Added the use of salt in encryption calls.

configuration/salt

@@ -0,0 +1 @@
+encodeSalt=123456789012345678901234567890

server/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java

@@ -13,6 +13,7 @@
 import org.jboss.seam.annotations.Scope;
 import org.jboss.seam.annotations.security.Restrict;
 import org.jboss.seam.log.Log;
+import org.xdi.config.oxtrust.ApplicationConfiguration;
 import org.xdi.util.security.StringEncrypter;
 import org.xdi.util.security.StringEncrypter.EncryptionException;
 
@@ -33,6 +34,9 @@ public class AppliancePasswordAction implements Serializable {
 	@In
 	private CentralLdapService centralLdapService;
 
+	@In(value = "#{oxTrustConfiguration.applicationConfiguration}")
+	private ApplicationConfiguration applicationConfiguration;
+
 	@Logger
 	private Log log;
 
@@ -56,7 +60,7 @@ public String update() {
 		if (true /* validatePassword().equals(Configuration.RESULT_SUCCESS) */) {
 			GluuAppliance appliance = applianceService.getAppliance();
 			try {
-				appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword));
+				appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword, applicationConfiguration.getEncodeSalt()));
 			} catch (EncryptionException e) {
 				log.error("Failed to encrypt password", e);
 			}

server/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java

@@ -27,7 +27,6 @@
 import org.jboss.seam.security.Identity;
 import org.jboss.seam.security.NotLoggedInException;
 import org.jboss.seam.servlet.ContextualHttpServletRequest;
-import org.jboss.seam.util.Base64;
 import org.jboss.seam.web.AbstractFilter;
 import org.xdi.config.oxtrust.ApplicationConfiguration;
 import org.xdi.oxauth.client.UserInfoClient;

server/src/main/java/org/gluu/oxtrust/action/Authenticator.java

@@ -493,7 +493,7 @@ public String oAuthGetAccessToken() throws JSONException {
 		String clientPassword = applicationConfiguration.getOxAuthClientPassword();
 		if (clientPassword != null) {
 			try {
-				clientPassword = StringEncrypter.defaultInstance().decrypt(clientPassword);
+				clientPassword = StringEncrypter.defaultInstance().decrypt(clientPassword, applicationConfiguration.getEncodeSalt());
 			} catch (EncryptionException ex) {
 				log.error("Failed to decrypt client password", ex);
 			}

server/src/main/java/org/gluu/oxtrust/action/ConfigureCacheRefreshAction.java

@@ -272,7 +272,7 @@ private GluuLdapConfiguration prepareLdapConfig(String ldapConfigId) {
 
 		String bindPassword = "";
 		try {
-			bindPassword = StringEncrypter.defaultInstance().decrypt(cacheRefreshConfiguration.getString(prefix + "bindPassword"));
+			bindPassword = StringEncrypter.defaultInstance().decrypt(cacheRefreshConfiguration.getString(prefix + "bindPassword"), applicationConfiguration.getEncodeSalt());
 		} catch (Exception ex) {
 			log.error("Failed to decrypt password for property: {0}", ex, prefix + "bindPassword");
 		}

server/src/main/java/org/gluu/oxtrust/action/ManageCertificateAction.java

@@ -43,8 +43,6 @@
 import org.gluu.oxtrust.model.cert.TrustStoreCertificate;
 import org.gluu.oxtrust.model.cert.TrustStoreConfiguration;
 import org.gluu.oxtrust.util.OxTrustConstants;
-import org.gluu.site.ldap.persistence.annotation.LdapAttribute;
-import org.gluu.site.ldap.persistence.annotation.LdapJsonObject;
 import org.gluu.site.ldap.persistence.exception.LdapMappingException;
 import org.jboss.seam.Component;
 import org.jboss.seam.ScopeType;
@@ -59,11 +57,8 @@
 import org.richfaces.event.FileUploadEvent;
 import org.richfaces.model.UploadedFile;
 import org.xdi.config.oxtrust.ApplicationConfiguration;
-import org.xdi.model.AuthenticationScriptUsageType;
-import org.xdi.model.config.CustomAuthenticationConfiguration;
 import org.xdi.util.StringHelper;
 import org.xdi.util.io.FileHelper;
-import org.xdi.util.io.FileUploadWrapper;
 import org.xdi.util.io.ResponseHelper;
 
 /**

server/src/main/java/org/gluu/oxtrust/action/ManageCustomAuthenticationAction.java

@@ -35,6 +35,7 @@
 import org.jboss.seam.international.StatusMessage.Severity;
 import org.jboss.seam.international.StatusMessages;
 import org.jboss.seam.log.Log;
+import org.xdi.config.oxtrust.ApplicationConfiguration;
 import org.xdi.model.AuthenticationScriptUsageType;
 import org.xdi.model.SimpleCustomProperty;
 import org.xdi.model.SimpleProperty;
@@ -97,6 +98,9 @@ public class ManageCustomAuthenticationAction implements SimplePropertiesListMod
 	private List<String> customAuthenticationConfigLevels;
 
 	private boolean initialized;
+
+	@In(value = "#{oxTrustConfiguration.applicationConfiguration}")
+	private ApplicationConfiguration applicationConfiguration;
 
 	@Restrict("#{s:hasPermission('configuration', 'access')}")
 	public String modify() {
@@ -366,7 +370,7 @@ public String testLdapConnection() {
 			properties.setProperty("bindPassword", this.ldapConfig.getBindPassword());
 			properties.setProperty("servers", buildServersString(this.ldapConfig.getServers()));
 			properties.setProperty("useSSL", Boolean.toString(this.ldapConfig.isUseSSL()));
-			LDAPConnectionProvider connectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(properties));
+			LDAPConnectionProvider connectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(properties, applicationConfiguration.getEncodeSalt()));
 			if (connectionProvider.isConnected()) {
 				connectionProvider.closeConnectionPool();
 				return OxTrustConstants.RESULT_SUCCESS;
@@ -405,7 +409,7 @@ private String buildServersString(List<SimpleProperty> servers) {
 	public void updateLdapBindPassword() {
 		String encryptedLdapBindPassword = null;
 		try {
-			encryptedLdapBindPassword = StringEncrypter.defaultInstance().encrypt(this.ldapConfig.getBindPassword());
+			encryptedLdapBindPassword = StringEncrypter.defaultInstance().encrypt(this.ldapConfig.getBindPassword(), applicationConfiguration.getEncodeSalt());
 		} catch (EncryptionException ex) {
 			log.error("Failed to encrypt LDAP bind password", ex);
 		}

server/src/main/java/org/gluu/oxtrust/action/PasswordValidationAction.java

@@ -16,7 +16,6 @@
 import org.jboss.seam.annotations.Logger;
 import org.jboss.seam.annotations.Name;
 import org.jboss.seam.annotations.Scope;
-import org.jboss.seam.annotations.security.Restrict;
 import org.jboss.seam.log.Log;
 import org.xdi.util.StringHelper;
 

server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java

@@ -8,7 +8,6 @@
 import java.util.Map;
 
 import javax.faces.context.ExternalContext;
-import javax.faces.context.FacesContext;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 
@@ -179,7 +178,7 @@ public String register() {
 
 			boolean registrationCustomized = registrationConfig != null;
 			boolean invitationCodeAllowed = registrationCustomized && registrationConfig.isInvitationCodesManagementEnabled();
-			boolean invitationCodeOptional = registrationCustomized && registrationConfig.isUninvitedRegistrationAllowed();
+//			boolean invitationCodeOptional = registrationCustomized && registrationConfig.isUninvitedRegistrationAllowed();
 			boolean  invitationCodePresent = invitationGuid != null;
 			OxLink invitationLink = registrationLinkService.getLinkByGuid(invitationGuid);
 			boolean invitationCodeModerated = invitationCodePresent && invitationLink != null && invitationLink.getLinkModerated();

server/src/main/java/org/gluu/oxtrust/action/RegistrationLinkInventoryAction.java

@@ -26,7 +26,6 @@
 import org.jboss.seam.annotations.security.Restrict;
 import org.jboss.seam.log.Log;
 import org.jboss.seam.security.Credentials;
-import org.xdi.oxauth.model.util.StringUtils;
 import org.xdi.util.StringHelper;
 
 /**

server/src/main/java/org/gluu/oxtrust/action/SsoLoginAction.java

@@ -1,53 +1,24 @@
 package org.gluu.oxtrust.action;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.InputStreamReader;
-import java.io.OutputStream;
 import java.io.Reader;
 import java.io.Serializable;
-import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.List;
 
 import javax.faces.context.ExternalContext;
 import javax.faces.context.FacesContext;
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.io.IOUtils;
-import org.apache.http.Header;
-import org.apache.http.HttpResponse;
-import org.apache.http.HttpStatus;
-import org.apache.http.NameValuePair;
-import org.apache.http.client.CookieStore;
-import org.apache.http.client.HttpClient;
-import org.apache.http.client.entity.UrlEncodedFormEntity;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.client.methods.HttpPost;
-import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.client.protocol.ClientContext;
-import org.apache.http.conn.scheme.Scheme;
-import org.apache.http.conn.ssl.SSLSocketFactory;
-import org.apache.http.impl.client.BasicCookieStore;
-import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.message.BasicNameValuePair;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HTTP;
-import org.apache.http.protocol.HttpContext;
-import org.apache.http.util.EntityUtils;
 import org.drools.CheckedDroolsException;
 import org.drools.RuleBase;
 import org.drools.WorkingMemory;
 import org.drools.compiler.RuleBaseLoader;
-import org.gluu.oxtrust.security.OauthData;
 import org.gluu.oxtrust.util.OxTrustConstants;
-import org.gluu.oxtrust.util.Utils;
-import org.gluu.site.ldap.persistence.exception.PropertyNotFoundException;
 import org.jboss.seam.ScopeType;
 import org.jboss.seam.annotations.In;
 import org.jboss.seam.annotations.Logger;
@@ -60,10 +31,7 @@
 import org.jboss.seam.log.Log;
 import org.jboss.seam.security.Identity;
 import org.xdi.config.oxtrust.ApplicationConfiguration;
-import org.xdi.oxauth.client.TokenClient;
-import org.xdi.oxauth.client.TokenResponse;
 import org.xdi.util.StringHelper;
-import org.xdi.util.security.StringEncrypter;
 
 /**
  * Action class for SSO login

server/src/main/java/org/gluu/oxtrust/action/ViewLogFileAction.java

@@ -18,7 +18,6 @@
 import org.gluu.oxtrust.model.LogViewerConfig;
 import org.gluu.oxtrust.util.OxTrustConstants;
 import org.jboss.seam.ScopeType;
-import org.jboss.seam.annotations.Destroy;
 import org.jboss.seam.annotations.In;
 import org.jboss.seam.annotations.Logger;
 import org.jboss.seam.annotations.Name;

server/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java

@@ -15,6 +15,7 @@
 import org.jboss.seam.log.Log;
 import org.xdi.config.oxtrust.ApplicationConfiguration;
 import org.xdi.config.oxtrust.ApplicationConfigurationFile;
+import org.xdi.config.CryptoConfigurationFile;
 import org.xdi.config.oxtrust.LdapOxTrustConfiguration;
 import org.xdi.exception.ConfigurationException;
 import org.xdi.service.JsonService;
@@ -41,15 +42,18 @@ public class OxTrustConfiguration {
 	public static final String CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE = "oxTrustLdap.properties";
 	public static final String CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE = "oxTrustCentralLdap.properties";
 	public static final String CONFIGURATION_FILE_APPLICATION_CONFIGURATION = "oxTrust.properties";
+	public static final String CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE = "salt";
 
 	private FileConfiguration ldapConfiguration;
 	private FileConfiguration ldapCentralConfiguration;
+	private CryptoConfigurationFile cryptoConfiguration;
 	private ApplicationConfiguration applicationConfiguration;
 
 	@Create
 	public void create() {
 		this.ldapConfiguration = createFileConfiguration(CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE);
 		this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE, false);
+		createCryptoConfigurationFromFile();
 	}
 
 	@Observer(EVENT_INIT_CONFIGURATION)
@@ -155,6 +159,18 @@ private void createConfigurationFromFile() {
 			throw new ConfigurationException("Failed to load configuration from " + CONFIGURATION_FILE_APPLICATION_CONFIGURATION, ex);
 		}
 	}
+
+	private void createCryptoConfigurationFromFile() {
+		try {
+			FileConfiguration cryptoConfiguration = createFileConfiguration(CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE);
+			CryptoConfigurationFile cryptoConfigurationFile = new CryptoConfigurationFile(cryptoConfiguration);
+
+			this.cryptoConfiguration = cryptoConfigurationFile;
+		} catch (Exception ex) {
+			log.error("Failed to load configuration from {0}", ex, CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE);
+			throw new ConfigurationException("Failed to load configuration from " + CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE, ex);
+		}
+	}
 
 	private LdapOxTrustConfiguration prepareLdapConfiguration(String configurationDn) {
 		LdapOxTrustConfiguration conf = new LdapOxTrustConfiguration();
@@ -178,6 +194,10 @@ public FileConfiguration getLdapConfiguration() {
 		return ldapConfiguration;
 	}
 
+	public CryptoConfigurationFile getCryptoConfiguration() {
+		return cryptoConfiguration;
+	}
+
 	public FileConfiguration getLdapCentralConfiguration() {
 		return ldapCentralConfiguration;
 	}

server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java

@@ -45,6 +45,7 @@
 import org.jboss.seam.async.TimerSchedule;
 import org.jboss.seam.core.Events;
 import org.jboss.seam.log.Log;
+import org.xdi.config.CryptoConfigurationFile;
 import org.xdi.config.oxtrust.ApplicationConfiguration;
 import org.xdi.ldap.model.GluuBoolean;
 import org.xdi.ldap.model.GluuDummyEntry;
@@ -109,6 +110,9 @@ public class CacheRefreshTimer {
 	@In(value = "#{oxTrustConfiguration.applicationConfiguration}")
 	private ApplicationConfiguration applicationConfiguration;
 
+	@In(value = "#{oxTrustConfiguration.cryptoConfiguration}")
+	private CryptoConfigurationFile cryptoConfiguration;
+
 	@In
 	private ObjectSerializationService objectSerializationService;
 
@@ -979,7 +983,7 @@ private LdapServerConnection prepareLdapServerConnection(String ldapConfig) {
 		String prefix = String.format("ldap.conf.%s.", ldapConfig);
 		Properties ldapProperties = cacheRefreshConfiguration.getPropertiesByPrefix(prefix);
 
-		LDAPConnectionProvider ldapConnectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(ldapProperties));
+		LDAPConnectionProvider ldapConnectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(ldapProperties, cryptoConfiguration.getEncodeSalt()));
 
 		if (!ldapConnectionProvider.isConnected()) {
 			log.error("Failed to connect to LDAP server using configuration {0}", ldapConfig);

server/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java

@@ -1,8 +1,10 @@
 package org.gluu.oxtrust.ldap.service;
 
 import org.gluu.site.ldap.LDAPConnectionProvider;
+import org.jboss.seam.annotations.In;
 import org.jboss.seam.annotations.Logger;
 import org.jboss.seam.log.Log;
+import org.xdi.config.CryptoConfigurationFile;
 import org.xdi.util.properties.FileConfiguration;
 import org.xdi.util.security.PropertiesDecrypter;
 
