Beispiel #1
0
 /**
  * Call this to transform a system setting to a more appropriate value. Importantly, this
  * (de)obfuscates the password fields as they go from and to the DB. We use the @{link
  * PicketBoxObfuscator} so that people are able encode their passwords in the system settings
  * export files using the "rhq-encode-password.sh" script.
  */
 private String transformSystemConfigurationPropertyToDb(
     SystemSetting prop, String newValue, String oldValue) {
   // the 0,1 -> true false scenario is no problem here, because the values are stored
   // as string anyway (so no conversion is done). I assume the above is a historical
   // code that could be safely eliminated.
   switch (prop) {
     case LDAP_BASED_JAAS_PROVIDER:
       if (Boolean.parseBoolean(newValue)) {
         return RHQConstants.LDAPJAASProvider;
       } else {
         return RHQConstants.JDBCJAASProvider;
       }
     case USE_SSL_FOR_LDAP:
       if (Boolean.parseBoolean(newValue)) {
         return RHQConstants.LDAP_PROTOCOL_SECURED;
       } else {
         return RHQConstants.LDAP_PROTOCOL_UNSECURED;
       }
     default:
       if (prop.getType() == PropertySimpleType.PASSWORD && newValue != null) {
         if (PropertySimple.MASKED_VALUE.equals(newValue)) {
           return oldValue;
         } else {
           return PicketBoxObfuscator.encode(newValue);
         }
       } else {
         return newValue;
       }
   }
 }
Beispiel #2
0
  private void fillCache(Collection<SystemConfiguration> configs) {
    SystemSettings settings = new SystemSettings();

    for (SystemConfiguration config : configs) {
      SystemSetting prop = SystemSetting.getByInternalName(config.getPropertyKey());
      if (prop == null) {
        LOG.warn(
            "The database contains unknown system configuration setting ["
                + config.getPropertyKey()
                + "].");
        continue;
      }

      if (config.getPropertyValue() == null) {
        // for some reason, the configuration is not found in the DB, so fallback to the persisted
        // default.
        // if there isn't even a persisted default, just use an empty string.
        String defaultValue = config.getDefaultPropertyValue();
        defaultValue = transformSystemConfigurationPropertyFromDb(prop, defaultValue, true);
        settings.put(prop, defaultValue);
      } else {
        String value = config.getPropertyValue();
        value = transformSystemConfigurationPropertyFromDb(prop, value, true);
        settings.put(prop, value);
      }
    }

    settings.setDriftPlugins(getDriftServerPlugins());

    synchronized (this) {
      // only update the caches if the settings were actually changed
      if (cachedSystemSettings == null
          || !safeEquals(
              cachedSystemSettings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME),
              settings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME))) {
        cachedSystemSettings = settings;

        cachedObfuscatedSystemSettings = new SystemSettings(settings);
        for (Map.Entry<SystemSetting, String> entry : cachedObfuscatedSystemSettings.entrySet()) {
          String value = entry.getValue();
          if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) {
            entry.setValue(PicketBoxObfuscator.encode(value));
          }
        }
      }
    }
  }
Beispiel #3
0
  public void testPasswordFieldsObfuscation() {
    SystemSettings masked = systemManager.getSystemSettings(overlord);
    SystemSettings unmasked = systemManager.getUnmaskedSystemSettings(true);
    SystemSettings obfuscated = systemManager.getObfuscatedSystemSettings(true);

    for (SystemSetting setting : SystemSetting.values()) {
      if (setting.getType() == PropertySimpleType.PASSWORD) {
        if (masked.containsKey(setting) && masked.get(setting) != null) {
          assertEquals(
              "Unexpected unmasked value", PropertySimple.MASKED_VALUE, masked.get(setting));
          assertEquals(
              "Unmasked and obfuscated values don't correspond",
              obfuscated.get(setting),
              PicketBoxObfuscator.encode(unmasked.get(setting)));
        }
      }
    }

    systemManager.deobfuscate(obfuscated);

    assertEquals(unmasked, obfuscated);
  }