Search in sources :

Example 1 with EncryptionOperationNotPossibleException

use of org.jasypt.exceptions.EncryptionOperationNotPossibleException in project CloudStack-archive by CloudStack-extras.

the class EncryptionSecretKeyChanger method main.

public static void main(String[] args) {
    List<String> argsList = Arrays.asList(args);
    Iterator<String> iter = argsList.iterator();
    String oldMSKey = null;
    String oldDBKey = null;
    String newMSKey = null;
    String newDBKey = null;
    //Parse command-line args
    while (iter.hasNext()) {
        String arg = iter.next();
        // Old MS Key
        if (arg.equals("-m")) {
            oldMSKey = iter.next();
        }
        // Old DB Key
        if (arg.equals("-d")) {
            oldDBKey = iter.next();
        }
        // New MS Key
        if (arg.equals("-n")) {
            newMSKey = iter.next();
        }
        // New DB Key
        if (arg.equals("-e")) {
            newDBKey = iter.next();
        }
    }
    if (oldMSKey == null || oldDBKey == null) {
        System.out.println("Existing MS secret key or DB secret key is not provided");
        usage();
        return;
    }
    if (newMSKey == null && newDBKey == null) {
        System.out.println("New MS secret key and DB secret are both not provided");
        usage();
        return;
    }
    final File dbPropsFile = PropertiesUtil.findConfigFile("db.properties");
    final Properties dbProps;
    EncryptionSecretKeyChanger keyChanger = new EncryptionSecretKeyChanger();
    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
    keyChanger.initEncryptor(encryptor, oldMSKey);
    dbProps = new EncryptableProperties(encryptor);
    PropertiesConfiguration backupDBProps = null;
    System.out.println("Parsing db.properties file");
    try {
        dbProps.load(new FileInputStream(dbPropsFile));
        backupDBProps = new PropertiesConfiguration(dbPropsFile);
    } catch (FileNotFoundException e) {
        System.out.println("db.properties file not found while reading DB secret key" + e.getMessage());
    } catch (IOException e) {
        System.out.println("Error while reading DB secret key from db.properties" + e.getMessage());
    } catch (ConfigurationException e) {
        e.printStackTrace();
    }
    String dbSecretKey = null;
    try {
        dbSecretKey = dbProps.getProperty("db.cloud.encrypt.secret");
    } catch (EncryptionOperationNotPossibleException e) {
        System.out.println("Failed to decrypt existing DB secret key from db.properties. " + e.getMessage());
        return;
    }
    if (!oldDBKey.equals(dbSecretKey)) {
        System.out.println("Incorrect MS Secret Key or DB Secret Key");
        return;
    }
    System.out.println("Secret key provided matched the key in db.properties");
    final String encryptionType = dbProps.getProperty("db.cloud.encryption.type");
    if (newMSKey == null) {
        System.out.println("No change in MS Key. Skipping migrating db.properties");
    } else {
        if (!keyChanger.migrateProperties(dbPropsFile, dbProps, newMSKey, newDBKey)) {
            System.out.println("Failed to update db.properties");
            return;
        } else {
            //db.properties updated successfully
            if (encryptionType.equals("file")) {
                //update key file with new MS key
                try {
                    FileWriter fwriter = new FileWriter(keyFile);
                    BufferedWriter bwriter = new BufferedWriter(fwriter);
                    bwriter.write(newMSKey);
                    bwriter.close();
                } catch (IOException e) {
                    System.out.println("Failed to write new secret to file. Please update the file manually");
                }
            }
        }
    }
    boolean success = false;
    if (newDBKey == null || newDBKey.equals(oldDBKey)) {
        System.out.println("No change in DB Secret Key. Skipping Data Migration");
    } else {
        EncryptionSecretKeyChecker.initEncryptorForMigration(oldMSKey);
        try {
            success = keyChanger.migrateData(oldDBKey, newDBKey);
        } catch (Exception e) {
            System.out.println("Error during data migration");
            e.printStackTrace();
            success = false;
        }
    }
    if (success) {
        System.out.println("Successfully updated secret key(s)");
    } else {
        System.out.println("Data Migration failed. Reverting db.properties");
        //revert db.properties
        try {
            backupDBProps.save();
        } catch (ConfigurationException e) {
            e.printStackTrace();
        }
        if (encryptionType.equals("file")) {
            //revert secret key in file
            try {
                FileWriter fwriter = new FileWriter(keyFile);
                BufferedWriter bwriter = new BufferedWriter(fwriter);
                bwriter.write(oldMSKey);
                bwriter.close();
            } catch (IOException e) {
                System.out.println("Failed to revert to old secret to file. Please update the file manually");
            }
        }
    }
}
Also used : FileWriter(java.io.FileWriter) FileNotFoundException(java.io.FileNotFoundException) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) IOException(java.io.IOException) EncryptableProperties(org.jasypt.properties.EncryptableProperties) Properties(java.util.Properties) PropertiesConfiguration(org.apache.commons.configuration.PropertiesConfiguration) FileInputStream(java.io.FileInputStream) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) SQLException(java.sql.SQLException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) BufferedWriter(java.io.BufferedWriter) StandardPBEStringEncryptor(org.jasypt.encryption.pbe.StandardPBEStringEncryptor) EncryptableProperties(org.jasypt.properties.EncryptableProperties) ConfigurationException(org.apache.commons.configuration.ConfigurationException) File(java.io.File)

Example 2 with EncryptionOperationNotPossibleException

use of org.jasypt.exceptions.EncryptionOperationNotPossibleException in project fabric8 by jboss-fuse.

the class EncryptedPropertyResolver method inject.

/**
 * Replaces original Felix' PersistenceManager with our version
 * @param configAdmin
 * @param pm
 * @return
 */
private PersistenceManager inject(ConfigurationAdmin configAdmin, PersistenceManager pm) {
    try {
        Field configurationManager = configAdmin.getClass().getDeclaredField("configurationManager");
        configurationManager.setAccessible(true);
        Object configurationManagerValue = configurationManager.get(configAdmin);
        Field persistenceManagers = configurationManagerValue.getClass().getDeclaredField("persistenceManagers");
        persistenceManagers.setAccessible(true);
        Object[] persistenceManagersValue = (Object[]) persistenceManagers.get(configurationManagerValue);
        if (persistenceManagersValue != null && persistenceManagersValue.length == 1) {
            // replace org.apache.felix.cm.impl.CachingPersistenceManagerProxy.pm
            Field pmField = persistenceManagersValue[0].getClass().getDeclaredField("pm");
            pmField.setAccessible(true);
            PersistenceManager originalPM = (PersistenceManager) pmField.get(persistenceManagersValue[0]);
            pmField.set(persistenceManagersValue[0], pm);
            // decrypt org.apache.felix.cm.impl.CachingPersistenceManagerProxy.cache
            Field cacheField = persistenceManagersValue[0].getClass().getDeclaredField("cache");
            cacheField.setAccessible(true);
            Hashtable<String, Dictionary> hashMap = (Hashtable<String, Dictionary>) cacheField.get(persistenceManagersValue[0]);
            for (Dictionary<String, String> storedProps : hashMap.values()) {
                String encryptedValuesList = storedProps.get("fabric.zookeeper.encrypted.values");
                if (encryptedValuesList == null) {
                    continue;
                }
                String[] encryptedValues = encryptedValuesList.split("\\s*,\\s");
                for (String encryptedValue : encryptedValues) {
                    String value = storedProps.get(encryptedValue);
                    if (value != null && value.startsWith("crypt:")) {
                        storedProps.put(encryptedValue + ".encrypted", value);
                        try {
                            storedProps.put(encryptedValue, encryptor.decrypt(value.substring("crypt:".length())));
                        } catch (EncryptionOperationNotPossibleException e) {
                            LOG.error(e.getMessage(), e);
                        }
                    }
                }
            }
            return originalPM;
        }
    } catch (Exception e) {
        LOG.warn(e.getMessage());
    }
    return null;
}
Also used : Field(java.lang.reflect.Field) Dictionary(java.util.Dictionary) EncryptingPersistenceManager(org.apache.felix.cm.file.EncryptingPersistenceManager) PersistenceManager(org.apache.felix.cm.PersistenceManager) Hashtable(java.util.Hashtable) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) FabricException(io.fabric8.api.FabricException) IOException(java.io.IOException) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException)

Example 3 with EncryptionOperationNotPossibleException

use of org.jasypt.exceptions.EncryptionOperationNotPossibleException in project fabric8 by jboss-fuse.

the class EncryptingPersistenceManager method _load.

