Example 1 with Assert
use of org.wildfly.common.Assert in project wildfly-elytron by wildfly-security.
the class ElytronXmlParser method parseCredentialsType.
private static ExceptionSupplier<CredentialSource, ConfigXMLParseException> parseCredentialsType(final ConfigurationXMLStreamReader reader, final Version xmlVersion, final Map<String, ExceptionSupplier<KeyStore, ConfigXMLParseException>> keyStoresMap, final Map<String, ExceptionSupplier<CredentialStore, ConfigXMLParseException>> credentialStoresMap, Supplier<Provider[]> providers) throws ConfigXMLParseException {
ExceptionUnaryOperator<CredentialSource, ConfigXMLParseException> function = parent -> CredentialSource.NONE;
requireNoAttributes(reader);
while (reader.hasNext()) {
final int tag = reader.nextTag();
if (tag == START_ELEMENT) {
checkElementNamespace(reader, xmlVersion);
switch(reader.getLocalName()) {
case "key-store-reference":
{
final ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> supplier = parseKeyStoreRefType(reader, xmlVersion, keyStoresMap, credentialStoresMap, providers);
function = andThenOp(function, credentialSource -> credentialSource.with(new KeyStoreCredentialSource(new FixedSecurityFactory<KeyStore.Entry>(supplier.get()))));
break;
}
case "credential-store-reference":
{
final ExceptionSupplier<CredentialSource, ConfigXMLParseException> supplier = parseCredentialStoreRefType(reader, credentialStoresMap);
function = andThenOp(function, credentialSource -> credentialSource.with(supplier.get()));
break;
}
case "clear-password":
{
ExceptionSupplier<Password, ConfigXMLParseException> password = parseClearPassword(reader, providers);
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(new PasswordCredential(password.get()))));
break;
}
case "masked-password":
{
if (!xmlVersion.isAtLeast(Version.VERSION_1_4)) {
throw reader.unexpectedElement();
}
final XMLLocation location = reader.getLocation();
ExceptionSupplier<Password, ConfigXMLParseException> password = parseMaskedPassword(reader, providers);
Password maskedPassword = password.get();
Password finalPassword;
try {
final PasswordFactory passwordFactory = PasswordFactory.getInstance(maskedPassword.getAlgorithm(), providers);
final ClearPasswordSpec spec = passwordFactory.getKeySpec(maskedPassword, ClearPasswordSpec.class);
final char[] clearPassword = spec.getEncodedPassword();
PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, providers);
finalPassword = clearPasswordFactory.generatePassword(new ClearPasswordSpec(clearPassword)).castAs(ClearPassword.class);
} catch (InvalidKeySpecException | NoSuchAlgorithmException cause) {
throw xmlLog.xmlFailedToCreateCredential(location, cause);
}
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(new PasswordCredential(finalPassword))));
break;
}
case "key-pair":
{
KeyPairCredential keyPairCredential = parseKeyPair(reader, xmlVersion, credentialStoresMap, providers);
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(keyPairCredential)));
break;
}
case "certificate":
{
X509CertificateChainPrivateCredential credential = parseCertificateType(reader, xmlVersion);
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(credential)));
break;
}
case "public-key-pem":
{
PublicKey publicKey = parsePem(reader, PublicKey.class);
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(new PublicKeyCredential(publicKey))));
break;
}
case "bearer-token":
{
BearerTokenCredential bearerToken = parseBearerTokenType(reader);
function = andThenOp(function, credentialSource -> credentialSource.with(IdentityCredentials.NONE.withCredential(bearerToken)));
break;
}
case "oauth2-bearer-token":
{
final ExceptionSupplier<CredentialSource, ConfigXMLParseException> oauthCredentialSourceSupplier = parseOAuth2BearerTokenType(reader, credentialStoresMap, xmlVersion);
function = andThenOp(function, credentialSource -> credentialSource.with(oauthCredentialSourceSupplier.get()));
break;
}
case "local-kerberos":
{
if (!xmlVersion.isAtLeast(Version.VERSION_1_1)) {
throw reader.unexpectedElement();
}
CredentialSource kerberosCredentialSource = parseLocalKerberos(reader);
function = andThenOp(function, credentialSource -> credentialSource.with(kerberosCredentialSource));
