You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ranger.apache.org by sn...@apache.org on 2014/09/17 17:16:26 UTC
git commit: ARGUS-46-47:DB Password Encryption Implemented
Repository: incubator-argus
Updated Branches:
refs/heads/master ee0a04eb7 -> e5dab0670
ARGUS-46-47:DB Password Encryption Implemented
Signed-off-by: sneethiraj <sn...@apache.org>
Project: http://git-wip-us.apache.org/repos/asf/incubator-argus/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-argus/commit/e5dab067
Tree: http://git-wip-us.apache.org/repos/asf/incubator-argus/tree/e5dab067
Diff: http://git-wip-us.apache.org/repos/asf/incubator-argus/diff/e5dab067
Branch: refs/heads/master
Commit: e5dab0670ac490f8d3a5ef68fd4eb06168ebae8f
Parents: ee0a04e
Author: vperiasamy <vp...@hortonworks.com>
Authored: Wed Sep 17 10:18:08 2014 -0400
Committer: sneethiraj <sn...@apache.org>
Committed: Wed Sep 17 11:16:09 2014 -0400
----------------------------------------------------------------------
security-admin/scripts/install.sh | 35 ++++-
.../com/xasecure/biz/AssetConnectionMgr.java | 18 ++-
.../main/java/com/xasecure/biz/AssetMgr.java | 14 ++
.../java/com/xasecure/common/PasswordUtils.java | 143 +++++++++++++++++++
.../java/com/xasecure/common/db/BaseDao.java | 17 +++
.../patch/PatchPasswordEncryption_J10001.java | 84 +++++++++++
.../com/xasecure/service/XAssetService.java | 68 +++++++++
7 files changed, 375 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/scripts/install.sh
----------------------------------------------------------------------
diff --git a/security-admin/scripts/install.sh b/security-admin/scripts/install.sh
index f32422c..35eb94e 100755
--- a/security-admin/scripts/install.sh
+++ b/security-admin/scripts/install.sh
@@ -798,7 +798,39 @@ restart_policymgr(){
log "[I] Restarting xapolicymgr DONE";
}
-
+execute_java_patches(){
+ dt=`date '+%s'`
+ tempFile=/tmp/sql_${dt}_$$.sql
+ mysqlexec="${MYSQL_BIN} -u ${db_user} --password="${db_password}" -h ${MYSQL_HOST} ${db_name}"
+ javaFiles=`ls -1 $app_home/WEB-INF/classes/com/xasecure/patch/Patch*.class 2> /dev/null | awk -F/ '{ print $NF }' | awk -F_J '{ print $2, $0 }' | sort -k1 -n | awk '{ printf("%s\n",$2) ; }'`
+ for javaPatch in ${javaFiles}
+ do
+ if test -f "$app_home/WEB-INF/classes/com/xasecure/patch/$javaPatch"; then
+ className=$(basename "$javaPatch" .class)
+ version=`echo ${className} | awk -F'_' '{ print $2 }'`
+ if [ "${version}" != "" ]
+ then
+ c=`${mysqlexec} -B --skip-column-names -e "select count(id) from x_db_version_h where version = '${version}' and active = 'Y'"`
+ check_ret_status $? "DBVerionCheck - ${version} Failed."
+ if [ ${c} -eq 0 ]
+ then
+ log "[I] patch ${javaPatch} is being applied..";
+ msg=`java -cp "$app_home/WEB-INF/:$app_home/META-INF/:$app_home/WEB-INF/lib/*:$app_home/WEB-INF/classes/:$app_home/WEB-INF/classes/META-INF/" com.xasecure.patch.${className}`
+ check_ret_status $? "Unable to apply patch:$javaPatch"
+ touch ${tempFile}
+ echo >> ${tempFile}
+ echo "insert into x_db_version_h (version, inst_at, inst_by, updated_at, updated_by) values ( '${version}', now(), user(), now(), user()) ;" >> ${tempFile}
+ ${mysqlexec} < ${tempFile}
+ check_ret_status $? "Update patch - ${javaPatch} has failed."
+ rm -f ${tempFile}
+ log "[I] patch ${javaPatch} has been applied!!";
+ else
+ log "[I] - patch [${javaPatch}] is already applied. Skipping ..."
+ fi
+ fi
+ fi
+ done
+}
init_logfiles
log " --------- Running XASecure PolicyManager Web Application Install Script --------- "
log "[I] uname=`uname`"
@@ -821,4 +853,5 @@ update_properties
do_authentication_setup
copy_to_webapps
restart_policymgr
+execute_java_patches
echo "Installation of XASecure PolicyManager Web Application is completed."
