/**
   * There can be sensitive information like passwords in configuration file. If they are encrypted
   * using secure vault, this method will resolve them and replace with original values.
   */
  private static void resolveSecrets(Properties properties) {

    SecretResolver secretResolver = SecretResolverFactory.create(properties);
    Enumeration propertyNames = properties.propertyNames();
    if (secretResolver != null && secretResolver.isInitialized()) {
      // Iterate through whole config file and find encrypted properties and resolve them
      while (propertyNames.hasMoreElements()) {
        String key = (String) propertyNames.nextElement();
        if (secretResolver.isTokenProtected(key)) {
          if (log.isDebugEnabled()) {
            log.debug("Resolving and replacing secret for " + key);
          }
          // Resolving the secret password.
          String value = secretResolver.resolve(key);
          // Replaces the original encrypted property with resolved property
          properties.put(key, value);
        } else {
          if (log.isDebugEnabled()) {
            log.debug("No encryption done for value with key :" + key);
          }
        }
      }
    } else {
      log.warn(
          "Secret Resolver is not present. Will not resolve encryptions in "
              + Constants.TenantConstants.CONFIG_RELATIVE_PATH
              + " file");
    }
  }
Пример #2
0
 public static synchronized String loadFromSecureVault(String alias) {
   if (secretResolver == null) {
     secretResolver = SecretResolverFactory.create((OMElement) null, false);
     secretResolver.init(
         DataServicesDSComponent.getSecretCallbackHandlerService().getSecretCallbackHandler());
   }
   return secretResolver.resolve(alias);
 }
 private static synchronized String loadFromSecureVault(String alias) {
   if (secretResolver == null) {
     secretResolver = SecretResolverFactory.create((OMElement) null, false);
     secretResolver.init(
         RSSManagerDataHolder.getInstance()
             .getSecretCallbackHandlerService()
             .getSecretCallbackHandler());
   }
   return secretResolver.resolve(alias);
 }
Пример #4
0
  private void loadCredentials(
      final IaasProvider iaas, final OMElement iaasElt, final String xpath) {

    Iterator<?> it =
        iaasElt.getChildrenWithName(new QName(CloudControllerConstants.CREDENTIAL_ELEMENT));

    if (it.hasNext()) {
      OMElement credentialElt = (OMElement) it.next();

      // retrieve the value using secure vault
      SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);
      String alias =
          credentialElt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE));

      // retrieve the secured password
      if (secretResolver != null
          && secretResolver.isInitialized()
          && secretResolver.isTokenProtected(alias)) {

        iaas.setCredential(secretResolver.resolve(alias));
      }

      // if we still cannot find a value, we try to assign the value which
      // is specified
      // in the element, if any
      if (iaas.getCredential() == null) {
        log.warn(
            "Unable to find a value for "
                + CloudControllerConstants.CREDENTIAL_ELEMENT
                + " element from Secure Vault."
                + "Hence we will try to assign the plain text value (if specified).");
        iaas.setCredential(credentialElt.getText());
      }
    }

    if (it.hasNext()) {
      log.warn(
          xmlSource
              + " contains more than one "
              + CloudControllerConstants.CREDENTIAL_ELEMENT
              + " elements!"
              + " Elements other than the first will be neglected.");
    }

    if (iaas.getCredential() == null) {
      String msg =
          "Essential '"
              + CloudControllerConstants.CREDENTIAL_ELEMENT
              + "' element"
              + " has not specified in "
              + xmlSource;
      handleException(msg);
    }
  }
Пример #5
0
  private String resolveSecret(final OMElement elt) {
    // retrieve the value using secure vault
    SecretResolver secretResolver = SecretResolverFactory.create(documentElement, false);

    String alias = elt.getAttributeValue(new QName(CloudControllerConstants.ALIAS_ATTRIBUTE));

    // retrieve the secured password
    if (secretResolver != null
        && secretResolver.isInitialized()
        && secretResolver.isTokenProtected(alias)) {

      return secretResolver.resolve(alias);
    }

    return null;
  }
 public void setSecretResolver(OMElement rootElement) {
   secretResolver = SecretResolverFactory.create(rootElement, true);
 }