Merge pull request #518 from coheigea/AMQ-7454
AMQ-7454 - Remove xmpp artifacts
diff --git a/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java b/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java
index 6757786..0809553 100644
--- a/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java
+++ b/activemq-console/src/main/java/org/apache/activemq/console/command/DecryptCommand.java
@@ -19,6 +19,7 @@
import java.util.List;
import org.jasypt.exceptions.EncryptionOperationNotPossibleException;
+import org.jasypt.iv.RandomIvGenerator;
public class DecryptCommand extends EncryptCommand {
@@ -30,6 +31,7 @@
" --password <password> Password to be used by the encryptor. Defaults to",
" the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
" --input <input> Text to be encrypted.",
+ " --algorithm <algorithm> Algorithm to use.",
" --version Display the version information.",
" -h,-?,--help Display the stop broker help information.",
""
@@ -55,6 +57,13 @@
return;
}
encryptor.setPassword(password);
+ if (algorithm != null) {
+ encryptor.setAlgorithm(algorithm);
+ // From Jasypt: for PBE-AES-based algorithms, the IV generator is MANDATORY"
+ if (algorithm.startsWith("PBE") && algorithm.contains("AES")) {
+ encryptor.setIvGenerator(new RandomIvGenerator());
+ }
+ }
try {
context.print("Decrypted text: " + encryptor.decrypt(input));
} catch (EncryptionOperationNotPossibleException e) {
diff --git a/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java b/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java
index ce61ee0..7c3ae56 100644
--- a/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java
+++ b/activemq-console/src/main/java/org/apache/activemq/console/command/EncryptCommand.java
@@ -19,6 +19,7 @@
import java.util.List;
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
+import org.jasypt.iv.RandomIvGenerator;
public class EncryptCommand extends AbstractCommand {
@@ -30,6 +31,7 @@
" --password <password> Password to be used by the encryptor. Defaults to",
" the value in the ACTIVEMQ_ENCRYPTION_PASSWORD env variable.",
" --input <input> Text to be encrypted.",
+ " --algorithm <algorithm> Algorithm to use.",
" --version Display the version information.",
" -h,-?,--help Display the stop broker help information.",
""
@@ -38,6 +40,7 @@
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
String input;
String password;
+ String algorithm;
@Override
public String getName() {
@@ -64,6 +67,13 @@
return;
}
encryptor.setPassword(password);
+ if (algorithm != null) {
+ encryptor.setAlgorithm(algorithm);
+ // From Jasypt: for PBE-AES-based algorithms, the IV generator is MANDATORY"
+ if (algorithm.startsWith("PBE") && algorithm.contains("AES")) {
+ encryptor.setIvGenerator(new RandomIvGenerator());
+ }
+ }
context.print("Encrypted text: " + encryptor.encrypt(input));
}
@@ -83,6 +93,13 @@
}
password=(String)tokens.remove(0);
+ } else if (token.startsWith("--algorithm")) {
+ if (tokens.isEmpty() || ((String)tokens.get(0)).startsWith("-")) {
+ context.printException(new IllegalArgumentException("algorithm not specified"));
+ return;
+ }
+
+ algorithm=(String)tokens.remove(0);
} else {
super.handleOption(token, tokens);
}
diff --git a/activemq-jaas/pom.xml b/activemq-jaas/pom.xml
index 4dcfeb7..74e83e2 100644
--- a/activemq-jaas/pom.xml
+++ b/activemq-jaas/pom.xml
@@ -56,6 +56,9 @@
</property>
-->
</systemProperties>
+ <environmentVariables>
+ <ACTIVEMQ_ENCRYPTION_PASSWORD>activemq</ACTIVEMQ_ENCRYPTION_PASSWORD>
+ </environmentVariables>
</configuration>
</plugin>
</plugins>
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java
index 22d6494..d399446 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/EncryptionSupport.java
@@ -19,6 +19,7 @@
import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
