/** * Call this to transform a system setting to a more appropriate value. Importantly, this * (de)obfuscates the password fields as they go from and to the DB. We use the @{link * PicketBoxObfuscator} so that people are able encode their passwords in the system settings * export files using the "rhq-encode-password.sh" script. */ private String transformSystemConfigurationPropertyToDb( SystemSetting prop, String newValue, String oldValue) { // the 0,1 -> true false scenario is no problem here, because the values are stored // as string anyway (so no conversion is done). I assume the above is a historical // code that could be safely eliminated. switch (prop) { case LDAP_BASED_JAAS_PROVIDER: if (Boolean.parseBoolean(newValue)) { return RHQConstants.LDAPJAASProvider; } else { return RHQConstants.JDBCJAASProvider; } case USE_SSL_FOR_LDAP: if (Boolean.parseBoolean(newValue)) { return RHQConstants.LDAP_PROTOCOL_SECURED; } else { return RHQConstants.LDAP_PROTOCOL_UNSECURED; } default: if (prop.getType() == PropertySimpleType.PASSWORD && newValue != null) { if (PropertySimple.MASKED_VALUE.equals(newValue)) { return oldValue; } else { return PicketBoxObfuscator.encode(newValue); } } else { return newValue; } } }
private void fillCache(Collection<SystemConfiguration> configs) { SystemSettings settings = new SystemSettings(); for (SystemConfiguration config : configs) { SystemSetting prop = SystemSetting.getByInternalName(config.getPropertyKey()); if (prop == null) { LOG.warn( "The database contains unknown system configuration setting [" + config.getPropertyKey() + "]."); continue; } if (config.getPropertyValue() == null) { // for some reason, the configuration is not found in the DB, so fallback to the persisted // default. // if there isn't even a persisted default, just use an empty string. String defaultValue = config.getDefaultPropertyValue(); defaultValue = transformSystemConfigurationPropertyFromDb(prop, defaultValue, true); settings.put(prop, defaultValue); } else { String value = config.getPropertyValue(); value = transformSystemConfigurationPropertyFromDb(prop, value, true); settings.put(prop, value); } } settings.setDriftPlugins(getDriftServerPlugins()); synchronized (this) { // only update the caches if the settings were actually changed if (cachedSystemSettings == null || !safeEquals( cachedSystemSettings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME), settings.get(SystemSetting.LAST_SYSTEM_CONFIG_UPDATE_TIME))) { cachedSystemSettings = settings; cachedObfuscatedSystemSettings = new SystemSettings(settings); for (Map.Entry<SystemSetting, String> entry : cachedObfuscatedSystemSettings.entrySet()) { String value = entry.getValue(); if (value != null && entry.getKey().getType() == PropertySimpleType.PASSWORD) { entry.setValue(PicketBoxObfuscator.encode(value)); } } } } }
public void testPasswordFieldsObfuscation() { SystemSettings masked = systemManager.getSystemSettings(overlord); SystemSettings unmasked = systemManager.getUnmaskedSystemSettings(true); SystemSettings obfuscated = systemManager.getObfuscatedSystemSettings(true); for (SystemSetting setting : SystemSetting.values()) { if (setting.getType() == PropertySimpleType.PASSWORD) { if (masked.containsKey(setting) && masked.get(setting) != null) { assertEquals( "Unexpected unmasked value", PropertySimple.MASKED_VALUE, masked.get(setting)); assertEquals( "Unmasked and obfuscated values don't correspond", obfuscated.get(setting), PicketBoxObfuscator.encode(unmasked.get(setting))); } } } systemManager.deobfuscate(obfuscated); assertEquals(unmasked, obfuscated); }