[jboss-svn-commits] JBL Code SVN: r35954 - in labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main: webapp/WEB-INF and 1 other directory.

jboss-svn-commits at lists.jboss.org jboss-svn-commits at lists.jboss.org
Thu Nov 11 16:58:09 EST 2010 

Author: kurt.stam at jboss.com
Date: 2010-11-11 16:58:08 -0500 (Thu, 11 Nov 2010)
New Revision: 35954

Modified:
   labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/java/org/drools/guvnor/server/repository/RepositoryStartupService.java
   labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/webapp/WEB-INF/components.xml
Log:
BRMS-416, allowing the passwords for admin and mailman to be encrypted

Modified: labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/java/org/drools/guvnor/server/repository/RepositoryStartupService.java
===================================================================
--- labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/java/org/drools/guvnor/server/repository/RepositoryStartupService.java	2010-11-11 21:22:38 UTC (rev 35953)
+++ labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/java/org/drools/guvnor/server/repository/RepositoryStartupService.java	2010-11-11 21:58:08 UTC (rev 35954)
@@ -33,10 +33,13 @@
 
 
 
+import java.math.BigInteger;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Properties;
 
+import javax.crypto.Cipher;
+import javax.crypto.spec.SecretKeySpec;
 import javax.jcr.LoginException;
 import javax.jcr.Repository;
 import javax.jcr.RepositoryException;
@@ -67,9 +70,12 @@
 
 	private static final Logger log = LoggerFactory.getLogger(RepositoryStartupService.class);
 	private static final String ADMIN                     = "admin";
+	private static final String ADMIN_USER_PROPERTY       = "org.drools.repository.admin.username";
 	private static final String ADMIN_PASSWORD_PROPERTY   = "org.drools.repository.admin.password";
 	private static final String MAILMAN                   = "mailman";
+	private static final String MAILMAN_USER_PROPERTY     = "org.drools.repository.mailman.username";
 	private static final String MAILMAN_PASSWORD_PROPERTY = "org.drools.repository.mailman.password";
+	private static final String SECURE_PASSWORDS_PROPERTY = "org.drools.repository.secure.passwords";
 	
 	
 	private RulesRepositoryConfigurator configurator;
@@ -94,9 +100,16 @@
     @Create
     public void create() {
     	repository = getRepositoryInstance();
+    	String username = "admin";
+    	if (properties.containsKey(ADMIN_USER_PROPERTY)) {
+    		username = properties.get(ADMIN_USER_PROPERTY);
+    	}
     	String password = "admin";
     	if (properties.containsKey(ADMIN_PASSWORD_PROPERTY)) {
     		password = properties.get(ADMIN_PASSWORD_PROPERTY);
+    		if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
+    			password = decode(password);
+    		}
     	} else {
     		log.debug("Could not find property " + ADMIN_PASSWORD_PROPERTY + " for user " + ADMIN);
     	}
@@ -121,9 +134,16 @@
 