@Override
Dictionary _load(File cfgFile) throws IOException {
    // environments, where files may not be removed which are still open
    synchronized (this) {
        InputStream ins = null;
        try {
            ins = new FileInputStream(cfgFile);
            Dictionary<String, String> storedProps = ConfigurationHandler.read(ins);
            // encrypted properties
            if (storedProps.get("fabric.zookeeper.encrypted.values") != null) {
                String encryptedValuesList = storedProps.get("fabric.zookeeper.encrypted.values");
                String[] encryptedValues = encryptedValuesList.split("\\s*,\\s");
                for (String encryptedValue : encryptedValues) {
                    String value = storedProps.get(encryptedValue);
                    if (value != null && value.startsWith("crypt:")) {
                        storedProps.put(encryptedValue + ".encrypted", value);
                        try {
                            storedProps.put(encryptedValue, encryptor.decrypt(value.substring("crypt:".length())));
                        } catch (EncryptionOperationNotPossibleException e) {
                            LOG.error(e.getMessage(), e);
                        }
                    }
                }
            }
            return storedProps;
        } finally {
            if (ins != null) {
                try {
                    ins.close();
                } catch (IOException ioe) {
                // ignore
                }
            }
        }
    }
}
Also used : FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) IOException(java.io.IOException) FileInputStream(java.io.FileInputStream)

Example 4 with EncryptionOperationNotPossibleException

use of org.jasypt.exceptions.EncryptionOperationNotPossibleException in project incubator-gobblin by apache.

the class PasswordManagerTest method testStrongEncryptionAndDecryption.

@Test
public void testStrongEncryptionAndDecryption() throws IOException {
    String password = UUID.randomUUID().toString();
    String masterPassword = UUID.randomUUID().toString();
    File masterPwdFile = getMasterPwdFile(masterPassword);
    State state = new State();
    state.setProp(ConfigurationKeys.ENCRYPT_KEY_LOC, masterPwdFile.toString());
    state.setProp(ConfigurationKeys.ENCRYPT_USE_STRONG_ENCRYPTOR, true);
    try {
        StrongTextEncryptor encryptor = new StrongTextEncryptor();
        encryptor.setPassword(masterPassword);
        String encrypted = encryptor.encrypt(password);
        encrypted = "ENC(" + encrypted + ")";
        String decrypted = PasswordManager.getInstance(state).readPassword(encrypted);
        Assert.assertEquals(decrypted, password);
    } catch (EncryptionOperationNotPossibleException e) {
    // no strong encryption is supported
    }
}
Also used : StrongTextEncryptor(org.jasypt.util.text.StrongTextEncryptor) State(org.apache.gobblin.configuration.State) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) File(java.io.File) Test(org.testng.annotations.Test)

Example 5 with EncryptionOperationNotPossibleException

use of org.jasypt.exceptions.EncryptionOperationNotPossibleException in project cloudstack by apache.

the class EncryptionSecretKeyChanger method main.

