You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by gn...@apache.org on 2010/09/14 21:22:37 UTC
svn commit: r997051 - in /karaf/trunk/jaas:
jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/
modules/src/main/java/org/apache/karaf/jaas/modules/
modules/src/main/java/org/apache/karaf/jaas/modules/encryption/
modules/src/main/java/org/apache/ka...
Author: gnodet
Date: Tue Sep 14 19:22:36 2010
New Revision: 997051
URL: http://svn.apache.org/viewvc?rev=997051&view=rev
Log:
KARAF-34: Introduce an EncryptionService interface for more flexibility
Added:
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionService.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryptionService.java
Modified:
karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
Modified: karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java?rev=997051&r1=997050&r2=997051&view=diff
==============================================================================
--- karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java (original)
+++ karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryption.java Tue Sep 14 19:22:36 2010
@@ -2,6 +2,20 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
@@ -14,6 +28,8 @@
*/
package org.apache.karaf.jaas.jasypt.impl;
+import java.util.Map;
+
import org.apache.karaf.jaas.modules.Encryption;
import org.jasypt.util.password.ConfigurablePasswordEncryptor;
@@ -33,11 +49,12 @@ public class JasyptEncryption implements
* Default constructor with the encryption algorithm.
* </p>
*
- * @algorithm the encryption algorithm to use.
+ * @param params encryption parameters
*/
- public JasyptEncryption(String algorithm) {
+ public JasyptEncryption(Map<String,String> params) {
this.passwordEncryptor = new ConfigurablePasswordEncryptor();
- this.passwordEncryptor.setAlgorithm(algorithm);
+
+ // TODO: configure
}
/*
Added: karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionService.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionService.java?rev=997051&view=auto
==============================================================================
--- karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionService.java (added)
+++ karaf/trunk/jaas/jasypt/src/main/java/org/apache/karaf/jaas/jasypt/impl/JasyptEncryptionService.java Tue Sep 14 19:22:36 2010
@@ -0,0 +1,27 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.jasypt.impl;
+
+import java.util.Map;
+
+import org.apache.karaf.jaas.modules.Encryption;
+import org.apache.karaf.jaas.modules.EncryptionService;
+
+public class JasyptEncryptionService implements EncryptionService {
+
+ public Encryption createEncryption(Map<String, String> params) throws IllegalArgumentException {
+ return new JasyptEncryption(params);
+ }
+}
Modified: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java?rev=997051&r1=997050&r2=997051&view=diff
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java (original)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/AbstractKarafLoginModule.java Tue Sep 14 19:22:36 2010
@@ -15,6 +15,8 @@
package org.apache.karaf.jaas.modules;
import java.security.Principal;
+import java.util.Arrays;
+import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
@@ -50,11 +52,10 @@ public abstract class AbstractKarafLogin
protected String rolePolicy;
protected String roleDiscriminator;
- /** define the encryption algorithm to use to encrypt password */
- protected String encryption;
-
/** the bundle context is required to use the encryption service */
protected BundleContext bundleContext;
+
+ protected Encryption encryption;
private static final Log LOG = LogFactory.getLog(AbstractKarafLoginModule.class);
@@ -75,94 +76,76 @@ public abstract class AbstractKarafLogin
public void initialize(Subject sub, CallbackHandler handler, Map options) {
this.subject = sub;
this.callbackHandler = handler;
+ this.options = options;
this.rolePolicy = (String) options.get("rolePolicy");
this.roleDiscriminator = (String) options.get("roleDiscriminator");
this.debug = Boolean.parseBoolean((String) options.get("debug"));
- this.encryption = (String) options.get("encryption");
// the bundle context is set in the Config JaasRealm by default
this.bundleContext = (BundleContext) options.get(BundleContext.class.getName());
}
-
- /**
- * <p>
- * Encrypt password.
- * </p>
- *
- * @param password the password in plain format.
- * @return the encrypted password format.
