StoredConfiguration.java:
if (storedConfiguration.isDefaultValue(setting)) {
settingElement.addContent(new Element("default"));
} else {
final List<Element> valueElements;
if (setting.getSyntax() == PwmSettingSyntax.PASSWORD) {
final String key = PwmConstants.DEFAULT_DATETIME_FORMAT.format(storedConfiguration.createTime) + StoredConfiguration.class.getSimpleName();
valueElements = ((PasswordValue) storedConfiguration.settingMap.get(setting)).toXmlValues("value", key);
settingElement.addContent(new Comment("Note: This value is encrypted and can not be edited directly."));
settingElement.addContent(new Comment("Please use the Configuration Manager GUI to modify this value."));
} else {
valueElements = storedConfiguration.settingMap.get(setting).toXmlValues("value");
}
for (final Element loopValueElement : valueElements) {
settingElement.addContent(loopValueElement);
}
}
Since we have an automated play to deploy, I attempted to decrypt a known value using a static configuration file and an online AES decrypter without success (not sure if it was the simple name or the exact Z format of the creation timestamp that was to blame) . In the end, we created an ansible play to deploy pwm locally in configuration mode so that an admin can use the config UI to generate the password for the config pushed to formal environments.
I'll follow this as well to see if you get any interesting responses - but almost academic at this point for me.
HTH,
Trevor
<pwmtool.java>