convert servlet declarations to annotations

refactor and enhance crypto engine
refactor resource servlet

pwm/servlet/src/password/pwm/AppProperty.java

@@ -62,12 +62,17 @@ public enum AppProperty {
     HTTP_RESOURCES_ENABLE_GZIP                      ("http.resources.gzip.enable"),
     HTTP_RESOURCES_ENABLE_PATH_NONCE                ("http.resources.pathNonceEnable"),
     HTTP_RESOURCES_NONCE_PATH_PREFIX                ("http.resources.pathNoncePrefix"),
+    HTTP_RESOURCES_ZIP_FILES                        ("http.resources.zipFiles"),
     HTTP_COOKIE_THEME_NAME                          ("http.cookie.theme.name"),
     HTTP_COOKIE_THEME_AGE                           ("http.cookie.theme.age"),
     HTTP_COOKIE_LOCALE_NAME                         ("http.cookie.locale.name"),
     HTTP_COOKIE_AUTHRECORD_NAME                     ("http.cookie.authRecord.name"),
     HTTP_COOKIE_AUTHRECORD_AGE                      ("http.cookie.authRecord.age"),
     HTTP_COOKIE_MAX_READ_LENGTH                     ("http.cookie.maxReadLength"),
+    HTTP_COOKIE_CAPTCHA_SKIP_NAME                   ("http.cookie.captchaSkip.name"),
+    HTTP_COOKIE_CAPTCHA_SKIP_AGE                    ("http.cookie.captchaSkip.age"),
+    HTTP_COOKIE_INSTANCE_GUID_NAME                  ("http.cookie.instanceGUID.name"),
+    HTTP_COOKIE_INSTANCE_GUID_AGE                   ("http.cookie.instanceGUID.age"),
     HTTP_BASIC_AUTH_CHARSET                         ("http.basicAuth.charset"),
     HTTP_BODY_MAXREAD_LENGTH                        ("http.body.maxReadLength"),
     HTTP_ENABLE_GZIP                                ("http.gzip.enable"),
@@ -215,7 +220,7 @@ public enum AppProperty {
     private final String key;
     private String defaultValue;
 
-    private AppProperty(String key) {
+    AppProperty(String key) {
         this.key = key;
     }
 

pwm/servlet/src/password/pwm/AppProperty.properties

@@ -65,6 +65,7 @@ http.resources.expirationSeconds=30240000
 http.resources.gzip.enable=true
 http.resources.pathNonceEnable=true
 http.resources.pathNoncePrefix=nonce-
+http.resources.zipFiles=[{"url":"/public/resources/dojo","zipFile":"/public/resources/dojo.zip"},{"url":"/public/resources/flags","zipFile":"/public/resources/flags.zip"}]
 http.gzip.enable=true
 http.errors.allowHtml=true
 http.basicAuth.charset=UTF-8
@@ -82,6 +83,10 @@ http.cookie.locale.name=locale
 http.cookie.authRecord.name=authRecord
 http.cookie.authRecord.age=604800
 http.cookie.maxReadLength=10240
+http.cookie.captchaSkip.name=captcha-key
+http.cookie.captchaSkip.age=86400
+http.cookie.instanceGUID.name=iUID
+http.cookie.instanceGUID.age=0
 http.parameter.forward=forwardURL
 http.parameter.logout=logoutURL
 http.parameter.theme=theme
@@ -184,7 +189,7 @@ security.sharedHistory.saltLength=64
 security.certs.validateTimestamps=false
 security.ldap.resolveCanonicalDN=true
 security.ldap.canonicalCacheSeconds=30
-security.defaultEphemeralBlockAlg=AES_HMAC
+security.defaultEphemeralBlockAlg=AES128_HMAC256
 security.defaultEphemeralHashAlg=SHA512
 security.config.minSecurityKeyLength=32
 token.removalDelayMS=86400000

pwm/servlet/src/password/pwm/BuildInformation.properties

@@ -1,3 +1,25 @@
+#
+# Password Management Servlets (PWM)
+# http://code.google.com/p/pwm/
+#
+# Copyright (c) 2006-2009 Novell, Inc.
+# Copyright (c) 2009-2015 The PWM Project
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+#
+
 #Build Number for ANT. Do not edit!
 #Mon Nov 25 19:53:33 EST 2013
 build.version=

pwm/servlet/src/password/pwm/PwmAboutProperty.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm;
 
 public enum PwmAboutProperty {

pwm/servlet/src/password/pwm/PwmApplication.java

@@ -38,6 +38,7 @@ import password.pwm.event.AuditEvent;
 import password.pwm.event.AuditManager;
 import password.pwm.event.SystemAuditRecord;
 import password.pwm.health.HealthMonitor;
+import password.pwm.http.servlet.resource.ResourceServletService;
 import password.pwm.ldap.LdapConnectionService;
 import password.pwm.token.TokenService;
 import password.pwm.util.Helper;
@@ -113,6 +114,7 @@ public class PwmApplication {
 
 
     private String instanceID = DEFAULT_INSTANCE_ID;
+    private String instanceNonce = PwmRandom.getInstance().randomUUID().toString();
     private final Configuration configuration;
 
     private LocalDB localDB;
@@ -149,7 +151,8 @@ public class PwmApplication {
             ReportService.class,
             CrService.class,
             OtpService.class,
-            CacheService.class
+            CacheService.class,
+            ResourceServletService.class
     ));
 
 
@@ -436,6 +439,10 @@ public class PwmApplication {
         return (LdapConnectionService)pwmServices.get(LdapConnectionService.class);
     }
 
+    public ResourceServletService getResourceServletService() {
+        return (ResourceServletService)pwmServices.get(ResourceServletService.class);
+    }
+
     public Configuration getConfig() {
         if (configuration == null) {
             return null;
@@ -652,7 +659,7 @@ public class PwmApplication {
     }
 
     public String getInstanceNonce() {
-        return Long.toString(getStartupTime().getTime(),36);
+        return instanceNonce;
     }
 
     public String readAppAttribute(final AppAttribute appAttribute) {

pwm/servlet/src/password/pwm/PwmConstants.java

@@ -125,8 +125,7 @@ public abstract class PwmConstants {
     public static final String DEFAULT_BAD_PASSWORD_ATTEMPT = readPwmConstantsBundle("defaultBadPasswordAttempt");
 
     public static final String CONTEXT_ATTR_CONTEXT_MANAGER = "ContextManager";
-    public static final String CONTEXT_ATTR_RESOURCE_CACHE = "ResourceFileServlet-Cache";
-    public static final String CONTEXT_ATTR_RESOURCE_HIT_AVG = "ResourceFileServlet-HitAvg";
+    public static final String CONTEXT_ATTR_RESOURCE_DATA = "ResourceFileServlet-Data";
 
     public static final String SESSION_ATTR_PWM_SESSION = "PwmSession";
     public static final String SESSION_ATTR_CONTEXT_GUID = "ContextInstanceGUID";
@@ -134,7 +133,7 @@ public abstract class PwmConstants {
     public static final PwmBlockAlgorithm IN_MEMORY_PASSWORD_ENCRYPT_METHOD = PwmBlockAlgorithm.AES;
     public static final PwmHashAlgorithm SETTING_CHECKSUM_HASH_METHOD = PwmHashAlgorithm.SHA256;
 
-    public static enum REQUEST_ATTR {
+    public enum REQUEST_ATTR {
         PwmErrorInfo,
         PwmRequest,
         OriginalUri,
@@ -180,7 +179,7 @@ public abstract class PwmConstants {
 
     public static final String LOG_REMOVED_VALUE_REPLACEMENT = readPwmConstantsBundle("log.removedValue");
 