xmlLog.xmlDeprecatedElement(reader.getLocalName(), reader.getLocation());
break;
}
case "ssh-credential":
{
if (!xmlVersion.isAtLeast(Version.VERSION_1_6)) {
throw reader.unexpectedElement();
}
SSHCredential sshCredential = parseSSHKeyLocationCredential(reader, xmlVersion, credentialStoresMap, providers);
function = andThenOp(function, credentialSource -> credentialSource.with(credentialSource.with(IdentityCredentials.NONE.withCredential(sshCredential))));
break;
}
default:
{
throw reader.unexpectedElement();
}
}
} else if (tag == END_ELEMENT) {
assert reader.getLocalName().equals("credentials") || reader.getLocalName().equals("protection-parameter-credentials");
final ExceptionUnaryOperator<CredentialSource, ConfigXMLParseException> finalFunction = function;
return () -> finalFunction.apply(null);
} else {
throw reader.unexpectedContent();
}
}
throw reader.unexpectedDocumentEnd();
}
Also used :
KeyPair(java.security.KeyPair)
SSLContext(javax.net.ssl.SSLContext)
ProviderFactory(org.wildfly.security.provider.util.ProviderFactory)
Enumeration(java.util.Enumeration)
SSHCredential(org.wildfly.security.credential.SSHCredential)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyStoreException(java.security.KeyStoreException)
OAuth2CredentialSource(org.wildfly.security.credential.source.OAuth2CredentialSource)
CodePointIterator(org.wildfly.common.iteration.CodePointIterator)
KeyStoreCredentialSource(org.wildfly.security.credential.source.impl.KeyStoreCredentialSource)
GSSCredentialSecurityFactory(org.wildfly.security.mechanism.gssapi.GSSCredentialSecurityFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
Map(java.util.Map)
MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec)
ClientConfiguration(org.wildfly.client.config.ClientConfiguration)
Assert(org.wildfly.common.Assert)
SSLContextBuilder(org.wildfly.security.ssl.SSLContextBuilder)
PemEntry(org.wildfly.security.pem.PemEntry)
Oid(org.ietf.jgss.Oid)
PasswordEntry(org.wildfly.security.keystore.PasswordEntry)
FilteringKeyStore(org.wildfly.security.keystore.FilteringKeyStore)
StandardCharsets(java.nio.charset.StandardCharsets)
START_ELEMENT(javax.xml.stream.XMLStreamConstants.START_ELEMENT)
PrivateKey(java.security.PrivateKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential)
SecretKey(javax.crypto.SecretKey)
CipherSuiteSelector(org.wildfly.security.ssl.CipherSuiteSelector)
SecurityFactory(org.wildfly.security.SecurityFactory)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
FixedSecurityFactory(org.wildfly.security.FixedSecurityFactory)
PasswordFactory(org.wildfly.security.password.PasswordFactory)
ElytronAuthenticator(org.wildfly.security.auth.util.ElytronAuthenticator)
Supplier(java.util.function.Supplier)
ProtocolSelector(org.wildfly.security.ssl.ProtocolSelector)
ArrayList(java.util.ArrayList)
XMLLocation(org.wildfly.client.config.XMLLocation)
SecretKeyFactory(javax.crypto.SecretKeyFactory)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
OidsUtil(org.wildfly.security.asn1.OidsUtil)
RegexNameRewriter(org.wildfly.security.auth.util.RegexNameRewriter)
IntFunction(java.util.function.IntFunction)
ConfigurationXMLStreamReader(org.wildfly.client.config.ConfigurationXMLStreamReader)
IOException(java.io.IOException)
KeyManager(javax.net.ssl.KeyManager)
MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)
SaslMechanismSelector(org.wildfly.security.sasl.SaslMechanismSelector)
X509TrustManager(javax.net.ssl.X509TrustManager)
X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager)
X509Certificate(java.security.cert.X509Certificate)
ElytronFilePasswordProvider(org.wildfly.security.auth.util.ElytronFilePasswordProvider)
ListIterator(java.util.ListIterator)
TrustManager(javax.net.ssl.TrustManager)
ConfigXMLParseException(org.wildfly.client.config.ConfigXMLParseException)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
ExceptionUnaryOperator(org.wildfly.common.function.ExceptionUnaryOperator)
ProviderUtil.findProvider(org.wildfly.security.provider.util.ProviderUtil.findProvider)
WrappingPasswordKeyStore(org.wildfly.security.keystore.WrappingPasswordKeyStore)
END_ELEMENT(javax.xml.stream.XMLStreamConstants.END_ELEMENT)