     /** Start up the mailbox, flush out any messages that were left */
     private void startMailboxService() {
+    	String username = "mailman";
+    	if (properties.containsKey(MAILMAN_USER_PROPERTY)) {
+    		username = properties.get(MAILMAN_USER_PROPERTY);
+    	}
     	String password = "mailman";
     	if (properties.containsKey(MAILMAN_PASSWORD_PROPERTY)) {
     		password = properties.get(MAILMAN_PASSWORD_PROPERTY);
+    		if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
+    			password = decode(password);
+    		}
     	} else {
     		log.debug("Could not find property " + MAILMAN_PASSWORD_PROPERTY + " for user " + MAILMAN);
     	}
@@ -199,5 +219,41 @@
             throw new RulesRepositoryException( e );
         }
     }
+    
+    
+    
+    private static String decode(String secret)
+    {
+    	String decodedPassword = secret;
+    	try {
+	    	byte[] kbytes = "jaas is the way".getBytes();
+	    	SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
+	
+	    	BigInteger n = new BigInteger(secret, 16);
+	    	byte[] encoding = n.toByteArray();
+	
+	    	//SECURITY-344: fix leading zeros
+	    	if (encoding.length % 8 != 0)
+	    	{
+	    		int length = encoding.length;
+	    		int newLength = ((length / 8) + 1) * 8;
+	    		int pad = newLength - length; //number of leading zeros
+	    		byte[] old = encoding;
+	    		encoding = new byte[newLength];
+	    		for (int i = old.length - 1; i >= 0; i--)
+	    		{
+	    			encoding[i + pad] = old[i];
+	    		}
+	    	}
+	
+	    	Cipher cipher = Cipher.getInstance("Blowfish");
+	    	cipher.init(Cipher.DECRYPT_MODE, key);
+	    	byte[] decode = cipher.doFinal(encoding);
+	    	decodedPassword =  new String(decode);
+    	} catch (Exception e) {
+    		log.error(e.getMessage(),e);
+    	}
+    	return decodedPassword;
+    }
 
 }
\ No newline at end of file

Modified: labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/webapp/WEB-INF/components.xml
===================================================================
--- labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/webapp/WEB-INF/components.xml	2010-11-11 21:22:38 UTC (rev 35953)
+++ labs/jbossrules/soa_branches/BRMS-5.1.x/drools-guvnor/src/main/webapp/WEB-INF/components.xml	2010-11-11 21:58:08 UTC (rev 35954)
@@ -16,42 +16,24 @@
 	<component name="repositoryConfiguration">
 
 		<!-- JackRabbit  -->
+		
 		<property name="properties">
-			<key>org.drools.repository.configurator</key>
-			<value>org.drools.repository.jackrabbit.JackrabbitRepositoryConfigurator</value>
+			<key>org.drools.repository.configurator</key><value>org.drools.repository.jackrabbit.JackrabbitRepositoryConfigurator</value>
+		    <!--  the root directory for the repo storage the directory must exist. -->
+		    <!--  <key>repository.root.directory</key><value>/opt/yourpath</value>  -->
 		</property>
-		<!--
-			*** This is for configuring the root directory for the repo storage.
-			the directory must exist. *** 
-			<property name="properties">
-				<key>repository.root.directory</key>
-				<value>/opt/yourpath</value>
-			</property>
-		-->
 
 		<!-- ModeShape 
-			<property name="properties">
-				<key>org.drools.repository.configurator</key>
-				<value>org.drools.repository.modeshape.ModeShapeRepositoryConfigurator</value>
-			</property>
-			<property name="properties">
-				<key>org.modeshape.jcr.URL</key>
-				<value>jndi:jcr/local?repositoryName=brms</value>
-			</property> 
-		-->
-		<!-- passwords for the background users (admin and mailman), these need to match the setting
+		    passwords for the background users (admin and mailman), these need to match the setting
 			you provided for JAAS (used by ModeShape only). 
-		-->
-		<!--
 			<property name="properties">
-				<key>org.drools.repository.admin.password</key>
-				<value>admin</value>
-			</property>
-			<property name="properties">
-				<key>org.drools.repository.mailman.password</key>
-				<value>mailman</value>
-			</property>
-		-->
+				<key>org.drools.repository.configurator</key>    <value>org.drools.repository.modeshape.ModeShapeRepositoryConfigurator</value>
+				<key>org.modeshape.jcr.URL</key>                 <value>jndi:jcr/local?repositoryName=brms</value>
+				<key>org.drools.repository.secure.passwords</key><value>true</value>
+				<key>org.drools.repository.admin.password</key>  <value>-baefe5e824a431d</value>
+                <key>org.drools.repository.mailman.password</key><value>-7bc1329227603ba5</value>	
+			</property> 
+			-->
 		
 	</component>

More information about the jboss-svn-commits mailing list