You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@synapse.apache.org by in...@apache.org on 2009/04/06 10:39:06 UTC
svn commit: r762253 - in /synapse/trunk/java:
modules/core/src/main/java/org/apache/synapse/security/definition/
modules/core/src/main/java/org/apache/synapse/security/tool/
modules/distribution/src/main/bin/ src/site/xdoc/
Author: indika
Date: Mon Apr 6 08:39:05 2009
New Revision: 762253
URL: http://svn.apache.org/viewvc?rev=762253&view=rev
Log:
add cipher tool documents , scripts and did some fixes
Added:
synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.bat
synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.sh
Modified:
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java
synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java
synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java?rev=762253&r1=762252&r2=762253&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/definition/CipherInformation.java Mon Apr 6 08:39:05 2009
@@ -31,7 +31,7 @@
private static final Log log = LogFactory.getLog(CipherInformation.class);
/* Default cipher algorithm*/
- private static String DEFAULT_ALGORITHM = "RSA";
+ public static String DEFAULT_ALGORITHM = "RSA";
/*Cipher algorithm */
private String algorithm = DEFAULT_ALGORITHM;
/* Cipher operation mode - encrypt or decrypt */
Modified: synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java?rev=762253&r1=762252&r2=762253&view=diff
==============================================================================
--- synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java (original)
+++ synapse/trunk/java/modules/core/src/main/java/org/apache/synapse/security/tool/CipherTool.java Mon Apr 6 08:39:05 2009
@@ -25,6 +25,7 @@
import org.apache.synapse.security.definition.CipherInformation;
import org.apache.synapse.security.definition.IdentityKeyStoreInformation;
import org.apache.synapse.security.definition.TrustKeyStoreInformation;
+import org.apache.synapse.security.enumeration.KeyStoreType;
import org.apache.synapse.security.wrappers.CipherWrapper;
import org.apache.synapse.security.wrappers.IdentityKeyStoreWrapper;
import org.apache.synapse.security.wrappers.TrustKeyStoreWrapper;
@@ -46,8 +47,9 @@
* <li>algorithm encrypt or decrypt algorithm
* <li>source Either cipher or plain text as an in-lined form
* <li>sourceFile Source from a file
- * <li>outEncode Currently base64
- * <li>inEncode Currently base64
+ * <li>outencode Currently base64
+ * <li>inencode Currently base64
+ * <li>trusted Is KeyStore a trusted store ? . if presents this , consider as a trusted store
* <ul>
*/
public class CipherTool {
@@ -82,12 +84,16 @@
/* If the target has to be written to a file*/
public final static String TARGET_FILE = "targetfile";
/* If the output of cipher operation need to be encode - only base64*/
- public final static String OUT_TYPE = "outtype";
+ public final static String OUT_TYPE = "outencode";
/* If the encode of the input type base64*/
- public final static String IN_TYPE = "intype";
+ public final static String IN_TYPE = "inencode";
/* Is this keyStore a trusted one */
public final static String TRUSTED = "trusted";
+ public final static String SYMMETRIC = "symmetric";
+
+ public final static String ASYMMETRIC = "asymmetric";
+
/* Operation mode */
public final static String ENCRYPT = "encrypt";
public final static String DECRYPT = "decrypt";
@@ -106,12 +112,11 @@
// Loads the cipher relate information
CipherInformation cipherInformation = getCipherInformation(cmd);
//Key information must not contain any password
- //Password for access private key