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
index 03ac341..5b5e07d 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetConnectionMgr.java
@@ -41,6 +41,7 @@ import com.xasecure.hbase.client.HBaseClient;
import com.xasecure.hive.client.HiveClient;
import com.xasecure.knox.client.KnoxClient;
import com.xasecure.storm.client.StormClient;
+import com.xasecure.service.XAssetService;
import com.xasecure.view.VXAsset;
@Component
@@ -64,6 +65,9 @@ public class AssetConnectionMgr {
@Autowired
protected XADaoManager xADaoManager;
+ @Autowired
+ XAssetService xAssetService;
+
public AssetConnectionMgr(){
hadoopConnectionCache = new HashMap<String, HadoopFS>();
hiveConnectionCache = new HashMap<String, HiveClient>();
@@ -81,7 +85,9 @@ public class AssetConnectionMgr {
if (hadoopFS == null) {
// if it doesn't exist in cache then create the connection
String config = asset.getConfig();
-
+ if(!stringUtil.isEmpty(config)){
+ config=xAssetService.getConfigWithDecryptedPassword(config);
+ }
// FIXME remove this once we start using putting config for
// default asset "hadoopdev" (should come from properties)
if (stringUtil.isEmpty(config)
@@ -150,7 +156,8 @@ public class AssetConnectionMgr {
hiveClient = hiveConnectionCache.get(asset.getName());
if (hiveClient == null) {
String config = asset.getConfig();
- if (!stringUtil.isEmpty(config)) {
+ if (!stringUtil.isEmpty(config)) {
+ config=xAssetService.getConfigWithDecryptedPassword(config);
final HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
.jsonToMap(config);
@@ -198,6 +205,9 @@ public class AssetConnectionMgr {
logger.error("Asset is null", new Throwable());
} else {
String config = asset.getConfig();
+ if(!stringUtil.isEmpty(config)){
+ config=xAssetService.getConfigWithDecryptedPassword(config);
+ }
knoxClient = getKnoxClientByConfig(config);
}
return knoxClient;
@@ -261,7 +271,9 @@ public class AssetConnectionMgr {
if (client == null) {
// if it doesn't exist in cache then create the connection
String config = asset.getConfig();
-
+ if(!stringUtil.isEmpty(config)){
+ config=xAssetService.getConfigWithDecryptedPassword(config);
+ }
// FIXME remove this once we start using putting config for
// default asset "dev-hive" (should come from properties)
if (stringUtil.isEmpty(config)
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
index 7c46ac9..da05ab6 100644
--- a/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
+++ b/security-admin/src/main/java/com/xasecure/biz/AssetMgr.java
@@ -1202,6 +1202,8 @@ public class AssetMgr extends AssetMgrBase {
if (usb != null && usb.isUserAdmin()) {
String defaultConfig = vXAsset.getConfig();
+ defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,false);
+ vXAsset.setConfig(defaultConfig);
VXAsset createdVXAsset = (VXAsset) xAssetService
.createResource(vXAsset);
String udpatedConfig = vXAsset.getConfig();
@@ -1335,6 +1337,17 @@ public class AssetMgr extends AssetMgrBase {
public VXAsset updateXAsset(VXAsset vXAsset) {
UserSessionBase usb = ContextUtil.getCurrentUserSession();
if (usb != null && usb.isUserAdmin()) {
+ String newConfig=vXAsset.getConfig();
+ HashMap<String, String> configMap = (HashMap<String, String>) jsonUtil
+ .jsonToMap(newConfig);
+ String password = configMap.get("password");
+ String hiddenPasswordString = PropertiesUtil.getProperty(
+ "xa.password.hidden", "*****");
+ if (password != null && !password.equals(hiddenPasswordString)) {
+ String defaultConfig = vXAsset.getConfig();
+ defaultConfig=xAssetService.getConfigWithEncryptedPassword(defaultConfig,true);
+ vXAsset.setConfig(defaultConfig);
+ }
XXAsset xAsset = xADaoManager.getXXAsset()
.getById(vXAsset.getId());
@@ -1564,6 +1577,7 @@ public class AssetMgr extends AssetMgrBase {
if (existingVXAsset != null
&& existingVXAsset.getConfig() != null) {
String existingConfig = existingVXAsset.getConfig();
