/guvnor-webapp/src/main/java/org/drools/guvnor/server/repository/GuvnorBootstrapConfiguration.java

https://github.com/sbandaru/guvnor · Java · 137 lines · 99 code · 22 blank · 16 comment · 10 complexity · 74538c5bea7ae5dbcd505e36c57d8f57 MD5 · raw file 

    

  1. /*
    2. 

  2.  * Copyright 2011 JBoss Inc
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.  * you may not use this file except in compliance with the License.
    6. 

  6.  * You may obtain a copy of the License at
    7. 

  7.  *
    8. 

  8.  *      http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9.  *
    10. 

  10.  * Unless required by applicable law or agreed to in writing, software
    11. 

  11.  * distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.  * See the License for the specific language governing permissions and
    14. 

  14.  * limitations under the License.
    15. 

  15.  */
    16. 

  16. 

  17. package org.drools.guvnor.server.repository;
    18. 

  18. 

  19. import java.math.BigInteger;
    20. 

  20. import java.util.HashMap;
    21. 

  21. import java.util.Map;
    22. 

  22. import javax.annotation.PostConstruct;
    23. 

  23. import javax.crypto.Cipher;
    24. 

  24. import javax.crypto.spec.SecretKeySpec;
    25. 

  25. import javax.enterprise.context.ApplicationScoped;
    26. 

  26. 

  27. import org.drools.repository.RulesRepositoryConfigurator;
    28. 

  28. import org.slf4j.Logger;
    29. 

  29. import org.slf4j.LoggerFactory;
    30. 

  30. 

  31. @ApplicationScoped
    32. 

  32. public class GuvnorBootstrapConfiguration {
    33. 

  33. 

  34.     private static final String ADMIN_USERNAME_DEFAULT = "admin";
    35. 

  35.     private static final String ADMIN_USERNAME_PROPERTY = "org.drools.repository.admin.username";
    36. 

  36.     private static final String ADMIN_PASSWORD_DEFAULT = "password";
    37. 

  37.     private static final String ADMIN_PASSWORD_PROPERTY = "org.drools.repository.admin.password";
    38. 

  38. 

  39.     private static final String MAILMAN_USERNAME_DEFAULT = "mailman";
    40. 

  40.     private static final String MAILMAN_USERNAME_PROPERTY = "org.drools.repository.mailman.username";
    41. 

  41.     private static final String MAILMAN_PASSWORD_DEFAULT = "password";
    42. 

  42.     private static final String MAILMAN_PASSWORD_PROPERTY = "org.drools.repository.mailman.password";
    43. 

  43. 

  44.     private static final String SECURE_PASSWORDS_PROPERTY = "org.drools.repository.secure.passwords";
    45. 

  45. 

  46.     private transient final Logger log = LoggerFactory.getLogger(getClass());
    47. 

  47. 

  48.     private Map<String, String> properties = new HashMap<String, String>();
    49. 

  49. 

  50.     public Map<String, String> getProperties() {
    51. 

  51.         return properties;
    52. 

  52.     }
    53. 

  53. 

  54.     public void setProperties(Map<String, String> properties) {
    55. 

  55.         this.properties = properties;
    56. 

  56.     }
    57. 

  57. 

  58.     @PostConstruct
    59. 

  59.     public void validate() {
    60. 

  60.         if (!properties.containsKey(RulesRepositoryConfigurator.CONFIGURATOR_CLASS)) {
    61. 

  61.             throw new IllegalStateException("The beans.xml file does not have a GuvnorBootstrapConfiguration " +
    62. 

  62.                     "with a property for the configurator class (" + RulesRepositoryConfigurator.CONFIGURATOR_CLASS
    63. 

  63.                     + ") configured.");
    64. 

  64.         }
    65. 

  65.     }
    66. 

  66. 

  67.     public String extractAdminUsername() {
    68. 

