0006213: Encrypted parameter values need to be decrypted before saving

into the batch file when synchronizing
JumpMind · Jan 29, 2024 · 7d5d9d3 · 7d5d9d3
1 parent ec7c550
commit 7d5d9d3
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 0 deletions.
diff --git a/symmetric-assemble/src/asciidoc/developer.ad b/symmetric-assemble/src/asciidoc/developer.ad
@@ -150,6 +150,9 @@ Implement this extension point to get callbacks for offline events detected on a
 ==== INodePasswordFilter
 Implement this extension point to intercept the saving and rendering of the node password.
 
+==== ISmtpPasswordFilter
+Implement this extension point to intercept the saving and rendering of the SMTP password.
+
 ifdef::pro[]
 === Embedding in Android
 SymmetricDS has its web-enabled, fault-tolerant, database synchronization software available on the Android mobile computing platform. 

diff --git a/symmetric-core/src/main/java/org/jumpmind/symmetric/security/ISmtpPasswordFilter.java b/symmetric-core/src/main/java/org/jumpmind/symmetric/security/ISmtpPasswordFilter.java
@@ -0,0 +1,21 @@
+package org.jumpmind.symmetric.security;
+
+import org.jumpmind.extension.IExtensionPoint;
+
+public interface ISmtpPasswordFilter extends IExtensionPoint {
+    /**
+     * Called on when the node security password is being saved to the DB.
+     * 
+     * @param password
+     *            - The password being saved
+     */
+    public String onSmtpPasswordSave(String password);
+
+    /**
+     * Called on when the password has been selected from the DB.
+     * 
+     * @param password
+     *            - The password to be used
+     */
+    public String onSmtpPasswordRender(String password);
+}
diff --git a/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/TransformService.java b/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/TransformService.java
@@ -72,6 +72,7 @@
 import org.jumpmind.symmetric.model.IModelObject;
 import org.jumpmind.symmetric.model.NodeGroupLink;
 import org.jumpmind.symmetric.security.INodePasswordFilter;
+import org.jumpmind.symmetric.security.ISmtpPasswordFilter;
 import org.jumpmind.symmetric.service.IConfigurationService;
 import org.jumpmind.symmetric.service.IExtensionService;
 import org.jumpmind.symmetric.service.IParameterService;
@@ -82,6 +83,13 @@ public class TransformService extends AbstractService implements ITransformServi
     private static final String NODE_FILTER_BSH = "filter = null; if (engine != null && engine.getExtensionService() != null) " +
             "filter = engine.getExtensionService().getExtensionPoint(org.jumpmind.symmetric.security.INodePasswordFilter.class); " +
             "if (filter != null) return filter.%s(currentValue); else return currentValue;";
+    private static final String SMTP_PASSWORD_BSH = "if (sourceDmlTypeString.equalsIgnoreCase(\"insert\") || sourceDmlTypeString.equalsIgnoreCase(\"update\")) {"
+            + "if (PARAM_KEY.equalsIgnoreCase(\"smtp.password\")) {"
+            + "filter = null; if (engine != null && engine.getExtensionService() != null) " +
+            "filter = engine.getExtensionService().getExtensionPoint(org.jumpmind.symmetric.security.ISmtpPasswordFilter.class); " +
+            "if (filter != null) return filter.%s(currentValue); else return currentValue;"
+            + "} else { return currentValue; }"
+            + "}";
     private IConfigurationService configurationService;
     private IExtensionService extensionService;
     private IParameterService parameterService;
@@ -270,6 +278,19 @@ public List<TransformTableNodeGroupLink> getConfigExtractTransforms(NodeGroupLin
             transform.setNodeGroupLink(nodeGroupLink);
             transforms.add(transform);
         }
+        if (extensionService.getExtensionPoint(ISmtpPasswordFilter.class) != null) {
+            String tableName = TableConstants.getTableName(parameterService.getTablePrefix(), TableConstants.SYM_PARAMETER);
+            TransformTableNodeGroupLink transform = new TransformTableNodeGroupLink();
+            transform.setSourceTableName(tableName);
+            transform.setTargetTableName(tableName);
+            transform.setTransformPoint(TransformPoint.EXTRACT);
+            TransformColumn column = new TransformColumn("param_value", "param_value", false);
+            column.setTransformType("bsh");
+            column.setTransformExpression(String.format(SMTP_PASSWORD_BSH, "onSmtpPasswordRender"));
+            transform.addTransformColumn(column);
+            transform.setNodeGroupLink(nodeGroupLink);
+            transforms.add(transform);
+        }
         return transforms;
     }
 
@@ -299,6 +320,19 @@ public List<TransformTableNodeGroupLink> getConfigLoadTransforms(NodeGroupLink n
             transform.setNodeGroupLink(nodeGroupLink);
             transforms.add(transform);
         }
+        if (extensionService.getExtensionPoint(ISmtpPasswordFilter.class) != null) {
+            tableName = TableConstants.getTableName(parameterService.getTablePrefix(), TableConstants.SYM_PARAMETER);
+            transform = new TransformTableNodeGroupLink();
+            transform.setSourceTableName(tableName);
+            transform.setTargetTableName(tableName);
+            transform.setTransformPoint(TransformPoint.LOAD);
+            column = new TransformColumn("param_value", "param_value", false);
+            column.setTransformType("bsh");
+            column.setTransformExpression(String.format(SMTP_PASSWORD_BSH, "onSmtpPasswordSave"));
+            transform.addTransformColumn(column);
+            transform.setNodeGroupLink(nodeGroupLink);
+            transforms.add(transform);
+        }
         TransformTableNodeGroupLink transformOutToIncoming = new TransformTableNodeGroupLink();
         TransformColumn columnOutToIncoming = new TransformColumn("node_id", "node_id", true);
         columnOutToIncoming.setTransformType("variable");