Author: shawkins
Date: 2009-04-09 16:56:48 -0400 (Thu, 09 Apr 2009)
New Revision: 741
Added:
trunk/common-core/src/main/resources/teiid.keystore
trunk/common-internal/src/test/resources/keymanage/other.keystore
trunk/common-internal/src/test/resources/keymanage/teiid.keystore
Removed:
trunk/common-core/src/main/resources/cluster.key
trunk/common-internal/src/test/resources/keymanage/cluster.key
trunk/common-internal/src/test/resources/keymanage/other.key
Modified:
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/CryptoUtil.java
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/BasicCryptor.java
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/SymmetricCryptor.java
trunk/common-internal/src/main/java/com/metamatrix/common/config/CurrentConfiguration.java
trunk/common-internal/src/test/java/com/metamatrix/common/util/crypto/keymanage/TestFilePasswordConverter.java
trunk/server/src/main/java/com/metamatrix/platform/registry/HostControllerRegistryBinding.java
trunk/server/src/main/java/com/metamatrix/platform/security/session/service/SessionServiceImpl.java
trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java
trunk/server/src/main/java/com/metamatrix/server/JGroupsProvider.java
Log:
TEIID-260 securing jgroups traffic by default.
Modified:
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/CryptoUtil.java
===================================================================
---
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/CryptoUtil.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/CryptoUtil.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -28,6 +28,8 @@
import java.util.Enumeration;
import java.util.Properties;
+import com.metamatrix.common.util.PropertiesUtils;
+import com.metamatrix.common.util.crypto.cipher.BasicCryptor;
import com.metamatrix.common.util.crypto.cipher.SymmetricCryptor;
import com.metamatrix.core.CorePlugin;
import com.metamatrix.core.ErrorMessageKeys;
@@ -41,17 +43,17 @@
/**
* This property indicates the encryption provider, if set to none encryption is
disabled.
*/
- public static final String JCE_PROVIDER =
"metamatrix.encryption.jce.provider"; //$NON-NLS-1$
+ public static final String ENCRYPTION_ENABLED = "teiid.encryption.enabled";
//$NON-NLS-1$
/** The name of the key. */
- public static final String KEY_NAME = "cluster.key"; //$NON-NLS-1$
+ public static final String KEY_NAME = "teiid.keystore"; //$NON-NLS-1$
public static final URL KEY = CryptoUtil.class.getResource("/" + KEY_NAME);
//$NON-NLS-1$
- public static final String OLD_ENCRYPT_PREFIX = "{mmencrypt}";
//$NON-NLS-1$
- public static final String ENCRYPT_PREFIX = "{mm-encrypt}"; //$NON-NLS-1$
+ public static final String OLD_ENCRYPT_PREFIX = "{mm-encrypt}";
//$NON-NLS-1$
+ public static final String ENCRYPT_PREFIX = "{teiid-encrypt}";
//$NON-NLS-1$
// Empty provider means encryption should be disabled
public static final String NONE = "none"; //$NON-NLS-1$
- private static boolean encryptionEnabled =
!NONE.equalsIgnoreCase(System.getProperty(JCE_PROVIDER));
+ private static boolean encryptionEnabled =
PropertiesUtils.getBooleanProperty(System.getProperties(), ENCRYPTION_ENABLED, true);
private static Cryptor CRYPTOR;
@@ -230,18 +232,20 @@
return false;
}
try {
- if (value.startsWith(ENCRYPT_PREFIX)) {
- try {
- Base64.decode(value.substring(ENCRYPT_PREFIX.length()));
+ if (value.trim().length() == 0) {
+ return false;
+ }
+ String strippedValue = BasicCryptor.stripEncryptionPrefix(value);
+ if (strippedValue.length() != value.length()) {
+ try {
+ Base64.decode(strippedValue);
} catch (IllegalArgumentException e) {
return false;
}
//if we have the encrypt prefix and the rest of the string is base64
encoded, then
//we'll assume that it's properly encrypted
return true;
- } else if (value.trim().length() == 0) {
- return false;
- }
+ }
CryptoUtil.getDecryptor().decrypt(value);
return true;
} catch (CryptoException err) {
Modified:
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/BasicCryptor.java
===================================================================
---
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/BasicCryptor.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/BasicCryptor.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -95,10 +95,7 @@
throw new CryptoException( ErrorMessageKeys.CM_UTIL_ERR_0074,
CorePlugin.Util.getString(ErrorMessageKeys.CM_UTIL_ERR_0074));
}
- //strip prefix
- if (ciphertext.startsWith(CryptoUtil.ENCRYPT_PREFIX)) {
- ciphertext = ciphertext.substring(CryptoUtil.ENCRYPT_PREFIX.length());
- }
+ ciphertext = stripEncryptionPrefix(ciphertext);
// Decode the previously encoded text into bytes...