ProviderServiceLoaderSupplier(org.wildfly.security.provider.util.ProviderServiceLoaderSupplier)
URI(java.net.URI)
ExceptionBiFunction(org.wildfly.common.function.ExceptionBiFunction)
LocalKerberosCredentialSource(org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource)
TrustManagerFactory(javax.net.ssl.TrustManagerFactory)
CredentialStore(org.wildfly.security.credential.store.CredentialStore)
Authenticator(java.net.Authenticator)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
KeyStore(java.security.KeyStore)
ServiceLoader(java.util.ServiceLoader)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
GSSException(org.ietf.jgss.GSSException)
INSTALLED_PROVIDERS(org.wildfly.security.provider.util.ProviderUtil.INSTALLED_PROVIDERS)
FileNotFoundException(java.io.FileNotFoundException)
Provider(java.security.Provider)
NameRewriter(org.wildfly.security.auth.server.NameRewriter)
List(java.util.List)
ElytronMessages.xmlLog(org.wildfly.security.auth.client._private.ElytronMessages.xmlLog)
CredentialStoreCredentialSource(org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource)
Pattern(java.util.regex.Pattern)
ExceptionSupplier(org.wildfly.common.function.ExceptionSupplier)
ElytronMessages(org.wildfly.security.auth.client._private.ElytronMessages)
WildFlyElytronPasswordProvider(org.wildfly.security.password.WildFlyElytronPasswordProvider)
HashMap(java.util.HashMap)
Assert.checkMinimumParameter(org.wildfly.common.Assert.checkMinimumParameter)
X509RevocationTrustManager(org.wildfly.security.ssl.X509RevocationTrustManager)
AliasFilter(org.wildfly.security.keystore.AliasFilter)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
ServiceConfigurationError(java.util.ServiceConfigurationError)
LinkedList(java.util.LinkedList)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
Iterator(java.util.Iterator)
MalformedURLException(java.net.MalformedURLException)
IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)
KeyManagerFactory(javax.net.ssl.KeyManagerFactory)
PublicKey(java.security.PublicKey)
FileInputStream(java.io.FileInputStream)
Pem(org.wildfly.security.pem.Pem)
Assert.checkNotNullParam(org.wildfly.common.Assert.checkNotNullParam)
KeyStoreUtil(org.wildfly.security.keystore.KeyStoreUtil)
Closeable(java.io.Closeable)
Location(javax.xml.stream.Location)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
ProviderUtil(org.wildfly.security.provider.util.ProviderUtil)
Credential(org.wildfly.security.credential.Credential)
Collections(java.util.Collections)
ServiceLoaderSaslClientFactory(org.wildfly.security.sasl.util.ServiceLoaderSaslClientFactory)
InputStream(java.io.InputStream)
ExceptionSupplier(org.wildfly.common.function.ExceptionSupplier)
XMLLocation(org.wildfly.client.config.XMLLocation)
SSHCredential(org.wildfly.security.credential.SSHCredential)
KeyStoreCredentialSource(org.wildfly.security.credential.source.impl.KeyStoreCredentialSource)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
PublicKey(java.security.PublicKey)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
FilteringKeyStore(org.wildfly.security.keystore.FilteringKeyStore)
WrappingPasswordKeyStore(org.wildfly.security.keystore.WrappingPasswordKeyStore)
KeyStore(java.security.KeyStore)
ExceptionUnaryOperator(org.wildfly.common.function.ExceptionUnaryOperator)
PemEntry(org.wildfly.security.pem.PemEntry)
PasswordEntry(org.wildfly.security.keystore.PasswordEntry)
PasswordFactory(org.wildfly.security.password.PasswordFactory)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
ConfigXMLParseException(org.wildfly.client.config.ConfigXMLParseException)
OAuth2CredentialSource(org.wildfly.security.credential.source.OAuth2CredentialSource)
KeyStoreCredentialSource(org.wildfly.security.credential.source.impl.KeyStoreCredentialSource)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
LocalKerberosCredentialSource(org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource)
CredentialStoreCredentialSource(org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource)
MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
Example 2 with Assert
use of org.wildfly.common.Assert in project wildfly-elytron by wildfly-security.
