001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.jaas;
018
019import java.util.Map;
020
021import javax.security.auth.Subject;
022import javax.security.auth.callback.CallbackHandler;
023
024import org.jasypt.encryption.pbe.StandardPBEStringEncryptor;
025import org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig;
026import org.jasypt.properties.EncryptableProperties;
027
028/**
029 * LDAPLoginModule that supports encryption
030 */
031public class EncryptableLDAPLoginModule extends LDAPLoginModule {
032
033    private static final String ENCRYPTION_PASSWORD = "encryptionPassword";
034    private static final String PASSWORD_ENV_NAME = "passwordEnvName";
035    private static final String PASSWORD_ALGORITHM = "encryptionAlgorithm";
036    private static final String DEFAULT_PASSWORD_ENV_NAME = "ACTIVEMQ_ENCRYPTION_PASSWORD";
037    private static final String DEFAULT_PASSWORD_ALGORITHM = "PBEWithMD5AndDES";
038    private final StandardPBEStringEncryptor configurationEncryptor = new StandardPBEStringEncryptor();
039
040    @SuppressWarnings({ "rawtypes", "unchecked" })
041    @Override
042    public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) {
043
044        String encryptionPassword = (String)options.get(ENCRYPTION_PASSWORD);
045        String passwordEnvName = options.get(PASSWORD_ENV_NAME) != null ?
046                (String)options.get(PASSWORD_ENV_NAME) : DEFAULT_PASSWORD_ENV_NAME;
047        String passwordAlgorithm = options.get(PASSWORD_ALGORITHM) != null ?
048                (String)options.get(PASSWORD_ALGORITHM) : DEFAULT_PASSWORD_ALGORITHM;
049
050        EnvironmentStringPBEConfig envConfig = new EnvironmentStringPBEConfig();
051        envConfig.setAlgorithm(passwordAlgorithm);
052
053        //If the password was set, use it
054        //else look up the password from the environment
055        if (encryptionPassword == null) {
056            envConfig.setPasswordEnvName(passwordEnvName);
057        } else {
058            envConfig.setPassword(encryptionPassword);
059        }
060
061        configurationEncryptor.setConfig(envConfig);
062        EncryptableProperties encryptableOptions
063            = new EncryptableProperties(configurationEncryptor);
064        encryptableOptions.putAll(options);
065
066        super.initialize(subject, callbackHandler, sharedState, encryptableOptions);
067
068    }
069
070}