- */
- public String encryptPassword(String password) {
- if (this.encryption == null || this.encryption.trim().length() == 0) {
- if (debug) {
- LOG.debug("Encryption is disabled.");
+
+ public Encryption getEncryption() {
+ if (encryption == null) {
+ Map<String,String> encOpts = new HashMap<String,String>();
+ for (String key : options.keySet()) {
+ if (key.startsWith("encryption.")) {
+ encOpts.put(key.substring("encryption.".length()), options.get(key).toString());
+ }
}
- return password;
- }
- if (debug) {
- LOG.debug("Encryption is enabled and use " + encryption + " encryption algorithm.");
- }
- // lookup the encryption service reference
- ServiceReference[] encryptionServiceReferences;
- try {
- encryptionServiceReferences = bundleContext.getServiceReferences(Encryption.class.getName(), "(algorithm=" + encryption + ")");
- } catch (InvalidSyntaxException e) {
- throw new IllegalStateException("The encryption service filter is not well formed.", e);
- }
- if (encryptionServiceReferences.length == 0) {
- throw new IllegalStateException("Encryption service not found for encryption algorithm " + encryption + ". Please install the Karaf encryption feature and check that the encryption algorithm is supported..");
- }
- // get the encryption service implementation
- Encryption encryptionService = (Encryption) bundleContext.getService(encryptionServiceReferences[0]);
- if (encryptionService == null) {
- throw new IllegalStateException("Encryption service not found. Please install the Karaf encryption feature.");
- }
- // encrypt the password
- String encryptedPassword = encryptionService.encryptPassword(password);
- // release the encryption service reference
- bundleContext.ungetService(encryptionServiceReferences[0]);
- return encryptedPassword;
- }
-
- /**
- * <p>
- * Check if the provided password match the reference one.
- * </p>
- *
- * @param input the provided password (plain format).
- * @param password the reference one (encrypted format).
- * @return true if the passwords match, false else.
- */
- public boolean checkPassword(String input, String password) {
- if (this.encryption == null || this.encryption.trim().length() == 0) {
- if (debug) {
- LOG.debug("Encryption is disabled.");
+ boolean enabled = Boolean.parseBoolean(encOpts.remove("enabled"));
+ if (!enabled) {
+ if (debug) {
+ LOG.debug("Encryption is disabled.");
+ }
+ } else {
+ String name = encOpts.remove("name");
+ if (debug) {
+ if (name != null) {
+ LOG.debug("Encryption is enabled. Using service " + name + " with options " + encOpts);
+ } else {
+ LOG.debug("Encryption is enabled. Using options " + encOpts);
+ }
+ }
+ // lookup the encryption service reference
+ ServiceReference[] encryptionServiceReferences;
+ try {
+ encryptionServiceReferences = bundleContext.getServiceReferences(
+ EncryptionService.class.getName(),
+ name != null && name.length() > 0 ? "(name=" + name + ")" : null);
+ } catch (InvalidSyntaxException e) {
+ throw new IllegalStateException("The encryption service filter is not well formed.", e);
+ }
+ if (encryptionServiceReferences.length == 0) {
+ if (name != null && name.length() > 0) {
+ throw new IllegalStateException("Encryption service " + name + " not found. Please check that the encryption service is correctly set up.");
+ } else {
+ throw new IllegalStateException("No encryption service found. Please install the Karaf encryption feature and check that the encryption algorithm is supported..");
+ }
+ }
+ Arrays.sort(encryptionServiceReferences);
+ for (ServiceReference ref : encryptionServiceReferences) {
+ try {
+ EncryptionService encryptionService = (EncryptionService) bundleContext.getService(ref);
+ if (encryptionService != null) {
+ try {
+ encryption = encryptionService.createEncryption(encOpts);
+ if (encryption != null) {
+ break;
+ }
+ } finally {
+ bundleContext.ungetService(ref);
+ }
+ }
+ } catch (IllegalStateException e) {
+ // continue
+ }
+ }
+ if (encryption == null) {
+ throw new IllegalStateException("No EncryptionService supporting the required options could be found.");
+ }
}
- return input.equals(password);
- }
- if (debug) {
- LOG.debug("Encryption is enabled and use " + encryption + " encryption algorithm.");
- }
- // lookup the encryption service reference
- ServiceReference[] encryptionServiceReferences = new ServiceReference[0];
- try {
- encryptionServiceReferences = bundleContext.getServiceReferences(Encryption.class.getName(), "(algorithm=" + encryption + ")");
- } catch (InvalidSyntaxException e) {
- throw new IllegalStateException("The encryption service filter is not well formed.", e);
}
- if (encryptionServiceReferences.length == 0) {
- throw new IllegalStateException("Encryption service not found for encryption algorithm " + encryption + ". Please install the Karaf encryption feature and check that the encryption algorithm is supported..");
- }
- // get the encryption service implementation
- Encryption encryptionService = (Encryption) bundleContext.getService(encryptionServiceReferences[0]);
- if (encryptionService == null) {
- throw new IllegalStateException("Encryption service not found. Please install the Karaf encryption feature.");
- }
- // check password
- boolean equals = encryptionService.checkPassword(input, password);
- String encryptedPassword = encryptionService.encryptPassword(password);
- // release the encryption service reference
- bundleContext.ungetService(encryptionServiceReferences[0]);
- return equals;
+ return encryption;
}
-
+
}
Added: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java?rev=997051&view=auto
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java (added)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java Tue Sep 14 19:22:36 2010
@@ -0,0 +1,37 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules;
+
+import java.util.Map;
+
+/**
+ */
+public interface EncryptionService {
+
+ String ALGORITHM = "algorithm";
+ String ENCODING = "encoding";
+
+ /**
+ * Create an encryption service with the specified parameters.