the class KeyStoreCredentialStore method store.
public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
try {
// first, attempt to encode the credential into a keystore entry
final Class<? extends Credential> credentialClass = credential.getClass();
final String algorithmName = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
final AlgorithmParameterSpec parameterSpec = credential.castAndApply(AlgorithmCredential.class, AlgorithmCredential::getParameters);
final KeyStore.Entry entry;
if (credentialClass == SecretKeyCredential.class) {
entry = new KeyStore.SecretKeyEntry(credential.castAndApply(SecretKeyCredential.class, SecretKeyCredential::getSecretKey));
} else if (credentialClass == PublicKeyCredential.class) {
final PublicKey publicKey = credential.castAndApply(PublicKeyCredential.class, PublicKeyCredential::getPublicKey);
final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
final X509EncodedKeySpec keySpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
final byte[] encoded = keySpec.getEncoded();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoded, DATA_OID));
} else if (credentialClass == KeyPairCredential.class) {
final KeyPair keyPair = credential.castAndApply(KeyPairCredential.class, KeyPairCredential::getKeyPair);
final PublicKey publicKey = keyPair.getPublic();
final PrivateKey privateKey = keyPair.getPrivate();
final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
// ensured by KeyPairCredential
assert privateKey.getAlgorithm().equals(publicKey.getAlgorithm());
final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class);
final DEREncoder encoder = new DEREncoder();
encoder.startSequence();
encoder.writeEncoded(publicSpec.getEncoded());
encoder.writeEncoded(privateSpec.getEncoded());
encoder.endSequence();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else if (credentialClass == X509CertificateChainPublicCredential.class) {
final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain);
final DEREncoder encoder = new DEREncoder();
encoder.encodeInteger(x509Certificates.length);
encoder.startSequence();
for (X509Certificate x509Certificate : x509Certificates) {
encoder.writeEncoded(x509Certificate.getEncoded());
}
encoder.endSequence();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else if (credentialClass == X509CertificateChainPrivateCredential.class) {
@SuppressWarnings("ConstantConditions") X509CertificateChainPrivateCredential cred = (X509CertificateChainPrivateCredential) credential;
entry = new KeyStore.PrivateKeyEntry(cred.getPrivateKey(), cred.getCertificateChain());
} else if (credentialClass == BearerTokenCredential.class) {
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(credential.castAndApply(BearerTokenCredential.class, c -> c.getToken().getBytes(StandardCharsets.UTF_8)), DATA_OID));
} else if (credentialClass == PasswordCredential.class) {
final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword);
final String algorithm = password.getAlgorithm();
final DEREncoder encoder = new DEREncoder();
final PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(algorithm, () -> providers) : PasswordFactory.getInstance(algorithm);
switch(algorithm) {
case BCryptPassword.ALGORITHM_BCRYPT:
case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
{
IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.encodeInteger(passwordSpec.getIterationCount());
encoder.endSequence();
break;
}
case ClearPassword.ALGORITHM_CLEAR:
{
final ClearPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class);
encoder.encodeOctetString(new String(passwordSpec.getEncodedPassword()));
break;
}
case DigestPassword.ALGORITHM_DIGEST_MD5:
case DigestPassword.ALGORITHM_DIGEST_SHA:
case DigestPassword.ALGORITHM_DIGEST_SHA_256:
case DigestPassword.ALGORITHM_DIGEST_SHA_384:
case DigestPassword.ALGORITHM_DIGEST_SHA_512:
case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
{
final DigestPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), DigestPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getUsername());
encoder.encodeOctetString(passwordSpec.getRealm());
encoder.encodeOctetString(passwordSpec.getDigest());
encoder.endSequence();
break;
}
case OneTimePassword.ALGORITHM_OTP_MD5:
case OneTimePassword.ALGORITHM_OTP_SHA1:
case OneTimePassword.ALGORITHM_OTP_SHA_256:
case OneTimePassword.ALGORITHM_OTP_SHA_384:
case OneTimePassword.ALGORITHM_OTP_SHA_512:
{
final OneTimePasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), OneTimePasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeIA5String(passwordSpec.getSeed());
encoder.encodeInteger(passwordSpec.getSequenceNumber());
encoder.endSequence();
break;
}
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
{
final SaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), SaltedHashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.endSequence();
break;
}
