Example 1 with PasswordCredential
use of org.wildfly.security.credential.PasswordCredential in project wildfly by wildfly.
the class SimpleSecurityManager method push.
/**
* Must be called from within a privileged action.
*
* @param securityDomain
*/
public void push(final String securityDomain) {
// TODO - Handle a null securityDomain here? Yes I think so.
final SecurityContext previous = SecurityContextAssociation.getSecurityContext();
contexts.push(previous);
SecurityContext current = establishSecurityContext(securityDomain);
if (propagate && previous != null) {
current.setSubjectInfo(getSubjectInfo(previous));
current.setIncomingRunAs(previous.getOutgoingRunAs());
}
RunAs currentRunAs = current.getIncomingRunAs();
boolean trusted = currentRunAs != null && currentRunAs instanceof RunAsIdentity;
if (trusted == false) {
/*
* We should only be switching to a context based on an identity from the Remoting connection if we don't already
* have a trusted identity - this allows for beans to reauthenticate as a different identity.
*/
if (SecurityActions.remotingContextIsSet()) {
// In this case the principal and credential will not have been set to set some random values.
SecurityContextUtil util = current.getUtil();
Connection connection = SecurityActions.remotingContextGetConnection();
Principal p = null;
Object credential = null;
SecurityIdentity localIdentity = connection.getLocalIdentity();
if (localIdentity != null) {
p = new SimplePrincipal(localIdentity.getPrincipal().getName());
IdentityCredentials privateCredentials = localIdentity.getPrivateCredentials();
PasswordCredential passwordCredential = privateCredentials.getCredential(PasswordCredential.class, ClearPassword.ALGORITHM_CLEAR);
if (passwordCredential != null) {
credential = new String(passwordCredential.getPassword(ClearPassword.class).getPassword());
} else {
credential = new RemotingConnectionCredential(connection);
}
} else {
throw SecurityLogger.ROOT_LOGGER.noUserPrincipalFound();
}
SecurityActions.remotingContextClear();
util.createSubjectInfo(p, credential, null);
}
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
SecurityContextUtil(org.jboss.security.SecurityContextUtil)
RunAs(org.jboss.security.RunAs)
RunAsIdentity(org.jboss.security.RunAsIdentity)
Connection(org.jboss.remoting3.Connection)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SecurityIdentity(org.wildfly.security.auth.server.SecurityIdentity)
SecurityContext(org.jboss.security.SecurityContext)
RemotingConnectionCredential(org.jboss.as.security.remoting.RemotingConnectionCredential)
Principal(java.security.Principal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
SimplePrincipal(org.jboss.security.SimplePrincipal)
IdentityCredentials(org.wildfly.security.auth.server.IdentityCredentials)
Example 2 with PasswordCredential
use of org.wildfly.security.credential.PasswordCredential in project wildfly by wildfly.
the class RealmDirectLoginModule method getUsersPassword.
/**
* @see org.jboss.security.auth.spi.UsernamePasswordLoginModule#getUsersPassword()
*/
@Override
protected String getUsersPassword() throws LoginException {
if (validationMode == ValidationMode.VALIDATION) {
return null;
}
RealmCallback rcb = new RealmCallback("Realm", securityRealm.getName());
NameCallback ncb = new NameCallback("User Name", getUsername());
String password = null;
switch(validationMode) {
case DIGEST:
CredentialCallback cc = new CredentialCallback(PasswordCredential.class, ALGORITHM_DIGEST_MD5);
handle(new Callback[] { rcb, ncb, cc });
PasswordCredential passwordCredential = (PasswordCredential) cc.getCredential();
DigestPassword digestPassword = passwordCredential.getPassword(DigestPassword.class);
password = ByteIterator.ofBytes(digestPassword.getDigest()).hexEncode().drainToString();
break;
case PASSWORD:
PasswordCallback pcb = new PasswordCallback("Password", false);
handle(new Callback[] { rcb, ncb, pcb });
password = String.valueOf(pcb.getPassword());
break;
}
return password;
}
Also used :
DigestPassword(org.wildfly.security.password.interfaces.DigestPassword)
NameCallback(javax.security.auth.callback.NameCallback)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
PasswordCallback(javax.security.auth.callback.PasswordCallback)
CredentialCallback(org.wildfly.security.auth.callback.CredentialCallback)
RealmCallback(javax.security.sasl.RealmCallback)
Example 3 with PasswordCredential
use of org.wildfly.security.credential.PasswordCredential in project wildfly by wildfly.
the class SingleSignOnSessionFactoryBuilder method getValue.