import org.jasypt.properties.PropertyValueEncryptionUtils;
+import org.jasypt.iv.RandomIvGenerator;
import java.util.ArrayList;
import java.util.Properties;
@@ -28,8 +29,8 @@
*/
public class EncryptionSupport {
- static public void decrypt(Properties props) {
- StandardPBEStringEncryptor encryptor = createEncryptor();
+ static public void decrypt(Properties props, String algorithm) {
+ StandardPBEStringEncryptor encryptor = createEncryptor(algorithm);
for (Object k : new ArrayList(props.keySet())) {
String key = (String) k;
String value = props.getProperty(key);
@@ -40,10 +41,16 @@
}
}
- public static StandardPBEStringEncryptor createEncryptor() {
+ public static StandardPBEStringEncryptor createEncryptor(String algorithm) {
StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
- config.setAlgorithm("PBEWithMD5AndDES");
+ if (algorithm != null) {
+ encryptor.setAlgorithm(algorithm);
+ // From Jasypt: for PBE-AES-based algorithms, the IV generator is MANDATORY"
+ if (algorithm.startsWith("PBE") && algorithm.contains("AES")) {
+ encryptor.setIvGenerator(new RandomIvGenerator());
+ }
+ }
config.setPasswordEnvName("ACTIVEMQ_ENCRYPTION_PASSWORD");
encryptor.setConfig(config);
return encryptor;
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoader.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoader.java
index 0ed8376..d9fcf62 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoader.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/PropertiesLoader.java
@@ -53,12 +53,14 @@
final boolean reload;
private boolean decrypt;
private boolean debug;
+ private String algorithm;
public FileNameKey(String nameProperty, String fallbackName, Map options) {
this.file = new File(baseDir(options), stringOption(nameProperty, fallbackName, options));
absPath = file.getAbsolutePath();
reload = booleanOption("reload", options);
decrypt = booleanOption("decrypt", options);
+ algorithm = stringOption("algorithm", "PBEWithMD5AndDES", options);
}
@Override
@@ -87,6 +89,10 @@
this.decrypt = decrypt;
}
+ public String getAlgorithm() {
+ return algorithm;
+ }
+
private String stringOption(String key, String nameDefault, Map options) {
Object result = options.get(key);
return result != null ? result.toString() : nameDefault;
diff --git a/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java b/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
index 42427d0..9950bdf 100644
--- a/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
+++ b/activemq-jaas/src/main/java/org/apache/activemq/jaas/ReloadableProperties.java
@@ -124,7 +124,7 @@
props.load(in);
if (key.isDecrypt()) {
try {
- EncryptionSupport.decrypt(this.props);
+ EncryptionSupport.decrypt(this.props, key.getAlgorithm());
} catch (NoClassDefFoundError e) {
// this Happens whe jasypt is not on the classpath..
key.setDecrypt(false);
diff --git a/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedAESPropertiesLoginModuleTest.java b/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedAESPropertiesLoginModuleTest.java
new file mode 100644
index 0000000..1c46e2d
--- /dev/null
+++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedAESPropertiesLoginModuleTest.java
@@ -0,0 +1,25 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.jaas;
+
+public class EncryptedAESPropertiesLoginModuleTest extends EncryptedPropertiesLoginModuleTest {
+
+ @Override
+ protected String getLoginModule() {
+ return "EncryptedAESPropertiesLogin";
+ }
+}
diff --git a/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedPropertiesLoginModuleTest.java b/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedPropertiesLoginModuleTest.java
new file mode 100644
index 0000000..0ca2014
--- /dev/null
