use of org.wildfly.security.credential.source.CredentialSource in project fuse-karaf by jboss-fuse.
the class ProtectionTypeTest method shouldCreateMaskedPasswordCredentialSourceFromConfiguration.
@Test
public void shouldCreateMaskedPasswordCredentialSourceFromConfiguration() throws IOException, GeneralSecurityException {
final Map<String, String> configuration = new HashMap<>();
configuration.put("CREDENTIAL_STORE_PROTECTION_ALGORITHM", MaskedPassword.ALGORITHM_MASKED_MD5_DES);
configuration.put("CREDENTIAL_STORE_PROTECTION_PARAMS", "MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIHmrp8uDnGLE=");
configuration.put("CREDENTIAL_STORE_PROTECTION", "mC/60tWnla4bmFn2e5Z8U3CZnjsG9Pvc");
final CredentialSource credentialSource = ProtectionType.masked.createCredentialSource(configuration);
assertThat(credentialSource).isNotNull();
final PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
final Password password = credential.getPassword();
final PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, new WildFlyElytronProvider());
final ClearPasswordSpec clearPasswordSpec = clearPasswordFactory.getKeySpec(password, ClearPasswordSpec.class);
assertThat(new String(clearPasswordSpec.getEncodedPassword())).isEqualTo("my deep dark secret");
}
use of org.wildfly.security.credential.source.CredentialSource in project fuse-karaf by jboss-fuse.
the class ActivatorTest method initializeCredentialStore.
@Before
public void initializeCredentialStore() throws Exception {
activator.start(null);
final WildFlyElytronProvider elytron = new WildFlyElytronProvider();
Security.addProvider(elytron);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, elytron);
final Password password = passwordFactory.generatePassword(new ClearPasswordSpec("it was the best of times it was the worst of times".toCharArray()));
final Credential credential = new PasswordCredential(password);
final CredentialSource credentialSource = IdentityCredentials.NONE.withCredential(credential);
credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, elytron);
final String storePath = new File(tmp.getRoot(), "credential.store").getAbsolutePath();
final Map<String, String> parameters = new HashMap<>();
parameters.put("location", storePath);
parameters.put("keyStoreType", "JCEKS");
credentialStore.initialize(parameters, new CredentialStore.CredentialSourceProtectionParameter(credentialSource));
final Password secret = passwordFactory.generatePassword(new ClearPasswordSpec("this is a password".toCharArray()));
final Credential value = new PasswordCredential(secret);
credentialStore.store("alias", value);
credentialStore.flush();
}
use of org.wildfly.security.credential.source.CredentialSource in project keycloak by keycloak.
the class ElytronCSKeyStoreProviderFactory method getCredentialSource.
/**
* Obtains the {@code CredentialSource} to be used as a protection parameter when initializing the Elytron credential
* store. The source is essentially a wrapper for the credential store secret. The credential store secret can be specified
* in clear text form or in masked form. Check the Elytron tool documentation for instruction on how to mask the credential
* store secret.
* <p/>
* <b>Note: </b>This logic should ideally be provided directly by Elytron but is currently missing.
*
* @param secret the secret obtained from the {@link ElytronCSKeyStoreProviderFactory} configuration.
* @return the constructed {@code CredentialSource}.
*/
protected CredentialSource getCredentialSource(final String secret) {
if (secret != null && secret.startsWith("MASK-")) {
return new CredentialSource() {
@Override
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
return credentialType == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
}
@Override
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
// strip "MASK-" and split by ';'
String[] part = secret.substring(5).split(";");
if (part.length != 3) {
throw new IOException("Masked password command has the wrong format.%nUsage: MASK-<encoded secret>;<salt>;<iteration count> " + "where <salt>=UTF-8 characters, <iteration count>=reasonable sized positive integer");
}
String salt = part[1];
final int iterationCount;
try {
iterationCount = Integer.parseInt(part[2]);
} catch (NumberFormatException e) {
throw new IOException("Masked password command has the wrong format.%nUsage: MASK-<encoded secret>;<salt>;<iteration count> " + "where <salt>=UTF-8 characters, <iteration count>=reasonable sized positive integer");
}
try {
PasswordBasedEncryptionUtil decryptUtil = new PasswordBasedEncryptionUtil.Builder().picketBoxCompatibility().salt(salt).iteration(iterationCount).decryptMode().build();
return credentialType.cast(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, decryptUtil.decodeAndDecrypt(part[0]))));
} catch (GeneralSecurityException e) {
throw new IOException(e);
}
}
};
} else {
return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, secret.toCharArray())));
}
}
Aggregations