You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by rm...@apache.org on 2016/12/05 10:24:22 UTC
tomee git commit: TOMEE-1979 allowing to cipher properties of the
context for JNDIContext
Repository: tomee
Updated Branches:
refs/heads/master 1aa6c9f6d -> 52067addf
TOMEE-1979 allowing to cipher properties of the context for JNDIContext
Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/52067add
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/52067add
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/52067add
Branch: refs/heads/master
Commit: 52067addf6f5a0e1bc97a64cc32a6a7730974503
Parents: 1aa6c9f
Author: rmannibucau <rm...@apache.org>
Authored: Mon Dec 5 11:24:11 2016 +0100
Committer: rmannibucau <rm...@apache.org>
Committed: Mon Dec 5 11:24:11 2016 +0100
----------------------------------------------------------------------
.../org/apache/openejb/client/JNDIContext.java | 87 +++++++++++++++-----
.../apache/openejb/client/JNDIContextTest.java | 15 ++++
.../openejb/ClientContextCipheringTest.java | 37 +++++++++
3 files changed, 120 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
index d5549e2..1124eb9 100644
--- a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
+++ b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java
@@ -20,8 +20,28 @@ import org.apache.openejb.client.event.RemoteInitialContextCreated;
import org.apache.openejb.client.serializer.EJBDSerializer;
import org.omg.CORBA.ORB;
+import javax.naming.AuthenticationException;
+import javax.naming.Binding;
+import javax.naming.CompoundName;
+import javax.naming.ConfigurationException;
+import javax.naming.Context;
+import javax.naming.InvalidNameException;
+import javax.naming.Name;
+import javax.naming.NameClassPair;
+import javax.naming.NameNotFoundException;
+import javax.naming.NameParser;
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.OperationNotSupportedException;
+import javax.naming.Reference;
+import javax.naming.ServiceUnavailableException;
+import javax.naming.spi.InitialContextFactory;
+import javax.naming.spi.NamingManager;
+import javax.sql.DataSource;
import java.io.Serializable;
import java.lang.reflect.Constructor;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.net.ConnectException;
import java.net.URI;
import java.net.URISyntaxException;
@@ -41,24 +61,6 @@ import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.logging.Level;
import java.util.logging.Logger;
-import javax.naming.AuthenticationException;
-import javax.naming.Binding;
-import javax.naming.CompoundName;
-import javax.naming.ConfigurationException;
-import javax.naming.Context;
-import javax.naming.InvalidNameException;
-import javax.naming.Name;
-import javax.naming.NameClassPair;
-import javax.naming.NameNotFoundException;
-import javax.naming.NameParser;
-import javax.naming.NamingEnumeration;
-import javax.naming.NamingException;
-import javax.naming.OperationNotSupportedException;
-import javax.naming.Reference;
-import javax.naming.ServiceUnavailableException;
-import javax.naming.spi.InitialContextFactory;
-import javax.naming.spi.NamingManager;
-import javax.sql.DataSource;
/**
* @version $Rev$ $Date$
@@ -73,6 +75,8 @@ public class JNDIContext implements InitialContextFactory, Context {
public static final String POOL_QUEUE_SIZE = "openejb.client.invoker.queue";
public static final String POOL_THREAD_NUMBER = "openejb.client.invoker.threads";
+ private static final Decipher DECIPHER;
+
private String tail = "/";
private ServerMetaData server;
private ClientMetaData client;
@@ -85,11 +89,33 @@ public class JNDIContext implements InitialContextFactory, Context {
static {
ClassLoader classLoader = Client.class.getClassLoader();
Class<?> container;
+ Decipher decipher;
try {
container = Class.forName("org.apache.openejb.OpenEJB", false, classLoader);
+ final Class<?> propertyPlaceHolderHelper = Class.forName("org.apache.openejb.util.PropertyPlaceHolderHelper", false, classLoader);
+ final Method simpleValue = propertyPlaceHolderHelper.getMethod("simpleValue", String.class);
+ decipher = new Decipher() {
+ @Override
+ public String decipher(final String from) {
+ try {
+ return String.class.cast(simpleValue.invoke(null, from));
+ } catch (final IllegalAccessException e) {
