Search in sources :

Example 1 with XPathFactory

use of org.jdom2.xpath.XPathFactory in project gocd by gocd.

the class UniqueOnCancelValidator method validate.

public void validate(Element element, ConfigElementImplementationRegistry registry) throws Exception {
    XPathFactory xPathFactory = XPathFactory.instance();
    List<String> tasks = ConfigUtil.allTasks(registry);
    for (String task : tasks) {
        List<Element> taskNodes = xPathFactory.compile("//" + task, Filters.element()).evaluate(element);
        for (Element taskNode : taskNodes) {
            List<Element> list = xPathFactory.compile("oncancel", Filters.element()).evaluate(taskNode);
            if (list.size() > 1) {
                throw new Exception("Task [" + task + "] should not contain more than 1 oncancel task");
            }
        }
    }
}
Also used : XPathFactory(org.jdom2.xpath.XPathFactory) Element(org.jdom2.Element)

Example 2 with XPathFactory

use of org.jdom2.xpath.XPathFactory in project gocd by gocd.

the class ConfigCipherUpdater method migrate.

public void migrate() {
    File cipherFile = systemEnvironment.getCipherFile();
    String timestamp = new SimpleDateFormat("yyyy-MM-dd-HH-mm-ss").format(timeProvider.currentTime());
    File backupCipherFile = new File(systemEnvironment.getConfigDir(), "cipher.original." + timestamp);
    File configFile = new File(systemEnvironment.getCruiseConfigFile());
    File backupConfigFile = new File(configFile.getParentFile(), configFile.getName() + ".original." + timestamp);
    try {
        if (!cipherFile.exists() || !FileUtils.readFileToString(cipherFile).equals(FLAWED_VALUE)) {
            return;
        }
        LOGGER.info("Found unsafe cipher {} on server, Go will make an attempt to rekey", FLAWED_VALUE);
        FileUtils.copyFile(cipherFile, backupCipherFile);
        LOGGER.info("Old cipher was successfully backed up to {}", backupCipherFile.getAbsoluteFile());
        FileUtils.copyFile(configFile, backupConfigFile);
        LOGGER.info("Old config was successfully backed up to {}", backupConfigFile.getAbsoluteFile());
        byte[] oldCipher = FileUtils.readFileToByteArray(backupCipherFile);
        new CipherProvider(systemEnvironment).resetCipher();
        byte[] newCipher = FileUtils.readFileToByteArray(cipherFile);
        if (new String(newCipher).equals(new String(oldCipher))) {
            LOGGER.warn("Unable to generate a new safe cipher. Your cipher is unsafe.");
            FileUtils.deleteQuietly(backupCipherFile);
            FileUtils.deleteQuietly(backupConfigFile);
            return;
        }
        Document document = new SAXBuilder().build(configFile);
        List<String> encryptedAttributes = Arrays.asList("encryptedPassword", "encryptedManagerPassword");
        List<String> encryptedNodes = Arrays.asList("encryptedValue");
        XPathFactory xPathFactory = XPathFactory.instance();
        for (String attributeName : encryptedAttributes) {
            XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//*[@%s]", attributeName), Filters.element());
            List<Element> encryptedPasswordElements = xpathExpression.evaluate(document);
            for (Element element : encryptedPasswordElements) {
                Attribute encryptedPassword = element.getAttribute(attributeName);
                encryptedPassword.setValue(reEncryptUsingNewKey(oldCipher, newCipher, encryptedPassword.getValue()));
                LOGGER.debug("Replaced encrypted value at {}", element.toString());
            }
        }
        for (String nodeName : encryptedNodes) {
            XPathExpression<Element> xpathExpression = xPathFactory.compile(String.format("//%s", nodeName), Filters.element());
            List<Element> encryptedNode = xpathExpression.evaluate(document);
            for (Element element : encryptedNode) {
                element.setText(reEncryptUsingNewKey(oldCipher, newCipher, element.getValue()));
                LOGGER.debug("Replaced encrypted value at {}", element.toString());
            }
        }
        try (FileOutputStream fileOutputStream = new FileOutputStream(configFile)) {
            XmlUtils.writeXml(document, fileOutputStream);
        }
        LOGGER.info("Successfully re-encrypted config");
    } catch (Exception e) {
        LOGGER.error("Re-keying of cipher failed with error: [{}]", e.getMessage(), e);
        if (backupCipherFile.exists()) {
            try {
                FileUtils.copyFile(backupCipherFile, cipherFile);
            } catch (IOException e1) {
                LOGGER.error("Could not replace the cipher file [{}] with original one [{}], please do so manually. Error: [{}]", cipherFile.getAbsolutePath(), backupCipherFile.getAbsolutePath(), e.getMessage(), e);
                bomb(e1);
            }
        }
    }
}
Also used : SAXBuilder(org.jdom2.input.SAXBuilder) Attribute(org.jdom2.Attribute) CipherProvider(com.thoughtworks.go.security.CipherProvider) Element(org.jdom2.Element) IOException(java.io.IOException) Document(org.jdom2.Document) IOException(java.io.IOException) InvalidCipherTextException(org.bouncycastle.crypto.InvalidCipherTextException) XPathFactory(org.jdom2.xpath.XPathFactory) FileOutputStream(java.io.FileOutputStream) File(java.io.File) SimpleDateFormat(java.text.SimpleDateFormat)

Aggregations

Element (org.jdom2.Element)2 XPathFactory (org.jdom2.xpath.XPathFactory)2 CipherProvider (com.thoughtworks.go.security.CipherProvider)1 File (java.io.File)1 FileOutputStream (java.io.FileOutputStream)1 IOException (java.io.IOException)1 SimpleDateFormat (java.text.SimpleDateFormat)1 InvalidCipherTextException (org.bouncycastle.crypto.InvalidCipherTextException)1 Attribute (org.jdom2.Attribute)1 Document (org.jdom2.Document)1 SAXBuilder (org.jdom2.input.SAXBuilder)1