/guvnor-webapp/src/main/java/org/drools/guvnor/server/repository/GuvnorBootstrapConfiguration.java

https://github.com/seaver31/guvnor · Java · 126 lines · 89 code · 21 blank · 16 comment · 9 complexity · 250a1537a054ccfd6cf820472fe147ec MD5 · raw file 

    

  1. /*
    2. 

  2.  * Copyright 2011 JBoss Inc
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.  * you may not use this file except in compliance with the License.
    6. 

  6.  * You may obtain a copy of the License at
    7. 

  7.  *
    8. 

  8.  *      http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9.  *
    10. 

  10.  * Unless required by applicable law or agreed to in writing, software
    11. 

  11.  * distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.  * See the License for the specific language governing permissions and
    14. 

  14.  * limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. package org.drools.guvnor.server.repository;
    18. 

  18. 

  19. import java.math.BigInteger;
    20. 

  20. import java.util.HashMap;
    21. 

  21. import java.util.Map;
    22. 

  22. import javax.crypto.Cipher;
    23. 

  23. import javax.crypto.spec.SecretKeySpec;
    24. 

  24. import javax.enterprise.context.ApplicationScoped;
    25. 

  25. 

  26. import org.slf4j.Logger;
    27. 

  27. import org.slf4j.LoggerFactory;
    28. 

  28. 

  29. @ApplicationScoped
    30. 

  30. public class GuvnorBootstrapConfiguration {
    31. 

  31. 

  32.     private static final String ADMIN_USERNAME_DEFAULT = "admin";
    33. 

  33.     private static final String ADMIN_USERNAME_PROPERTY = "org.drools.repository.admin.username";
    34. 

  34.     private static final String ADMIN_PASSWORD_DEFAULT = "password";
    35. 

  35.     private static final String ADMIN_PASSWORD_PROPERTY = "org.drools.repository.admin.password";
    36. 

  36. 

  37.     private static final String MAILMAN_USERNAME_DEFAULT = "mailman";
    38. 

  38.     private static final String MAILMAN_USERNAME_PROPERTY = "org.drools.repository.mailman.username";
    39. 

  39.     private static final String MAILMAN_PASSWORD_DEFAULT = "password";
    40. 

  40.     private static final String MAILMAN_PASSWORD_PROPERTY = "org.drools.repository.mailman.password";
    41. 

  41. 

  42.     private static final String SECURE_PASSWORDS_PROPERTY = "org.drools.repository.secure.passwords";
    43. 

  43. 

  44.     private transient final Logger log = LoggerFactory.getLogger(getClass());
    45. 

  45. 

  46.     private Map<String, String> properties = new HashMap<String, String>();
    47. 

  47. 

  48.     public Map<String, String> getProperties() {
    49. 

  49.         return properties;
    50. 

  50.     }
    51. 

  51. 

  52.     public void setProperties(Map<String, String> properties) {
    53. 

  53.         this.properties = properties;
    54. 

  54.     }
    55. 

  55. 

  56.     public String extractAdminUsername() {
    57. 

  57.         if (!properties.containsKey(ADMIN_USERNAME_PROPERTY)) {
    58. 

  58.             return ADMIN_USERNAME_DEFAULT;
    59. 

  59.         }
    60. 

  60.         return properties.get(ADMIN_USERNAME_PROPERTY);
    61. 

  61.     }
    62. 

  62. 

  63.     public String extractAdminPassword() {
    64. 

  64.         if (!properties.containsKey(ADMIN_PASSWORD_PROPERTY)) {
    65. 

  65.             log.debug("Could not find property " + ADMIN_PASSWORD_PROPERTY + " for user " + ADMIN_USERNAME_DEFAULT);
    66. 

  66.             return ADMIN_PASSWORD_DEFAULT;
    67. 

  67.         }
    68. 

  68.         String password = properties.get(ADMIN_PASSWORD_PROPERTY);
    69. 

  69.         if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
    70. 

  70.             password = decode(password);
    71. 

  71.         }
    72. 

  72.         return password;
    73. 

  73.     }
    74. 

  74. 

  75.     public String extractMailmanUsername() {
    76. 

  76.         if (!properties.containsKey(MAILMAN_USERNAME_PROPERTY)) {
    77. 

  77.             return MAILMAN_USERNAME_DEFAULT;
    78. 

  78.         }
    79. 

  79.         return properties.get(MAILMAN_USERNAME_PROPERTY);
    80. 

  80.     }
    81. 

  81. 

  82.     public String extractMailmanPassword() {
    83. 

  83.         if (!properties.containsKey(MAILMAN_PASSWORD_PROPERTY)) {
    84. 

  84.             log.debug("Could not find property " + MAILMAN_PASSWORD_PROPERTY + " for user " + MAILMAN_USERNAME_DEFAULT);
    85. 

  85.             return MAILMAN_PASSWORD_DEFAULT;
    86. 

  86.         }
    87. 

  87.         String password = properties.get(MAILMAN_PASSWORD_PROPERTY);
    88. 

  88.         if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
    89. 

  89.             password = decode(password);
    90. 

  90.         }
    91. 

  91.         return password;
    92. 

  92.     }
    93. 

  93. 

  94.     private String decode(String secret) {
    95. 

  95.         String decodedPassword = secret;
    96. 

  96.         try {
    97. 

  97.             byte[] kbytes = "jaas is the way".getBytes();
    98. 

  98.             SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
    99. 

  99. 

  100.             BigInteger n = new BigInteger(secret, 16);
    101. 

  101.             byte[] encoding = n.toByteArray();
    102. 

  102. 

  103.             //SECURITY-344: fix leading zeros
    104. 

  104.             if (encoding.length % 8 != 0) {
    105. 

  105.                 int length = encoding.length;
    106. 

  106.                 int newLength = ((length / 8) + 1) * 8;
    107. 

  107.                 int pad = newLength - length; //number of leading zeros
    108. 

  108.                 byte[] old = encoding;
    109. 

  109.                 encoding = new byte[newLength];
    110. 

  110. 

  111.                 for (int i = old.length - 1; i >= 0; i--) {
    112. 

  112.                     encoding[i + pad] = old[i];
    113. 

  113.                 }
    114. 

  114.             }
    115. 

  115. 

  116.             Cipher cipher = Cipher.getInstance("Blowfish");
    117. 

  117.             cipher.init(Cipher.DECRYPT_MODE, key);
    118. 

  118.             byte[] decode = cipher.doFinal(encoding);
    119. 

  119.             decodedPassword = new String(decode);
    120. 

  120.         } catch (Exception e) {
    121. 

  121.             log.error(e.getMessage(), e);
    122. 

  122.         }
    123. 

  123.         return decodedPassword;
    124. 

  124.     }
    125. 

  125. 

  126. }
    127.