/** * Wraps a preferences object in this instance. * * @param prefs the configuration preferences * * @throws IllegalArgumentException if props is <code>null</code> */ public ServerConfiguration(Preferences prefs) { if (prefs == null) { throw new IllegalArgumentException("prefs=null"); } m_preferences = new ObfuscatedPreferences(prefs, ServerConfigurationConstants.class); }
@Override public String get(String key, String def) { String value = actualPreferences.get(key, null); if (value == null) { return def; } if (restrictedPreferences.contains(key) || userRestrictedPreferences.contains(key)) { try { if (RestrictedFormat.isRestrictedFormat(value)) { value = RestrictedFormat.retrieveValue(value); return PicketBoxObfuscator.decode(value); } else { throw new Exception("Value not in a restricted format"); } } catch (Exception ex) { this.put(key, value); return value; } } else { return value; } }
private String replaceEncodedPassword(String step) { int firstQuoteIndex = step.indexOf("'"); int lastQuoteIndex = step.lastIndexOf("'"); String encodedPassword = step.substring(++firstQuoteIndex, lastQuoteIndex); String decodedPassword = PicketBoxObfuscator.decode(encodedPassword); String decodedStep = step.replace(encodedPassword, decodedPassword); return decodedStep; }
if (restrictedPreferences.contains(key) || userRestrictedPreferences.contains(key)) { try { if (RestrictedFormat.isRestrictedFormat(value)) { value = RestrictedFormat.retrieveValue(value); value = PicketBoxObfuscator.decode(value); } else { throw new Exception("Value not in a retricted format"); value = PicketBoxObfuscator.decode(value); } catch (Exception e2) { value = PicketBoxObfuscator.encode(value); } catch (Exception ex2) { actualPreferences.put(key, RestrictedFormat.formatValue(value)); } else { if (RestrictedFormat.isRestrictedFormat(value)) { userRestrictedPreferences.add(key); value = RestrictedFormat.retrieveValue(value); PicketBoxObfuscator.decode(value); } catch (Exception e) { value = PicketBoxObfuscator.encode(value); actualPreferences.put(key, RestrictedFormat.formatValue(value)); } else { actualPreferences.put(key, value);
if (isRestricted) { String actualSystemPropertyValue = systemPropertyValue; if (RestrictedFormat.isRestrictedFormat(actualSystemPropertyValue)) { actualSystemPropertyValue = RestrictedFormat.retrieveValue(actualSystemPropertyValue); result = PicketBoxObfuscator.decode(actualSystemPropertyValue).toCharArray(); } catch (Exception e) { if (isRestricted) { try { result = PicketBoxObfuscator.decode(new String(defaultValue)).toCharArray(); } catch (Exception e) {
/** * Obfuscate the value right before it gets pushed down to the database. */ protected String obfuscate(String value) { try { return value == null ? null : Obfuscator.encode(value); } catch (Exception e) { LOG.error("Failed to obfuscate property value: [" + value + "]", e); throw new IllegalArgumentException("Failed to obfuscate property value: [" + value + "]", e); } }
protected String deobfuscate(String value) { try { return value == null ? null : Obfuscator.decode(value); } catch (NumberFormatException nfe) {//detect unobfuscated properties from before patch //Assuming that this was in incorrect state from BZ840512 //logging that we found an unobfuscated value and if it's not part of patch/upgrade contact administrator LOG.error("Failed to deobfuscate property value: [" + value + "]. If this is not part of a patch/upgrade " + "then you should contact System Administrator to have the property details reset."); //Returning plain value to prevent Content Source load failure. On save should be correctly obfuscated return value; } catch (Exception e) { LOG.error("Failed to deobfuscate property value: [" + value + "]", e); throw new IllegalArgumentException("Failed to deobfuscate property value: [" + value + "]", e); } }
return oldValue; } else { return PicketBoxObfuscator.encode(newValue);
@SuppressWarnings("rawtypes") public ObfuscatedPreferences(Preferences actualPreferences, Class classz) { this.actualPreferences = actualPreferences; for (Field field : classz.getFields()) { Restricted restricted = field.getAnnotation(Restricted.class); if (restricted != null) { try { String restrictedProperty = field.get(classz).toString(); restrictedPreferences.add(restrictedProperty); this.get(restrictedProperty, null); } catch (Exception e) { //nothing to do, the field is just not accesible } } } try{ for (String key : actualPreferences.keys()) { if (!restrictedPreferences.contains(key)) { String storedValue = actualPreferences.get(key, null); if (storedValue != null && RestrictedFormat.isRestrictedFormat(storedValue)) { userRestrictedPreferences.add(key); } } } } catch (Exception e) { //nothing to do since this was just an exploration to see if the //user requested any other properties to be restricted } }
