Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.jaas;
018
019import java.util.Map;
020
021import javax.security.auth.Subject;
022import javax.security.auth.callback.CallbackHandler;
023
024import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
025import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
026import org.jasypt.iv.RandomIvGenerator;
027import org.jasypt.properties.EncryptableProperties;
028
029/**
030 * LDAPLoginModule that supports encryption
031 */
032public class EncryptableLDAPLoginModule extends LDAPLoginModule {
033
034    private static final String ENCRYPTION_PASSWORD = "encryptionPassword";
035    private static final String PASSWORD_ENV_NAME = "passwordEnvName";
036    private static final String PASSWORD_ALGORITHM = "encryptionAlgorithm";
037    private static final String DEFAULT_PASSWORD_ENV_NAME = "ACTIVEMQ_ENCRYPTION_PASSWORD";
038    private static final String DEFAULT_PASSWORD_ALGORITHM = "PBEWithMD5AndDES";
039    private final StandardPBEStringEncryptor configurationEncryptor = new StandardPBEStringEncryptor();
040
041    @SuppressWarnings({ "rawtypes", "unchecked" })
042    @Override
043    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
044
045        String encryptionPassword = (String)options.get(ENCRYPTION_PASSWORD);
046        String passwordEnvName = options.get(PASSWORD_ENV_NAME) != null ?
047                (String)options.get(PASSWORD_ENV_NAME) : DEFAULT_PASSWORD_ENV_NAME;
048        String passwordAlgorithm = options.get(PASSWORD_ALGORITHM) != null ?
049                (String)options.get(PASSWORD_ALGORITHM) : DEFAULT_PASSWORD_ALGORITHM;
050
051        EnvironmentStringPBEConfig envConfig = new EnvironmentStringPBEConfig();
052        envConfig.setAlgorithm(passwordAlgorithm);
053
054        if (passwordAlgorithm.startsWith("PBE") && passwordAlgorithm.contains("AES")) {
055            envConfig.setIvGenerator(new RandomIvGenerator());
056        }
057
058        //If the password was set, use it
059        //else look up the password from the environment
060        if (encryptionPassword == null) {
061            envConfig.setPasswordEnvName(passwordEnvName);
062        } else {
063            envConfig.setPassword(encryptionPassword);
064        }
065
066        configurationEncryptor.setConfig(envConfig);
067        EncryptableProperties encryptableOptions
068            = new EncryptableProperties(configurationEncryptor);
069        encryptableOptions.putAll(options);
070
071        super.initialize(subject, callbackHandler, sharedState, encryptableOptions);
072
073    }
074
075}