- String keyPass = getArgument(cmd, KEY_PASS);
// If Key need to be loaded from a file
- String keyFile = getArgument(cmd, KEY_FILE);
+ String keyFile = getArgument(cmd, KEY_FILE, null);
// Source as an in-lined
- String source = getArgument(cmd, SOURCE_IN_LINED);
+ String source = getArgument(cmd, SOURCE_IN_LINED, null);
+ assertEmpty(source, SOURCE_IN_LINED);
boolean isTrusted = isArgumentPresent(cmd, TRUSTED);
@@ -125,6 +130,9 @@
key = trustKeyStoreWrapper.getPublicKey();
} else {
IdentityKeyStoreWrapper storeWrapper = new IdentityKeyStoreWrapper();
+ //Password for access private key
+ String keyPass = getArgument(cmd, KEY_PASS, null);
+ assertEmpty(keyPass, KEY_PASS);
storeWrapper.init(getIdentityKeyStoreInformation(cmd), keyPass);
if (ENCRYPT.equals(cipherInformation.getOperationMode())) {
key = storeWrapper.getPrivateKey();
@@ -151,11 +159,12 @@
/**
* Utility method to extract command line arguments
*
- * @param cmd Command line which capture all command line arguments
- * @param argName Name of the argument to be extracted
+ * @param cmd Command line which capture all command line arguments
+ * @param argName Name of the argument to be extracted
+ * @param defaultValue The default value
* @return value of the argument if there is , o.w null
*/
- private static String getArgument(CommandLine cmd, String argName) {
+ private static String getArgument(CommandLine cmd, String argName, String defaultValue) {
if (cmd == null) {
handleException("CommandLine is null");
@@ -165,13 +174,13 @@
if (log.isDebugEnabled()) {
log.debug("Provided argument name is null. Returning null as value");
}
- return null;
+ return defaultValue;
}
if (cmd.hasOption(argName)) {
return cmd.getOptionValue(argName);
}
- return null;
+ return defaultValue;
}
/**
@@ -205,11 +214,11 @@
private static CipherInformation getCipherInformation(CommandLine cmd) {
CipherInformation information = new CipherInformation();
- information.setAlgorithm(getArgument(cmd, ALGORITHM));
- information.setOperationMode(getArgument(cmd, OP_MODE));
- information.setInType(getArgument(cmd, IN_TYPE));
- information.setOutType(getArgument(cmd, OUT_TYPE));
- information.setType(getArgument(cmd, CIPHER_TYPE));
+ information.setAlgorithm(getArgument(cmd, ALGORITHM, CipherInformation.DEFAULT_ALGORITHM));
+ information.setOperationMode(getArgument(cmd, OP_MODE, ENCRYPT));
+ information.setInType(getArgument(cmd, IN_TYPE, BASE64));
+ information.setOutType(getArgument(cmd, OUT_TYPE, BASE64));
+ information.setType(getArgument(cmd, CIPHER_TYPE, null));
return information;
}
@@ -223,10 +232,16 @@
private static IdentityKeyStoreInformation getIdentityKeyStoreInformation(CommandLine cmd) {
IdentityKeyStoreInformation information = new IdentityKeyStoreInformation();
- information.setAlias(getArgument(cmd, ALIAS));
- information.setLocation(getArgument(cmd, KEY_STORE));
- information.setStoreType(getArgument(cmd, STORE_TYPE));
- information.setKeyStorePassword(getArgument(cmd, STORE_PASS));
+ String alias = getArgument(cmd, ALIAS, null);
+ assertEmpty(alias, ALIAS);
+ information.setAlias(alias);
+ String keyStore = getArgument(cmd, KEY_STORE, null);
+ assertEmpty(keyStore, KEY_STORE);
+ information.setLocation(keyStore);
+ information.setStoreType(getArgument(cmd, STORE_TYPE, KeyStoreType.JKS.toString()));
+ String storePass = getArgument(cmd, STORE_PASS, null);
+ assertEmpty(storePass, STORE_PASS);
+ information.setKeyStorePassword(storePass);
return information;
}
@@ -240,10 +255,14 @@
private static TrustKeyStoreInformation getTrustKeyStoreInformation(CommandLine cmd) {
TrustKeyStoreInformation information = new TrustKeyStoreInformation();
- information.setAlias(getArgument(cmd, ALIAS));
- information.setLocation(getArgument(cmd, KEY_STORE));
- information.setStoreType(getArgument(cmd, STORE_TYPE));
- information.setKeyStorePassword(getArgument(cmd, STORE_PASS));
+ information.setAlias(getArgument(cmd, ALIAS, null));
+ String keyStore = getArgument(cmd, KEY_STORE, null);
+ assertEmpty(keyStore, KEY_STORE);
+ information.setLocation(keyStore);
+ information.setStoreType(getArgument(cmd, STORE_TYPE, KeyStoreType.JKS.toString()));
+ String storePass = getArgument(cmd, STORE_PASS, null);
+ assertEmpty(storePass, STORE_PASS);
+ information.setKeyStorePassword(storePass);
return information;
}
@@ -347,4 +366,9 @@
throw new SynapseException(msg);
}
+ private static void assertEmpty(String value, String key) {
+ if (value == null || "".equals(value)) {
+ handleException("The argument : " + key + " : cannot be null or empty.");
+ }
+ }
}
Added: synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.bat
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.bat?rev=762253&view=auto
==============================================================================
--- synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.bat (added)
+++ synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.bat Mon Apr 6 08:39:05 2009
@@ -0,0 +1,88 @@
+@echo off
+REM Licensed to the Apache Software Foundation (ASF) under one
+REM or more contributor license agreements. See the NOTICE file
+REM distributed with this work for additional information
+REM regarding copyright ownership. The ASF licenses this file
+REM to you under the Apache License, Version 2.0 (the
+REM "License"); you may not use this file except in compliance
+REM with the License. You may obtain a copy of the License at
+REM
+REM http://www.apache.org/licenses/LICENSE-2.0
+REM
+REM Unless required by applicable law or agreed to in writing,
+REM software distributed under the License is distributed on an
+REM # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+REM KIND, either express or implied. See the License for the
+REM specific language governing permissions and limitations
+REM under the License.
+
+rem ---------------------------------------------------------------------------
+rem Startup script for the ciphertool
+rem
+rem Environment Variable Prerequisites
+rem
+rem SYNAPSE_HOME Must point at your SYNAPSE directory
+rem
+rem JAVA_HOME Must point at your Java Development Kit installation.
+rem
+rem JAVA_OPTS (Optional) Java runtime options
+rem ---------------------------------------------------------------------------
+set CURRENT_DIR=%cd%
+
+rem Make sure prerequisite environment variables are set
+if not "%JAVA_HOME%" == "" goto gotJavaHome
+echo The JAVA_HOME environment variable is not defined
+echo This environment variable is needed to run this program
+goto end
+:gotJavaHome
+if not exist "%JAVA_HOME%\bin\java.exe" goto noJavaHome
+goto okJavaHome
+:noJavaHome
+echo The JAVA_HOME environment variable is not defined correctly
+echo This environment variable is needed to run this program
+echo NB: JAVA_HOME should point to a JDK/JRE
+goto end
+:okJavaHome
+
+rem check the SYNAPSE_HOME environment variable
+if not "%SYNAPSE_HOME%" == "" goto gotHome
+set SYNAPSE_HOME=%CURRENT_DIR%
+if exist "%SYNAPSE_HOME%\bin\ciphertool.bat" goto okHome
+
+rem guess the home. Jump one directory up to check if that is the home
+cd ..
+set SYNAPSE_HOME=%cd%
+cd %SYNAPSE_HOME%
+
+:gotHome
+if exist "%SYNAPSE_HOME%\bin\ciphertool.bat" goto okHome
+
+rem set SYNAPSE_HOME=%~dp0..
+if exist "%SYNAPSE_HOME%\bin\ciphertool.bat" goto okHome
+
+echo The SYNAPSE_HOME environment variable is not defined correctly
+echo This environment variable is needed to run this program
+goto end
+
+:okHome
+rem set the classes
+setlocal EnableDelayedExpansion
+rem loop through the libs and add them to the class path
+cd "%SYNAPSE_HOME%"
+set SYNAPSE_CLASSPATH=.\conf
+FOR %%C in ("%SYNAPSE_HOME%\lib\synapse-*.jar") DO set SYNAPSE_CLASSPATH=!SYNAPSE_CLASSPATH!;".\lib\%%~nC%%~xC"
+FOR %%C in ("%SYNAPSE_HOME%\lib\commons-*.jar") DO set SYNAPSE_CLASSPATH=!SYNAPSE_CLASSPATH!;".\lib\%%~nC%%~xC"
+
+
+
+rem ----- Execute The Requested Command ---------------------------------------
+echo Using SYNAPSE_HOME: %SYNAPSE_HOME%
+echo Using JAVA_HOME: %JAVA_HOME%
+set _RUNJAVA="%JAVA_HOME%\bin\java"
+
+set JAVA_ENDORSED=".\lib\endorsed";"%JAVA_HOME%\jre\lib\endorsed";"%JAVA_HOME%\lib\endorsed"
+
+%_RUNJAVA% %JAVA_OPTS% -cp "%SYNAPSE_CLASSPATH%" -Djava.endorsed.dirs=%JAVA_ENDORSED% org.apache.synapse.security.tool.CipherTool %*
+endlocal
+:end
+
Added: synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.sh
URL: http://svn.apache.org/viewvc/synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.sh?rev=762253&view=auto
==============================================================================
--- synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.sh (added)
+++ synapse/trunk/java/modules/distribution/src/main/bin/ciphertool.sh Mon Apr 6 08:39:05 2009
@@ -0,0 +1,108 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# -----------------------------------------------------------------------------
+# ciphertool scritp for generating stub, skeleton and other required classes
+#
+# Environment Variable Prequisites
+#
+# SYNAPSE_HOME Home of SYNAPSE installation. If not set I will try
+# to figure it out.
+#
+# JAVA_HOME Must point at your Java Development Kit installation.
+#
+# NOTE: Borrowed generously from Apache Tomcat startup scripts.
+
+# if JAVA_HOME is not set we're not happy
+if [ -z "$JAVA_HOME" ]; then
+ echo "You must set the JAVA_HOME variable before running SYNAPSE."
+ exit 1
+fi
+
+# OS specific support. $var _must_ be set to either true or false.
+cygwin=false
+os400=false
+case "`uname`" in
+CYGWIN*) cygwin=true;;
+OS400*) os400=true;;
+esac
+
+# resolve links - $0 may be a softlink
+PRG="$0"
+
+while [ -h "$PRG" ]; do
+ ls=`ls -ld "$PRG"`
+ link=`expr "$ls" : '.*-> \(.*\)$'`
+ if expr "$link" : '.*/.*' > /dev/null; then
+ PRG="$link"
+ else
+ PRG=`dirname "$PRG"`/"$link"
+ fi
+done
+
+# Get standard environment variables
+PRGDIR=`dirname "$PRG"`
+
+# Only set SYNAPSE_HOME if not already set
+[ -z "$SYNAPSE_HOME" ] && SYNAPSE_HOME=`cd "$PRGDIR/.." ; pwd`
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin; then
+ [ -n "$JAVA_HOME" ] && JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+ [ -n "$SYNAPSE_HOME" ] && SYNAPSE_HOME=`cygpath --unix "$SYNAPSE_HOME"`
+ [ -n "$CLASSPATH" ] && CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For OS400
+if $os400; then
+ # Set job priority to standard for interactive (interactive - 6) by using
+ # the interactive priority - 6, the helper threads that respond to requests
+ # will be running at the same priority as interactive jobs.
