Merge pull request #97 from Rajith90/Password

REGISTRY-2753 Property Encryption Page - By Rajith90
wso2 · Aug 15, 2015 · b5025d7 · b5025d7
2 parents 8775b2c + f8b24a8
commit b5025d7
Show file tree

Hide file tree

Showing 9 changed files with 329 additions and 77 deletions.
diff --git a/...rity.ui/src/main/java/org/wso2/carbon/registry/security/vault/cipher/tool/CipherTool.java b/...rity.ui/src/main/java/org/wso2/carbon/registry/security/vault/cipher/tool/CipherTool.java
@@ -19,28 +19,27 @@
 
 import java.rmi.RemoteException;
 
+import org.wso2.carbon.registry.security.stub.RegistrySecurityAdminServiceCryptoExceptionException;
 import org.wso2.carbon.registry.security.stub.RegistrySecurityAdminServiceStub;
 
 public class CipherTool {
 
-	private RegistrySecurityAdminServiceStub mediationSecurityAdminServiceStub;
+	private RegistrySecurityAdminServiceStub registrySecurityAdminServiceStub;
 
-	public CipherTool(RegistrySecurityAdminServiceStub mediationSecurityAdminServiceStub) {
-		this.mediationSecurityAdminServiceStub = mediationSecurityAdminServiceStub;
+	public CipherTool(RegistrySecurityAdminServiceStub registrySecurityAdminServiceStub) {
+		this.registrySecurityAdminServiceStub = registrySecurityAdminServiceStub;
 	}
 
 	/**
 	 * encrypt the plain text password
-	 * 
-	 * @param cipher
-	 *            init cipher
-	 * @param plainTextPass
-	 *            plain text password
-	 * @return encrypted password
+	 *
+	 * @param plainTextValue	plain text value.
+	 * @return 			encrypted value.
 	 * @throws RemoteException
+	 * @throws RegistrySecurityAdminServiceCryptoExceptionException
 	 */
-	public String doEncryption(String plainTextPass) throws RemoteException {
-		String encodedValue = mediationSecurityAdminServiceStub.doEncrypt(plainTextPass);
+	public String doEncryption(String plainTextValue) throws RemoteException, RegistrySecurityAdminServiceCryptoExceptionException {
+		String encodedValue = registrySecurityAdminServiceStub.doEncrypt(plainTextValue);
 		return encodedValue;
 	}
 

diff --git a/....ui/src/main/java/org/wso2/carbon/registry/security/vault/ui/PropertiesServiceClient.java b/....ui/src/main/java/org/wso2/carbon/registry/security/vault/ui/PropertiesServiceClient.java
@@ -97,7 +97,7 @@ public PropertiesServiceClient(ServletConfig config, HttpSession session)
 	 * @throws RegistryException
 	 */
 	public int getPropertiesLenght() throws RegistryException {
-		String path = SecureVaultConstants.SYSTEM_CONFIG_CONNECTOR_SECURE_VAULT_CONFIG;
+		String path = SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH;
 		PropertiesBean bean = null;
 		try {
 			bean = propertAdminServicestub.getProperties(path, "no");
@@ -112,7 +112,7 @@ public int getPropertiesLenght() throws RegistryException {
 	public PropertiesBean getProperties(HttpServletRequest request, int pageNumber)
 	                                                                               throws Exception {
 
-		String path = SecureVaultConstants.SYSTEM_CONFIG_CONNECTOR_SECURE_VAULT_CONFIG;
+		String path = SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH;
 		Boolean view = (Boolean) request.getSession().getAttribute(UIConstants.SHOW_SYSPROPS_ATTR);
 		String viewProps;
 		if (view != null) {
@@ -167,7 +167,7 @@ public PropertiesBean getProperties(HttpServletRequest request, int pageNumber)
 	}
 
 	public void setProperty(HttpServletRequest request) throws Exception {
-		String path = SecureVaultConstants.SYSTEM_CONFIG_CONNECTOR_SECURE_VAULT_CONFIG;
+		String path = SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH;
 		String name = (String) Utils.getParameter(request, "name");
 		String value = (String) Utils.getParameter(request, "value");
 		// do the encryption..
@@ -182,7 +182,7 @@ public void setProperty(HttpServletRequest request) throws Exception {
 	}
 
 	public void updateProperty(HttpServletRequest request) throws Exception {
-		String path = SecureVaultConstants.SYSTEM_CONFIG_CONNECTOR_SECURE_VAULT_CONFIG;
+		String path = SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH;
 		String name = (String) Utils.getParameter(request, "name");
 		String value = (String) Utils.getParameter(request, "value");
 		String oldName = (String) Utils.getParameter(request, "oldName");

