wso2 / carbon-secvault Goto Github PK
View Code? Open in Web Editor NEWLicense: Apache License 2.0
License: Apache License 2.0
In Carbon 5.2.0-m3, carbon secure vault resides in Kernel and supports only OSGi model. This needs to be moved to this repo and in-addition to OSGi support, it should also provide support for non-OSGi.
DefaultSecretRepositoryTest fails giving below exception.
java.lang.ClassCastException: java.lang.String cannot be cast to [B
Remove
<dependency>
<groupId>org.easymock</groupId>
<artifactId>easymock</artifactId>
<version>${easymock.version}</version>
<scope>test</scope>
</dependency>
dependency and use
<dependency>
<groupId>org.mockito</groupId>
<artifactId>mockito-core</artifactId>
<version>${mockito-core.version}</version>
<scope>test</scope>
</dependency>
instead for mocking.
The reason for replacing this dependency is since mockito is the library that is being approved by WSO2
Fix the issues in PR #5, i.e., remove unwanted properties, dependencies, proper groupId artifactId, structure (with component and feature), javaDocs, use carbon-feature-plugin 3.0.0, etc...
In OSGi support, the configuration files should be specific to each runtime, i.e., it should be in /wso2//conf.
Support for non-OSGi secure vault - Pending changes.
Currently we hardcode securevault namespace to "wso2.securevault". So secure vault configuration should always keep under wso2.securevault as below.
wso2.securevault:
secretRepository:
type: org.wso2.carbon.secvault.repository.DefaultSecretRepository
parameters:
privateKeyAlias: wso2carbon
keystoreLocation: ../../resources/security/securevault.jks
secretPropertiesFile: ../../conf/${sys:wso2.runtime}/secrets.properties
masterKeyReader:
type: org.wso2.carbon.secvault.reader.DefaultMasterKeyReader
parameters:
masterKeyReaderFile: ../../conf/${sys:wso2.runtime}/master-keys.yaml
It would be better, if we can make the namespace configurable.
Samples should be added to demonstrate the use of carbon secure vault in non-OSGi mode
Current ciphertool script not supports per runtime encryption. need to support it.
Description:
There are no samples available which demonstrate how an element to be encrypted should be specified in configuration files. For example, if a property wso2.password1
with some value has been added to secrets.properties and encrypted, the placeholder ${sec:wso2.password1}
has to be specified in the configuration file in place of the value. This should be documented and sampled.
Suggested Labels:
Improvement
Carbon cypher tool execution scripts are changed such that they are no more dependent on the carbon tool executor. These changes are to be tested and validated
Jacoco plugin throws class already instrumented exception when building the project. These exceptions should not be thrown and should be resolved
More information:
A sample exception will be as shown below:
java.lang.instrument.IllegalClassFormatException: Error while instrumenting class org/wso2/carbon/secvault/securevault/ciphertool/CipherTool. at org.jacoco.agent.rt.internal_b0d6a23.CoverageTransformer.transform(CoverageTransformer.java:95) at sun.instrument.TransformerManager.transform(TransformerManager.java:188) at sun.instrument.InstrumentationImpl.transform(InstrumentationImpl.java:428) at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:763) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:467) at java.net.URLClassLoader.access$100(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:368) at java.net.URLClassLoader$1.run(URLClassLoader.java:362) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:361) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at org.wso2.carbon.secvault.securevault.ciphertool.CipherToolTest.testEncryptionAndDecryption(CipherToolTest.java:43) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:85) at org.testng.internal.Invoker.invokeMethod(Invoker.java:659) at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:845) at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1153) at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:125) at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:108) at org.testng.TestRunner.privateRun(TestRunner.java:771) at org.testng.TestRunner.run(TestRunner.java:621) at