public URLMasterPasswordProviderConfig(URLMasterPasswordProviderConfig other) { super(other); this.url = other.getURL(); }
@Test public void testEncryption() throws Exception { File tmp = File.createTempFile("passwd", "tmp", new File("target")); tmp = tmp.getCanonicalFile(); URLMasterPasswordProviderConfig config = new URLMasterPasswordProviderConfig(); config.setName("test"); config.setReadOnly(false); config.setLoginEnabled(true); config.setClassName(URLMasterPasswordProvider.class.getCanonicalName()); config.setURL(URLs.fileToUrl(tmp)); config.setEncrypting(true); URLMasterPasswordProvider mpp = new URLMasterPasswordProvider(); mpp.setSecurityManager(getSecurityManager()); mpp.initializeFromConfig(config); mpp.setName(config.getName()); mpp.doSetMasterPassword("geoserver".toCharArray()); String encoded = IOUtils.toString(new FileInputStream(tmp)); assertFalse("geoserver".equals(encoded)); char[] passwd = mpp.doGetMasterPassword(); assertTrue(Arrays.equals("geoserver".toCharArray(), passwd)); } }
mpConfig.getURL() .toString() .endsWith(URLMasterPasswordProviderConfig.MASTER_PASSWD_FILENAME)); mpConfig = new URLMasterPasswordProviderConfig(); mpConfig.setName("rw"); mpConfig.setClassName(URLMasterPasswordProvider.class.getCanonicalName()); mpConfig.setReadOnly(false); mpConfig.setURL(URLs.fileToUrl(tmp)); getSecurityManager().saveMasterPasswordProviderConfig(mpConfig); config.setProviderName(mpConfig.getName()); getSecurityManager() .saveMasterPasswordConfig( mpConfig = new URLMasterPasswordProviderConfig(); mpConfig.setName("ro"); mpConfig.setClassName(URLMasterPasswordProvider.class.getCanonicalName()); mpConfig.setReadOnly(true); mpConfig.setURL(URLs.fileToUrl(tmp));
loadMasterPassswordProviderConfig("default"); if (mpProviderConfig == null) { mpProviderConfig = new URLMasterPasswordProviderConfig(); mpProviderConfig.setName("default"); mpProviderConfig.setClassName(URLMasterPasswordProvider.class.getCanonicalName()); mpProviderConfig.setReadOnly(false); ((URLMasterPasswordProviderConfig) mpProviderConfig).setURL(new URL("file:passwd")); ((URLMasterPasswordProviderConfig) mpProviderConfig).setEncrypting(true); saveMasterPasswordProviderConfig(mpProviderConfig, false);
@Test public void testUrlConfig() throws Exception { URLMasterPasswordProviderValidator validator = new URLMasterPasswordProviderValidator(getSecurityManager()); URLMasterPasswordProviderConfig config = new URLMasterPasswordProviderConfig(); config.setName("foo"); config.setClassName(URLMasterPasswordProvider.class.getCanonicalName()); try { validator.validateAddMasterPasswordProvider(config); // getSecurityManager().saveMasterPasswordProviderConfig(config); fail(); } catch (URLMasterPasswordProviderException e) { assertSecurityException(e, URLMasterPasswordProviderException.URL_REQUIRED); } config.setURL(new URL("file:ABC")); config.setReadOnly(true); try { validator.validateAddMasterPasswordProvider(config); // getSecurityManager().saveMasterPasswordProviderConfig(config); fail(); } catch (URLMasterPasswordProviderException e) { assertSecurityException( e, URLMasterPasswordProviderException.URL_LOCATION_NOT_READABLE, new URL("file:ABC")); } }
byte[] decode(byte[] passwd) { if (!config.isEncrypting()) { return passwd; } // decrypt the password StandardPBEByteEncryptor encryptor = new StandardPBEByteEncryptor(); char[] key = key(); try { encryptor.setPasswordCharArray(key); return encryptor.decrypt(Base64.decodeBase64(passwd)); } finally { scramble(key); } }
byte[] encode(char[] passwd) { if (!config.isEncrypting()) { return toBytes(passwd); } // encrypt the password StandardPBEByteEncryptor encryptor = new StandardPBEByteEncryptor(); char[] key = key(); try { encryptor.setPasswordCharArray(key); return Base64.encodeBase64(encryptor.encrypt(toBytes(passwd))); } finally { scramble(key); } }
@Override protected void doSetMasterPassword(char[] passwd) throws Exception { OutputStream out = output(config.getURL(), getConfigDir()); try { out.write(encode(passwd)); } finally { out.close(); } }
@Override protected char[] doGetMasterPassword() throws Exception { try { InputStream in = input(config.getURL(), getConfigDir()); try { // JD: for some reason the decrypted passwd comes back sometimes with null chars // tacked on // MCR, was a problem with toBytes and toChar in SecurityUtils // return trimNullChars(toChars(decode(IOUtils.toByteArray(in)))); return toChars(decode(IOUtils.toByteArray(in))); } finally { in.close(); } } catch (IOException e) { throw new RuntimeException(e); } }
@Override public void validate(MasterPasswordProviderConfig config) throws SecurityConfigException { super.validate(config); URLMasterPasswordProviderConfig urlConfig = (URLMasterPasswordProviderConfig) config; URL url = urlConfig.getURL(); if (url == null) { throw new URLMasterPasswordProviderException(URL_REQUIRED); } if (config.isReadOnly()) { // read-only, assure we can read from url try { InputStream in = input(url, manager.masterPasswordProvider().get(config.getName())); try { in.read(); } finally { in.close(); } } catch (IOException ex) { throw new URLMasterPasswordProviderException(URL_LOCATION_NOT_READABLE, url); } } } }