On Wed, May 18, 2011 at 2:04 AM, Afkham Azeez <az...@wso2.com> wrote:
> This is causing a build break it seems. Also, how are you planning to > getting this fix into the Apache trunk? I missed to commit a pom. Fixed in r94467. There is a jira[1] for this (all changes are not in this jira). AFAIK, there is a discussion of moving synapse secure vault to WS-Commons, till we need to keep it as WSO2-commons and patch the axis2 internally. [1] https://issues.apache.org/jira/browse/AXIS2-4725 > > > On Tue, May 17, 2011 at 11:54 AM, <as...@wso2.com> wrote: > >> Author: asela >> Date: Mon May 16 23:24:49 2011 >> New Revision: 94446 >> URL: http://wso2.org/svn/browse/wso2?view=rev&revision=94446 >> >> Log: >> Appling secure vault patch for Axis2 - AXIS2-4725 and Adding method to >> resolve password of NIO SSL and Mail transport. But Please note >> implementation must be in the underline transport code in all defined >> transports, actually not in Axis2. It is Ta ODO item for next release by >> keeping secure vault as WS-commoms or WSO2-commons project. In 3.2.0, we >> are condsider only on email and NIO-SSL >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> >> Modified: branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> (original) >> +++ branches/carbon/3.2.0/dependencies/axis2/modules/kernel/pom.xml >> Mon May 16 23:24:49 2011 >> @@ -96,6 +96,11 @@ >> <artifactId>commons-io</artifactId> >> <scope>test</scope> >> </dependency> >> + <dependency> >> + <groupId>org.wso2.securevault</groupId> >> + <artifactId>org.wso2.securevault</artifactId> >> + <version>1.0.0-SNAPSHOT</version> >> + </dependency> >> </dependencies> >> <scm> >> <connection>scm:svn: >> http://svn.apache.org/repos/asf/axis/axis2/java/core/branches/1_6/modules/kernel >> </connection> >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> (original) >> +++ >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/deployment/AxisConfigBuilder.java >> Mon May 16 23:24:49 2011 >> @@ -53,6 +53,8 @@ >> import org.apache.axis2.util.ThreadContextMigratorUtil; >> import org.apache.commons.logging.Log; >> import org.apache.commons.logging.LogFactory; >> +import org.wso2.securevault.SecretResolver; >> +import org.wso2.securevault.SecretResolverFactory; >> >> import javax.xml.namespace.QName; >> import javax.xml.stream.XMLStreamException; >> @@ -87,7 +89,7 @@ >> public void populateConfig() throws DeploymentException { >> try { >> OMElement config_element = buildOM(); >> - >> + >> axisConfig.setSecretResolver(SecretResolverFactory.create(config_element, >> false)); >> if (!TAG_AXISCONFIG.equals(config_element.getLocalName())) { >> throw new >> DeploymentException(Messages.getMessage("badelementfound", TAG_AXISCONFIG, >> >> config_element.getLocalName())); >> @@ -644,6 +646,7 @@ >> try { >> Iterator itr = transport.getChildrenWithName(new >> QName(TAG_PARAMETER)); >> processParameters(itr, transportIN, axisConfig); >> + resolveTransportPasswords(transportIN); >> // adding to axis2 config >> axisConfig.addTransportIn(transportIN); >> transportReceivers.add(transportIN); >> @@ -692,6 +695,7 @@ >> Iterator itr = transport.getChildrenWithName(new >> QName(TAG_PARAMETER)); >> >> processParameters(itr, transportout, axisConfig); >> + resolveTransportPasswords(transportout); >> // adding to axis2 config >> axisConfig.addTransportOut(transportout); >> } catch (NoClassDefFoundError e) { >> @@ -785,4 +789,69 @@ >> Class phaseClass = >> Loader.loadClass(axisConfig.getSystemClassLoader(), className); >> return (Phase) phaseClass.newInstance(); >> } >> + >> + /** >> + * This is to resolve secured passwords of the transport sender and >> listeners. >> + * But this implementation must be in the underline transport code. >> TODO >> + * This method is just to resolve the Email sender and NIO SSL >> transport passwords. >> + * @param transport Implementations of ParameterInclude >> + */ >> + private void resolveTransportPasswords(ParameterInclude transport) { >> + >> + SecretResolver secretResolver = axisConfig.getSecretResolver(); >> + if(secretResolver.isInitialized()){ >> + String keyStorePassToken = null; >> + String keyStoreKeyPassToken = null; >> + String trustStorePassToken = null; >> + String emailSenderPassword = null; >> + if (transport instanceof TransportOutDescription){ >> + keyStorePassToken = >> "Axis2.Https.Sender.KeyStore.Password"; >> + keyStoreKeyPassToken = >> "Axis2.Https.Sender.KeyStore.KeyPassword"; >> + trustStorePassToken = >> "Axis2.Https.Sender.TrustStore.Password"; >> + emailSenderPassword = "Axis2.Mailto.Parameter.Password"; >> + } >> + if (transport instanceof TransportInDescription){ >> + keyStorePassToken = >> "Axis2.Https.Listener.KeyStore.Password"; >> + keyStoreKeyPassToken = >> "Axis2.Https.Listener.KeyStore.KeyPassword"; >> + trustStorePassToken = >> "Axis2.Https.Listener.TrustStore.Password"; >> + } >> + >> + Parameter keyParam = transport.getParameter("keystore"); >> + Parameter trustParam = transport.getParameter("truststore"); >> + Parameter emailPasswordParam = >> transport.getParameter("mail.smtp.password"); >> + >> + if (keyParam != null) { >> + OMElement ksEle = >> keyParam.getParameterElement().getFirstElement(); >> + if(ksEle != null){ >> + OMElement storePasswordElement = >> ksEle.getFirstChildWithName(new QName("Password")); >> + OMElement keyPasswordElement = >> ksEle.getFirstChildWithName(new QName("KeyPassword")); >> + if(secretResolver.isTokenProtected(keyStorePassToken) >> && storePasswordElement != null){ >> + String storePassword = >> secretResolver.resolve(keyStorePassToken); >> + ksEle.getFirstChildWithName(new >> QName("Password")).setText(storePassword ); >> + >> + } >> + >> if(secretResolver.isTokenProtected(keyStoreKeyPassToken) && >> keyPasswordElement != null){ >> + String keyPassword = >> secretResolver.resolve(keyStoreKeyPassToken); >> + ksEle.getFirstChildWithName(new >> QName("KeyPassword")).setText(keyPassword); >> + } >> + } >> + } >> + >> + if (trustParam != null) { >> + OMElement tsEle = >> trustParam.getParameterElement().getFirstElement(); >> + if(tsEle != null){ >> + OMElement storePasswordElement = >> tsEle.getFirstChildWithName(new QName("Password")); >> + >> if(secretResolver.isTokenProtected(trustStorePassToken) && >> storePasswordElement != null){ >> + String storePassword = >> secretResolver.resolve(trustStorePassToken); >> + tsEle.getFirstChildWithName(new >> QName("Password")).setText(storePassword ); >> + } >> + } >> + } >> + >> + if(secretResolver.isTokenProtected(emailSenderPassword) && >> emailPasswordParam != null) { >> + String emailPassword = >> secretResolver.resolve(emailSenderPassword); >> + emailPasswordParam.setValue(emailPassword); >> + } >> + } >> + } >> } >> >> Modified: >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> URL: >> http://wso2.org/svn/browse/wso2/branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java?rev=94446&r1=94445&r2=94446&view=diff >> >> ============================================================================== >> --- >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> (original) >> +++ >> branches/carbon/3.2.0/dependencies/axis2/modules/kernel/src/org/apache/axis2/engine/AxisConfiguration.java >> Mon May 16 23:24:49 2011 >> @@ -68,6 +68,7 @@ >> import org.apache.axis2.util.JavaUtils; >> import org.apache.commons.logging.Log; >> import org.apache.commons.logging.LogFactory; >> +import org.wso2.securevault.SecretResolver; >> >> /** >> * Class AxisConfiguration >> @@ -167,6 +168,12 @@ >> private TransactionConfiguration transactionConfiguration; >> >> /** >> + * To secure the password in axis2.xml. SecretResolver must be >> initialized >> + * When building axis configuration >> + */ >> + private SecretResolver secretResolver; >> + >> + /** >> * Constructor AxisConfiguration. >> */ >> public AxisConfiguration() { >> @@ -1545,4 +1552,12 @@ >> } >> return childFirstClassLoading; >> } >> + >> + public SecretResolver getSecretResolver() { >> + return secretResolver; >> + } >> + >> + public void setSecretResolver(SecretResolver secretResolver) { >> + this.secretResolver = secretResolver; >> + } >> } >> _______________________________________________ >> Carbon-commits mailing list >> carbon-comm...@wso2.org >> https://wso2.org/cgi-bin/mailman/listinfo/carbon-commits >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > >
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev