How to use org.rhq.core.util.obfuscation

/**
 * Wraps a preferences object in this instance.
 *
 * @param  prefs the configuration preferences
 *
 * @throws IllegalArgumentException if props is <code>null</code>
 */
public ServerConfiguration(Preferences prefs) {
  if (prefs == null) {
    throw new IllegalArgumentException("prefs=null");
  }
  m_preferences = new ObfuscatedPreferences(prefs, ServerConfigurationConstants.class);
}

@Override
public String get(String key, String def) {
  String value = actualPreferences.get(key, null);
  if (value == null) {
    return def;
  }
  if (restrictedPreferences.contains(key) || userRestrictedPreferences.contains(key)) {
    try {
      if (RestrictedFormat.isRestrictedFormat(value)) {
        value = RestrictedFormat.retrieveValue(value);
        return PicketBoxObfuscator.decode(value);
      } else {
        throw new Exception("Value not in a restricted format");
      }
    } catch (Exception ex) {
      this.put(key, value);
      return value;
    }
  } else {
    return value;
  }
}

private String replaceEncodedPassword(String step) {
  int firstQuoteIndex = step.indexOf("'");
  int lastQuoteIndex = step.lastIndexOf("'");
  String encodedPassword = step.substring(++firstQuoteIndex, lastQuoteIndex);
  String decodedPassword = PicketBoxObfuscator.decode(encodedPassword);
  String decodedStep = step.replace(encodedPassword, decodedPassword);
  return decodedStep;
}

if (restrictedPreferences.contains(key) || userRestrictedPreferences.contains(key)) {
  try {
    if (RestrictedFormat.isRestrictedFormat(value)) {
      value = RestrictedFormat.retrieveValue(value);
      value = PicketBoxObfuscator.decode(value);
    } else {
      throw new Exception("Value not in a retricted format");
      value = PicketBoxObfuscator.decode(value);
    } catch (Exception e2) {
    value = PicketBoxObfuscator.encode(value);
  } catch (Exception ex2) {
  actualPreferences.put(key, RestrictedFormat.formatValue(value));
} else {
  if (RestrictedFormat.isRestrictedFormat(value)) {
    userRestrictedPreferences.add(key);
    value = RestrictedFormat.retrieveValue(value);
      PicketBoxObfuscator.decode(value);
    } catch (Exception e) {
      value = PicketBoxObfuscator.encode(value);
    actualPreferences.put(key, RestrictedFormat.formatValue(value));
  } else {
    actualPreferences.put(key, value);

if (isRestricted) {
  String actualSystemPropertyValue = systemPropertyValue;
  if (RestrictedFormat.isRestrictedFormat(actualSystemPropertyValue)) {
    actualSystemPropertyValue = RestrictedFormat.retrieveValue(actualSystemPropertyValue);
    result = PicketBoxObfuscator.decode(actualSystemPropertyValue).toCharArray();
  } catch (Exception e) {
if (isRestricted) {
  try {
    result = PicketBoxObfuscator.decode(new String(defaultValue)).toCharArray();
  } catch (Exception e) {

/**
 * Obfuscate the value right before it gets pushed down to the database.
 */
protected String obfuscate(String value) {
  try {
    return value == null ? null : Obfuscator.encode(value);
  } catch (Exception e) {
    LOG.error("Failed to obfuscate property value: [" + value + "]", e);
    throw new IllegalArgumentException("Failed to obfuscate property value: [" + value + "]", e);
  }
}

protected String deobfuscate(String value) {
  try {
    return value == null ? null : Obfuscator.decode(value);
  } catch (NumberFormatException nfe) {//detect unobfuscated properties from before patch
    //Assuming that this was in incorrect state from BZ840512
    //logging that we found an unobfuscated value and if it's not part of patch/upgrade contact administrator
    LOG.error("Failed to deobfuscate property value: [" + value + "]. If this is not part of a patch/upgrade "
      + "then you should contact System Administrator to have the property details reset.");
    //Returning plain value to prevent Content Source load failure. On save should be correctly obfuscated
    return value;
  } catch (Exception e) {
    LOG.error("Failed to deobfuscate property value: [" + value + "]", e);
    throw new IllegalArgumentException("Failed to deobfuscate property value: [" + value + "]", e);
  }
}

  return oldValue;
} else {
  return PicketBoxObfuscator.encode(newValue);

