Search in sources :

Example 6 with CredentialStore

use of org.wildfly.security.credential.store.CredentialStore in project fuse-karaf by jboss-fuse.

the class ActivatorTest method initializeCredentialStore.

@Before
public void initializeCredentialStore() throws Exception {
    activator.start(null);
    final WildFlyElytronProvider elytron = new WildFlyElytronProvider();
    Security.addProvider(elytron);
    final PasswordFactory passwordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, elytron);
    final Password password = passwordFactory.generatePassword(new ClearPasswordSpec("it was the best of times it was the worst of times".toCharArray()));
    final Credential credential = new PasswordCredential(password);
    final CredentialSource credentialSource = IdentityCredentials.NONE.withCredential(credential);
    credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, elytron);
    final String storePath = new File(tmp.getRoot(), "credential.store").getAbsolutePath();
    final Map<String, String> parameters = new HashMap<>();
    parameters.put("location", storePath);
    parameters.put("keyStoreType", "JCEKS");
    credentialStore.initialize(parameters, new CredentialStore.CredentialSourceProtectionParameter(credentialSource));
    final Password secret = passwordFactory.generatePassword(new ClearPasswordSpec("this is a password".toCharArray()));
    final Credential value = new PasswordCredential(secret);
    credentialStore.store("alias", value);
    credentialStore.flush();
}
Also used : PasswordCredential(org.wildfly.security.credential.PasswordCredential) Credential(org.wildfly.security.credential.Credential) HashMap(java.util.HashMap) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) PasswordFactory(org.wildfly.security.password.PasswordFactory) CredentialStore(org.wildfly.security.credential.store.CredentialStore) KeyStoreCredentialStore(org.wildfly.security.credential.store.impl.KeyStoreCredentialStore) File(java.io.File) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) CredentialSource(org.wildfly.security.credential.source.CredentialSource) Before(org.junit.Before)

Example 7 with CredentialStore

use of org.wildfly.security.credential.store.CredentialStore in project fuse-karaf by jboss-fuse.

the class Activator method start.

/**
 * If there are any Credential store references as values in the system properties, adds
 * {@link WildFlyElytronProvider} to {@link Security} providers, replaces those values with the values from the
 * Credential store and installs the JMX filter to prevent the clear text value leakage.
 *
 * @param context
 *            OSGI bundle context
 */
@Override
public void start(final BundleContext context) throws Exception {
    this.context = context;
    final WildFlyElytronProvider elytronProvider = new WildFlyElytronProvider();
    providerName = elytronProvider.getName();
    Security.addProvider(elytronProvider);
    final Properties properties = System.getProperties();
    @SuppressWarnings("unchecked") final Collection<String> values = (Collection) properties.values();
    final boolean hasValuesFromCredentialStore = CredentialStoreHelper.containsStoreReferences(values);
    if (!hasValuesFromCredentialStore) {
        return;
    }
    CredentialStore credentialStore;
    try {
        credentialStore = CredentialStoreHelper.credentialStoreFromEnvironment();
    } catch (final Exception e) {
        final String message = e.getMessage();
        System.err.println("\r\nUnable to initialize credential store, destroying container: " + message);
        LOG.error("Unable to initialize credential store, destroying container: {}", message);
        if (LOG.isDebugEnabled()) {
            LOG.debug("Logging exception stack trace", e);
        }
        final Bundle frameworkBundle = context.getBundle(0);
        frameworkBundle.stop();
        return;
    }
    @SuppressWarnings("unchecked") final Hashtable<String, String> propertiesAsStringEntries = (Hashtable) properties;
    for (final Entry<String, String> property : propertiesAsStringEntries.entrySet()) {
        final String key = property.getKey();
        final String value = property.getValue();
        if (replaced(credentialStore, key, value)) {
            replacedProperties.put(key, value);
        }
    }
    if (!replacedProperties.isEmpty()) {
        mbeanServerTracker = new ServiceTracker<>(context, MBeanServer.class, this);
        mbeanServerTracker.open();
    }
}
Also used : Bundle(org.osgi.framework.Bundle) Hashtable(java.util.Hashtable) Properties(java.util.Properties) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) JMException(javax.management.JMException) CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException) CredentialStore(org.wildfly.security.credential.store.CredentialStore) Collection(java.util.Collection) MBeanServer(javax.management.MBeanServer)

Example 8 with CredentialStore

use of org.wildfly.security.credential.store.CredentialStore in project fuse-karaf by jboss-fuse.

the class CreateCredentialStore method createCredentialStore.

