use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class AuthenticationConfiguration method useMaskedPassword.
/**
* Create a new configuration which is the same as this configuration, but converts the given masked password to a
* clear password and uses the clear password to authenticate.
*
* @param password the password to use
* @return the new configuration
* @throws NoSuchAlgorithmException if algorithm used to get PasswordFactory instance is invalid
* @throws InvalidKeySpecException if invalid spec is used to generate password
*/
public AuthenticationConfiguration useMaskedPassword(MaskedPassword password) throws NoSuchAlgorithmException, InvalidKeySpecException {
Assert.assertNotNull(password);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm());
final ClearPasswordSpec spec = passwordFactory.getKeySpec(password, ClearPasswordSpec.class);
final char[] clearPassword = spec.getEncodedPassword();
PasswordFactory factory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR);
Password finalPassword = factory.generatePassword(new ClearPasswordSpec(clearPassword)).castAs(ClearPassword.class);
final CredentialSource filtered = getCredentialSource().without(PasswordCredential.class);
return finalPassword == null ? useCredentials(filtered) : useCredentials(filtered).useCredential(new PasswordCredential(finalPassword));
}
use of org.wildfly.security.credential.source.CredentialSource in project wildfly-elytron by wildfly-security.
the class VaultCommand method getVaultCredentialStoreProtectionParameter.
private CredentialSourceProtectionParameter getVaultCredentialStoreProtectionParameter(final String keyStoreURL, final String vaultPassword, final String salt, final int iterationCount, final String secretKeyAlias) throws GeneralSecurityException, IOException {
char[] password = vaultPassword.startsWith("MASK-") ? decodeMaskedPassword(vaultPassword.substring("MASK-".length()), salt, iterationCount) : vaultPassword.toCharArray();
final KeyStore keyStore = KeyStore.getInstance(defaultKeyStoreType);
try (FileInputStream in = new FileInputStream(new File(keyStoreURL))) {
keyStore.load(in, password);
}
final KeyStore.Entry entry = keyStore.getEntry(secretKeyAlias, new KeyStore.PasswordProtection(password));
if (entry instanceof KeyStore.SecretKeyEntry) {
return new CredentialSourceProtectionParameter(new CredentialSource() {
@Override
public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
return null;
}
@Override
public <C extends Credential> C getCredential(Class<C> credentialType, String algorithmName, AlgorithmParameterSpec parameterSpec) throws IOException {
SecretKeyCredential credential = new SecretKeyCredential(((KeyStore.SecretKeyEntry) entry).getSecretKey());
return credential.castAs(credentialType, algorithmName, parameterSpec);
}
});
} else {
throw ElytronToolMessages.msg.cannotLocateAdminKey(secretKeyAlias);
}
}
Aggregations