You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by xi...@apache.org on 2012/05/04 17:23:17 UTC
svn commit: r1334031 - in
/geronimo/server/branches/3.0-beta/framework/modules:
geronimo-crypto/src/main/java/org/apache/geronimo/crypto/
geronimo-system/src/main/java/org/apache/geronimo/system/util/
Author: xiaming
Date: Fri May 4 15:23:16 2012
New Revision: 1334031
URL: http://svn.apache.org/viewvc?rev=1334031&view=rev
Log:
GERONIMO-6310 ConfiguredEncryption fix for 3.0-beta, provided by Saphen Qiu
Added:
geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java (with props)
Modified:
geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
geronimo/server/branches/3.0-beta/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/util/ConfiguredEncryption.java
Added: geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java?rev=1334031&view=auto
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java (added)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java Fri May 4 15:23:16 2012
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.geronimo.crypto;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.security.SecureRandom;
+
+import javax.crypto.spec.SecretKeySpec;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.apache.geronimo.crypto.AbstractEncryption;
+
+ /*
+ * @version $Rev$ $Date$
+ */
+public class ConfiguredEncryption extends AbstractEncryption{
+
+ private final static Log log = LogFactory.getLog(ConfiguredEncryption.class);
+
+ private SecretKeySpec spec;
+
+ public ConfiguredEncryption(String location) throws IOException{
+ File keyFile = new File(location);
+ ObjectInputStream oin = null;
+ if (keyFile != null) {
+ if (keyFile.exists()) {
+ FileInputStream fi = new FileInputStream(keyFile);
+ try {
+ oin = new ObjectInputStream(fi);
+ spec = (SecretKeySpec) oin.readObject();
+ } catch (ClassNotFoundException e) {
+ log.error("Unable to read object or class not found: ", e);
+ } finally {
+ if (oin != null)
+ oin.close();
+ if (fi != null)
+ fi.close();
+ }
+ } else {
+ SecureRandom random = new SecureRandom();
+ random.setSeed(System.currentTimeMillis());
+ byte[] bytes = new byte[16];
+ random.nextBytes(bytes);
+ spec = new SecretKeySpec(bytes, "AES");
+ File dir = keyFile.getParentFile();
+ if (!dir.exists()) {
+ dir.mkdirs();
+ }
+ if (!dir.exists() || !dir.isDirectory()) {
+ throw new IllegalStateException(
+ "Could not create directory for secret key spec: "
+ + dir);
+ }
+ FileOutputStream out = new FileOutputStream(keyFile);
+ try {
+ ObjectOutputStream oout = new ObjectOutputStream(out);
+ try {
+ oout.writeObject(spec);
+ oout.flush();
+ } finally {
+ oout.close();
+ }
+ } finally {
+ out.close();
+ }
+ log.info("Generate a new configured encryption password: "+spec.getEncoded().toString());
+ }
+ }
+ }
+
+ @Override
+ protected SecretKeySpec getSecretKeySpec() {
+ return spec;
+ }
+
+}
Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
------------------------------------------------------------------------------
svn:keywords = Date Revision
Propchange: geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/ConfiguredEncryption.java
------------------------------------------------------------------------------
svn:mime-type = text/plain
Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java?rev=1334031&r1=1334030&r2=1334031&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-crypto/src/main/java/org/apache/geronimo/crypto/EncryptionManager.java Fri May 4 15:23:16 2012
@@ -16,9 +16,13 @@
*/
package org.apache.geronimo.crypto;
+import java.util.Collections;
+import java.util.HashMap;
import java.util.Map;
-import java.util.concurrent.ConcurrentHashMap;
import java.io.Serializable;
+import org.apache.geronimo.crypto.ConfiguredEncryption;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
/**
* A static class that uses registered Encryption instances to encypt and decrypt objects, typically strings.