byte[] cipherBytes = null;
@@ -113,6 +110,15 @@
return new String(cleartext);
}
+ public static String stripEncryptionPrefix(String ciphertext) {
+ if (ciphertext.startsWith(CryptoUtil.ENCRYPT_PREFIX)) {
+ ciphertext = ciphertext.substring(CryptoUtil.ENCRYPT_PREFIX.length());
+ } else if (ciphertext.startsWith(CryptoUtil.OLD_ENCRYPT_PREFIX)) {
+ ciphertext = ciphertext.substring(CryptoUtil.OLD_ENCRYPT_PREFIX.length());
+ }
+ return ciphertext;
+ }
+
/**
* Initialize the ciphers used for encryption and decryption. The ciphers
* define the algorithms to be used. They are initialized with the
Modified:
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/SymmetricCryptor.java
===================================================================
---
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/SymmetricCryptor.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/common-core/src/main/java/com/metamatrix/common/util/crypto/cipher/SymmetricCryptor.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -28,11 +28,12 @@
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.Key;
+import java.security.KeyStore;
import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
-import com.metamatrix.common.util.ByteArrayHelper;
import com.metamatrix.common.util.crypto.CryptoException;
import com.metamatrix.core.util.ArgCheck;
@@ -44,7 +45,10 @@
public static final String DEFAULT_SYM_KEY_ALGORITHM = "AES";
//$NON-NLS-1$
public static final String DEFAULT_SYM_ALGORITHM = "AES/ECB/PKCS5Padding";
//$NON-NLS-1$
- public static final int DEFAULT_KEY_BITS = 128;
+ public static final int DEFAULT_KEY_BITS = 128;
+ public static final String DEFAULT_STORE_PASSWORD = "changeit";
//$NON-NLS-1$
+ public static final String DEFAULT_ALIAS = "cluster_key"; //$NON-NLS-1$
+
private static KeyGenerator keyGen;
/**
@@ -59,7 +63,7 @@
return new SymmetricCryptor(key);
}
- private static Key generateKey() throws CryptoException {
+ private static SecretKey generateKey() throws CryptoException {
try {
synchronized(SymmetricCryptor.class) {
if (keyGen == null) {
@@ -82,7 +86,18 @@
* @throws IOException
*/
public static SymmetricCryptor getSymmectricCryptor(URL keyResource) throws
CryptoException, IOException {
- return getSymmectricCryptor(loadKey(keyResource));
+ ArgCheck.isNotNull(keyResource);
+ InputStream stream = keyResource.openStream();
+ try {
+ KeyStore store = KeyStore.getInstance("JCEKS"); //$NON-NLS-1$
+ store.load(stream, DEFAULT_STORE_PASSWORD.toCharArray());
+ Key key = store.getKey(DEFAULT_ALIAS, DEFAULT_STORE_PASSWORD.toCharArray());
+ return new SymmetricCryptor(key);
+ } catch (GeneralSecurityException e) {
+ throw new CryptoException(e);
+ } finally {
+ stream.close();
+ }
}
/**
@@ -98,13 +113,23 @@
}
public static void generateAndSaveKey(String file) throws CryptoException,
IOException {
- Key key = generateKey();
+ SecretKey key = generateKey();
+ saveKey(file, key);
+ }
+
+ private static void saveKey(String file, SecretKey key) throws CryptoException,
IOException {
+ ArgCheck.isNotNull(file);
FileOutputStream fos = new FileOutputStream(file);
try {
- fos.write(key.getEncoded());
+ KeyStore store = KeyStore.getInstance("JCEKS"); //$NON-NLS-1$
+ store.load(null,null);
+ store.setKeyEntry(DEFAULT_ALIAS, key, DEFAULT_STORE_PASSWORD.toCharArray(),null);
+ store.store(fos, DEFAULT_STORE_PASSWORD.toCharArray());
+ } catch (GeneralSecurityException e) {
+ throw new CryptoException(e);
} finally {
fos.close();
- }
+ }
}
SymmetricCryptor(Key key) throws CryptoException {
@@ -115,17 +140,11 @@
return this.decryptKey.getEncoded();
}
- private static byte[] loadKey(URL keyResource) throws IOException {
- ArgCheck.isNotNull(keyResource);
- InputStream stream = keyResource.openStream();
- try {
- return ByteArrayHelper.toByteArray(keyResource.openStream());
- } finally {
- stream.close();
+ public static void main(String[] args) throws Exception {
+ if (args.length != 1) {
+ System.out.println("The file to create must be supplied as the only
argument."); //$NON-NLS-1$
+ System.exit(-1);
}
+ SymmetricCryptor.generateAndSaveKey(args[0]);
}
-
- public static void main(String[] args) throws Exception {
- SymmetricCryptor.generateAndSaveKey("cluster.key");
- }
}
Deleted: trunk/common-core/src/main/resources/cluster.key
===================================================================
--- trunk/common-core/src/main/resources/cluster.key 2009-04-09 20:30:04 UTC (rev 740)
+++ trunk/common-core/src/main/resources/cluster.key 2009-04-09 20:56:48 UTC (rev 741)
@@ -1 +0,0 @@
-}�ꑟj�7���"�I�
\ No newline at end of file
Added: trunk/common-core/src/main/resources/teiid.keystore
===================================================================
(Binary files differ)
Property changes on: trunk/common-core/src/main/resources/teiid.keystore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified:
trunk/common-internal/src/main/java/com/metamatrix/common/config/CurrentConfiguration.java
===================================================================
---
trunk/common-internal/src/main/java/com/metamatrix/common/config/CurrentConfiguration.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/common-internal/src/main/java/com/metamatrix/common/config/CurrentConfiguration.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -30,6 +30,7 @@
import java.util.Properties;
import com.metamatrix.common.CommonPlugin;
+import com.metamatrix.common.config.api.ComponentTypeID;
import com.metamatrix.common.config.api.Configuration;
import com.metamatrix.common.config.api.ConfigurationID;
import com.metamatrix.common.config.api.ConfigurationModelContainer;
@@ -199,12 +200,12 @@
*/
public Properties getProperties() {
try {
- Properties result =
getReader().getConfigurationModel().getConfiguration().getProperties();
- Properties copyResult =
PropertiesUtils.clone(result,getBootStrapProperties(),false,true);
- if ( !(copyResult instanceof UnmodifiableProperties) ) {
- copyResult = new UnmodifiableProperties(copyResult);
- }
- return copyResult;
+ ConfigurationModelContainer cmc = getReader().getConfigurationModel();
+ ComponentTypeID id = cmc.getConfiguration().getComponentTypeID();
+ Properties result = new Properties(getBootStrapProperties());
+ PropertiesUtils.putAll(result, cmc.getDefaultPropertyValues(id));
+ PropertiesUtils.putAll(result, cmc.getConfiguration().getProperties());
+ return new UnmodifiableProperties(result);
} catch (ConfigurationException e) {
throw new MetaMatrixRuntimeException(e);
}
Modified:
trunk/common-internal/src/test/java/com/metamatrix/common/util/crypto/keymanage/TestFilePasswordConverter.java
===================================================================
---
trunk/common-internal/src/test/java/com/metamatrix/common/util/crypto/keymanage/TestFilePasswordConverter.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/common-internal/src/test/java/com/metamatrix/common/util/crypto/keymanage/TestFilePasswordConverter.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -36,8 +36,8 @@
private final static String INPUT_XML_FILE = UnitTestUtil.getTestDataPath() +
"/keymanage/config.xml"; //$NON-NLS-1$
private final static String INPUT_VDB_FILE = UnitTestUtil.getTestDataPath() +
"/keymanage/ODBCvdb.VDB"; //$NON-NLS-1$
- private final static String KEYSTORE_FILE1 = UnitTestUtil.getTestDataPath() +
"/keymanage/cluster.key"; //$NON-NLS-1$
- private final static String KEYSTORE_FILE2 = UnitTestUtil.getTestDataPath() +
"/keymanage/other.key"; //$NON-NLS-1$
+ private final static String KEYSTORE_FILE1 = UnitTestUtil.getTestDataPath() +
"/keymanage/teiid.keystore"; //$NON-NLS-1$
+ private final static String KEYSTORE_FILE2 = UnitTestUtil.getTestDataPath() +
"/keymanage/other.keystore"; //$NON-NLS-1$
private final static String TEMP_PROPERTIES = UnitTestUtil.getTestScratchPath() +
"temp.properties"; //$NON-NLS-1$
private final static String TEMP2_PROPERTIES = UnitTestUtil.getTestScratchPath() +