+ existingConfig=xAssetService.getConfigWithDecryptedPassword(existingConfig);
HashMap<String, String> existingConfigMap = (HashMap<String, String>) jsonUtil
.jsonToMap(existingConfig);
String existingPassword = existingConfigMap.get("password");
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java b/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
new file mode 100644
index 0000000..ca7a96e
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/common/PasswordUtils.java
@@ -0,0 +1,143 @@
+package com.xasecure.common;
+import java.io.IOException;
+import java.util.Map;
+
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import com.sun.jersey.core.util.Base64;
+public class PasswordUtils {
+
+ private static final Logger LOG = LoggerFactory.getLogger(PasswordUtils.class) ;
+
+ private static final char[] ENCRYPT_KEY = "tzL1AKl5uc4NKYaoQ4P3WLGIBFPXWPWdu1fRm9004jtQiV".toCharArray() ;
+
+ private static final byte[] SALT = "f77aLYLo".getBytes() ;
+
+ private static final int ITERATION_COUNT = 17 ;
+
+ private static final String CRYPT_ALGO = "PBEWithMD5AndDES" ;
+
+ private static final String PBE_KEY_ALGO = "PBEWithMD5AndDES" ;
+
+ private static final String LEN_SEPARATOR_STR = ":" ;
+
+ public static String encryptPassword(String aPassword) throws IOException {
+ Map<String, String> env = System.getenv();
+ String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+ char[] encryptKey;
+ if (encryptKeyStr == null) {
+ encryptKey=ENCRYPT_KEY;
+ }else{
+ encryptKey=encryptKeyStr.toCharArray();
+ }
+ String saltStr = env.get("ENCRYPT_SALT") ;
+ byte[] salt;
+ if (saltStr == null) {
+ salt = SALT ;
+ }else{
+ salt=saltStr.getBytes();
+ }
+ String ret = null ;
+ String strToEncrypt = null ;
+ if (aPassword == null) {
+ strToEncrypt = "" ;
+ }
+ else {
+ strToEncrypt = aPassword.length() + LEN_SEPARATOR_STR + aPassword ;
+ }
+ try {
+ Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+ PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+ SecretKey key = skf.generateSecret(keySpec) ;
+ engine.init(Cipher.ENCRYPT_MODE, key, new PBEParameterSpec(salt, ITERATION_COUNT));
+ byte[] encryptedStr = engine.doFinal(strToEncrypt.getBytes()) ;
+ ret = new String(Base64.encode(encryptedStr)) ;
+ }
+ catch(Throwable t) {
+ LOG.error("Unable to encrypt password due to error", t);
+ throw new IOException("Unable to encrypt password due to error", t) ;
+ }
+ return ret ;
+ }
+
+ public static String decryptPassword(String aPassword) throws IOException {
+ String ret = null ;
+ Map<String, String> env = System.getenv();
+ String encryptKeyStr = env.get("ENCRYPT_KEY") ;
+ char[] encryptKey;
+ if (encryptKeyStr == null) {
+ encryptKey=ENCRYPT_KEY;
+ }else{
+ encryptKey=encryptKeyStr.toCharArray();
+ }
+ String saltStr = env.get("ENCRYPT_SALT") ;
+ byte[] salt;
+ if (saltStr == null) {
+ salt = SALT ;
+ }else{
+ salt=saltStr.getBytes();
+ }
+ try {
+ byte[] decodedPassword = Base64.decode(aPassword) ;
+ Cipher engine = Cipher.getInstance(CRYPT_ALGO) ;
+ PBEKeySpec keySpec = new PBEKeySpec(encryptKey) ;
+ SecretKeyFactory skf = SecretKeyFactory.getInstance(PBE_KEY_ALGO) ;
+ SecretKey key = skf.generateSecret(keySpec) ;
+ engine.init(Cipher.DECRYPT_MODE, key,new PBEParameterSpec(salt, ITERATION_COUNT));
+ String decrypted = new String(engine.doFinal(decodedPassword)) ;
+ int foundAt = decrypted.indexOf(LEN_SEPARATOR_STR) ;
+ if (foundAt > -1) {
+ if (decrypted.length() > foundAt) {
+ ret = decrypted.substring(foundAt+1) ;
+ }
+ else {
+ ret = "" ;
+ }
+ }
+ else {
+ ret = null;
+ }
+ }
+ catch(Throwable t) {
+ LOG.error("Unable to decrypt password due to error", t);
+ throw new IOException("Unable to decrypt password due to error", t) ;
+ }
+ return ret ;
+ }
+
+ public static void main(String[] args) {
+ String[] testPasswords = { "a", "a123", "dsfdsgdg", "*7263^5#", "", null } ;