/**
 * Performs the {@link CredentialStore} creation, by the way of instantiation, initialization and in the end
 * flushing the Credential store implementation. The given attributes are combined with the default attributes so
 * that the user doesn't need to specify a lot of parameters needed for the initialization of the Credential source.
 *
 * @see CredentialStoreHelper#defaultCredentialStoreAttributesFor(String)
 *
 * @param algorithm
 *            of the Credential store, must be one supported by the provider
 * @param givenAttributes
 *            configuration parameters that will be combined with default to initialize the Credential store
 * @param credentialSource
 *            the protection of the Credential store
 * @param provider
 *            provider whose implementation will be used for the Credential store
 * @throws GeneralSecurityException
 */
static void createCredentialStore(final String algorithm, final Map<String, String> givenAttributes, final CredentialSource credentialSource, final Provider provider) throws GeneralSecurityException {
    final CredentialStore credentialStore = CredentialStore.getInstance(algorithm, provider);
    final CredentialStore.ProtectionParameter protectionParameter = new CredentialStore.CredentialSourceProtectionParameter(credentialSource);
    final Map<String, String> attributes = CredentialStoreHelper.defaultCredentialStoreAttributesFor(algorithm);
    attributes.putAll(givenAttributes);
    credentialStore.initialize(attributes, protectionParameter);
    credentialStore.flush();
}
Also used : CredentialStore(org.wildfly.security.credential.store.CredentialStore)

Example 9 with CredentialStore

use of org.wildfly.security.credential.store.CredentialStore in project fuse-karaf by jboss-fuse.

the class ListCredentialStore method execute.

@Override
public Object execute() throws Exception {
    final ShellTable table = new ShellTable();
    table.column(new Col("Alias"));
    table.column(new Col("Reference"));
    final CredentialStore credentialStore = CredentialStoreHelper.credentialStoreFromEnvironment();
    for (final String alias : credentialStore.getAliases()) {
        table.addRow().addContent(alias, CredentialStoreHelper.referenceForAlias(alias));
    }
    table.print(System.out);
    return null;
}
Also used : Col(org.apache.karaf.shell.support.table.Col) ShellTable(org.apache.karaf.shell.support.table.ShellTable) CredentialStore(org.wildfly.security.credential.store.CredentialStore)

Example 10 with CredentialStore

use of org.wildfly.security.credential.store.CredentialStore in project fuse-karaf by jboss-fuse.

the class StoreInCredentialStore method execute.

@Override
public Object execute() throws Exception {
    final CredentialStore credentialStore = CredentialStoreHelper.credentialStoreFromEnvironment();
    final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear", ProviderHelper.provider(ProviderHelper.WILDFLY_PROVIDER));
    final Password password = passwordFactory.generatePassword(new ClearPasswordSpec(secret.toCharArray()));
    credentialStore.store(alias, new PasswordCredential(password));
    credentialStore.flush();
    System.out.println("Value stored in the credential store to reference it use: " + CredentialStoreHelper.referenceForAlias(alias));
    return null;
}
Also used : PasswordFactory(org.wildfly.security.password.PasswordFactory) CredentialStore(org.wildfly.security.credential.store.CredentialStore) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) Password(org.wildfly.security.password.Password)

Aggregations

CredentialStore (org.wildfly.security.credential.store.CredentialStore)10 PasswordCredential (org.wildfly.security.credential.PasswordCredential)4 Password (org.wildfly.security.password.Password)4 HashMap (java.util.HashMap)3 WildFlyElytronProvider (org.wildfly.security.WildFlyElytronProvider)3 CredentialStoreException (org.wildfly.security.credential.store.CredentialStoreException)3 KeyStoreCredentialStore (org.wildfly.security.credential.store.impl.KeyStoreCredentialStore)3 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)3 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)3 Provider (java.security.Provider)2 CredentialSource (org.wildfly.security.credential.source.CredentialSource)2 PasswordFactory (org.wildfly.security.password.PasswordFactory)2 File (java.io.File)1 PrintWriter (java.io.PrintWriter)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 Collection (java.util.Collection)1 Date (java.util.Date)1 Hashtable (java.util.Hashtable)1 Properties (java.util.Properties)1 JMException (javax.management.JMException)1