[jboss-cvs] JBoss Messaging SVN: r8021 - in branches/Branch_1_4: integration/EAP4/etc/server/default/deploy and 4 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu May 13 10:35:39 EDT 2010
Author: gaohoward
Date: 2010-05-13 10:35:38 -0400 (Thu, 13 May 2010)
New Revision: 8021
Added:
branches/Branch_1_4/src/main/org/jboss/messaging/util/SecurityUtil.java
branches/Branch_1_4/tests/src/org/jboss/test/messaging/util/SecurityUtilTest.java
Modified:
branches/Branch_1_4/integration/AS5/etc/server/default/deploy/messaging-service.xml
branches/Branch_1_4/integration/EAP4/etc/server/default/deploy/messaging-service.xml
branches/Branch_1_4/integration/EAP5/etc/server/default/deploy/messaging-service.xml
branches/Branch_1_4/src/main/org/jboss/jms/server/ServerPeer.java
Log:
JBMESSAGING-1806
Modified: branches/Branch_1_4/integration/AS5/etc/server/default/deploy/messaging-service.xml
===================================================================
--- branches/Branch_1_4/integration/AS5/etc/server/default/deploy/messaging-service.xml 2010-05-05 02:08:50 UTC (rev 8020)
+++ branches/Branch_1_4/integration/AS5/etc/server/default/deploy/messaging-service.xml 2010-05-13 14:35:38 UTC (rev 8021)
@@ -104,6 +104,9 @@
<!-- The password used by the message sucker connections to create connections.
THIS SHOULD ALWAYS BE CHANGED AT INSTALL TIME TO SECURE SYSTEM
+ The value of this attribute is an encoded value of clear text password. It can be
+ generated with a util class called org.jboss.messaging.util.SecurityUtil, e.g.
+ java org.jboss.messaging.util.SecurityUtil <clear text password>
<attribute name="SuckerPassword"></attribute>
-->
Modified: branches/Branch_1_4/integration/EAP4/etc/server/default/deploy/messaging-service.xml
===================================================================
--- branches/Branch_1_4/integration/EAP4/etc/server/default/deploy/messaging-service.xml 2010-05-05 02:08:50 UTC (rev 8020)
+++ branches/Branch_1_4/integration/EAP4/etc/server/default/deploy/messaging-service.xml 2010-05-13 14:35:38 UTC (rev 8021)
@@ -100,6 +100,9 @@
<!-- The password used by the message sucker connections to create connections.
THIS SHOULD ALWAYS BE CHANGED AT INSTALL TIME TO SECURE SYSTEM
+ The value of this attribute is an encoded value of clear text password. It can be
+ generated with a util class called org.jboss.messaging.util.SecurityUtil, e.g.
+ java org.jboss.messaging.util.SecurityUtil <clear text password>
<attribute name="SuckerPassword"></attribute>
-->
Modified: branches/Branch_1_4/integration/EAP5/etc/server/default/deploy/messaging-service.xml
===================================================================
--- branches/Branch_1_4/integration/EAP5/etc/server/default/deploy/messaging-service.xml 2010-05-05 02:08:50 UTC (rev 8020)
+++ branches/Branch_1_4/integration/EAP5/etc/server/default/deploy/messaging-service.xml 2010-05-13 14:35:38 UTC (rev 8021)
@@ -104,6 +104,9 @@
<!-- The password used by the message sucker connections to create connections.
THIS SHOULD ALWAYS BE CHANGED AT INSTALL TIME TO SECURE SYSTEM
+ The value of this attribute is an encoded value of clear text password. It can be
+ generated with a util class called org.jboss.messaging.util.SecurityUtil, e.g.
