You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@doris.apache.org by ji...@apache.org on 2022/04/13 06:32:24 UTC
[incubator-doris-manager] branch master updated: remove default encrypt key (#42)
This is an automated email from the ASF dual-hosted git repository.
jiafengzheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-doris-manager.git
The following commit(s) were added to refs/heads/master by this push:
new cd14bcd remove default encrypt key (#42)
cd14bcd is described below
commit cd14bcd8fb037f0f69ee9d0dc01cc44d8970fb98
Author: LiRui <11...@qq.com>
AuthorDate: Wed Apr 13 14:32:19 2022 +0800
remove default encrypt key (#42)
remove default encrypt key
---
manager/conf/manager.conf | 4 ++++
.../doris/stack/constant/EnvironmentDefine.java | 3 +++
.../doris/stack/exception/ConfigItemException.java | 27 ++++++++++++++++++++++
.../doris/stack/util/CommonPropertyUtil.java | 16 ++++++++++++-
.../org/apache/doris/stack/util/CredsUtil.java | 18 +++++++++++----
.../java/org/apache/doris/stack/DorisManager.java | 5 ++--
6 files changed, 66 insertions(+), 7 deletions(-)
diff --git a/manager/conf/manager.conf b/manager/conf/manager.conf
index 63bff58..eb705a4 100644
--- a/manager/conf/manager.conf
+++ b/manager/conf/manager.conf
@@ -40,6 +40,10 @@ MB_DB_TYPE=mysql
# Database accessed by the service(database)
#MB_DB_DBNAME=manager
+# AES key used to encrypt password
+# it must be 128 bits
+ENCRYPT_KEY=12dfA67887iyW321
+
# The name of the deployed service. The default is manager
#DEPLOY_NAME=manager
diff --git a/manager/general/src/main/java/org/apache/doris/stack/constant/EnvironmentDefine.java b/manager/general/src/main/java/org/apache/doris/stack/constant/EnvironmentDefine.java
index d4936aa..40fa286 100644
--- a/manager/general/src/main/java/org/apache/doris/stack/constant/EnvironmentDefine.java
+++ b/manager/general/src/main/java/org/apache/doris/stack/constant/EnvironmentDefine.java
@@ -62,6 +62,9 @@ public class EnvironmentDefine {
// Data storage connection port environment variable
public static final String STUDIO_PORT_ENV = "STUDIO_PORT";
+ // key used to encrypt password
+ public static final String ENCRYPT_KEY_ENV = "ENCRYPT_KEY";
+
// spring tomcat waiting queue length
public static final String WEB_ACCEPT_COUNT_ENV = "WEB_ACCEPT_COUNT";
diff --git a/manager/general/src/main/java/org/apache/doris/stack/exception/ConfigItemException.java b/manager/general/src/main/java/org/apache/doris/stack/exception/ConfigItemException.java
new file mode 100644
index 0000000..8d57473
--- /dev/null
+++ b/manager/general/src/main/java/org/apache/doris/stack/exception/ConfigItemException.java
@@ -0,0 +1,27 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements. See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership. The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License. You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied. See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package org.apache.doris.stack.exception;
+
+public class ConfigItemException extends Exception {
+
+ public static final String MESSAGE = "配置信息错误,请检查后重新配置:";
+
+ public ConfigItemException(String errorInfo) {
+ super(MESSAGE + errorInfo);
+ }
+}
diff --git a/manager/general/src/main/java/org/apache/doris/stack/util/CommonPropertyUtil.java b/manager/general/src/main/java/org/apache/doris/stack/util/CommonPropertyUtil.java
index e24f199..e4c04ab 100644
--- a/manager/general/src/main/java/org/apache/doris/stack/util/CommonPropertyUtil.java
+++ b/manager/general/src/main/java/org/apache/doris/stack/util/CommonPropertyUtil.java
@@ -20,6 +20,7 @@ package org.apache.doris.stack.util;
import lombok.extern.slf4j.Slf4j;
import org.apache.doris.stack.constant.EnvironmentDefine;
import org.apache.doris.stack.constant.PropertyDefine;
+import org.apache.doris.stack.exception.ConfigItemException;
import org.springframework.util.StringUtils;
import java.util.HashMap;
@@ -50,6 +51,8 @@ public class CommonPropertyUtil {
private static final String STUDIO_PORT = System.getenv(EnvironmentDefine.STUDIO_PORT_ENV);
+ private static final String ENCRYPT_KEY = System.getenv(EnvironmentDefine.ENCRYPT_KEY_ENV);
+
private static final String NGINX_PORT = System.getenv(EnvironmentDefine.NGINX_PORT_ENV);
private static final String STUDIO_COOKIE_MAX_AGE = System.getenv(EnvironmentDefine.STUDIO_COOKIE_MAX_AGE_ENV);
