Search in sources :

Example 6 with ClearPassword

use of org.wildfly.security.password.interfaces.ClearPassword in project wildfly by wildfly.

the class ReadCredentialServlet method doGet.

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    resp.setContentType("text/plain");
    resp.setCharacterEncoding("UTF-8");
    final PrintWriter writer = resp.getWriter();
    final String credentialStore = req.getParameter(PARAM_CREDENTIAL_STORE);
    final String alias = req.getParameter(PARAM_ALIAS);
    String separator = req.getParameter(PARAM_SEPARATOR);
    if (separator == null) {
        separator = PARAM_SEPARATOR_DEFAULT;
    }
    ServiceRegistry registry = CurrentServiceContainer.getServiceContainer();
    if (credentialStore == null || credentialStore.length() == 0) {
        for (ServiceName name : registry.getServiceNames()) {
            if (SERVICE_NAME_CRED_STORE.equals(name.getParent())) {
                writer.print(name.getSimpleName());
                writer.print(separator);
            }
        }
        return;
    }
    ServiceController<?> credStoreService = registry.getService(ServiceName.of(SERVICE_NAME_CRED_STORE, credentialStore));
    if (credStoreService == null) {
        resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
        writer.print(credentialStore + " not found");
        return;
    }
    CredentialStore cs = (CredentialStore) credStoreService.getValue();
    if (alias == null || alias.length() == 0) {
        try {
            for (String csAlias : cs.getAliases()) {
                writer.print(csAlias);
                writer.print(separator);
            }
        } catch (UnsupportedOperationException | CredentialStoreException e) {
            throw new ServletException("Unable to list aliases", e);
        }
        return;
    }
    String clearPassword = null;
    try {
        if (cs.exists(alias, PasswordCredential.class)) {
            Password password = cs.retrieve(alias, PasswordCredential.class).getPassword();
            if (password instanceof ClearPassword) {
                clearPassword = new String(((ClearPassword) password).getPassword());
            }
        }
    } catch (CredentialStoreException | IllegalStateException e) {
        throw new ServletException("Unable to retrieve password  from credential store", e);
    }
    if (clearPassword == null) {
        resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
        writer.print(alias + " password not found in " + credentialStore);
    } else {
        writer.print(clearPassword);
    }
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) PasswordCredential(org.wildfly.security.credential.PasswordCredential) CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException) ServletException(javax.servlet.ServletException) ServiceName(org.jboss.msc.service.ServiceName) CredentialStore(org.wildfly.security.credential.store.CredentialStore) ServiceRegistry(org.jboss.msc.service.ServiceRegistry) PrintWriter(java.io.PrintWriter) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)

Example 7 with ClearPassword

use of org.wildfly.security.password.interfaces.ClearPassword in project wildfly by wildfly.

the class EncryptProtocolConfigurationServiceConfigurator method accept.

@Override
public void accept(P protocol) {
    KeyStore store = this.keyStore.get();
    String alias = this.keyAlias;
    try {
        if (!store.containsAlias(alias)) {
            throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias);
        }
        PasswordCredential credential = this.credentialSource.get().getCredential(PasswordCredential.class);
        if (credential == null) {
            throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
        }
        ClearPassword password = credential.getPassword(ClearPassword.class);
        if (password == null) {
            throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
        }
        if (!store.entryInstanceOf(alias, this.entryClass)) {
            throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, this.entryClass.getSimpleName());
        }
        KeyStore.Entry entry = store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword()));
        protocol.setKeyStoreEntry(this.entryClass.cast(entry));
    } catch (KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
        throw new IllegalArgumentException(e);
    }
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) PasswordCredential(org.wildfly.security.credential.PasswordCredential) UnrecoverableEntryException(java.security.UnrecoverableEntryException) KeyStoreException(java.security.KeyStoreException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStore(java.security.KeyStore)

Example 8 with ClearPassword

use of org.wildfly.security.password.interfaces.ClearPassword in project fuse-karaf by jboss-fuse.

the class CredentialStoreHelperTest method accessCredentialStore.

@Test
public void accessCredentialStore() throws Exception {
    Security.addProvider(new WildFlyElytronProvider());
    // KeyStoreCredentialStore is default algorithm when using
    // org.jboss.fuse.credential.store.karaf.util.CredentialStoreHelper.credentialStoreFromEnvironment()
    // it's a credential store which is backed by a key store
    CredentialStore cs1 = CredentialStore.getInstance("KeyStoreCredentialStore");
    // Credential store implementation which uses the legacy "vault" format
    CredentialStore cs2 = CredentialStore.getInstance("VaultCredentialStore");
    // map-backed credential store implementation
    CredentialStore cs3 = CredentialStore.getInstance("MapCredentialStore");
    LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
    LOG.info("Credential Store 2: {}, aliases: {}", cs2, /*cs2.getAliases()*/
    null);
    LOG.info("Credential Store 3: {}, aliases: {}", cs3, cs3.getAliases());
    // KeyStoreCredentialStore uses 3 parameters/attributes
    // - location
    // - modifiable
    // - keyStoreType
    // CHECKSTYLE:OFF
    // from $JAVA_HOME/jre/lib/security/java.security, keystore.type
    LOG.info("Default KeyStore type: {}", KeyStore.getDefaultType());
    LOG.info("KeyStore providers / algorithms:");
    for (Provider p : Providers.getProviderList().providers()) {
        for (Provider.Service s : p.getServices()) {
            if ("KeyStore".equals(s.getType())) {
                LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
            }
        }
    }
    LOG.info("PasswordFactory providers / algorithms:");
    for (Provider p : Providers.getProviderList().providers()) {
        for (Provider.Service s : p.getServices()) {
            if ("PasswordFactory".equals(s.getType())) {
                LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
            }
        }
    }
    LOG.info("SecretKeyFactory providers / algorithms:");
    for (Provider p : Providers.getProviderList().providers()) {
        for (Provider.Service s : p.getServices()) {
            if ("SecretKeyFactory".equals(s.getType())) {
                LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
            }
        }
    }
    LOG.info("Cipher providers / algorithms:");
    for (Provider p : Providers.getProviderList().providers()) {
        for (Provider.Service s : p.getServices()) {
            if ("Cipher".equals(s.getType())) {
                LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
            }
        }
    }
    // CHECKSTYLE:ON
    Password pwd1 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret1".toCharArray()));
    Password pwd2 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret2".toCharArray()));
    CredentialSource cs = IdentityCredentials.NONE.withCredential(new PasswordCredential(pwd1));
    CredentialStore.ProtectionParameter pp = new CredentialStore.CredentialSourceProtectionParameter(cs);
    Map<String, String> attrs = new HashMap<>();
    attrs.put("keyStoreType", "PKCS12");
    attrs.put("location", String.format("target/credentials-%12d.store", new Date().getTime()));
    cs1.initialize(attrs, pp);
    cs1.store("alias1", new PasswordCredential(pwd2));
    cs1.flush();
    LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
    PasswordCredential pwd = cs1.retrieve("alias1", PasswordCredential.class);
    LOG.info("Retrieved password: {}", new String(((ClearPassword) pwd.getPassword()).getPassword()));
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) HashMap(java.util.HashMap) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) Date(java.util.Date) WildFlyElytronProvider(org.wildfly.security.WildFlyElytronProvider) Provider(java.security.Provider) CredentialStore(org.wildfly.security.credential.store.CredentialStore) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) CredentialSource(org.wildfly.security.credential.source.CredentialSource) Test(org.junit.Test)

Example 9 with ClearPassword

use of org.wildfly.security.password.interfaces.ClearPassword in project keycloak by keycloak.

the class ElytronCSKeyStoreProvider method obtainSecretInternal.

@Override
protected VaultRawSecret obtainSecretInternal(String vaultSecretId) {
    try {
        PasswordCredential credential = this.credentialStore.retrieve(vaultSecretId, PasswordCredential.class);
        if (credential == null) {
            // alias not found, password type doesn't match entry, or algorithm (clear) doesn't match entry.
            logger.debugf("Cannot find secret %s in credential store", vaultSecretId);
            return DefaultVaultRawSecret.forBuffer(Optional.empty());
        }
        char[] secret = credential.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword);
        ByteBuffer buffer = StandardCharsets.UTF_8.encode(CharBuffer.wrap(secret));
        return DefaultVaultRawSecret.forBuffer(Optional.of(buffer));
    } catch (CredentialStoreException e) {
        // this might happen if there is an error when trying to retrieve the secret from the store.
        logger.debugf(e, "Unable to retrieve secret %s from credential store", vaultSecretId);
        return DefaultVaultRawSecret.forBuffer(Optional.empty());
    }
}
Also used : ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) PasswordCredential(org.wildfly.security.credential.PasswordCredential) CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException) ByteBuffer(java.nio.ByteBuffer)

Aggregations

PasswordCredential (org.wildfly.security.credential.PasswordCredential)9 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)9 IOException (java.io.IOException)5 KeyStore (java.security.KeyStore)5 GeneralSecurityException (java.security.GeneralSecurityException)3 KeyPair (java.security.KeyPair)3 CredentialSource (org.wildfly.security.credential.source.CredentialSource)3 KeyStoreException (java.security.KeyStoreException)2 Optional (java.util.Optional)2 SSLContext (javax.net.ssl.SSLContext)2 CommonUnaryRequirement (org.jboss.as.clustering.controller.CommonUnaryRequirement)2 CredentialSourceDependency (org.jboss.as.clustering.controller.CredentialSourceDependency)2 OperationContext (org.jboss.as.controller.OperationContext)2 OperationFailedException (org.jboss.as.controller.OperationFailedException)2 ModelNode (org.jboss.dmr.ModelNode)2 ServiceBuilder (org.jboss.msc.service.ServiceBuilder)2 ServiceTarget (org.jboss.msc.service.ServiceTarget)2 UndertowLogger (org.wildfly.extension.undertow.logging.UndertowLogger)2 CredentialStore (org.wildfly.security.credential.store.CredentialStore)2 CredentialStoreException (org.wildfly.security.credential.store.CredentialStoreException)2