diff --git a/...urity/src/main/java/org/wso2/carbon/registry/security/vault/RegistrySecretRepository.java b/...urity/src/main/java/org/wso2/carbon/registry/security/vault/RegistrySecretRepository.java
@@ -67,9 +67,9 @@ public String getSecret(String alias) {
 
         if (registry != null) {
             try {
-                if (registry.resourceExists(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY)) {
+                if (registry.resourceExists(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH)) {
                     Resource registryResource =
-                            registry.get(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY);
+                            registry.get(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH);
                     propertyValue = registryResource.getProperty(alias);
                 }
 
@@ -107,10 +107,10 @@ public void doEncrypt(String plainTextValue, String alias) {
         try {
             createRegistryResource();
             UserRegistry registry = SecurityServiceHolder.getInstance().getRegistryService().getConfigSystemRegistry();
-            Resource registryResource = registry.get(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY);
+            Resource registryResource = registry.get(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH);
             String encryptedValue = SecureVaultUtil.encryptValue(plainTextValue);
             registryResource.addProperty(alias, encryptedValue);
-            registry.put(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY, registryResource);
+            registry.put(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH, registryResource);
         } catch (RegistryException | AxisFault e) {
         }
     }
@@ -135,9 +135,9 @@ private void createRegistryResource() throws RegistryException {
 
             // creating vault-specific storage repository (this happens only if
             // not resource not existing)
-            if (!registry.resourceExists(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY)) {
+            if (!registry.resourceExists(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH)) {
                 org.wso2.carbon.registry.core.Collection secureVaultCollection = registry.newCollection();
-                registry.put(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY, secureVaultCollection);
+                registry.put(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH, secureVaultCollection);
             }
         } catch (RegistryException e) {
             throw new RegistryException("Error while intializing the registry");

diff --git a/...java/org/wso2/carbon/registry/security/vault/internal/SynapseSecurityerviceComponent.java b/...java/org/wso2/carbon/registry/security/vault/internal/SynapseSecurityerviceComponent.java
@@ -18,21 +18,20 @@
 
 package org.wso2.carbon.registry.security.vault.internal;
 
-import org.apache.axis2.AxisFault;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.osgi.framework.ServiceRegistration;
 import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.base.api.ServerConfigurationService;
-import org.wso2.carbon.registry.common.ResourceData;
+import org.wso2.carbon.core.util.CryptoException;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
 import org.wso2.carbon.registry.core.service.RegistryService;
-import org.wso2.carbon.registry.core.session.UserRegistry;
 import org.wso2.carbon.registry.security.vault.observers.TenantDeploymentListenerImpl;
 import org.wso2.carbon.registry.security.vault.service.RegistrySecurityService;
 import org.wso2.carbon.registry.security.vault.util.SecureVaultUtil;
 import org.wso2.carbon.utils.Axis2ConfigurationContextObserver;
 
+import java.io.UnsupportedEncodingException;
 import java.util.Stack;
 
 /**
@@ -106,15 +105,43 @@ protected void unsetServerConfigurationService(ServerConfigurationService server
 
     private static class RegistrySecurityServiceImpl implements RegistrySecurityService {
 
+		/**
+		 * Method to do the encryption operation.
+		 *
+		 * @param plainTextValue	plain text value.
+		 * @return			encrypted value.
+		 * @throws CryptoException	Throws when an error occurs during encryption.
+		 */
         @Override
-        public String doEncrypt(String plainTextPass) throws RegistryException {
-            try {
-                return SecureVaultUtil.encryptValue(plainTextPass);
-            } catch (AxisFault axisFault) {
-                throw new RegistryException("Error while encrypting data");
-            }
-        }
+        public String doEncrypt(String plainTextValue) throws CryptoException {
+			return SecureVaultUtil.doEncrypt(plainTextValue);
+		}
+
+		/**
+		 * Method to decrypt a property, when key of the property is provided.
+		 *
+		 * @param key			key of the property.
+		 * @return 			decrypted property value.
+		 * @throws RegistryException	Throws when an error occurs during decryption.
+		 */
+		@Override
+		public String getDecryptedPropertyValue(String key) throws RegistryException {
+			return SecureVaultUtil.getDecryptedPropertyValue(key);
+		}
 
