/**
* Call this to transform a system setting to a more appropriate value. Importantly, this
* (de)obfuscates the password fields as they go from and to the DB. We use the @{link
* PicketBoxObfuscator} so that people are able encode their passwords in the system settings
* export files using the "rhq-encode-password.sh" script.
*/
private String transformSystemConfigurationPropertyFromDb(
SystemSetting prop, String value, boolean unobfuscate) {
// to support Oracle (whose booleans may be 1 or 0) transform the boolean settings properly
switch (prop) {
case LDAP_BASED_JAAS_PROVIDER:
if (RHQConstants.JDBCJAASProvider.equals(value)) {
return Boolean.toString(false);
} else if (RHQConstants.LDAPJAASProvider.equals(value)) {
return Boolean.toString(true);
} else {
return value == null ? "" : value;
}
case USE_SSL_FOR_LDAP:
if (RHQConstants.LDAP_PROTOCOL_SECURED.equals(value)) {
return Boolean.toString(true);
} else {
return Boolean.toString(false);
}
default:
switch (prop.getType()) {
case BOOLEAN:
if ("0".equals(value)) {
return Boolean.FALSE.toString();
} else if ("1".equals(value)) {
return Boolean.TRUE.toString();
} else {
return value == null ? Boolean.FALSE.toString() : value;
}
case PASSWORD:
if (unobfuscate && value != null && value.trim().length() > 0) {
return PicketBoxObfuscator.decode(value);
} else {
return value == null ? "" : value;
}
default:
if (value == null) {
switch (prop.getType()) {
case DOUBLE:
case FLOAT:
case INTEGER:
case LONG:
value = "0";
break;
default:
value = "";
}
}
return value;
}
}
}
/**
* Call this to transform a system setting to a more appropriate value. Importantly, this
* (de)obfuscates the password fields as they go from and to the DB. We use the @{link
* PicketBoxObfuscator} so that people are able encode their passwords in the system settings
* export files using the "rhq-encode-password.sh" script.
*/
private String transformSystemConfigurationPropertyToDb(
SystemSetting prop, String newValue, String oldValue) {
// the 0,1 -> true false scenario is no problem here, because the values are stored
// as string anyway (so no conversion is done). I assume the above is a historical
// code that could be safely eliminated.
switch (prop) {
case LDAP_BASED_JAAS_PROVIDER:
if (Boolean.parseBoolean(newValue)) {
return RHQConstants.LDAPJAASProvider;
} else {
return RHQConstants.JDBCJAASProvider;
}
case USE_SSL_FOR_LDAP:
if (Boolean.parseBoolean(newValue)) {
return RHQConstants.LDAP_PROTOCOL_SECURED;
} else {
return RHQConstants.LDAP_PROTOCOL_UNSECURED;
}
default:
if (prop.getType() == PropertySimpleType.PASSWORD && newValue != null) {
if (PropertySimple.MASKED_VALUE.equals(newValue)) {
return oldValue;
} else {
return PicketBoxObfuscator.encode(newValue);
}
} else {
return newValue;
}
}
}
private String unmask(SystemSetting prop, String newValue, String currentValue) {
if (prop.getType() == PropertySimpleType.PASSWORD
&& PropertySimple.MASKED_VALUE.equals(newValue)) {
newValue = currentValue;
}
return newValue;
}
public void testPasswordFieldsObfuscation() {
SystemSettings masked = systemManager.getSystemSettings(overlord);
SystemSettings unmasked = systemManager.getUnmaskedSystemSettings(true);
SystemSettings obfuscated = systemManager.getObfuscatedSystemSettings(true);
for (SystemSetting setting : SystemSetting.values()) {
if (setting.getType() == PropertySimpleType.PASSWORD) {
if (masked.containsKey(setting) && masked.get(setting) != null) {
assertEquals(
"Unexpected unmasked value", PropertySimple.MASKED_VALUE, masked.get(setting));
assertEquals(
"Unmasked and obfuscated values don't correspond",
obfuscated.get(setting),
PicketBoxObfuscator.encode(unmasked.get(setting)));
}
}
}
systemManager.deobfuscate(obfuscated);
assertEquals(unmasked, obfuscated);
}
