@Override
protected boolean validateConfiguration() {
if (configuration.getPasswordSecret().isEmpty()) {
LOG.error(
"No password secret set. Please define \"password_secret\" in your Graylog configuration.");
return false;
}
return true;
}
@Override
public void setSystemPassword(String systemPassword) {
// set new salt value, if we didn't have any.
if (getSystemPasswordSalt().isEmpty()) {
LOG.debug("Generating new salt for LDAP system password.");
final SecureRandom random = new SecureRandom();
byte[] saltBytes = new byte[8];
random.nextBytes(saltBytes);
setSystemPasswordSalt(Hex.encodeToString(saltBytes));
}
final String encrypted =
AESTools.encrypt(
systemPassword,
configuration.getPasswordSecret().substring(0, 16),
getSystemPasswordSalt());
fields.put(SYSTEM_PASSWORD, encrypted);
}
@Override
public String getSystemPassword() {
final Object o = fields.get(SYSTEM_PASSWORD);
if (o == null) return "";
if (getSystemPasswordSalt().isEmpty()) {
// this is an old version of the database that doesn't have the salt value,
// simply return the password, because it's unencrypted.
// The next time we will generate a salt and then re-use that value.
// TODO remove this after 0.20 is out, and the RC versions are pulled.
LOG.debug(
"Old database version does not have salted, encrypted password. Please save the LDAP settings again.");
return o.toString();
}
String encryptedPw = o.toString();
return AESTools.decrypt(
encryptedPw, configuration.getPasswordSecret().substring(0, 16), getSystemPasswordSalt());
}