+ * If the parameters are not supported, a <code>null</code> should
+ * be returned or an IllegalArgumentException thrown.
+ *
+ * @param params
+ * @return
+ * @throws IllegalArgumentException
+ */
+ Encryption createEncryption(Map<String,String> params) throws IllegalArgumentException;
+
+}
Added: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java?rev=997051&view=auto
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java (added)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryption.java Tue Sep 14 19:22:36 2010
@@ -0,0 +1,197 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.encryption;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.Map;
+
+import org.apache.karaf.jaas.modules.Encryption;
+import org.apache.karaf.jaas.modules.EncryptionService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class BasicEncryption implements Encryption {
+
+ private static final Logger log = LoggerFactory.getLogger(BasicEncryption.class);
+
+ private String digest;
+ private String encoding;
+ private MessageDigest md;
+
+ public BasicEncryption(Map<String, String> params) {
+ for (String key : params.keySet()) {
+ if (EncryptionService.ALGORITHM.equalsIgnoreCase(key)) {
+ digest = params.get(key);
+ } else if (EncryptionService.ENCODING.equalsIgnoreCase(key)) {
+ encoding = params.get(key);
+ } else {
+ throw new IllegalArgumentException("Unsupported encryption parameter: " + key);
+ }
+ }
+ if (digest == null) {
+ throw new IllegalArgumentException("Digest algorithm must be specified");
+ }
+ // Check if the digest algorithm is available
+ try {
+ md = MessageDigest.getInstance(digest);
+ } catch (NoSuchAlgorithmException e) {
+ log.error("Initialization failed. Digest algorithm " + digest + " is not available.", e);
+ throw new IllegalArgumentException("Unable to configure login module: " + e.getMessage(), e);
+ }
+ if (encoding != null && !"hex".equalsIgnoreCase(encoding) && !"base64".equalsIgnoreCase(encoding)) {
+ log.error("Initialization failed. Digest Encoding " + encoding + " is not supported.");
+ throw new IllegalArgumentException(
+ "Unable to configure login module. Digest Encoding " + encoding + " not supported.");
+ }
+ }
+
+ public String encryptPassword(String password) {
+ if (password == null) {
+ return null;
+ }
+ // Digest the user provided password
+ byte[] data = md.digest(password.getBytes());
+ if (encoding == null || "hex".equalsIgnoreCase(encoding)) {
+ return hexEncode(data);
+ } else if ("base64".equalsIgnoreCase(encoding)) {
+ return base64Encode(data);
+ } else {
+ throw new IllegalArgumentException(
+ "Unable to configure login module. Digest Encoding " + encoding + " not supported.");
+ }
+ }
+
+ public boolean checkPassword(String provided, String real) {
+ if (real == null && provided == null) {
+ return true;
+ }
+ if (real == null || provided == null) {
+ return false;
+ }
+ // both are non-null
+ String encoded = encryptPassword(provided);
+ if (encoding == null || "hex".equalsIgnoreCase(encoding)) {
+ return real.equalsIgnoreCase(encoded);
+ } else if ("base64".equalsIgnoreCase(encoding)) {
+ return real.equals(encoded);
+ }
+ return false;
+ }
+
+ private static final byte[] hexTable = {
+ (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4', (byte) '5', (byte) '6', (byte) '7',
+ (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd', (byte) 'e', (byte) 'f'
+ };
+
+ public static String hexEncode(byte[] in) {
