mirror of https://github.com/apache/activemq.git
Implements AMQ-5123: Optionally support encrypted passwords in ActiveMQ users.properties file.
This commit is contained in:
Hiram Chirino
parent
bc470202da
commit
5da7ab3c0e
|
|
@ -27,7 +27,8 @@ public class DecryptCommand extends EncryptCommand {
|
|||
"Description: Decrypts given text.",
|
||||
"",
|
||||
"Encrypt Options:",
|
||||
" --password <password> Password to be used by the encryptor.",
|
||||
" --password <password> Password to be used by the encryptor. Defaults to",
|
||||
" the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
|
||||
" --input <input> Text to be encrypted.",
|
||||
" --version Display the version information.",
|
||||
" -h,-?,--help Display the stop broker help information.",
|
||||
|
|
@ -46,6 +47,9 @@ public class DecryptCommand extends EncryptCommand {
|
|||
|
||||
@Override
|
||||
protected void runTask(List<String> tokens) throws Exception {
|
||||
if( password == null ) {
|
||||
password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD");
|
||||
}
|
||||
if (password == null || input == null) {
|
||||
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -27,7 +27,8 @@ public class EncryptCommand extends AbstractCommand {
|
|||
"Description: Encrypts given text.",
|
||||
"",
|
||||
"Encrypt Options:",
|
||||
" --password <password> Password to be used by the encryptor.",
|
||||
" --password <password> Password to be used by the encryptor. Defaults to",
|
||||
" the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
|
||||
" --input <input> Text to be encrypted.",
|
||||
" --version Display the version information.",
|
||||
" -h,-?,--help Display the stop broker help information.",
|
||||
|
|
@ -55,6 +56,9 @@ public class EncryptCommand extends AbstractCommand {
|
|||
|
||||
@Override
|
||||
protected void runTask(List<String> tokens) throws Exception {
|
||||
if( password == null ) {
|
||||
password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD");
|
||||
}
|
||||
if (password == null || input == null) {
|
||||
context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -157,9 +157,20 @@ public class ShellCommand extends AbstractCommand {
|
|||
|
||||
ArrayList<Command> getCommands() {
|
||||
ServiceLoader<Command> loader = ServiceLoader.load(Command.class);
|
||||
Iterator<Command> iterator = loader.iterator();
|
||||
ArrayList<Command> rc = new ArrayList<Command>();
|
||||
for( Command command: loader ) {
|
||||
rc.add(command);
|
||||
boolean done = false;
|
||||
while (!done) {
|
||||
try {
|
||||
if( iterator.hasNext() ) {
|
||||
rc.add(iterator.next());
|
||||
} else {
|
||||
done = true;
|
||||
}
|
||||
} catch (ServiceConfigurationError e) {
|
||||
// it's ok, some commands may not load if their dependencies
|
||||
// are not available.
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -105,5 +105,10 @@
|
|||
<artifactId>slf4j-log4j12</artifactId>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.jasypt</groupId>
|
||||
<artifactId>jasypt</artifactId>
|
||||
<optional>true</optional>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
</project>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,52 @@
|
|||
/**
|
||||
* Licensed to the Apache Software Foundation (ASF) under one or more
|
||||
* contributor license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright ownership.
|
||||
* The ASF licenses this file to You under the Apache License, Version 2.0
|
||||
* (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.apache.activemq.jaas;
|
||||
|
||||
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
|
||||
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
|
||||
import org.jasypt.properties.PropertyValueEncryptionUtils;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* Holds utility methods used work with encrypted values.
|
||||
*/
|
||||
public class EncryptionSupport {
|
||||
|
||||
static public void decrypt(Properties props) {
|
||||
StandardPBEStringEncryptor encryptor = createEncryptor();
|
||||
for (Object k : new ArrayList(props.keySet())) {
|
||||
String key = (String) k;
|
||||
String value = props.getProperty(key);
|
||||
if (PropertyValueEncryptionUtils.isEncryptedValue(value)) {
|
||||
value = PropertyValueEncryptionUtils.decrypt(value, encryptor);
|
||||
props.setProperty(key, value);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
public static StandardPBEStringEncryptor createEncryptor() {
|
||||
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
|
||||
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
|
||||
config.setAlgorithm("PBEWithMD5AndDES");
|
||||
config.setPasswordEnvName("ACTIVEMQ_ENCRYPTION_PASSWORD");
|
||||
encryptor.setConfig(config);
|
||||
return encryptor;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -64,4 +64,8 @@ class PrincipalProperties {
|
|||
in.close();
|
||||
}
|
||||
}
|
||||
|
||||
Properties getPrincipals() {
|
||||
return principals;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue