From e0dc1e3c209c8e475b95a706fb0db2e51d19b1a6 Mon Sep 17 00:00:00 2001 From: robin shine Date: Wed, 3 Jul 2013 13:34:22 +0800 Subject: [PATCH] Remove hibernate password encryption feature. Add back to use better encryption algorithm if necessary. --- .../persistence/ConfigurationProvider.java | 3 -- .../com/pmease/commons/util/StringUtils.java | 45 ------------------- 2 files changed, 48 deletions(-) diff --git a/commons.persistence/src/main/java/com/pmease/commons/persistence/ConfigurationProvider.java b/commons.persistence/src/main/java/com/pmease/commons/persistence/ConfigurationProvider.java index d5700e6fae..71f6a255c6 100644 --- a/commons.persistence/src/main/java/com/pmease/commons/persistence/ConfigurationProvider.java +++ b/commons.persistence/src/main/java/com/pmease/commons/persistence/ConfigurationProvider.java @@ -47,9 +47,6 @@ public class ConfigurationProvider implements Provider { String url = hibernateProperties.getProperty(Environment.URL); hibernateProperties.setProperty(Environment.URL, StringUtils.replace(url, "${installDir}", Bootstrap.installDir.getAbsolutePath())); - String encryptedPassword = hibernateProperties.getProperty("hibernate.connection.encrypted_password"); - if (StringUtils.isNotBlank(encryptedPassword)) - hibernateProperties.setProperty(Environment.PASS, StringUtils.decrypt(encryptedPassword.trim())); configuration = new Configuration(); configuration.setNamingStrategy(namingStrategy); diff --git a/commons.util/src/main/java/com/pmease/commons/util/StringUtils.java b/commons.util/src/main/java/com/pmease/commons/util/StringUtils.java index 1316afc746..978044ad25 100644 --- a/commons.util/src/main/java/com/pmease/commons/util/StringUtils.java +++ b/commons.util/src/main/java/com/pmease/commons/util/StringUtils.java @@ -4,56 +4,11 @@ import java.io.BufferedReader; import java.io.IOException; import java.io.StreamTokenizer; import java.io.StringReader; -import java.security.spec.KeySpec; import java.util.ArrayList; import java.util.Collection; import java.util.List; -import javax.crypto.Cipher; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.DESedeKeySpec; - -import org.apache.commons.codec.binary.Base64; - -import com.pmease.commons.bootstrap.BootstrapUtils; - public class StringUtils extends org.apache.commons.lang3.StringUtils { - private static final String ENCRYPTION_KEY = "123456789012345678901234567890"; - - public static String encrypt(String string) { - if (string == null) - return null; - try { - KeySpec keySpec = new DESedeKeySpec(ENCRYPTION_KEY.getBytes("UTF8")); - SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede"); - Cipher cipher = Cipher.getInstance("DESede"); - - SecretKey key = keyFactory.generateSecret(keySpec); - cipher.init(Cipher.ENCRYPT_MODE, key); - byte[] ciphertext = cipher.doFinal(string.getBytes("UTF8")); - return new String(Base64.encodeBase64(ciphertext)); - } catch (Exception e) { - throw BootstrapUtils.unchecked(e); - } - } - - public static String decrypt(String string) { - if (string == null) - return null; - try { - KeySpec keySpec = new DESedeKeySpec(ENCRYPTION_KEY.getBytes("UTF8")); - SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede"); - Cipher cipher = Cipher.getInstance("DESede"); - - SecretKey key = keyFactory.generateSecret(keySpec); - cipher.init(Cipher.DECRYPT_MODE, key); - byte[] bytes = cipher.doFinal(Base64.decodeBase64(string.getBytes())); - return new String(bytes, "UTF8"); - } catch (Exception e) { - throw BootstrapUtils.unchecked(e); - } - } /** * Split specified string with specified separator and trim the result fields.