use of org.wildfly.security.password.PasswordFactory in project fuse-karaf by jboss-fuse.
the class MaskedPasswordHelper method createConfiguration.
@Override
public Map<String, String> createConfiguration(final Map<String, String> attributes) throws GeneralSecurityException, IOException {
final Provider provider = ProviderHelper.provider(option(attributes, "provider", ProviderHelper.WILDFLY_PROVIDER));
final String algorithm = option(attributes, "algorithm", DEFAULT_ALGORITHM);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm, provider);
final String password = option(attributes, "password", null);
final String salt = option(attributes, "salt", "");
final String iterations = option(attributes, "iterations", "");
final AlgorithmParameterSpec algorithmParameterSpec;
if (salt.isEmpty() && iterations.isEmpty()) {
algorithmParameterSpec = null;
} else if (salt.isEmpty()) {
algorithmParameterSpec = new IteratedPasswordAlgorithmSpec(parseInt(iterations));
} else {
final byte[] saltBytes = Base64.getDecoder().decode(salt);
algorithmParameterSpec = new IteratedSaltedPasswordAlgorithmSpec(parseInt(iterations), saltBytes);
}
final EncryptablePasswordSpec keySpec = new EncryptablePasswordSpec(password.toCharArray(), algorithmParameterSpec);
final MaskedPassword maskedPassword = passwordFactory.generatePassword(keySpec).castAs(MaskedPassword.class);
final MaskedPasswordAlgorithmSpec maskedPasswordAlgorithmSpec = maskedPassword.getParameterSpec();
final Map<String, String> configuration = new HashMap<>();
final Encoder encoder = Base64.getEncoder();
if (!DEFAULT_ALGORITHM.equals(algorithm)) {
configuration.put(CREDENTIAL_STORE_PROTECTION_ALGORITHM, algorithm);
}
configuration.put(CREDENTIAL_STORE_PROTECTION, encoder.encodeToString(maskedPassword.getMaskedPasswordBytes()));
final AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(algorithm, provider);
algorithmParameters.init(maskedPasswordAlgorithmSpec);
final byte[] encoded = algorithmParameters.getEncoded();
configuration.put(CREDENTIAL_STORE_PROTECTION_PARAMS, encoder.encodeToString(encoded));
return configuration;
}
use of org.wildfly.security.password.PasswordFactory in project fuse-karaf by jboss-fuse.
the class MaskedPasswordHelper method createCredentialSource.
@Override
public CredentialSource createCredentialSource(final Map<String, String> configuration) throws GeneralSecurityException, IOException {
final String algorithmParamsBase64 = option(configuration, CREDENTIAL_STORE_PROTECTION_PARAMS, "");
final Decoder decoder = Base64.getDecoder();
final byte[] encodedAlgorithmParams = decoder.decode(algorithmParamsBase64);
final String algorithm = option(configuration, CREDENTIAL_STORE_PROTECTION_ALGORITHM, DEFAULT_ALGORITHM);
final Provider provider = ProviderHelper.provider(option(configuration, CREDENTIAL_STORE_PROTECTION_PROVIDER, ProviderHelper.WILDFLY_PROVIDER));
final AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(algorithm, provider);
algorithmParameters.init(encodedAlgorithmParams);
final MaskedPasswordAlgorithmSpec maskedPasswordAlgorithmSpec = algorithmParameters.getParameterSpec(MaskedPasswordAlgorithmSpec.class);
final char[] initialKeyMaterial = maskedPasswordAlgorithmSpec.getInitialKeyMaterial();
final int iterationCount = maskedPasswordAlgorithmSpec.getIterationCount();
final byte[] salt = maskedPasswordAlgorithmSpec.getSalt();
final String maskedPasswordBase64 = option(configuration, CREDENTIAL_STORE_PROTECTION, "");
final byte[] maskedPasswordBytes = decoder.decode(maskedPasswordBase64);
final MaskedPasswordSpec maskedPasswordSpec = new MaskedPasswordSpec(initialKeyMaterial, iterationCount, salt, maskedPasswordBytes);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm, provider);
final Password maskedPassword = passwordFactory.generatePassword(maskedPasswordSpec);
final PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, provider);
final ClearPasswordSpec clearPasswordSpec = passwordFactory.getKeySpec(maskedPassword, ClearPasswordSpec.class);
final Password password = clearPasswordFactory.generatePassword(clearPasswordSpec);
final PasswordCredential passwordCredential = new PasswordCredential(password);
return IdentityCredentials.NONE.withCredential(passwordCredential);
}
use of org.wildfly.security.password.PasswordFactory in project fuse-karaf by jboss-fuse.
the class ProtectionTypeTest method shouldCreateMaskedPasswordCredentialSourceFromConfiguration.