  68.         if (!properties.containsKey(ADMIN_USERNAME_PROPERTY)) {
    69. 

  69.             return ADMIN_USERNAME_DEFAULT;
    70. 

  70.         }
    71. 

  71.         return properties.get(ADMIN_USERNAME_PROPERTY);
    72. 

  72.     }
    73. 

  73. 

  74.     public String extractAdminPassword() {
    75. 

  75.         if (!properties.containsKey(ADMIN_PASSWORD_PROPERTY)) {
    76. 

  76.             log.debug("Could not find property " + ADMIN_PASSWORD_PROPERTY + " for user " + ADMIN_USERNAME_DEFAULT);
    77. 

  77.             return ADMIN_PASSWORD_DEFAULT;
    78. 

  78.         }
    79. 

  79.         String password = properties.get(ADMIN_PASSWORD_PROPERTY);
    80. 

  80.         if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
    81. 

  81.             password = decode(password);
    82. 

  82.         }
    83. 

  83.         return password;
    84. 

  84.     }
    85. 

  85. 

  86.     public String extractMailmanUsername() {
    87. 

  87.         if (!properties.containsKey(MAILMAN_USERNAME_PROPERTY)) {
    88. 

  88.             return MAILMAN_USERNAME_DEFAULT;
    89. 

  89.         }
    90. 

  90.         return properties.get(MAILMAN_USERNAME_PROPERTY);
    91. 

  91.     }
    92. 

  92. 

  93.     public String extractMailmanPassword() {
    94. 

  94.         if (!properties.containsKey(MAILMAN_PASSWORD_PROPERTY)) {
    95. 

  95.             log.debug("Could not find property " + MAILMAN_PASSWORD_PROPERTY + " for user " + MAILMAN_USERNAME_DEFAULT);
    96. 

  96.             return MAILMAN_PASSWORD_DEFAULT;
    97. 

  97.         }
    98. 

  98.         String password = properties.get(MAILMAN_PASSWORD_PROPERTY);
    99. 

  99.         if ("true".equalsIgnoreCase(properties.get(SECURE_PASSWORDS_PROPERTY))) {
    100. 

  100.             password = decode(password);
    101. 

  101.         }
    102. 

  102.         return password;
    103. 

  103.     }
    104. 

  104. 

  105.     private String decode(String secret) {
    106. 

  106.         String decodedPassword = secret;
    107. 

  107.         try {
    108. 

  108.             byte[] kbytes = "jaas is the way".getBytes();
    109. 

  109.             SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
    110. 

  110. 

  111.             BigInteger n = new BigInteger(secret, 16);
    112. 

  112.             byte[] encoding = n.toByteArray();
    113. 

  113. 

  114.             //SECURITY-344: fix leading zeros
    115. 

  115.             if (encoding.length % 8 != 0) {
    116. 

  116.                 int length = encoding.length;
    117. 

  117.                 int newLength = ((length / 8) + 1) * 8;
    118. 

  118.                 int pad = newLength - length; //number of leading zeros
    119. 

  119.                 byte[] old = encoding;
    120. 

  120.                 encoding = new byte[newLength];
    121. 

  121. 

  122.                 for (int i = old.length - 1; i >= 0; i--) {
    123. 

  123.                     encoding[i + pad] = old[i];
    124. 

  124.                 }
    125. 

  125.             }
    126. 

  126. 

  127.             Cipher cipher = Cipher.getInstance("Blowfish");
    128. 

  128.             cipher.init(Cipher.DECRYPT_MODE, key);
    129. 

  129.             byte[] decode = cipher.doFinal(encoding);
    130. 

  130.             decodedPassword = new String(decode);
    131. 

  131.         } catch (Exception e) {
    132. 

  132.             log.error(e.getMessage(), e);
    133. 

  133.         }
    134. 

  134.         return decodedPassword;
    135. 

  135.     }
    136. 

  136. 

  137. }
    138.