+ for(String password : testPasswords) {
+ try {
+ String ePassword = PasswordUtils.encryptPassword(password) ;
+ String dPassword = PasswordUtils.decryptPassword(ePassword) ;
+ if (password == null ) {
+ if (dPassword != null) {
+ throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ;
+ }
+ else {
+ System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ;
+ }
+ }
+ else if (! password.equals(dPassword)) {
+ throw new RuntimeException("The password expected [" + password + "]. Found [" + dPassword + "]") ;
+ }
+ else {
+ System.out.println("Password: [" + password + "] matched after decrypt. Encrypted: [" + ePassword + "]") ;
+ }
+ }
+ catch(IOException ioe) {
+ ioe.printStackTrace();
+ System.out.println("Password verification failed for password [" + password + "]:" + ioe) ;
+ }
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java b/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
index b41a490..3d22257 100644
--- a/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
+++ b/security-admin/src/main/java/com/xasecure/common/db/BaseDao.java
@@ -195,5 +195,22 @@ public abstract class BaseDao<T> {
public Long executeCountQueryInSecurityContext(Class<T> clazz, Query query) {
return executeCountQueryInSecurityContext(clazz, query, true);
}
+
+ public List<T> getAll() {
+ List<T> ret = null;
+ TypedQuery<T> qry = em.createQuery(
+ "SELECT t FROM " + tClass.getSimpleName() + " t", tClass);
+ ret = qry.getResultList();
+ return ret;
+ }
+
+ public Long getAllCount() {
+ Long ret = null;
+ TypedQuery<Long> qry = em.createQuery(
+ "SELECT count(t) FROM " + tClass.getSimpleName() + " t",
+ Long.class);
+ ret = qry.getSingleResult();
+ return ret;
+ }
}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java b/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
new file mode 100644
index 0000000..9392510
--- /dev/null
+++ b/security-admin/src/main/java/com/xasecure/patch/PatchPasswordEncryption_J10001.java
@@ -0,0 +1,84 @@
+package com.xasecure.patch;
+
+import java.util.List;
+
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.xasecure.common.StringUtil;
+import com.xasecure.db.XADaoManager;
+import com.xasecure.entity.XXAsset;
+import com.xasecure.service.XAssetService;
+import com.xasecure.util.CLIUtil;
+
+@Component
+public class PatchPasswordEncryption_J10001 extends BaseLoader {
+ static Logger logger = Logger.getLogger(PatchPasswordEncryption_J10001.class);
+ int lineCount = 0;
+
+ @Autowired
+ XADaoManager xaDaoManager;
+
+ @Autowired
+ StringUtil stringUtil;
+
+ @Autowired
+ XAssetService xAssetService;
+
+ public PatchPasswordEncryption_J10001() {
+ }
+
+
+ @Override
+ public void printStats() {
+ logger.info("Time taken so far:" + timeTakenSoFar(lineCount)
+ + ", moreToProcess=" + isMoreToProcess());
+ print(lineCount, "Processed lines");
+ }
+
+ @Override
+ public void execLoad() {
+ encryptLookupUserPassword();
+ }
+
+ private void encryptLookupUserPassword() {
+ List<XXAsset> xAssetList = xaDaoManager.getXXAsset().getAll();
+ String oldConfig=null;
+ String newConfig=null;
+ for (XXAsset xAsset : xAssetList) {
+ oldConfig=null;
+ newConfig=null;
+ oldConfig=xAsset.getConfig();
+ if(!stringUtil.isEmpty(oldConfig)){
+ newConfig=xAssetService.getConfigWithEncryptedPassword(oldConfig,false);
+ xAsset.setConfig(newConfig);
+ xaDaoManager.getXXAsset().update(xAsset);
+ }
+ lineCount++;
+ logger.info("Lookup Password updated for Asset : "
+ + xAsset.getName());
+ logger.info("oldconfig : "+ oldConfig);
+ logger.info("newConfig : "+ newConfig);
+ print(lineCount, "Total updated assets count : ");
+ }
+ }
+
+ public static void main(String[] args) {
+ logger.info("main()");
+ try {
+ PatchPasswordEncryption_J10001 loader = (PatchPasswordEncryption_J10001) CLIUtil
+ .getBean(PatchPasswordEncryption_J10001.class);
+ //loader.init();
