Implements AMQ-5123: Optionally support encrypted passwords in ActiveMQ users.properties file.

activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java

@@ -27,7 +27,8 @@ public class DecryptCommand extends EncryptCommand {
             "Description: Decrypts given text.",
             "", 
             "Encrypt Options:",
-            "    --password <password>      Password to be used by the encryptor.",
+            "    --password <password>      Password to be used by the encryptor.  Defaults to",
+            "                               the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
             "    --input <input>            Text to be encrypted.",
             "    --version                  Display the version information.",
             "    -h,-?,--help               Display the stop broker help information.",
@@ -46,6 +47,9 @@ public class DecryptCommand extends EncryptCommand {
 
     @Override
     protected void runTask(List<String> tokens) throws Exception {
+        if( password == null ) {
+            password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD");
+        }
         if (password == null || input == null) {
             context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
             return;

activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java

@@ -27,7 +27,8 @@ public class EncryptCommand extends AbstractCommand {
             "Description: Encrypts given text.",
             "", 
             "Encrypt Options:",
-            "    --password <password>      Password to be used by the encryptor.",
+            "    --password <password>      Password to be used by the encryptor.  Defaults to",
+            "                               the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
             "    --input <input>            Text to be encrypted.",
             "    --version                  Display the version information.",
             "    -h,-?,--help               Display the stop broker help information.",
@@ -55,6 +56,9 @@ public class EncryptCommand extends AbstractCommand {
 
     @Override
     protected void runTask(List<String> tokens) throws Exception {
+        if( password == null ) {
+            password = System.getenv("ACTIVEMQ_ENCRYPTION_PASSWORD");
+        }
         if (password == null || input == null) {
             context.printException(new IllegalArgumentException("input and password parameters are mandatory"));
             return;

activemq-console/src/main/java/org/apache/activemq/console/command/ShellCommand.java

@@ -157,9 +157,20 @@ public class ShellCommand extends AbstractCommand {
 
     ArrayList<Command> getCommands() {
         ServiceLoader<Command> loader = ServiceLoader.load(Command.class);
+        Iterator<Command> iterator = loader.iterator();
         ArrayList<Command> rc = new ArrayList<Command>();
-        for( Command command: loader ) {
+        boolean done = false;
-            rc.add(command);
+        while (!done) {
+            try {
+                if( iterator.hasNext() ) {
+                    rc.add(iterator.next());
+                } else {
+                    done = true;
+                }
+            } catch (ServiceConfigurationError e) {
+                // it's ok, some commands may not load if their dependencies
+                // are not available.
+            }
         }
         return rc;
     }

activemq-jaas/pom.xml

@@ -105,5 +105,10 @@
       <artifactId>slf4j-log4j12</artifactId>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.jasypt</groupId>
+      <artifactId>jasypt</artifactId>
+      <optional>true</optional>
+    </dependency>
   </dependencies>
 </project>

activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java

@@ -0,0 +1,52 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.jaas;
+
+import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
+import org.jasypt.properties.PropertyValueEncryptionUtils;
+
+import java.util.ArrayList;
+import java.util.Properties;
+
+/**
+ * Holds utility methods used work with encrypted values.
+ */
+public class EncryptionSupport {
+
+    static public void decrypt(Properties props) {
+        StandardPBEStringEncryptor encryptor = createEncryptor();
+        for (Object k : new ArrayList(props.keySet())) {
+            String key = (String) k;
+            String value = props.getProperty(key);
+            if (PropertyValueEncryptionUtils.isEncryptedValue(value)) {
+                value = PropertyValueEncryptionUtils.decrypt(value, encryptor);
+                props.setProperty(key, value);
+            }
+        }
+
+    }
+    public static StandardPBEStringEncryptor createEncryptor() {
+        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
+        EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
+        config.setAlgorithm("PBEWithMD5AndDES");
+        config.setPasswordEnvName("ACTIVEMQ_ENCRYPTION_PASSWORD");
+        encryptor.setConfig(config);
+        return encryptor;
+    }
+
+}

activemq-jaas/src/main/java/org/apache/activemq/jaas/PrincipalProperties.java

@@ -64,4 +64,8 @@ class PrincipalProperties {
             in.close();
         }
     }
+
+    Properties getPrincipals() {
+        return principals;
+    }
 }