[jboss-cvs] JBossAS SVN: r87587 - in trunk: messaging/src/etc/deploy/common and 19 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Apr 20 13:44:24 EDT 2009
Author: anil.saldhana at jboss.com
Date: 2009-04-20 13:44:24 -0400 (Mon, 20 Apr 2009)
New Revision: 87587
Added:
trunk/security/src/etc/bin/
trunk/security/src/etc/bin/password/
trunk/security/src/etc/bin/password/password.keystore
trunk/security/src/etc/bin/password_tool.sh
trunk/security/src/main/org/jboss/security/integration/JNDIBindingBean.java
trunk/security/src/main/org/jboss/security/integration/password/
trunk/security/src/main/org/jboss/security/integration/password/DocumentUtil.java
trunk/security/src/main/org/jboss/security/integration/password/EncryptionKeyUtil.java
trunk/security/src/main/org/jboss/security/integration/password/KeyStoreUtil.java
trunk/security/src/main/org/jboss/security/integration/password/Password.java
trunk/security/src/main/org/jboss/security/integration/password/PasswordLifecycleCallback.java
trunk/security/src/main/org/jboss/security/integration/password/PasswordMaskManagement.java
trunk/security/src/main/org/jboss/security/integration/password/PasswordTool.java
trunk/security/src/main/org/jboss/security/integration/password/SecurityActions.java
trunk/security/src/main/org/jboss/security/integration/password/XMLEncryptionUtil.java
trunk/testsuite/src/main/org/jboss/test/passwordinjection/
trunk/testsuite/src/main/org/jboss/test/passwordinjection/test/
trunk/testsuite/src/main/org/jboss/test/passwordinjection/test/PasswordInjectionUnitTestCase.java
trunk/testsuite/src/main/org/jboss/test/security/beans/
trunk/testsuite/src/main/org/jboss/test/security/beans/TestPasswordInjectedBean.java
trunk/testsuite/src/resources/security/password-mask/
trunk/testsuite/src/resources/security/password-mask/test-password-jboss-beans.xml
Modified:
trunk/build/build-distr.xml
trunk/messaging/src/etc/deploy/common/messaging-jboss-beans.xml
trunk/security/.classpath
trunk/security/pom.xml
trunk/security/src/assembly/client.xml
trunk/security/src/etc/default.mf
trunk/security/src/etc/deploy/security-jboss-beans.xml
trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml
trunk/testsuite/imports/config/configs.xml
trunk/testsuite/imports/sections/security.xml
trunk/testsuite/imports/server-config.xml
Log:
JBAS-6710: password masking in xml config
Modified: trunk/build/build-distr.xml
===================================================================
--- trunk/build/build-distr.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/build/build-distr.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -773,7 +773,6 @@
<property name="_module.name" value="security" override="true"/>
<property name="_module.output" override="true" value="${project.root}/${_module.name}/output"/>
-
<!-- Copy the generated libraries -->
<mkdir dir="${install.all.lib}"/>
<copy todir="${install.all.lib}" filtering="no">
@@ -799,6 +798,19 @@
<include name="*-jboss-beans.xml"/>
</fileset>
</copy>
+
+ <!-- Install JBoss Security Password batch scripts -->
+ <mkdir dir="${install.bin}/password"/>
+ <copy todir="${install.bin}" flatten="true" overwrite="true">
+ <fileset dir="${_module.output}/etc/bin">
+ <include name="password_tool.*"/>
+ </fileset>
+ </copy>
+ <copy todir="${install.bin}/password" flatten="true" overwrite="true">
+ <fileset dir="${_module.output}/etc/bin/password">
+ <include name="*"/>
+ </fileset>
+ </copy>
</target>
<target name="_module-security-all" depends="_module-security-most">
Modified: trunk/messaging/src/etc/deploy/common/messaging-jboss-beans.xml
===================================================================
--- trunk/messaging/src/etc/deploy/common/messaging-jboss-beans.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/messaging/src/etc/deploy/common/messaging-jboss-beans.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -32,6 +32,9 @@
<property name="securityManagement"><inject bean="JNDIBasedSecurityManagement"/></property>
<!-- @JMX annotation to export the management view of this bean -->
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation>
+ <!-- Password Annotation to inject the password from the common password utility
+ <annotation>@org.jboss.security.integration.password.Password(securityDomain="messaging",methodName="setSuckerPassword")</annotation>
+ -->
</bean>
<bean name="MessagingDeploymentTemplateInfoFactory"
Modified: trunk/security/.classpath
===================================================================
--- trunk/security/.classpath 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/security/.classpath 2009-04-20 17:44:24 UTC (rev 87587)
@@ -14,5 +14,13 @@
<classpathentry kind="lib" path="/thirdparty/jboss/common-core/lib/jboss-common-core.jar" sourcepath="/thirdparty/jboss/common-core/lib/jboss-common-core-sources.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/microcontainer/lib/jboss-kernel.jar" sourcepath="/thirdparty/jboss/microcontainer/lib/jboss-kernel-sources.jar"/>
<classpathentry kind="lib" path="/thirdparty/jboss/security/lib/jbossxacml.jar" sourcepath="/thirdparty/jboss/security/lib/jbossxacml-sources.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/jboss/identity/jboss-identity-xmlsec-model/1.0.0.alpha2-SNAPSHOT/jboss-identity-xmlsec-model-1.0.0.alpha2-20090326.171101-2.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/stax-api/lib/stax-api.jar"/>
+ <classpathentry kind="var" path="M2_REPO/org/apache/xmlsec/1.4.2/xmlsec-1.4.2.jar"/>
+ <classpathentry kind="var" path="M2_REPO/apache-logging/commons-logging-api/1.0.3/commons-logging-api-1.0.3.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/apache-xalan/lib/xalan.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/microcontainer/lib/jboss-dependency.jar" sourcepath="/thirdparty/jboss/microcontainer/lib/jboss-dependency-sources.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/jboss-mdr/lib/jboss-mdr.jar" sourcepath="/thirdparty/jboss/jboss-mdr/lib/jboss-mdr-sources.jar"/>
+ <classpathentry kind="lib" path="/thirdparty/jboss/aop/lib/jboss-aop.jar" sourcepath="/thirdparty/jboss/aop/lib/jboss-aop-sources.jar"/>
<classpathentry kind="output" path="output/eclipse-classes"/>
</classpath>
Modified: trunk/security/pom.xml
===================================================================
--- trunk/security/pom.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/security/pom.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -34,6 +34,11 @@
</executions>
<configuration>
<descriptorSourceDirectory>src/assembly</descriptorSourceDirectory>
+ <archive>
+ <manifestEntries>
+ <Main-Class>org.jboss.security.integration.password.PasswordTool</Main-Class>
+ </manifestEntries>
+ </archive>
</configuration>
</plugin>
<plugin>
@@ -156,8 +161,18 @@
<groupId>org.jboss.security</groupId>
<artifactId>jbossxacml</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-mdr</artifactId>
+ </dependency>
<dependency>
+ <groupId>org.apache</groupId>
+ <artifactId>xmlsec</artifactId>
+ </dependency>
+
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Modified: trunk/security/src/assembly/client.xml
===================================================================
--- trunk/security/src/assembly/client.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/security/src/assembly/client.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -32,6 +32,7 @@
<include>org/jboss/security/srp/jaas/SRPPrincipal.class</include>
<include>org/jboss/security/ssl/ClientSocketFactory.class</include>
<include>org/jboss/security/ssl/RMISSLClientSocketFactory.class</include>
+ <include>org/jboss/security/integration/password/*.class</include>
</includes>
<excludes>
<exclude>META-INF/MANIFEST.MF</exclude> <!-- HACK -->
@@ -40,4 +41,4 @@
</excludes>
</fileSet>
</fileSets>
-</assembly>
\ No newline at end of file
+</assembly>
Added: trunk/security/src/etc/bin/password/password.keystore
===================================================================
(Binary files differ)
Property changes on: trunk/security/src/etc/bin/password/password.keystore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: trunk/security/src/etc/bin/password_tool.sh
===================================================================
--- trunk/security/src/etc/bin/password_tool.sh (rev 0)
+++ trunk/security/src/etc/bin/password_tool.sh 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,89 @@
+#!/bin/sh
+#
+# JBoss Password Tool
+#
+################################
+
+DIRNAME=`dirname $0`
+PROGNAME=`basename $0`
+
+# OS specific support (must be 'true' or 'false').