-    public static enum JSP_URL {
+    public enum JSP_URL {
 
         INIT("init.jsp"),
         ERROR("error.jsp"),
@@ -250,7 +249,7 @@ public abstract class PwmConstants {
         private String path;
         private static final String JSP_ROOT_URL = "/WEB-INF/jsp/";
 
-        private JSP_URL(String path) {
+        JSP_URL(String path) {
             this.path = path;
         }
 
@@ -261,23 +260,9 @@ public abstract class PwmConstants {
 
     public static final String URL_JSP_CONFIG_GUIDE = "WEB-INF/jsp/configguide-%1%.jsp";
 
-    public static final String URL_SERVLET_LOGIN = "Login";
-    public static final String URL_SERVLET_OAUTH_CONSUMER = "oauth";
-    public static final String URL_SERVLET_LOGOUT = "Logout";
-    public static final String URL_SERVLET_CHANGE_PASSWORD = "ChangePassword";
-    public static final String URL_SERVLET_UPDATE_PROFILE = "UpdateProfile";
-    public static final String URL_SERVLET_SETUP_RESPONSES = "SetupResponses";
-    public static final String URL_SERVLET_SETUP_OTP_SECRET = "SetupOtp";
-    public static final String URL_SERVLET_RECOVER_PASSWORD = "ForgottenPassword";
-    public static final String URL_SERVLET_RECOVER_USERNAME = "ForgottenUsername";
-    public static final String URL_SERVLET_NEW_USER = "NewUser";
-    public static final String URL_SERVLET_USER_ACTIVATION = "ActivateUser";
-    public static final String URL_SERVLET_GUEST_REGISTRATION = "GuestRegistration";
-    public static final String URL_SERVLET_GUEST_UPDATE = "GuestUpdate";
-    public static final String URL_SERVLET_CAPTCHA = "Captcha";
-    public static final String URL_SERVLET_COMMAND = "CommandServlet";
-    public static final String URL_SERVLET_CONFIG_MANAGER = "ConfigManager";
-    public static final String URL_SERVLET_CONFIG_GUIDE = "ConfigGuide";
+    public static final String URL_PREFIX_PRIVATE = "/private";
+    public static final String URL_PREFIX_PUBLIC = "/public";
+
 
     public static final String PARAM_ACTION_REQUEST = "processAction";
     public static final String PARAM_VERIFICATION_KEY = "session_verification_key";
@@ -370,6 +355,7 @@ public abstract class PwmConstants {
         Content_Encoding("Content-Encoding"),
         Location("Location"),
         ContentSecurityPolicy("Content-Security-Policy"),
+        If_None_Match("If-None-Match"),
         Server("Server"),
         Cache_Control("Cache-Control"),
         WWW_Authenticate("WWW-Authenticate"),

pwm/servlet/src/password/pwm/PwmService.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/RecoveryVerificationMethod.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm;
 
 import password.pwm.bean.SessionLabel;

pwm/servlet/src/password/pwm/bean/EmailItemBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/bean/PasswordStatus.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/bean/PublicUserInfoBean.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.bean;
 
 import password.pwm.config.Configuration;

pwm/servlet/src/password/pwm/bean/RemoteVerificationRequestBean.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.bean;
 
 import java.io.Serializable;

pwm/servlet/src/password/pwm/bean/RemoteVerificationResponseBean.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.bean;
 
 import password.pwm.RecoveryVerificationMethod;

pwm/servlet/src/password/pwm/bean/ResponseInfoBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/bean/SmsItemBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/bean/StatsPublishBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/bean/package.html

@@ -3,7 +3,7 @@
   ~ http://code.google.com/p/pwm/
   ~
   ~ Copyright (c) 2006-2009 Novell, Inc.
-  ~ Copyright (c) 2009-2012 The PWM Project
+  ~ Copyright (c) 2009-2015 The PWM Project
   ~
   ~ This program is free software; you can redistribute it and/or modify
   ~ it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/ConfigurationReader.java

@@ -63,7 +63,7 @@ public class ConfigurationReader {
 
     private volatile boolean saveInProgress;
 
-    public ConfigurationReader(final File configFile) {
+    public ConfigurationReader(final File configFile) throws PwmUnrecoverableException {
         this.configFile = configFile;
 
         this.configFileChecksum = readFileChecksum(configFile);
@@ -90,7 +90,7 @@ public class ConfigurationReader {
         return storedConfiguration;
     }
 
-    public Configuration getConfiguration() {
+    public Configuration getConfiguration() throws PwmUnrecoverableException {
         if (configuration == null) {
             configuration = new Configuration(this.storedConfiguration == null ? StoredConfiguration.newStoredConfiguration() : this.storedConfiguration);
             storedConfiguration.lock();

pwm/servlet/src/password/pwm/config/PwmSetting.java

@@ -90,8 +90,6 @@ public enum PwmSetting {
             "display.maskResponseFields", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.UI_FEATURES),
     DISPLAY_CANCEL_BUTTON(
             "display.showCancelButton", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.UI_FEATURES),
-    DISPLAY_RESET_BUTTON(
-            "display.showResetButton", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.UI_FEATURES),
     DISPLAY_SUCCESS_PAGES(
             "display.showSuccessPage", PwmSettingSyntax.BOOLEAN, PwmSettingCategory.UI_FEATURES),
     DISPLAY_LOGIN_PAGE_OPTIONS(
@@ -1113,7 +1111,7 @@ public enum PwmSetting {
                     if (defaultElement == null) {
                         throw new IllegalStateException("no default value for setting " + this.getKey());
                     }
-                    returnObj.put(loopTemplate, ValueFactory.fromXmlValues(this, defaultElement, this.getKey()));
+                    returnObj.put(loopTemplate, ValueFactory.fromXmlValues(this, defaultElement, null));
                 }
 
             }
@@ -1127,11 +1125,13 @@ public enum PwmSetting {
         final Map<PwmSettingTemplate, String> returnObj = new LinkedHashMap<>();
         final String defaultDebugStr = this.getDefaultValue(PwmSettingTemplate.DEFAULT).toDebugString(locale);
         returnObj.put(PwmSettingTemplate.DEFAULT, defaultDebugStr);
-        for (final PwmSettingTemplate template : PwmSettingTemplate.values()) {
-            if (template != PwmSettingTemplate.DEFAULT) {
-                final String debugStr = this.getDefaultValue(template).toDebugString(locale);
-                if (!defaultDebugStr.equals(debugStr)) {
-                    returnObj.put(template, debugStr);
+        if (defaultDebugStr != null) {
+            for (final PwmSettingTemplate template : PwmSettingTemplate.values()) {
+                if (template != PwmSettingTemplate.DEFAULT) {
+                    final String debugStr = this.getDefaultValue(template).toDebugString(locale);
+                    if (!defaultDebugStr.equals(debugStr)) {
+                        returnObj.put(template, debugStr);
+                    }
                 }
             }
         }

pwm/servlet/src/password/pwm/config/PwmSetting.xml

@@ -20,6 +20,7 @@
   ~ along with this program; if not, write to the Free Software
   ~ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
   -->
+
 <!--
   This file contains metadata about the PwmSetting java enum.  This file is not intended to be
   modified by administrators.  Any changes must match the compiled PwmSettings.java enum object.
@@ -162,11 +163,6 @@
             <value>true</value>
         </default>
     </setting>
-    <setting key="display.showResetButton" level="1" required="true" hidden="true">
-        <default>
-            <value>false</value>
-        </default>
-    </setting>
     <setting key="display.showSuccessPage" level="1" required="true">
         <default>
             <value>true</value>

pwm/servlet/src/password/pwm/config/PwmSetting.xsd

@@ -3,7 +3,7 @@
   ~ http://code.google.com/p/pwm/
   ~
   ~ Copyright (c) 2006-2009 Novell, Inc.
-  ~ Copyright (c) 2009-2013 The PWM Project
+  ~ Copyright (c) 2009-2015 The PWM Project
   ~
   ~ This program is free software; you can redistribute it and/or modify
   ~ it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/PwmSettingSyntax.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/PwmSettingTemplate.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.config;
 
 import org.jdom2.Attribute;

pwm/servlet/src/password/pwm/config/PwmSettingXml.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/SettingUIFunction.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/ShortcutItem.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/StoredConfiguration.java