+ throw new IllegalStateException(e);
+ } catch (final InvocationTargetException e) {
+ throw new IllegalStateException(e.getCause());
+ }
+ }
+ };
} catch (final Throwable e) {
container = null;
+ decipher = new Decipher() {
+ @Override
+ public String decipher(final String from) {
+ return from;
+ }
+ };
}
+ DECIPHER = decipher;
if (classLoader == ClassLoader.getSystemClassLoader() || Boolean.getBoolean("openejb.client.flus-tasks")
|| (container != null && container.getClassLoader() == classLoader)) {
Runtime.getRuntime().addShutdownHook(new Thread() {
@@ -224,7 +250,7 @@ public class JNDIContext implements InitialContextFactory, Context {
if (environment == null) {
throw new NamingException("Invalid argument, hashtable cannot be null.");
} else {
- env = (Hashtable) environment.clone();
+ env = decipher((Hashtable) environment.clone());
}
final String userID = (String) env.get(Context.SECURITY_PRINCIPAL);
@@ -284,6 +310,25 @@ public class JNDIContext implements InitialContextFactory, Context {
return this;
}
+ private Hashtable decipher(final Hashtable clone) {
+ Decipher decipher = Decipher.class.cast(clone.get(Decipher.class.getName()));
+ if (decipher == null) {
+ decipher = DECIPHER;
+ }
+ for (final Object key : clone.keySet()) {
+ if (String.class.isInstance(key)) {
+ final Object value = clone.get(key);
+ if (String.class.isInstance(value)) {
+ final String val = decipher.decipher(String.class.cast(value));
+ if (!val.equals(value)) {
+ clone.put(key, val);
+ }
+ }
+ }
+ }
+ return clone;
+ }
+
private static String getProperty(final Hashtable env, final String key, final String defaultValue) {
Object value = env == null ? null : env.get(key);
if (value != null) {
@@ -863,5 +908,9 @@ public class JNDIContext implements InitialContextFactory, Context {
return password;
}
}
+
+ public interface Decipher {
+ String decipher(String from);
+ }
}
http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
----------------------------------------------------------------------
diff --git a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
index de21365..6776c34 100755
--- a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
+++ b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java
@@ -20,6 +20,7 @@ import org.junit.Assert;
import org.junit.Test;
import javax.naming.Context;
+import javax.naming.NamingException;
import java.util.Hashtable;
/**
@@ -27,6 +28,20 @@ import java.util.Hashtable;
*/
@SuppressWarnings("UseOfObsoleteCollectionType")
public class JNDIContextTest {
+ @Test
+ public void customCipher() throws NamingException {
+ final JNDIContext jndiContext = new JNDIContext();
+ final Hashtable<String, Object> env = new Hashtable<>();
+ env.put(JNDIContext.Decipher.class.getName(), new JNDIContext.Decipher() {
+ @Override
+ public String decipher(final String from) {
+ return "ejbd://localhost:1234";
+ }
+ });
+ env.put(Context.PROVIDER_URL, "replaced");
+ jndiContext.getInitialContext(env);
+ Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString());
+ }
@Test
public void testGetInitialContext() throws Exception {
http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
----------------------------------------------------------------------
diff --git a/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
new file mode 100644
index 0000000..a57a457
--- /dev/null
+++ b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java
@@ -0,0 +1,37 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.openejb;
+
+import org.apache.openejb.cipher.StaticDESPasswordCipher;
+import org.apache.openejb.client.JNDIContext;
+import org.junit.Assert;
+import org.junit.Test;
+
+import javax.naming.Context;
+import javax.naming.NamingException;
+import java.util.Hashtable;
+
+public class ClientContextCipheringTest {
+ @Test
+ public void customCipher() throws NamingException {
+ final JNDIContext jndiContext = new JNDIContext();
+ final Hashtable<String, Object> env = new Hashtable<>();
+ env.put(Context.PROVIDER_URL, "cipher:Static3DES:" + String.valueOf(new StaticDESPasswordCipher().encrypt("ejbd://localhost:1234")));
+ jndiContext.getInitialContext(env);
+ Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString());
+ }
+}