@Restricted String CLIENT_SENDER_SECURITY_KEYSTORE_PASSWORD = PROPERTY_NAME_PREFIX + "client.security.keystore.password"; @Restricted String CLIENT_SENDER_SECURITY_KEYSTORE_KEY_PASSWORD = PROPERTY_NAME_PREFIX + "client.security.keystore.key-password"; @Restricted String CLIENT_SENDER_SECURITY_TRUSTSTORE_PASSWORD = PROPERTY_NAME_PREFIX + "client.security.truststore.password"; @Restricted String COMMUNICATIONS_CONNECTOR_SECURITY_KEYSTORE_KEY_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.keystore.key-password"; @Restricted String COMMUNICATIONS_CONNECTOR_SECURITY_KEYSTORE_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.keystore.password"; @Restricted String COMMUNICATIONS_CONNECTOR_SECURITY_TRUSTSTORE_PASSWORD = COMMUNICATIONS_PROPERTY_NAME_PREFIX + "connector.security.truststore.password"; @Restricted String TOMCAT_SECURITY_KEYSTORE_PASSWORD = "rhq.server.tomcat.security.keystore.password"; @Restricted String TOMCAT_SECURITY_KEYSTORE_KEY_PASSWORD = "rhq.server.tomcat.security.keystore.key-password"; @Restricted String TOMCAT_SECURITY_TRUSTSTORE_PASSWORD = "rhq.server.tomcat.security.truststore.password";
/** * Retrieves the actual value from a restricted format string. * * @param value * @return */ public static String retrieveValue(String value) { if (!isRestrictedFormat(value)) { return null; } StringTokenizer tokenizer = new StringTokenizer(value, "::"); if (!tokenizer.hasMoreTokens()) { return null; } tokenizer.nextToken(); if (tokenizer.hasMoreTokens()) { return tokenizer.nextToken(); } return null; }
/** * @see Cluster.Builder#withCredentials(String, String) */ public ClusterBuilder withCredentialsObfuscated(String username, String obfuscatedPassword) { builder.withCredentials(username, PicketBoxObfuscator.decode(obfuscatedPassword)); return this; }
@Override public void execute(DatabaseType type, Connection connection) throws SQLException { String sql = "SELECT id, string_value FROM rhq_config_property WHERE dtype = 'obfuscated'"; List<Object[]> results = type.executeSelectSql(connection, sql); for(Object[] row : results) { String value = (String) row[1]; //try to decode the value try { Obfuscator.decode(value); } catch (Exception e) { int id = ((Number) row[0]).intValue(); type.executeSql(connection, "UPDATE rhq_config_property SET string_value = NULL WHERE id = " + id); } } } }
@Override public void deobfuscate(SystemSettings systemSettings) { for (Map.Entry<SystemSetting, String> entry : systemSettings.entrySet()) { String value = entry.getValue(); if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) { entry.setValue(PicketBoxObfuscator.decode(value)); } } }
private Map<String, String> getLdapOptions(Properties conf) throws Exception { Map<String, String> configOptions = new HashMap<String, String>(); configOptions.put(Context.INITIAL_CONTEXT_FACTORY, conf.getProperty(RHQConstants.LDAPFactory)); configOptions.put(Context.PROVIDER_URL, conf.getProperty(RHQConstants.LDAPUrl)); String value = conf.getProperty(SystemSetting.USE_SSL_FOR_LDAP.getInternalName()); boolean ldapSsl = "ssl".equalsIgnoreCase(value); configOptions.put(Context.SECURITY_PROTOCOL, (ldapSsl) ? "ssl" : null); configOptions.put("LoginProperty", conf.getProperty(RHQConstants.LDAPLoginProperty)); configOptions.put("Filter", conf.getProperty(RHQConstants.LDAPFilter)); configOptions.put("GroupFilter", conf.getProperty(RHQConstants.LDAPGroupFilter)); configOptions.put("GroupMemberFilter", conf.getProperty(RHQConstants.LDAPGroupMember)); configOptions.put("BaseDN", conf.getProperty(RHQConstants.LDAPBaseDN)); configOptions.put("BindDN", conf.getProperty(RHQConstants.LDAPBindDN)); configOptions.put("BindPW", Obfuscator.encode(conf.getProperty(RHQConstants.LDAPBindPW))); boolean followReferralsBoolean = Boolean.valueOf(conf.getProperty(SystemSetting.LDAP_FOLLOW_REFERRALS.getInternalName(), "false")); configOptions.put(Context.REFERRAL, followReferralsBoolean ? "follow" : "ignore"); return configOptions; }
private void deobfuscateAgentInstall(AgentInstall ai) { try { String pw = ai.getSshPassword(); if (pw != null && pw.length() > 0) { ai.setSshPassword(Obfuscator.decode(pw)); } } catch (Exception e) { ai.setSshPassword(""); LOG.debug("Failed to deobfuscate password for agent [" + ai.getAgentName() + "]. Will be emptied."); } }
return PicketBoxObfuscator.decode(value); } else { return value == null ? "" : value;
private void obfuscateAgentInstall(AgentInstall ai) { try { String pw = ai.getSshPassword(); if (pw != null && pw.length() > 0) { ai.setSshPassword(Obfuscator.encode(pw)); } } catch (Exception e) { ai.setSshPassword(""); LOG.debug("Failed to obfuscate password for agent [" + ai.getAgentName() + "]. Will be emptied."); } }
private void processProperty(PropertyDefinition pd, Property p) throws Exception { switch (pd.type) { case LIST: case MAP: List<PropertyDefinition> childDefs = pd.getChildDefinitions(); List<Property> childProps = p.getChildren(); Map<PropertyDefinition, Property> pairs = matchDefinitionsAndProperties(childDefs, childProps); for (Map.Entry<PropertyDefinition, Property> entry : pairs.entrySet()) { processProperty(entry.getKey(), entry.getValue()); } break; case SIMPLE: if (pd.simpleType == PropertySimpleType.PASSWORD && p.type == PropertyType.SIMPLE) { String sql; if (p.value != null) { String obfuscatedValue = Obfuscator.encode(p.value); sql = "UPDATE rhq_config_property SET string_value = '" + obfuscatedValue + "', dtype = 'obfuscated' WHERE id = " + p.id; } else { sql = "UPDATE rhq_config_property SET dtype='obfuscated' WHERE id = " + p.id; } databaseType.executeSql(connection, sql); } break; } }