Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.jaas;
018
019import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
020import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
021import org.jasypt.properties.PropertyValueEncryptionUtils;
022import org.jasypt.iv.RandomIvGenerator;
023
024import java.util.ArrayList;
025import java.util.Properties;
026
027/**
028 * Holds utility methods used work with encrypted values.
029 */
030public class EncryptionSupport {
031
032    static public void decrypt(Properties props, String algorithm) {
033        StandardPBEStringEncryptor encryptor = createEncryptor(algorithm);
034        for (Object k : new ArrayList(props.keySet())) {
035            String key = (String) k;
036            String value = props.getProperty(key);
037            if (PropertyValueEncryptionUtils.isEncryptedValue(value)) {
038                value = PropertyValueEncryptionUtils.decrypt(value, encryptor);
039                props.setProperty(key, value);
040            }
041        }
042
043    }
044    public static StandardPBEStringEncryptor createEncryptor(String algorithm) {
045        StandardPBEStringEncryptor encryptor = new StandardPBEStringEncryptor();
046        EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
047        if (algorithm != null) {
048            encryptor.setAlgorithm(algorithm);
049            // From Jasypt: for PBE-AES-based algorithms, the IV generator is MANDATORY"
050            if (algorithm.startsWith("PBE") && algorithm.contains("AES")) {
051                encryptor.setIvGenerator(new RandomIvGenerator());
052            }
053        }
054        config.setPasswordEnvName("ACTIVEMQ_ENCRYPTION_PASSWORD");
055        encryptor.setConfig(config);
056        return encryptor;
057    }
058
059}