+ java org.jboss.messaging.util.SecurityUtil <clear text password>
<attribute name="SuckerPassword"></attribute>
-->
Modified: branches/Branch_1_4/src/main/org/jboss/jms/server/ServerPeer.java
===================================================================
--- branches/Branch_1_4/src/main/org/jboss/jms/server/ServerPeer.java 2010-05-05 02:08:50 UTC (rev 8020)
+++ branches/Branch_1_4/src/main/org/jboss/jms/server/ServerPeer.java 2010-05-13 14:35:38 UTC (rev 8021)
@@ -83,6 +83,7 @@
import org.jboss.messaging.core.impl.tx.TransactionRepository;
import org.jboss.messaging.util.ExceptionUtil;
import org.jboss.messaging.util.JMXAccessor;
+import org.jboss.messaging.util.SecurityUtil;
import org.jboss.messaging.util.Util;
import org.jboss.messaging.util.Version;
import org.jboss.remoting.marshal.MarshalFactory;
@@ -158,7 +159,7 @@
private long recoverDeliveriesTimeout = 5 * 60 * 1000;
- private String suckerPassword = SecurityMetadataStore.DEFAULT_SUCKER_USER_PASSWORD;
+ private String suckerPassword;
/** The server aop xml configuration */
private String serverAopConfig = "aop-messaging-server.xml";
@@ -303,6 +304,11 @@
{
suckerPassword = SecurityMetadataStore.DEFAULT_SUCKER_USER_PASSWORD;
}
+ else
+ {
+ //https://jira.jboss.org/jira/browse/JBMESSAGING-1806
+ suckerPassword = new String(SecurityUtil.decode(suckerPassword));
+ }
// Allow the securityStore to default to the SecurityMetadataStore impl
if (isDefaultSecurityStore)
{
Added: branches/Branch_1_4/src/main/org/jboss/messaging/util/SecurityUtil.java
===================================================================
--- branches/Branch_1_4/src/main/org/jboss/messaging/util/SecurityUtil.java (rev 0)
+++ branches/Branch_1_4/src/main/org/jboss/messaging/util/SecurityUtil.java 2010-05-13 14:35:38 UTC (rev 8021)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005-2010, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+
+package org.jboss.messaging.util;
+
+import java.math.BigInteger;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * A SecurityUtil a util class used to encode/decode passwords
+ * implementation copied from org.jboss.resource.security.SecureIdentityLoginModule
+ *
+ * @author <a href="mailto:hgao at redhat.com">Howard Gao</a>
+ *
+ * Created May 12, 2010 9:30:11 PM
+ *
+ *
+ */
+public final class SecurityUtil
+{
+
+ private static final byte[] KEY_BYTES = "sucker default".getBytes();
+
+ public static String encode(String secret) throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ BadPaddingException,
+ IllegalBlockSizeException
+ {
+ SecretKeySpec key = new SecretKeySpec(KEY_BYTES, "Blowfish");
+
+ Cipher cipher = Cipher.getInstance("Blowfish");
+ System.out.println("key len: " + KEY_BYTES.length + " length max: " + Cipher.getMaxAllowedKeyLength("Blowfish"));
+ cipher.init(Cipher.ENCRYPT_MODE, key);
+ byte[] encoding = cipher.doFinal(secret.getBytes());
+ BigInteger n = new BigInteger(encoding);
+ return n.toString(16);
+ }
+
+ public static char[] decode(String secret) throws NoSuchPaddingException,
+ NoSuchAlgorithmException,
+ InvalidKeyException,
+ BadPaddingException,
+ IllegalBlockSizeException
+ {
+ SecretKeySpec key = new SecretKeySpec(KEY_BYTES, "Blowfish");
+
+ BigInteger n = new BigInteger(secret, 16);
+ byte[] encoding = n.toByteArray();
+
+ // JBAS-3457: fix leading zeros
+ if (encoding.length % 8 != 0)
+ {
+ int length = encoding.length;
+ int newLength = ((length / 8) + 1) * 8;
+ int pad = newLength - length; // number of leading zeros
+ byte[] old = encoding;
+ encoding = new byte[newLength];
+ for (int i = old.length - 1; i >= 0; i--)
+ {
+ encoding[i + pad] = old[i];
+ }
+ }
+
+ Cipher cipher = Cipher.getInstance("Blowfish");
+ cipher.init(Cipher.DECRYPT_MODE, key);
+ byte[] decode = cipher.doFinal(encoding);
+ return new String(decode).toCharArray();
+ }
+
+ /** Main entry point to encrypt a password using the hard-coded pass phrase
+ *
+ * @param args - [0] = the password to encode
+ * @throws Exception
+ */
+ public static void main(String[] args) throws Exception
+ {
+ String encode = encode(args[0]);
+ System.out.println("Encoded password: " + encode);
+ }
+}
Added: branches/Branch_1_4/tests/src/org/jboss/test/messaging/util/SecurityUtilTest.java
===================================================================
--- branches/Branch_1_4/tests/src/org/jboss/test/messaging/util/SecurityUtilTest.java (rev 0)
+++ branches/Branch_1_4/tests/src/org/jboss/test/messaging/util/SecurityUtilTest.java 2010-05-13 14:35:38 UTC (rev 8021)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005-2010, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+
+package org.jboss.test.messaging.util;
+
+import org.jboss.messaging.util.SecurityUtil;
+import org.jboss.test.messaging.MessagingTestCase;
+
+/**
+ * A SecurityUtilTest
+ *
+ * @author <a href="mailto:hgao at redhat.com">Howard Gao</a>
+ *
+ * Created May 13, 2010 1:06:43 PM
+ *
+ *
+ */
+public class SecurityUtilTest extends MessagingTestCase
+{
+
+ public SecurityUtilTest(String name)
+ {
+ super(name);
+ }
+
+
+ public void setUp() throws Exception
+ {
+ super.setUp();
+ }
+
+ public void tearDown() throws Exception
+ {
+ super.tearDown();
+ }
+
+ public void testEncodeDecode() throws Exception
+ {
+ String clearText = "Clear Text Password";
+ String maskedText = SecurityUtil.encode(clearText);
+ char[] decodedBytes = SecurityUtil.decode(maskedText);
+ String decodedText = new String(decodedBytes);
+ log.debug("Decoded text: " + decodedText);
+
+ assertEquals(clearText, decodedText);
+
+ }
+
+}
More information about the jboss-cvs-commits
mailing list