+ while (loader.isMoreToProcess()) {
+ loader.load();
+ }
+ logger.info("Load complete. Exiting!!!");
+ System.exit(0);
+ }catch (Exception e) {
+ logger.error("Error loading", e);
+ System.exit(1);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/incubator-argus/blob/e5dab067/security-admin/src/main/java/com/xasecure/service/XAssetService.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/com/xasecure/service/XAssetService.java b/security-admin/src/main/java/com/xasecure/service/XAssetService.java
index 5463817..3b3d651 100644
--- a/security-admin/src/main/java/com/xasecure/service/XAssetService.java
+++ b/security-admin/src/main/java/com/xasecure/service/XAssetService.java
@@ -19,6 +19,7 @@
package com.xasecure.service;
+import java.io.IOException;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.HashMap;
@@ -30,6 +31,7 @@ import java.util.regex.Pattern;
import com.xasecure.common.JSONUtil;
import com.xasecure.common.MessageEnums;
+import com.xasecure.common.PasswordUtils;
import com.xasecure.common.PropertiesUtil;
import com.xasecure.common.SearchField;
import com.xasecure.common.SearchField.DATA_TYPE;
@@ -177,6 +179,17 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
return entry;
}
+ private Entry<String, String> getIsEncryptedEntry(Map<String, String> configMap){
+ Entry<String, String> entry = null;
+ for(Entry<String, String> e : configMap.entrySet()) {
+ if(e.getKey().toLowerCase().contains("isencrypted")){
+ entry = e;
+ break;
+ }
+ }
+ return entry;
+ }
+
public void validateConfig(VXAsset vObj) {
HashMap<String, Object> configrationMap = null;
if (vObj.getAssetType() == AppConstants.ASSET_HDFS) {
@@ -329,4 +342,59 @@ public class XAssetService extends XAssetServiceBase<XXAsset, VXAsset> {
return trxLogList;
}
+
+ public String getConfigWithEncryptedPassword(String config,boolean isForced){
+ try {
+ if (config != null && !config.isEmpty()) {
+ Map<String, String> configMap = jsonUtil.jsonToMap(config);
+ Entry<String, String> passwordEntry = getPasswordEntry(configMap);
+ Entry<String, String> isEncryptedEntry = getIsEncryptedEntry(configMap);
+ if (passwordEntry != null){
+ if(isEncryptedEntry==null || !isEncryptedEntry.getValue().equalsIgnoreCase("true")||isForced==true){
+ String password=passwordEntry.getValue();
+ String encryptPassword=PasswordUtils.encryptPassword(password);
+ String decryptPassword=PasswordUtils.decryptPassword(encryptPassword);
+ if(decryptPassword.equalsIgnoreCase(password)){
+ configMap.put(passwordEntry.getKey(),
+ encryptPassword);
+ configMap.put("isencrypted", "true");
+ }
+ }
+ }
+ config = jsonUtil.readMapToString(configMap);
+ }
+ } catch (IOException e) {
+ String errorMessage = "Password encryption error";
+ throw restErrorUtil.createRESTException(errorMessage,
+ MessageEnums.INVALID_INPUT_DATA, null, null,
+ e.getMessage());
+ }
+ return config;
+ }
+ public String getConfigWithDecryptedPassword(String config){
+ try {
+ if (config != null && !config.isEmpty()) {
+ Map<String, String> configMap = jsonUtil.jsonToMap(config);
+ Entry<String, String> passwordEntry = getPasswordEntry(configMap);
+ Entry<String, String> isEncryptedEntry = getIsEncryptedEntry(configMap);
+ if (isEncryptedEntry!=null && passwordEntry != null){
+ if (!stringUtil.isEmpty(isEncryptedEntry.getValue())
+ && isEncryptedEntry.getValue().equalsIgnoreCase(
+ "true")) {
+ String encryptPassword = passwordEntry.getValue();
+ String decryptPassword = PasswordUtils
+ .decryptPassword(encryptPassword);
+ configMap.put(passwordEntry.getKey(), decryptPassword);
+ }
+ }
+ config = jsonUtil.readMapToString(configMap);
+ }
+ } catch (IOException e) {
+ String errorMessage = "Password decryption error";
+ throw restErrorUtil.createRESTException(errorMessage,
+ MessageEnums.INVALID_INPUT_DATA, null, null,
+ e.getMessage());
+ }
+ return config;
+ }
}