@Test
public void shouldCreateMaskedPasswordCredentialSourceFromConfiguration() throws IOException, GeneralSecurityException {
final Map<String, String> configuration = new HashMap<>();
configuration.put("CREDENTIAL_STORE_PROTECTION_ALGORITHM", MaskedPassword.ALGORITHM_MASKED_MD5_DES);
configuration.put("CREDENTIAL_STORE_PROTECTION_PARAMS", "MDkEKXNvbWVhcmJpdHJhcnljcmF6eXN0cmluZ3RoYXRkb2Vzbm90bWF0dGVyAgID6AQIHmrp8uDnGLE=");
configuration.put("CREDENTIAL_STORE_PROTECTION", "mC/60tWnla4bmFn2e5Z8U3CZnjsG9Pvc");
final CredentialSource credentialSource = ProtectionType.masked.createCredentialSource(configuration);
assertThat(credentialSource).isNotNull();
final PasswordCredential credential = credentialSource.getCredential(PasswordCredential.class);
final Password password = credential.getPassword();
final PasswordFactory clearPasswordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, new WildFlyElytronProvider());
final ClearPasswordSpec clearPasswordSpec = clearPasswordFactory.getKeySpec(password, ClearPasswordSpec.class);
assertThat(new String(clearPasswordSpec.getEncodedPassword())).isEqualTo("my deep dark secret");
}
use of org.wildfly.security.password.PasswordFactory in project fuse-karaf by jboss-fuse.
the class ActivatorTest method initializeCredentialStore.
@Before
public void initializeCredentialStore() throws Exception {
activator.start(null);
final WildFlyElytronProvider elytron = new WildFlyElytronProvider();
Security.addProvider(elytron);
final PasswordFactory passwordFactory = PasswordFactory.getInstance(ClearPassword.ALGORITHM_CLEAR, elytron);
final Password password = passwordFactory.generatePassword(new ClearPasswordSpec("it was the best of times it was the worst of times".toCharArray()));
final Credential credential = new PasswordCredential(password);
final CredentialSource credentialSource = IdentityCredentials.NONE.withCredential(credential);
credentialStore = CredentialStore.getInstance(KeyStoreCredentialStore.KEY_STORE_CREDENTIAL_STORE, elytron);
final String storePath = new File(tmp.getRoot(), "credential.store").getAbsolutePath();
final Map<String, String> parameters = new HashMap<>();
parameters.put("location", storePath);
parameters.put("keyStoreType", "JCEKS");
credentialStore.initialize(parameters, new CredentialStore.CredentialSourceProtectionParameter(credentialSource));
final Password secret = passwordFactory.generatePassword(new ClearPasswordSpec("this is a password".toCharArray()));
final Credential value = new PasswordCredential(secret);
credentialStore.store("alias", value);
credentialStore.flush();
}
use of org.wildfly.security.password.PasswordFactory in project fuse-karaf by jboss-fuse.
the class StoreInCredentialStore method execute.
@Override
public Object execute() throws Exception {
final CredentialStore credentialStore = CredentialStoreHelper.credentialStoreFromEnvironment();
final PasswordFactory passwordFactory = PasswordFactory.getInstance("clear", ProviderHelper.provider(ProviderHelper.WILDFLY_PROVIDER));
final Password password = passwordFactory.generatePassword(new ClearPasswordSpec(secret.toCharArray()));
credentialStore.store(alias, new PasswordCredential(password));
credentialStore.flush();
System.out.println("Value stored in the credential store to reference it use: " + CredentialStoreHelper.referenceForAlias(alias));
return null;
}
Aggregations