Google Git
Sign in
apache / kylin / af2646b72fbb6dc81699ad6661303fd612a2eebf / . / server / src / main / java / org / apache / kylin / rest / security / PasswordPlaceholderConfigurer.java
blob: 2022ef00da5e8d26c69adce4b3246d34af5506b9 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.kylin.rest.security;
import org.apache.commons.codec.binary.Base64;
import org.apache.kylin.common.KylinConfig;
import org.springframework.beans.factory.config.PropertyPlaceholderConfigurer;
import org.springframework.core.io.InputStreamResource;
import org.springframework.core.io.Resource;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.crypto.Cipher;
import javax.crypto.spec.SecretKeySpec;
import java.util.Properties;
/**
* @author xduo
*
*/
public class PasswordPlaceholderConfigurer extends PropertyPlaceholderConfigurer {
private static byte[] key = { 0x74, 0x68, 0x69, 0x73, 0x49, 0x73, 0x41, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79 };
public PasswordPlaceholderConfigurer() {
Resource[] resources = new Resource[1];
resources[0] = new InputStreamResource(KylinConfig.getKylinPropertiesAsInputStream());
this.setLocations(resources);
}
public static String encrypt(String strToEncrypt) {
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
final SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
final String encryptedString = Base64.encodeBase64String(cipher.doFinal(strToEncrypt.getBytes()));
return encryptedString;
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
}
public static String decrypt(String strToDecrypt) {
try {
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5PADDING");
final SecretKeySpec secretKey = new SecretKeySpec(key, "AES");
cipher.init(Cipher.DECRYPT_MODE, secretKey);
final String decryptedString = new String(cipher.doFinal(Base64.decodeBase64(strToDecrypt)));
return decryptedString;
} catch (Exception e) {
throw new RuntimeException(e.getMessage(), e);
}
}
protected String resolvePlaceholder(String placeholder, Properties props) {
if (placeholder.toLowerCase().contains("password")) {
return decrypt(props.getProperty(placeholder));
} else {
return props.getProperty(placeholder);
}
}
private static void printUsage() {
System.out.println("Usage: java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer <EncryptMethod> <your_password>");
System.out.println("EncryptMethod: AES or BCrypt");
}
public static void main(String[] args) {
if (args.length != 2) {
printUsage();
System.exit(1);
}
String encryptMethod = args[0];
String passwordTxt = args[1];
if ("AES".equalsIgnoreCase(encryptMethod)) {
// for encrypt password like LDAP password
System.out.println(encryptMethod + " encrypted password is: ");
System.out.println(encrypt(passwordTxt));
} else if ("BCrypt".equalsIgnoreCase(encryptMethod)) {
// for encrypt the predefined user password, like ADMIN, MODELER.
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
System.out.println(encryptMethod + " encrypted password is: ");
System.out.println(bCryptPasswordEncoder.encode(passwordTxt));
} else {
printUsage();
System.exit(1);
}
}
}