@@ -40,7 +40,8 @@ import password.pwm.i18n.PwmLocaleBundle;
 import password.pwm.util.*;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmRandom;
-import password.pwm.util.secure.SecureHelper;
+import password.pwm.util.secure.PwmSecurityKey;
+import password.pwm.util.secure.SecureEngine;
 
 import java.io.IOException;
 import java.io.InputStream;
@@ -123,11 +124,11 @@ public class StoredConfiguration implements Serializable {
 
 // -------------------------- STATIC METHODS --------------------------
 
-    public static StoredConfiguration newStoredConfiguration() {
+    public static StoredConfiguration newStoredConfiguration() throws PwmUnrecoverableException {
         return new StoredConfiguration();
     }
 
-    public static StoredConfiguration copy(final StoredConfiguration input) {
+    public static StoredConfiguration copy(final StoredConfiguration input) throws PwmUnrecoverableException {
         final StoredConfiguration copy = new StoredConfiguration();
         copy.document = input.document.clone();
         return copy;
@@ -164,7 +165,7 @@ public class StoredConfiguration implements Serializable {
      * for that value so that the xml dom can be updated.
      * @param storedConfiguration stored configuration to check
      */
-    private static void checkIfXmlRequiresUpdate(final StoredConfiguration storedConfiguration) {
+    private static void checkIfXmlRequiresUpdate(final StoredConfiguration storedConfiguration) throws PwmUnrecoverableException {
         for (final PwmSetting setting : PwmSetting.values()) {
             if (setting.getSyntax() != PwmSettingSyntax.PROFILE && !setting.getCategory().hasProfiles()) {
                 final StoredValue value = storedConfiguration.readSetting(setting);
@@ -204,8 +205,7 @@ public class StoredConfiguration implements Serializable {
         }
     }
 
-    public StoredConfiguration()
-    {
+    public StoredConfiguration() throws PwmUnrecoverableException {
         ConfigurationCleaner.cleanup(this);
         final String createTime = PwmConstants.DEFAULT_DATETIME_FORMAT.format(new Date());
         document.getRootElement().setAttribute(XML_ATTRIBUTE_CREATE_TIME,createTime);
@@ -676,7 +676,9 @@ public class StoredConfiguration implements Serializable {
 
     public StoredValue readSetting(final PwmSetting setting, final String profileID) {
         if (profileID == null && setting.getCategory().hasProfiles()) {
-            throw new IllegalArgumentException("reading of setting " + setting.getKey() + " requires a non-null profileID");
+            IllegalArgumentException e = new IllegalArgumentException("reading of setting " + setting.getKey() + " requires a non-null profileID");
+            LOGGER.error("error",e);
+            throw e;
         }
         if (profileID != null && !setting.getCategory().hasProfiles()) {
             throw new IllegalStateException("cannot read setting key " + setting.getKey() + " with non-null profileID");
@@ -757,8 +759,7 @@ public class StoredConfiguration implements Serializable {
             final PwmSetting setting,
             final StoredValue value,
             final UserIdentity userIdentity
-    )
-    {
+    ) throws PwmUnrecoverableException {
         writeSetting(setting, null, value, userIdentity);
     }
 
@@ -767,7 +768,7 @@ public class StoredConfiguration implements Serializable {
             final String profileID,
             final StoredValue value,
             final UserIdentity userIdentity
-    ) {
+    ) throws PwmUnrecoverableException {
         if (profileID == null && setting.getCategory().hasProfiles()) {
             throw new IllegalArgumentException("reading of setting " + setting.getKey() + " requires a non-null profileID");
         }
@@ -819,7 +820,7 @@ public class StoredConfiguration implements Serializable {
         }
 
 
-        final String result = SecureHelper.hash(sb.toString(), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
+        final String result = SecureEngine.hash(sb.toString(), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
         LOGGER.trace("computed setting checksum in " + TimeDuration.fromCurrent(startTime).asCompactString());
         return result;
     }
@@ -917,7 +918,7 @@ public class StoredConfiguration implements Serializable {
 
 
     private static class ConfigurationCleaner {
-        private static void cleanup(final StoredConfiguration configuration) {
+        private static void cleanup(final StoredConfiguration configuration) throws PwmUnrecoverableException {
             updateProperitiesWithoutType(configuration);
             updateMandatoryElements(configuration.document);
             profilizeNonProfiledSettings(configuration);
@@ -998,7 +999,7 @@ public class StoredConfiguration implements Serializable {
         }
 
 
-        private static void profilizeNonProfiledSettings(final StoredConfiguration storedConfiguration) {
+        private static void profilizeNonProfiledSettings(final StoredConfiguration storedConfiguration) throws PwmUnrecoverableException {
             final String NEW_PROFILE_NAME = "default";
             final Document document = storedConfiguration.document;
             for (final PwmSetting setting : PwmSetting.values()) {
@@ -1064,7 +1065,7 @@ public class StoredConfiguration implements Serializable {
             }
         }
 
-        private static void migrateAppProperties(final StoredConfiguration storedConfiguration) {
+        private static void migrateAppProperties(final StoredConfiguration storedConfiguration) throws PwmUnrecoverableException {
             final Document document = storedConfiguration.document;
             final XPathExpression xPathExpression = XPathBuilder.xpathForAppProperties();
             final List<Element> appPropertiesElements = (List<Element>)xPathExpression.evaluate(document);
@@ -1089,11 +1090,11 @@ public class StoredConfiguration implements Serializable {
             }
         }
 
-        private static void updateDeprecatedSettings(final StoredConfiguration storedConfiguration) {
+        private static void updateDeprecatedSettings(final StoredConfiguration storedConfiguration) throws PwmUnrecoverableException {
             final UserIdentity actor = new UserIdentity("UpgradeProcessor", null);
             for (final String profileID : storedConfiguration.profilesForSetting(PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY)) {
                 if (!storedConfiguration.isDefaultValue(PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY, profileID)) {
-                    boolean ad2003Enabled = (boolean) storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY).toNativeObject();
+                    boolean ad2003Enabled = (boolean) storedConfiguration.readSetting(PwmSetting.PASSWORD_POLICY_AD_COMPLEXITY,profileID).toNativeObject();
                     final StoredValue value;
                     if (ad2003Enabled) {
                         value = new StringValue(ADPolicyComplexity.AD2003.toString());
@@ -1209,8 +1210,12 @@ public class StoredConfiguration implements Serializable {
         return changeLog.changeLogAsDebugString(locale, asHtml);
     }
 
-    public String getKey() {
-        return createTime() + StoredConfiguration.class.getSimpleName();
+    private PwmSecurityKey cachedKey = null;
+    public PwmSecurityKey getKey() throws PwmUnrecoverableException {
+        if (cachedKey == null) {
+            cachedKey = new PwmSecurityKey(createTime() + StoredConfiguration.class.getSimpleName());
+        }
+        return cachedKey;
     }
 
     public boolean isModified() {

pwm/servlet/src/password/pwm/config/StoredValue.java

@@ -25,6 +25,7 @@ package password.pwm.config;
 import org.jdom2.Element;
 import password.pwm.error.PwmException;
 import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.io.Serializable;
 import java.util.List;
@@ -37,13 +38,9 @@ public interface StoredValue extends Serializable {
 
