001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *  http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    
020    
021    package org.apache.geronimo.system.util;
022    
023    import java.io.File;
024    import java.io.FileInputStream;
025    import java.io.FileOutputStream;
026    import java.io.IOException;
027    import java.io.ObjectInputStream;
028    import java.io.ObjectOutputStream;
029    import java.security.SecureRandom;
030    
031    import javax.crypto.spec.SecretKeySpec;
032    
033    import org.apache.geronimo.gbean.GBeanInfo;
034    import org.apache.geronimo.gbean.GBeanInfoBuilder;
035    import org.apache.geronimo.gbean.GBeanLifecycle;
036    import org.apache.geronimo.system.serverinfo.ServerInfo;
037    import org.apache.geronimo.crypto.AbstractEncryption;
038    import org.apache.geronimo.crypto.EncryptionManager;
039    
040    /**
041     * Like SimpleEncryption except it uses a stored secret key.  If the key file is missing, it makes up a new one.
042     *
043     * WARNING: NOT RECOMMENDED. If you lose the secret key file your encrypted passwords will be unavailable.  Instead, secure
044     * your operationg environment and use something like ldap or a database to store passwords in.
045     *
046     * To use, include something like this in the rmi-naming module of var/config/config.xml:
047     *
048     * <gbean name="ConfiguredEncryption">
049     * <attribute name="path">var/security/ConfiguredSecretKey.ser</attribute>
050     * <reference name="ServerInfo"><pattern><name>ServerInfo</name></pattern></reference>
051     * </gbean>
052     *
053     * @version $Rev: 1022007 $ $Date: 2010-10-13 14:33:45 +0800 (Wed, 13 Oct 2010) $
054     */
055    public class ConfiguredEncryption extends AbstractEncryption implements GBeanLifecycle {
056    
057        private final SecretKeySpec spec;
058    
059        public ConfiguredEncryption(String path, ServerInfo serverInfo) throws IOException, ClassNotFoundException {
060            File location = serverInfo.resolve(path);
061            if (location.exists()) {
062                FileInputStream in = new FileInputStream(location);
063                try {
064                    ObjectInputStream oin = new ObjectInputStream(in);
065                    try {
066                        spec = (SecretKeySpec) oin.readObject();
067                    } finally {
068                        oin.close();
069                    }
070                } finally {
071                    in.close();
072                }
073            } else {
074                SecureRandom random = new SecureRandom();
075                random.setSeed(System.currentTimeMillis());
076                byte[] bytes = new byte[16];
077                random.nextBytes(bytes);
078                spec = new SecretKeySpec(bytes, "AES");
079                File dir = location.getParentFile();
080                if (!dir.exists()) {
081                    dir.mkdirs();
082                }
083                if (!dir.exists() || !dir.isDirectory()) {
084                    throw new IllegalStateException("Could not create directory for secret key spec: " + dir);
085                }
086                FileOutputStream out = new FileOutputStream(location);
087                try {
088                    ObjectOutputStream oout = new ObjectOutputStream(out);
089                    try {
090                        oout.writeObject(spec);
091                        oout.flush();
092                    } finally {
093                        oout.close();
094                    }
095                } finally {
096                    out.close();
097                }
098            }
099        }
100    
101        public void doStart() throws Exception {
102            EncryptionManager.setEncryptionPrefix("{Configured}", this);
103        }
104    
105        public void doStop() throws Exception {
106        }
107    
108        public void doFail() {
109        }
110    
111        protected SecretKeySpec getSecretKeySpec() {
112            return spec;
113        }
114        
115        public static final GBeanInfo GBEAN_INFO;
116    
117        static {
118            GBeanInfoBuilder infoBuilder = GBeanInfoBuilder.createStatic(ConfiguredEncryption.class, "GBean");
119            infoBuilder.addAttribute("path", String.class, true, true);
120            infoBuilder.addReference("ServerInfo", ServerInfo.class, "GBean");
121            infoBuilder.setConstructor(new String[]{"path", "ServerInfo"});
122            GBEAN_INFO = infoBuilder.getBeanInfo();
123        }
124    
125        public static GBeanInfo getGBeanInfo() {
126            return GBEAN_INFO;
127        }
128    
129    }