/**
* Get the password from SecretManager . here only use SecretManager
*
* @param aliasPassword alias password
* @return if the SecretManager is initiated , then , get the corresponding secret , else return
* alias itself
*/
private String getActualPassword(String aliasPassword) {
SecretManager secretManager = SecretManager.getInstance();
if (secretManager.isInitialized()) {
return secretManager.getSecret(aliasPassword);
}
return aliasPassword;
}
/**
* Decrypts the encrypted secret provided by the specified callback handler.
*
* @param singleSecretCallback The singleSecretCallback which secret has to be decrypted
*/
@Override
protected void handleSingleSecretCallback(SingleSecretCallback singleSecretCallback) {
if (!secretManager.isInitialized()) {
if (log.isWarnEnabled()) {
log.warn("SecretManager has not been initialized.Cannot collect secrets.");
}
return;
}
String id = singleSecretCallback.getId();
if (id != null && !"".equals(id)) {
singleSecretCallback.setSecret(decrypt(secretManager.getEncryptedData(id)));
}
}
/**
* SecretCallbackHandler implementation which is compatible to the default encryption used within
* the JBoss Application Server to decrypt database passwords.
*/
public class JBossEncryptionSecretCallbackHandler extends AbstractSecretCallbackHandler {
private static final String ALGORITHM = "Blowfish";
private static Key key = new SecretKeySpec("jaas is the way".getBytes(), ALGORITHM);
private final SecretManager secretManager = SecretManager.getInstance();
/**
* Decrypts the encrypted secret provided by the specified callback handler.
*
* @param singleSecretCallback The singleSecretCallback which secret has to be decrypted
*/
@Override
protected void handleSingleSecretCallback(SingleSecretCallback singleSecretCallback) {
if (!secretManager.isInitialized()) {
if (log.isWarnEnabled()) {
log.warn("SecretManager has not been initialized.Cannot collect secrets.");
}
return;
}
String id = singleSecretCallback.getId();
if (id != null && !"".equals(id)) {
singleSecretCallback.setSecret(decrypt(secretManager.getEncryptedData(id)));
}
}
/**
* Decrypts the encrypted secret using the Blowfish algorithm and the same hard-coded passphrase
* the JBoss application server uses to decrypt database passwords.
*
* @param encryptedSecret the encrypted secret
* @return the decrypted secret.
*/
private static String decrypt(String encryptedSecret) {
CipherInformation cipherInformation = new CipherInformation();
cipherInformation.setAlgorithm(ALGORITHM);
cipherInformation.setCipherOperationMode(CipherOperationMode.DECRYPT);
cipherInformation.setInType(EncodingType.BIGINTEGER16); // TODO
DecryptionProvider decryptionProvider = CipherFactory.createCipher(cipherInformation, key);
return new String(decryptionProvider.decrypt(encryptedSecret.getBytes()));
}
}