pwm-project
diff --git a/‎server/src/main/java/password/pwm/config/StoredValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/StoredValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/stored/StoredConfigurationImpl.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/stored/StoredConfigurationImpl.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/AbstractValue.java
Lines changed: 73 additions & 0 deletions b/‎server/src/main/java/password/pwm/config/value/AbstractValue.java
Lines changed: 73 additions & 0 deletions
diff --git a/‎server/src/main/java/password/pwm/config/value/ActionValue.java
Lines changed: 45 additions & 4 deletions b/‎server/src/main/java/password/pwm/config/value/ActionValue.java
Lines changed: 45 additions & 4 deletions
diff --git a/‎server/src/main/java/password/pwm/config/value/BooleanValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/BooleanValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/ChallengeValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/ChallengeValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/CustomLinkValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/CustomLinkValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/EmailValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/EmailValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/FileValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/FileValue.java
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/src/main/java/password/pwm/config/value/FormValue.java
Lines changed: 1 addition & 1 deletion b/‎server/src/main/java/password/pwm/config/value/FormValue.java
Lines changed: 1 addition & 1 deletion
@@ -33,7 +33,7 @@
 
 public interface StoredValue extends Serializable
 {
-    List<Element> toXmlValues( String valueElementName );
+    List<Element> toXmlValues( String valueElementName, PwmSecurityKey pwmSecurityKey );
 
     Object toNativeObject( );
 
 
@@ -997,7 +997,7 @@ else if ( setting.getSyntax() == PwmSettingSyntax.NAMED_SECRET )
             }
             else
             {
-                settingElement.addContent( value.toXmlValues( "value" ) );
+                settingElement.addContent( value.toXmlValues( "value", getKey() ) );
             }
 
 
 
@@ -22,17 +22,26 @@
 
 package password.pwm.config.value;
 
+import lombok.Value;
 import password.pwm.PwmConstants;
 import password.pwm.config.StoredValue;
+import password.pwm.error.ErrorInformation;
+import password.pwm.error.PwmError;
+import password.pwm.error.PwmOperationalException;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.util.java.JsonUtil;
+import password.pwm.util.secure.PwmBlockAlgorithm;
+import password.pwm.util.secure.PwmRandom;
+import password.pwm.util.secure.PwmSecurityKey;
 import password.pwm.util.secure.SecureEngine;
 
 import java.io.Serializable;
 import java.util.Locale;
 
 public abstract class AbstractValue implements StoredValue
 {
+    static final String ENC_PW_PREFIX = "ENC-PW:";
+
     public String toString( )
     {
         return toDebugString( null );
@@ -66,4 +75,68 @@ public String valueHash( ) throws PwmUnrecoverableException
     {
         return SecureEngine.hash( JsonUtil.serialize( ( Serializable ) this.toNativeObject() ), PwmConstants.SETTING_CHECKSUM_HASH_METHOD );
     }
+
+    static String decryptPwValue( final String input, final PwmSecurityKey pwmSecurityKey ) throws PwmOperationalException
+    {
+        if ( input == null )
+        {
+            return "";
+        }
+
+        if ( input.startsWith( ENC_PW_PREFIX ) )
+        {
+            try
+            {
+                final String pwValueSuffix = input.substring( ENC_PW_PREFIX.length(), input.length() );
+                final String decrpytedValue = SecureEngine.decryptStringValue( pwValueSuffix, pwmSecurityKey, PwmBlockAlgorithm.CONFIG );
+                final StoredPwData storedPwData = JsonUtil.deserialize( decrpytedValue, StoredPwData.class );
+                return storedPwData.getValue();
+            }
+            catch ( Exception e )
+            {
+                final String errorMsg = "unable to decrypt password value for setting: " + e.getMessage();
+                final ErrorInformation errorInfo = new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, errorMsg );
+                throw new PwmOperationalException( errorInfo );
+            }
+        }
+
+        return input;
+    }
+
+    static String encryptPwValue( final String input, final PwmSecurityKey pwmSecurityKey )
+            throws PwmOperationalException
+    {
+        if ( input == null )
+        {
+            return "";
+        }
+
+        if ( !input.startsWith( ENC_PW_PREFIX ) )
+        {
+            try
+            {
+                final String salt = PwmRandom.getInstance().alphaNumericString( 32 );
+                final StoredPwData storedPwData = new StoredPwData( salt, input );
+                final String jsonData = JsonUtil.serialize( storedPwData );
+                final String encryptedValue = SecureEngine.encryptToString( jsonData, pwmSecurityKey, PwmBlockAlgorithm.CONFIG );
+                return ENC_PW_PREFIX + encryptedValue;
+            }
+            catch ( Exception e )
+            {
+                final String errorMsg = "unable to encrypt password value for setting: " + e.getMessage();
+                final ErrorInformation errorInfo = new ErrorInformation( PwmError.CONFIG_FORMAT_ERROR, errorMsg );
+                throw new PwmOperationalException( errorInfo );
+            }
+        }
+
+        return input;
+    }
+
+    @Value
+    static class StoredPwData implements Serializable
+    {
+        private String salt;
+        private String value;
+    }
+
 }
@@ -24,16 +24,20 @@
 
 import com.google.gson.reflect.TypeToken;
 import org.jdom2.Element;
+import password.pwm.PwmConstants;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.PwmSettingSyntax;
 import password.pwm.config.StoredValue;
 import password.pwm.config.value.data.ActionConfiguration;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.JsonUtil;
+import password.pwm.util.java.StringUtil;
+import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmSecurityKey;
 import password.pwm.util.secure.X509Utils;
 
+import java.io.Serializable;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -45,6 +49,8 @@
 
 public class ActionValue extends AbstractValue implements StoredValue
 {
+    private static final PwmLogger LOGGER = PwmLogger.forClass( ActionValue.class );
+
     final List<ActionConfiguration> values;
 
     public ActionValue( final List<ActionConfiguration> values )
@@ -82,7 +88,7 @@ public ActionValue fromJson( final String input )
 
             public ActionValue fromXmlElement(
                     final Element settingElement,
-                    final PwmSecurityKey input
+                    final PwmSecurityKey pwmSecurityKey
             )
                     throws PwmOperationalException
             {
@@ -105,7 +111,9 @@ public ActionValue fromXmlElement(
                         }
                         else
                         {
-                            values.add( JsonUtil.deserialize( value, ActionConfiguration.class ) );
+                            final ActionConfiguration parsedAc = JsonUtil.deserialize( value, ActionConfiguration.class );
+                            parsedAc.setPassword( decryptPwValue( parsedAc.getPassword(), pwmSecurityKey ) );
+                            values.add( parsedAc );
                         }
                     }
                 }
@@ -114,13 +122,23 @@ public ActionValue fromXmlElement(
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final ActionConfiguration value : values )
         {
             final Element valueElement = new Element( valueElementName );
-            valueElement.addContent( JsonUtil.serialize( value ) );
+            final ActionConfiguration clonedValue = JsonUtil.cloneUsingJson( value, ActionConfiguration.class );
+            try
+            {
+                clonedValue.setPassword( encryptPwValue( clonedValue.getPassword(), pwmSecurityKey ) );
+            }
+            catch ( PwmOperationalException e )
+            {
+                LOGGER.warn( "error decoding stored pw value: " + e.getMessage() );
+            }
+
+            valueElement.addContent( JsonUtil.serialize( clonedValue ) );
             returnList.add( valueElement );
         }
         return returnList;
@@ -167,6 +185,22 @@ public List<String> validateValue( final PwmSetting pwmSetting )
         return Collections.emptyList();
     }
 
+    @Override
+    public Serializable toDebugJsonObject( final Locale locale )
+    {
+        final ArrayList<ActionConfiguration> output = new ArrayList<>();
+        for ( final ActionConfiguration actionConfiguration : values )
+        {
+            final ActionConfiguration clone = JsonUtil.cloneUsingJson( actionConfiguration, ActionConfiguration.class );
+            if ( !StringUtil.isEmpty( clone.getPassword() ) )
+            {
+                clone.setPassword( PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT );
+            }
+            output.add( clone );
+        }
+        return output;
+    }
+
     public String toDebugString( final Locale locale )
     {
         final StringBuilder sb = new StringBuilder();
@@ -189,6 +223,12 @@ public String toDebugString( final Locale locale )
                     sb.append( "method=" ).append( actionConfiguration.getMethod() );
                     sb.append( " url=" ).append( actionConfiguration.getUrl() );
                     sb.append( " headers=" ).append( JsonUtil.serializeMap( actionConfiguration.getHeaders() ) );
+                    sb.append( " username=" ).append( actionConfiguration.getUsername() );
+                    sb.append( " password=" ).append(
+                            StringUtil.isEmpty( actionConfiguration.getPassword() )
+                                    ? ""
+                                    : PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT
+                    );
                     sb.append( " body=" ).append( actionConfiguration.getBody() );
                 }
                 break;
@@ -250,4 +290,5 @@ public ActionConfiguration forName( final String name )
         return null;
     }
 
+
 }
@@ -71,7 +71,7 @@ public List<String> validateValue( final PwmSetting pwmSetting )
     }
 
     @Override
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final Element valueElement = new Element( valueElementName );
         valueElement.addContent( String.valueOf( value ) );
 