     List<String> validateValue(PwmSetting pwm);
 
-    Serializable toDebugJsonObject(
-            Locale locale
-    );
+    Serializable toDebugJsonObject(Locale locale);
 
-    String toDebugString(
-            Locale locale
-    );
+    String toDebugString(Locale locale);
 
     boolean requiresStoredUpdate();
 
@@ -52,7 +49,7 @@ public interface StoredValue extends Serializable {
     interface StoredValueFactory {
         StoredValue fromJson(final String input);
 
-        StoredValue fromXmlElement(final Element settingElement, final String key)
+        StoredValue fromXmlElement(final Element settingElement, final PwmSecurityKey key)
                 throws PwmException;
     }
 

pwm/servlet/src/password/pwm/config/function/AbstractUriCertImportFunction.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.config.function;
 
 import password.pwm.PwmApplication;
@@ -6,10 +28,7 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.SettingUIFunction;
 import password.pwm.config.StoredConfiguration;
 import password.pwm.config.value.X509CertificateValue;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmException;
-import password.pwm.error.PwmOperationalException;
+import password.pwm.error.*;
 import password.pwm.http.PwmRequest;
 import password.pwm.http.PwmSession;
 import password.pwm.util.X509Utils;
@@ -29,8 +48,7 @@ abstract class AbstractUriCertImportFunction implements SettingUIFunction {
             PwmSetting setting,
             String profile
     )
-            throws PwmOperationalException
-    {
+            throws PwmOperationalException, PwmUnrecoverableException {
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
         final Set<X509Certificate> resultCertificates = new LinkedHashSet<>();

pwm/servlet/src/password/pwm/config/function/LdapCertImportFunction.java

@@ -29,10 +29,7 @@ import password.pwm.config.SettingUIFunction;
 import password.pwm.config.StoredConfiguration;
 import password.pwm.config.value.StringArrayValue;
 import password.pwm.config.value.X509CertificateValue;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmException;
-import password.pwm.error.PwmOperationalException;
+import password.pwm.error.*;
 import password.pwm.http.PwmRequest;
 import password.pwm.http.PwmSession;
 import password.pwm.i18n.Message;
@@ -54,8 +51,7 @@ public class LdapCertImportFunction implements SettingUIFunction {
             PwmSetting setting,
             String profile
     )
-            throws PwmOperationalException
-    {
+            throws PwmOperationalException, PwmUnrecoverableException {
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
 

pwm/servlet/src/password/pwm/config/function/NAAFCertImportFunction.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.config.function;
 
 import password.pwm.config.PwmSetting;

pwm/servlet/src/password/pwm/config/function/OAuthCertImportFunction.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.config.function;
 
 import password.pwm.config.PwmSetting;

pwm/servlet/src/password/pwm/config/function/SyslogCertImportFunction.java

@@ -28,10 +28,7 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.SettingUIFunction;
 import password.pwm.config.StoredConfiguration;
 import password.pwm.config.value.X509CertificateValue;
-import password.pwm.error.ErrorInformation;
-import password.pwm.error.PwmError;
-import password.pwm.error.PwmException;
-import password.pwm.error.PwmOperationalException;
+import password.pwm.error.*;
 import password.pwm.event.SyslogAuditService;
 import password.pwm.http.PwmRequest;
 import password.pwm.http.PwmSession;
@@ -52,8 +49,7 @@ public class SyslogCertImportFunction implements SettingUIFunction {
             PwmSetting setting,
             String profile
     )
-            throws PwmOperationalException
-    {
+            throws PwmOperationalException, PwmUnrecoverableException {
         final PwmApplication pwmApplication = pwmRequest.getPwmApplication();
         final PwmSession pwmSession = pwmRequest.getPwmSession();
 

pwm/servlet/src/password/pwm/config/option/ADPolicyComplexity.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/ApplicationPage.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/ConfigurationOption.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/DataStorageMethod.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/DuplicateMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/ForceSetupPolicy.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/HelpdeskClearResponseMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/HelpdeskUIMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/IntruderStorageMethod.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/MessageSendMethod.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/OTPStorageFormat.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/PasswordSyncCheckMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/RecoveryAction.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/RequireCurrentPasswordMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/SelectableContextMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/SessionVerificationMode.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/TokenStorageMethod.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/option/UserEventStorageMethod.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/package.html

@@ -3,7 +3,7 @@
   ~ http://code.google.com/p/pwm/
   ~
   ~ Copyright (c) 2006-2009 Novell, Inc.
-  ~ Copyright (c) 2009-2012 The PWM Project
+  ~ Copyright (c) 2009-2015 The PWM Project
   ~
   ~ This program is free software; you can redistribute it and/or modify
   ~ it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/config/value/AbstractValue.java

@@ -26,7 +26,7 @@ import password.pwm.PwmConstants;
 import password.pwm.config.StoredValue;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.util.JsonUtil;
-import password.pwm.util.secure.SecureHelper;
+import password.pwm.util.secure.SecureEngine;
 
 import java.io.Serializable;
 import java.util.Locale;
@@ -59,6 +59,6 @@ public abstract class AbstractValue implements StoredValue {
 
     @Override
     public String valueHash() throws PwmUnrecoverableException {
-        return SecureHelper.hash(JsonUtil.serialize((Serializable)this.toNativeObject()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
+        return SecureEngine.hash(JsonUtil.serialize((Serializable) this.toNativeObject()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
     }
 }

pwm/servlet/src/password/pwm/config/value/ActionValue.java

@@ -30,6 +30,7 @@ import password.pwm.config.PwmSettingSyntax;
 import password.pwm.config.StoredValue;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 
@@ -64,7 +65,7 @@ public class ActionValue extends AbstractValue implements StoredValue {
 
             public ActionValue fromXmlElement(
                     Element settingElement,
-                    final String input
+                    final PwmSecurityKey input
             )
                     throws PwmOperationalException
             {

pwm/servlet/src/password/pwm/config/value/BooleanValue.java

@@ -29,6 +29,7 @@ import password.pwm.config.StoredValue;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.i18n.Display;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.io.Serializable;
 import java.util.Collections;
@@ -50,7 +51,7 @@ public class BooleanValue implements StoredValue {
                 return new BooleanValue(JsonUtil.deserialize(value, Boolean.class));
             }
 
-            public BooleanValue fromXmlElement(final Element settingElement, final String input)
+            public BooleanValue fromXmlElement(final Element settingElement, final PwmSecurityKey input)
             {
                 final Element valueElement = settingElement.getChild("value");
                 final String value = valueElement.getText();

pwm/servlet/src/password/pwm/config/value/ChallengeValue.java

@@ -31,6 +31,7 @@ import password.pwm.cr.ChallengeItemBean;
 import password.pwm.i18n.LocaleHelper;
 import password.pwm.util.JsonUtil;
 import password.pwm.util.logging.PwmLogger;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 
@@ -62,7 +63,7 @@ public class ChallengeValue extends AbstractValue implements StoredValue {
 
             public ChallengeValue fromXmlElement(
                     final Element settingElement,
-                    final String input
+                    final PwmSecurityKey input
             )
             {
                 final List valueElements = settingElement.getChildren("value");

pwm/servlet/src/password/pwm/config/value/EmailValue.java

@@ -30,6 +30,7 @@ import password.pwm.config.StoredValue;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.i18n.LocaleHelper;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 
@@ -60,7 +61,7 @@ public class EmailValue extends AbstractValue implements StoredValue {
 
             public EmailValue fromXmlElement(
                     Element settingElement,
-                    final String input
+                    final PwmSecurityKey input
             )
                     throws PwmOperationalException
             {

pwm/servlet/src/password/pwm/config/value/FileValue.java

@@ -32,7 +32,8 @@ import password.pwm.util.JsonUtil;
 import password.pwm.util.StringUtil;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmHashAlgorithm;
-import password.pwm.util.secure.SecureHelper;
+import password.pwm.util.secure.PwmSecurityKey;
+import password.pwm.util.secure.SecureEngine;
 
