Example 6 with CredentialSource
use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class VaultCredentialStore method initialize.
public void initialize(final Map<String, String> attributes, final CredentialStore.ProtectionParameter protectionParameter, Provider[] providers) throws CredentialStoreException {
if (!(protectionParameter instanceof CredentialStore.CredentialSourceProtectionParameter)) {
throw log.invalidProtectionParameter(protectionParameter);
}
final CredentialSource credentialSource = ((CredentialStore.CredentialSourceProtectionParameter) protectionParameter).getCredentialSource();
final SecretKey secretKey;
try {
secretKey = credentialSource.applyToCredential(SecretKeyCredential.class, "AES", SecretKeyCredential::getSecretKey);
} catch (IOException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (secretKey == null) {
throw log.cannotAcquireCredentialFromStore(null);
}
validateAttribute(attributes, validAttribtues);
final String location = attributes.get(LOCATION);
if (location != null) {
final File locationFile = new File(location, "VAULT.dat");
if (locationFile.exists()) {
// try and load it
SecurityVaultData data;
try (final FileInputStream is = new FileInputStream(locationFile)) {
try (final VaultObjectInputStream ois = new VaultObjectInputStream(is)) {
data = (SecurityVaultData) ois.readObject();
}
} catch (ClassNotFoundException | IOException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (data != null) {
synchronized (this.data) {
this.data.clear();
this.data.putAll(data.getVaultData());
}
}
this.location = locationFile;
this.modifiable = locationFile.canWrite();
}
}
this.adminKey = secretKey;
}
Also used :
SecretKey(javax.crypto.SecretKey)
IOException(java.io.IOException)
File(java.io.File)
FileInputStream(java.io.FileInputStream)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential)
Example 7 with CredentialSource
use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class ElytronFilePasswordProvider method getPassword.
@Override
public String getPassword(SessionContext session, NamedResource resourceKey, int retryIndex) throws IOException {
char[] password = null;
if (credentialSourceSupplier != null) {
CredentialSource credentialSource = null;
try {
credentialSource = credentialSourceSupplier.get();
} catch (XMLStreamException e) {
throw log.xmlFailedToCreateCredential(e);
}
password = credentialSource.applyToCredential(PasswordCredential.class, c -> c.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword));
} else if (credential != null) {
password = credential.castAndApply(PasswordCredential.class, c -> c.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword));
}
if (password == null) {
throw log.xmlFailedToCreateCredential(new NullPointerException());
}
return new String(password);
}
Also used :
NamedResource(org.apache.sshd.common.NamedResource)
XMLStreamException(javax.xml.stream.XMLStreamException)
FilePasswordProvider(org.apache.sshd.common.config.keys.FilePasswordProvider)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
IOException(java.io.IOException)
SessionContext(org.apache.sshd.common.session.SessionContext)
Credential(org.wildfly.security.credential.Credential)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
ElytronMessages.log(org.wildfly.security.auth.util.ElytronMessages.log)
ExceptionSupplier(org.wildfly.common.function.ExceptionSupplier)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
XMLStreamException(javax.xml.stream.XMLStreamException)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Example 8 with CredentialSource
use of org.wildfly.security.credential.source.CredentialSource in project infinispan by infinispan.
the class ServerSecurityRealm method applyServerCredentials.
public void applyServerCredentials(MechanismConfiguration.Builder mechConfigurationBuilder, String serverPrincipal) {
if (serverPrincipal != null) {
CredentialSource credentialSource = serverIdentities.getCredentialSource(serverPrincipal);
mechConfigurationBuilder.setServerCredentialSource(credentialSource);
}
}
Also used :
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Example 9 with CredentialSource
use of org.wildfly.security.credential.source.CredentialSource in project wildfly by wildfly.
the class AbstractDataSourceAdd method secondRuntimeStep.