@@ -16,6 +18,10 @@ public class AbstractConnectionCheckerTimer {
 
 	@Logger
 	private Log log;
+
+	@In(value = "#{oxTrustConfiguration.cryptoConfiguration}")
+	private CryptoConfigurationFile cryptoConfiguration;
+
 
 	protected void processImpl(FileConfiguration configuration, LDAPConnectionProvider connectionProvider) {
 		if ((configuration == null) || (connectionProvider == null)) {
@@ -31,7 +37,7 @@ protected void processImpl(FileConfiguration configuration, LDAPConnectionProvid
 
 			try {
 				// Make attempt to reconnect to LDAP server
-				connectionProvider.init(PropertiesDecrypter.decryptProperties(configuration.getProperties()));
+				connectionProvider.init(PropertiesDecrypter.decryptProperties(configuration.getProperties(),cryptoConfiguration.getEncodeSalt()));
 				isConnected = connectionProvider.isConnected();
 				if (isConnected) {
 					log.info("Connection to LDAP server was restored");

server/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java

@@ -24,7 +24,6 @@
 import org.gluu.site.ldap.OperationsFacade;
 import org.gluu.site.ldap.persistence.LdapEntryManager;
 import org.gluu.site.ldap.persistence.exception.EntryPersistenceException;
-import org.gluu.site.ldap.persistence.exception.LdapMappingException;
 import org.jboss.seam.Component;
 import org.jboss.seam.ScopeType;
 import org.jboss.seam.annotations.AutoCreate;
@@ -209,7 +208,7 @@ private void createConnectionAuthProvider(String configurationLdapConfigComponen
 		}
 		//
 
-		LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(properties));
+		LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(properties, oxTrustConfiguration.getCryptoConfiguration().getEncodeSalt()));
 		Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider);
 	}
 
@@ -304,7 +303,7 @@ private void createConnectionProvider(FileConfiguration configuration, String co
 		LdapConnectionService connectionProvider = null;
 		if (configuration != null) {
 			connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration
-				.getProperties()));
+				.getProperties(), oxTrustConfiguration.getCryptoConfiguration().getEncodeSalt()));
 		}
 		Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider);
 	}

server/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java

@@ -130,7 +130,7 @@ public boolean checkAndUpdateLdapbaseConfigurationImpl() {
 					appliance.setIname(confApplianceIname);
 					appliance.setInumFN(StringHelper.removePunctuation(appliance.getInum()));
 					String newPassword = RandomStringUtils.randomAlphanumeric(8);
-					appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword));
+					appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword, applicationConfiguration.getEncodeSalt()));
 
 					if (centralLdapService.isUseCentralServer()) {
 						GluuAppliance tmpAppliance = new GluuAppliance();

server/src/main/java/org/gluu/oxtrust/ldap/service/EntityIDMonitoringService.java

@@ -3,7 +3,6 @@
 import java.io.File;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.TreeSet;

server/src/main/java/org/gluu/oxtrust/ldap/service/FederationService.java

@@ -176,7 +176,7 @@ public void removeFederationProposal(GluuSAMLFederationProposal federationPropos
 	 */
 	public GluuMetadataSourceType[] getMetadataSourceTypes() {
 		List<GluuMetadataSourceType> trTypes = Arrays.asList(GluuMetadataSourceType.values());
-		List<GluuMetadataSourceType> proposalTypes = new ArrayList(trTypes);
+		List<GluuMetadataSourceType> proposalTypes = new ArrayList<GluuMetadataSourceType>(trTypes);
 		proposalTypes.remove(GluuMetadataSourceType.FEDERATION);
 		proposalTypes.remove(GluuMetadataSourceType.GENERATE);
 		return proposalTypes.toArray(new GluuMetadataSourceType[] {});

server/src/main/java/org/gluu/oxtrust/ldap/service/ImageRepository.java

@@ -11,7 +11,6 @@
 import org.apache.commons.io.FileUtils;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang.ArrayUtils;
-import org.gluu.oxtrust.util.OxTrustConstants;
 import org.jboss.seam.ScopeType;
 import org.jboss.seam.annotations.AutoCreate;
 import org.jboss.seam.annotations.Create;