Repository: tomee Updated Branches: refs/heads/master 1aa6c9f6d -> 52067addf
TOMEE-1979 allowing to cipher properties of the context for JNDIContext Project: http://git-wip-us.apache.org/repos/asf/tomee/repo Commit: http://git-wip-us.apache.org/repos/asf/tomee/commit/52067add Tree: http://git-wip-us.apache.org/repos/asf/tomee/tree/52067add Diff: http://git-wip-us.apache.org/repos/asf/tomee/diff/52067add Branch: refs/heads/master Commit: 52067addf6f5a0e1bc97a64cc32a6a7730974503 Parents: 1aa6c9f Author: rmannibucau <rmannibu...@apache.org> Authored: Mon Dec 5 11:24:11 2016 +0100 Committer: rmannibucau <rmannibu...@apache.org> Committed: Mon Dec 5 11:24:11 2016 +0100 ---------------------------------------------------------------------- .../org/apache/openejb/client/JNDIContext.java | 87 +++++++++++++++----- .../apache/openejb/client/JNDIContextTest.java | 15 ++++ .../openejb/ClientContextCipheringTest.java | 37 +++++++++ 3 files changed, 120 insertions(+), 19 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java ---------------------------------------------------------------------- diff --git a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java index d5549e2..1124eb9 100644 --- a/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java +++ b/server/openejb-client/src/main/java/org/apache/openejb/client/JNDIContext.java @@ -20,8 +20,28 @@ import org.apache.openejb.client.event.RemoteInitialContextCreated; import org.apache.openejb.client.serializer.EJBDSerializer; import org.omg.CORBA.ORB; +import javax.naming.AuthenticationException; +import javax.naming.Binding; +import javax.naming.CompoundName; +import javax.naming.ConfigurationException; +import javax.naming.Context; +import javax.naming.InvalidNameException; +import javax.naming.Name; +import javax.naming.NameClassPair; +import javax.naming.NameNotFoundException; +import javax.naming.NameParser; +import javax.naming.NamingEnumeration; +import javax.naming.NamingException; +import javax.naming.OperationNotSupportedException; +import javax.naming.Reference; +import javax.naming.ServiceUnavailableException; +import javax.naming.spi.InitialContextFactory; +import javax.naming.spi.NamingManager; +import javax.sql.DataSource; import java.io.Serializable; import java.lang.reflect.Constructor; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.net.ConnectException; import java.net.URI; import java.net.URISyntaxException; @@ -41,24 +61,6 @@ import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Level; import java.util.logging.Logger; -import javax.naming.AuthenticationException; -import javax.naming.Binding; -import javax.naming.CompoundName; -import javax.naming.ConfigurationException; -import javax.naming.Context; -import javax.naming.InvalidNameException; -import javax.naming.Name; -import javax.naming.NameClassPair; -import javax.naming.NameNotFoundException; -import javax.naming.NameParser; -import javax.naming.NamingEnumeration; -import javax.naming.NamingException; -import javax.naming.OperationNotSupportedException; -import javax.naming.Reference; -import javax.naming.ServiceUnavailableException; -import javax.naming.spi.InitialContextFactory; -import javax.naming.spi.NamingManager; -import javax.sql.DataSource; /** * @version $Rev$ $Date$ @@ -73,6 +75,8 @@ public class JNDIContext implements InitialContextFactory, Context { public static final String POOL_QUEUE_SIZE = "openejb.client.invoker.queue"; public static final String POOL_THREAD_NUMBER = "openejb.client.invoker.threads"; + private static final Decipher DECIPHER; + private String tail = "/"; private ServerMetaData server; private ClientMetaData client; @@ -85,11 +89,33 @@ public class JNDIContext implements InitialContextFactory, Context { static { ClassLoader classLoader = Client.class.getClassLoader(); Class<?> container; + Decipher decipher; try { container = Class.forName("org.apache.openejb.OpenEJB", false, classLoader); + final Class<?