static void secondRuntimeStep(OperationContext context, ModelNode operation, ManagementResourceRegistration datasourceRegistration, ModelNode model, boolean isXa) throws OperationFailedException {
final ServiceTarget serviceTarget = context.getServiceTarget();
final ModelNode address = operation.require(OP_ADDR);
final String dsName = PathAddress.pathAddress(address).getLastElement().getValue();
final String jndiName = JNDI_NAME.resolveModelAttribute(context, model).asString();
final ServiceRegistry registry = context.getServiceRegistry(true);
final List<ServiceName> serviceNames = registry.getServiceNames();
final boolean elytronEnabled = ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean();
final ServiceName dataSourceServiceName = context.getCapabilityServiceName(Capabilities.DATA_SOURCE_CAPABILITY_NAME, dsName, DataSource.class);
final ServiceController<?> dataSourceController = registry.getService(dataSourceServiceName);
final ExceptionSupplier<CredentialSource, Exception> credentialSourceExceptionExceptionSupplier = dataSourceController.getService() instanceof AbstractDataSourceService ? ((AbstractDataSourceService) dataSourceController.getService()).getCredentialSourceSupplierInjector().getOptionalValue() : null;
final ExceptionSupplier<CredentialSource, Exception> recoveryCredentialSourceExceptionExceptionSupplier = dataSourceController.getService() instanceof AbstractDataSourceService ? ((AbstractDataSourceService) dataSourceController.getService()).getRecoveryCredentialSourceSupplierInjector().getOptionalValue() : null;
final boolean jta;
if (isXa) {
jta = true;
final ModifiableXaDataSource dataSourceConfig;
try {
dataSourceConfig = xaFrom(context, model, dsName, credentialSourceExceptionExceptionSupplier, recoveryCredentialSourceExceptionExceptionSupplier);
} catch (ValidateException e) {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.failedToCreate("XaDataSource", operation, e.getLocalizedMessage()));
}
final ServiceName xaDataSourceConfigServiceName = XADataSourceConfigService.SERVICE_NAME_BASE.append(dsName);
final XADataSourceConfigService xaDataSourceConfigService = new XADataSourceConfigService(dataSourceConfig);
final ServiceBuilder<?> builder = serviceTarget.addService(xaDataSourceConfigServiceName, xaDataSourceConfigService);
// add dependency on security domain service if applicable
final DsSecurity dsSecurityConfig = dataSourceConfig.getSecurity();
if (dsSecurityConfig != null) {
final String securityDomainName = dsSecurityConfig.getSecurityDomain();
if (!elytronEnabled && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
// add dependency on security domain service if applicable for recovery config
if (dataSourceConfig.getRecovery() != null) {
final Credential credential = dataSourceConfig.getRecovery().getCredential();
if (credential != null) {
final String securityDomainName = credential.getSecurityDomain();
if (!RECOVERY_ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean() && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
}
int propertiesCount = 0;
for (ServiceName name : serviceNames) {
if (xaDataSourceConfigServiceName.append("xa-datasource-properties").isParentOf(name)) {
final ServiceController<?> xaConfigPropertyController = registry.getService(name);
XaDataSourcePropertiesService xaPropService = (XaDataSourcePropertiesService) xaConfigPropertyController.getService();
if (!ServiceController.State.UP.equals(xaConfigPropertyController.getState())) {
propertiesCount++;
xaConfigPropertyController.setMode(ServiceController.Mode.ACTIVE);
builder.addDependency(name, String.class, xaDataSourceConfigService.getXaDataSourcePropertyInjector(xaPropService.getName()));
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source.xa-config-property", name));
}
}
}
if (propertiesCount == 0) {
throw ConnectorLogger.ROOT_LOGGER.xaDataSourcePropertiesNotPresent();
}
builder.install();
} else {
final ModifiableDataSource dataSourceConfig;
try {
dataSourceConfig = from(context, model, dsName, credentialSourceExceptionExceptionSupplier);
} catch (ValidateException e) {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.failedToCreate("DataSource", operation, e.getLocalizedMessage()));
}
jta = dataSourceConfig.isJTA();
final ServiceName dataSourceCongServiceName = DataSourceConfigService.SERVICE_NAME_BASE.append(dsName);
final DataSourceConfigService configService = new DataSourceConfigService(dataSourceConfig);
final ServiceBuilder<?> builder = serviceTarget.addService(dataSourceCongServiceName, configService);
// add dependency on security domain service if applicable
final DsSecurity dsSecurityConfig = dataSourceConfig.getSecurity();
if (dsSecurityConfig != null) {
final String securityDomainName = dsSecurityConfig.getSecurityDomain();
if (!elytronEnabled && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
for (ServiceName name : serviceNames) {
if (dataSourceCongServiceName.append("connection-properties").isParentOf(name)) {
final ServiceController<?> connPropServiceController = registry.getService(name);
ConnectionPropertiesService connPropService = (ConnectionPropertiesService) connPropServiceController.getService();
if (!ServiceController.State.UP.equals(connPropServiceController.getState())) {
connPropServiceController.setMode(ServiceController.Mode.ACTIVE);
builder.addDependency(name, String.class, configService.getConnectionPropertyInjector(connPropService.getName()));
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source.connectionProperty", name));
}
}
}
builder.install();
}
final ServiceName dataSourceServiceNameAlias = AbstractDataSourceService.SERVICE_NAME_BASE.append(jndiName).append(Constants.STATISTICS);
if (dataSourceController != null) {
if (!ServiceController.State.UP.equals(dataSourceController.getState())) {
final boolean statsEnabled = STATISTICS_ENABLED.resolveModelAttribute(context, model).asBoolean();
DataSourceStatisticsService statsService = new DataSourceStatisticsService(datasourceRegistration, statsEnabled);
final ServiceBuilder statsServiceSB = serviceTarget.addService(dataSourceServiceName.append(Constants.STATISTICS), statsService);
statsServiceSB.addAliases(dataSourceServiceNameAlias);
statsServiceSB.requires(dataSourceServiceName);
statsServiceSB.addDependency(CommonDeploymentService.getServiceName(ContextNames.bindInfoFor(jndiName)), CommonDeployment.class, statsService.getCommonDeploymentInjector());
statsServiceSB.setInitialMode(ServiceController.Mode.PASSIVE);
statsServiceSB.install();
dataSourceController.setMode(ServiceController.Mode.ACTIVE);
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source", dsName));
}
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceNotAvailable("Data-source", dsName));
}
final DataSourceReferenceFactoryService referenceFactoryService = new DataSourceReferenceFactoryService();
final ServiceName referenceFactoryServiceName = DataSourceReferenceFactoryService.SERVICE_NAME_BASE.append(dsName);
final ServiceBuilder<?> referenceBuilder = serviceTarget.addService(referenceFactoryServiceName, referenceFactoryService).addDependency(dataSourceServiceName, DataSource.class, referenceFactoryService.getDataSourceInjector());
referenceBuilder.install();
final ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(jndiName);
final BinderService binderService = new BinderService(bindInfo.getBindName());
final ServiceBuilder<?> binderBuilder = serviceTarget.addService(bindInfo.getBinderServiceName(), binderService).addDependency(referenceFactoryServiceName, ManagedReferenceFactory.class, binderService.getManagedObjectInjector()).addDependency(bindInfo.getParentContextServiceName(), ServiceBasedNamingStore.class, binderService.getNamingStoreInjector()).addListener(new LifecycleListener() {
private volatile boolean bound;
public void handleEvent(final ServiceController<? extends Object> controller, final LifecycleEvent event) {
switch(event) {
case UP:
{
if (jta) {
SUBSYSTEM_DATASOURCES_LOGGER.boundDataSource(jndiName);
} else {
SUBSYSTEM_DATASOURCES_LOGGER.boundNonJTADataSource(jndiName);
}
bound = true;
break;
}
case DOWN:
{
if (bound) {
if (jta) {
SUBSYSTEM_DATASOURCES_LOGGER.unboundDataSource(jndiName);
} else {
SUBSYSTEM_DATASOURCES_LOGGER.unBoundNonJTADataSource(jndiName);
}
}
break;
}
case REMOVED:
{
SUBSYSTEM_DATASOURCES_LOGGER.debugf("Removed JDBC Data-source [%s]", jndiName);
break;
}
}
}
});
binderBuilder.setInitialMode(ServiceController.Mode.ACTIVE);
binderBuilder.install();
}
Also used :
ValidateException(org.jboss.jca.common.api.validator.ValidateException)
DataSourceStatisticsService(org.jboss.as.connector.services.datasources.statistics.DataSourceStatisticsService)
LifecycleListener(org.jboss.msc.service.LifecycleListener)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
BinderService(org.jboss.as.naming.service.BinderService)
LifecycleEvent(org.jboss.msc.service.LifecycleEvent)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
ContextNames(org.jboss.as.naming.deployment.ContextNames)
Credential(org.jboss.jca.common.api.metadata.common.Credential)
DsSecurity(org.jboss.jca.common.api.metadata.ds.DsSecurity)
ServiceTarget(org.jboss.msc.service.ServiceTarget)
OperationFailedException(org.jboss.as.controller.OperationFailedException)
OperationFailedException(org.jboss.as.controller.OperationFailedException)
ValidateException(org.jboss.jca.common.api.validator.ValidateException)
ServiceName(org.jboss.msc.service.ServiceName)
ServiceBasedNamingStore(org.jboss.as.naming.ServiceBasedNamingStore)
ServiceRegistry(org.jboss.msc.service.ServiceRegistry)
ModelNode(org.jboss.dmr.ModelNode)
Example 10 with CredentialSource
use of org.wildfly.security.credential.source.CredentialSource in project wildfly by wildfly.
the class SingleSignOnSessionFactoryServiceConfigurator method get.
@Override
public SingleSignOnSessionFactory get() {
KeyStore store = this.keyStore.get();
String alias = this.keyAlias;
CredentialSource source = this.credentialSource.get();
try {
if (!store.containsAlias(alias)) {
throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias);
}
if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias);
}
PasswordCredential credential = source.getCredential(PasswordCredential.class);
if (credential == null) {
throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString());
}
ClearPassword password = credential.getPassword(ClearPassword.class);
if (password == null) {
throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString());
}
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword()));
KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey());
Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get());
return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory())));
} catch (GeneralSecurityException | IOException e) {
throw new IllegalArgumentException(e);
}
}
Also used :
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
KEY_ALIAS(org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.Attribute.KEY_ALIAS)
KeyPair(java.security.KeyPair)
SSLContext(javax.net.ssl.SSLContext)
FunctionalService(org.wildfly.clustering.service.FunctionalService)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Function(java.util.function.Function)
Supplier(java.util.function.Supplier)
CREDENTIAL(org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.Attribute.CREDENTIAL)
OperationContext(org.jboss.as.controller.OperationContext)
CompositeDependency(org.wildfly.clustering.service.CompositeDependency)
DefaultSingleSignOnSessionFactory(org.wildfly.security.http.util.sso.DefaultSingleSignOnSessionFactory)
GeneralSecurityException(java.security.GeneralSecurityException)
CredentialSourceDependency(org.jboss.as.clustering.controller.CredentialSourceDependency)
ServiceConfigurator(org.wildfly.clustering.service.ServiceConfigurator)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
ServiceTarget(org.jboss.msc.service.ServiceTarget)
SupplierDependency(org.wildfly.clustering.service.SupplierDependency)
UndertowLogger(org.wildfly.extension.undertow.logging.UndertowLogger)
SingleSignOnSessionFactory(org.wildfly.security.http.util.sso.SingleSignOnSessionFactory)
CommonUnaryRequirement(org.jboss.as.clustering.controller.CommonUnaryRequirement)
ServiceBuilder(org.jboss.msc.service.ServiceBuilder)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
Service(org.jboss.msc.Service)
SSL_CONTEXT(org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.Attribute.SSL_CONTEXT)
ServiceSupplierDependency(org.wildfly.clustering.service.ServiceSupplierDependency)
KEY_STORE(org.wildfly.extension.undertow.ApplicationSecurityDomainSingleSignOnDefinition.Attribute.KEY_STORE)
Consumer(java.util.function.Consumer)
ResourceServiceConfigurator(org.jboss.as.clustering.controller.ResourceServiceConfigurator)
OperationFailedException(org.jboss.as.controller.OperationFailedException)
SingleSignOnManager(org.wildfly.security.http.util.sso.SingleSignOnManager)
Optional(java.util.Optional)
ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)
ModelNode(org.jboss.dmr.ModelNode)
KeyPair(java.security.KeyPair)
GeneralSecurityException(java.security.GeneralSecurityException)
PasswordCredential(org.wildfly.security.credential.PasswordCredential)
SSLContext(javax.net.ssl.SSLContext)
IOException(java.io.IOException)
KeyStore(java.security.KeyStore)
DefaultSingleSignOnSessionFactory(org.wildfly.security.http.util.sso.DefaultSingleSignOnSessionFactory)
CredentialSource(org.wildfly.security.credential.source.CredentialSource)
Aggregations
CredentialSource (org.wildfly.security.credential.source.CredentialSource)32
PasswordCredential (org.wildfly.security.credential.PasswordCredential)21
ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)17
IOException (java.io.IOException)14
Provider (java.security.Provider)9
Credential (org.wildfly.security.credential.Credential)9
HashMap (java.util.HashMap)8
OperationFailedException (org.jboss.as.controller.OperationFailedException)8
ExceptionSupplier (org.wildfly.common.function.ExceptionSupplier)8
CredentialStoreCredentialSource (org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource)8
KeyStoreCredentialSource (org.wildfly.security.credential.source.impl.KeyStoreCredentialSource)8
LocalKerberosCredentialSource (org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource)8
Password (org.wildfly.security.password.Password)8
ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)8
GeneralSecurityException (java.security.GeneralSecurityException)7
KeyStore (java.security.KeyStore)7
Supplier (java.util.function.Supplier)6
ConfigXMLParseException (org.wildfly.client.config.ConfigXMLParseException)6
XMLLocation (org.wildfly.client.config.XMLLocation)6
OAuth2CredentialSource (org.wildfly.security.credential.source.OAuth2CredentialSource)6