+cygwin=false;
+case "`uname`" in
+ CYGWIN*)
+ cygwin=true
+ ;;
+esac
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+ [ -n "$JBOSS_HOME" ] &&
+ JBOSS_HOME=`cygpath --unix "$JBOSS_HOME"`
+ [ -n "$JAVA_HOME" ] &&
+ JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+fi
+
+# Setup JBOSS_HOME
+if [ "x$JBOSS_HOME" = "x" ]; then
+ # get the full path (without any relative bits)
+ JBOSS_HOME=`cd $DIRNAME/..; pwd`
+fi
+export JBOSS_HOME
+
+# Setup the JVM
+if [ "x$JAVA" = "x" ]; then
+ if [ "x$JAVA_HOME" != "x" ]; then
+ JAVA="$JAVA_HOME/bin/java"
+ else
+ JAVA="java"
+ fi
+fi
+
+#JPDA options. Uncomment and modify as appropriate to enable remote debugging .
+#JAVA_OPTS="-Xdebug -Xnoagent -Djava.compiler=NONE -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y $JAVA_OPTS"
+
+# Setup JBoss sepecific properties
+JAVA_OPTS="$JAVA_OPTS"
+
+# Setup the java endorsed dirs
+JBOSS_ENDORSED_DIRS="$JBOSS_HOME/lib/endorsed"
+
+###
+# Setup the jboss password tool classpath
+###
+
+# Shared libs
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JAVA_HOME/lib/tools.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/commons-logging.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/jboss-logging-spi.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/lib/endorsed/xalan.jar"
+
+# Shared jaxb libs
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/activation.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/jaxb-api.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/jaxb-impl.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/stax-api.jar"
+
+# Specific dependencies
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/xmlsec.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/jbosssx-client.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/client/jbosssx-as-client.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/common/lib/jbosssx.jar"
+JBOSSPASS_CLASSPATH="$JBOSSPASS_CLASSPATH:$JBOSS_HOME/common/lib/log4j.jar"
+
+###
+# Execute the JVM
+###
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+ JBOSS_HOME=`cygpath --path --windows "$JBOSS_HOME"`
+ JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+ JBOSSPASS_CLASSPATH=`cygpath --path --windows "$JBOSSPASS_CLASSPATH"`
+ JBOSS_ENDORSED_DIRS=`cygpath --path --windows "$JBOSS_ENDORSED_DIRS"`
+fi
+
+"$JAVA" $JAVA_OPTS \
+ -Djava.endorsed.dirs="$JBOSS_ENDORSED_DIRS" \
+ -classpath "$JBOSSPASS_CLASSPATH" \
+ org.jboss.security.integration.password.PasswordTool "$@"
Property changes on: trunk/security/src/etc/bin/password_tool.sh
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/security/src/etc/default.mf
===================================================================
--- trunk/security/src/etc/default.mf 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/security/src/etc/default.mf 2009-04-20 17:44:24 UTC (rev 87587)
@@ -8,3 +8,4 @@
Implementation-Version: @implementation.version@
Implementation-Vendor: @implementation.vendor@
Implementation-Vendor-Id: @implementation.vendor.id@
+Main-Class:org.jboss.security.integration.password.PM.class
Modified: trunk/security/src/etc/deploy/security-jboss-beans.xml
===================================================================
--- trunk/security/src/etc/deploy/security-jboss-beans.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/security/src/etc/deploy/security-jboss-beans.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -6,6 +6,40 @@
<annotation>@org.jboss.managed.api.annotation.ManagementDeployment(description="JBossSX Security Beans")</annotation>
+ <!-- Password Mask Management Bean-->
+ <bean name="JBossSecurityPasswordMaskManagement"
+ class="org.jboss.security.integration.password.PasswordMaskManagement" >
+ <property name="keyStoreLocation">password/password.keystore</property>
+ </bean>
+
+ <!-- Support for @Password -->
+ <lifecycle-configure xmlns="urn:jboss:aop-beans:1.0"
+ name="PasswordRegistrationAdvice"
+ class="org.jboss.security.integration.password.PasswordLifecycleCallback"
+ classes="@org.jboss.security.integration.password.Password"
+ manager-bean="AspectManager"
+ manager-property="aspectManager">
+ <property name="passwordManagement"><inject bean="JBossSecurityPasswordMaskManagement"/></property>
+ </lifecycle-configure>
+
+ <lifecycle-create xmlns="urn:jboss:aop-beans:1.0"
+ name="PasswordCreateDestroyAdvice"
+ class="org.jboss.security.integration.password.PasswordLifecycleCallback"
+ classes="@org.jboss.security.integration.password.Password"
+ manager-bean="AspectManager"
+ manager-property="aspectManager">
+ <property name="passwordManagement"><inject bean="JBossSecurityPasswordMaskManagement"/></property>
+ </lifecycle-create>
+
+ <lifecycle-install xmlns="urn:jboss:aop-beans:1.0"
+ name="PasswordStartStopAdvice"
+ class="org.jboss.security.integration.password.PasswordLifecycleCallback"
+ classes="@org.jboss.security.integration.password.Password"
+ manager-bean="AspectManager"
+ manager-property="aspectManager">
+ <property name="passwordManagement"><inject bean="JBossSecurityPasswordMaskManagement"/></property>
+ </lifecycle-install>
+
<!-- Establish the basic XML Based Configuration-->
<bean name="XMLLoginConfig" class="org.jboss.security.auth.login.XMLLoginConfig">
<property name="configResource">login-config.xml</property>
Added: trunk/security/src/main/org/jboss/security/integration/JNDIBindingBean.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/JNDIBindingBean.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/JNDIBindingBean.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration;
+
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.apache.log4j.Logger;
+
+/**
+ * Bind into JNDI a bean
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 17, 2009
+ */
+public class JNDIBindingBean
+{
+ private Logger log = Logger.getLogger(JNDIBindingBean.class);
+
+ private String ctx = null;
+ private Object beanObject = null;
+
+ public void setBean(Object bean)
+ {
+ this.beanObject = bean;
+ }
+
+ public void setJNDIContext(String ctx)
+ {
+ this.ctx = ctx;
+ }
+
+ public void start()
+ {
+ if(beanObject == null)
+ throw new RuntimeException("Bean is null");
+ if(ctx == null)
+ throw new RuntimeException("JNDI Ctx name is null");
+ try
+ {
+ InitialContext ic = new InitialContext();
+ ic.bind(ctx, this.beanObject);
+ log.debug("Bound in JNDI:" + this.beanObject.getClass().getCanonicalName()
+ + " in JNDI at " +ctx);
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void create()
+ {
+ }
+
+ public void destroy()
+ {
+ }
+
+ public void stop()
+ {
+ try
+ {
+ InitialContext ic = new InitialContext();
+ ic.unbind(ctx);
+ log.debug("Unbound in JNDI:" + this.beanObject.getClass().getCanonicalName()
+ + " in JNDI at " +ctx);
+ }
+ catch (NamingException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/DocumentUtil.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/DocumentUtil.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/DocumentUtil.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,217 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.InputStream;
+import java.io.Reader;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.OutputKeys;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.xml.sax.InputSource;
+
+/**
+ * Utility dealing with DOM
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 14, 2009
+ */
+public class DocumentUtil
+{
+ /**
+ * Create a new document
+ * @return
+ * @throws Exception
+ */
+ public static Document createDocument() throws Exception
+ {
+ DocumentBuilderFactory factory = getFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.newDocument();
+ }
+
+ /**
+ * Parse a document from the string
+ * @param docString
+ * @return
+ * @throws Exception
+ */
+ public static Document getDocument(String docString) throws Exception
+ {
+ return getDocument(new StringReader(docString));
+ }
+
+ /**
+ * Parse a document from a reader
+ * @param reader
+ * @return
+ * @throws Exception
+ */
+ public static Document getDocument(Reader reader) throws Exception
+ {
+ DocumentBuilderFactory factory = getFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ return builder.parse(new InputSource(reader));
+ }
+
+ /**
+ * Get Document from a file
+ * @param file
+ * @return
+ * @throws Exception
+ */
+ public static Document getDocument(File file) throws Exception
+ {
+ DocumentBuilderFactory factory = getFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+
+ builder.setErrorHandler(new SysOutErrorHandler());
+ return builder.parse(file);
+ }
+
+ /**
+ * Get Document from an inputstream
+ * @param is
+ * @return
+ * @throws Exception
+ */
+ public static Document getDocument(InputStream is) throws Exception
+ {
+ DocumentBuilderFactory factory = getFactory();
+ DocumentBuilder builder = factory.newDocumentBuilder();
+
+ builder.setErrorHandler(new SysOutErrorHandler());
+ return builder.parse(is);
+ }
+
+ /**
+ * Marshall a document into a String
+ * @param signedDoc
+ * @return
+ * @throws Exception
+ */
+ public static String getDocumentAsString(Document signedDoc) throws Exception
+ {
+ Source source = new DOMSource(signedDoc);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ // Write the DOM document to the stream
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, streamResult);
+
+ return sw.toString();
+ }
+
+ /**
+ * Marshall a DOM Element as string
+ * @param element
+ * @return
+ * @throws Exception
+ */
+ public static String getDOMElementAsString(Element element) throws Exception
+ {
+ Source source = new DOMSource(element);
+ StringWriter sw = new StringWriter();
+
+ Result streamResult = new StreamResult(sw);
+ // Write the DOM document to the file
+ Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ xformer.transform(source, streamResult);
+
+ return sw.toString();
+ }
+
+ /**
+ * Stream a DOM Node as an input stream
+ * @param node
+ * @return
+ * @throws Exception
+ */
+ public static InputStream getNodeAsStream(Node node) throws Exception
+ {
+ Source source = new DOMSource(node);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ Result streamResult = new StreamResult(baos);
+ // Write the DOM document to the stream
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ transformer.transform(source, streamResult);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+
+ return bis;
+ }
+
+ private static DocumentBuilderFactory getFactory()
+ {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ return factory;
+ }
+
+ /**
+ * Error handler for validating parser.
+ */
+ private static class SysOutErrorHandler implements org.xml.sax.ErrorHandler {
+ /**
+ * Report the warning to the console.
+ */
+ public void warning ( org.xml.sax.SAXParseException ex )
+ throws org.xml.sax.SAXException {
+ System.out.println ( "Warning: " + ex.getMessage ( ) ) ;
+ }
+
+
+ /**
+ * Report the error to the console.
+ */
+ public void error ( org.xml.sax.SAXParseException ex )
+ throws org.xml.sax.SAXException {
+ System.out.println ( "Error: " + ex.getMessage ( ) ) ;
+ }
+
+
+ /**
+ * Report the fatal error to the console.
+ */
+ public void fatalError ( org.xml.sax.SAXParseException ex )
+ throws org.xml.sax.SAXException {
+ System.out.println ( "Fatal error: " + ex.getMessage ( ) ) ;
+ }
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/EncryptionKeyUtil.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/EncryptionKeyUtil.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/EncryptionKeyUtil.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+/**
+ * Utility to generate symmetric key
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 4, 2009
+ */
+public class EncryptionKeyUtil
+{
+ /**
+ * Generate a secret key useful for encryption/decryption
+ * @param encAlgo
+ * @param keySize Length of the key (if 0, defaults to 128 bits)
+ * @return
+ * @throws Exception
+ */
+ public static SecretKey getSecretKey(String encAlgo, int keySize) throws Exception
+ {
+ KeyGenerator keyGenerator = KeyGenerator.getInstance(encAlgo);
+ if(keySize == 0)
+ keySize = 128;
+ keyGenerator.init(keySize);
+ return keyGenerator.generateKey();
+ }
+
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/KeyStoreUtil.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/KeyStoreUtil.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/KeyStoreUtil.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,157 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+
+/**
+ * Utility to handle Java Keystore
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 12, 2009
+ */
+public class KeyStoreUtil
+{
+ /**
+ * Create a Keystore
+ * @param storePass
+ * @throws Exception
+ */
+ public static void createKeyStore(String path, char[] storePass) throws Exception
+ {
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(null, storePass); //creates an empty keystore
+
+ ks.store(new FileOutputStream(new File(path)), storePass);
+ System.out.println("Keystore created");
+ }
+
+ /**
+ * Get the Keystore given the url to the keystore file as a string
+ * @param fileURL
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(fileURL == null)
+ throw new IllegalArgumentException("fileURL is null");
+
+ File file = new File(fileURL);
+ FileInputStream fis = new FileInputStream(file);
+ return getKeyStore(fis,storePass);
+ }
+
+ /**
+ * Get the Keystore given the URL to the keystore
+ * @param url
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(url == null)
+ throw new IllegalArgumentException("url is null");
+
+ return getKeyStore(url.openStream(), storePass);
+ }
+
+ /**
+ * Get the Key Store
+ * <b>Note:</b> This method wants the InputStream to be not null.
