+ *
+ * | property |
+ *
description |
+ *
default |
+ *
+ *
+ * | crypto.key |
+ * The password that will do the encryption and decryption of content. Required |
+ * |
+ *
+ *
+ * | crypto.prefix |
+ * A value used to determine if the page content is correctly decrypted. Should be a random string of minimum 10 length |
+ * A random string |
+ *
+ *
+ * | crypto.suffix |
+ * A value appended to the end of the encrypted string. Should be a random string of minimum 10 length |
+ * A random string |
+ *
+ *
+ *
+ * @since 2.10.2
+ */
+public class EncryptedPageFilter extends BasicPageFilter {
+
+ private static final Logger log = Logger.getLogger(EncryptedPageFilter.class);
+
+ private static final int MIN_LENGTH = 10;
+ public static final String PROP_CRYPTO_KEY = "crypto.key";
+ public static final String PROP_CRYPTO_PREFIX = "crypto.prefix";
+ public static final String PROP_CRYPTO_SUFFIX = "crypto.suffix";
+
+ private static final String DEFAULT_CRYPTO_PREFIX = "A@I@#!)KDAS)$:";
+ private static final String DEFAULT_CRYPTO_SUFFIX = ")FEJ*$Y@LSDFKJ@V";
+
+ private CryptoProvider cryptoProvider;
+ private char[] key;
+ private String prefix = DEFAULT_CRYPTO_PREFIX;
+ private String suffix = DEFAULT_CRYPTO_SUFFIX;
+
+ @Override
+ public void initialize(WikiEngine engine, Properties properties) throws FilterException {
+
+ try {
+ cryptoProvider = engine.getCryptoManager().getCryptoProvider();
+ } catch (Exception e) {
+ throw new FilterException(e.getMessage());
+ }
+
+ String keyValue = cryptoProvider.getExtraCryptoProperty(PROP_CRYPTO_KEY);
+ if (keyValue != null) {
+ key = keyValue.toCharArray();
+ } else {
+ throw new FilterException("The encryption key "+PROP_CRYPTO_KEY+" has not been set!");
+ }
+ if (key.length < MIN_LENGTH) {
+ throw new FilterException("The encryption key "+PROP_CRYPTO_KEY+" provided is to short. Min Length required is " + MIN_LENGTH);
+ }
+ if (key.length < MIN_LENGTH) {
+ throw new FilterException("The encryption key "+PROP_CRYPTO_KEY+" provided is to short. Min Length required is " + MIN_LENGTH);
+ }
+ prefix = cryptoProvider.getExtraCryptoProperty(PROP_CRYPTO_PREFIX, DEFAULT_CRYPTO_PREFIX);
+ if (prefix.length() < MIN_LENGTH) {
+ throw new FilterException("The property value "+PROP_CRYPTO_PREFIX+"="+ prefix + " is to short. Min Length required is " + MIN_LENGTH);
+ }
+ suffix = cryptoProvider.getExtraCryptoProperty(PROP_CRYPTO_SUFFIX, DEFAULT_CRYPTO_SUFFIX);
+ if (suffix.length() < MIN_LENGTH) {
+ throw new FilterException("The property value "+PROP_CRYPTO_SUFFIX+"="+ suffix + " is to short. Min Length required is " + MIN_LENGTH);
+ }
+ }
+
+ /**
+ * Given a crypto provider and a key, encrypt the content provided on preSave.
+ * The actual implementation adds a prefix to the raw content, and a suffix to the encrypted content.
+ */
+ @Override
+ public String preSave(WikiContext wikiContext, String content) throws FilterException {
+ try {
+ if (enableEncrpytion(wikiContext)) {
+ boolean addPrefixSuffix = true;
+ if (cryptoProvider.getClass().getName().equals(new BaseCryptoProvider().getClass().getName())) {
+ addPrefixSuffix = false;
+ }
+ if (addPrefixSuffix) {
+ content = prefix + content;
+ }
+ content = new String(cryptoProvider.encrypt(key, content.getBytes()));
+ if (addPrefixSuffix) {
+ content += suffix;
+ }
+ }
+ } catch (Exception e) {
+ throw new FilterException("Error encrypting content. ERROR="+e+" "+e.getMessage());
+ }
+ return super.preSave(wikiContext, content);
+ }
+
+ /**
+ * Given a crypto provider and a key, decrypt the content provided on preTranslate.