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
@@ -97,13 +98,13 @@ public class FileValue extends AbstractValue implements StoredValue {
         public String md5sum()
                 throws PwmUnrecoverableException
         {
-            return SecureHelper.md5sum(new ByteArrayInputStream(contents));
+            return SecureEngine.md5sum(new ByteArrayInputStream(contents));
         }
 
         public String sha1sum()
                 throws PwmUnrecoverableException
         {
-            return SecureHelper.hash(new ByteArrayInputStream(contents), PwmHashAlgorithm.SHA1);
+            return SecureEngine.hash(new ByteArrayInputStream(contents), PwmHashAlgorithm.SHA1);
         }
 
         public int size()
@@ -121,7 +122,7 @@ public class FileValue extends AbstractValue implements StoredValue {
     {
         return new StoredValueFactory() {
 
-            public FileValue fromXmlElement(Element settingElement, final String input)
+            public FileValue fromXmlElement(Element settingElement, final PwmSecurityKey input)
                     throws PwmOperationalException
             {
                 final List valueElements = settingElement.getChildren("value");
@@ -250,6 +251,6 @@ public class FileValue extends AbstractValue implements StoredValue {
 
     @Override
     public String valueHash() throws PwmUnrecoverableException {
-        return SecureHelper.hash(JsonUtil.serializeCollection(toInfoMap()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
+        return SecureEngine.hash(JsonUtil.serializeCollection(toInfoMap()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
     }
 }

pwm/servlet/src/password/pwm/config/value/FormValue.java

@@ -30,6 +30,7 @@ import password.pwm.config.PwmSettingSyntax;
 import password.pwm.config.StoredValue;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 
@@ -60,7 +61,7 @@ public class FormValue extends AbstractValue implements StoredValue {
                 }
             }
 
-            public FormValue fromXmlElement(Element settingElement, final String key)
+            public FormValue fromXmlElement(Element settingElement, final PwmSecurityKey key)
                     throws PwmOperationalException
             {
                 final boolean oldType = PwmSettingSyntax.LOCALIZED_STRING_ARRAY.toString().equals(

pwm/servlet/src/password/pwm/config/value/LocalizedStringArrayValue.java

@@ -29,6 +29,7 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.i18n.LocaleHelper;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 import java.util.regex.Matcher;
@@ -55,7 +56,7 @@ public class LocalizedStringArrayValue extends AbstractValue implements StoredVa
                 }
             }
 
-            public LocalizedStringArrayValue fromXmlElement(final Element settingElement, final String key)
+            public LocalizedStringArrayValue fromXmlElement(final Element settingElement, final PwmSecurityKey key)
             {
                 final List valueElements = settingElement.getChildren("value");
                 final Map<String, List<String>> values = new TreeMap<>();

pwm/servlet/src/password/pwm/config/value/LocalizedStringValue.java

@@ -29,6 +29,7 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.i18n.LocaleHelper;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 import java.util.regex.Matcher;
@@ -55,7 +56,7 @@ public class LocalizedStringValue extends AbstractValue implements StoredValue {
                 }
             }
 
-            public LocalizedStringValue fromXmlElement(Element settingElement, final String key)
+            public LocalizedStringValue fromXmlElement(Element settingElement, final PwmSecurityKey key)
             {
                 final List elements = settingElement.getChildren("value");
                 final Map<String, String> values = new TreeMap<>();

pwm/servlet/src/password/pwm/config/value/NumericValue.java

@@ -26,6 +26,7 @@ import org.jdom2.Element;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.Collections;
 import java.util.List;
@@ -45,7 +46,7 @@ public class NumericValue extends AbstractValue implements StoredValue {
                 return new NumericValue(JsonUtil.deserialize(value, Long.class));
             }
 
-            public NumericValue fromXmlElement(final Element settingElement, final String input)
+            public NumericValue fromXmlElement(final Element settingElement, final PwmSecurityKey input)
             {
                 final Element valueElement = settingElement.getChild("value");
                 final String value = valueElement.getText();

pwm/servlet/src/password/pwm/config/value/OptionListValue.java

@@ -28,6 +28,7 @@ import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 
@@ -55,7 +56,7 @@ public class OptionListValue extends AbstractValue  implements StoredValue {
                 }
             }
 
-            public OptionListValue fromXmlElement(Element settingElement, final String key)
+            public OptionListValue fromXmlElement(Element settingElement, final PwmSecurityKey key)
                     throws PwmOperationalException
             {
                 final List valueElements = settingElement.getChildren("value");

pwm/servlet/src/password/pwm/config/value/PasswordValue.java

@@ -34,11 +34,9 @@ import password.pwm.util.JsonUtil;
 import password.pwm.util.PasswordData;
 import password.pwm.util.secure.PwmBlockAlgorithm;
 import password.pwm.util.secure.PwmSecurityKey;
-import password.pwm.util.secure.SecureHelper;
+import password.pwm.util.secure.SecureEngine;
 
 import java.io.Serializable;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
@@ -74,7 +72,7 @@ public class PasswordValue implements StoredValue {
 
             public PasswordValue fromXmlElement(
                     final Element settingElement,
-                    final String key
+                    final PwmSecurityKey key
             )
                     throws PwmOperationalException, PwmUnrecoverableException
             {
@@ -97,8 +95,7 @@ public class PasswordValue implements StoredValue {
                     newPasswordValue.requiresStoredUpdate = true;
                 } else {
                     try {
-                        final PwmSecurityKey secretKey = new PwmSecurityKey(key);
-                        newPasswordValue.value = new PasswordData(SecureHelper.decryptStringValue(rawValue, secretKey, PwmBlockAlgorithm.CONFIG));
+                        newPasswordValue.value = new PasswordData(SecureEngine.decryptStringValue(rawValue, key, PwmBlockAlgorithm.CONFIG));
                         return newPasswordValue;
                     } catch (Exception e) {
                         final String errorMsg = "unable to decode encrypted password value for setting: " + e.getMessage();
@@ -133,14 +130,14 @@ public class PasswordValue implements StoredValue {
         return 0;
     }
 
-    public List<Element> toXmlValues(final String valueElementName, final String key) {
+    public List<Element> toXmlValues(final String valueElementName, final PwmSecurityKey key) {
         if (value == null) {
             final Element valueElement = new Element(valueElementName);
             return Collections.singletonList(valueElement);
         }
         final Element valueElement = new Element(valueElementName);
         try {
-            final String encodedValue = encryptValue(key,value.getStringValue());
+            final String encodedValue = SecureEngine.encryptToString(value.getStringValue(), key, PwmBlockAlgorithm.CONFIG);
             valueElement.addContent(encodedValue);
         } catch (Exception e) {
             valueElement.addContent("");
@@ -163,13 +160,6 @@ public class PasswordValue implements StoredValue {
         return PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT;
     }
 