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
{
final HashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), HashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getDigest());
encoder.endSequence();
break;
}
default:
{
if (MaskedPassword.isMaskedAlgorithm(algorithmName)) {
final MaskedPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), MaskedPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(new String(passwordSpec.getInitialKeyMaterial()));
encoder.encodeInteger(passwordSpec.getIterationCount());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.encodeOctetString(passwordSpec.getMaskedPasswordBytes());
encoder.endSequence();
break;
} else {
throw log.unsupportedCredentialType(credentialClass);
}
}
}
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else {
throw log.unsupportedCredentialType(credentialClass);
}
// now, store it under a unique alias
final String ksAlias = calculateNewAlias(credentialAlias, credentialClass, algorithmName, parameterSpec);
try (Hold hold = lockForWrite()) {
keyStore.setEntry(ksAlias, entry, convertParameter(protectionParameter));
final TopEntry topEntry = cache.computeIfAbsent(toLowercase(credentialAlias), TopEntry::new);
final MidEntry midEntry = topEntry.getMap().computeIfAbsent(credentialClass, c -> new MidEntry(topEntry, c));
final BottomEntry bottomEntry;
if (algorithmName != null) {
bottomEntry = midEntry.getMap().computeIfAbsent(algorithmName, n -> new BottomEntry(midEntry, n));
} else {
bottomEntry = midEntry.getOrCreateNoAlgorithm();
}
final String oldAlias;
if (parameterSpec != null) {
oldAlias = bottomEntry.getMap().put(new ParamKey(parameterSpec), ksAlias);
} else {
oldAlias = bottomEntry.setNoParams(ksAlias);
}
if (oldAlias != null && !oldAlias.equals(ksAlias)) {
// unlikely but possible
keyStore.deleteEntry(oldAlias);
}
}
} catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | CertificateException e) {
throw log.cannotWriteCredentialToStore(e);
}
}
Also used :
MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec)
KeyPair(java.security.KeyPair)
Arrays(java.util.Arrays)
Enumeration(java.util.Enumeration)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
KeyStoreException(java.security.KeyStoreException)
CodePointIterator(org.wildfly.common.iteration.CodePointIterator)
KeyUtil(org.wildfly.security.key.KeyUtil)
UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword)
GeneralSecurityException(java.security.GeneralSecurityException)
Matcher(java.util.regex.Matcher)
Map(java.util.Map)
MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec)
PasswordSpec(org.wildfly.security.password.spec.PasswordSpec)
Path(java.nio.file.Path)
ReadWriteLock(java.util.concurrent.locks.ReadWriteLock)
EmptyProvider(org.wildfly.security.EmptyProvider)
Assert(org.wildfly.common.Assert)
Set(java.util.Set)
DEREncoder(org.wildfly.security.asn1.DEREncoder)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
StandardCharsets(java.nio.charset.StandardCharsets)
PrivateKey(java.security.PrivateKey)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
InvalidKeyException(java.security.InvalidKeyException)
BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential)
SecretKey(javax.crypto.SecretKey)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
DERDecoder(org.wildfly.security.asn1.DERDecoder)
ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock)
PasswordFactory(org.wildfly.security.password.PasswordFactory)
AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential)
OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword)
IvParameterSpec(javax.crypto.spec.IvParameterSpec)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ObjectOutputStream(java.io.ObjectOutputStream)
SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential)
HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec)
Files(java.nio.file.Files)
DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)
DigestPassword(org.wildfly.security.password.interfaces.DigestPassword)
BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword)
IOException(java.io.IOException)
MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)
Paths(java.nio.file.Paths)
CredentialStoreSpi(org.wildfly.security.credential.store.CredentialStoreSpi)
AtomicFileOutputStream(org.wildfly.security.util.AtomicFileOutputStream)
ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword)
X509Certificate(java.security.cert.X509Certificate)
ByteIterator(org.wildfly.common.iteration.ByteIterator)
CertificateFactory(java.security.cert.CertificateFactory)
X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential)
ObjectInputStream(java.io.ObjectInputStream)
Security(java.security.Security)
OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec)
SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
ByteArrayInputStream(java.io.ByteArrayInputStream)
