[jboss-cvs] JBossAS SVN: r65315 - branches/Branch_4_0/security/src/main/org/jboss/security/plugins.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Sep 11 18:46:46 EDT 2007
Author: sguilhen at redhat.com
Date: 2007-09-11 18:46:46 -0400 (Tue, 11 Sep 2007)
New Revision: 65315
Modified:
branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
Log:
Added code to allow for truststore password encryption, according to the issue #JBAS-4701
Modified: branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java
===================================================================
--- branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2007-09-11 22:37:28 UTC (rev 65314)
+++ branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomain.java 2007-09-11 22:46:46 UTC (rev 65315)
@@ -239,22 +239,48 @@
}
public void setKeyStorePass(String password)
+ throws Exception
{
- this.keyStorePassword = null;
- // Look for a {...} prefix indicating a password command
- if( password.charAt(0) == '{' )
- {
- StringTokenizer tokenizer = new StringTokenizer(password, "{}");
- this.keyStorePasswordCmdType = tokenizer.nextToken();
- this.keyStorePasswordCmd = tokenizer.nextToken();
- }
- else
- {
- // Its just the keystore password string
- this.keyStorePassword = password.toCharArray();
- }
+ this.keyStorePassword = this.loadPassword(password);
+
+ // Create the PBE secret key
+ cipherSpec = new PBEParameterSpec(salt, iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(this.keyStorePassword);
+ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
+ cipherKey = factory.generateSecret(keySpec);
}
+ private char[] loadPassword(String passwordString)
+ throws Exception
+ {
+ char[] password = null;
+ String commandType = null;
+ String command = null;
+ if( passwordString.charAt(0) == '{' )
+ {
+ StringTokenizer tokenizer = new StringTokenizer(passwordString, "{}");
+ commandType = tokenizer.nextToken();
+ command = tokenizer.nextToken();
+ }
+ else
+ {
+ // Its just the keystore password string
+ password = passwordString.toCharArray();
+ }
+
+ if(password == null)
+ {
+ if( commandType.equals("EXT") )
+ password = execPasswordCmd(command);
+ else if( commandType.equals("CLASS") )
+ password =invokePasswordClass(command);
+ else
+ throw new IllegalArgumentException("Unknown keyStorePasswordCmdType: "+keyStorePasswordCmdType);
+ }
+
+ return password;
+ }
+
public String getTrustStoreType()
{
return this.trustStoreType;
@@ -266,8 +292,9 @@
}
public void setTrustStorePass(String password)
+ throws Exception
{
- this.trustStorePassword = password.toCharArray();
+ this.trustStorePassword = this.loadPassword(password);
}
public String getTrustStoreURL()
@@ -384,9 +411,6 @@
protected void startService()
throws Exception
{
- // Load the keystore password if it was
- loadKeystorePassword();
-
// Load the key and/or truststore into memory
loadKeyAndTrustStore();
@@ -414,29 +438,6 @@
cipherKey = null;
}
- /** If keyStorePassword is null and keyStorePasswordCmd exists,
- * execute it to obtain the password.
- */
- private void loadKeystorePassword()
- throws Exception
- {
- if( keyStorePassword == null )
- {
- if( keyStorePasswordCmdType.equals("EXT") )
- execPasswordCmd();
- else if( keyStorePasswordCmdType.equals("CLASS") )
- invokePasswordClass();
- else
- throw new IllegalArgumentException("Unknown keyStorePasswordCmdType: "+keyStorePasswordCmdType);
- }
-
- // Create the PBE secret key
- cipherSpec = new PBEParameterSpec(salt, iterationCount);
- PBEKeySpec keySpec = new PBEKeySpec(keyStorePassword);
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
- cipherKey = factory.generateSecret(keySpec);
- }
-
private void loadKeyAndTrustStore()
throws Exception
{
@@ -467,37 +468,35 @@
}
}
- private void execPasswordCmd()
+ private char[] execPasswordCmd(String command)
throws Exception
{
- log.debug("Executing command: "+keyStorePasswordCmd);
+ log.debug("Executing command: "+command);
Runtime rt = Runtime.getRuntime();
- Process p = rt.exec(keyStorePasswordCmd);
+ Process p = rt.exec(command);
InputStream stdin = p.getInputStream();
BufferedReader reader = new BufferedReader(new InputStreamReader(stdin));
String password = reader.readLine();
stdin.close();
int exitCode = p.waitFor();
log.debug("Command exited with: "+exitCode);
- keyStorePassword = password.toCharArray();
+ return password.toCharArray();
}
/**
*
* @throws Exception
*/
- private void invokePasswordClass()
+ private char[] invokePasswordClass(String command)
throws Exception
{
- keyStorePassword = null;
-
// Check for a ctor argument delimited by ':'
- String classname = keyStorePasswordCmd;
+ String classname = command;
String ctorArg = null;
- int colon = keyStorePasswordCmd.indexOf(':');
+ int colon = command.indexOf(':');
if( colon > 0 )
{
- classname = keyStorePasswordCmd.substring(0, colon);
- ctorArg = keyStorePasswordCmd.substring(colon+1);
+ classname = command.substring(0, colon);
+ ctorArg = command.substring(colon+1);
}
log.debug("Loading class: "+classname+", ctorArg="+ctorArg);
ClassLoader loader = SubjectActions.getContextClassLoader();
@@ -525,15 +524,16 @@
Method toCharArray = c.getMethod("toCharArray", sig);
Object[] args = {};
log.debug("Invoking toCharArray");
- keyStorePassword = (char[]) toCharArray.invoke(instance, args);
+ return (char[]) toCharArray.invoke(instance, args);
}
catch(NoSuchMethodException e)
{
log.debug("No toCharArray found, invoking toString");
String tmp = instance.toString();
if( tmp != null )
- keyStorePassword = tmp.toCharArray();
+ return tmp.toCharArray();
}
+ return null;
}
private URL validateStoreURL(String storeURL) throws IOException
Modified: branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java
===================================================================
--- branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2007-09-11 22:37:28 UTC (rev 65314)
+++ branches/Branch_4_0/security/src/main/org/jboss/security/plugins/JaasSecurityDomainMBean.java 2007-09-11 22:46:46 UTC (rev 65315)
@@ -51,7 +51,7 @@
public void setKeyStoreURL(String storeURL) throws IOException;
/** Set the credential string for the KeyStore.
*/
- public void setKeyStorePass(String password);
+ public void setKeyStorePass(String password) throws Exception;
/** Get the type of the trust store
* @return the type of the trust store
@@ -63,7 +63,7 @@
public void setTrustStoreType(String type);
/** Set the credential string for the trust store.
*/
- public void setTrustStorePass(String password);
+ public void setTrustStorePass(String password) throws Exception;
/** Get the trust store database URL string.
*/
public String getTrustStoreURL();
More information about the jboss-cvs-commits
mailing list