@SuppressWarnings("rawtypes")
public ObfuscatedPreferences(Preferences actualPreferences, Class classz) {
  this.actualPreferences = actualPreferences;
  for (Field field : classz.getFields()) {
    Restricted restricted = field.getAnnotation(Restricted.class);
    if (restricted != null) {
      try {
        String restrictedProperty = field.get(classz).toString();
        restrictedPreferences.add(restrictedProperty);
        this.get(restrictedProperty, null);
      } catch (Exception e) {
        //nothing to do, the field is just not accesible
      }
    }
  }
  try{
    for (String key : actualPreferences.keys()) {
      if (!restrictedPreferences.contains(key)) {
        String storedValue = actualPreferences.get(key, null);
        if (storedValue != null && RestrictedFormat.isRestrictedFormat(storedValue)) {
          userRestrictedPreferences.add(key);
        }
      }
    }
  } catch (Exception e) {
    //nothing to do since this was just an exploration to see if the
    //user requested any other properties to be restricted
  }
}

@Restricted
String CLIENT_SENDER_SECURITY_KEYSTORE_PASSWORD = PROPERTY_NAME_PREFIX + "client.security.keystore.password";
@Restricted
String CLIENT_SENDER_SECURITY_KEYSTORE_KEY_PASSWORD = PROPERTY_NAME_PREFIX
  + "client.security.keystore.key-password";
@Restricted
String CLIENT_SENDER_SECURITY_TRUSTSTORE_PASSWORD = PROPERTY_NAME_PREFIX + "client.security.truststore.password";
@Restricted
String COMMUNICATIONS_CONNECTOR_SECURITY_KEYSTORE_KEY_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.keystore.key-password";
@Restricted
String COMMUNICATIONS_CONNECTOR_SECURITY_KEYSTORE_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.keystore.password";
@Restricted
String COMMUNICATIONS_CONNECTOR_SECURITY_TRUSTSTORE_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.truststore.password";
@Restricted
String TOMCAT_SECURITY_KEYSTORE_PASSWORD = "rhq.server.tomcat.security.keystore.password";
@Restricted
String TOMCAT_SECURITY_KEYSTORE_KEY_PASSWORD = "rhq.server.tomcat.security.keystore.key-password";
@Restricted
String TOMCAT_SECURITY_TRUSTSTORE_PASSWORD = "rhq.server.tomcat.security.truststore.password";

/**
 * Retrieves the actual value from a restricted format string.
 *
 * @param value
 * @return
 */
public static String retrieveValue(String value) {
  if (!isRestrictedFormat(value)) {
    return null;
  }
  StringTokenizer tokenizer = new StringTokenizer(value, "::");
  if (!tokenizer.hasMoreTokens()) {
    return null;
  }
  tokenizer.nextToken();
  if (tokenizer.hasMoreTokens()) {
    return tokenizer.nextToken();
  }
  return null;
}

/**
 * @see Cluster.Builder#withCredentials(String, String)
 */
public ClusterBuilder withCredentialsObfuscated(String username, String obfuscatedPassword) {
  builder.withCredentials(username, PicketBoxObfuscator.decode(obfuscatedPassword));
  return this;
}

try {
  if (value != null) {
    value = Obfuscator.encode(value);
    sql += "property_value = '" + value + "'";
    defaultValue = Obfuscator.encode(defaultValue);

  @Override
  public void execute(DatabaseType type, Connection connection) throws SQLException {
    String sql = "SELECT id, string_value FROM rhq_config_property WHERE dtype = 'obfuscated'";

    List<Object[]> results = type.executeSelectSql(connection, sql);

    for(Object[] row : results) {
      String value = (String) row[1];

      //try to decode the value
      try {
        Obfuscator.decode(value);
      } catch (Exception e) {
        int id = ((Number) row[0]).intValue();

        type.executeSql(connection, "UPDATE rhq_config_property SET string_value = NULL WHERE id = " + id);
      }
    }
  }
}