+ * @param ksStream
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ * @throws IllegalArgumentException if ksStream is null
+ */
+ public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(ksStream == null)
+ throw new IllegalArgumentException("InputStream for the KeyStore is null");
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(ksStream, storePass);
+ return ks;
+ }
+
+ /**
+ * Generate a Key Pair
+ * @param algo (RSA, DSA etc)
+ * @return
+ * @throws Exception
+ */
+ public static KeyPair generateKeyPair(String algo) throws Exception
+ {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
+ return kpg.genKeyPair();
+ }
+
+ /**
+ * Get the Public Key from the keystore
+ * @param ks
+ * @param alias
+ * @param password
+ * @return
+ * @throws Exception
+ */
+ public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws Exception
+ {
+ PublicKey publicKey = null;
+
+ // Get private key
+ Key key = ks.getKey(alias, password);
+ if (key instanceof PrivateKey)
+ {
+ // Get certificate of public key
+ Certificate cert = ks.getCertificate(alias);
+
+ // Get public key
+ publicKey = cert.getPublicKey();
+ }
+
+ return publicKey;
+ }
+
+ public static void storeKeyPair(KeyStore ks, String alias,
+ PublicKey publicKey, PrivateKey privateKey, char[] pass)
+ throws Exception
+ {
+ ks.setKeyEntry(alias, privateKey, pass, null);
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/Password.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/Password.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/Password.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,51 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 1, 2009
+ */
+ at Retention(RetentionPolicy.RUNTIME)
+ at Target({ElementType.TYPE, ElementType.METHOD, ElementType.FIELD})
+public @interface Password
+{
+ /**
+ * Security Domain
+ * Defaults to other
+ * @return
+ */
+ String securityDomain() default "other";
+
+ /**
+ * Name of the method
+ * that represents the password
+ * @return
+ */
+ String methodName();
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/PasswordLifecycleCallback.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/PasswordLifecycleCallback.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/PasswordLifecycleCallback.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,151 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.lang.reflect.Method;
+
+import org.jboss.aop.joinpoint.Invocation;
+import org.jboss.aop.joinpoint.MethodInvocation;
+import org.jboss.dependency.spi.ControllerContext;
+import org.jboss.kernel.spi.dependency.KernelControllerContext;
+import org.jboss.logging.Logger;
+import org.jboss.metadata.spi.MetaData;
+
+/**
+ * AOP Lifecycle callback for the @Password annotation
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 1, 2009
+ */
+public class PasswordLifecycleCallback
+{
+ private static final Logger log = Logger.getLogger(PasswordLifecycleCallback.class);
+
+ private PasswordMaskManagement passwordManagement = null;
+
+ /**
+ * Set the Password Mask Management bean
+ * @param passwordManagement
+ */
+ public void setPasswordManagement(PasswordMaskManagement passwordManagement)
+ {
+ this.passwordManagement = passwordManagement;
+ }
+
+ /**
+ * Bind the target on setKernelControllerContext, unbind on any other method provided that
+ * the invocation has a Password annotation.
+ *
+ * @param invocation the invocation
+ * @return the result
+ * @throws Throwable for any error
+ */
+ public Object invoke(Invocation invocation) throws Throwable
+ {
+ MethodInvocation mi = (MethodInvocation) invocation;
+ KernelControllerContext context = (KernelControllerContext) mi.getArguments()[0];
+
+ boolean trace = log.isTraceEnabled();
+ Password passwordAnnotation = (Password) invocation.resolveClassAnnotation(Password.class);
+ if( trace )
+ log.trace("Checking method: "+mi.getMethod()+", bindingInfo: "+passwordAnnotation);
+
+ // If this is the setKernelControllerContext callback, set the password
+ if ("setKernelControllerContext".equals(mi.getMethod().getName()) && passwordAnnotation != null)
+ {
+ //Get the password
+ String securityDomain = passwordAnnotation.securityDomain();
+ char[] passwd = this.passwordManagement.getPassword(securityDomain);
+
+ Object target = context.getTarget();
+ this.setPassword(target, passwordAnnotation, passwd);
+ }
+ // If this is the unsetKernelControllerContext callback, unbind the target
+ else if( passwordAnnotation != null )
+ {
+ log.trace("Ignoring unsetKernelControllerContext callback");
+ }
+ else if ( trace )
+ {
+ log.trace("Ignoring null password info");
+ }
+
+ return null;
+ }
+
+ public void install(ControllerContext context) throws Exception
+ {
+ //Get the password
+ Password passwordAnnotation = readPasswordAnnotation(context);
+ boolean trace = log.isTraceEnabled();
+ if( trace )
+ log.trace("Binding into JNDI: " + context.getName() + ", passwordInfo: " + passwordAnnotation);
+
+ String securityDomain = passwordAnnotation.securityDomain();
+
+ char[] passwd = this.passwordManagement.getPassword(securityDomain);
+
+ if(passwd == null)
+ log.trace("Password does not exist for security domain=" + securityDomain);
+ //The bean in question is the target
+ String methodName = passwordAnnotation.methodName();
+ Object target = context.getTarget();
+ if(trace)
+ {
+ log.trace("Trying to set password on " + target + " with method :" + methodName);
+ }
+ this.setPassword(target, passwordAnnotation, passwd);
+ }
+
+ public void uninstall(ControllerContext context) throws Exception
+ {
+ //ignore
+ }
+
+
+ private Password readPasswordAnnotation(ControllerContext context) throws Exception
+ {
+ MetaData metaData = context.getScopeInfo().getMetaData();
+ if (metaData != null)
+ return metaData.getAnnotation(Password.class);
+ return null;
+ }
+
+ private void setPassword(Object target, Password passwordAnnotation, char[] passwd) throws Exception
+ {
+ Class<?> clazz = target.getClass();
+ String methodName = passwordAnnotation.methodName();
+ if(methodName == null)
+ throw new IllegalStateException("methodName " + methodName + " not configured on " +
+ "the Password annotation for target:" + clazz);
+ Method m = SecurityActions.getMethod(clazz, methodName);
+
+ try
+ {
+ m.invoke(target, new Object[] {passwd});
+ }
+ catch(Exception e)
+ {
+ log.trace("Error setting password on " + clazz + ". Will try the string version.");
+ m.invoke(target, new Object[] { new String(passwd)} );
+ }
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/PasswordMaskManagement.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/PasswordMaskManagement.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/PasswordMaskManagement.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,364 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.Map.Entry;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+import org.apache.log4j.Logger;
+import org.jboss.security.plugins.FilePassword;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * Manages masking the password for xml configuration files
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 26, 2009
+ */
+public class PasswordMaskManagement
+{
+ private Logger log = Logger.getLogger(PasswordMaskManagement.class);
+
+ private Map<String,char[]> passwordMap = new HashMap<String,char[]>();
+ private KeyStore keystore;
+
+ private String alias = "jboss";
+
+ private String passwordEncryptedFileName = "password/jboss_password_enc.dat";
