use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class VaultCredentialStore method initialize.
public void initialize(final Map<String, String> attributes, final CredentialStore.ProtectionParameter protectionParameter, Provider[] providers) throws CredentialStoreException {
if (!(protectionParameter instanceof CredentialStore.CredentialSourceProtectionParameter)) {
throw log.invalidProtectionParameter(protectionParameter);
}
final CredentialSource credentialSource = ((CredentialStore.CredentialSourceProtectionParameter) protectionParameter).getCredentialSource();
final SecretKey secretKey;
try {
secretKey = credentialSource.applyToCredential(SecretKeyCredential.class, "AES", SecretKeyCredential::getSecretKey);
} catch (IOException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (secretKey == null) {
throw log.cannotAcquireCredentialFromStore(null);
}
validateAttribute(attributes, validAttribtues);
final String location = attributes.get(LOCATION);
if (location != null) {
final File locationFile = new File(location, "VAULT.dat");
if (locationFile.exists()) {
// try and load it
SecurityVaultData data;
try (final FileInputStream is = new FileInputStream(locationFile)) {
try (final VaultObjectInputStream ois = new VaultObjectInputStream(is)) {
data = (SecurityVaultData) ois.readObject();
}
} catch (ClassNotFoundException | IOException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (data != null) {
synchronized (this.data) {
this.data.clear();
this.data.putAll(data.getVaultData());
}
}
this.location = locationFile;
this.modifiable = locationFile.canWrite();
}
}
this.adminKey = secretKey;
}
use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class ElytronFilePasswordProvider method getPassword.
@Override
public String getPassword(SessionContext session, NamedResource resourceKey, int retryIndex) throws IOException {
char[] password = null;
if (credentialSourceSupplier != null) {
CredentialSource credentialSource = null;
try {
credentialSource = credentialSourceSupplier.get();
} catch (XMLStreamException e) {
throw log.xmlFailedToCreateCredential(e);
}
password = credentialSource.applyToCredential(PasswordCredential.class, c -> c.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword));
} else if (credential != null) {
password = credential.castAndApply(PasswordCredential.class, c -> c.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword));
}
if (password == null) {
throw log.xmlFailedToCreateCredential(new NullPointerException());
}
return new String(password);
}
use of org.wildfly.security.credential.source.CredentialSource in project infinispan by infinispan.
the class ServerSecurityRealm method applyServerCredentials.
public void applyServerCredentials(MechanismConfiguration.Builder mechConfigurationBuilder, String serverPrincipal) {
if (serverPrincipal != null) {
CredentialSource credentialSource = serverIdentities.getCredentialSource(serverPrincipal);
mechConfigurationBuilder.setServerCredentialSource(credentialSource);
}
}
use of org.wildfly.security.credential.source.CredentialSource in project wildfly by wildfly.
the class AbstractDataSourceAdd method secondRuntimeStep.
static void secondRuntimeStep(OperationContext context, ModelNode operation, ManagementResourceRegistration datasourceRegistration, ModelNode model, boolean isXa) throws OperationFailedException {
final ServiceTarget serviceTarget = context.getServiceTarget();
final ModelNode address = operation.require(OP_ADDR);
final String dsName = PathAddress.pathAddress(address).getLastElement().getValue();
final String jndiName = JNDI_NAME.resolveModelAttribute(context, model).asString();
final ServiceRegistry registry = context.getServiceRegistry(true);
final List<ServiceName> serviceNames = registry.getServiceNames();
final boolean elytronEnabled = ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean();
final ServiceName dataSourceServiceName = context.getCapabilityServiceName(Capabilities.DATA_SOURCE_CAPABILITY_NAME, dsName, DataSource.class);
final ServiceController<?> dataSourceController = registry.getService(dataSourceServiceName);
final ExceptionSupplier<CredentialSource, Exception> credentialSourceExceptionExceptionSupplier = dataSourceController.getService() instanceof AbstractDataSourceService ? ((AbstractDataSourceService) dataSourceController.getService()).getCredentialSourceSupplierInjector().getOptionalValue() : null;
