From 1603106c5d60037ef833117d9c6d4a9a8cfe30dd Mon Sep 17 00:00:00 2001 From: Sagar Miglani Date: Thu, 13 Oct 2022 11:38:14 +0530 Subject: [PATCH 1/3] FELIX-6570 - Components webconsole-plugin shows password in clear text --- .../ds/internal/ConfigurationSupport.java | 14 ++++++ .../plugins/ds/internal/MetatypeSupport.java | 47 +++++++++++++++++++ .../plugins/ds/internal/WebConsolePlugin.java | 30 +++++++++--- 3 files changed, 85 insertions(+), 6 deletions(-) diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java index e0dff3bb7b..50af0e0b19 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java @@ -22,6 +22,8 @@ import org.osgi.framework.BundleContext; import org.osgi.util.tracker.ServiceTracker; +import java.util.Collection; + public class ConfigurationSupport { private final ServiceTracker configAdminTracker; @@ -73,4 +75,16 @@ public boolean isConfigurable(final Bundle providingBundle, final String pid) } return false; } + + /** + * Returns a Collection of IDs of Password Attributes Definitions for given bundle and configuration PIDs + * @param bundle The Bundle providing the component + * @param configurationPids A non-null configuration pid + * @return Collection + */ + public Collection getPasswordAttributeDefinitionIds(final Bundle bundle, final String[] configurationPids) { + Object metaTypeService = this.metatypeTracker.getService(); + return new MetatypeSupport().getPasswordAttributeDefinitionIds(metaTypeService, bundle, configurationPids); + } + } \ No newline at end of file diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java index 3e15da213a..7ab089d83c 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java @@ -19,8 +19,15 @@ package org.apache.felix.webconsole.plugins.ds.internal; import org.osgi.framework.Bundle; +import org.osgi.service.metatype.AttributeDefinition; import org.osgi.service.metatype.MetaTypeInformation; import org.osgi.service.metatype.MetaTypeService; +import org.osgi.service.metatype.ObjectClassDefinition; + +import java.util.Collection; +import java.util.Collections; +import java.util.Set; +import java.util.HashSet; public class MetatypeSupport { @@ -39,4 +46,44 @@ public boolean check(final Object obj, final Bundle providingBundle, final Strin } return false; } + + public Collection getPasswordAttributeDefinitionIds(final Object mts, final Bundle bundle, final String[] configurationPids) { + if (mts == null || bundle == null) { + return Collections.emptySet(); + } + MetaTypeService metaTypeService = (MetaTypeService) mts; + MetaTypeInformation metaTypeInformation = metaTypeService.getMetaTypeInformation(bundle); + if (metaTypeInformation == null) { + return Collections.emptySet(); + } + + Set allPasswordIds = new HashSet<>(); + for(String configurationPid: configurationPids) { + allPasswordIds.addAll(getPasswordIds(metaTypeInformation, configurationPid)); + } + + return allPasswordIds; + } + + private Set getPasswordIds(MetaTypeInformation metaTypeInformation, String configurationPid) { + AttributeDefinition[] defs = null; + try { + ObjectClassDefinition ocd = metaTypeInformation.getObjectClassDefinition(configurationPid, null); + defs = ocd.getAttributeDefinitions(ObjectClassDefinition.ALL); + } catch (final IllegalArgumentException ignore) { + // just ignore this exception? + } + + Set passwordsDefIds = new HashSet<>(); + if (defs != null) { + for (int i = 0; i < defs.length; i++) { + if (defs[i].getType() == AttributeDefinition.PASSWORD) { + passwordsDefIds.add(defs[i].getID()); + } + } + } + + return passwordsDefIds; + } + } \ No newline at end of file diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java index f4b38775bd..c2cd13f056 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/WebConsolePlugin.java @@ -477,6 +477,14 @@ else if ( config != null ) private void listProperties(JSONWriter jw, ComponentDescriptionDTO desc, ComponentConfigurationDTO component) throws IOException { Map props = component != null ? component.properties : desc.properties; + + // Is this the right way to get bundle and configuration PID? + Bundle bundle = this.getBundleContext().getBundle(0).getBundleContext().getBundle(desc.bundle.id); + String[] configurationPids = desc.configurationPid; + + Collection passwordPropertyIds = + this.optionalSupport.getPasswordAttributeDefinitionIds(bundle, configurationPids); + if (props != null) { jw.object(); @@ -491,9 +499,14 @@ private void listProperties(JSONWriter jw, ComponentDescriptionDTO desc, Compone final