+ COMMAND='chgjob job('$JOBNAME') runpty(6)'
+ system $COMMAND
+
+ # Enable multi threading
+ QIBM_MULTI_THREADED=Y
+ export QIBM_MULTI_THREADED
+fi
+
+# Run the setup script
+ant -buildfile "$SYNAPSE_HOME/bin/build.xml" -q
+
+# update classpath
+SYNAPSE_CLASSPATH=""
+for f in "$SYNAPSE_HOME"/lib/synapse-*.jar
+do
+ SYNAPSE_CLASSPATH=$SYNAPSE_CLASSPATH:$f
+done
+for f in "$SYNAPSE_HOME"/lib/commons-*.jar
+do
+ SYNAPSE_CLASSPATH=$SYNAPSE_CLASSPATH:$f
+done
+SYNAPSE_CLASSPATH=$SYNAPSE_CLASSPATH:$CLASSPATH
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ JAVA_HOME=`cygpath --absolute --windows "$JAVA_HOME"`
+ SYNAPSE_HOME=`cygpath --absolute --windows "$SYNAPSE_HOME"`
+ CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+ JAVA_ENDORSED_DIRS=`cygpath --path --windows "$JAVA_ENDORSED_DIRS"`
+fi
+
+# ----- Execute The Requested Command -----------------------------------------
+
+$JAVA_HOME/bin/java \
+-classpath "$SYNAPSE_CLASSPATH" \
+-Djava.endorsed.dirs="$SYNAPSE_HOME/lib/endorsed":"$JAVA_HOME/jre/lib/endorsed":"$JAVA_HOME/lib/endorsed" \
+org.apache.synapse.security.tool.CipherTool $*
Modified: synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml
URL: http://svn.apache.org/viewvc/synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml?rev=762253&r1=762252&r2=762253&view=diff
==============================================================================
--- synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml (original)
+++ synapse/trunk/java/src/site/xdoc/Synapse_Samples_Setup.xml Mon Apr 6 08:39:05 2009
@@ -1001,5 +1001,54 @@
synapse.datasources.lookupds.passwordProvider=org.apache.synapse.security.secret.handler.SecretManagerSecretCallbackHandler
</pre>
</div>
+<h2>Using CipherTool</h2>
+
+<div>
+<p>
+ This is a simple tool for Tool for encrypting and decrypting.
+
+ The arguments that are inputs to this tool with their meanings are shown bellow.
+ <ul>
+ <li><strong>keystore</strong> If keys are in a store ,it's location</li>
+ <li><strong>storepass</strong> Password for access keyStore</li>
+ <li><strong>keypass</strong> To get private key</li>
+ <li><strong>alias</strong> Alias to identify key owner</li>
+ <li><strong>storetype</strong> Type of keyStore</li>
+ <li><strong>keyfile</strong> If key is in a file</li>
+ <li><strong>opmode</strong> encrypt or decrypt</li>
+ <li><strong>algorithm</strong> encrypt or decrypt algorithm</li>
+ <li><strong>source</strong> Either cipher or plain text as an in-lined form</li>
+ <li><strong>outencode</strong> Currently base64 and use for encode result</li>
+ <li><strong>inencode</strong> Currently base64 and use to decode input</li>
+ <li><strong>trusted</strong> Is KeyStore a trusted store? If presents this, consider as a trusted store</li>
+ </ul>
+</p>
+
+<p>The required scripts (
+ <strong>ciphertool.bat</strong>
+ and <strong>ciphertool.sh</strong>) are available in bin directory.
+</p>
+
+<div>
+ <p>
+ <strong>A simple encrypting sample
+ <br/>
+ </strong>
+ </p>
+ <p>
+ <strong>ciphertool.bat -source testpass -keystore lib\identity.jks -storepass password -alias synapse -keypass password
+ <br/>
+ </strong>
+ </p>
+ <pre>ciphertool.bat -source testpass -keystore lib\identity.jks -storepass password -alias synapse -keypass password
+
+ Using SYNAPSE_HOME: C:\Project\apache\synapse\synapse4\modules\distribution\ta
+ rget\synapse-SNAPSHOT
+ Using JAVA_HOME: C:\Program Files\Java\jdk1.5.0_14
+ Output :
+ UJqoweKO4+qL9ivJlDkjIBE4XOBuGSplkHAwjS3R/nUi7LH+/AH6jfu0rW74WrrjDE1LMaWDJvsEQvLFkTVCYMdm5rkqpkqxBsz0/q0o+OGF+e1taSF3OzmqmUxs1yEK0q7vFUbfDkRWW9frrP5UF9nMtl9H3brOm/YtbpgyLMw=
+ </pre>
+</div>
+</div>
</body>
</document>