+ int inOff = 0;
+ int length = in.length;
+ byte[] out = new byte[length * 2];
+ for (int i = 0, j = 0; i < length; i++, j += 2) {
+ out[j] = hexTable[(in[inOff] >> 4) & 0x0f];
+ out[j + 1] = hexTable[in[inOff] & 0x0f];
+ inOff++;
+ }
+ return new String(out);
+ }
+
+ private static final byte[] encodingTable = {
+ (byte)'A', (byte)'B', (byte)'C', (byte)'D', (byte)'E', (byte)'F', (byte)'G',
+ (byte)'H', (byte)'I', (byte)'J', (byte)'K', (byte)'L', (byte)'M', (byte)'N',
+ (byte)'O', (byte)'P', (byte)'Q', (byte)'R', (byte)'S', (byte)'T', (byte)'U',
+ (byte)'V', (byte)'W', (byte)'X', (byte)'Y', (byte)'Z',
+ (byte)'a', (byte)'b', (byte)'c', (byte)'d', (byte)'e', (byte)'f', (byte)'g',
+ (byte)'h', (byte)'i', (byte)'j', (byte)'k', (byte)'l', (byte)'m', (byte)'n',
+ (byte)'o', (byte)'p', (byte)'q', (byte)'r', (byte)'s', (byte)'t', (byte)'u',
+ (byte)'v',
+ (byte)'w', (byte)'x', (byte)'y', (byte)'z',
+ (byte)'0', (byte)'1', (byte)'2', (byte)'3', (byte)'4', (byte)'5', (byte)'6',
+ (byte)'7', (byte)'8', (byte)'9',
+ (byte)'+', (byte)'/'
+ };
+
+ private static byte padding = (byte)'=';
+
+ /**
+ * encode the input data producing a base 64 encoded byte array.
+ *
+ * @return a byte array containing the base 64 encoded data.
+ */
+ public static String base64Encode(byte[] data) {
+ ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+ try {
+ base64Encode(data, 0, data.length, bOut);
+ } catch (IOException e) {
+ throw new RuntimeException("exception encoding base64 string: " + e.getMessage(), e);
+ }
+ return new String(bOut.toByteArray());
+ }
+
+ /**
+ * encode the input data producing a base 64 output stream.
+ *
+ * @return the number of bytes produced.
+ */
+ public static int base64Encode(byte[] data, int off, int length, OutputStream out) throws IOException {
+ int modulus = length % 3;
+ int dataLength = (length - modulus);
+ int a1, a2, a3;
+ for (int i = off; i < off + dataLength; i += 3) {
+ a1 = data[i] & 0xff;
+ a2 = data[i + 1] & 0xff;
+ a3 = data[i + 2] & 0xff;
+ out.write(encodingTable[(a1 >>> 2) & 0x3f]);
+ out.write(encodingTable[((a1 << 4) | (a2 >>> 4)) & 0x3f]);
+ out.write(encodingTable[((a2 << 2) | (a3 >>> 6)) & 0x3f]);
+ out.write(encodingTable[a3 & 0x3f]);
+ }
+ /*
+ * process the tail end.
+ */
+ int b1, b2, b3;
+ int d1, d2;
+ switch (modulus) {
+ case 0: /* nothing left to do */
+ break;
+ case 1:
+ d1 = data[off + dataLength] & 0xff;
+ b1 = (d1 >>> 2) & 0x3f;
+ b2 = (d1 << 4) & 0x3f;
+ out.write(encodingTable[b1]);
+ out.write(encodingTable[b2]);
+ out.write(padding);
+ out.write(padding);
+ break;
+ case 2:
+ d1 = data[off + dataLength] & 0xff;
+ d2 = data[off + dataLength + 1] & 0xff;
+ b1 = (d1 >>> 2) & 0x3f;
+ b2 = ((d1 << 4) | (d2 >>> 4)) & 0x3f;
+ b3 = (d2 << 2) & 0x3f;
+ out.write(encodingTable[b1]);
+ out.write(encodingTable[b2]);
+ out.write(encodingTable[b3]);
+ out.write(padding);
+ break;
+ }
+ return (dataLength / 3) * 4 + ((modulus == 0) ? 0 : 4);
+ }
+
+
+}
\ No newline at end of file
Added: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryptionService.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryptionService.java?rev=997051&view=auto
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryptionService.java (added)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/encryption/BasicEncryptionService.java Tue Sep 14 19:22:36 2010
@@ -0,0 +1,27 @@
+/*
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * under the License.
