Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 358686

Summary: Provide Extendability in the Encryption of Connection Profile Stores
Product: [Tools] Data Tools Reporter: Linda Chan <lchan>
Component: Connection Mgt FrameworkAssignee: Linda Chan <lchan>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: P3 Flags: bfitzpat: review+
Version: 1.9   
Target Milestone: 1.9.2   
Hardware: All   
OS: All   
Whiteboard:
Attachments:
Description Flags
Patch for the new cipherProvider extension point none

Description Linda Chan CLA 2011-09-23 00:39:13 EDT 
The default encryption framework in Connectivity encrypts/decrypts an exported connection profile store file by using the encryption key spec that is read from a file embedded in the o.e.d.connectivity bundle.  This could be a security vulnerability as the file containing the key spec is readily available to anyone who unpacks the open source bundle.

This enhancement is to add a new extension point to allow adopters to extend the connection profile store encryption framework with a custom provider of javax.crypto.Cipher instances for files with a specified file extension.  The existing default cipher provider will continue to be used if no cipher provider extension is registered for a file extension.
Comment 1 Linda Chan CLA 2011-09-23 02:29:27 EDT 
Created attachment 203881 [details]
Patch for the new cipherProvider extension point

The attached Git patch adds a new cipherProvider extension point to allow adopters to extend the connection profile store encryption framework.
See the schema/cipherProvider.exsd for the schema definition and documentation.
Comment 2 Brian Fitzpatrick CLA 2011-09-23 11:53:15 EDT 
Linda, the patch looks fine to me. This has been something we wanted to do for many years, so I'm good with the idea. :)
Comment 3 Linda Chan CLA 2011-09-24 00:58:00 EDT 
Thanks Fitz for the review.  Committed the contribution of the new org.eclipse.datatools.connectivity.cipherProvider extension point. Tagged with v201109241211.

Git commit log: http://git.eclipse.org/c/datatools/org.eclipse.datatools.connectivity.git/commit/?id=953a7dd55c8ec2ef256dd61877b1614b6c2f2eb3
Comment 4 Linda Chan CLA 2011-09-24 22:24:45 EDT 
Fixed backward compatibility in internal SecurityManager methods.
Also upgraded the Profile Console Application to adopt the newly extendable encryption framework.  Tagged with v201109250955.

Git commit log:
http://git.eclipse.org/c/datatools/org.eclipse.datatools.connectivity.git/commit/?id=232beda86deccf8decb862f37df424f0256a68de