From df47a79531057bf408c61a17e640124e7daaf47f Mon Sep 17 00:00:00 2001 From: Carlos Ruiz Date: Thu, 31 Dec 2020 03:04:39 +0100 Subject: [PATCH] IDEMPIERE-4618 Obfuscate ADEMPIERE_KEYSTOREPASS as suggested by jetty (#494) --- org.adempiere.install/META-INF/MANIFEST.MF | 3 +- org.adempiere.install/install.app.launch | 1 + .../install.console.app.launch | 3 +- .../compiere/install/ConfigurationData.java | 35 +++++++++++++++++-- .../setup/configuration/config.ini | 1 + 5 files changed, 39 insertions(+), 4 deletions(-) diff --git a/org.adempiere.install/META-INF/MANIFEST.MF b/org.adempiere.install/META-INF/MANIFEST.MF index dda70fa506..ad0a7dc5b5 100644 --- a/org.adempiere.install/META-INF/MANIFEST.MF +++ b/org.adempiere.install/META-INF/MANIFEST.MF @@ -5,7 +5,8 @@ Bundle-SymbolicName: org.adempiere.install;singleton:=true Bundle-Version: 8.2.0.qualifier Export-Package: org.adempiere.install, org.compiere.install -Require-Bundle: org.adempiere.base;bundle-version="0.0.0" +Require-Bundle: org.adempiere.base;bundle-version="0.0.0", + org.eclipse.jetty.util Bundle-RequiredExecutionEnvironment: JavaSE-11 Require-Capability: osgi.ee;filter:="(&(osgi.ee=JavaSE)(version>=11))" Import-Package: javax.mail;version="1.5", diff --git a/org.adempiere.install/install.app.launch b/org.adempiere.install/install.app.launch index 0f301f70b1..1d4a04358f 100644 --- a/org.adempiere.install/install.app.launch +++ b/org.adempiere.install/install.app.launch @@ -74,6 +74,7 @@ + diff --git a/org.adempiere.install/install.console.app.launch b/org.adempiere.install/install.console.app.launch index 1df3dac7bb..09ea598e9c 100644 --- a/org.adempiere.install/install.console.app.launch +++ b/org.adempiere.install/install.console.app.launch @@ -71,6 +71,7 @@ + @@ -91,7 +92,7 @@ - + diff --git a/org.adempiere.install/src/org/compiere/install/ConfigurationData.java b/org.adempiere.install/src/org/compiere/install/ConfigurationData.java index dcdc472aaa..4ee005237c 100644 --- a/org.adempiere.install/src/org/compiere/install/ConfigurationData.java +++ b/org.adempiere.install/src/org/compiere/install/ConfigurationData.java @@ -56,6 +56,7 @@ import org.compiere.util.DB; import org.compiere.util.EMail; import org.compiere.util.EMailAuthenticator; import org.compiere.util.Ini; +import org.eclipse.jetty.util.security.Password; /** @@ -239,6 +240,13 @@ public class ConfigurationData if (p_properties.size() > 5) envLoaded = true; + // deobfuscate keystore pass + String obfKeystorePass = p_properties.getProperty(ADEMPIERE_KEYSTOREPASS); + if (obfKeystorePass.startsWith(Password.__OBFUSCATE)) { + String keystorePass = Password.deobfuscate(obfKeystorePass); + p_properties.put(ADEMPIERE_KEYSTOREPASS, keystorePass); + } + Properties loaded = new Properties(); loaded.putAll(p_properties); // @@ -829,12 +837,17 @@ public class ConfigurationData // Save Environment fileName = m_adempiereHome.getAbsolutePath() + File.separator + IDEMPIERE_ENV_FILE; + FileOutputStream fos = null; try { - FileOutputStream fos = new FileOutputStream(new File(fileName)); + fos = new FileOutputStream(new File(fileName)); + // obfuscate keystore pass + String keystorePass = p_properties.getProperty(ADEMPIERE_KEYSTOREPASS); + String obfKeystorePass = Password.obfuscate(keystorePass); + p_properties.put(ADEMPIERE_KEYSTOREPASS, obfKeystorePass); p_properties.store(fos, IDEMPIERE_ENV_FILE); + p_properties.put(ADEMPIERE_KEYSTOREPASS, keystorePass); fos.flush(); - fos.close(); } catch (Exception e) { @@ -860,6 +873,24 @@ public class ConfigurationData System.err.println(ConfigurationPanel.res.getString("ErrorSave")); return false; } + finally + { + if (fos != null) { + try { + fos.close(); + } catch (IOException e) { + log.severe("Cannot close file " + fileName); + if (p_panel != null) + JOptionPane.showConfirmDialog(p_panel, + ConfigurationPanel.res.getString("ErrorSave"), + ConfigurationPanel.res.getString("AdempiereServerSetup"), + JOptionPane.DEFAULT_OPTION, JOptionPane.ERROR_MESSAGE); + else + System.err.println(ConfigurationPanel.res.getString("ErrorSave")); + return false; + } + } + } log.info(fileName); return saveIni(); } // save diff --git a/org.adempiere.server-feature/setup/configuration/config.ini b/org.adempiere.server-feature/setup/configuration/config.ini index 92add516cf..6809d47791 100644 --- a/org.adempiere.server-feature/setup/configuration/config.ini +++ b/org.adempiere.server-feature/setup/configuration/config.ini @@ -45,6 +45,7 @@ osgi.bundles=org.eclipse.equinox.ds@1:start,\ org.apache.activemq.kahadb,\ javax.transaction,\ org.eclipse.jetty.osgi-servlet-api,\ + org.eclipse.jetty.util,\ jakarta.annotation-api,\ slf4j.api,\ slf4j.jcl,\