+++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/EncryptedPropertiesLoginModuleTest.java
@@ -0,0 +1,30 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.jaas;
+
+public class EncryptedPropertiesLoginModuleTest extends PropertiesLoginModuleTest {
+
+ @Override
+ protected String getLoginModule() {
+ return "EncryptedPropertiesLogin";
+ }
+
+ @Override
+ public void testLoginReload() throws Exception {
+ // Ignore
+ }
+}
diff --git a/activemq-jaas/src/test/java/org/apache/activemq/jaas/PropertiesLoginModuleTest.java b/activemq-jaas/src/test/java/org/apache/activemq/jaas/PropertiesLoginModuleTest.java
index 478611b..81dab16 100644
--- a/activemq-jaas/src/test/java/org/apache/activemq/jaas/PropertiesLoginModuleTest.java
+++ b/activemq-jaas/src/test/java/org/apache/activemq/jaas/PropertiesLoginModuleTest.java
@@ -52,7 +52,7 @@
}
public void testLogin() throws LoginException {
- LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("first", "secret"));
+ LoginContext context = new LoginContext(getLoginModule(), new UserPassHandler("first", "secret"));
context.login();
Subject subject = context.getSubject();
@@ -113,7 +113,7 @@
}
public void testBadUseridLogin() throws Exception {
- LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("BAD", "secret"));
+ LoginContext context = new LoginContext(getLoginModule(), new UserPassHandler("BAD", "secret"));
try {
context.login();
@@ -124,7 +124,7 @@
}
public void testBadPWLogin() throws Exception {
- LoginContext context = new LoginContext("PropertiesLogin", new UserPassHandler("first", "BAD"));
+ LoginContext context = new LoginContext(getLoginModule(), new UserPassHandler("first", "BAD"));
try {
context.login();
@@ -157,4 +157,8 @@
}
}
}
+
+ protected String getLoginModule() {
+ return "PropertiesLogin";
+ }
}
diff --git a/activemq-jaas/src/test/resources/login.config b/activemq-jaas/src/test/resources/login.config
index dee62a5..aad35cf 100644
--- a/activemq-jaas/src/test/resources/login.config
+++ b/activemq-jaas/src/test/resources/login.config
@@ -30,6 +30,23 @@
org.apache.activemq.jaas.properties.group="groups.properties";
};
+EncryptedPropertiesLogin {
+ org.apache.activemq.jaas.PropertiesLoginModule required
+ debug=true
+ org.apache.activemq.jaas.properties.user="users-encrypted.properties"
+ org.apache.activemq.jaas.properties.group="groups.properties"
+ decrypt=true;
+};
+
+EncryptedAESPropertiesLogin {
+ org.apache.activemq.jaas.PropertiesLoginModule required
+ debug=true
+ org.apache.activemq.jaas.properties.user="users-encrypted-aes.properties"
+ org.apache.activemq.jaas.properties.group="groups.properties"
+ algorithm=PBEWITHHMACSHA1ANDAES_128
+ decrypt=true;
+};
+
LDAPLogin {
org.apache.activemq.jaas.LDAPLoginModule required
debug=true
diff --git a/activemq-jaas/src/test/resources/users-encrypted-aes.properties b/activemq-jaas/src/test/resources/users-encrypted-aes.properties
new file mode 100644
index 0000000..da38be2
--- /dev/null
+++ b/activemq-jaas/src/test/resources/users-encrypted-aes.properties
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+first=ENC(Gk9Rdv1x9AybEf2w2OBIYALTFHbe97eVbOLRkG8btwIDdCtotcdBfnuGsDRmQpDx)
+second=ENC(/Z7qx1/BDlA14exodJiQKMaGJi70kJ7GIntyDYvVvVjpDW7j2piwJHEUFTtJ/HVG)
diff --git a/activemq-jaas/src/test/resources/users-encrypted.properties b/activemq-jaas/src/test/resources/users-encrypted.properties
new file mode 100644
index 0000000..000fe14
--- /dev/null
+++ b/activemq-jaas/src/test/resources/users-encrypted.properties
@@ -0,0 +1,19 @@
+## ---------------------------------------------------------------------------
+## Licensed to the Apache Software Foundation (ASF) under one or more
+## contributor license agreements. See the NOTICE file distributed with
+## this work for additional information regarding copyright ownership.