@Override
public void deobfuscate(SystemSettings systemSettings) {
  for (Map.Entry<SystemSetting, String> entry : systemSettings.entrySet()) {
    String value = entry.getValue();
    if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) {
      entry.setValue(PicketBoxObfuscator.decode(value));
    }
  }
}

private Map<String, String> getLdapOptions(Properties conf) throws Exception {
  Map<String, String> configOptions = new HashMap<String, String>();
  configOptions.put(Context.INITIAL_CONTEXT_FACTORY, conf.getProperty(RHQConstants.LDAPFactory));
  configOptions.put(Context.PROVIDER_URL, conf.getProperty(RHQConstants.LDAPUrl));
  String value = conf.getProperty(SystemSetting.USE_SSL_FOR_LDAP.getInternalName());
  boolean ldapSsl = "ssl".equalsIgnoreCase(value);
  configOptions.put(Context.SECURITY_PROTOCOL, (ldapSsl) ? "ssl" : null);
  configOptions.put("LoginProperty", conf.getProperty(RHQConstants.LDAPLoginProperty));
  configOptions.put("Filter", conf.getProperty(RHQConstants.LDAPFilter));
  configOptions.put("GroupFilter", conf.getProperty(RHQConstants.LDAPGroupFilter));
  configOptions.put("GroupMemberFilter", conf.getProperty(RHQConstants.LDAPGroupMember));
  configOptions.put("BaseDN", conf.getProperty(RHQConstants.LDAPBaseDN));
  configOptions.put("BindDN", conf.getProperty(RHQConstants.LDAPBindDN));
  configOptions.put("BindPW", Obfuscator.encode(conf.getProperty(RHQConstants.LDAPBindPW)));
  boolean followReferralsBoolean = Boolean.valueOf(conf.getProperty(SystemSetting.LDAP_FOLLOW_REFERRALS.getInternalName(),
    "false"));
  configOptions.put(Context.REFERRAL, followReferralsBoolean ? "follow" : "ignore");
  return configOptions;
}

private void deobfuscateAgentInstall(AgentInstall ai) {
  try {
    String pw = ai.getSshPassword();
    if (pw != null && pw.length() > 0) {
      ai.setSshPassword(Obfuscator.decode(pw));
    }
  } catch (Exception e) {
    ai.setSshPassword("");
    LOG.debug("Failed to deobfuscate password for agent [" + ai.getAgentName() + "]. Will be emptied.");
  }
}

  return PicketBoxObfuscator.decode(value);
} else {
  return value == null ? "" : value;

private void obfuscateAgentInstall(AgentInstall ai) {
  try {
    String pw = ai.getSshPassword();
    if (pw != null && pw.length() > 0) {
      ai.setSshPassword(Obfuscator.encode(pw));
    }
  } catch (Exception e) {
    ai.setSshPassword("");
    LOG.debug("Failed to obfuscate password for agent [" + ai.getAgentName() + "]. Will be emptied.");
  }
}

private void processProperty(PropertyDefinition pd, Property p) throws Exception {
  switch (pd.type) {
  case LIST:
  case MAP:
    List<PropertyDefinition> childDefs = pd.getChildDefinitions();
    List<Property> childProps = p.getChildren();
    Map<PropertyDefinition, Property> pairs = matchDefinitionsAndProperties(childDefs, childProps);
    for (Map.Entry<PropertyDefinition, Property> entry : pairs.entrySet()) {
      processProperty(entry.getKey(), entry.getValue());
    }
    break;
  case SIMPLE:
    if (pd.simpleType == PropertySimpleType.PASSWORD && p.type == PropertyType.SIMPLE) {
      String sql;
      if (p.value != null) {
        String obfuscatedValue = Obfuscator.encode(p.value);
        sql =
          "UPDATE rhq_config_property SET string_value = '" + obfuscatedValue
            + "', dtype = 'obfuscated' WHERE id = " + p.id;
      } else {
        sql = "UPDATE rhq_config_property SET dtype='obfuscated' WHERE id = " + p.id;
      }
      
      databaseType.executeSql(connection, sql);
    }
    break;
  }
}