ Assert.assertEquals(Encryptions.encode("abcd", ""), "abcd");
+ Assert.assertEquals(Encryptions.decode("abcd", null), "abcd");
+ }
+
+ @Test
+ public void testEncryptionsMy() {
+ Encryption old = Encryptions.getEncryption();
+ Encryptions.setEncryption(new MyEncryption());
+ Assert.assertEquals(Encryptions.decode((String) null, ""), null);
+ Assert.assertEquals(Encryptions.decode("abcd", ""), "abcd");
+ Assert.assertEquals(Encryptions.decode("abcd", null), null);
+ Assert.assertEquals(Encryptions.encode((String) null, ""), null);
+ Assert.assertEquals(Encryptions.encode("abcd", ""), "abcd");
+ Assert.assertEquals(Encryptions.encode("abcd", null), null);
+ Encryptions.setEncryption(old);
+ }
+}
diff --git
a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java
b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java
index be8759a74..a631b9627 100644
---
a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java
+++
b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/AbstractClientPool.java
@@ -40,6 +40,8 @@
protected static final String SSL_KEY = "sc.consumer";
+ public static final String PROXY_KEY = "sc.consumer";
+
private ClientPoolManager<HttpClientWithContext> clientMgr;
public AbstractClientPool() {
diff --git
a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java
b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java
index 030437940..efbee4c3e 100644
---
a/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java
+++
b/service-registry/src/main/java/org/apache/servicecomb/serviceregistry/client/http/HttpClientPool.java
@@ -17,6 +17,7 @@
package org.apache.servicecomb.serviceregistry.client.http;
+import org.apache.servicecomb.foundation.common.encrypt.Encryptions;
import org.apache.servicecomb.foundation.vertx.VertxTLSBuilder;
import org.apache.servicecomb.serviceregistry.config.ServiceRegistryConfig;
import org.slf4j.Logger;
@@ -50,7 +51,7 @@ public HttpClientOptions createHttpClientOptions() {
proxy.setHost(ServiceRegistryConfig.INSTANCE.getProxyHost());
proxy.setPort(ServiceRegistryConfig.INSTANCE.getProxyPort());
proxy.setUsername(ServiceRegistryConfig.INSTANCE.getProxyUsername());
- proxy.setPassword(ServiceRegistryConfig.INSTANCE.getProxyPasswd());
+
proxy.setPassword(Encryptions.decode(ServiceRegistryConfig.INSTANCE.getProxyPasswd(),
PROXY_KEY));
httpClientOptions.setProxyOptions(proxy);
}
if (ver == HttpVersion.HTTP_2) {
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