+ * If the suffix does not match the provided suffix, we assume the page was not encrypted and
+ * return the content.
+ * Otherwise we trim the suffix, decrypt, remove the prefix and return the plain content.
+ */
+ @Override
+ public String preTranslate(WikiContext wikiContext, String content) throws FilterException {
+ String result = super.preTranslate(wikiContext, content);
+ try {
+ if (result.endsWith(suffix)) {
+ result = result.substring(0,result.length()-suffix.length());
+ String plain = new String(cryptoProvider.decrypt(key, result.getBytes()));
+ if (plain.startsWith(prefix)) {
+ result = plain.substring(prefix.length());
+ } else {
+ throw new Exception("The decrypted content did not start with the expected prefix!!!");
+ }
+ }
+
+ } catch (Exception e) {
+ throw new FilterException("Error decrypting content. ERROR="+e+" "+e.getMessage());
+ }
+ return result;
+ }
+
+ private boolean enableEncrpytion(WikiContext wikiContext) {
+ return true;
+ }
+
+}
Index: jspwiki-war/src/main/resources/ini/classmappings.xml
===================================================================
--- jspwiki-war/src/main/resources/ini/classmappings.xml (revision 1622810)
+++ jspwiki-war/src/main/resources/ini/classmappings.xml (working copy)
@@ -123,4 +123,12 @@
org.apache.wiki.workflow.WorkflowManager
org.apache.wiki.workflow.WorkflowManager
+
+ org.apache.wiki.crypto.CryptoProvider
+ org.apache.wiki.crypto.BaseCryptoProvider
+
+
+ org.apache.wiki.crypto.PBECryptoProvider
+ org.apache.wiki.crypto.PBECryptoProvider
+
Index: jspwiki-war/src/main/resources/ini/jspwiki.properties
===================================================================
--- jspwiki-war/src/main/resources/ini/jspwiki.properties (revision 1622810)
+++ jspwiki-war/src/main/resources/ini/jspwiki.properties (working copy)
@@ -338,6 +338,19 @@
#
#jspwiki.lucene.analyzer = org.apache.lucene.analysis.standard.StandardAnalyzer
+#
+# The implementing class of the Cryptographic Provider (CryptoProvider) for jspwiki.
+# Default is PBECryptoProvider, but you can reduce this to BaseCryptoProvider.
+#
+jspwiki.cryptoProvider = org.apache.wiki.crypto.PBECryptoProvider
+#
+# The location of the jspwiki cryptographic settings file. This file should be protected at all
+# costs, as it contains the passwords and settings for your encryption and decryption ciphers.
+# WARNING: If this file is lost, or altered, you will no longer be able to read any wiki content.
