From 84a40014a20f1d5c0f7592abd63b4c84823f26c4 Mon Sep 17 00:00:00 2001 From: Oleksiy Tataryn Date: Wed, 24 Sep 2014 12:51:23 +0300 Subject: [PATCH] Added the use of salt in encryption calls. --- configuration/salt | 1 + .../action/AppliancePasswordAction.java | 6 +++- .../oxtrust/action/AuthenticationFilter.java | 1 - .../gluu/oxtrust/action/Authenticator.java | 2 +- .../action/ConfigureCacheRefreshAction.java | 2 +- .../action/ManageCertificateAction.java | 5 --- .../ManageCustomAuthenticationAction.java | 8 +++-- .../action/PasswordValidationAction.java | 1 - .../oxtrust/action/RegisterPersonAction.java | 3 +- .../RegistrationLinkInventoryAction.java | 1 - .../gluu/oxtrust/action/SsoLoginAction.java | 32 ------------------- .../oxtrust/action/ViewLogFileAction.java | 1 - .../oxtrust/config/OxTrustConfiguration.java | 20 ++++++++++++ .../ldap/cache/service/CacheRefreshTimer.java | 6 +++- .../AbstractConnectionCheckerTimer.java | 8 ++++- .../oxtrust/ldap/service/AppInitializer.java | 5 ++- .../service/BaseConfigurationService.java | 2 +- .../service/EntityIDMonitoringService.java | 1 - .../ldap/service/FederationService.java | 2 +- .../oxtrust/ldap/service/ImageRepository.java | 1 - .../oxtrust/ldap/service/LdifArchiver.java | 1 - .../RegistrationsExpirationService.java | 7 ---- .../ldap/service/uma/ResourceSetService.java | 1 - .../gluu/oxtrust/model/GluuCustomPerson.java | 4 +-- .../model/GluuSAMLTrustRelationship.java | 3 -- .../org/gluu/oxtrust/model/OxIDPAuthConf.java | 1 - .../oxtrust/model/PasswordResetRequest.java | 1 - .../oxtrust/model/ProfileConfiguration.java | 3 -- .../org/gluu/oxtrust/model/scim/ScimData.java | 1 + .../oxtrust/service/UmaProtectionService.java | 8 +++-- 30 files changed, 59 insertions(+), 79 deletions(-) create mode 100644 configuration/salt diff --git a/configuration/salt b/configuration/salt new file mode 100644 index 000000000..351277255 --- /dev/null +++ b/configuration/salt @@ -0,0 +1 @@ +encodeSalt=123456789012345678901234567890 \ No newline at end of file diff --git a/server/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java b/server/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java index a52aefcf3..db3eea6ef 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/AppliancePasswordAction.java @@ -13,6 +13,7 @@ import org.jboss.seam.annotations.Scope; import org.jboss.seam.annotations.security.Restrict; import org.jboss.seam.log.Log; +import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.util.security.StringEncrypter; import org.xdi.util.security.StringEncrypter.EncryptionException; @@ -33,6 +34,9 @@ public class AppliancePasswordAction implements Serializable { @In private CentralLdapService centralLdapService; + @In(value = "#{oxTrustConfiguration.applicationConfiguration}") + private ApplicationConfiguration applicationConfiguration; + @Logger private Log log; @@ -56,7 +60,7 @@ public String update() { if (true /* validatePassword().equals(Configuration.RESULT_SUCCESS) */) { GluuAppliance appliance = applianceService.getAppliance(); try { - appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword)); + appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword, applicationConfiguration.getEncodeSalt())); } catch (EncryptionException e) { log.error("Failed to encrypt password", e); } diff --git a/server/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java b/server/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java index d7f85f97b..7519372c3 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java +++ b/server/src/main/java/org/gluu/oxtrust/action/AuthenticationFilter.java @@ -27,7 +27,6 @@ import org.jboss.seam.security.Identity; import org.jboss.seam.security.NotLoggedInException; import org.jboss.seam.servlet.ContextualHttpServletRequest; -import org.jboss.seam.util.Base64; import org.jboss.seam.web.AbstractFilter; import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.oxauth.client.UserInfoClient; diff --git a/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java b/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java index 4ca9c394b..5a50bcac3 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java +++ b/server/src/main/java/org/gluu/oxtrust/action/Authenticator.java @@ -493,7 +493,7 @@ public String oAuthGetAccessToken() throws JSONException { String clientPassword = applicationConfiguration.getOxAuthClientPassword(); if (clientPassword != null) { try { - clientPassword = StringEncrypter.defaultInstance().decrypt(clientPassword); + clientPassword = StringEncrypter.defaultInstance().decrypt(clientPassword, applicationConfiguration.getEncodeSalt()); } catch (EncryptionException ex) { log.error("Failed to decrypt client password", ex); } diff --git a/server/src/main/java/org/gluu/oxtrust/action/ConfigureCacheRefreshAction.java b/server/src/main/java/org/gluu/oxtrust/action/ConfigureCacheRefreshAction.java index 9e29d0aff..01212cc56 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/ConfigureCacheRefreshAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/ConfigureCacheRefreshAction.java @@ -272,7 +272,7 @@ private GluuLdapConfiguration prepareLdapConfig(String ldapConfigId) { String bindPassword = ""; try { - bindPassword = StringEncrypter.defaultInstance().decrypt(cacheRefreshConfiguration.getString(prefix + "bindPassword")); + bindPassword = StringEncrypter.defaultInstance().decrypt(cacheRefreshConfiguration.getString(prefix + "bindPassword"), applicationConfiguration.getEncodeSalt()); } catch (Exception ex) { log.error("Failed to decrypt password for property: {0}", ex, prefix + "bindPassword"); } diff --git a/server/src/main/java/org/gluu/oxtrust/action/ManageCertificateAction.java b/server/src/main/java/org/gluu/oxtrust/action/ManageCertificateAction.java index 525544110..5e9190d8c 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/ManageCertificateAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/ManageCertificateAction.java @@ -43,8 +43,6 @@ import org.gluu.oxtrust.model.cert.TrustStoreCertificate; import org.gluu.oxtrust.model.cert.TrustStoreConfiguration; import org.gluu.oxtrust.util.OxTrustConstants; -import org.gluu.site.ldap.persistence.annotation.LdapAttribute; -import org.gluu.site.ldap.persistence.annotation.LdapJsonObject; import org.gluu.site.ldap.persistence.exception.LdapMappingException; import org.jboss.seam.Component; import org.jboss.seam.ScopeType; @@ -59,11 +57,8 @@ import org.richfaces.event.FileUploadEvent; import org.richfaces.model.UploadedFile; import org.xdi.config.oxtrust.ApplicationConfiguration; -import org.xdi.model.AuthenticationScriptUsageType; -import org.xdi.model.config.CustomAuthenticationConfiguration; import org.xdi.util.StringHelper; import org.xdi.util.io.FileHelper; -import org.xdi.util.io.FileUploadWrapper; import org.xdi.util.io.ResponseHelper; /** diff --git a/server/src/main/java/org/gluu/oxtrust/action/ManageCustomAuthenticationAction.java b/server/src/main/java/org/gluu/oxtrust/action/ManageCustomAuthenticationAction.java index 0c2cd87fe..6293667ff 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/ManageCustomAuthenticationAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/ManageCustomAuthenticationAction.java @@ -35,6 +35,7 @@ import org.jboss.seam.international.StatusMessage.Severity; import org.jboss.seam.international.StatusMessages; import org.jboss.seam.log.Log; +import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.model.AuthenticationScriptUsageType; import org.xdi.model.SimpleCustomProperty; import org.xdi.model.SimpleProperty; @@ -97,6 +98,9 @@ public class ManageCustomAuthenticationAction implements SimplePropertiesListMod private List customAuthenticationConfigLevels; private boolean initialized; + + @In(value = "#{oxTrustConfiguration.applicationConfiguration}") + private ApplicationConfiguration applicationConfiguration; @Restrict("#{s:hasPermission('configuration', 'access')}") public String modify() { @@ -366,7 +370,7 @@ public String