public static void main(String[] args) {
    List<String> argsList = Arrays.asList(args);
    Iterator<String> iter = argsList.iterator();
    String oldMSKey = null;
    String oldDBKey = null;
    String newMSKey = null;
    String newDBKey = null;
    // Parse command-line args
    while (iter.hasNext()) {
        String arg = iter.next();
        // Old MS Key
        if (arg.equals("-m")) {
            oldMSKey = iter.next();
        }
        // Old DB Key
        if (arg.equals("-d")) {
            oldDBKey = iter.next();
        }
        // New MS Key
        if (arg.equals("-n")) {
            newMSKey = iter.next();
        }
        // New DB Key
        if (arg.equals("-e")) {
            newDBKey = iter.next();
        }
    }
    if (oldMSKey == null || oldDBKey == null) {
        System.out.println("Existing MS secret key or DB secret key is not provided");
        usage();
        return;
    }
    if (newMSKey == null && newDBKey == null) {
        System.out.println("New MS secret key and DB secret are both not provided");
        usage();
        return;
    }
    final File dbPropsFile = PropertiesUtil.findConfigFile("db.properties");
    final Properties dbProps;
    EncryptionSecretKeyChanger keyChanger = new EncryptionSecretKeyChanger();
    StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
    keyChanger.initEncryptor(encryptor, oldMSKey);
    dbProps = new EncryptableProperties(encryptor);
    PropertiesConfiguration backupDBProps = null;
    System.out.println("Parsing db.properties file");
    try (FileInputStream db_prop_fstream = new FileInputStream(dbPropsFile)) {
        dbProps.load(db_prop_fstream);
        backupDBProps = new PropertiesConfiguration(dbPropsFile);
    } catch (FileNotFoundException e) {
        System.out.println("db.properties file not found while reading DB secret key" + e.getMessage());
    } catch (IOException e) {
        System.out.println("Error while reading DB secret key from db.properties" + e.getMessage());
    } catch (ConfigurationException e) {
        e.printStackTrace();
    }
    String dbSecretKey = null;
    try {
        dbSecretKey = dbProps.getProperty("db.cloud.encrypt.secret");
    } catch (EncryptionOperationNotPossibleException e) {
        System.out.println("Failed to decrypt existing DB secret key from db.properties. " + e.getMessage());
        return;
    }
    if (!oldDBKey.equals(dbSecretKey)) {
        System.out.println("Incorrect MS Secret Key or DB Secret Key");
        return;
    }
    System.out.println("Secret key provided matched the key in db.properties");
    final String encryptionType = dbProps.getProperty("db.cloud.encryption.type");
    if (newMSKey == null) {
        System.out.println("No change in MS Key. Skipping migrating db.properties");
    } else {
        if (!keyChanger.migrateProperties(dbPropsFile, dbProps, newMSKey, newDBKey)) {
            System.out.println("Failed to update db.properties");
            return;
        } else {
            // db.properties updated successfully
            if (encryptionType.equals("file")) {
                // update key file with new MS key
                try (FileWriter fwriter = new FileWriter(keyFile);
                    BufferedWriter bwriter = new BufferedWriter(fwriter)) {
                    bwriter.write(newMSKey);
                } catch (IOException e) {
                    System.out.println("Failed to write new secret to file. Please update the file manually");
                }
            }
        }
    }
    boolean success = false;
    if (newDBKey == null || newDBKey.equals(oldDBKey)) {
        System.out.println("No change in DB Secret Key. Skipping Data Migration");
    } else {
        EncryptionSecretKeyChecker.initEncryptorForMigration(oldMSKey);
        try {
            success = keyChanger.migrateData(oldDBKey, newDBKey);
        } catch (Exception e) {
            System.out.println("Error during data migration");
            e.printStackTrace();
            success = false;
        }
    }
    if (success) {
        System.out.println("Successfully updated secret key(s)");
    } else {
        System.out.println("Data Migration failed. Reverting db.properties");
        // revert db.properties
        try {
            backupDBProps.save();
        } catch (ConfigurationException e) {
            e.printStackTrace();
        }
        if (encryptionType.equals("file")) {
            // revert secret key in file
            try (FileWriter fwriter = new FileWriter(keyFile);
                BufferedWriter bwriter = new BufferedWriter(fwriter)) {
                bwriter.write(oldMSKey);
            } catch (IOException e) {
                System.out.println("Failed to revert to old secret to file. Please update the file manually");
            }
        }
    }
}
Also used : FileWriter(java.io.FileWriter) FileNotFoundException(java.io.FileNotFoundException) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) IOException(java.io.IOException) EncryptableProperties(org.jasypt.properties.EncryptableProperties) Properties(java.util.Properties) PropertiesConfiguration(org.apache.commons.configuration.PropertiesConfiguration) FileInputStream(java.io.FileInputStream) IOException(java.io.IOException) FileNotFoundException(java.io.FileNotFoundException) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) SQLException(java.sql.SQLException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) ConfigurationException(org.apache.commons.configuration.ConfigurationException) EncryptionOperationNotPossibleException(org.jasypt.exceptions.EncryptionOperationNotPossibleException) BufferedWriter(java.io.BufferedWriter) StandardPBEStringEncryptor(org.jasypt.encryption.pbe.StandardPBEStringEncryptor) EncryptableProperties(org.jasypt.properties.EncryptableProperties) ConfigurationException(org.apache.commons.configuration.ConfigurationException) File(java.io.File)

Aggregations

EncryptionOperationNotPossibleException (org.jasypt.exceptions.EncryptionOperationNotPossibleException)13 IOException (java.io.IOException)4 CloudRuntimeException (com.cloud.utils.exception.CloudRuntimeException)3 File (java.io.File)3 FileInputStream (java.io.FileInputStream)3 SQLException (java.sql.SQLException)3 ModelAndView (org.springframework.web.servlet.ModelAndView)3 FabricException (io.fabric8.api.FabricException)2 BufferedWriter (java.io.BufferedWriter)2 FileNotFoundException (java.io.FileNotFoundException)2 FileWriter (java.io.FileWriter)2 UnsupportedEncodingException (java.io.UnsupportedEncodingException)2 Properties (java.util.Properties)2 FailedLoginException (javax.security.auth.login.FailedLoginException)2 ConfigurationException (org.apache.commons.configuration.ConfigurationException)2 PropertiesConfiguration (org.apache.commons.configuration.PropertiesConfiguration)2 StandardPBEStringEncryptor (org.jasypt.encryption.pbe.StandardPBEStringEncryptor)2 EncryptableProperties (org.jasypt.properties.EncryptableProperties)2 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)2 FabricService (io.fabric8.api.FabricService)1