-    private static String encryptValue(final String key, final String value)
-            throws PwmUnrecoverableException, UnsupportedEncodingException, NoSuchAlgorithmException
-    {
-        final PwmSecurityKey secretKey = new PwmSecurityKey(key);
-        return SecureHelper.encryptToString(value, secretKey, PwmBlockAlgorithm.CONFIG);
-    }
-
     public boolean requiresStoredUpdate()
     {
         return requiresStoredUpdate;
@@ -177,6 +167,6 @@ public class PasswordValue implements StoredValue {
 
     @Override
     public String valueHash() throws PwmUnrecoverableException {
-        return value == null ? "" : SecureHelper.hash(JsonUtil.serialize(value.getStringValue()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
+        return value == null ? "" : SecureEngine.hash(JsonUtil.serialize(value.getStringValue()), PwmConstants.SETTING_CHECKSUM_HASH_METHOD);
     }
 }

pwm/servlet/src/password/pwm/config/value/StringArrayValue.java

@@ -27,6 +27,7 @@ import org.jdom2.Element;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.*;
 import java.util.regex.Matcher;
@@ -56,7 +57,7 @@ public class StringArrayValue extends AbstractValue implements StoredValue {
                 }
             }
 
-            public StringArrayValue fromXmlElement(final Element settingElement, final String key)
+            public StringArrayValue fromXmlElement(final Element settingElement, final PwmSecurityKey key)
             {
                 final List valueElements = settingElement.getChildren("value");
                 final List<String> values = new ArrayList<>();

pwm/servlet/src/password/pwm/config/value/StringValue.java

@@ -27,6 +27,7 @@ import org.jdom2.Element;
 import password.pwm.config.PwmSetting;
 import password.pwm.config.StoredValue;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.Collections;
 import java.util.List;
@@ -53,7 +54,7 @@ public class StringValue extends AbstractValue implements StoredValue {
                 return new StringValue(newValue);
             }
 
-            public StringValue fromXmlElement(final Element settingElement, final String key)
+            public StringValue fromXmlElement(final Element settingElement, final PwmSecurityKey key)
             {
                 final Element valueElement = settingElement.getChild("value");
                 return new StringValue(valueElement == null ? "" : valueElement.getText());

pwm/servlet/src/password/pwm/config/value/UserPermissionValue.java

@@ -32,6 +32,7 @@ import password.pwm.config.UserPermission;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.i18n.Display;
 import password.pwm.util.JsonUtil;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.util.ArrayList;
 import java.util.Collections;
@@ -65,7 +66,7 @@ public class UserPermissionValue extends AbstractValue implements StoredValue {
                 }
             }
 
-            public UserPermissionValue fromXmlElement(Element settingElement, final String key)
+            public UserPermissionValue fromXmlElement(Element settingElement, final PwmSecurityKey key)
                     throws PwmOperationalException
             {
                 final boolean newType = "2".equals(

pwm/servlet/src/password/pwm/config/value/ValueFactory.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -30,6 +30,7 @@ import password.pwm.error.PwmError;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.util.logging.PwmLogger;
+import password.pwm.util.secure.PwmSecurityKey;
 
 public class ValueFactory {
 
@@ -52,7 +53,7 @@ public class ValueFactory {
         }
     }
 
-    public static StoredValue fromXmlValues(final PwmSetting setting, final Element settingElement, final String key)
+    public static StoredValue fromXmlValues(final PwmSetting setting, final Element settingElement, final PwmSecurityKey key)
             throws PwmUnrecoverableException, PwmOperationalException
     {
         try {

pwm/servlet/src/password/pwm/config/value/VerificationMethodValue.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.config.value;
 
 import org.jdom2.CDATA;
@@ -8,6 +30,7 @@ import password.pwm.config.option.RecoveryVerificationMethods;
 import password.pwm.error.PwmOperationalException;
 import password.pwm.util.JsonUtil;
 import password.pwm.util.logging.PwmLogger;
+import password.pwm.util.secure.PwmSecurityKey;
 
 import java.io.Serializable;
 import java.util.*;
@@ -83,7 +106,7 @@ public class VerificationMethodValue extends AbstractValue implements StoredValu
                 }
             }
 
-            public VerificationMethodValue fromXmlElement(Element settingElement, final String key)
+            public VerificationMethodValue fromXmlElement(Element settingElement, final PwmSecurityKey key)
                     throws PwmOperationalException
             {
                 final Element valueElement = settingElement.getChild("value");

pwm/servlet/src/password/pwm/config/value/X509CertificateValue.java

@@ -31,7 +31,8 @@ import password.pwm.util.StringUtil;
 import password.pwm.util.X509Utils;
 import password.pwm.util.logging.PwmLogger;
 import password.pwm.util.secure.PwmHashAlgorithm;
-import password.pwm.util.secure.SecureHelper;
+import password.pwm.util.secure.PwmSecurityKey;
+import password.pwm.util.secure.SecureEngine;
 
 import java.io.ByteArrayInputStream;
 import java.io.Serializable;
@@ -46,7 +47,7 @@ public class X509CertificateValue extends AbstractValue implements StoredValue {
 
     public static StoredValueFactory factory() {
         return new StoredValueFactory() {
-            public X509CertificateValue fromXmlElement(final Element settingElement, final String key) {
+            public X509CertificateValue fromXmlElement(final Element settingElement, final PwmSecurityKey key) {
                 final List<X509Certificate> certificates = new ArrayList<>();
                 final List<Element> valueElements = settingElement.getChildren("value");
                 for (final Element loopValueElement : valueElements) {
@@ -124,9 +125,9 @@ public class X509CertificateValue extends AbstractValue implements StoredValue {
                 sb.append(" IssueDate: ").append(PwmConstants.DEFAULT_DATETIME_FORMAT.format(cert.getNotBefore())).append("\n");
                 sb.append(" ExpireDate: ").append(PwmConstants.DEFAULT_DATETIME_FORMAT.format(cert.getNotAfter())).append("\n");
                 try {
-                    sb.append(" MD5 Hash: ").append(SecureHelper.hash(new ByteArrayInputStream(cert.getEncoded()),
+                    sb.append(" MD5 Hash: ").append(SecureEngine.hash(new ByteArrayInputStream(cert.getEncoded()),
                             PwmHashAlgorithm.MD5)).append("\n");
-                    sb.append(" SHA1 Hash: ").append(SecureHelper.hash(new ByteArrayInputStream(cert.getEncoded()),
+                    sb.append(" SHA1 Hash: ").append(SecureEngine.hash(new ByteArrayInputStream(cert.getEncoded()),
                             PwmHashAlgorithm.SHA1)).append("\n");
                 } catch (PwmUnrecoverableException | CertificateEncodingException e) {
                     LOGGER.warn("error generating hash for certificate: " + e.getMessage());
@@ -160,11 +161,11 @@ public class X509CertificateValue extends AbstractValue implements StoredValue {
         map.put("issueDate",cert.getNotBefore());
         map.put("expireDate",cert.getNotAfter());
         try {
-            map.put("md5Hash", SecureHelper.hash(new ByteArrayInputStream(cert.getEncoded()),
+            map.put("md5Hash", SecureEngine.hash(new ByteArrayInputStream(cert.getEncoded()),
                     PwmHashAlgorithm.MD5));
-            map.put("sha1Hash", SecureHelper.hash(new ByteArrayInputStream(cert.getEncoded()),
+            map.put("sha1Hash", SecureEngine.hash(new ByteArrayInputStream(cert.getEncoded()),
                     PwmHashAlgorithm.SHA1));
-            map.put("sha512Hash", SecureHelper.hash(new ByteArrayInputStream(cert.getEncoded()),
+            map.put("sha512Hash", SecureEngine.hash(new ByteArrayInputStream(cert.getEncoded()),
                     PwmHashAlgorithm.SHA512));
             if (includeDetail) {
                 map.put("detail",X509Utils.makeDetailText(cert));