final ExceptionSupplier<CredentialSource, Exception> recoveryCredentialSourceExceptionExceptionSupplier = dataSourceController.getService() instanceof AbstractDataSourceService ? ((AbstractDataSourceService) dataSourceController.getService()).getRecoveryCredentialSourceSupplierInjector().getOptionalValue() : null;
final boolean jta;
if (isXa) {
jta = true;
final ModifiableXaDataSource dataSourceConfig;
try {
dataSourceConfig = xaFrom(context, model, dsName, credentialSourceExceptionExceptionSupplier, recoveryCredentialSourceExceptionExceptionSupplier);
} catch (ValidateException e) {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.failedToCreate("XaDataSource", operation, e.getLocalizedMessage()));
}
final ServiceName xaDataSourceConfigServiceName = XADataSourceConfigService.SERVICE_NAME_BASE.append(dsName);
final XADataSourceConfigService xaDataSourceConfigService = new XADataSourceConfigService(dataSourceConfig);
final ServiceBuilder<?> builder = serviceTarget.addService(xaDataSourceConfigServiceName, xaDataSourceConfigService);
// add dependency on security domain service if applicable
final DsSecurity dsSecurityConfig = dataSourceConfig.getSecurity();
if (dsSecurityConfig != null) {
final String securityDomainName = dsSecurityConfig.getSecurityDomain();
if (!elytronEnabled && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
// add dependency on security domain service if applicable for recovery config
if (dataSourceConfig.getRecovery() != null) {
final Credential credential = dataSourceConfig.getRecovery().getCredential();
if (credential != null) {
final String securityDomainName = credential.getSecurityDomain();
if (!RECOVERY_ELYTRON_ENABLED.resolveModelAttribute(context, model).asBoolean() && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
}
int propertiesCount = 0;
for (ServiceName name : serviceNames) {
if (xaDataSourceConfigServiceName.append("xa-datasource-properties").isParentOf(name)) {
final ServiceController<?> xaConfigPropertyController = registry.getService(name);
XaDataSourcePropertiesService xaPropService = (XaDataSourcePropertiesService) xaConfigPropertyController.getService();
if (!ServiceController.State.UP.equals(xaConfigPropertyController.getState())) {
propertiesCount++;
xaConfigPropertyController.setMode(ServiceController.Mode.ACTIVE);
builder.addDependency(name, String.class, xaDataSourceConfigService.getXaDataSourcePropertyInjector(xaPropService.getName()));
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source.xa-config-property", name));
}
}
}
if (propertiesCount == 0) {
throw ConnectorLogger.ROOT_LOGGER.xaDataSourcePropertiesNotPresent();
}
builder.install();
} else {
final ModifiableDataSource dataSourceConfig;
try {
dataSourceConfig = from(context, model, dsName, credentialSourceExceptionExceptionSupplier);
} catch (ValidateException e) {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.failedToCreate("DataSource", operation, e.getLocalizedMessage()));
}
jta = dataSourceConfig.isJTA();
final ServiceName dataSourceCongServiceName = DataSourceConfigService.SERVICE_NAME_BASE.append(dsName);
final DataSourceConfigService configService = new DataSourceConfigService(dataSourceConfig);
final ServiceBuilder<?> builder = serviceTarget.addService(dataSourceCongServiceName, configService);
// add dependency on security domain service if applicable
final DsSecurity dsSecurityConfig = dataSourceConfig.getSecurity();
if (dsSecurityConfig != null) {
final String securityDomainName = dsSecurityConfig.getSecurityDomain();
if (!elytronEnabled && securityDomainName != null) {
builder.requires(SECURITY_DOMAIN_SERVICE.append(securityDomainName));
}
}
for (ServiceName name : serviceNames) {
if (dataSourceCongServiceName.append("connection-properties").isParentOf(name)) {
final ServiceController<?> connPropServiceController = registry.getService(name);
ConnectionPropertiesService connPropService = (ConnectionPropertiesService) connPropServiceController.getService();
if (!ServiceController.State.UP.equals(connPropServiceController.getState())) {
connPropServiceController.setMode(ServiceController.Mode.ACTIVE);
builder.addDependency(name, String.class, configService.getConnectionPropertyInjector(connPropService.getName()));
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source.connectionProperty", name));
}
}
}
builder.install();
}
final ServiceName dataSourceServiceNameAlias = AbstractDataSourceService.SERVICE_NAME_BASE.append(jndiName).append(Constants.STATISTICS);
if (dataSourceController != null) {
if (!ServiceController.State.UP.equals(dataSourceController.getState())) {
final boolean statsEnabled = STATISTICS_ENABLED.resolveModelAttribute(context, model).asBoolean();
DataSourceStatisticsService statsService = new DataSourceStatisticsService(datasourceRegistration, statsEnabled);
final ServiceBuilder statsServiceSB = serviceTarget.addService(dataSourceServiceName.append(Constants.STATISTICS), statsService);
statsServiceSB.addAliases(dataSourceServiceNameAlias);
statsServiceSB.requires(dataSourceServiceName);
statsServiceSB.addDependency(CommonDeploymentService.getServiceName(ContextNames.bindInfoFor(jndiName)), CommonDeployment.class, statsService.getCommonDeploymentInjector());
statsServiceSB.setInitialMode(ServiceController.Mode.PASSIVE);
statsServiceSB.install();
dataSourceController.setMode(ServiceController.Mode.ACTIVE);
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceAlreadyStarted("Data-source", dsName));
}
} else {
throw new OperationFailedException(ConnectorLogger.ROOT_LOGGER.serviceNotAvailable("Data-source", dsName));
}
final DataSourceReferenceFactoryService referenceFactoryService = new DataSourceReferenceFactoryService();
final ServiceName referenceFactoryServiceName = DataSourceReferenceFactoryService.SERVICE_NAME_BASE.append(dsName);
final ServiceBuilder<?> referenceBuilder = serviceTarget.addService(referenceFactoryServiceName, referenceFactoryService).addDependency(dataSourceServiceName, DataSource.class, referenceFactoryService.getDataSourceInjector());
referenceBuilder.install();
final ContextNames.BindInfo bindInfo = ContextNames.bindInfoFor(jndiName);
final BinderService binderService = new BinderService(bindInfo.getBindName());
final ServiceBuilder<?> binderBuilder = serviceTarget.addService(bindInfo.getBinderServiceName(), binderService).addDependency(referenceFactoryServiceName, ManagedReferenceFactory.class, binderService.getManagedObjectInjector()).addDependency(bindInfo.getParentContextServiceName(), ServiceBasedNamingStore.class, binderService.getNamingStoreInjector()).addListener(new LifecycleListener() {
private volatile boolean bound;
public void handleEvent(final ServiceController<? extends Object> controller, final LifecycleEvent event) {
switch(event) {
case UP:
{
if (jta) {
SUBSYSTEM_DATASOURCES_LOGGER.boundDataSource(jndiName);
} else {
SUBSYSTEM_DATASOURCES_LOGGER.boundNonJTADataSource(jndiName);
}
bound = true;
break;
}
case DOWN:
{
if (bound) {
if (jta) {
SUBSYSTEM_DATASOURCES_LOGGER.unboundDataSource(jndiName);
} else {
SUBSYSTEM_DATASOURCES_LOGGER.unBoundNonJTADataSource(jndiName);
}
}
break;
}
case REMOVED:
{
SUBSYSTEM_DATASOURCES_LOGGER.debugf("Removed JDBC Data-source [%s]", jndiName);
break;
}
}
}
});
binderBuilder.setInitialMode(ServiceController.Mode.ACTIVE);
binderBuilder.install();
}
use of org.wildfly.security.credential.source.CredentialSource in project wildfly by wildfly.
the class SingleSignOnSessionFactoryServiceConfigurator method get.
@Override
public SingleSignOnSessionFactory get() {
KeyStore store = this.keyStore.get();
String alias = this.keyAlias;
CredentialSource source = this.credentialSource.get();
try {
if (!store.containsAlias(alias)) {
throw UndertowLogger.ROOT_LOGGER.missingKeyStoreEntry(alias);
}
if (!store.entryInstanceOf(alias, KeyStore.PrivateKeyEntry.class)) {
throw UndertowLogger.ROOT_LOGGER.keyStoreEntryNotPrivate(alias);
}
PasswordCredential credential = source.getCredential(PasswordCredential.class);
if (credential == null) {
throw UndertowLogger.ROOT_LOGGER.missingCredential(source.toString());
}
ClearPassword password = credential.getPassword(ClearPassword.class);
if (password == null) {
throw UndertowLogger.ROOT_LOGGER.credentialNotClearPassword(credential.toString());
}
KeyStore.PrivateKeyEntry entry = (KeyStore.PrivateKeyEntry) store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword()));
KeyPair keyPair = new KeyPair(entry.getCertificate().getPublicKey(), entry.getPrivateKey());
Optional<SSLContext> context = Optional.ofNullable(this.sslContext).map(dependency -> dependency.get());
return new DefaultSingleSignOnSessionFactory(this.manager.get(), keyPair, connection -> context.ifPresent(ctx -> connection.setSSLSocketFactory(ctx.getSocketFactory())));
} catch (GeneralSecurityException | IOException e) {
throw new IllegalArgumentException(e);
}
}
Aggregations