/**
* Call this to transform a system setting to a more appropriate value. Importantly, this
* (de)obfuscates the password fields as they go from and to the DB. We use the @{link
* PicketBoxObfuscator} so that people are able encode their passwords in the system settings
* export files using the "rhq-encode-password.sh" script.
*/
private String transformSystemConfigurationPropertyToDb(
SystemSetting prop, String newValue, String oldValue) {
// the 0,1 -> true false scenario is no problem here, because the values are stored
// as string anyway (so no conversion is done). I assume the above is a historical
// code that could be safely eliminated.
switch (prop) {
case LDAP_BASED_JAAS_PROVIDER:
if (Boolean.parseBoolean(newValue)) {
return RHQConstants.LDAPJAASProvider;
} else {
return RHQConstants.JDBCJAASProvider;
}
case USE_SSL_FOR_LDAP:
if (Boolean.parseBoolean(newValue)) {
return RHQConstants.LDAP_PROTOCOL_SECURED;
} else {
return RHQConstants.LDAP_PROTOCOL_UNSECURED;
}
default:
if (prop.getType() == PropertySimpleType.PASSWORD && newValue != null) {
if (PropertySimple.MASKED_VALUE.equals(newValue)) {
return oldValue;
} else {
return PicketBoxObfuscator.encode(newValue);
}
} else {
return newValue;
}
}
}
private void fillCache(Collection<SystemConfiguration> configs) {
SystemSettings settings = new SystemSettings();
for (SystemConfiguration config : configs) {
SystemSetting prop = SystemSetting.getByInternalName(config.getPropertyKey());
if (prop == null) {
LOG.warn(
"The database contains unknown system configuration setting ["
+ config.getPropertyKey()
+ "].");
continue;
}
if (config.getPropertyValue() == null) {
// for some reason, the configuration is not found in the DB, so fallback to the persisted
// default.
// if there isn't even a persisted default, just use an empty string.
String defaultValue = config.getDefaultPropertyValue();
defaultValue = transformSystemConfigurationPropertyFromDb(prop, defaultValue, true);
settings.put(prop, defaultValue);
} else {
String value = config.getPropertyValue();
value = transformSystemConfigurationPropertyFromDb(prop, value, true);
settings.put(prop, value);
}
}
settings.setDriftPlugins(getDriftServerPlugins());
synchronized (this) {
// only update the caches if the settings were actually changed
if (cachedSystemSettings == null
|| !safeEquals(
cachedSystemSettings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME),
settings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME))) {
cachedSystemSettings = settings;
cachedObfuscatedSystemSettings = new SystemSettings(settings);
for (Map.Entry<SystemSetting, String> entry : cachedObfuscatedSystemSettings.entrySet()) {
String value = entry.getValue();
if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) {
entry.setValue(PicketBoxObfuscator.encode(value));
}
}
}
}
}
public void testPasswordFieldsObfuscation() {
SystemSettings masked = systemManager.getSystemSettings(overlord);
SystemSettings unmasked = systemManager.getUnmaskedSystemSettings(true);
SystemSettings obfuscated = systemManager.getObfuscatedSystemSettings(true);
for (SystemSetting setting : SystemSetting.values()) {
if (setting.getType() == PropertySimpleType.PASSWORD) {
if (masked.containsKey(setting) && masked.get(setting) != null) {
assertEquals(
"Unexpected unmasked value", PropertySimple.MASKED_VALUE, masked.get(setting));
assertEquals(
"Unmasked and obfuscated values don't correspond",
obfuscated.get(setting),
PicketBoxObfuscator.encode(unmasked.get(setting)));
}
}
}
systemManager.deobfuscate(obfuscated);
assertEquals(unmasked, obfuscated);
}