testLdapConnection() { properties.setProperty("bindPassword", this.ldapConfig.getBindPassword()); properties.setProperty("servers", buildServersString(this.ldapConfig.getServers())); properties.setProperty("useSSL", Boolean.toString(this.ldapConfig.isUseSSL())); - LDAPConnectionProvider connectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(properties)); + LDAPConnectionProvider connectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(properties, applicationConfiguration.getEncodeSalt())); if (connectionProvider.isConnected()) { connectionProvider.closeConnectionPool(); return OxTrustConstants.RESULT_SUCCESS; @@ -405,7 +409,7 @@ private String buildServersString(List servers) { public void updateLdapBindPassword() { String encryptedLdapBindPassword = null; try { - encryptedLdapBindPassword = StringEncrypter.defaultInstance().encrypt(this.ldapConfig.getBindPassword()); + encryptedLdapBindPassword = StringEncrypter.defaultInstance().encrypt(this.ldapConfig.getBindPassword(), applicationConfiguration.getEncodeSalt()); } catch (EncryptionException ex) { log.error("Failed to encrypt LDAP bind password", ex); } diff --git a/server/src/main/java/org/gluu/oxtrust/action/PasswordValidationAction.java b/server/src/main/java/org/gluu/oxtrust/action/PasswordValidationAction.java index 9b6ccfead..a3509aafc 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/PasswordValidationAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/PasswordValidationAction.java @@ -16,7 +16,6 @@ import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; import org.jboss.seam.annotations.Scope; -import org.jboss.seam.annotations.security.Restrict; import org.jboss.seam.log.Log; import org.xdi.util.StringHelper; diff --git a/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java b/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java index 7675b310d..233752dc3 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/RegisterPersonAction.java @@ -8,7 +8,6 @@ import java.util.Map; import javax.faces.context.ExternalContext; -import javax.faces.context.FacesContext; import javax.validation.constraints.NotNull; import javax.validation.constraints.Size; @@ -179,7 +178,7 @@ public String register() { boolean registrationCustomized = registrationConfig != null; boolean invitationCodeAllowed = registrationCustomized && registrationConfig.isInvitationCodesManagementEnabled(); - boolean invitationCodeOptional = registrationCustomized && registrationConfig.isUninvitedRegistrationAllowed(); +// boolean invitationCodeOptional = registrationCustomized && registrationConfig.isUninvitedRegistrationAllowed(); boolean invitationCodePresent = invitationGuid != null; OxLink invitationLink = registrationLinkService.getLinkByGuid(invitationGuid); boolean invitationCodeModerated = invitationCodePresent && invitationLink != null && invitationLink.getLinkModerated(); diff --git a/server/src/main/java/org/gluu/oxtrust/action/RegistrationLinkInventoryAction.java b/server/src/main/java/org/gluu/oxtrust/action/RegistrationLinkInventoryAction.java index bf71369cd..8de96c413 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/RegistrationLinkInventoryAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/RegistrationLinkInventoryAction.java @@ -26,7 +26,6 @@ import org.jboss.seam.annotations.security.Restrict; import org.jboss.seam.log.Log; import org.jboss.seam.security.Credentials; -import org.xdi.oxauth.model.util.StringUtils; import org.xdi.util.StringHelper; /** diff --git a/server/src/main/java/org/gluu/oxtrust/action/SsoLoginAction.java b/server/src/main/java/org/gluu/oxtrust/action/SsoLoginAction.java index d4f114c72..fab0a0942 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/SsoLoginAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/SsoLoginAction.java @@ -1,53 +1,24 @@ package org.gluu.oxtrust.action; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.io.InputStreamReader; -import java.io.OutputStream; import java.io.Reader; import java.io.Serializable; -import java.security.KeyStore; import java.util.ArrayList; import java.util.List; import javax.faces.context.ExternalContext; import javax.faces.context.FacesContext; -import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.io.IOUtils; -import org.apache.http.Header; -import org.apache.http.HttpResponse; -import org.apache.http.HttpStatus; -import org.apache.http.NameValuePair; -import org.apache.http.client.CookieStore; -import org.apache.http.client.HttpClient; -import org.apache.http.client.entity.UrlEncodedFormEntity; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.client.methods.HttpPost; -import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.client.protocol.ClientContext; -import org.apache.http.conn.scheme.Scheme; -import org.apache.http.conn.ssl.SSLSocketFactory; -import org.apache.http.impl.client.BasicCookieStore; -import org.apache.http.impl.client.DefaultHttpClient; -import org.apache.http.message.BasicNameValuePair; -import org.apache.http.protocol.BasicHttpContext; -import org.apache.http.protocol.HTTP; -import org.apache.http.protocol.HttpContext; -import org.apache.http.util.EntityUtils; import org.drools.CheckedDroolsException; import org.drools.RuleBase; import org.drools.WorkingMemory; import org.drools.compiler.RuleBaseLoader; -import org.gluu.oxtrust.security.OauthData; import org.gluu.oxtrust.util.OxTrustConstants; -import org.gluu.oxtrust.util.Utils; -import org.gluu.site.ldap.persistence.exception.PropertyNotFoundException; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Logger; @@ -60,10 +31,7 @@ import org.jboss.seam.log.Log; import org.jboss.seam.security.Identity; import org.xdi.config.oxtrust.ApplicationConfiguration; -import org.xdi.oxauth.client.TokenClient; -import org.xdi.oxauth.client.TokenResponse; import org.xdi.util.StringHelper; -import org.xdi.util.security.StringEncrypter; /** * Action class for SSO login diff --git a/server/src/main/java/org/gluu/oxtrust/action/ViewLogFileAction.java b/server/src/main/java/org/gluu/oxtrust/action/ViewLogFileAction.java index 5c1d18106..e67aaaa44 100644 --- a/server/src/main/java/org/gluu/oxtrust/action/ViewLogFileAction.java +++ b/server/src/main/java/org/gluu/oxtrust/action/ViewLogFileAction.java @@ -18,7 +18,6 @@ import org.gluu.oxtrust.model.LogViewerConfig; import org.gluu.oxtrust.util.OxTrustConstants; import org.jboss.seam.ScopeType; -import org.jboss.seam.annotations.Destroy; import org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; diff --git a/server/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java b/server/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java index 8602a8d64..2b008e226 100644 --- a/server/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java +++ b/server/src/main/java/org/gluu/oxtrust/config/OxTrustConfiguration.java @@ -15,6 +15,7 @@ import org.jboss.seam.log.Log; import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.config.oxtrust.ApplicationConfigurationFile; +import org.xdi.config.CryptoConfigurationFile; import org.xdi.config.oxtrust.LdapOxTrustConfiguration; import org.xdi.exception.ConfigurationException; import org.xdi.service.JsonService; @@ -41,15 +42,18 @@ public class OxTrustConfiguration { public static final String CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE = "oxTrustLdap.properties"; public static final String CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE = "oxTrustCentralLdap.properties"; public static final String CONFIGURATION_FILE_APPLICATION_CONFIGURATION = "oxTrust.properties"; + public static final String CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE = "salt"; private FileConfiguration ldapConfiguration; private FileConfiguration ldapCentralConfiguration; + private CryptoConfigurationFile cryptoConfiguration; private ApplicationConfiguration applicationConfiguration; @Create public void create() { this.ldapConfiguration = createFileConfiguration(CONFIGURATION_FILE_LOCAL_LDAP_PROPERTIES_FILE); this.ldapCentralConfiguration = createFileConfiguration(CONFIGURATION_FILE_CENTRAL_LDAP_PROPERTIES_FILE, false); + createCryptoConfigurationFromFile(); } @Observer(EVENT_INIT_CONFIGURATION) @@ -155,6 +159,18 @@ private void createConfigurationFromFile() { throw new ConfigurationException("Failed to load configuration from " + CONFIGURATION_FILE_APPLICATION_CONFIGURATION, ex); } } + + private void createCryptoConfigurationFromFile() { + try { + FileConfiguration cryptoConfiguration = createFileConfiguration(CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE); + CryptoConfigurationFile cryptoConfigurationFile = new CryptoConfigurationFile(cryptoConfiguration); + + this.cryptoConfiguration = cryptoConfigurationFile; + } catch (Exception ex) { + log.error("Failed to load configuration from {0}", ex, CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE); + throw new ConfigurationException("Failed to load configuration from " + CONFIGURATION_FILE_CRYPTO_PROPERTIES_FILE, ex); + } + } private LdapOxTrustConfiguration prepareLdapConfiguration(String configurationDn) { LdapOxTrustConfiguration conf = new LdapOxTrustConfiguration(); @@ -178,6 +194,10 @@ public FileConfiguration getLdapConfiguration() { return ldapConfiguration; } + public CryptoConfigurationFile getCryptoConfiguration() { + return cryptoConfiguration; + } + public FileConfiguration getLdapCentralConfiguration() { return ldapCentralConfiguration; } diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java b/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java index 593975ca8..08f71c92f 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/cache/service/CacheRefreshTimer.java @@ -45,6 +45,7 @@ import org.jboss.seam.async.TimerSchedule; import org.jboss.seam.core.Events; import org.jboss.seam.log.Log; +import org.xdi.config.CryptoConfigurationFile; import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.ldap.model.GluuBoolean; import org.xdi.ldap.model.GluuDummyEntry; @@ -109,6 +110,9 @@ public class CacheRefreshTimer { @In(value = "#{oxTrustConfiguration.applicationConfiguration}") private ApplicationConfiguration applicationConfiguration; + @In(value = "#{oxTrustConfiguration.cryptoConfiguration}") + private CryptoConfigurationFile cryptoConfiguration; + @In private ObjectSerializationService objectSerializationService; @@ -979,7 +983,7 @@ private LdapServerConnection prepareLdapServerConnection(String ldapConfig) { String prefix = String.format("ldap.conf.%s.", ldapConfig); Properties ldapProperties = cacheRefreshConfiguration.getPropertiesByPrefix(prefix); - LDAPConnectionProvider ldapConnectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(ldapProperties)); + LDAPConnectionProvider ldapConnectionProvider = new LDAPConnectionProvider(PropertiesDecrypter.decryptProperties(ldapProperties, cryptoConfiguration.getEncodeSalt())); if (!ldapConnectionProvider.isConnected()) { log.error("Failed to connect to LDAP server using configuration {0}", ldapConfig); diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java index 8ec40e275..759db41f6 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/AbstractConnectionCheckerTimer.java @@ -1,8 +1,10 @@ package org.gluu.oxtrust.ldap.service; import org.gluu.site.ldap.LDAPConnectionProvider; +import org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Logger; import org.jboss.seam.log.Log; +import org.xdi.config.CryptoConfigurationFile; import org.xdi.util.properties.FileConfiguration; import org.xdi.util.security.PropertiesDecrypter; @@ -16,6 +18,10 @@ public class AbstractConnectionCheckerTimer { @Logger private Log log; + + @In(value = "#{oxTrustConfiguration.cryptoConfiguration}") + private CryptoConfigurationFile cryptoConfiguration; + protected void processImpl(FileConfiguration configuration, LDAPConnectionProvider connectionProvider) { if ((configuration == null) || (connectionProvider == null)) { @@ -31,7 +37,7 @@ protected void processImpl(FileConfiguration configuration, LDAPConnectionProvid try { // Make attempt to reconnect to LDAP server - connectionProvider.init(PropertiesDecrypter.decryptProperties(configuration.getProperties())); + connectionProvider.init(PropertiesDecrypter.decryptProperties(configuration.getProperties(),cryptoConfiguration.getEncodeSalt())); isConnected = connectionProvider.isConnected(); if (isConnected) { log.info("Connection to LDAP server was restored"); diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java index 7b9024b5a..60bac3731 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/AppInitializer.java @@ -24,7 +24,6 @@ import org.gluu.site.ldap.OperationsFacade; import org.gluu.site.ldap.persistence.LdapEntryManager; import org.gluu.site.ldap.persistence.exception.EntryPersistenceException; -import org.gluu.site.ldap.persistence.exception.LdapMappingException; import org.jboss.seam.Component; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.AutoCreate; @@ -209,7 +208,7 @@ private void createConnectionAuthProvider(String configurationLdapConfigComponen } // - LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(properties)); + LdapConnectionService connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(properties, oxTrustConfiguration.getCryptoConfiguration().getEncodeSalt())); Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider); } @@ -304,7 +303,7 @@ private void createConnectionProvider(FileConfiguration configuration, String co LdapConnectionService connectionProvider = null; if (configuration != null) { connectionProvider = new LdapConnectionService(PropertiesDecrypter.decryptProperties(configuration - .getProperties())); + .getProperties(), oxTrustConfiguration.getCryptoConfiguration().getEncodeSalt())); } Contexts.getApplicationContext().set(connectionProviderComponentName, connectionProvider); } diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java index 7bd08108e..f05bf8ad9 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/BaseConfigurationService.java @@ -130,7 +130,7 @@ public boolean checkAndUpdateLdapbaseConfigurationImpl() { appliance.setIname(confApplianceIname); appliance.setInumFN(StringHelper.removePunctuation(appliance.getInum())); String newPassword = RandomStringUtils.randomAlphanumeric(8); - appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword)); + appliance.setBlowfishPassword(StringEncrypter.defaultInstance().encrypt(newPassword, applicationConfiguration.getEncodeSalt())); if (centralLdapService.isUseCentralServer()) { GluuAppliance tmpAppliance = new GluuAppliance(); diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/EntityIDMonitoringService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/EntityIDMonitoringService.java index be22ecbdc..eea3d7a32 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/EntityIDMonitoringService.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/EntityIDMonitoringService.java @@ -3,7 +3,6 @@ import java.io.File; import java.util.ArrayList; import java.util.Collection; -import java.util.Collections; import java.util.List; import java.util.Set; import java.util.TreeSet; diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/FederationService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/FederationService.java index 6bf75c85a..9f4d2f993 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/FederationService.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/FederationService.java @@ -176,7 +176,7 @@ public void removeFederationProposal(GluuSAMLFederationProposal federationPropos */ public GluuMetadataSourceType[] getMetadataSourceTypes() { List trTypes = Arrays.asList(GluuMetadataSourceType.values()); - List proposalTypes = new ArrayList(trTypes); + List proposalTypes = new ArrayList(trTypes); proposalTypes.remove(GluuMetadataSourceType.FEDERATION); proposalTypes.remove(GluuMetadataSourceType.GENERATE); return proposalTypes.toArray(new GluuMetadataSourceType[] {}); diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/ImageRepository.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/ImageRepository.java index dac1a9ef8..715e35c13 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/ImageRepository.