"temp2.properties"; //$NON-NLS-1$
@@ -49,7 +49,7 @@
public void testConvertProperties() throws Exception {
//convert from keystore1 to keystore2
String inputFile = INPUT_PROPERTIES_FILE;
- String outputFile = TEMP_PROPERTIES; //$NON-NLS-1$
+ String outputFile = TEMP_PROPERTIES;
String oldKeystoreFile = KEYSTORE_FILE1;
String newKeystoreFile = KEYSTORE_FILE2;
@@ -69,8 +69,8 @@
//convert back from keystore2 to keystore1
- inputFile = TEMP_PROPERTIES; //$NON-NLS-1$
- outputFile = TEMP2_PROPERTIES; //$NON-NLS-1$
+ inputFile = TEMP_PROPERTIES;
+ outputFile = TEMP2_PROPERTIES;
oldKeystoreFile = KEYSTORE_FILE2;
newKeystoreFile = KEYSTORE_FILE1;
@@ -92,7 +92,7 @@
public void testConvertXML() throws Exception {
//convert from keystore1 to keystore2
String inputFile = INPUT_XML_FILE;
- String outputFile = TEMP_XML; //$NON-NLS-1$
+ String outputFile = TEMP_XML;
String oldKeystoreFile = KEYSTORE_FILE1;
String newKeystoreFile = KEYSTORE_FILE2;
@@ -112,8 +112,8 @@
//convert back from keystore2 to keystore1
- inputFile = TEMP_XML; //$NON-NLS-1$
- outputFile = TEMP2_XML; //$NON-NLS-1$
+ inputFile = TEMP_XML;
+ outputFile = TEMP2_XML;
oldKeystoreFile = KEYSTORE_FILE2;
newKeystoreFile = KEYSTORE_FILE1;
@@ -135,7 +135,7 @@
public void testConvertVDB() throws Exception {
//convert from keystore1 to keystore2
String inputFile = INPUT_VDB_FILE;
- String outputFile = TEMP_VDB; //$NON-NLS-1$
+ String outputFile = TEMP_VDB;
String oldKeystoreFile = KEYSTORE_FILE1;
String newKeystoreFile = KEYSTORE_FILE2;
@@ -155,8 +155,8 @@
//convert back from keystore2 to keystore1
- inputFile = TEMP_VDB; //$NON-NLS-1$
- outputFile = TEMP2_VDB; //$NON-NLS-1$
+ inputFile = TEMP_VDB;
+ outputFile = TEMP2_VDB;
oldKeystoreFile = KEYSTORE_FILE2;
newKeystoreFile = KEYSTORE_FILE1;
Deleted: trunk/common-internal/src/test/resources/keymanage/cluster.key
===================================================================
--- trunk/common-internal/src/test/resources/keymanage/cluster.key 2009-04-09 20:30:04 UTC
(rev 740)
+++ trunk/common-internal/src/test/resources/keymanage/cluster.key 2009-04-09 20:56:48 UTC
(rev 741)
@@ -1 +0,0 @@
-}�ꑟj�7���"�I�
\ No newline at end of file
Deleted: trunk/common-internal/src/test/resources/keymanage/other.key
===================================================================
--- trunk/common-internal/src/test/resources/keymanage/other.key 2009-04-09 20:30:04 UTC
(rev 740)
+++ trunk/common-internal/src/test/resources/keymanage/other.key 2009-04-09 20:56:48 UTC
(rev 741)
@@ -1 +0,0 @@
-������}5̌���&
\ No newline at end of file
Added: trunk/common-internal/src/test/resources/keymanage/other.keystore
===================================================================
(Binary files differ)
Property changes on: trunk/common-internal/src/test/resources/keymanage/other.keystore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: trunk/common-internal/src/test/resources/keymanage/teiid.keystore
===================================================================
(Binary files differ)
Property changes on: trunk/common-internal/src/test/resources/keymanage/teiid.keystore
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified:
trunk/server/src/main/java/com/metamatrix/platform/registry/HostControllerRegistryBinding.java
===================================================================
---
trunk/server/src/main/java/com/metamatrix/platform/registry/HostControllerRegistryBinding.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/server/src/main/java/com/metamatrix/platform/registry/HostControllerRegistryBinding.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -47,7 +47,7 @@
return hostController;
}
if (this.hostControllerStub == null) {
- return null;
+ throw new IllegalStateException("Cannot locate host controller. It may need
to be started or restarted if jgroups properties have changed"); //$NON-NLS-1$
}
// when exported to the remote, use remote's message bus instance.
