The change introduced a circular dependency. 2012/3/27 <[email protected]>
> Author: xiaming > Date: Tue Mar 27 14:33:46 2012 > New Revision: 1305852 > > URL: http://svn.apache.org/viewvc?rev=1305852&view=rev > Log: > GERONIMO-6310 Add ConfiguredEncryption gbean, patch provided by Saphen Qiu > > Added: > > > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > (with props) > Modified: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml > > > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java > > Modified: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml > URL: > http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml?rev=1305852&r1=1305851&r2=1305852&view=diff > > ============================================================================== > --- geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml > (original) > +++ geronimo/server/branches/2.1/framework/modules/geronimo-crypto/pom.xml > Tue Mar 27 14:33:46 2012 > @@ -36,6 +36,11 @@ > <groupId>commons-logging</groupId> > <artifactId>commons-logging</artifactId> > </dependency> > + <dependency> > + <groupId>org.apache.geronimo.framework</groupId> > + <artifactId>geronimo-system</artifactId> > + <version>${geronimoVersion}</version> > + </dependency> > </dependencies> > > </project> > > Added: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > URL: > http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java?rev=1305852&view=auto > > ============================================================================== > --- > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > (added) > +++ > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > Tue Mar 27 14:33:46 2012 > @@ -0,0 +1,141 @@ > +/* > + * Licensed to the Apache Software Foundation (ASF) under one > + * or more contributor license agreements. See the NOTICE file > + * distributed with this work for additional information > + * regarding copyright ownership. The ASF licenses this file > + * to you under the Apache License, Version 2.0 (the > + * "License"); you may not use this file except in compliance > + * with the License. You may obtain a copy of the License at > + * > + * http://www.apache.org/licenses/LICENSE-2.0 > + * > + * Unless required by applicable law or agreed to in writing, > + * software distributed under the License is distributed on an > + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY > + * KIND, either express or implied. See the License for the > + * specific language governing permissions and limitations > + * under the License. > + */ > + > +package org.apache.geronimo.crypto; > + > +import java.io.BufferedInputStream; > +import java.io.ByteArrayInputStream; > +import java.io.File; > +import java.io.FileInputStream; > +import java.io.FileOutputStream; > +import java.io.IOException; > +import java.io.ObjectInputStream; > +import java.io.ObjectOutputStream; > +import java.security.SecureRandom; > + > +import javax.crypto.spec.SecretKeySpec; > + > +import org.apache.geronimo.gbean.GBeanInfo; > +import org.apache.geronimo.gbean.GBeanInfoBuilder; > +import org.apache.geronimo.gbean.GBeanLifecycle; > +import org.apache.geronimo.crypto.AbstractEncryption; > +import org.apache.geronimo.crypto.EncryptionManager; > + > +/** > + * Like SimpleEncryption except it uses a stored secret key. If the key > file is > + * missing, it makes up a new one. > + * > + * WARNING: NOT RECOMMENDED. If you lose the secret key file your > encrypted > + * passwords will be unavailable. Instead, secure your operationg > environment > + * and use something like ldap or a database to store passwords in. > + * > + * To use, include something like this in the rmi-naming module of > + * var/config/config.xml: > + * > + * <gbean > name="org.apache.geronimo.framework/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean" > + * gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption"> > <attribute > + * name="path">var/security/ConfiguredSecretKey.ser</attribute> <reference > + * > name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference> > + * </gbean> > + * > + * @version $Rev$ $Date$ > + */ > +public class ConfiguredEncryption extends AbstractEncryption implements > + GBeanLifecycle { > + > + private SecretKeySpec spec; > + > + public ConfiguredEncryption(String location) throws