Commit 7fb403ca authored by ='s avatar =

Resolve reset when reinstalling encryption or key problems

parent 75785ab9
......@@ -34,6 +34,7 @@ import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Map.Entry;
import java.util.TimeZone;
import java.util.TimerTask;
......@@ -66,7 +67,6 @@ public class JiveGlobals {
private static final String ENCRYPTED_PROPERTY_NAME_PREFIX = "encrypt.";
private static final String ENCRYPTED_PROPERTY_NAMES = ENCRYPTED_PROPERTY_NAME_PREFIX + "property.name";
private static final String ENCRYPTION_ALGORITHM = ENCRYPTED_PROPERTY_NAME_PREFIX + "algorithm";
private static final String OLD_ENCRYPTION_ALGORITHM = ENCRYPTED_PROPERTY_NAME_PREFIX + "old_algorithm";
private static final String ENCRYPTION_KEY_CURRENT = ENCRYPTED_PROPERTY_NAME_PREFIX + "key.current";
private static final String ENCRYPTION_KEY_NEW = ENCRYPTED_PROPERTY_NAME_PREFIX + "key.new";
private static final String ENCRYPTION_KEY_OLD = ENCRYPTED_PROPERTY_NAME_PREFIX + "key.old";
......@@ -855,10 +855,12 @@ public class JiveGlobals {
* set the algorithm for encrypting property values
*/
public static void setupPropertyEncryptionAlgorithm(String alg) {
// The old way of doing backup backup encryption removals
// Get the old secret key and encryption type
String oldAlg = securityProperties.getProperty(ENCRYPTION_ALGORITHM);
if(StringUtils.isNotEmpty(oldAlg)){
securityProperties.setProperty(OLD_ENCRYPTION_ALGORITHM,oldAlg);
String oldKey = securityProperties.getProperty(ENCRYPTION_KEY_CURRENT);
if(StringUtils.isNotEmpty(oldAlg) && !oldAlg.equals(alg) && StringUtils.isNotEmpty(oldKey)){
// update encrypted properties
updateEncryptionProperties(oldAlg, oldKey, alg, oldAlg);
}
if (ENCRYPTION_ALGORITHM_AES.equalsIgnoreCase(alg)) {
securityProperties.setProperty(ENCRYPTION_ALGORITHM, ENCRYPTION_ALGORITHM_AES);
......@@ -872,39 +874,39 @@ public class JiveGlobals {
* set a custom key for encrypting property values
*/
public static void setupPropertyEncryptionKey(String key) {
currentKey = key;
// Get the old secret key and encryption type
String oldAlg = securityProperties.getProperty(ENCRYPTION_ALGORITHM);
String oldKey = securityProperties.getProperty(ENCRYPTION_KEY_CURRENT);
if(StringUtils.isNotEmpty(oldKey) && !oldKey.equals(key)) {
oldKey = new AesEncryptor().decrypt(oldKey);
// Re-encrypted with a new key configuration
reEncryptionPropertiesWithNewKey(oldKey,key);
if(StringUtils.isNotEmpty(oldKey) && !oldKey.equals(key) && StringUtils.isNotEmpty(oldAlg)) {
// update encrypted properties
updateEncryptionProperties(oldAlg, oldKey, oldAlg, key);
}
securityProperties.setProperty(ENCRYPTION_KEY_CURRENT, new AesEncryptor().encrypt(currentKey));
}
/**
* Re-encrypted with a new key configuration
* Re-encrypted with a new key and new algorithm configuration
*
* @param oldKey old encrypt key
* @param newKey old new key
* @param oldAlg old algorithm type
* @param oldKey old encryptor key
* @param newAlg new algorithm type
* @param newKey new encryptor key
*/
private static void reEncryptionPropertiesWithNewKey(String oldKey,String newKey) {
private static void updateEncryptionProperties(String oldAlg,String oldKey,String newAlg,String newKey) {
Encryptor oldEncryptor = null;
Encryptor newEncryptor = null;
// Get the old settings to decrypt the encrypted configuration properties
String oldAlgorithm = securityProperties.getProperty(OLD_ENCRYPTION_ALGORITHM);
if (ENCRYPTION_ALGORITHM_AES.equalsIgnoreCase(oldAlgorithm)) {
// create the encryptor
if (ENCRYPTION_ALGORITHM_AES.equalsIgnoreCase(oldAlg)) {
oldEncryptor = new AesEncryptor(oldKey);
} else {
oldEncryptor = new Blowfish(oldKey);
}
String newAlgorithm = securityProperties.getProperty(ENCRYPTION_ALGORITHM);
if (ENCRYPTION_ALGORITHM_AES.equalsIgnoreCase(newAlgorithm)) {
if (ENCRYPTION_ALGORITHM_AES.equalsIgnoreCase(newAlg)) {
newEncryptor = new AesEncryptor(newKey);
} else {
newEncryptor = new Blowfish(newKey);
}
// Set the current encryption
currentKey = oldKey;
propertyEncryptor = oldEncryptor;
......@@ -914,22 +916,26 @@ public class JiveGlobals {
properties = JiveProperties.getInstance();
}
// update current encryption
currentKey = newKey;
propertyEncryptor = newEncryptor;
// update properties
Iterator<String> iterator = properties.keySet().iterator();
// Update configuration properties
Iterator<Entry<String, String>> iterator = properties.entrySet().iterator();
Entry<String, String> entry = null;
String name = null;
while(iterator.hasNext()){
String name = iterator.next();
entry = iterator.next();
name = entry.getKey();
if(isPropertyEncrypted(name)){
// update xml prop
String xmlProperty = getXMLProperty(name);
if(StringUtils.isNotEmpty(xmlProperty)){
setXMLProperty(name, getProperty(name));
setXMLProperty(name, entry.getValue());
}
}
properties.put(name, entry.getValue());
}
}
/**
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment