Search in sources :

Example 11 with CredentialSource

use of org.wildfly.security.credential.source.CredentialSource in project fuse-karaf by jboss-fuse.

the class ProtectionTypeTest method shouldCreateMaskedPasswordCredentialSourceFromConfiguration.

@Test
public void shouldCreateMaskedPasswordCredentialSourceFromConfiguration() throws IOException, GeneralSecurityException {
    final Map<String, String> configuration = new HashMap<>();
    configuration.put("CREDENTIAL_STORE_PROTECTION_ALGORITHM", MaskedPassword.ALGORITHM_MASKED_MD5_DES);
    configuration.put("CREDENTIAL_STORE_PROTECTION_PARAMS", "MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIHmrp8uDnGLE=");
    configuration.put("CREDENTIAL_STORE_PROTECTION", "mC/60tWnla4bmFn2e5Z8U3CZnjsG9Pvc");
    final CredentialSource credentialSource = ProtectionType.masked.createCredentialSource(configuration);
    assertThat(credentialSource).isNotNull();
    final PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
    final Password password = credential.getPassword();
    final PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, new WildFlyElytronProvider());
    final ClearPasswordSpec clearPasswordSpec = clearPasswordFactory.getKeySpec(password, ClearPasswordSpec.class);
    assertThat(new String(clearPasswordSpec.getEncodedPassword())).isEqualTo("my deep dark secret");
}
Also used : PasswordFactory(org.wildfly.security.password.PasswordFactory) HashMap(java.util.HashMap) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) CredentialSource(org.wildfly.security.credential.source.CredentialSource) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) Test(org.junit.Test)

Example 12 with CredentialSource

use of org.wildfly.security.credential.source.CredentialSource in project fuse-karaf by jboss-fuse.

the class ActivatorTest method initializeCredentialStore.

@Before
public void initializeCredentialStore() throws Exception {
    activator.start(null);
    final WildFlyElytronProvider elytron = new WildFlyElytronProvider();
    Security.addProvider(elytron);
    final PasswordFactory passwordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, elytron);
    final Password password = passwordFactory.generatePassword(new ClearPasswordSpec("it was the best of times it was the worst of times".toCharArray()));
    final Credential credential = new PasswordCredential(password);
    final CredentialSource credentialSource = IdentityCredentials.NONE.withCredential(credential);
    credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, elytron);
    final String storePath = new File(tmp.getRoot(), "credential.store").getAbsolutePath();
    final Map<String, String> parameters = new HashMap<>();
    parameters.put("location", storePath);
    parameters.put("keyStoreType", "JCEKS");
    credentialStore.initialize(parameters, new CredentialStore.CredentialSourceProtectionParameter(credentialSource));
    final Password secret = passwordFactory.generatePassword(new ClearPasswordSpec("this is a password".toCharArray()));
    final Credential value = new PasswordCredential(secret);
    credentialStore.store("alias", value);
    credentialStore.flush();
}
Also used : PasswordCredential(org.wildfly.security.credential.PasswordCredential) Credential(org.wildfly.security.credential.Credential) HashMap(java.util.HashMap) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) PasswordFactory(org.wildfly.security.password.PasswordFactory) CredentialStore(org.wildfly.security.credential.store.CredentialStore) KeyStoreCredentialStore(org.wildfly.security.credential.store.impl.KeyStoreCredentialStore) File(java.io.File) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) CredentialSource(org.wildfly.security.credential.source.CredentialSource) Before(org.junit.Before)

Example 13 with CredentialSource

use of org.wildfly.security.credential.source.CredentialSource in project keycloak by keycloak.

the class ElytronCSKeyStoreProviderFactory method getCredentialSource.

/**
 * Obtains the {@code CredentialSource} to be used as a protection parameter when initializing the Elytron credential
 * store. The source is essentially a wrapper for the credential store secret. The credential store secret can be specified
 * in clear text form or in masked form. Check the Elytron tool documentation for instruction on how to mask the credential
 * store secret.
 * <p/>
 * <b>Note: </b>This logic should ideally be provided directly by Elytron but is currently missing.
 *
 * @param secret the secret obtained from the {@link ElytronCSKeyStoreProviderFactory} configuration.
 * @return the constructed {@code CredentialSource}.
 */
protected CredentialSource getCredentialSource(final String secret) {
    if (secret != null && secret.startsWith("MASK-")) {
        return new CredentialSource() {

            @Override
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
                return credentialType == PasswordCredential.class ? SupportLevel.SUPPORTED : SupportLevel.UNSUPPORTED;
            }

            @Override
            public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
                // strip "MASK-" and split by ';'
                String[] part = secret.substring(5).split(";");
                if (part.length != 3) {
                    throw new IOException("Masked password command has the wrong format.%nUsage: MASK-<encoded secret>;<salt>;<iteration count> " + "where <salt>=UTF-8 characters, <iteration count>=reasonable sized positive integer");
                }
                String salt = part[1];
                final int iterationCount;
                try {
                    iterationCount = Integer.parseInt(part[2]);
                } catch (NumberFormatException e) {
                    throw new IOException("Masked password command has the wrong format.%nUsage: MASK-<encoded secret>;<salt>;<iteration count> " + "where <salt>=UTF-8 characters, <iteration count>=reasonable sized positive integer");
                }
                try {
                    PasswordBasedEncryptionUtil decryptUtil = new PasswordBasedEncryptionUtil.Builder().picketBoxCompatibility().salt(salt).iteration(iterationCount).decryptMode().build();
                    return credentialType.cast(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, decryptUtil.decodeAndDecrypt(part[0]))));
                } catch (GeneralSecurityException e) {
                    throw new IOException(e);
                }
            }
        };
    } else {
        return IdentityCredentials.NONE.withCredential(new PasswordCredential(ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, secret.toCharArray())));
    }
}
Also used : PasswordCredential(org.wildfly.security.credential.PasswordCredential) Credential(org.wildfly.security.credential.Credential) GeneralSecurityException(java.security.GeneralSecurityException) PasswordCredential(org.wildfly.security.credential.PasswordCredential) PasswordBasedEncryptionUtil(org.wildfly.security.util.PasswordBasedEncryptionUtil) IOException(java.io.IOException) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) CredentialSource(org.wildfly.security.credential.source.CredentialSource)

Aggregations

CredentialSource (org.wildfly.security.credential.source.CredentialSource)13 PasswordCredential (org.wildfly.security.credential.PasswordCredential)8 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)6 IOException (java.io.IOException)4 OperationFailedException (org.jboss.as.controller.OperationFailedException)4 GeneralSecurityException (java.security.GeneralSecurityException)3 Provider (java.security.Provider)3 HashMap (java.util.HashMap)3 ModelNode (org.jboss.dmr.ModelNode)3 ServiceBuilder (org.jboss.msc.service.ServiceBuilder)3 ServiceTarget (org.jboss.msc.service.ServiceTarget)3 WildFlyElytronProvider (org.wildfly.security.WildFlyElytronProvider)3 Password (org.wildfly.security.password.Password)3 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)3 File (java.io.File)2 KeyPair (java.security.KeyPair)2 KeyStore (java.security.KeyStore)2 SQLException (java.sql.SQLException)2 Optional (java.util.Optional)2 SSLContext (javax.net.ssl.SSLContext)2