pwm/servlet/src/password/pwm/cr/ChallengeSetBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/cr/ResponseItemBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/cr/ResponseSetBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/ErrorInformation.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmDataStoreException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmDataValidationException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmOperationalException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmPasswordValidationException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/error/PwmUnrecoverableException.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/event/AuditVault.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/event/SystemAuditRecord.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/event/UserHistoryStore.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2013 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/DatabaseStatusChecker.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthChecker.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthMessage.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthMonitor.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthRecord.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthStatus.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2012 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/HealthTopic.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/JavaChecker.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/health/LocalDBHealthChecker.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by

pwm/servlet/src/password/pwm/http/HttpMethod.java

@@ -1,3 +1,25 @@
+/*
+ * Password Management Servlets (PWM)
+ * http://code.google.com/p/pwm/
+ *
+ * Copyright (c) 2006-2009 Novell, Inc.
+ * Copyright (c) 2009-2015 The PWM Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+
 package password.pwm.http;
 
 public enum HttpMethod {

pwm/servlet/src/password/pwm/http/PwmHttpRequestWrapper.java

@@ -22,10 +22,13 @@
 
 package password.pwm.http;
 
+import org.apache.commons.io.IOUtils;
 import password.pwm.AppProperty;
 import password.pwm.PwmConstants;
 import password.pwm.Validator;
 import password.pwm.config.Configuration;
+import password.pwm.error.ErrorInformation;
+import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.util.JsonUtil;
 import password.pwm.util.PasswordData;
@@ -34,11 +37,7 @@ import password.pwm.util.logging.PwmLogger;
 
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
-import java.io.BufferedReader;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.io.UnsupportedEncodingException;
-import java.nio.charset.Charset;
+import java.io.*;
 import java.util.*;
 
 public abstract class PwmHttpRequestWrapper {
@@ -71,36 +70,38 @@ public abstract class PwmHttpRequestWrapper {
         return readRequestBodyAsString(maxChars);
     }
 
-    public String readRequestBodyAsString(final int maxChars) 
-            throws IOException 
+    public String readRequestBodyAsString(final int maxChars)
+            throws IOException, PwmUnrecoverableException
     {
-        final int BUFFER_SIZE = 1024;
-        final StringBuilder inputData = new StringBuilder();
+        final StringWriter stringWriter = new StringWriter();
+        final Reader readerStream = new InputStreamReader(
+                getHttpServletRequest().getInputStream(),
+                PwmConstants.DEFAULT_CHARSET
+        );
+
         try {
-            final BufferedReader reader = new BufferedReader(
-                    new InputStreamReader(
-                            this.getHttpServletRequest().getInputStream(), 
-                            Charset.forName("UTF8")
-                    )
-            );
-            final char[] charBuffer = new char[BUFFER_SIZE];
-            int bytesRead;
-            while ((bytesRead = reader.read(charBuffer)) > 0 && inputData.length() < maxChars) {
-                inputData.append(charBuffer, 0, bytesRead);
-            }
+            IOUtils.copy(readerStream, stringWriter);
         } catch (Exception e) {
-            LOGGER.error("error reading request body stream: " + e.getMessage());
+            final String errorMsg = "error reading request body stream: " + e.getMessage();
+            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN,errorMsg));
+        } finally {
+            IOUtils.closeQuietly(readerStream);
+        }
+
+        final String stringValue = stringWriter.toString();
+        if (stringValue.length() > maxChars) {
+            throw new PwmUnrecoverableException(new ErrorInformation(PwmError.ERROR_UNKNOWN,"input request body is to big, size=" + stringValue.length() + ", max=" + maxChars));
         }
-        return inputData.toString();
+        return stringValue;
     }
 
     public Map<String, String> readBodyAsJsonStringMap()
             throws IOException, PwmUnrecoverableException {
         return readBodyAsJsonStringMap(false);
     }
-    
+
     public Map<String, String> readBodyAsJsonStringMap(boolean bypassInputValidation)
-            throws IOException, PwmUnrecoverableException 
+            throws IOException, PwmUnrecoverableException
     {
         final String bodyString = readRequestBodyAsString();
         final Map<String, String> inputMap = JsonUtil.deserializeStringMap(bodyString);
@@ -115,12 +116,12 @@ public abstract class PwmHttpRequestWrapper {
                 if (key != null) {
                     final boolean passwordType = key.toLowerCase().contains("password");
                     String value;
-                    value = bypassInputValidation 
+                    value = bypassInputValidation
                             ? inputMap.get(key)
                             : Validator.sanitizeInputValue(configuration, inputMap.get(key), maxLength);
                     value = passwordType && passwordTrim ? value.trim() : value;
                     value = !passwordType && trim ? value.trim() : value;
-                    
+
                     final String sanitizedName = Validator.sanitizeInputValue(configuration, key, maxLength);
                     outputMap.put(sanitizedName, value);
                 }
@@ -167,11 +168,11 @@ public abstract class PwmHttpRequestWrapper {
     }
 
     public PasswordData readParameterAsPassword(final String name)
-            throws PwmUnrecoverableException 
+            throws PwmUnrecoverableException
     {
         final int maxLength = Integer.parseInt(configuration.readAppProperty(AppProperty.HTTP_PARAM_MAX_READ_LENGTH));
         final boolean trim = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.SECURITY_INPUT_PASSWORD_TRIM));
-        
+
         final String rawValue = httpServletRequest.getParameter(name);
         if (rawValue != null && !rawValue.isEmpty()) {
             final String decodedValue = decodeStringToDefaultCharSet(rawValue);
@@ -231,8 +232,8 @@ public abstract class PwmHttpRequestWrapper {
     public List<String> readParameterAsStrings(
             final String name,
             final int maxLength
-    ) 
-            throws PwmUnrecoverableException 
+    )
+            throws PwmUnrecoverableException
     {
         final HttpServletRequest req = this.getHttpServletRequest();
         final boolean trim = Boolean.parseBoolean(configuration.readAppProperty(AppProperty.SECURITY_INPUT_TRIM));

pwm/servlet/src/password/pwm/http/PwmHttpResponseWrapper.java

@@ -99,7 +99,9 @@ public class PwmHttpResponseWrapper {
 
     public void writeCookie(final String cookieName, final String cookieValue, final int seconds, final boolean httpOnly, final String path) {
         final Cookie theCookie = new Cookie(cookieName, StringUtil.urlEncode(cookieValue));
-        theCookie.setMaxAge(seconds);
+        if (seconds > 0) {
+            theCookie.setMaxAge(seconds);
+        }
         theCookie.setHttpOnly(httpOnly);
         if (path != null) {
             theCookie.setPath(path);

pwm/servlet/src/password/pwm/http/PwmRequest.java

@@ -25,6 +25,7 @@ package password.pwm.http;
 import org.apache.commons.fileupload.FileItemIterator;
 import org.apache.commons.fileupload.FileItemStream;
 import org.apache.commons.fileupload.servlet.ServletFileUpload;
+import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
 import password.pwm.PwmConstants;
 import password.pwm.Validator;
@@ -38,8 +39,8 @@ import password.pwm.config.PwmSetting;
 import password.pwm.error.ErrorInformation;
 import password.pwm.error.PwmError;
 import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.http.servlet.PwmServletDefinition;
 import password.pwm.i18n.Message;
-import password.pwm.util.Helper;
 import password.pwm.util.JsonUtil;
 import password.pwm.util.ServletHelper;
 import password.pwm.util.logging.PwmLogger;
@@ -100,6 +101,7 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
             final PwmApplication pwmApplication = ContextManager.getPwmApplication(request);
             pwmRequest = new PwmRequest(request, response, pwmApplication, pwmSession);
             request.setAttribute(PwmConstants.REQUEST_ATTR.PwmRequest.toString(), pwmRequest);
+            checkRequestInstanceNonce(pwmRequest);
         }
         return pwmRequest;
     }
@@ -146,7 +148,6 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
         return pwmApplication.getConfig();
     }
 