+ */
+package org.apache.karaf.jaas.modules.encryption;
+
+import java.util.Map;
+
+import org.apache.karaf.jaas.modules.Encryption;
+import org.apache.karaf.jaas.modules.EncryptionService;
+
+public class BasicEncryptionService implements EncryptionService {
+
+ public Encryption createEncryption(Map<String, String> params) throws IllegalArgumentException {
+ return new BasicEncryption(params);
+ }
+}
Modified: karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java?rev=997051&r1=997050&r2=997051&view=diff
==============================================================================
--- karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java (original)
+++ karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/properties/PropertiesLoginModule.java Tue Sep 14 19:22:36 2010
@@ -36,6 +36,7 @@ import javax.security.auth.login.LoginEx
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
+import org.apache.karaf.jaas.modules.Encryption;
import org.apache.karaf.jaas.modules.RolePrincipal;
import org.apache.karaf.jaas.modules.UserPrincipal;
@@ -104,7 +105,8 @@ public class PropertiesLoginModule exten
String storedPassword = infos[0];
// check if encryption is enabled
- if (this.encryption != null && !this.encryption.trim().isEmpty()) {
+ Encryption encryption = getEncryption();
+ if (encryption != null) {
if (debug) {
LOG.debug("Encryption is enabled.");
}
@@ -113,7 +115,7 @@ public class PropertiesLoginModule exten
if (debug) {
LOG.debug("The password isn't flagged as encrypted, encrypt it.");
}
- storedPassword = "{CRYPT}" + this.encryptPassword(storedPassword);
+ storedPassword = "{CRYPT}" + encryption.encryptPassword(storedPassword);
if (debug) {
LOG.debug("Rebuild the user informations string.");
}
@@ -144,7 +146,13 @@ public class PropertiesLoginModule exten
}
// check the provided password
- if (!this.checkPassword(password, storedPassword)) {
+ boolean result;
+ if (encryption == null) {
+ result = storedPassword.equals(password);
+ } else {
+ result = encryption.checkPassword(password, storedPassword);
+ }
+ if (!result) {
LOG.error("Check password failed: " + password + " / " + storedPassword);
throw new FailedLoginException("Password for " + user + " does not match");
}
Modified: karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml
URL: http://svn.apache.org/viewvc/karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml?rev=997051&r1=997050&r2=997051&view=diff
==============================================================================
--- karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml (original)
+++ karaf/trunk/jaas/modules/src/main/resources/OSGI-INF/blueprint/karaf-jaas-module.xml Tue Sep 14 19:22:36 2010
@@ -32,15 +32,22 @@
<!-- AdminConfig property place holder for the org.apache.karaf.jaas -->
<cm:property-placeholder persistent-id="org.apache.karaf.jaas">
<cm:default-properties>
- <cm:property name="encryption" value="" />
+ <cm:property name="encryption.digest" value="" />
</cm:default-properties>
</cm:property-placeholder>
<jaas:config name="karaf">
<jaas:module className="org.apache.karaf.jaas.modules.properties.PropertiesLoginModule" flags="required">
users = $[karaf.base]/etc/users.properties
- encryption = ${encryption}
+ encryption.digest = ${encryption.digest}
</jaas:module>
</jaas:config>
+ <service interface="org.apache.karaf.jaas.modules.EncrypionService">
+ <service-properties>
+ <entry key="name" value="basic"/>
+ </service-properties>
+ <bean class="org.apache.karaf.jaas.modules.encryption.BasicEncryptionService"/>
+ </service>
+
</blueprint>