@@ -113,7 +113,7 @@ public ChallengeValue fromXmlElement(
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final Map.Entry<String, List<ChallengeItemConfiguration>> entry : values.entrySet() )
 
@@ -90,7 +90,7 @@ public CustomLinkValue fromXmlElement( final Element settingElement, final PwmSe
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final CustomLinkConfiguration value : values )
 
@@ -99,7 +99,7 @@ public EmailValue fromXmlElement(
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final Map.Entry<String, EmailItemBean> entry : values.entrySet() )
 
@@ -168,7 +168,7 @@ public StoredValue fromJson( final String input )
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final Map.Entry<FileInformation, FileContent> entry : this.values.entrySet() )
 
@@ -105,7 +105,7 @@ public FormValue fromXmlElement( final Element settingElement, final PwmSecurity
         };
     }
 
-    public List<Element> toXmlValues( final String valueElementName )
+    public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey  )
     {
         final List<Element> returnList = new ArrayList<>();
         for ( final FormConfiguration value : values )
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@`
`33`	`33`
`34`	`34`	`public interface StoredValue extends Serializable`
`35`	`35`	`{`
`36`		`- List<Element> toXmlValues( String valueElementName );`
	`36`	`+ List<Element> toXmlValues( String valueElementName, PwmSecurityKey pwmSecurityKey );`
`37`	`37`
`38`	`38`	`Object toNativeObject( );`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -997,7 +997,7 @@ else if ( setting.getSyntax() == PwmSettingSyntax.NAMED_SECRET )`
`997`	`997`	`}`
`998`	`998`	`else`
`999`	`999`	`{`
`1000`		`- settingElement.addContent( value.toXmlValues( "value" ) );`
	`1000`	`+ settingElement.addContent( value.toXmlValues( "value", getKey() ) );`
`1001`	`1001`	`}`
`1002`	`1002`
`1003`	`1003`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ public List<String> validateValue( final PwmSetting pwmSetting )`
`71`	`71`	`}`
`72`	`72`
`73`	`73`	`@Override`
`74`		`- public List<Element> toXmlValues( final String valueElementName )`
	`74`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`75`	`75`	`{`
`76`	`76`	`final Element valueElement = new Element( valueElementName );`
`77`	`77`	`valueElement.addContent( String.valueOf( value ) );`
Original file line number	Diff line number	Diff line change
`@@ -113,7 +113,7 @@ public ChallengeValue fromXmlElement(`
`113`	`113`	`};`
`114`	`114`	`}`
`115`	`115`
`116`		`- public List<Element> toXmlValues( final String valueElementName )`
	`116`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`117`	`117`	`{`
`118`	`118`	`final List<Element> returnList = new ArrayList<>();`
`119`	`119`	`for ( final Map.Entry<String, List<ChallengeItemConfiguration>> entry : values.entrySet() )`
Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,7 @@ public CustomLinkValue fromXmlElement( final Element settingElement, final PwmSe`
`90`	`90`	`};`
`91`	`91`	`}`
`92`	`92`
`93`		`- public List<Element> toXmlValues( final String valueElementName )`
	`93`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`94`	`94`	`{`
`95`	`95`	`final List<Element> returnList = new ArrayList<>();`
`96`	`96`	`for ( final CustomLinkConfiguration value : values )`
Original file line number	Diff line number	Diff line change
`@@ -99,7 +99,7 @@ public EmailValue fromXmlElement(`
`99`	`99`	`};`
`100`	`100`	`}`
`101`	`101`
`102`		`- public List<Element> toXmlValues( final String valueElementName )`
	`102`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`103`	`103`	`{`
`104`	`104`	`final List<Element> returnList = new ArrayList<>();`
`105`	`105`	`for ( final Map.Entry<String, EmailItemBean> entry : values.entrySet() )`
Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ public StoredValue fromJson( final String input )`
`168`	`168`	`};`
`169`	`169`	`}`
`170`	`170`
`171`		`- public List<Element> toXmlValues( final String valueElementName )`
	`171`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`172`	`172`	`{`
`173`	`173`	`final List<Element> returnList = new ArrayList<>();`
`174`	`174`	`for ( final Map.Entry<FileInformation, FileContent> entry : this.values.entrySet() )`
Original file line number	Diff line number	Diff line change
`@@ -105,7 +105,7 @@ public FormValue fromXmlElement( final Element settingElement, final PwmSecurity`
`105`	`105`	`};`
`106`	`106`	`}`
`107`	`107`
`108`		`- public List<Element> toXmlValues( final String valueElementName )`
	`108`	`+ public List<Element> toXmlValues( final String valueElementName, final PwmSecurityKey pwmSecurityKey )`
`109`	`109`	`{`
`110`	`110`	`final List<Element> returnList = new ArrayList<>();`
`111`	`111`	`for ( final FormConfiguration value : values )`