StringBuilder b = new StringBuilder(); b.append(key).append(" = "); - Object prop = props.get(key); - prop = WebConsoleUtil.toString(prop); - b.append(prop); + if (passwordPropertyIds.contains(key)) { + b.append("********"); + } else { + Object prop = props.get(key); + prop = WebConsoleUtil.toString(prop); + b.append(prop); + } + jw.value(b.toString()); } jw.endArray(); @@ -512,9 +525,14 @@ private void listProperties(JSONWriter jw, ComponentDescriptionDTO desc, Compone final StringBuilder b = new StringBuilder(); b.append(key).append(" = "); - Object prop = props.get(key); - prop = WebConsoleUtil.toString(prop); - b.append(prop); + if (passwordPropertyIds.contains(key)) { + b.append("********"); + } else { + Object prop = props.get(key); + prop = WebConsoleUtil.toString(prop); + b.append(prop); + } + jw.value(b.toString()); } jw.endArray(); From c19bf16667272c40df66d8c2f53ac8abe380cfaf Mon Sep 17 00:00:00 2001 From: Sagar Miglani Date: Thu, 13 Oct 2022 12:41:29 +0530 Subject: [PATCH 2/3] FELIX-6570 - Components webconsole-plugin shows password in clear text --- .../webconsole/plugins/ds/internal/ConfigurationSupport.java | 4 ++++ .../webconsole/plugins/ds/internal/MetatypeSupport.java | 5 +---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java index 50af0e0b19..24be8c3349 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java @@ -23,6 +23,7 @@ import org.osgi.util.tracker.ServiceTracker; import java.util.Collection; +import java.util.Collections; public class ConfigurationSupport { @@ -84,6 +85,9 @@ public boolean isConfigurable(final Bundle providingBundle, final String pid) */ public Collection getPasswordAttributeDefinitionIds(final Bundle bundle, final String[] configurationPids) { Object metaTypeService = this.metatypeTracker.getService(); + if (metaTypeService == null) { + return Collections.emptySet(); + } return new MetatypeSupport().getPasswordAttributeDefinitionIds(metaTypeService, bundle, configurationPids); } diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java index 7ab089d83c..59990ce6a6 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java @@ -48,12 +48,9 @@ public boolean check(final Object obj, final Bundle providingBundle, final Strin } public Collection getPasswordAttributeDefinitionIds(final Object mts, final Bundle bundle, final String[] configurationPids) { - if (mts == null || bundle == null) { - return Collections.emptySet(); - } MetaTypeService metaTypeService = (MetaTypeService) mts; MetaTypeInformation metaTypeInformation = metaTypeService.getMetaTypeInformation(bundle); - if (metaTypeInformation == null) { + if (metaTypeInformation == null || bundle == null) { return Collections.emptySet(); } From bf0e0e1873317a55b44ee1aa0134b257157a7fe5 Mon Sep 17 00:00:00 2001 From: Sagar Miglani Date: Thu, 13 Oct 2022 12:44:12 +0530 Subject: [PATCH 3/3] FELIX-6570 - Components webconsole-plugin shows password in clear text --- .../webconsole/plugins/ds/internal/ConfigurationSupport.java | 2 +- .../felix/webconsole/plugins/ds/internal/MetatypeSupport.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java index 24be8c3349..749f35289b 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/ConfigurationSupport.java @@ -85,7 +85,7 @@ public boolean isConfigurable(final Bundle providingBundle, final String pid) */ public Collection getPasswordAttributeDefinitionIds(final Bundle bundle, final String[] configurationPids) { Object metaTypeService = this.metatypeTracker.getService(); - if (metaTypeService == null) { + if (bundle == null || metaTypeService == null) { return Collections.emptySet(); } return new MetatypeSupport().getPasswordAttributeDefinitionIds(metaTypeService, bundle, configurationPids); diff --git a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java index 59990ce6a6..ef10a45123 100644 --- a/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java +++ b/webconsole-plugins/ds/src/main/java/org/apache/felix/webconsole/plugins/ds/internal/MetatypeSupport.java @@ -50,7 +50,7 @@ public boolean check(final Object obj, final Bundle providingBundle, final Strin public Collection getPasswordAttributeDefinitionIds(final Object mts, final Bundle bundle, final String[] configurationPids) { MetaTypeService metaTypeService = (MetaTypeService) mts; MetaTypeInformation metaTypeInformation = metaTypeService.getMetaTypeInformation(bundle); - if (metaTypeInformation == null || bundle == null) { + if (metaTypeInformation == null) { return Collections.emptySet(); }