Example 6 with WildFlyElytronProvider
use of org.wildfly.security.WildFlyElytronProvider in project wildfly-swarm by wildfly-swarm.
the class ArqSecuredManagementInterfaceWithPrecomputedPropertiesTest method testClient.
@Test
@RunAsClient
public void testClient() throws Exception {
Security.addProvider(new WildFlyElytronProvider());
ModelControllerClient client = ModelControllerClient.Factory.create("localhost", 9990, new AuthCallbackHandler("ManagementRealm", "bob", "tacos!"));
ModelNode response = client.execute(Operations.createOperation("whoami"));
assertThat(response.get("outcome").asString()).isEqualTo("success");
ModelNode result = response.get("result");
assertThat(result).isNotNull();
assertThat(result.isDefined()).isTrue();
ModelNode identity = result.get("identity");
assertThat(identity).isNotNull();
assertThat(identity.isDefined()).isTrue();
assertThat(identity.get("username").asString()).isEqualTo("bob");
// ===
response = client.execute(Operations.createOperation("read-resource", PathAddress.pathAddress(PathElement.pathElement("deployment", "*")).toModelNode()));
assertThat(response.get("outcome").asString()).isEqualTo("success");
result = response.get("result");
assertThat(result).isNotNull();
assertThat(result.isDefined()).isTrue();
assertThat(result.getType()).isEqualTo(ModelType.LIST);
assertThat(result.asList()).hasSize(1);
ModelNode myapp = result.get(0);
assertThat(myapp).isNotNull();
assertThat(myapp.isDefined()).isTrue();
ModelNode myappResult = myapp.get("result");
assertThat(myappResult).isNotNull();
assertThat(myappResult.isDefined()).isTrue();
assertThat(myappResult.get("name").asString()).isEqualTo("myapp.jar");
}
Also used :
ModelControllerClient(org.jboss.as.controller.client.ModelControllerClient)
ModelNode(org.jboss.dmr.ModelNode)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
RunAsClient(org.jboss.arquillian.container.test.api.RunAsClient)
Test(org.junit.Test)
Example 7 with WildFlyElytronProvider
use of org.wildfly.security.WildFlyElytronProvider in project fuse-karaf by jboss-fuse.
the class CredentialStoreHelperTest method accessCredentialStore.
@Test
public void accessCredentialStore() throws Exception {
Security.addProvider(new WildFlyElytronProvider());
// KeyStoreCredentialStore is default algorithm when using
// org.jboss.fuse.credential.store.karaf.util.CredentialStoreHelper.credentialStoreFromEnvironment()
// it's a credential store which is backed by a key store
CredentialStore cs1 = CredentialStore.getInstance("KeyStoreCredentialStore");
// Credential store implementation which uses the legacy "vault" format
CredentialStore cs2 = CredentialStore.getInstance("VaultCredentialStore");
// map-backed credential store implementation
CredentialStore cs3 = CredentialStore.getInstance("MapCredentialStore");
LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
LOG.info("Credential Store 2: {}, aliases: {}", cs2, /*cs2.getAliases()*/
null);
LOG.info("Credential Store 3: {}, aliases: {}", cs3, cs3.getAliases());
// KeyStoreCredentialStore uses 3 parameters/attributes
// - location
// - modifiable
// - keyStoreType
// CHECKSTYLE:OFF
// from $JAVA_HOME/jre/lib/security/java.security, keystore.type
LOG.info("Default KeyStore type: {}", KeyStore.getDefaultType());
LOG.info("KeyStore providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("KeyStore".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("PasswordFactory providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("PasswordFactory".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("SecretKeyFactory providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("SecretKeyFactory".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("Cipher providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("Cipher".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
// CHECKSTYLE:ON
Password pwd1 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret1".toCharArray()));
Password pwd2 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret2".toCharArray()));
CredentialSource cs = IdentityCredentials.NONE.withCredential(new PasswordCredential(pwd1));
CredentialStore.ProtectionParameter pp = new CredentialStore.CredentialSourceProtectionParameter(cs);
Map<String, String> attrs = new HashMap<>();
attrs.put("keyStoreType", "PKCS12");
attrs.put("location", String.format("target/credentials-%12d.store", new Date().getTime()));
cs1.initialize(attrs, pp);
cs1.store("alias1", new PasswordCredential(pwd2));
cs1.flush();
LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
PasswordCredential pwd = cs1.retrieve("alias1", PasswordCredential.class);
LOG.info("Retrieved password: {}", new String(((ClearPassword) pwd.getPassword()).getPassword()));
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
HashMap(java.util.HashMap)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
Date(java.util.Date)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
Provider(java.security.Provider)
CredentialStore(org.wildfly.security.credential.store.CredentialStore)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Test(org.junit.Test)
Example 8 with WildFlyElytronProvider
use of org.wildfly.security.WildFlyElytronProvider in project fuse-karaf by jboss-fuse.
the class ProtectionTypeTest method shouldCreateMaskedPasswordCredentialSourceFromConfiguration.
