Beispiel #1
0
 /**
  * Call this to transform a system setting to a more appropriate value. Importantly, this
  * (de)obfuscates the password fields as they go from and to the DB. We use the @{link
  * PicketBoxObfuscator} so that people are able encode their passwords in the system settings
  * export files using the "rhq-encode-password.sh" script.
  */
 private String transformSystemConfigurationPropertyToDb(
     SystemSetting prop, String newValue, String oldValue) {
   // the 0,1 -> true false scenario is no problem here, because the values are stored
   // as string anyway (so no conversion is done). I assume the above is a historical
   // code that could be safely eliminated.
   switch (prop) {
     case LDAP_BASED_JAAS_PROVIDER:
       if (Boolean.parseBoolean(newValue)) {
         return RHQConstants.LDAPJAASProvider;
       } else {
         return RHQConstants.JDBCJAASProvider;
       }
     case USE_SSL_FOR_LDAP:
       if (Boolean.parseBoolean(newValue)) {
         return RHQConstants.LDAP_PROTOCOL_SECURED;
       } else {
         return RHQConstants.LDAP_PROTOCOL_UNSECURED;
       }
     default:
       if (prop.getType() == PropertySimpleType.PASSWORD && newValue != null) {
         if (PropertySimple.MASKED_VALUE.equals(newValue)) {
           return oldValue;
         } else {
           return PicketBoxObfuscator.encode(newValue);
         }
       } else {
         return newValue;
       }
   }
 }
Beispiel #2
0
 @Override
 public void deobfuscate(SystemSettings systemSettings) {
   for (Map.Entry<SystemSetting, String> entry : systemSettings.entrySet()) {
     String value = entry.getValue();
     if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) {
       entry.setValue(PicketBoxObfuscator.decode(value));
     }
   }
 }
Beispiel #3
0
 /**
  * Call this to transform a system setting to a more appropriate value. Importantly, this
  * (de)obfuscates the password fields as they go from and to the DB. We use the @{link
  * PicketBoxObfuscator} so that people are able encode their passwords in the system settings
  * export files using the "rhq-encode-password.sh" script.
  */
 private String transformSystemConfigurationPropertyFromDb(
     SystemSetting prop, String value, boolean unobfuscate) {
   // to support Oracle (whose booleans may be 1 or 0) transform the boolean settings properly
   switch (prop) {
     case LDAP_BASED_JAAS_PROVIDER:
       if (RHQConstants.JDBCJAASProvider.equals(value)) {
         return Boolean.toString(false);
       } else if (RHQConstants.LDAPJAASProvider.equals(value)) {
         return Boolean.toString(true);
       } else {
         return value == null ? "" : value;
       }
     case USE_SSL_FOR_LDAP:
       if (RHQConstants.LDAP_PROTOCOL_SECURED.equals(value)) {
         return Boolean.toString(true);
       } else {
         return Boolean.toString(false);
       }
     default:
       switch (prop.getType()) {
         case BOOLEAN:
           if ("0".equals(value)) {
             return Boolean.FALSE.toString();
           } else if ("1".equals(value)) {
             return Boolean.TRUE.toString();
           } else {
             return value == null ? Boolean.FALSE.toString() : value;
           }
         case PASSWORD:
           if (unobfuscate && value != null && value.trim().length() > 0) {
             return PicketBoxObfuscator.decode(value);
           } else {
             return value == null ? "" : value;
           }
         default:
           if (value == null) {
             switch (prop.getType()) {
               case DOUBLE:
               case FLOAT:
               case INTEGER:
               case LONG:
                 value = "0";
                 break;
               default:
                 value = "";
             }
           }
           return value;
       }
   }
 }
Beispiel #4
0
  private void fillCache(Collection<SystemConfiguration> configs) {
    SystemSettings settings = new SystemSettings();

    for (SystemConfiguration config : configs) {
      SystemSetting prop = SystemSetting.getByInternalName(config.getPropertyKey());
      if (prop == null) {
        LOG.warn(
            "The database contains unknown system configuration setting ["
                + config.getPropertyKey()
                + "].");
        continue;
      }

      if (config.getPropertyValue() == null) {
        // for some reason, the configuration is not found in the DB, so fallback to the persisted
        // default.
        // if there isn't even a persisted default, just use an empty string.
        String defaultValue = config.getDefaultPropertyValue();
        defaultValue = transformSystemConfigurationPropertyFromDb(prop, defaultValue, true);
        settings.put(prop, defaultValue);
      } else {
        String value = config.getPropertyValue();
        value = transformSystemConfigurationPropertyFromDb(prop, value, true);
        settings.put(prop, value);
      }
    }

    settings.setDriftPlugins(getDriftServerPlugins());

    synchronized (this) {
      // only update the caches if the settings were actually changed
      if (cachedSystemSettings == null
          || !safeEquals(
              cachedSystemSettings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME),
              settings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME))) {
        cachedSystemSettings = settings;

        cachedObfuscatedSystemSettings = new SystemSettings(settings);
        for (Map.Entry<SystemSetting, String> entry : cachedObfuscatedSystemSettings.entrySet()) {
          String value = entry.getValue();
          if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) {
            entry.setValue(PicketBoxObfuscator.encode(value));
          }
        }
      }
    }
  }
Beispiel #5
0
  public void testPasswordFieldsObfuscation() {
    SystemSettings masked = systemManager.getSystemSettings(overlord);
    SystemSettings unmasked = systemManager.getUnmaskedSystemSettings(true);
    SystemSettings obfuscated = systemManager.getObfuscatedSystemSettings(true);

    for (SystemSetting setting : SystemSetting.values()) {
      if (setting.getType() == PropertySimpleType.PASSWORD) {
        if (masked.containsKey(setting) && masked.get(setting) != null) {
          assertEquals(
              "Unexpected unmasked value", PropertySimple.MASKED_VALUE, masked.get(setting));
          assertEquals(
              "Unmasked and obfuscated values don't correspond",
              obfuscated.get(setting),
              PicketBoxObfuscator.encode(unmasked.get(setting)));
        }
      }
    }

    systemManager.deobfuscate(obfuscated);

    assertEquals(unmasked, obfuscated);
  }