MessageBus bus = this.messageBus;
Modified:
trunk/server/src/main/java/com/metamatrix/platform/security/session/service/SessionServiceImpl.java
===================================================================
---
trunk/server/src/main/java/com/metamatrix/platform/security/session/service/SessionServiceImpl.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/server/src/main/java/com/metamatrix/platform/security/session/service/SessionServiceImpl.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -84,7 +84,6 @@
*/
private static final String MAX_ACTIVE_SESSIONS =
"metamatrix.session.max.connections"; //$NON-NLS-1$
private static final String SESSION_TIME_LIMIT =
"metamatrix.session.time.limit"; //$NON-NLS-1$
- public static final String SESSION_MONITOR_ACTIVITY_INTERVAL =
"metamatrix.session.sessionMonitor.ActivityInterval"; //$NON-NLS-1$
private static final String SESSION_ID = "SESSION_ID"; //$NON-NLS-1$
Modified:
trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java
===================================================================
---
trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java 2009-04-09
20:30:04 UTC (rev 740)
+++
trunk/server/src/main/java/com/metamatrix/platform/vm/controller/ProcessController.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -259,8 +259,7 @@
this.vmComponentDefn = deployedVM;
- vmProps = new
Properties(CurrentConfiguration.getInstance().getSystemBootStrapProperties());
- PropertiesUtils.putAll(vmProps, config.getConfiguration().getProperties());
+ vmProps = new Properties(config.getConfiguration().getProperties());
PropertiesUtils.putAll(vmProps, host.getProperties());
PropertiesUtils.putAll(vmProps,
config.getDefaultPropertyValues(deployedVM.getComponentTypeID()));
PropertiesUtils.putAll(vmProps,
config.getConfiguration().getAllPropertiesForComponent(deployedVM.getID()));
Modified: trunk/server/src/main/java/com/metamatrix/server/JGroupsProvider.java
===================================================================
--- trunk/server/src/main/java/com/metamatrix/server/JGroupsProvider.java 2009-04-09
20:30:04 UTC (rev 740)
+++ trunk/server/src/main/java/com/metamatrix/server/JGroupsProvider.java 2009-04-09
20:56:48 UTC (rev 741)
@@ -42,6 +42,7 @@
import com.metamatrix.common.config.api.exceptions.ConfigurationException;
import com.metamatrix.common.log.LogManager;
import com.metamatrix.common.util.LogCommonConstants;
+import com.metamatrix.common.util.PropertiesUtils;
import com.metamatrix.core.MetaMatrixRuntimeException;
/**
@@ -74,7 +75,10 @@
"pbcast.GMS(join_timeout=5000;join_retry_timeout=2000;" +
//$NON-NLS-1$
"shun=false;print_local_addr=true):" + //$NON-NLS-1$
"pbcast.STATE_TRANSFER"; //$NON-NLS-1$
-
+
+ private static final String ENCRYPT_ALL =
":ENCRYPT(key_store_name=teiid.keystore;store_password=changeit;alias=cluster_key)";
//$NON-NLS-1$
+ private static final String ENCRYPT_ALL_KEY =
"metamatrix.encryption.internal.secure.sockets"; //$NON-NLS-1$
+
private static final String UDP_MCAST_SUPPORTED_PROPERTY =
"udp.multicast_supported"; //$NON-NLS-1$
private static final String UDP_MCAST_MESSAGEBUS_PORT_PROPERTY =
"udp.mcast_messagebus_port"; //$NON-NLS-1$
private static final String UDP_MCAST_ADDR_PROPERTY = "udp.mcast_addr";
//$NON-NLS-1$
@@ -124,7 +128,8 @@
try {
String properties = null;
Properties configProps =
CurrentConfiguration.getInstance().getResourceProperties(ResourceNames.JGROUPS);
-
+ boolean useEncrypt =
PropertiesUtils.getBooleanProperty(CurrentConfiguration.getInstance().getProperties(),
ENCRYPT_ALL_KEY, false);
+
String udpMulticastSupported = configProps.getProperty(UDP_MCAST_SUPPORTED_PROPERTY,
DEFAULT_UDP_MCAST_SUPPORTED);
String udpMulticastPort = configProps.getProperty(UDP_MCAST_MESSAGEBUS_PORT_PROPERTY,
DEFAULT_UDP_MCAST_PORT);
@@ -171,6 +176,9 @@
"timeout="+pingTimeout+";num_initial_members="+pingInitialMemberCount+"):";
//$NON-NLS-1$ //$NON-NLS-2$//$NON-NLS-3$
}
properties += otherSettings;
+ if (useEncrypt) {
+ properties += ENCRYPT_ALL;
+ }
return properties;
} catch (ConfigurationException e) {