-    }
+		/**
+		 * Method to decrypt a property, when encrypted value is provided.
+		 *
+		 * @param encryptedValue                encrypted value.
+		 * @return 				decrypted  value.
+		 * @throws CryptoException              Throws when an error occurs during decryption.
+		 * @throws UnsupportedEncodingException Throws when an error occurs during byte array to string conversion.
+		 */
+		@Override
+		public String doDecrypt(String encryptedValue) throws CryptoException, UnsupportedEncodingException {
+			return SecureVaultUtil.doDecrypt(encryptedValue);
+		}
+
+	}
 
 }
diff --git a/...in/java/org/wso2/carbon/registry/security/vault/service/RegistrySecurityAdminService.java b/...in/java/org/wso2/carbon/registry/security/vault/service/RegistrySecurityAdminService.java
@@ -22,28 +22,49 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import org.wso2.carbon.core.util.CryptoException;
 import org.wso2.carbon.registry.common.services.RegistryAbstractAdmin;
+import org.wso2.carbon.registry.core.exceptions.RegistryException;
 import org.wso2.carbon.registry.security.vault.util.SecureVaultUtil;
 
+import java.io.UnsupportedEncodingException;
+
 public class RegistrySecurityAdminService extends RegistryAbstractAdmin {
 
 	private static Log log = LogFactory.getLog(RegistrySecurityAdminService.class);
 
 	/**
-	 * Operation to do the encryption ops by invoking secure vault api
+	 * Method to do the encryption operation by invoking CryptoUtil
 	 * 
-	 * @param plainTextPass
-	 * @return
-	 * @throws AxisFault
+	 * @param plainTextValue	Plain text value.
+	 * @return			Encrypted value.
+	 * @throws CryptoException  	Throws while error during encryption.
 	 */
-	public String doEncrypt(String plainTextPass) throws AxisFault {
-        return SecureVaultUtil.encryptValue(plainTextPass);
+	public String doEncrypt(String plainTextValue) throws CryptoException {
+		 return SecureVaultUtil.doEncrypt(plainTextValue);
+	}
 
+	/**
+	 * Method to decrypt a property, when key of the property is provided.
+	 *
+	 * @param key			Key of the property.
+	 * @return 			Decrypted property value.
+	 * @throws RegistryException	Throws while error during decryption.
+	 */
+	public String getDecryptedPropertyValue(String key) throws RegistryException {
+		return SecureVaultUtil.getDecryptedPropertyValue(key);
 	}
 
-    public String doDecrypt(String cipherText) throws AxisFault {
-		// TODO:yet to implement
-		return null;
+	/**
+	 * Method to decrypt a property, when encrypted value is provided.
+	 *
+	 * @param encryptedValue                encrypted property value.
+	 * @return 				decrypted property value.
+	 * @throws CryptoException              Throws when an error occurs during decryption.
+	 * @throws UnsupportedEncodingException Throws when an error occurs during byte array to string conversion.
+	 */
+	public String doDecrypt(String encryptedValue) throws CryptoException, UnsupportedEncodingException {
+		return SecureVaultUtil.doDecrypt(encryptedValue);
 	}
 
 }
diff --git a/...rc/main/java/org/wso2/carbon/registry/security/vault/service/RegistrySecurityService.java b/...rc/main/java/org/wso2/carbon/registry/security/vault/service/RegistrySecurityService.java
@@ -18,14 +18,19 @@
  */
 package org.wso2.carbon.registry.security.vault.service;
 
-import org.apache.axis2.AxisFault;
-import org.wso2.carbon.registry.admin.api.search.SearchOSGiService;
-import org.wso2.carbon.registry.common.ResourceData;
+import org.wso2.carbon.core.util.CryptoException;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
 
+import java.io.UnsupportedEncodingException;
+
 /**
- * API to perform a metadata search
+ * API to perform a encrypt and decrypt operations.
  */
 public interface RegistrySecurityService {
-    public String doEncrypt(String plainTextPass) throws RegistryException;
+    public String doEncrypt(String plainTextValue) throws CryptoException;
+
+    public String getDecryptedPropertyValue(String key) throws RegistryException;
+
+    public String  doDecrypt(String encryptedValue)throws CryptoException, UnsupportedEncodingException;
+
 }
diff --git a/...rity/src/main/java/org/wso2/carbon/registry/security/vault/util/SecureVaultConstants.java b/...rity/src/main/java/org/wso2/carbon/registry/security/vault/util/SecureVaultConstants.java
@@ -18,10 +18,9 @@
 package org.wso2.carbon.registry.security.vault.util;
 