+
+ static String keystorePassEncFileName = "password/jboss_keystore_pass.dat";
+
+ private String keystoreLocation = "password/password.keystore";
+
+ KeyPair kp = null;
+ private char[] storePass;
+
+
+ public PasswordMaskManagement()
+ {
+ }
+
+ //Public Methods
+ public void setKeyStoreDetails(String location, String alias) throws Exception
+ {
+ if(location == null)
+ throw new IllegalArgumentException("location is null");
+ this.keystoreLocation = location;
+ this.alias = alias;
+ this.ensureKeyStore();
+ }
+ public void setKeyStoreDetails(String location, char[] storePass, String alias) throws Exception
+ {
+ if(location == null)
+ throw new IllegalArgumentException("location is null");
+ this.keystore = KeyStoreUtil.getKeyStore(location, storePass);
+ this.storePass = storePass;
+ this.alias = alias;
+ load();
+ }
+
+ public void setKeyStoreLocation(String location)
+ {
+ if(location == null)
+ throw new IllegalArgumentException("location is null");
+ this.keystoreLocation = location;
+ }
+
+ public void setKeyStoreAlias(String alias)
+ {
+ if(alias == null)
+ throw new IllegalArgumentException("alias is null");
+ this.alias = alias;
+ }
+
+ /**
+ * Customize the location where the encrypted
+ * password file needs to be stored
+ * @param pefn
+ */
+ public void setPasswordEncryptedFileName(String pefn)
+ {
+ this.passwordEncryptedFileName = pefn;
+ }
+
+ /**
+ * Customize the location where the encrypted
+ * keystore password file is stored
+ * @param kpe
+ */
+ public void setKeyStorePasswordEncryptedFileName(String kpe)
+ {
+ keystorePassEncFileName = kpe;
+ }
+
+ //Package protected Methods
+
+ /**
+ * Whether a security domain exists
+ * in the password map
+ * @param securityDomain
+ * @return
+ */
+ boolean exists(String securityDomain)
+ {
+ return this.passwordMap.containsKey(securityDomain);
+ }
+
+ /**
+ * Check whether the keystore exists
+ * @return
+ */
+ boolean keyStoreExists()
+ {
+ return this.keystore != null;
+ }
+
+ /**
+ * Get the password
+ * @param securityDomain
+ * @return
+ * @throws Exception
+ */
+ char[] getPassword(String securityDomain) throws Exception
+ {
+ if(keystore == null)
+ {
+ if(this.storePass == null)
+ this.ensureKeyStore();
+ if(passwordMap.size() == 0)
+ load();
+ }
+
+ return passwordMap.get(securityDomain);
+ }
+
+ void storePassword(String securityDomain, char[] pass)
+ {
+ this.passwordMap.put(securityDomain, pass);
+ }
+
+ void removePassword(String domainToRemove)
+ {
+ this.passwordMap.remove(domainToRemove);
+ }
+
+ void load() throws Exception
+ {
+ Document doc = loadPasswordEncryptedDocument();
+ if(doc == null)
+ {
+ log.trace(this.passwordEncryptedFileName + " does not exist");
+ return;
+ }
+ if(keystore == null)
+ {
+ System.out.println("Keystore is null. Please specify keystore below:");
+ return;
+ }
+
+ PrivateKey privateKey = (PrivateKey) keystore.getKey(this.alias, this.storePass);
+
+ if(privateKey == null)
+ throw new IllegalStateException("private key not found");
+
+ Document decryptedDoc = XMLEncryptionUtil.decrypt(doc, privateKey);
+
+ NodeList nl = decryptedDoc.getDocumentElement().getElementsByTagName("entry");
+ int len = nl != null ? nl.getLength() : 0;
+
+ System.out.println("Loading domains [");
+ for(int i = 0; i < len; i++)
+ {
+ Element n = (Element) nl.item(i);
+ String name = n.getAttribute("name");
+ System.out.println(name + ",");
+ this.passwordMap.put(name, n.getAttribute("pass").toCharArray());
+ }
+
+ System.out.println("]");
+ }
+
+ void store() throws Exception
+ {
+ if(this.keystore == null)
+ {
+ System.out.println("Keystore is null. Cannot store.");
+ return;
+ }
+ StringBuilder builder = new StringBuilder();
+
+ Document doc = DocumentUtil.createDocument();
+ Element el = doc.createElementNS(null, "pass-map");
+ doc.appendChild(el);
+
+ System.out.println("Storing domains [");
+ Set<Entry<String,char[]>> entries = this.passwordMap.entrySet();
+ for(Entry<String,char[]> e: entries)
+ {
+ Element entry = doc.createElementNS(null, "entry");
+
+ System.out.println(e.getKey()+",");
+ entry.setAttributeNS(null, "name", e.getKey());
+ entry.setAttributeNS(null, "pass", new String(e.getValue()));
+
+ el.appendChild(entry);
+ }
+ builder.append("</pass-map>");
+
+ System.out.println("]");
+
+ SecretKey skey = this.getSecretKey("AES", 128);
+
+ PublicKey pk = KeyStoreUtil.getPublicKey(keystore, alias, storePass);
+ if(pk == null)
+ throw new RuntimeException("public key is null");
+ XMLEncryptionUtil.encrypt(doc, skey, pk, 128);
+
+ storePasswordEncryptedDocument(doc);
+ }
+
+ void ensurePasswordFile() throws Exception
+ {
+ try
+ {
+ this.loadPasswordEncryptedDocument();
+ }
+ catch(FileNotFoundException e)
+ {
+ //Just create the file
+ File file = new File(passwordEncryptedFileName);
+ if(file.exists() == false)
+ file.createNewFile();
+ }
+ }
+
+ void ensureKeyStore() throws Exception
+ {
+ if(keystore == null)
+ {
+ if(keystoreLocation == null)
+ throw new IllegalStateException("KeyStore Location is null");
+ //Get the keystore passwd
+ FilePassword fp = null;
+ try
+ {
+ fp = new FilePassword(keystorePassEncFileName);
+ this.storePass = fp.toCharArray();
+ }
+ catch(IOException eof)
+ {
+ //Try the TCL
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ URL resLocation = tcl.getResource(keystorePassEncFileName);
+ fp = new FilePassword(resLocation.toExternalForm());
+ this.storePass = fp.toCharArray();
+ }
+
+ if(this.storePass == null)
+ throw new IllegalStateException("Keystore password is null");
+ this.keystore = KeyStoreUtil.getKeyStore(keystoreLocation, storePass);
+ }
+ }
+
+ /**
+ * Generate a secret key useful for encryption/decryption
+ * @param encAlgo
+ * @param keySize Length of the key (if 0, defaults to 128 bits)
+ * @return
+ * @throws Exception
+ */
+ private SecretKey getSecretKey(String encAlgo, int keySize) throws Exception
+ {
+ KeyGenerator keyGenerator = KeyGenerator.getInstance(encAlgo);
+ if(keySize == 0)
+ keySize = 128;
+ keyGenerator.init(keySize);
+ return keyGenerator.generateKey();
+ }
+
+ private Document loadPasswordEncryptedDocument() throws Exception
+ {
+ Document doc = null;
+ File docFile = new File(this.passwordEncryptedFileName);
+
+ if(docFile == null || docFile.exists() == false)
+ {
+ //Try the TCL
+ ClassLoader tcl = SecurityActions.getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(passwordEncryptedFileName);
+ if(is == null)
+ throw new FileNotFoundException("Encrypted password file not located");
+ doc = DocumentUtil.getDocument(is);
+ }
+ else
+ {
+ doc = DocumentUtil.getDocument(docFile);
+ }
+ return doc;
+ }
+
+ private void storePasswordEncryptedDocument(Document doc) throws Exception
+ {
+ byte[] data = DocumentUtil.getDocumentAsString(doc).getBytes();
+ FileOutputStream faos = null;
+
+ //Try the url route
+ try
+ {
+ URL url = new URL(this.passwordEncryptedFileName);
+ File file = new File(url.toString());
+ faos = new FileOutputStream(file);
+ faos.write(data);
+ faos.flush();
+ faos.close();
+ }
+ catch(Exception e)
+ {
+ if(faos == null)
+ faos = new FileOutputStream(new File(passwordEncryptedFileName));
+ }
+ finally
+ {
+ if(faos == null)
+ throw new RuntimeException("File Output Stream is null");
+ faos.write(data);
+ faos.flush();
+ faos.close();
+ }
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/PasswordTool.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/PasswordTool.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/PasswordTool.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,192 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.io.File;
+import java.util.Scanner;
+
+import org.jboss.security.plugins.FilePassword;
+
+/**
+ * Command line tool to deal with passwords
+ * @author Anil.Saldhana at redhat.com
+ * @since Mar 26, 2009
+ */
+public class PasswordTool
+{
+ private static PasswordMaskManagement pwm = null;
+
+ public PasswordTool()
+ {
+ if(pwm == null)
+ {
+ pwm = new PasswordMaskManagement();
+ ShutdownHook sh = new ShutdownHook(pwm);
+ Runtime.getRuntime().addShutdownHook(sh);
+ }
+ }
+ public static void main(String[] args)
+ {
+ System.out.println("**********************************");
+ System.out.println("**** JBoss Password Tool********");
+ System.out.println("**********************************");
+
+ new PasswordTool();
+ try
+ {
+ pwm.load();
+ }
+ catch(Exception e)
+ {
+ System.out.println("Error while trying to load data:"+e.getMessage());
+ System.out.println("Maybe it does not exist and need to be created.");
+ }
+
+ while(true)
+ {
+ String commandStr = "0: Encrypt Keystore Password " +
+ "1:Specify KeyStore " +
+ "2:Create Password " +
+ "3: Remove a domain " +
+ "4:Enquire Domain " +
+ "5:Exit";
+
+ System.out.println(commandStr);
+ Scanner in = new Scanner(System.in);
+ int choice = in.nextInt();
+ switch(choice)
+ {
+ case 0: //Encrypt Keystore Password
+ System.out.println("Enter Keystore password");
+ String passStr = in.next();
+ String saltStr ="";
+ do
+ {
+ System.out.println("Enter Salt (String should be at least 8 characters)");
+ saltStr = in.next();
+ }while(saltStr.length() < 8);
+
+ System.out.println("Enter Iterator Count (integer value)");
+ int iterationCount = in.nextInt();
+
+ String ksPassFileName = PasswordMaskManagement.keystorePassEncFileName;
+ String[] filePasswordArgs = new String[]
+ {saltStr, iterationCount+""
+ , passStr, ksPassFileName};
+ try
+ {
+ //Check if password directory exists
+ File passwordDir = new File("password");
+ if(passwordDir.exists() == false)
+ passwordDir.mkdir();
+
+ FilePassword.main(filePasswordArgs);
+ }
+ catch (Exception e1)
+ {
+ throw new RuntimeException(e1);
+ }
+ System.out.println("Keystore Password encrypted into " + ksPassFileName);
+ break;
+
+ case 1: //Specify keystore
+ System.out.println("Enter Keystore location including the file name");
+ String loc = in.next();
+ System.out.println("Enter Keystore alias");
+ String alias = in.next();
+ try
+ {
+ pwm.setKeyStoreDetails(loc, alias);
+ }
+ catch(Exception e)
+ {
+ System.out.println("Exception being raised. Try to first encrypt the keystore password.");
+ System.out.println("or check the keystore location.");
+ }
+ break;
+ case 2:
+ if(pwm.keyStoreExists())
+ {
+ System.out.println("Enter security domain:");
+ String domain = in.next();
+ System.out.println("Enter passwd:");
+ String p = in.next();
+ pwm.storePassword(domain, p.toCharArray());
+ }
+ else
+ System.out.println("Enter Keystore details first");
+ break;
+ case 3:
+ if(pwm.keyStoreExists())
+ {
+ System.out.println("Enter security domain to be removed:");
+ String domainToRemove = in.next();
+ pwm.removePassword(domainToRemove);
+ }
+ else
+ System.out.println("Enter Keystore details first");
+ break;
+ case 4:
+ if(pwm.keyStoreExists())
+ {
+ System.out.println("Enter security domain to enquire:");
+ String domainToEnquire = in.next();
+ System.out.println("Exists = " + pwm.exists(domainToEnquire));
+ }
+ else
+ System.out.println("Enter Keystore details first");
+ break;
+ default: System.exit(0);
+ }
+ }
+ }
+
+ /**
+ * A shutdown hook that
+ * stores the password map
+ * onto the file
+ * @author anil
+ *
+ */
+ private class ShutdownHook extends Thread
+ {
+ private PasswordMaskManagement pmm;
+
+ public ShutdownHook(PasswordMaskManagement pmm)
+ {
+ this.pmm = pmm;
+ }
+
+ public void run()
+ {
+ try
+ {
+ System.out.println(getClass().getName() + " run called");
+ pmm.store();
+ }
+ catch(Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/SecurityActions.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/SecurityActions.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/SecurityActions.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 1, 2009
+ */
+class SecurityActions
+{
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ static Method getMethod(final Class<?> clazz, final String methodName) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Method>()
+ {
+ public Method run() throws Exception
+ {
+ Method m = null;
+ try
+ {
+ m = clazz.getMethod(methodName, new Class[] {String.class});
+ }
+ catch(Exception ignore)
+ {
+ }
+
+ if(m == null)
+ try
+ {
+ m = clazz.getMethod(methodName, new Class[] {char[].class});
+ }
+ catch(Exception ignore)
+ {
+ }
+ return m;
+ }
+ });
+ }
+}
\ No newline at end of file
Added: trunk/security/src/main/org/jboss/security/integration/password/XMLEncryptionUtil.java
===================================================================
--- trunk/security/src/main/org/jboss/security/integration/password/XMLEncryptionUtil.java (rev 0)
+++ trunk/security/src/main/org/jboss/security/integration/password/XMLEncryptionUtil.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,274 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.integration.password;
+
+import java.security.Key;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+
+import org.apache.xml.security.encryption.EncryptedData;
+import org.apache.xml.security.encryption.EncryptedKey;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * XML Encryption Util
+ * <b>Note: </b> This utility is currently using Apache XML Security
+ * library API. JSR-106 is not yet final. Until that happens,we
+ * rely on the non-standard API.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 4, 2009
+ */
+public class XMLEncryptionUtil
+{
+ public static final String CIPHER_DATA_LOCALNAME = "CipherData";
+ public static final String ENCRYPTED_DATA_LOCALNAME = "EncryptedData";
+ public static final String ENCRYPTED_KEY_LOCALNAME = "EncryptedKey";
+ public static final String DS_KEY_INFO = "ds:KeyInfo";
+
+ public static final String XMLNS = "http://www.w3.org/2000/xmlns/";
+ public static String XMLSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ public static String XMLENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+
+ private static Map<String,EncryptionAlgorithm> algorithms;
+
+ private static class EncryptionAlgorithm
+ {
+ EncryptionAlgorithm(String jceName, String xmlSecName, int size)
+ {
+ this.jceName = jceName;
+ this.xmlSecName = xmlSecName;
+ this.size = size;
+ }
+
+ public String jceName;
+ public String xmlSecName;
+ public int size;
+ }
+
+ static
+ {
+ algorithms = new HashMap<String, EncryptionAlgorithm>(4);
+ algorithms.put("aes-128", new EncryptionAlgorithm("AES", XMLCipher.AES_128, 128));
+ algorithms.put("aes-192", new EncryptionAlgorithm("AES", XMLCipher.AES_192, 192));
+ algorithms.put("aes-256", new EncryptionAlgorithm("AES", XMLCipher.AES_256, 256));
+ algorithms.put("tripledes", new EncryptionAlgorithm("TripleDes", XMLCipher.TRIPLEDES, 168));
+
+ //Initialize the Apache XML Security Library
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * <p>
+ * Encrypt the Key to be transported
+ * </p>
+ * <p>
+ * Data is encrypted with a SecretKey. Then the key needs to be
+ * transported to the other end where it is needed for decryption.