org.testng.SuiteRunner.runTest(SuiteRunner.java:357) at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:352) at org.testng.SuiteRunner.privateRun(SuiteRunner.java:310) at org.testng.SuiteRunner.run(SuiteRunner.java:259) at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:52) at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:86) at org.testng.TestNG.runSuitesSequentially(TestNG.java:1199) at org.testng.TestNG.runSuitesLocally(TestNG.java:1124) at org.testng.TestNG.run(TestNG.java:1032) at org.apache.maven.surefire.testng.TestNGExecutor.run(TestNGExecutor.java:293) at org.apache.maven.surefire.testng.TestNGXmlTestSuite.execute(TestNGXmlTestSuite.java:84) at org.apache.maven.surefire.testng.TestNGProvider.invoke(TestNGProvider.java:91) at org.apache.maven.surefire.booter.ForkedBooter.invokeProviderInSameClassLoader(ForkedBooter.java:200) at org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:153) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:103) Caused by: java.io.IOException: Error while instrumenting class org/wso2/carbon/secvault/securevault/ciphertool/CipherTool. at org.jacoco.agent.rt.internal_b0d6a23.core.instr.Instrumenter.instrumentError(Instrumenter.java:152) at org.jacoco.agent.rt.internal_b0d6a23.core.instr.Instrumenter.instrument(Instrumenter.java:103) at org.jacoco.agent.rt.internal_b0d6a23.CoverageTransformer.transform(CoverageTransformer.java:93) ... 42 more Caused by: java.lang.IllegalStateException: Class org/wso2/carbon/secvault/securevault/ciphertool/CipherTool is already instrumented. at org.jacoco.agent.rt.internal_b0d6a23.core.internal.instr.InstrSupport.assertNotInstrumented(InstrSupport.java:89) at org.jacoco.agent.rt.internal_b0d6a23.core.internal.instr.ClassInstrumenter.visitField(ClassInstrumenter.java:55) at org.jacoco.agent.rt.internal_b0d6a23.asm.ClassVisitor.visitField(ClassVisitor.java:272) at org.jacoco.agent.rt.internal_b0d6a23.asm.ClassReader.readField(ClassReader.java:768) at org.jacoco.agent.rt.internal_b0d6a23.asm.ClassReader.accept(ClassReader.java:689) at org.jacoco.agent.rt.internal_b0d6a23.asm.ClassReader.accept(ClassReader.java:506) at org.jacoco.agent.rt.internal_b0d6a23.core.instr.Instrumenter.instrument(Instrumenter.java:83) at org.jacoco.agent.rt.internal_b0d6a23.core.instr.Instrumenter.instrument(Instrumenter.java:101) ... 43 more
This exception however do not impact the build or jacoco reports in any way. The plugin is configured to proceed ignoring this warning and produce jacoco reports using the following config
<execution> <id>default-restore-instrumented-classes</id> <goals> <goal>restore-instrumented-classes</goal> </goals> </execution>
This should give the correct decrypted value but now getting empty string
Copied from: wso2/carbon-kernel#1252
In the MasterKeyConfiguration class, the password in the master key yaml file, is read and stored in a properties object. This file should be read as an inputstream and the password should be stored in the char array.
Currently ciphertool jar and scripts are included in same secvault feature with secvault osgi bundles. Since ciphertool is a standalone jar file. It is better, if we can move tools to separate feature(org.wso2.carbon.secvault.tools.feature). So products can add secure tools feature separately.
Previously secure vault is in carbon kernel. It was tightly coupled with OSGI context. It was suggested to secure vault should support for both OSGI and non-OSGI mode. So remove secure vault from carbon kernel and move to a separate repo and make the necessary changes for non-OSGI support.
secure vault feature depends on carbon-utils feature. Add git doc for secure vault feature installation.
Need to update the main MD doc for secvault repo with description about each of the individual config files used.
ciphertool scripts are now duplicated in each runtime. libs and scripts need to move to server level to avoid duplicates.
Currently, snake yaml jar is packed in the kernel feature. Ideally, it should be packed in carbon secvault feature.
Earlier it prints the encrypted value and decrypted value. But now it prints nothing
Strings should not be used to store master keys
It gives init method not found error
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.