@Override
public SingleSignOnSessionFactory getValue() {
KeyStore store = this.keyStore.getValue();
String alias = this.keyAlias;
CredentialSource source = this.credentialSource.getValue();
try {
if (!store.containsAlias(alias)) {
UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias);
}
if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias);
}
PasswordCredential credential = source.getCredential(PasswordCredential.class);
if (credential == null) {
UndertowLogger.ROOT_LOGGER.missingCredential(source.toString());
}
ClearPassword password = credential.getPassword(ClearPassword.class);
if (password == null) {
UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString());
}
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword()));
KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey());
Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.getValue());
return new DefaultSingleSignOnSessionFactory(this.manager.getValue(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory())));
} catch (GeneralSecurityException | IOException e) {
throw new IllegalArgumentException(e);
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
KeyPair(java.security.KeyPair)
ValueDependency(org.wildfly.clustering.service.ValueDependency)
SSLContext(javax.net.ssl.SSLContext)
Value(org.jboss.msc.value.Value)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
OperationContext(org.jboss.as.controller.OperationContext)
DefaultSingleSignOnSessionFactory(org.wildfly.security.http.util.sso.DefaultSingleSignOnSessionFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
CredentialSourceDependency(org.jboss.as.clustering.controller.CredentialSourceDependency)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
InjectedValueDependency(org.wildfly.clustering.service.InjectedValueDependency)
ServiceTarget(org.jboss.msc.service.ServiceTarget)
UndertowLogger(org.wildfly.extension.undertow.logging.UndertowLogger)
SingleSignOnSessionFactory(org.wildfly.security.http.util.sso.SingleSignOnSessionFactory)
CommonUnaryRequirement(org.jboss.as.clustering.controller.CommonUnaryRequirement)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
ResourceServiceBuilder(org.jboss.as.clustering.controller.ResourceServiceBuilder)
Objects(java.util.Objects)
ModelNodes(org.jboss.as.clustering.dmr.ModelNodes)
ValueService(org.jboss.msc.service.ValueService)
Stream(java.util.stream.Stream)
OperationFailedException(org.jboss.as.controller.OperationFailedException)
SingleSignOnManager(org.wildfly.security.http.util.sso.SingleSignOnManager)
Optional(java.util.Optional)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
ModelNode(org.jboss.dmr.ModelNode)
Attribute(org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.Attribute)
Builder(org.wildfly.clustering.service.Builder)
KeyPair(java.security.KeyPair)
GeneralSecurityException(java.security.GeneralSecurityException)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
DefaultSingleSignOnSessionFactory(org.wildfly.security.http.util.sso.DefaultSingleSignOnSessionFactory)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Example 4 with PasswordCredential
use of org.wildfly.security.credential.PasswordCredential in project wildfly by wildfly.
the class EncryptProtocolConfigurationBuilder method accept.
