/**
* There can be sensitive information like passwords in configuration file. If they are encrypted
* using secure vault, this method will resolve them and replace with original values.
*/
private static void resolveSecrets(Properties properties) {
SecretResolver secretResolver = SecretResolverFactory.create(properties);
Enumeration propertyNames = properties.propertyNames();
if (secretResolver != null && secretResolver.isInitialized()) {
// Iterate through whole config file and find encrypted properties and resolve them
while (propertyNames.hasMoreElements()) {
String key = (String) propertyNames.nextElement();
if (secretResolver.isTokenProtected(key)) {
if (log.isDebugEnabled()) {
log.debug("Resolving and replacing secret for " + key);
}
// Resolving the secret password.
String value = secretResolver.resolve(key);
// Replaces the original encrypted property with resolved property
properties.put(key, value);
} else {
if (log.isDebugEnabled()) {
log.debug("No encryption done for value with key :" + key);
}
}
}
} else {
log.warn(
"Secret Resolver is not present. Will not resolve encryptions in "
+ Constants.TenantConstants.CONFIG_RELATIVE_PATH
+ " file");
}
}
public static synchronized String loadFromSecureVault(String alias) {
if (secretResolver == null) {
secretResolver = SecretResolverFactory.create((OMElement) null, false);
secretResolver.init(
DataServicesDSComponent.getSecretCallbackHandlerService().getSecretCallbackHandler());
}
return secretResolver.resolve(alias);
}
private static synchronized String loadFromSecureVault(String alias) {
if (secretResolver == null) {
secretResolver = SecretResolverFactory.create((OMElement) null, false);
secretResolver.init(
RSSManagerDataHolder.getInstance()
.getSecretCallbackHandlerService()
.getSecretCallbackHandler());
}
return secretResolver.resolve(alias);
}
private void loadCredentials(
final IaasProvider iaas, final OMElement iaasElt, final String xpath) {
Iterator<?> it =
iaasElt.getChildrenWithName(new QName(CloudControllerConstants.CREDENTIAL_ELEMENT));
if (it.hasNext()) {
OMElement credentialElt = (OMElement) it.next();
// retrieve the value using secure vault
SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);
String alias =
credentialElt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE));
// retrieve the secured password
if (secretResolver != null
&& secretResolver.isInitialized()
&& secretResolver.isTokenProtected(alias)) {
iaas.setCredential(secretResolver.resolve(alias));
}
// if we still cannot find a value, we try to assign the value which
// is specified
// in the element, if any
if (iaas.getCredential() == null) {
log.warn(
"Unable to find a value for "
+ CloudControllerConstants.CREDENTIAL_ELEMENT
+ " element from Secure Vault."
+ "Hence we will try to assign the plain text value (if specified).");
iaas.setCredential(credentialElt.getText());
}
}
if (it.hasNext()) {
log.warn(
xmlSource
+ " contains more than one "
+ CloudControllerConstants.CREDENTIAL_ELEMENT
+ " elements!"
+ " Elements other than the first will be neglected.");
}
if (iaas.getCredential() == null) {
String msg =
"Essential '"
+ CloudControllerConstants.CREDENTIAL_ELEMENT
+ "' element"
+ " has not specified in "
+ xmlSource;
handleException(msg);
}
}
private String resolveSecret(final OMElement elt) {
// retrieve the value using secure vault
SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);
String alias = elt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE));
// retrieve the secured password
if (secretResolver != null
&& secretResolver.isInitialized()
&& secretResolver.isTokenProtected(alias)) {
return secretResolver.resolve(alias);
}
return null;
}
public void setSecretResolver(OMElement rootElement) {
secretResolver = SecretResolverFactory.create(rootElement, true);
}