@@ -40,16 +44,29 @@ import java.io.Serializable;
*/
public class EncryptionManager {
- private static final Map<String, Encryption> ENCRYPTORS = new ConcurrentHashMap<String, Encryption>();
+ private static final Map<String, Encryption> ENCRYPTORS = Collections.synchronizedMap(new HashMap<String, Encryption>());
private final static String SIMPLE_ENCRYPTION_PREFIX = "{Simple}";
+ private final static String CONFIGURED_ENCRYPTION_PREFIX = "{Configured}";
+ private final static Log log = LogFactory.getLog(EncryptionManager.class);
+ private static String activeEncryptionPrefix = SIMPLE_ENCRYPTION_PREFIX;
+ private static ConfiguredEncryption ce;
static {
ENCRYPTORS.put(SIMPLE_ENCRYPTION_PREFIX, SimpleEncryption.INSTANCE);
//login properties files used to have this
ENCRYPTORS.put("{Standard}", SimpleEncryption.INSTANCE);
- }
+ String keyFile = System.getProperty("org.apache.geronimo.security.encryption.keyfile");
+
+ if (keyFile != null && keyFile.length() != 0) {
+ try {
+ ce = new ConfiguredEncryption(keyFile);
+ } catch (Exception e) {
+ log.error("Can not handle "+keyFile, e);
+ }
+ setEncryptionPrefix(CONFIGURED_ENCRYPTION_PREFIX, ce);
+ }
- private static String activeEncryptionPrefix = SIMPLE_ENCRYPTION_PREFIX;
+ }
/**
* Encryption instances should call this to register themselves.
Modified: geronimo/server/branches/3.0-beta/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/util/ConfiguredEncryption.java
URL: http://svn.apache.org/viewvc/geronimo/server/branches/3.0-beta/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/util/ConfiguredEncryption.java?rev=1334031&r1=1334030&r2=1334031&view=diff
==============================================================================
--- geronimo/server/branches/3.0-beta/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/util/ConfiguredEncryption.java (original)
+++ geronimo/server/branches/3.0-beta/framework/modules/geronimo-system/src/main/java/org/apache/geronimo/system/util/ConfiguredEncryption.java Fri May 4 15:23:16 2012
@@ -21,12 +21,7 @@
package org.apache.geronimo.system.util;
import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.security.SecureRandom;
import javax.crypto.spec.SecretKeySpec;
@@ -34,8 +29,6 @@ import org.apache.geronimo.gbean.GBeanIn
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.system.serverinfo.ServerInfo;
-import org.apache.geronimo.crypto.AbstractEncryption;
-import org.apache.geronimo.crypto.EncryptionManager;
/**
* Like SimpleEncryption except it uses a stored secret key. If the key file is missing, it makes up a new one.
@@ -52,54 +45,16 @@ import org.apache.geronimo.crypto.Encryp
*
* @version $Rev$ $Date$
*/
-public class ConfiguredEncryption extends AbstractEncryption implements GBeanLifecycle {
+public class ConfiguredEncryption implements GBeanLifecycle {
- private final SecretKeySpec spec;
+ private org.apache.geronimo.crypto.ConfiguredEncryption ce;
public ConfiguredEncryption(String path, ServerInfo serverInfo) throws IOException, ClassNotFoundException {
- File location = serverInfo.resolveServer(path);
- if (location.exists()) {
- FileInputStream in = new FileInputStream(location);
- try {
- ObjectInputStream oin = new ObjectInputStream(in);
- try {
- spec = (SecretKeySpec) oin.readObject();
- } finally {
- oin.close();
- }
- } finally {
- in.close();
- }
- } else {
- SecureRandom random = new SecureRandom();
- random.setSeed(System.currentTimeMillis());
- byte[] bytes = new byte[16];
- random.nextBytes(bytes);
- spec = new SecretKeySpec(bytes, "AES");
- File dir = location.getParentFile();
- if (!dir.exists()) {
- dir.mkdirs();
- }
- if (!dir.exists() || !dir.isDirectory()) {
- throw new IllegalStateException("Could not create directory for secret key spec: " + dir);
- }
- FileOutputStream out = new FileOutputStream(location);
- try {
- ObjectOutputStream oout = new ObjectOutputStream(out);
- try {
- oout.writeObject(spec);
- oout.flush();
- } finally {
- oout.close();
- }
- } finally {
- out.close();
- }
- }
+ File location = serverInfo.resolve(path);
+ ce = new org.apache.geronimo.crypto.ConfiguredEncryption(location.getAbsolutePath());
}
public void doStart() throws Exception {
- EncryptionManager.setEncryptionPrefix("{Configured}", this);
}
public void doStop() throws Exception {
@@ -107,10 +62,6 @@ public class ConfiguredEncryption extend
public void doFail() {
}
-
- protected SecretKeySpec getSecretKeySpec() {
- return spec;
- }
public static final GBeanInfo GBEAN_INFO;