001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *  http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    
020    
021    package org.apache.geronimo.system.util;
022    
023    import java.io.File;
024    import java.io.FileInputStream;
025    import java.io.FileOutputStream;
026    import java.io.IOException;
027    import java.io.ObjectInputStream;
028    import java.io.ObjectOutputStream;
029    import java.security.SecureRandom;
030    
031    import javax.crypto.spec.SecretKeySpec;
032    
033    import org.apache.geronimo.gbean.GBeanInfo;
034    import org.apache.geronimo.gbean.GBeanInfoBuilder;
035    import org.apache.geronimo.gbean.GBeanLifecycle;
036    import org.apache.geronimo.system.serverinfo.ServerInfo;
037    import org.apache.geronimo.crypto.AbstractEncryption;
038    import org.apache.geronimo.crypto.EncryptionManager;
039    
040    /**
041     * Like SimpleEncryption except it uses a stored secret key.  If the key file is missing, it makes up a new one.
042     *
043     * WARNING: NOT RECOMMENDED. If you lose the secret key file your encrypted passwords will be unavailable.  Instead, secure
044     * your operationg environment and use something like ldap or a database to store passwords in.
045     *
046     * To use, include something like this in the rmi-naming module of var/config/config.xml:
047     *
048     * <gbean name="org.apache.geronimo.framework/rmi-naming/2.1-SNAPSHOT/car?name=ConfiguredEncryption,j2eeType=GBean" gbeanInfo="org.apache.geronimo.system.util.ConfiguredEncryption">
049     * <attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
050     * <reference name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
051     * </gbean>
052     *
053     * @version $Rev: 896103 $ $Date: 2010-01-05 10:47:37 -0500 (Tue, 05 Jan 2010) $
054     */
055    public class ConfiguredEncryption extends AbstractEncryption implements GBeanLifecycle {
056    
057        private final SecretKeySpec spec;
058    
059    
060        public ConfiguredEncryption(String path, ServerInfo serverInfo) throws IOException, ClassNotFoundException {
061            if (path == null || "".equals(path)) {
062                spec = null;
063                return;
064            }
065            File location = serverInfo.resolve(path);
066            if (location.exists()) {
067                FileInputStream in = new FileInputStream(location);
068                try {
069                    ObjectInputStream oin = new ObjectInputStream(in);
070                    try {
071                        spec = (SecretKeySpec) oin.readObject();
072                    } finally {
073                        oin.close();
074                    }
075                } finally {
076                    in.close();
077                }
078            } else {
079                SecureRandom random = new SecureRandom();
080                random.setSeed(System.currentTimeMillis());
081                byte[] bytes = new byte[16];
082                random.nextBytes(bytes);
083                spec = new SecretKeySpec(bytes, "AES");
084                File dir = location.getParentFile();
085                if (!dir.exists()) {
086                    dir.mkdirs();
087                }
088                if (!dir.exists() || !dir.isDirectory()) {
089                    throw new IllegalStateException("Could not create directory for secret key spec: " + dir);
090                }
091                FileOutputStream out = new FileOutputStream(location);
092                try {
093                    ObjectOutputStream oout = new ObjectOutputStream(out);
094                    try {
095                        oout.writeObject(spec);
096                        oout.flush();
097                    } finally {
098                        oout.close();
099                    }
100                } finally {
101                    out.close();
102                }
103            }
104        }
105    
106        public void doStart() throws Exception {
107            if (spec != null) {
108                EncryptionManager.setEncryptionPrefix("{Configured}", this);
109            }
110        }
111    
112        public void doStop() throws Exception {
113        }
114    
115        public void doFail() {
116        }
117    
118        protected SecretKeySpec getSecretKeySpec() {
119            return spec;
120        }
121        
122        public String encrypt(String text) {
123            return EncryptionManager.encrypt(text);
124        }
125    
126        public static final GBeanInfo GBEAN_INFO;
127    
128        static {
129            GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ConfiguredEncryption.class, "GBean");
130            infoBuilder.addAttribute("path", String.class, true, true);
131            infoBuilder.addReference("ServerInfo", ServerInfo.class, "GBean");
132            infoBuilder.setConstructor(new String[]{"path", "ServerInfo"});
133            infoBuilder.addOperation("encrypt", new Class[] {String.class}, "java.lang.String");
134            GBEAN_INFO = infoBuilder.getBeanInfo();
135        }
136    
137        public static GBeanInfo getGBeanInfo() {
138            return GBEAN_INFO;
139        }
140    
141    }