Locale(java.util.Locale)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
UnrecoverableEntryException(java.security.UnrecoverableEntryException)
UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword)
CredentialStore(org.wildfly.security.credential.store.CredentialStore)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
KeyStore(java.security.KeyStore)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
KeyFactory(java.security.KeyFactory)
Provider(java.security.Provider)
List(java.util.List)
Certificate(java.security.cert.Certificate)
Pattern(java.util.regex.Pattern)
SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword)
SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec)
X500(org.wildfly.security.x500.X500)
HashMap(java.util.HashMap)
Cipher(javax.crypto.Cipher)
IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)
HashSet(java.util.HashSet)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
NoSuchPaddingException(javax.crypto.NoSuchPaddingException)
InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException)
ElytronMessages.log(org.wildfly.security.credential.store._private.ElytronMessages.log)
UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword)
OutputStream(java.io.OutputStream)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
Iterator(java.util.Iterator)
ASN1Exception(org.wildfly.security.asn1.ASN1Exception)
PublicKey(java.security.PublicKey)
CertificateException(java.security.cert.CertificateException)
Base32Alphabet(org.wildfly.common.codec.Base32Alphabet)
AlgorithmParameters(java.security.AlgorithmParameters)
BadPaddingException(javax.crypto.BadPaddingException)
SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword)
BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword)
Password(org.wildfly.security.password.Password)
CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
Credential(org.wildfly.security.credential.Credential)
Collections(java.util.Collections)
InputStream(java.io.InputStream)
PrivateKey(java.security.PrivateKey)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec)
IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)
BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
CertificateException(java.security.cert.CertificateException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential)
OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec)
AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential)
DEREncoder(org.wildfly.security.asn1.DEREncoder)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec)
SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec)
IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)
InvalidKeySpecException(java.security.spec.InvalidKeySpecException)
X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential)
KeyFactory(java.security.KeyFactory)
UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword)
OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword)
DigestPassword(org.wildfly.security.password.interfaces.DigestPassword)
BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword)
MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)
ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword)
SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword)
UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword)
SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword)
UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword)
SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword)
BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
KeyPair(java.security.KeyPair)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
PublicKey(java.security.PublicKey)
X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
KeyStoreException(java.security.KeyStoreException)
InvalidKeyException(java.security.InvalidKeyException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)
PasswordFactory(org.wildfly.security.password.PasswordFactory)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)
AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec)
DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)
Aggregations
IOException (java.io.IOException)2
InputStream (java.io.InputStream)2
StandardCharsets (java.nio.charset.StandardCharsets)2
GeneralSecurityException (java.security.GeneralSecurityException)2
KeyPair (java.security.KeyPair)2
KeyStore (java.security.KeyStore)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
PrivateKey (java.security.PrivateKey)2
Provider (java.security.Provider)2
PublicKey (java.security.PublicKey)2
X509Certificate (java.security.cert.X509Certificate)2
InvalidKeySpecException (java.security.spec.InvalidKeySpecException)2
Collections (java.util.Collections)2
Enumeration (java.util.Enumeration)2
HashMap (java.util.HashMap)2
Iterator (java.util.Iterator)2
List (java.util.List)2
Map (java.util.Map)2
Pattern (java.util.regex.Pattern)2