 public interface SecureVaultConstants {
-	public static final String SYSTEM_CONFIG_CONNECTOR_SECURE_VAULT_CONFIG =
-	                                                                         "/_system/config/repository/components/secure-vault";
-	public static final String CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY =
-	                                                                      "/repository/components/secure-vault";
+
+	public static final String ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH = "/_system/config/repository/components/secure-vault";
+	public static final String ENCRYPTED_PROPERTY_STORAGE_PATH = "/repository/components/secure-vault";
 	public static final String CARBON_HOME = "carbon.home";
 	public static final String SECRET_CONF = "secret-conf.properties";
 	public static final String CONF_DIR = "conf";

diff --git a/....security/src/main/java/org/wso2/carbon/registry/security/vault/util/SecureVaultUtil.java b/....security/src/main/java/org/wso2/carbon/registry/security/vault/util/SecureVaultUtil.java
@@ -17,16 +17,18 @@
  */
 package org.wso2.carbon.registry.security.vault.util;
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
+import java.io.*;
+import java.nio.charset.Charset;
 import java.util.Properties;
 
 import org.apache.axis2.AxisFault;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.wso2.carbon.context.CarbonContext;
+import org.wso2.carbon.core.util.CryptoException;
+import org.wso2.carbon.core.util.CryptoUtil;
 import org.wso2.carbon.registry.core.Collection;
+import org.wso2.carbon.registry.core.Resource;
 import org.wso2.carbon.registry.core.exceptions.RegistryException;
 import org.wso2.carbon.registry.core.session.UserRegistry;
 import org.wso2.carbon.registry.security.vault.CipherInitializer;
@@ -129,13 +131,69 @@ public static void createRegistryResource(int tenantId) throws RegistryException
             }
             // creating vault-specific storage repository (this happens only if
             // not resource not existing)
-            if (!registry.resourceExists(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY)) {
+            if (!registry.resourceExists(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH)) {
                 Collection secureVaultCollection = registry.newCollection();
-                registry.put(SecureVaultConstants.CONNECTOR_SECURE_VAULT_CONFIG_REPOSITORY, secureVaultCollection);
+                registry.put(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH, secureVaultCollection);
             }
         } catch (RegistryException e) {
             throw new RegistryException("Error while intializing the registry");
         }
     }
 
+    /**
+     * Method to do the encryption operation.
+     *
+     * @param plainTextPass		plain text value.
+     * @return				encrypted value.
+     * @throws RegistryException	Throws when an error occurs during encryption.
+     */
+    public static String doEncrypt(String plainTextPass) throws CryptoException {
+        CryptoUtil cryptoUtil = CryptoUtil.getDefaultCryptoUtil();
+        return cryptoUtil.encryptAndBase64Encode(plainTextPass.getBytes(Charset.forName("UTF-8")));
+    }
+
+    /**
+     * Method to decrypt a property, when key of the property is provided.
+     *
+     * @param key			key of the property.
+     * @return 				decrypted property value.
+     * @throws RegistryException	Throws when an error occurs during decryption.
+     */
+    public static String getDecryptedPropertyValue(String key) throws RegistryException {
+        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
+        UserRegistry registry = SecurityServiceHolder.getInstance().getRegistryService()
+                .getConfigSystemRegistry(tenantId);
+
+        if (registry.resourceExists(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH)) {
+            Resource registryResource = registry.get(SecureVaultConstants.ENCRYPTED_PROPERTY_STORAGE_PATH);
+            String propertyValue = registryResource.getProperty(key);
+            if (propertyValue != null) {
+                try {
+                    return doDecrypt(propertyValue);
+                } catch (CryptoException | UnsupportedEncodingException e) {
+                    throw new RegistryException("Error while decrypting the property value", e);
+                }
+            } else {
+                throw new RegistryException("Property does not exist with key \"" + key + "\" at path " +
+                        SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH);
+            }
+        } else {
+            throw new RegistryException("Collection does not exist at path "
+                    + SecureVaultConstants.ENCRYPTED_PROPERTY_CONFIG_REGISTRY_PATH);
+        }
+    }
+
+    /**
+     * Method to decrypt a property, when encrypted value is provided.
+     *
+     * @param encryptedValue                	encrypted property value.
+     * @return 					decrypted value.
+     * @throws CryptoException              	Throws when an error occurs during decryption.
+     * @throws UnsupportedEncodingException	Throws when an error occurs during byte array to string conversion.
+     */
+    public static String doDecrypt(String encryptedValue) throws CryptoException, UnsupportedEncodingException {
+        CryptoUtil cryptoUtil = CryptoUtil.getDefaultCryptoUtil();
+        byte[] decryptedBytes = cryptoUtil.base64DecodeAndDecrypt(encryptedValue);
+        return new String(decryptedBytes, "UTF-8");
+    }
 }