+ * For the Key transport, the SecretKey is encrypted with the
+ * recipient's public key. At the receiving end, the receiver
+ * can decrypt the Secret Key using his private key.s
+ * </p>
+ * @param document
+ * @param keyToBeEncrypted Symmetric Key (SecretKey)
+ * @param keyUsedToEncryptSecretKey Asymmetric Key (Public Key)
+ * @param keySize Length of the key
+ * @return
+ * @throws Exception
+ */
+ public static EncryptedKey encryptKey(Document document,
+ SecretKey keyToBeEncrypted, PublicKey keyUsedToEncryptSecretKey,
+ int keySize) throws Exception
+ {
+ if(keyToBeEncrypted == null)
+ throw new IllegalArgumentException("secret key is null");
+
+ XMLCipher keyCipher = null;
+ String pubKeyAlg = keyUsedToEncryptSecretKey.getAlgorithm();
+
+ String keyWrapAlgo = getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, keySize);
+ keyCipher = XMLCipher.getInstance(keyWrapAlgo);
+
+ keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncryptSecretKey);
+ return keyCipher.encryptKey(document, keyToBeEncrypted);
+ }
+
+ /**
+ * Encrypt a document at the root (Use aes-128)
+ * @param document
+ * @param secretKey
+ * @param publicKey
+ * @param keySize
+ * @return
+ * @throws Exception
+ */
+ public static Document encrypt(Document document, SecretKey secretKey, PublicKey publicKey, int keySize)
+ throws Exception
+ {
+ //Encrypt
+ XMLCipher cipher = XMLCipher.getInstance(algorithms.get("aes-128").xmlSecName);
+ cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+
+ //Encrypted Key
+ EncryptedKey ekey = XMLEncryptionUtil.encryptKey(document, secretKey, publicKey, keySize);
+ //Encrypted Data
+ String encryptionAlgorithm = XMLEncryptionUtil.getXMLEncryptionURL(secretKey.getAlgorithm(), keySize);
+ //Encrypt the Document
+ cipher = XMLCipher.getInstance(encryptionAlgorithm);
+ cipher.init(XMLCipher.ENCRYPT_MODE, secretKey);
+
+ Document encryptedDoc = cipher.doFinal(document, document.getDocumentElement());
+ Element encryptedDocRootElement = encryptedDoc.getDocumentElement();
+ // The EncryptedKey element is added
+ Element encryptedKeyElement = cipher.martial(document, ekey);
+
+ // Outer ds:KeyInfo Element to hold the EncryptionKey
+ Element sigElement = encryptedDoc.createElementNS(XMLSIG_NS, DS_KEY_INFO);
+ sigElement.setAttributeNS(XMLNS, "xmlns:ds", XMLSIG_NS);
+ sigElement.appendChild(encryptedKeyElement);
+
+ //Insert the Encrypted key before the CipherData element
+ NodeList nodeList = encryptedDocRootElement.getElementsByTagNameNS(XMLENC_NS, CIPHER_DATA_LOCALNAME);
+ if (nodeList == null || nodeList.getLength() == 0)
+ throw new IllegalStateException("xenc:CipherData Element Missing");
+
+ Element cipherDataElement = (Element) nodeList.item(0);
+ encryptedDocRootElement.insertBefore(sigElement, cipherDataElement);
+ return encryptedDoc;
+ }
+
+ /**
+ * Decrypt a document
+ * @param encryptedDoc
+ * @param privateKey
+ * @return
+ * @throws Exception
+ */
+ public static Document decrypt(Document encryptedDoc, PrivateKey privateKey) throws Exception
+ {
+ //First look for enc data
+ Element docRoot = encryptedDoc.getDocumentElement();
+ Node dataEL = null;
+ Node keyEL = null;
+
+ if(XMLENC_NS.equals(docRoot.getNamespaceURI())
+ && ENCRYPTED_DATA_LOCALNAME.equals(docRoot.getLocalName()))
+ {
+ //we found it
+ dataEL = docRoot;
+ }
+ else
+ {
+ NodeList childs = docRoot.getElementsByTagNameNS(XMLENC_NS, ENCRYPTED_DATA_LOCALNAME);
+ if(childs == null || childs.getLength() == 0)
+ throw new IllegalStateException("Encrypted Data not found");
+ dataEL = childs.item(0);
+ }
+
+ NodeList keyList = ((Element)dataEL).getElementsByTagNameNS(XMLENC_NS, ENCRYPTED_KEY_LOCALNAME);
+ if(keyList == null || keyList.getLength() == 0)
+ throw new IllegalStateException("Encrypted Key not found");
+ keyEL = keyList.item(0);
+
+ if(dataEL == null)
+ throw new IllegalStateException("Encrypted Data not found");
+ if(keyEL == null)
+ throw new IllegalStateException("Encrypted Key not found");
+
+ XMLCipher cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.DECRYPT_MODE, null);
+ EncryptedData encryptedData = cipher.loadEncryptedData(encryptedDoc, (Element)dataEL);
+ EncryptedKey encryptedKey = cipher.loadEncryptedKey(encryptedDoc, (Element)keyEL);
+
+ Document decryptedDoc = null;
+
+ if (encryptedData != null && encryptedKey != null)
+ {
+ String encAlgoURL = encryptedData.getEncryptionMethod().getAlgorithm();
+ XMLCipher keyCipher = XMLCipher.getInstance();
+ keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey);
+ Key encryptionKey = keyCipher.decryptKey( encryptedKey, encAlgoURL );
+ cipher = XMLCipher.getInstance();
+ cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey);
+ decryptedDoc = cipher.doFinal(encryptedDoc, (Element)dataEL);
+ }
+ return decryptedDoc;
+ }
+
+ /**
+ * From the secret key, get the W3C XML Encryption URL
+ * @param publicKeyAlgo
+ * @param keySize
+ * @return
+ */
+ private static String getXMLEncryptionURLForKeyUnwrap(String publicKeyAlgo, int keySize)
+ {
+ if("AES".equals(publicKeyAlgo))
+ {
+ switch(keySize)
+ {
+ case 192: return XMLCipher.AES_192_KeyWrap;
+ case 256: return XMLCipher.AES_256_KeyWrap;
+ default:
+ return XMLCipher.AES_128_KeyWrap;
+ }
+ }
+ if(publicKeyAlgo.contains("RSA"))
+ return XMLCipher.RSA_v1dot5;
+ if(publicKeyAlgo.contains("DES"))
+ return XMLCipher.TRIPLEDES_KeyWrap;
+ throw new IllegalArgumentException("unsupported publicKey Algo:" + publicKeyAlgo);
+ }
+
+ /**
+ * From the secret key, get the W3C XML Encryption URL
+ * @param secretKey
+ * @param keySize
+ * @return
+ */
+ public static String getXMLEncryptionURL(String algo, int keySize)
+ {
+ if("AES".equals(algo))
+ {
+ switch(keySize)
+ {
+ case 192: return XMLCipher.AES_192;
+ case 256: return XMLCipher.AES_256;
+ default:
+ return XMLCipher.AES_128;
+ }
+ }
+ if(algo.contains("RSA"))
+ return XMLCipher.RSA_v1dot5;
+ if(algo.contains("DES"))
+ return XMLCipher.TRIPLEDES_KeyWrap;
+ throw new IllegalArgumentException("Secret Key with unsupported algo:" + algo);
+ }
+}
\ No newline at end of file
Modified: trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml
===================================================================
--- trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/server/src/etc/deployers/security-deployer-jboss-beans.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -30,5 +30,6 @@
<bean name="XACMLParsingDeployer"
class="org.jboss.security.deployers.XacmlConfigParsingDeployer" />
+ <!-- Deployer for JBossACL Config -->
<bean name="ACLParsingDeployer" class="org.jboss.security.deployers.AclConfigParsingDeployer"/>
</deployment>
Modified: trunk/testsuite/imports/config/configs.xml
===================================================================
--- trunk/testsuite/imports/config/configs.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/testsuite/imports/config/configs.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -11,5 +11,6 @@
JBoss Server Configuration -->
<import file="tests-clustering.xml"/>
<import file="tests-bootstrap-dependencies.xml"/>
+<import file="tests-password-mask.xml"/>
</project>
Modified: trunk/testsuite/imports/sections/security.xml
===================================================================
--- trunk/testsuite/imports/sections/security.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/testsuite/imports/sections/security.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -506,5 +506,12 @@
</fileset>
</jar>
+ <!-- JBAS-6710: Password Masking in XML -->
+ <jar destfile="${build.lib}/passwordbean.jar">
+ <fileset dir="${build.classes}">
+ <include name="org/jboss/test/security/beans/TestPasswordInjectedBean.class"/>
+ </fileset>
+ </jar>
+
</target>
</project>
Modified: trunk/testsuite/imports/server-config.xml
===================================================================
--- trunk/testsuite/imports/server-config.xml 2009-04-20 16:28:53 UTC (rev 87586)
+++ trunk/testsuite/imports/server-config.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -185,6 +185,14 @@
<sysproperty key="java.net.preferIPv4Stack" value="true" />
<sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
</server>
+ <server name="password-mask" host="${node0}">
+ <jvmarg value="-Xms128m" />
+ <jvmarg value="-Xmx256m" />
+ <jvmarg value="-XX:MaxPermSize=512m" />
+ <jvmarg value="${jpda.cmdline}" />
+ <sysproperty key="java.net.preferIPv4Stack" value="true" />
+ <sysproperty key="java.endorsed.dirs" value="${jboss.dist}/lib/endorsed" />
+ </server>
<server name="tomcat-sso" host="${node0}">
<jvmarg value="-Xms128m" />
<jvmarg value="-Xmx256m" />
Added: trunk/testsuite/src/main/org/jboss/test/passwordinjection/test/PasswordInjectionUnitTestCase.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/passwordinjection/test/PasswordInjectionUnitTestCase.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/passwordinjection/test/PasswordInjectionUnitTestCase.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.passwordinjection.test;
+
+import javax.naming.InitialContext;
+
+import junit.extensions.TestSetup;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.JBossTestSetup;
+import org.jboss.test.security.beans.TestPasswordInjectedBean;
+
+/**
+ * JBAS-6710: Password masking in xml
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 17, 2009
+ */
+public class PasswordInjectionUnitTestCase extends JBossTestCase
+{
+ public PasswordInjectionUnitTestCase(String name)
+ {
+ super(name);
+ }
+
+ public void testPasswordInjection() throws Exception
+ {
+ InitialContext ic = new InitialContext();
+ TestPasswordInjectedBean tp = (TestPasswordInjectedBean) ic.lookup("testJNDIBean");
+ assertNotNull("Password Bean is in JNDI", tp);
+ assertTrue("Password has been injected", tp.isPasswordSet());
+ }
+
+ public static Test suite() throws Exception
+ {
+ TestSuite suite = new TestSuite();
+ suite.addTest(new TestSuite(PasswordInjectionUnitTestCase.class));
+
+ // Create an initializer for the test suite
+ TestSetup wrapper = new JBossTestSetup(suite)
+ {
+ String passBeans = "test-password-jboss-beans.xml";
+ String jarName = "passwordbean.jar";
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+
+ deploy(jarName);
+
+ // deploy the Password Beans
+ String url1 = getResourceURL("security/password-mask/" + passBeans);
+ deploy(url1);
+
+ }
+ protected void tearDown() throws Exception
+ {
+ undeploy(jarName);
+
+ // undeploy the Password Beans
+ String url1 = getResourceURL("security/password-mask/" + passBeans);
+ undeploy(url1);
+ super.tearDown();
+ }
+ };
+ return wrapper;
+ }
+}
\ No newline at end of file
Added: trunk/testsuite/src/main/org/jboss/test/security/beans/TestPasswordInjectedBean.java
===================================================================
--- trunk/testsuite/src/main/org/jboss/test/security/beans/TestPasswordInjectedBean.java (rev 0)
+++ trunk/testsuite/src/main/org/jboss/test/security/beans/TestPasswordInjectedBean.java 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,50 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.beans;
+
+import java.io.Serializable;
+
+/**
+ * A bean that will have the @Password
+ * annotation injected via the xml config
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 17, 2009
+ */
+public class TestPasswordInjectedBean implements Serializable
+{
+ private static final long serialVersionUID = 1L;
+ private char[] mypass = null;
+
+ public void setPass(char[] p)
+ {
+ this.mypass = p;
+ }
+
+ public boolean isPasswordSet()
+ {
+ if(mypass != null)
+ {
+ System.out.println("TEST-PASSWORD-BEAN:" + new String(mypass));
+ }
+ return mypass != null;
+ }
+}
\ No newline at end of file
Added: trunk/testsuite/src/resources/security/password-mask/test-password-jboss-beans.xml
===================================================================
--- trunk/testsuite/src/resources/security/password-mask/test-password-jboss-beans.xml (rev 0)
+++ trunk/testsuite/src/resources/security/password-mask/test-password-jboss-beans.xml 2009-04-20 17:44:24 UTC (rev 87587)
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment xmlns="urn:jboss:bean-deployer:2.0">
+
+ <bean name="TestPasswordBean" class="org.jboss.test.security.beans.TestPasswordInjectedBean">
+ <!-- Password Annotation to inject the password from the common password utility -->
+ <annotation>@org.jboss.security.integration.password.Password(securityDomain="test-bean",methodName="setPass")</annotation>
+ </bean>
+
+ <bean name="TestJNDIBean" class="org.jboss.security.integration.JNDIBindingBean">
+ <property name="bean"><inject bean="TestPasswordBean"/></property>
+ <property name="JNDIContext">testJNDIBean</property>
+ </bean>
+
+</deployment>
More information about the jboss-cvs-commits
mailing list