@Override
public void accept(P protocol) {
KeyStore store = this.keyStore.getValue();
String alias = this.keyAlias;
try {
if (!store.containsAlias(alias)) {
throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias);
}
PasswordCredential credential = this.credentialSource.getValue().getCredential(PasswordCredential.class);
if (credential == null) {
throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
}
ClearPassword password = credential.getPassword(ClearPassword.class);
if (password == null) {
throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
}
protocol.setKeyStore(this.keyStore.getValue());
protocol.setKeyAlias(this.keyAlias);
protocol.setKeyPassword(new KeyStore.PasswordProtection(password.getPassword()));
} catch (KeyStoreException | IOException e) {
throw new IllegalArgumentException(e);
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
KeyStoreException(java.security.KeyStoreException)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
Example 5 with PasswordCredential
use of org.wildfly.security.credential.PasswordCredential in project wildfly by wildfly.
the class SubjectUtil method fromSecurityIdentity.
public static Subject fromSecurityIdentity(final SecurityIdentity securityIdentity, Subject subject) {
if (subject == null) {
subject = new Subject();
}
subject.getPrincipals().add(securityIdentity.getPrincipal());
// add the 'Roles' group to the subject containing the identity's mapped roles.
Group rolesGroup = new SimpleGroup("Roles");
for (String role : securityIdentity.getRoles()) {
rolesGroup.addMember(new NamePrincipal(role));
}
subject.getPrincipals().add(rolesGroup);
// add a 'CallerPrincipal' group containing the identity's principal.
Group callerPrincipalGroup = new SimpleGroup("CallerPrincipal");
callerPrincipalGroup.addMember(securityIdentity.getPrincipal());
subject.getPrincipals().add(callerPrincipalGroup);
// process the identity's public and private credentials.
for (Credential credential : securityIdentity.getPublicCredentials()) {
if (credential instanceof PublicKeyCredential) {
subject.getPublicCredentials().add(credential.castAs(PublicKeyCredential.class).getPublicKey());
} else if (credential instanceof X509CertificateChainPublicCredential) {
subject.getPublicCredentials().add(credential.castAs(X509CertificateChainPublicCredential.class).getCertificateChain());
} else {
subject.getPublicCredentials().add(credential);
}
}
for (Credential credential : securityIdentity.getPrivateCredentials()) {
if (credential instanceof PasswordCredential) {
addPrivateCredential(subject, credential.castAs(PasswordCredential.class).getPassword());
} else if (credential instanceof SecretKeyCredential) {
addPrivateCredential(subject, credential.castAs(SecretKeyCredential.class).getSecretKey());
} else if (credential instanceof KeyPairCredential) {
addPrivateCredential(subject, credential.castAs(KeyPairCredential.class).getKeyPair());
} else if (credential instanceof X509CertificateChainPrivateCredential) {
addPrivateCredential(subject, credential.castAs(X509CertificateChainPrivateCredential.class).getCertificateChain());
} else {
addPrivateCredential(subject, credential);
}
}
// add the identity itself as a private credential - integration code can interact with the SI instead of the Subject if desired.
addPrivateCredential(subject, securityIdentity);
return subject;
}
Also used :
Group(java.security.acl.Group)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential)
Credential(org.wildfly.security.credential.Credential)
KeyPairCredential(org.wildfly.security.credential.KeyPairCredential)
X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential)
NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential)
X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential)
Subject(javax.security.auth.Subject)
SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential)
Aggregations
PasswordCredential (org.wildfly.security.credential.PasswordCredential)5
ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)3
IOException (java.io.IOException)2
KeyStore (java.security.KeyStore)2
GeneralSecurityException (java.security.GeneralSecurityException)1
KeyPair (java.security.KeyPair)1
KeyStoreException (java.security.KeyStoreException)1
Principal (java.security.Principal)1
Group (java.security.acl.Group)1
Objects (java.util.Objects)1
Optional (java.util.Optional)1
Stream (java.util.stream.Stream)1
SSLContext (javax.net.ssl.SSLContext)1
Subject (javax.security.auth.Subject)1
NameCallback (javax.security.auth.callback.NameCallback)1
PasswordCallback (javax.security.auth.callback.PasswordCallback)1
RealmCallback (javax.security.sasl.RealmCallback)1
CommonUnaryRequirement (org.jboss.as.clustering.controller.CommonUnaryRequirement)1
CredentialSourceDependency (org.jboss.as.clustering.controller.CredentialSourceDependency)1
ResourceServiceBuilder (org.jboss.as.clustering.controller.ResourceServiceBuilder)1
