You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/12/05 10:24:22 UTC
tomee git commit: TOMEE-1979 allowing to cipher properties of the context for JNDIContext

Repository: tomee
Updated Branches:
  refs/heads/master 1aa6c9f6d -> 52067addf


TOMEE-1979 allowing to cipher properties of the context for JNDIContext


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/52067add
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/52067add
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/52067add

Branch: refs/heads/master
Commit: 52067addf6f5a0e1bc97a64cc32a6a7730974503
Parents: 1aa6c9f
Author: rmannibucau <rm...@apache.org>
Authored: Mon Dec 5 11:24:11 2016 +0100
Committer: rmannibucau <rm...@apache.org>
Committed: Mon Dec 5 11:24:11 2016 +0100

----------------------------------------------------------------------
 .../org/apache/openejb/client/JNDIContext.java  | 87 +++++++++++++++-----
 .../apache/openejb/client/JNDIContextTest.java  | 15 ++++
 .../openejb/ClientContextCipheringTest.java     | 37 +++++++++
 3 files changed, 120 insertions(+), 19 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
index d5549e2..1124eb9 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
@@ -20,8 +20,28 @@ import org.apache.openejb.client.event.RemoteInitialContextCreated;
 import org.apache.openejb.client.serializer.EJBDSerializer;
 import org.omg.CORBA.ORB;
 
+import javax.naming.AuthenticationException;
+import javax.naming.Binding;
+import javax.naming.CompoundName;
+import javax.naming.ConfigurationException;
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.Name;
+import javax.naming.NameClassPair;
+import javax.naming.NameNotFoundException;
+import javax.naming.NameParser;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.OperationNotSupportedException;
+import javax.naming.Reference;
+import javax.naming.ServiceUnavailableException;
+import javax.naming.spi.InitialContextFactory;
+import javax.naming.spi.NamingManager;
+import javax.sql.DataSource;
 import java.io.Serializable;
 import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.net.ConnectException;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -41,24 +61,6 @@ import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import javax.naming.AuthenticationException;
-import javax.naming.Binding;
-import javax.naming.CompoundName;
-import javax.naming.ConfigurationException;
-import javax.naming.Context;
-import javax.naming.InvalidNameException;
-import javax.naming.Name;
-import javax.naming.NameClassPair;
-import javax.naming.NameNotFoundException;
-import javax.naming.NameParser;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
-import javax.naming.Reference;
-import javax.naming.ServiceUnavailableException;
-import javax.naming.spi.InitialContextFactory;
-import javax.naming.spi.NamingManager;
-import javax.sql.DataSource;
 
 /**
  * @version $Rev$ $Date$
@@ -73,6 +75,8 @@ public class JNDIContext implements InitialContextFactory, Context {
     public static final String POOL_QUEUE_SIZE = "openejb.client.invoker.queue";
     public static final String POOL_THREAD_NUMBER = "openejb.client.invoker.threads";
 
+    private static final Decipher DECIPHER;
+
     private String tail = "/";
     private ServerMetaData server;
     private ClientMetaData client;
@@ -85,11 +89,33 @@ public class JNDIContext implements InitialContextFactory, Context {
     static {
         ClassLoader classLoader = Client.class.getClassLoader();
         Class<?> container;
+        Decipher decipher;
         try {
             container = Class.forName("org.apache.openejb.OpenEJB", false, classLoader);
+            final Class<?> propertyPlaceHolderHelper  = Class.forName("org.apache.openejb.util.PropertyPlaceHolderHelper", false, classLoader);
+            final Method simpleValue = propertyPlaceHolderHelper.getMethod("simpleValue", String.class);
+            decipher = new Decipher() {
+                @Override
+                public String decipher(final String from) {
+                    try {
+                        return String.class.cast(simpleValue.invoke(null, from));
+                    } catch (final IllegalAccessException e) {
+                        throw new IllegalStateException(e);
+                    } catch (final InvocationTargetException e) {
+                        throw new IllegalStateException(e.getCause());
+                    }
+                }
+            };
         } catch (final Throwable e) {
             container = null;
+            decipher = new Decipher() {
+                @Override
+                public String decipher(final String from) {
+                    return from;
+                }
+            };
         }
+        DECIPHER = decipher;
         if (classLoader == ClassLoader.getSystemClassLoader() || Boolean.getBoolean("openejb.client.flus-tasks")
             || (container != null && container.getClassLoader() == classLoader)) {
             Runtime.getRuntime().addShutdownHook(new Thread() {
@@ -224,7 +250,7 @@ public class JNDIContext implements InitialContextFactory, Context {
         if (environment == null) {
             throw new NamingException("Invalid argument, hashtable cannot be null.");
         } else {
-            env = (Hashtable) environment.clone();
+            env = decipher((Hashtable) environment.clone());
         }
 
         final String userID = (String) env.get(Context.SECURITY_PRINCIPAL);
@@ -284,6 +310,25 @@ public class JNDIContext implements InitialContextFactory, Context {
         return this;
     }
 
+    private Hashtable decipher(final Hashtable clone) {
+        Decipher decipher = Decipher.class.cast(clone.get(Decipher.class.getName()));
+        if (decipher == null) {
+            decipher = DECIPHER;
+        }
+        for (final Object key : clone.keySet()) {
+            if (String.class.isInstance(key)) {
+                final Object value = clone.get(key);
+                if (String.class.isInstance(value)) {
+                    final String val = decipher.decipher(String.class.cast(value));
+                    if (!val.equals(value)) {
+                        clone.put(key, val);
+                    }
+                }
+            }
+        }
+        return clone;
+    }
+
     private static String getProperty(final Hashtable env, final String key, final String defaultValue) {
         Object value = env == null ? null : env.get(key);
         if (value != null) {
@@ -863,5 +908,9 @@ public class JNDIContext implements InitialContextFactory, Context {
             return password;
         }
     }
+
+    public interface Decipher {
+        String decipher(String from);
+    }
 }
 

http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
index de21365..6776c34 100755
--- a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
+++ b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
@@ -20,6 +20,7 @@ import org.junit.Assert;
 import org.junit.Test;
 
 import javax.naming.Context;
+import javax.naming.NamingException;
 import java.util.Hashtable;
 
 /**
@@ -27,6 +28,20 @@ import java.util.Hashtable;
  */
 @SuppressWarnings("UseOfObsoleteCollectionType")
 public class JNDIContextTest {
+    @Test
+    public void customCipher() throws NamingException {
+        final JNDIContext jndiContext = new JNDIContext();
+        final Hashtable<String, Object> env = new Hashtable<>();
+        env.put(JNDIContext.Decipher.class.getName(), new JNDIContext.Decipher() {
+            @Override
+            public String decipher(final String from) {
+                return "ejbd://localhost:1234";
+            }
+        });
+        env.put(Context.PROVIDER_URL, "replaced");
+        jndiContext.getInitialContext(env);
+        Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString());
+    }
 
     @Test
     public void testGetInitialContext() throws Exception {

http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
----------------------------------------------------------------------
diff --git a/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
new file mode 100644
index 0000000..a57a457
--- /dev/null
+++ b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb;
+
+import org.apache.openejb.cipher.StaticDESPasswordCipher;
+import org.apache.openejb.client.JNDIContext;
+import org.junit.Assert;
+import org.junit.Test;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import java.util.Hashtable;
+
+public class ClientContextCipheringTest {
+    @Test
+    public void customCipher() throws NamingException {
+        final JNDIContext jndiContext = new JNDIContext();
+        final Hashtable<String, Object> env = new Hashtable<>();
+        env.put(Context.PROVIDER_URL, "cipher:Static3DES:" + String.valueOf(new StaticDESPasswordCipher().encrypt("ejbd://localhost:1234")));
+        jndiContext.getInitialContext(env);
+        Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString());
+    }
+}