+#
+#jspwiki.cryptoFile = /usr/local/etc/jspwiki-crypto.properties
+
+
############################################################################
#
# Special page references.
Index: jspwiki-war/src/main/resources/ini/jspwiki_module.xml
===================================================================
--- jspwiki-war/src/main/resources/ini/jspwiki_module.xml (revision 1622810)
+++ jspwiki-war/src/main/resources/ini/jspwiki_module.xml (working copy)
@@ -59,5 +59,9 @@
Janne Jalkanen
2.6
-
+
+ David Vittor
+ 2.10.1
+
+
\ No newline at end of file
Index: jspwiki-war/src/test/java/org/apache/wiki/crypto/PBECryptoProviderTest.java
===================================================================
--- jspwiki-war/src/test/java/org/apache/wiki/crypto/PBECryptoProviderTest.java (revision 0)
+++ jspwiki-war/src/test/java/org/apache/wiki/crypto/PBECryptoProviderTest.java (working copy)
@@ -0,0 +1,74 @@
+/*
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+ */
+package org.apache.wiki.crypto;
+
+import junit.framework.TestCase;
+
+import net.sf.ehcache.CacheManager;
+
+import org.apache.wiki.TestEngine;
+import org.apache.wiki.api.exceptions.EncryptionException;
+
+import java.io.File;
+import java.io.FileWriter;
+import java.util.Properties;
+
+/**
+ * Test the class {@link org.apache.wiki.crypto.PBECryptoProvider}
+ *
+ * @since 2.10.2
+ */
+public class PBECryptoProviderTest extends TestCase {
+
+ TestEngine m_engine;
+
+ protected void setUp() throws Exception
+ {
+ super.setUp();
+ Properties props = TestEngine.getTestProperties();
+ m_engine = new TestEngine(props);
+ }
+
+ public void testEncryptAndDecrypt() throws Exception {
+ PBECryptoProvider provider = new PBECryptoProvider();
+ provider.initialize(m_engine,m_engine.getWikiProperties());
+ char[] password1 = "P@ssword1".toCharArray();
+ char[] password2 = "Pa$$w0rd2".toCharArray();
+ String content1 = "This is simple";
+ String content2 = "This may work";
+
+ // Test content1&2 with password1
+ byte[] secret1 = provider.encrypt(password1,content1.getBytes());
+ byte[] secret2 = provider.encrypt(password1,content2.getBytes());
+ String result1 = new String(provider.decrypt(password1,secret1));
+ String result2 = new String(provider.decrypt(password1,secret2));
+ assertNotNull(result1);
+ assertNotNull(result2);
+ assertEquals(content1,result1);
+ assertEquals(content2,result2);
+
+ try {
+ result1 = new String(provider.decrypt(password2, secret1));
+ } catch (EncryptionException e) {
+ assertTrue(e.getMessage().contains("BadPaddingException"));
+ }
+ assertEquals(content1, result1);
+ }
+
+}
Index: jspwiki-war/src/test/java/org/apache/wiki/filters/AllTests.java
===================================================================
--- jspwiki-war/src/test/java/org/apache/wiki/filters/AllTests.java (revision 1622810)
+++ jspwiki-war/src/test/java/org/apache/wiki/filters/AllTests.java (working copy)
@@ -33,6 +33,7 @@
TestSuite suite = new TestSuite("PageFilter tests");
suite.addTest( DefaultFilterManagerTest.suite() );
+ suite.addTest( EncryptedPageFilterTest.suite() );
return suite;
}
Index: jspwiki-war/src/test/java/org/apache/wiki/filters/DefaultFilterManagerTest.java
===================================================================
--- jspwiki-war/src/test/java/org/apache/wiki/filters/DefaultFilterManagerTest.java (revision 1622810)
+++ jspwiki-war/src/test/java/org/apache/wiki/filters/DefaultFilterManagerTest.java (working copy)
@@ -51,7 +51,7 @@
List l = m.getFilterList();
- assertEquals("Wrong number of filters", 2, l.size());
+ assertEquals("Wrong number of filters", 3, l.size());
Iterator i = l.iterator();
PageFilter f1 = (PageFilter)i.next();
@@ -61,6 +61,10 @@
PageFilter f2 = (PageFilter)i.next();
assertTrue("Not a Testfilter", f2 instanceof TestFilter);
+
+ PageFilter f3 = (PageFilter)i.next();
+
+ assertTrue("Not a EncryptedPageFilter", f3 instanceof EncryptedPageFilter);
}
public void testInitParams() throws Exception {
Index: jspwiki-war/src/test/resources/filters.xml
===================================================================
--- jspwiki-war/src/test/resources/filters.xml (revision 1622810)
+++ jspwiki-war/src/test/resources/filters.xml (working copy)
@@ -23,7 +23,7 @@
org.apache.wiki.filters.ProfanityFilter
-
+
org.apache.wiki.filters.TestFilter
@@ -38,4 +38,8 @@
+
+ org.apache.wiki.filters.EncryptedPageFilter
+
+
Index: jspwiki-war/src/test/resources/jspwiki-crypto.properties
===================================================================
--- jspwiki-war/src/test/resources/jspwiki-crypto.properties (revision 0)
+++ jspwiki-war/src/test/resources/jspwiki-crypto.properties (working copy)
@@ -0,0 +1 @@
+crypto.key=xyzpwd123456