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/ImageRepository.java @@ -11,7 +11,6 @@ import org.apache.commons.io.FileUtils; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.ArrayUtils; -import org.gluu.oxtrust.util.OxTrustConstants; import org.jboss.seam.ScopeType; import org.jboss.seam.annotations.AutoCreate; import org.jboss.seam.annotations.Create; diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/LdifArchiver.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/LdifArchiver.java index ba336a39a..f2833c371 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/LdifArchiver.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/LdifArchiver.java @@ -6,7 +6,6 @@ import java.util.Calendar; import org.gluu.oxtrust.config.OxTrustConfiguration; -import org.gluu.oxtrust.util.OxTrustConstants; import org.gluu.site.ldap.persistence.DeleteNotifier; import org.gluu.site.ldap.persistence.LdapEntryManager; import org.slf4j.Logger; diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/RegistrationsExpirationService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/RegistrationsExpirationService.java index 8e1b69998..caf323934 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/RegistrationsExpirationService.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/RegistrationsExpirationService.java @@ -1,15 +1,9 @@ package org.gluu.oxtrust.ldap.service; -import java.math.BigInteger; import java.util.Calendar; import java.util.Date; -import java.util.HashMap; import java.util.List; -import javax.faces.application.ViewHandler; -import javax.faces.context.ExternalContext; -import javax.faces.context.FacesContext; - import org.gluu.oxtrust.model.GluuCustomPerson; import org.gluu.oxtrust.model.GluuOrganization; import org.gluu.oxtrust.model.OxLink; @@ -23,7 +17,6 @@ import org.jboss.seam.annotations.async.Asynchronous; import org.jboss.seam.annotations.async.Expiration; import org.jboss.seam.annotations.async.IntervalDuration; -import org.jboss.seam.async.QuartzTriggerHandle; import org.xdi.ldap.model.GluuStatus; /** diff --git a/server/src/main/java/org/gluu/oxtrust/ldap/service/uma/ResourceSetService.java b/server/src/main/java/org/gluu/oxtrust/ldap/service/uma/ResourceSetService.java index 85d462f9f..882a56c00 100644 --- a/server/src/main/java/org/gluu/oxtrust/ldap/service/uma/ResourceSetService.java +++ b/server/src/main/java/org/gluu/oxtrust/ldap/service/uma/ResourceSetService.java @@ -17,7 +17,6 @@ import org.jboss.seam.log.Log; import org.xdi.ldap.model.SimpleBranch; import org.xdi.oxauth.model.uma.persistence.ResourceSet; -import org.xdi.oxauth.model.uma.persistence.ScopeDescription; import org.xdi.util.INumGenerator; import com.unboundid.ldap.sdk.Filter; diff --git a/server/src/main/java/org/gluu/oxtrust/model/GluuCustomPerson.java b/server/src/main/java/org/gluu/oxtrust/model/GluuCustomPerson.java index 543245e99..d7c2d4d84 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/GluuCustomPerson.java +++ b/server/src/main/java/org/gluu/oxtrust/model/GluuCustomPerson.java @@ -2,12 +2,11 @@ import java.io.Serializable; import java.util.Arrays; -import java.util.Iterator; import java.util.Date; +import java.util.Iterator; import java.util.List; import lombok.Data; -import lombok.EqualsAndHashCode; import org.gluu.site.ldap.persistence.annotation.LdapAttribute; import org.gluu.site.ldap.persistence.annotation.LdapEntry; @@ -23,7 +22,6 @@ @LdapEntry(sortBy = { "displayName" }) @LdapObjectClass(values = { "top", "person", "organizationalPerson", "inetOrgPerson", "gluuPerson","eduPerson", "oxEntry", "oxCustomAttributes" }) -@EqualsAndHashCode(callSuper=false) public @Data class GluuCustomPerson extends User implements Serializable { private static final long serialVersionUID = -1879582184398161112L; diff --git a/server/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java b/server/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java index 89e8b0441..1d5ff91b6 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java +++ b/server/src/main/java/org/gluu/oxtrust/model/GluuSAMLTrustRelationship.java @@ -2,7 +2,6 @@ import java.io.Serializable; import