@Test
public void shouldCreateMaskedPasswordCredentialSourceFromConfiguration() throws IOException, GeneralSecurityException {
final Map<String, String> configuration = new HashMap<>();
configuration.put("CREDENTIAL_STORE_PROTECTION_ALGORITHM", MaskedPassword.ALGORITHM_MASKED_MD5_DES);
configuration.put("CREDENTIAL_STORE_PROTECTION_PARAMS", "MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIHmrp8uDnGLE=");
configuration.put("CREDENTIAL_STORE_PROTECTION", "mC/60tWnla4bmFn2e5Z8U3CZnjsG9Pvc");
final CredentialSource credentialSource = ProtectionType.masked.createCredentialSource(configuration);
assertThat(credentialSource).isNotNull();
final PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
final Password password = credential.getPassword();
final PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, new WildFlyElytronProvider());
final ClearPasswordSpec clearPasswordSpec = clearPasswordFactory.getKeySpec(password, ClearPasswordSpec.class);
assertThat(new String(clearPasswordSpec.getEncodedPassword())).isEqualTo("my deep dark secret");
}
Also used :
PasswordFactory(org.wildfly.security.password.PasswordFactory)
HashMap(java.util.HashMap)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
Test(org.junit.Test)
Example 9 with WildFlyElytronProvider
use of org.wildfly.security.WildFlyElytronProvider in project fuse-karaf by jboss-fuse.
the class ActivatorTest method initializeCredentialStore.
@Before
public void initializeCredentialStore() throws Exception {
activator.start(null);
final WildFlyElytronProvider elytron = new WildFlyElytronProvider();
Security.addProvider(elytron);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, elytron);
final Password password = passwordFactory.generatePassword(new ClearPasswordSpec("it was the best of times it was the worst of times".toCharArray()));
final Credential credential = new PasswordCredential(password);
final CredentialSource credentialSource = IdentityCredentials.NONE.withCredential(credential);
credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, elytron);
final String storePath = new File(tmp.getRoot(), "credential.store").getAbsolutePath();
final Map<String, String> parameters = new HashMap<>();
parameters.put("location", storePath);
parameters.put("keyStoreType", "JCEKS");
credentialStore.initialize(parameters, new CredentialStore.CredentialSourceProtectionParameter(credentialSource));
final Password secret = passwordFactory.generatePassword(new ClearPasswordSpec("this is a password".toCharArray()));
final Credential value = new PasswordCredential(secret);
credentialStore.store("alias", value);
credentialStore.flush();
}
Also used :
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
Credential(org.wildfly.security.credential.Credential)
HashMap(java.util.HashMap)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
PasswordFactory(org.wildfly.security.password.PasswordFactory)
CredentialStore(org.wildfly.security.credential.store.CredentialStore)
KeyStoreCredentialStore(org.wildfly.security.credential.store.impl.KeyStoreCredentialStore)
File(java.io.File)
Password(org.wildfly.security.password.Password)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Before(org.junit.Before)
Example 10 with WildFlyElytronProvider
use of org.wildfly.security.WildFlyElytronProvider in project fuse-karaf by jboss-fuse.
the class Activator method start.
/**
* If there are any Credential store references as values in the system properties, adds
* {@link WildFlyElytronProvider} to {@link Security} providers, replaces those values with the values from the
* Credential store and installs the JMX filter to prevent the clear text value leakage.
*
* @param context
* OSGI bundle context
*/
@Override
public void start(final BundleContext context) throws Exception {
this.context = context;
final WildFlyElytronProvider elytronProvider = new WildFlyElytronProvider();
providerName = elytronProvider.getName();
Security.addProvider(elytronProvider);
final Properties properties = System.getProperties();
@SuppressWarnings("unchecked") final Collection<String> values = (Collection) properties.values();
final boolean hasValuesFromCredentialStore = CredentialStoreHelper.containsStoreReferences(values);
if (!hasValuesFromCredentialStore) {
return;
}
CredentialStore credentialStore;
try {
credentialStore = CredentialStoreHelper.credentialStoreFromEnvironment();
} catch (final Exception e) {
final String message = e.getMessage();
System.err.println("\r\nUnable to initialize credential store, destroying container: " + message);
LOG.error("Unable to initialize credential store, destroying container: {}", message);
if (LOG.isDebugEnabled()) {
LOG.debug("Logging exception stack trace", e);
}
final Bundle frameworkBundle = context.getBundle(0);
frameworkBundle.stop();
return;
}
@SuppressWarnings("unchecked") final Hashtable<String, String> propertiesAsStringEntries = (Hashtable) properties;
for (final Entry<String, String> property : propertiesAsStringEntries.entrySet()) {
final String key = property.getKey();
final String value = property.getValue();
if (replaced(credentialStore, key, value)) {
replacedProperties.put(key, value);
}
}
if (!replacedProperties.isEmpty()) {
mbeanServerTracker = new ServiceTracker<>(context, MBeanServer.class, this);
mbeanServerTracker.open();
}
}
Also used :
Bundle(org.osgi.framework.Bundle)
Hashtable(java.util.Hashtable)
Properties(java.util.Properties)
WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider)
JMException(javax.management.JMException)
CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException)
CredentialStore(org.wildfly.security.credential.store.CredentialStore)
Collection(java.util.Collection)
MBeanServer(javax.management.MBeanServer)
Aggregations
WildFlyElytronProvider (org.wildfly.security.WildFlyElytronProvider)10
Test (org.junit.Test)7
RunAsClient (org.jboss.arquillian.container.test.api.RunAsClient)4
ModelControllerClient (org.jboss.as.controller.client.ModelControllerClient)4
ModelNode (org.jboss.dmr.ModelNode)4
PasswordCredential (org.wildfly.security.credential.PasswordCredential)4
CredentialSource (org.wildfly.security.credential.source.CredentialSource)4
Provider (java.security.Provider)3
HashMap (java.util.HashMap)3
CredentialStore (org.wildfly.security.credential.store.CredentialStore)3
Password (org.wildfly.security.password.Password)3
ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)3
ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)3
File (java.io.File)2
Properties (java.util.Properties)2
PasswordFactory (org.wildfly.security.password.PasswordFactory)2
Collection (java.util.Collection)1
Date (java.util.Date)1
Hashtable (java.util.Hashtable)1
JMException (javax.management.JMException)1