IOException, > + ClassNotFoundException { > + File keyFile = new File(location); > + ObjectInputStream oin = null; > + if (keyFile != null) { > + if (keyFile.exists()) { > + FileInputStream fi = new > FileInputStream(keyFile); > + try { > + oin = new ObjectInputStream(fi); > + spec = (SecretKeySpec) > oin.readObject(); > + } catch (Exception e) { > + // TODO: handle exception > + } finally { > + if (oin != null) > + oin.close(); > + if (fi != null) > + fi.close(); > + } > + } else { > + SecureRandom random = new SecureRandom(); > + random.setSeed(System.currentTimeMillis()); > + byte[] bytes = new byte[16]; > + random.nextBytes(bytes); > + spec = new SecretKeySpec(bytes, "AES"); > + File dir = keyFile.getParentFile(); > + if (!dir.exists()) { > + dir.mkdirs(); > + } > + if (!dir.exists() || !dir.isDirectory()) { > + throw new IllegalStateException( > + "Could not create > directory for secret key spec: " > + + > dir); > + } > + FileOutputStream out = new > FileOutputStream(keyFile); > + try { > + ObjectOutputStream oout = new > ObjectOutputStream(out); > + try { > + oout.writeObject(spec); > + oout.flush(); > + } finally { > + oout.close(); > + } > + } finally { > + out.close(); > + } > + } > + } > + } > + > + public void doStart() throws Exception { > + EncryptionManager.setEncryptionPrefix("{Configured}", > this); > + } > + > + public void doStop() throws Exception { > + } > + > + public void doFail() { > + } > + > + protected SecretKeySpec getSecretKeySpec() { > + return spec; > + } > + > + public static final GBeanInfo GBEAN_INFO; > + > + static { > + GBeanInfoBuilder infoBuilder = > GBeanInfoBuilder.createStatic( > + ConfiguredEncryption.class, "GBean"); > + infoBuilder.addAttribute("path", String.class, true, true); > + infoBuilder.setConstructor(new String[] { "path" }); > + GBEAN_INFO = infoBuilder.getBeanInfo(); > + } > + > + public static GBeanInfo getGBeanInfo() { > + return GBEAN_INFO; > + } > + > +} > > Propchange: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > > ------------------------------------------------------------------------------ > svn:eol-style = native > > Propchange: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > > ------------------------------------------------------------------------------ > svn:keywords = Date Revision > > Propchange: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java > > ------------------------------------------------------------------------------ > svn:mime-type = text/plain > > Modified: > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java > URL: > http://svn.apache.org/viewvc/geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java?rev=1305852&r1=1305851&r2=1305852&view=diff > > ============================================================================== > --- > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java > (original) > +++ > geronimo/server/branches/2.1/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java > Tue Mar 27 14:33:46 2012 > @@ -20,6 +20,7 @@ import java.util.Collections; > import java.util.HashMap; > import java.util.Map; > import java.io.Serializable; > +import org.apache.geronimo.crypto.ConfiguredEncryption; > > /** > * A static class that uses registered Encryption instances to encypt and > decrypt objects, typically strings. > @@ -43,15 +44,27 @@ public class EncryptionManager { > > private static final Map<String, Encryption> ENCRYPTORS = > Collections.synchronizedMap(new HashMap<String, Encryption>()); > private final static String SIMPLE_ENCRYPTION_PREFIX = "{Simple}"; > + private static String activeEncryptionPrefix = > SIMPLE_ENCRYPTION_PREFIX; > + private static ConfiguredEncryption ce = null; > > static { > ENCRYPTORS.put(SIMPLE_ENCRYPTION_PREFIX, > SimpleEncryption.INSTANCE); > //login properties files used to have this > ENCRYPTORS.put("{Standard}", SimpleEncryption.INSTANCE); > + > + String keyFile = System > + > .getProperty("org.apache.geronimo.security.encryption.keyfile"); > + > + if (keyFile != null && keyFile != "") { > + try { > + ce = new ConfiguredEncryption(keyFile); > + ce.doStart(); > + } catch (Exception e) { > + e.printStackTrace(); > + } > + } > } > > - private static String activeEncryptionPrefix = > SIMPLE_ENCRYPTION_PREFIX; > - > /** > * Encryption instances should call this to register themselves. > * > > > -- Ivan