java.util.ArrayList; -import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -15,8 +14,6 @@ import javax.validation.constraints.Size; import lombok.Data; -import lombok.Getter; -import lombok.Setter; import org.gluu.oxtrust.ldap.service.TrustService; import org.gluu.site.ldap.persistence.annotation.LdapAttribute; diff --git a/server/src/main/java/org/gluu/oxtrust/model/OxIDPAuthConf.java b/server/src/main/java/org/gluu/oxtrust/model/OxIDPAuthConf.java index 922699546..96a51cfbb 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/OxIDPAuthConf.java +++ b/server/src/main/java/org/gluu/oxtrust/model/OxIDPAuthConf.java @@ -8,7 +8,6 @@ import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlType; -import org.codehaus.jackson.annotate.JsonIgnoreProperties; import org.codehaus.jackson.annotate.JsonPropertyOrder; import org.gluu.oxtrust.model.scim.ScimCustomAttributes; diff --git a/server/src/main/java/org/gluu/oxtrust/model/PasswordResetRequest.java b/server/src/main/java/org/gluu/oxtrust/model/PasswordResetRequest.java index 494327aad..b7b80f929 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/PasswordResetRequest.java +++ b/server/src/main/java/org/gluu/oxtrust/model/PasswordResetRequest.java @@ -6,7 +6,6 @@ import java.io.Serializable; import lombok.Data; -import lombok.EqualsAndHashCode; import org.gluu.site.ldap.persistence.annotation.LdapAttribute; import org.gluu.site.ldap.persistence.annotation.LdapEntry; diff --git a/server/src/main/java/org/gluu/oxtrust/model/ProfileConfiguration.java b/server/src/main/java/org/gluu/oxtrust/model/ProfileConfiguration.java index 6b995feaa..bb7c050af 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/ProfileConfiguration.java +++ b/server/src/main/java/org/gluu/oxtrust/model/ProfileConfiguration.java @@ -4,9 +4,6 @@ import lombok.Data; -import org.apache.log4j.Logger; -import org.jboss.seam.ScopeType; - public @Data class ProfileConfiguration implements Serializable { diff --git a/server/src/main/java/org/gluu/oxtrust/model/scim/ScimData.java b/server/src/main/java/org/gluu/oxtrust/model/scim/ScimData.java index 578e4d5de..950477971 100644 --- a/server/src/main/java/org/gluu/oxtrust/model/scim/ScimData.java +++ b/server/src/main/java/org/gluu/oxtrust/model/scim/ScimData.java @@ -12,6 +12,7 @@ */ public class ScimData extends ScimPerson { + private static final long serialVersionUID = -8671209028069880837L; private String id; private List members; diff --git a/server/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java b/server/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java index ff39f7534..85d86a842 100644 --- a/server/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java +++ b/server/src/main/java/org/gluu/oxtrust/service/UmaProtectionService.java @@ -24,6 +24,7 @@ import org.jboss.seam.annotations.Name; import org.jboss.seam.annotations.Scope; import org.jboss.seam.log.Log; +import org.xdi.config.CryptoConfigurationFile; import org.xdi.config.oxtrust.ApplicationConfiguration; import org.xdi.oxauth.client.uma.ResourceSetPermissionRegistrationService; import org.xdi.oxauth.client.uma.ResourceSetRegistrationService; @@ -61,7 +62,10 @@ public class UmaProtectionService implements Serializable { @In(value = "#{oxTrustConfiguration.applicationConfiguration}") private ApplicationConfiguration applicationConfiguration; - + + @In(value = "#{oxTrustConfiguration.cryptoConfiguration}") + private CryptoConfigurationFile cryptoConfiguration; + @In private JsonService jsonService; @@ -232,7 +236,7 @@ private void retrievePatToken() throws UmaProtectionException { return; } - String umaClientPassword = PropertiesDecrypter.decryptProperty(applicationConfiguration.getUmaClientPassword(), true); + String umaClientPassword = PropertiesDecrypter.decryptProperty(applicationConfiguration.getUmaClientPassword(), true, cryptoConfiguration.getEncodeSalt()); try { this.umaPat = UmaClient.requestPat(umaMetadataConfiguration.getTokenEndpoint(), applicationConfiguration.getUmaClientId(), umaClientPassword);