> propertyPlaceHolderHelper = Class.forName("org.apache.openejb.util.PropertyPlaceHolderHelper", false, classLoader); + final Method simpleValue = propertyPlaceHolderHelper.getMethod("simpleValue", String.class); + decipher = new Decipher() { + @Override + public String decipher(final String from) { + try { + return String.class.cast(simpleValue.invoke(null, from)); + } catch (final IllegalAccessException e) { + throw new IllegalStateException(e); + } catch (final InvocationTargetException e) { + throw new IllegalStateException(e.getCause()); + } + } + }; } catch (final Throwable e) { container = null; + decipher = new Decipher() { + @Override + public String decipher(final String from) { + return from; + } + }; } + DECIPHER = decipher; if (classLoader == ClassLoader.getSystemClassLoader() || Boolean.getBoolean("openejb.client.flus-tasks") || (container != null && container.getClassLoader() == classLoader)) { Runtime.getRuntime().addShutdownHook(new Thread() { @@ -224,7 +250,7 @@ public class JNDIContext implements InitialContextFactory, Context { if (environment == null) { throw new NamingException("Invalid argument, hashtable cannot be null."); } else { - env = (Hashtable) environment.clone(); + env = decipher((Hashtable) environment.clone()); } final String userID = (String) env.get(Context.SECURITY_PRINCIPAL); @@ -284,6 +310,25 @@ public class JNDIContext implements InitialContextFactory, Context { return this; } + private Hashtable decipher(final Hashtable clone) { + Decipher decipher = Decipher.class.cast(clone.get(Decipher.class.getName())); + if (decipher == null) { + decipher = DECIPHER; + } + for (final Object key : clone.keySet()) { + if (String.class.isInstance(key)) { + final Object value = clone.get(key); + if (String.class.isInstance(value)) { + final String val = decipher.decipher(String.class.cast(value)); + if (!val.equals(value)) { + clone.put(key, val); + } + } + } + } + return clone; + } + private static String getProperty(final Hashtable env, final String key, final String defaultValue) { Object value = env == null ? null : env.get(key); if (value != null) { @@ -863,5 +908,9 @@ public class JNDIContext implements InitialContextFactory, Context { return password; } } + + public interface Decipher { + String decipher(String from); + } } http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java ---------------------------------------------------------------------- diff --git a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java index de21365..6776c34 100755 --- a/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java +++ b/server/openejb-client/src/test/java/org/apache/openejb/client/JNDIContextTest.java @@ -20,6 +20,7 @@ import org.junit.Assert; import org.junit.Test; import javax.naming.Context; +import javax.naming.NamingException; import java.util.Hashtable; /** @@ -27,6 +28,20 @@ import java.util.Hashtable; */ @SuppressWarnings("UseOfObsoleteCollectionType") public class JNDIContextTest { + @Test + public void customCipher() throws NamingException { + final JNDIContext jndiContext = new JNDIContext(); + final Hashtable<String, Object> env = new Hashtable<>(); + env.put(JNDIContext.Decipher.class.getName(), new JNDIContext.Decipher() { + @Override + public String decipher(final String from) { + return "ejbd://localhost:1234"; + } + }); + env.put(Context.PROVIDER_URL, "replaced"); + jndiContext.getInitialContext(env); + Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString()); + } @Test public void testGetInitialContext() throws Exception { http://git-wip-us.apache.org/repos/asf/tomee/blob/52067add/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java ---------------------------------------------------------------------- diff --git a/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java new file mode 100644 index 0000000..a57a457 --- /dev/null +++ b/server/openejb-ejbd/src/test/java/org/apache/openejb/ClientContextCipheringTest.java @@ -0,0 +1,37 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.openejb; + +import org.apache.openejb.cipher.StaticDESPasswordCipher; +import org.apache.openejb.client.JNDIContext; +import org.junit.Assert; +import org.junit.Test; + +import javax.naming.Context; +import javax.naming.NamingException; +import java.util.Hashtable; + +public class ClientContextCipheringTest { + @Test + public void customCipher() throws NamingException { + final JNDIContext jndiContext = new JNDIContext(); + final Hashtable<String, Object> env = new Hashtable<>(); + env.put(Context.PROVIDER_URL, "cipher:Static3DES:" + String.valueOf(new StaticDESPasswordCipher().encrypt("ejbd://localhost:1234"))); + jndiContext.getInitialContext(env); + Assert.assertEquals("ejbd://localhost:1234", jndiContext.getEnvironment().get(Context.PROVIDER_URL).toString()); + } +}