Search in sources :

Example 31 with CredentialSource

use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.

the class AuthenticationConfiguration method useMaskedPassword.

/**
 * Create a new configuration which is the same as this configuration, but converts the given masked password to a
 * clear password and uses the clear password to authenticate.
 *
 * @param password the password to use
 * @return the new configuration
 * @throws NoSuchAlgorithmException if algorithm used to get PasswordFactory instance is invalid
 * @throws InvalidKeySpecException if invalid spec is used to generate password
 */
public AuthenticationConfiguration useMaskedPassword(MaskedPassword password) throws NoSuchAlgorithmException, InvalidKeySpecException {
    Assert.assertNotNull(password);
    final PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm());
    final ClearPasswordSpec spec = passwordFactory.getKeySpec(password, ClearPasswordSpec.class);
    final char[] clearPassword = spec.getEncodedPassword();
    PasswordFactory factory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR);
    Password finalPassword = factory.generatePassword(new ClearPasswordSpec(clearPassword)).castAs(ClearPassword.class);
    final CredentialSource filtered = getCredentialSource().without(PasswordCredential.class);
    return finalPassword == null ? useCredentials(filtered) : useCredentials(filtered).useCredential(new PasswordCredential(finalPassword));
}
Also used : PasswordFactory(org.wildfly.security.password.PasswordFactory) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) TwoWayPassword(org.wildfly.security.password.TwoWayPassword) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) KeyStoreCredentialSource(org.wildfly.security.credential.source.impl.KeyStoreCredentialSource) FactoryCredentialSource(org.wildfly.security.credential.source.impl.FactoryCredentialSource) CredentialSource(org.wildfly.security.credential.source.CredentialSource) LocalKerberosCredentialSource(org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource) CredentialStoreCredentialSource(org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource)

Example 32 with CredentialSource

use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.

the class VaultCommand method getVaultCredentialStoreProtectionParameter.

private CredentialSourceProtectionParameter getVaultCredentialStoreProtectionParameter(final String keyStoreURL, final String vaultPassword, final String salt, final int iterationCount, final String secretKeyAlias) throws GeneralSecurityException, IOException {
    char[] password = vaultPassword.startsWith("MASK-") ? decodeMaskedPassword(vaultPassword.substring("MASK-".length()), salt, iterationCount) : vaultPassword.toCharArray();
    final KeyStore keyStore = KeyStore.getInstance(defaultKeyStoreType);
    try (FileInputStream in = new FileInputStream(new File(keyStoreURL))) {
        keyStore.load(in, password);
    }
    final KeyStore.Entry entry = keyStore.getEntry(secretKeyAlias, new KeyStore.PasswordProtection(password));
    if (entry instanceof KeyStore.SecretKeyEntry) {
        return new CredentialSourceProtectionParameter(new CredentialSource() {

            @Override
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
                return null;
            }

            @Override
            public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
                SecretKeyCredential credential = new SecretKeyCredential(((KeyStore.SecretKeyEntry) entry).getSecretKey());
                return credential.castAs(credentialType, algorithmName, parameterSpec);
            }
        });
    } else {
        throw ElytronToolMessages.msg.cannotLocateAdminKey(secretKeyAlias);
    }
}
Also used : IOException(java.io.IOException) CredentialSourceProtectionParameter(org.wildfly.security.credential.store.CredentialStore.CredentialSourceProtectionParameter) KeyStore(java.security.KeyStore) FileInputStream(java.io.FileInputStream) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) File(java.io.File) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) CredentialSource(org.wildfly.security.credential.source.CredentialSource) SupportLevel(org.wildfly.security.auth.SupportLevel)

Aggregations

CredentialSource (org.wildfly.security.credential.source.CredentialSource)32 PasswordCredential (org.wildfly.security.credential.PasswordCredential)21 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)17 IOException (java.io.IOException)14 Provider (java.security.Provider)9 Credential (org.wildfly.security.credential.Credential)9 HashMap (java.util.HashMap)8 OperationFailedException (org.jboss.as.controller.OperationFailedException)8 ExceptionSupplier (org.wildfly.common.function.ExceptionSupplier)8 CredentialStoreCredentialSource (org.wildfly.security.credential.source.impl.CredentialStoreCredentialSource)8 KeyStoreCredentialSource (org.wildfly.security.credential.source.impl.KeyStoreCredentialSource)8 LocalKerberosCredentialSource (org.wildfly.security.credential.source.impl.LocalKerberosCredentialSource)8 Password (org.wildfly.security.password.Password)8 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)8 GeneralSecurityException (java.security.GeneralSecurityException)7 KeyStore (java.security.KeyStore)7 Supplier (java.util.function.Supplier)6 ConfigXMLParseException (org.wildfly.client.config.ConfigXMLParseException)6 XMLLocation (org.wildfly.client.config.XMLLocation)6 OAuth2CredentialSource (org.wildfly.security.credential.source.OAuth2CredentialSource)6