/** * There can be sensitive information like passwords in configuration file. If they are encrypted * using secure vault, this method will resolve them and replace with original values. */ private static void resolveSecrets(Properties properties) { SecretResolver secretResolver = SecretResolverFactory.create(properties); Enumeration propertyNames = properties.propertyNames(); if (secretResolver != null && secretResolver.isInitialized()) { // Iterate through whole config file and find encrypted properties and resolve them while (propertyNames.hasMoreElements()) { String key = (String) propertyNames.nextElement(); if (secretResolver.isTokenProtected(key)) { if (log.isDebugEnabled()) { log.debug("Resolving and replacing secret for " + key); } // Resolving the secret password. String value = secretResolver.resolve(key); // Replaces the original encrypted property with resolved property properties.put(key, value); } else { if (log.isDebugEnabled()) { log.debug("No encryption done for value with key :" + key); } } } } else { log.warn( "Secret Resolver is not present. Will not resolve encryptions in " + Constants.TenantConstants.CONFIG_RELATIVE_PATH + " file"); } }
public static synchronized String loadFromSecureVault(String alias) { if (secretResolver == null) { secretResolver = SecretResolverFactory.create((OMElement) null, false); secretResolver.init( DataServicesDSComponent.getSecretCallbackHandlerService().getSecretCallbackHandler()); } return secretResolver.resolve(alias); }
private static synchronized String loadFromSecureVault(String alias) { if (secretResolver == null) { secretResolver = SecretResolverFactory.create((OMElement) null, false); secretResolver.init( RSSManagerDataHolder.getInstance() .getSecretCallbackHandlerService() .getSecretCallbackHandler()); } return secretResolver.resolve(alias); }
private void loadCredentials( final IaasProvider iaas, final OMElement iaasElt, final String xpath) { Iterator<?> it = iaasElt.getChildrenWithName(new QName(CloudControllerConstants.CREDENTIAL_ELEMENT)); if (it.hasNext()) { OMElement credentialElt = (OMElement) it.next(); // retrieve the value using secure vault SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false); String alias = credentialElt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE)); // retrieve the secured password if (secretResolver != null && secretResolver.isInitialized() && secretResolver.isTokenProtected(alias)) { iaas.setCredential(secretResolver.resolve(alias)); } // if we still cannot find a value, we try to assign the value which // is specified // in the element, if any if (iaas.getCredential() == null) { log.warn( "Unable to find a value for " + CloudControllerConstants.CREDENTIAL_ELEMENT + " element from Secure Vault." + "Hence we will try to assign the plain text value (if specified)."); iaas.setCredential(credentialElt.getText()); } } if (it.hasNext()) { log.warn( xmlSource + " contains more than one " + CloudControllerConstants.CREDENTIAL_ELEMENT + " elements!" + " Elements other than the first will be neglected."); } if (iaas.getCredential() == null) { String msg = "Essential '" + CloudControllerConstants.CREDENTIAL_ELEMENT + "' element" + " has not specified in " + xmlSource; handleException(msg); } }
private String resolveSecret(final OMElement elt) { // retrieve the value using secure vault SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false); String alias = elt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE)); // retrieve the secured password if (secretResolver != null && secretResolver.isInitialized() && secretResolver.isTokenProtected(alias)) { return secretResolver.resolve(alias); } return null; }
public void setSecretResolver(OMElement rootElement) { secretResolver = SecretResolverFactory.create(rootElement, true); }