-
     public void forwardToJsp(final PwmConstants.JSP_URL jspURL)
             throws ServletException, IOException, PwmUnrecoverableException
     {
@@ -203,13 +204,17 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
         getPwmResponse().sendRedirect(redirectURL);
     }
 
-    public void sendRedirectToContinue()
+    public void sendRedirect(final PwmServletDefinition pwmServletDefinition)
             throws PwmUnrecoverableException, IOException
     {
-        final String redirectURL = PwmConstants.URL_SERVLET_COMMAND + "?" + PwmConstants.PARAM_ACTION_REQUEST + "=continue&pwmFormID="
-                
-                + Helper.buildPwmFormID(pwmSession.getSessionStateBean());
+        getPwmResponse().sendRedirect(this.getContextPath() + pwmServletDefinition.servletUrl());
+    }
 
+    public void sendRedirectToContinue()
+            throws PwmUnrecoverableException, IOException
+    {
+        String redirectURL = this.getContextPath() + PwmServletDefinition.PeopleSearch.servletUrl();
+        redirectURL = ServletHelper.appendAndEncodeUrlParameters(redirectURL,Collections.singletonMap(PwmConstants.PARAM_ACTION_REQUEST,"continue"));
         sendRedirect(redirectURL);
     }
 
@@ -449,12 +454,12 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
                     if (strip) {
                         sb.append(PwmConstants.LOG_REMOVED_VALUE_REPLACEMENT);
                     } else {
-                        sb.append('\'');
+                        sb.append("'");
                         sb.append(paramValue);
-                        sb.append('\'');
+                        sb.append("'");
                     }
 
-                    sb.append('\n');
+                    sb.append("\n");
                 }
             }
 
@@ -591,4 +596,13 @@ public class PwmRequest extends PwmHttpRequestWrapper implements Serializable {
         final HttpServletRequest req = this.getHttpServletRequest();
         return ServletHelper.appendAndEncodeUrlParameters(req.getRequestURI(), readParametersAsMap());
     }
+
+    private static void checkRequestInstanceNonce(final PwmRequest pwmRequest) {
+        final String cookieName = pwmRequest.getConfig().readAppProperty(AppProperty.HTTP_COOKIE_INSTANCE_GUID_NAME);
+        final String cookieValue = pwmRequest.readCookie(cookieName);
+        if (cookieValue != null && !cookieValue.equals(pwmRequest.getPwmApplication().getInstanceNonce())) {
+            LOGGER.warn(pwmRequest, "request was generated by client communicating with a foreign server instance");
+        }
+
+    }
 }

pwm/servlet/src/password/pwm/http/PwmResponse.java

@@ -118,13 +118,6 @@ public class PwmResponse extends PwmHttpResponseWrapper {
         resp.getWriter().close();
     }
 
-    public void forwardToLoginPage()
-            throws IOException
-    {
-        final String loginServletURL = pwmRequest.getContextPath() + "/private/" + PwmConstants.URL_SERVLET_LOGIN;
-        sendRedirect(loginServletURL);
-    }
-
 
     public void writeEncryptedCookie(final String cookieName, final Serializable cookieValue, final String path)
             throws PwmUnrecoverableException

pwm/servlet/src/password/pwm/http/PwmURL.java

@@ -23,6 +23,7 @@
 package password.pwm.http;
 
 import password.pwm.PwmConstants;
+import password.pwm.http.servlet.PwmServletDefinition;
 
 import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
@@ -48,7 +49,7 @@ public class PwmURL {
     }
 
     public boolean isLoginServlet() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_LOGIN);
+        return isPwmServletURL(PwmServletDefinition.Login);
     }
 
     public boolean isResourceURL() {
@@ -60,45 +61,43 @@ public class PwmURL {
     }
 
     public boolean isLogoutURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_LOGOUT)
-                || checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_LOGOUT);
+        return isPwmServletURL(PwmServletDefinition.Logout);
     }
 
     public boolean isCaptchaURL() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_CAPTCHA);
+        return isPwmServletURL(PwmServletDefinition.Captcha);
     }
 
     public boolean isForgottenPasswordServlet() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_RECOVER_PASSWORD);
+        return isPwmServletURL(PwmServletDefinition.ForgottenPassword);
     }
 
     public boolean isForgottenUsernameServlet() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_RECOVER_USERNAME);
+        return isPwmServletURL(PwmServletDefinition.ForgottenUsername);
     }
 
     public boolean isUserActivationServlet() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_USER_ACTIVATION);
+        return isPwmServletURL(PwmServletDefinition.ActivateUser);
     }
 
     public boolean isNewUserRegistrationServlet() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_NEW_USER);
+        return isPwmServletURL(PwmServletDefinition.NewUser);
     }
 
     public boolean isOauthConsumer() {
-        return checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_OAUTH_CONSUMER);
+        return isPwmServletURL(PwmServletDefinition.OAuthConsumer);
     }
 
     public boolean isPrivateUrl() {
-        return checkIfStartsWithURL("/private/");
+        return checkIfStartsWithURL(PwmConstants.URL_PREFIX_PRIVATE + "/");
     }
 
     public boolean isPublicUrl() {
-        return checkIfStartsWithURL("/public/");
+        return checkIfStartsWithURL(PwmConstants.URL_PREFIX_PUBLIC + "/");
     }
 
     public boolean isCommandServletURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_COMMAND)
-                || checkIfStartsWithURL("/public/" + PwmConstants.URL_SERVLET_COMMAND);
+        return isPwmServletURL(PwmServletDefinition.Command);
     }
 
     public boolean isWebServiceURL() {
@@ -110,24 +109,27 @@ public class PwmURL {
     }
 
     public boolean isConfigGuideURL() {
-        return checkIfStartsWithURL("/private/config/" + PwmConstants.URL_SERVLET_CONFIG_GUIDE);
+        return isPwmServletURL(PwmServletDefinition.ConfigGuide);
+    }
+
+    public boolean isPwmServletURL(final PwmServletDefinition pwmServletDefinition) {
+        return checkIfStartsWithURL(pwmServletDefinition.urlPatterns());
     }
 
     public boolean isChangePasswordURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_CHANGE_PASSWORD,
-                "/public/" + PwmConstants.URL_SERVLET_CHANGE_PASSWORD);
+        return isPwmServletURL(PwmServletDefinition.ChangePassword);
     }
 
     public boolean isSetupResponsesURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_SETUP_RESPONSES);
+        return isPwmServletURL(PwmServletDefinition.SetupResponses);
     }
 
     public boolean isSetupOtpSecretURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_SETUP_OTP_SECRET);
+        return isPwmServletURL(PwmServletDefinition.SetupOtp);
     }
 
     public boolean isProfileUpdateURL() {
-        return checkIfStartsWithURL("/private/" + PwmConstants.URL_SERVLET_UPDATE_PROFILE);
+        return isPwmServletURL(PwmServletDefinition.UpdateProfile);
     }
 
     public String toString() {

pwm/servlet/src/password/pwm/http/bean/ActivateUserBean.java

@@ -3,7 +3,7 @@
  * http://code.google.com/p/pwm/
  *
  * Copyright (c) 2006-2009 Novell, Inc.
- * Copyright (c) 2009-2014 The PWM Project
+ * Copyright (c) 2009-2015 The PWM Project
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by