@@ -88,7 +91,7 @@ public class CommonPropertyUtil {
private static final String LOG_PATH = System.getenv(EnvironmentDefine.LOG_PATH_ENV);
- public static Map<String, Object> getProperties() {
+ public static Map<String, Object> getProperties() throws ConfigItemException {
Map<String, Object> properties = new HashMap<>();
// log path configuration
@@ -103,6 +106,17 @@ public class CommonPropertyUtil {
properties.put(PropertyDefine.SERVER_PORT_PROPERTY, STUDIO_PORT);
}
+ if (ENCRYPT_KEY == null || ENCRYPT_KEY.isEmpty()) {
+ log.error("config item [ENCRYPT_KEY] is not set");
+ throw new ConfigItemException("config item [ENCRYPT_KEY] is not set");
+ } else if (ENCRYPT_KEY.length() != CredsUtil.getAesKeyStrLen()) {
+ log.error("encrypt key {} string length is not {}", ENCRYPT_KEY, CredsUtil.getAesKeyStrLen());
+ throw new ConfigItemException("config item [ENCRYPT_KEY] is not correct");
+ } else {
+ log.debug("set encrypt key: " + ENCRYPT_KEY);
+ CredsUtil.setEncryptKey(ENCRYPT_KEY);
+ }
+
// Nginx service port configuration
if (NGINX_PORT == null || NGINX_PORT.isEmpty()) {
properties.put(PropertyDefine.NGINX_PORT_PROPERTY, 8090);
diff --git a/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java b/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
index d5b52bc..3fad007 100644
--- a/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
+++ b/manager/general/src/main/java/org/apache/doris/stack/util/CredsUtil.java
@@ -34,10 +34,12 @@ import javax.crypto.spec.SecretKeySpec;
public class CredsUtil {
/**
- * Encrypt Key
+ * Default Encrypt Key
* AES must be 128 bits
*/
- private static final String ENCRYPT_KEY = "12dfA67887iyW321";
+ private static String encryptKey = "";
+
+ private static final int AES_KEY_STR_LEN = 16;
private static final String ALGORITHM_STR = "AES/ECB/PKCS5Padding";
@@ -47,6 +49,14 @@ public class CredsUtil {
throw new UnsupportedOperationException();
}
+ public static void setEncryptKey(String encryptKey) {
+ CredsUtil.encryptKey = encryptKey;
+ }
+
+ public static int getAesKeyStrLen() {
+ return AES_KEY_STR_LEN;
+ }
+
/**
* One way encryption password
*
@@ -147,7 +157,7 @@ public class CredsUtil {
KeyGenerator kgen = KeyGenerator.getInstance("AES");
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHM_STR);
- cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(ENCRYPT_KEY.getBytes(), "AES"));
+ cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));
return cipher.doFinal(content.getBytes("utf-8"));
}
@@ -176,7 +186,7 @@ public class CredsUtil {
kgen.init(128);
Cipher cipher = Cipher.getInstance(ALGORITHM_STR);
- cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(ENCRYPT_KEY.getBytes(), "AES"));
+ cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(encryptKey.getBytes(), "AES"));
byte[] decryptBytes = cipher.doFinal(encryptBytes);
return new String(decryptBytes);
diff --git a/manager/manager-server/src/main/java/org/apache/doris/stack/DorisManager.java b/manager/manager-server/src/main/java/org/apache/doris/stack/DorisManager.java
index 72a1576..aa4d865 100644
--- a/manager/manager-server/src/main/java/org/apache/doris/stack/DorisManager.java
+++ b/manager/manager-server/src/main/java/org/apache/doris/stack/DorisManager.java
@@ -18,6 +18,7 @@
package org.apache.doris.stack;
import org.apache.doris.stack.constant.PropertyDefine;
+import org.apache.doris.stack.exception.ConfigItemException;
import org.apache.doris.stack.util.CommonPropertyUtil;
import org.apache.doris.stack.util.DeployType;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@@ -46,14 +47,14 @@ public class DorisManager extends SpringBootServletInitializer {
return application.sources(DorisManager.class);
}
- public static void main(String[] args) {
+ public static void main(String[] args) throws ConfigItemException {
DorisManager studio = new DorisManager();
SpringApplicationBuilder builder = getBuilder();
studio.configure(builder);
builder.run(args);
}
- public static SpringApplicationBuilder getBuilder() {
+ public static SpringApplicationBuilder getBuilder() throws ConfigItemException {
Map<String, Object> properties = CommonPropertyUtil.getProperties();
// Configure the service name. The default is manager
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@doris.apache.org
For additional commands, e-mail: commits-help@doris.apache.org