/** Decrypts a previously encrypted value. */ public String decode(String value) { return decode(value, securityManager.loadPasswordEncoders(null, true, null)); }
@Override public String toString(Object obj) { if (obj == null) { return null; } if (encryptPasswordFields) { GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr != null) { return secMgr.getConfigPasswordEncryptionHelper().encode((String) obj); } } return obj.toString(); } }
factory = getCatalog().getResourcePool().getDataStoreFactory((DataStoreInfo) info); } catch (IOException e) { LOGGER.log(
/** Decrypts previously encrypted store connection parameters. */ public void decode(StoreInfo info) { List<GeoServerPasswordEncoder> encoders = securityManager.loadPasswordEncoders(null, true, null); Set<String> encryptedFields = getEncryptedFields(info); if (info.getConnectionParameters() != null) { for (String key : info.getConnectionParameters().keySet()) { if (encryptedFields.contains(key)) { String value = (String) info.getConnectionParameters().get(key); if (value != null) { info.getConnectionParameters().put(key, decode(value, encoders)); } } } } }
@Override protected void doMarshal( Object source, HierarchicalStreamWriter writer, MarshallingContext context) { GeoServerSecurityManager secMgr = encryptPasswordFields ? getSecurityManager() : null; if (secMgr != null && secMgr.isInitialized()) { // set the hint for the map converter as to which fields to encode in the connection // parameter of this store context.put( BreifMapConverter.ENCRYPTED_FIELDS_KEY, secMgr.getConfigPasswordEncryptionHelper() .getEncryptedFields((StoreInfo) source)); } super.doMarshal(source, writer, context); }
public GeoServerSecurityManager(GeoServerDataDirectory dataDir) throws Exception { this.dataDir = dataDir; /* * JD we have to ensure that the master password is initialized first thing, before the * catalog since we need to decrypt configuration the passwords, the rest of the security * initializes occurs at the end of startup */ Resource masterpw = security().get(MASTER_PASSWD_CONFIG_FILENAME); if (masterpw.getType() == Type.RESOURCE) { init(loadMasterPasswordConfig()); } // if it doesn't exist this must be a migration startup... and this case should be // handled during migration where all the datastore passwords are processed // explicitly configPasswordEncryptionHelper = new ConfigurationPasswordEncryptionHelper(this); }
List<StoreInfo> stores = catalog.getStores(StoreInfo.class); for (StoreInfo info : stores) { if (!configPasswordEncryptionHelper.getEncryptedFields(info).isEmpty()) { catalog.save(info);
@Override public Object fromString(String str) { GeoServerSecurityManager manager = GeoServerExtensions.bean(GeoServerSecurityManager.class); return manager.getConfigPasswordEncryptionHelper().decode(str); } };
@Override public String toString(Object obj) { String source = obj == null ? "" : (String) obj; GeoServerSecurityManager manager = GeoServerExtensions.bean(GeoServerSecurityManager.class); return manager.getConfigPasswordEncryptionHelper().encode(source); };
@Override public Object fromString(String str) { if (str == null) { return null; } if (encryptPasswordFields) { GeoServerSecurityManager secMgr = getSecurityManager(); if (secMgr != null) { return secMgr.getConfigPasswordEncryptionHelper().decode(str); } } return str; }
str = secMgr.getConfigPasswordEncryptionHelper().encode(str);
secMgr.getConfigPasswordEncryptionHelper().decode(store);
@Override public String toString(Object obj) { return securityManager.getConfigPasswordEncryptionHelper().encode((String) obj); }
@Override public Object fromString(String str) { return securityManager.getConfigPasswordEncryptionHelper().decode(str); }
/** * Encrypts the connection pool password, if not null, using the GeoServer password encoders. * * @param configuration A deep copy ofthe configuration, with the password encoded */ public JDBCConfiguration encryptPassword(JDBCConfiguration configuration) { ConnectionPoolConfiguration pool = configuration.getConnectionPool(); if (pool != null && pool.getPassword() != null) { String password = pool.getPassword(); String encoded = passwords.encode(password); configuration = cloneAndSetPassword(configuration, encoded); } return configuration; }
private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); GeoServerSecurityManager manager = GeoServerExtensions.bean(GeoServerSecurityManager.class); this.password = manager.getConfigPasswordEncryptionHelper().decode(this.password); } }
private void writeObject(ObjectOutputStream out) throws IOException { GeoServerSecurityManager manager = GeoServerExtensions.bean(GeoServerSecurityManager.class); RemoteData encrypted = new RemoteData(this); encrypted.setPassword(manager.getConfigPasswordEncryptionHelper().encode(password)); encrypted.defaultWriteObject(out); }
/** * If the connection pool password is encrypted, this method will un-encrypt it using the * GeoServer password encoders * * @param configuration A deep copy of the configuration with the unencrypted password, if the * password was encrypted, or the original one, if the password was plaintext */ public JDBCConfiguration unencryptPassword(JDBCConfiguration configuration) { if (configuration.getConnectionPool() != null && configuration.getConnectionPool().getPassword() != null) { String password = configuration.getConnectionPool().getPassword(); try { String decoded = passwords.decode(password); configuration = cloneAndSetPassword(configuration, decoded); } catch (EncryptionOperationNotPossibleException e) { // fine, it must have been a plain text password LOGGER.log( Level.FINE, "Unencrypting the password failed, assuming it is a plain text one", e); } } return configuration; }