+## The ASF licenses this file to You under the Apache License, Version 2.0
+## (the "License"); you may not use this file except in compliance with
+## the License. You may obtain a copy of the License at
+##
+## http://www.apache.org/licenses/LICENSE-2.0
+##
+## Unless required by applicable law or agreed to in writing, software
+## distributed under the License is distributed on an "AS IS" BASIS,
+## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+## See the License for the specific language governing permissions and
+## limitations under the License.
+## ---------------------------------------------------------------------------
+
+first=ENC(Z5ZVpKZrgHL8M58yqlVTWA==)
+second=ENC(4mCibprDoilo4CHjFkXOTdOOA1jXEx+X)
diff --git a/activemq-unit-tests/pom.xml b/activemq-unit-tests/pom.xml
index 0d833f2..9351655 100644
--- a/activemq-unit-tests/pom.xml
+++ b/activemq-unit-tests/pom.xml
@@ -222,7 +222,7 @@
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
- <artifactId>jasypt-spring31</artifactId>
+ <artifactId>jasypt-spring4</artifactId>
<version>${jasypt-version}</version>
<optional>true</optional>
</dependency>
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml
index a9c6286..6dd9570 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker-no-users.xml
@@ -30,7 +30,7 @@
<property name="password" value="activemq"/>
</bean>
- <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
+ <bean id="propertyConfigurer" class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath:credentials.properties"/>
</bean>
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
index c53e3f4..1655817 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-broker.xml
@@ -30,7 +30,7 @@
<property name="password" value="activemq"/>
</bean>
- <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
+ <bean id="propertyConfigurer" class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath:credentials.properties"/>
</bean>
diff --git a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-separator.xml b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-separator.xml
index d7bee31..398fec7 100644
--- a/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-separator.xml
+++ b/activemq-unit-tests/src/test/resources/org/apache/activemq/security/simple-auth-separator.xml
@@ -30,7 +30,7 @@
<property name="password" value="activemq"/>
</bean>
- <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
+ <bean id="propertyConfigurer" class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="classpath:credentials.properties"/>
</bean>
diff --git a/assembly/pom.xml b/assembly/pom.xml
index f8326d7..4a35d80 100644
--- a/assembly/pom.xml
+++ b/assembly/pom.xml
@@ -400,7 +400,7 @@
</dependency>
<dependency>
<groupId>org.jasypt</groupId>
- <artifactId>jasypt-spring31</artifactId>
+ <artifactId>jasypt-spring4</artifactId>
<version>${jasypt-version}</version>
</dependency>
<dependency>
diff --git a/assembly/src/main/descriptors/common-bin.xml b/assembly/src/main/descriptors/common-bin.xml
index b3a15b7..b1067c0 100644
--- a/assembly/src/main/descriptors/common-bin.xml
+++ b/assembly/src/main/descriptors/common-bin.xml
@@ -207,7 +207,7 @@
<include>org.apache.velocity:velocity-engine-core</include>
<include>org.apache.servicemix.bundles:org.apache.servicemix.bundles.josql</include>
<include>org.jasypt:jasypt</include>
- <include>org.jasypt:jasypt-spring31</include>
+ <include>org.jasypt:jasypt-spring4</include>
<include>javax.jmdns:jmdns</include>
<include>org.apache.qpid:proton-j</include>
<include>${pom.groupId}:activemq-runtime-config</include>
diff --git a/assembly/src/release/examples/conf/activemq-security.xml b/assembly/src/release/examples/conf/activemq-security.xml
index 1fb1422..3d34dde 100644
--- a/assembly/src/release/examples/conf/activemq-security.xml
+++ b/assembly/src/release/examples/conf/activemq-security.xml
@@ -48,7 +48,7 @@
<property name="config" ref="environmentVariablesConfiguration" />
</bean>
- <bean id="propertyConfigurer" class="org.jasypt.spring31.properties.EncryptablePropertyPlaceholderConfigurer">
+ <bean id="propertyConfigurer" class="org.jasypt.spring4.properties.EncryptablePropertyPlaceholderConfigurer">
<constructor-arg ref="configurationEncryptor" />
<property name="location" value="file:${activemq.conf}/credentials-enc.properties"/>
</bean>
