tomee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmannibu...@apache.org
Subject tomee git commit: TOMEE-1651 adding SafePasswordCipher
Date Tue, 03 Nov 2015 16:37:44 GMT
Repository: tomee
Updated Branches:
  refs/heads/master 234d35e95 -> 4baf8a60e


TOMEE-1651 adding SafePasswordCipher


Project: http://git-wip-us.apache.org/repos/asf/tomee/repo
Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/4baf8a60
Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/4baf8a60
Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/4baf8a60

Branch: refs/heads/master
Commit: 4baf8a60ef9f1a0a8b5dab7f63bdead0edb231d9
Parents: 234d35e
Author: Romain Manni-Bucau <rmannibu@gmail.com>
Authored: Tue Nov 3 08:37:36 2015 -0800
Committer: Romain Manni-Bucau <rmannibu@gmail.com>
Committed: Tue Nov 3 08:37:36 2015 -0800

----------------------------------------------------------------------
 .../openejb/cipher/PasswordCipherFactory.java   |  1 -
 .../openejb/cipher/SafePasswordCipher.java      | 30 +++++++++
 .../openejb/cipher/SafePasswordCipherBase.java  | 25 +++++++
 .../openejb/util/PropertyPlaceHolderHelper.java | 32 +++++++--
 .../apache/openejb/cipher/ArrayCipherTest.java  | 68 ++++++++++++++++++++
 pom.xml                                         |  2 +-
 6 files changed, 150 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/container/openejb-core/src/main/java/org/apache/openejb/cipher/PasswordCipherFactory.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/cipher/PasswordCipherFactory.java
b/container/openejb-core/src/main/java/org/apache/openejb/cipher/PasswordCipherFactory.java
index fded62b..6d5b1a4 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/cipher/PasswordCipherFactory.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/cipher/PasswordCipherFactory.java
@@ -26,7 +26,6 @@ import java.util.Map;
 
 @SuppressWarnings("deprecation")
 public class PasswordCipherFactory {
-
     /**
      * Create a {@link org.apache.openejb.cipher.PasswordCipher} instance from the
      * passwordCipher class name.

http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipher.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipher.java
b/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipher.java
new file mode 100644
index 0000000..06f4f5f
--- /dev/null
+++ b/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipher.java
@@ -0,0 +1,30 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.openejb.cipher;
+
+// we dont use char[]->char[] for encrypt since it is a tool only method normally (execution
time ~ few seconds)
+public interface SafePasswordCipher extends PasswordCipher {
+    /**
+     * Note: decrypt method is not wired to decryptAsCharArray() by default. You can forbid
its usage
+     * throwing an exception (UnsupportedOperationException) is desired.
+     *
+     * @param encryptedPassword
+     * @return the decrypted password.
+     */
+    char[] decryptAsCharArray(char[] encryptedPassword);
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipherBase.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipherBase.java
b/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipherBase.java
new file mode 100644
index 0000000..4df47f2
--- /dev/null
+++ b/container/openejb-core/src/main/java/org/apache/openejb/cipher/SafePasswordCipherBase.java
@@ -0,0 +1,25 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.openejb.cipher;
+
+public abstract class SafePasswordCipherBase implements SafePasswordCipher {
+    @Override
+    public String decrypt(final char[] encryptedPassword) {
+        throw new UnsupportedOperationException(getClass().getName() + " doesn't support
String decryption");
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/container/openejb-core/src/main/java/org/apache/openejb/util/PropertyPlaceHolderHelper.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/main/java/org/apache/openejb/util/PropertyPlaceHolderHelper.java
b/container/openejb-core/src/main/java/org/apache/openejb/util/PropertyPlaceHolderHelper.java
index 61cbc7c..4015771 100644
--- a/container/openejb-core/src/main/java/org/apache/openejb/util/PropertyPlaceHolderHelper.java
+++ b/container/openejb-core/src/main/java/org/apache/openejb/util/PropertyPlaceHolderHelper.java
@@ -22,6 +22,7 @@ import org.apache.commons.lang3.text.StrSubstitutor;
 import org.apache.openejb.cipher.PasswordCipher;
 import org.apache.openejb.cipher.PasswordCipherException;
 import org.apache.openejb.cipher.PasswordCipherFactory;
+import org.apache.openejb.cipher.SafePasswordCipher;
 import org.apache.openejb.loader.SystemInstance;
 
 import java.util.Map;
@@ -56,17 +57,32 @@ public final class PropertyPlaceHolderHelper {
             return null;
         }
         if (!raw.contains(PREFIX) || !raw.contains(SUFFIX)) {
-            return decryptIfNeeded(raw.replace(PREFIX, "").replace(SUFFIX, ""));
+            return String.class.cast(decryptIfNeeded(raw.replace(PREFIX, "").replace(SUFFIX,
""), false));
         }
 
         String value = SUBSTITUTOR.replace(raw);
         if (!value.equals(raw) && value.startsWith("java:")) {
             value = value.substring(5);
         }
-        return decryptIfNeeded(value.replace(PREFIX, "").replace(SUFFIX, ""));
+        return String.class.cast(decryptIfNeeded(value.replace(PREFIX, "").replace(SUFFIX,
""), false));
     }
 
-    private static String decryptIfNeeded(final String replace) {
+    public static Object simpleValueAsStringOrCharArray(final String raw) {
+        if (raw == null) {
+            return null;
+        }
+        if (!raw.contains(PREFIX) || !raw.contains(SUFFIX)) {
+            return decryptIfNeeded(raw.replace(PREFIX, "").replace(SUFFIX, ""), true);
+        }
+
+        String value = SUBSTITUTOR.replace(raw);
+        if (!value.equals(raw) && value.startsWith("java:")) {
+            value = value.substring(5);
+        }
+        return decryptIfNeeded(value.replace(PREFIX, "").replace(SUFFIX, ""), true);
+    }
+
+    private static Object decryptIfNeeded(final String replace, final boolean acceptCharArray)
{
         if (replace.startsWith(CIPHER_PREFIX)) {
             final String algo = replace.substring(CIPHER_PREFIX.length(), replace.indexOf(':',
CIPHER_PREFIX.length() + 1));
             PasswordCipher cipher;
@@ -79,7 +95,11 @@ public final class PropertyPlaceHolderHelper {
                     throw new IllegalArgumentException(e);
                 }
             }
-            return cipher.decrypt(replace.substring(CIPHER_PREFIX.length() + algo.length()
+ 1).toCharArray());
+
+            final char[] input = replace.substring(CIPHER_PREFIX.length() + algo.length()
+ 1).toCharArray();
+            return acceptCharArray && SafePasswordCipher.class.isInstance(cipher)
?
+                SafePasswordCipher.class.cast(cipher).decryptAsCharArray(input) :
+                cipher.decrypt(input);
         }
         return replace;
     }
@@ -89,7 +109,7 @@ public final class PropertyPlaceHolderHelper {
             return null;
         }
         if (!aw.contains(PREFIX) || !aw.contains(SUFFIX)) {
-            return decryptIfNeeded(aw);
+            return String.class.cast(decryptIfNeeded(aw, false));
         }
 
         String value = CACHE.getProperty(aw);
@@ -121,7 +141,7 @@ public final class PropertyPlaceHolderHelper {
             final Object rawValue = entry.getValue();
             if (rawValue instanceof String) {
                 final String value = (String) rawValue;
-                updated.put(entry.getKey(), cache ? value(value) : simpleValue(value));
+                updated.put(entry.getKey(), cache ? value(value) : simpleValueAsStringOrCharArray(value));
             } else {
                 updated.put(entry.getKey(), rawValue);
             }

http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/container/openejb-core/src/test/java/org/apache/openejb/cipher/ArrayCipherTest.java
----------------------------------------------------------------------
diff --git a/container/openejb-core/src/test/java/org/apache/openejb/cipher/ArrayCipherTest.java
b/container/openejb-core/src/test/java/org/apache/openejb/cipher/ArrayCipherTest.java
new file mode 100644
index 0000000..92111cd
--- /dev/null
+++ b/container/openejb-core/src/test/java/org/apache/openejb/cipher/ArrayCipherTest.java
@@ -0,0 +1,68 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
+package org.apache.openejb.cipher;
+
+import org.apache.openejb.junit.ApplicationComposer;
+import org.apache.openejb.testing.Classes;
+import org.apache.openejb.testing.ContainerProperties;
+import org.apache.openejb.testing.SimpleLog;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import javax.annotation.Resource;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+@SimpleLog
+@RunWith(ApplicationComposer.class)
+@Classes
+@ContainerProperties({
+    @ContainerProperties.Property(name = "foo", value = "new://Resource?class-name=org.apache.openejb.cipher.ArrayCipherTest$Foo"),
+    @ContainerProperties.Property(name = "foo.chars", value = "cipher:org.apache.openejb.cipher.ArrayCipherTest$MySafePasswordCipher:ca"),
+    @ContainerProperties.Property(name = "foo.string", value = "cipher:org.apache.openejb.cipher.ArrayCipherTest$MySafePasswordCipher:string")
+})
+public class ArrayCipherTest {
+    @Resource
+    private Foo foo;
+
+    @Test
+    public void run() {
+        assertNotNull(foo);
+        assertNotNull(foo.chars);
+        assertNotNull(foo.string);
+        assertEquals("stringdaca", foo.string);
+        assertEquals("cadaca", new String(foo.chars));
+    }
+
+    public static class Foo {
+        private char[] chars;
+        private String string;
+    }
+
+    public static class MySafePasswordCipher extends SafePasswordCipherBase {
+        @Override
+        public char[] encrypt(final String plainPassword) {
+            throw new UnsupportedOperationException();
+        }
+
+        @Override
+        public char[] decryptAsCharArray(char[] encryptedPassword) {
+            return (new String(encryptedPassword) + "daca").toCharArray();
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/tomee/blob/4baf8a60/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 8e5084e..3088c46 100644
--- a/pom.xml
+++ b/pom.xml
@@ -104,7 +104,7 @@
     <maven-bundle-plugin.version>2.3.7</maven-bundle-plugin.version>
 
     <!-- This is used by a manifest classpath entry -->
-    <xbeanVersion>4.4</xbeanVersion>
+    <xbeanVersion>4.5-SNAPSHOT</xbeanVersion>
 
     <!-- OSGi bundles properties -->
     <openejb.bundle.activator/>


Mime
View raw message