use of org.wildfly.security.password.interfaces.ClearPassword in project wildfly by wildfly.
the class ReadCredentialServlet method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("text/plain");
resp.setCharacterEncoding("UTF-8");
final PrintWriter writer = resp.getWriter();
final String credentialStore = req.getParameter(PARAM_CREDENTIAL_STORE);
final String alias = req.getParameter(PARAM_ALIAS);
String separator = req.getParameter(PARAM_SEPARATOR);
if (separator == null) {
separator = PARAM_SEPARATOR_DEFAULT;
}
ServiceRegistry registry = CurrentServiceContainer.getServiceContainer();
if (credentialStore == null || credentialStore.length() == 0) {
for (ServiceName name : registry.getServiceNames()) {
if (SERVICE_NAME_CRED_STORE.equals(name.getParent())) {
writer.print(name.getSimpleName());
writer.print(separator);
}
}
return;
}
ServiceController<?> credStoreService = registry.getService(ServiceName.of(SERVICE_NAME_CRED_STORE, credentialStore));
if (credStoreService == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
writer.print(credentialStore + " not found");
return;
}
CredentialStore cs = (CredentialStore) credStoreService.getValue();
if (alias == null || alias.length() == 0) {
try {
for (String csAlias : cs.getAliases()) {
writer.print(csAlias);
writer.print(separator);
}
} catch (UnsupportedOperationException | CredentialStoreException e) {
throw new ServletException("Unable to list aliases", e);
}
return;
}
String clearPassword = null;
try {
if (cs.exists(alias, PasswordCredential.class)) {
Password password = cs.retrieve(alias, PasswordCredential.class).getPassword();
if (password instanceof ClearPassword) {
clearPassword = new String(((ClearPassword) password).getPassword());
}
}
} catch (CredentialStoreException | IllegalStateException e) {
throw new ServletException("Unable to retrieve password from credential store", e);
}
if (clearPassword == null) {
resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
writer.print(alias + " password not found in " + credentialStore);
} else {
writer.print(clearPassword);
}
}
use of org.wildfly.security.password.interfaces.ClearPassword in project wildfly by wildfly.
the class EncryptProtocolConfigurationServiceConfigurator method accept.
@Override
public void accept(P protocol) {
KeyStore store = this.keyStore.get();
String alias = this.keyAlias;
try {
if (!store.containsAlias(alias)) {
throw JGroupsLogger.ROOT_LOGGER.keyEntryNotFound(alias);
}
PasswordCredential credential = this.credentialSource.get().getCredential(PasswordCredential.class);
if (credential == null) {
throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
}
ClearPassword password = credential.getPassword(ClearPassword.class);
if (password == null) {
throw JGroupsLogger.ROOT_LOGGER.unexpectedCredentialSource();
}
if (!store.entryInstanceOf(alias, this.entryClass)) {
throw JGroupsLogger.ROOT_LOGGER.unexpectedKeyStoreEntryType(alias, this.entryClass.getSimpleName());
}
KeyStore.Entry entry = store.getEntry(alias, new KeyStore.PasswordProtection(password.getPassword()));
protocol.setKeyStoreEntry(this.entryClass.cast(entry));
} catch (KeyStoreException | IOException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
throw new IllegalArgumentException(e);
}
}
use of org.wildfly.security.password.interfaces.ClearPassword in project fuse-karaf by jboss-fuse.
the class CredentialStoreHelperTest method accessCredentialStore.
@Test
public void accessCredentialStore() throws Exception {
Security.addProvider(new WildFlyElytronProvider());
// KeyStoreCredentialStore is default algorithm when using
// org.jboss.fuse.credential.store.karaf.util.CredentialStoreHelper.credentialStoreFromEnvironment()
// it's a credential store which is backed by a key store
CredentialStore cs1 = CredentialStore.getInstance("KeyStoreCredentialStore");
// Credential store implementation which uses the legacy "vault" format
CredentialStore cs2 = CredentialStore.getInstance("VaultCredentialStore");
// map-backed credential store implementation
CredentialStore cs3 = CredentialStore.getInstance("MapCredentialStore");
LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
LOG.info("Credential Store 2: {}, aliases: {}", cs2, /*cs2.getAliases()*/
null);
LOG.info("Credential Store 3: {}, aliases: {}", cs3, cs3.getAliases());
// KeyStoreCredentialStore uses 3 parameters/attributes
// - location
// - modifiable
// - keyStoreType
// CHECKSTYLE:OFF
// from $JAVA_HOME/jre/lib/security/java.security, keystore.type
LOG.info("Default KeyStore type: {}", KeyStore.getDefaultType());
LOG.info("KeyStore providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("KeyStore".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("PasswordFactory providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("PasswordFactory".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("SecretKeyFactory providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("SecretKeyFactory".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
LOG.info("Cipher providers / algorithms:");
for (Provider p : Providers.getProviderList().providers()) {
for (Provider.Service s : p.getServices()) {
if ("Cipher".equals(s.getType())) {
LOG.info(" - {} / {}", s.getProvider().getName(), s.getAlgorithm());
}
}
}
// CHECKSTYLE:ON
Password pwd1 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret1".toCharArray()));
Password pwd2 = PasswordFactory.getInstance("clear").generatePassword(new ClearPasswordSpec("secret2".toCharArray()));
CredentialSource cs = IdentityCredentials.NONE.withCredential(new PasswordCredential(pwd1));
CredentialStore.ProtectionParameter pp = new CredentialStore.CredentialSourceProtectionParameter(cs);
Map<String, String> attrs = new HashMap<>();
attrs.put("keyStoreType", "PKCS12");
attrs.put("location", String.format("target/credentials-%12d.store", new Date().getTime()));
cs1.initialize(attrs, pp);
cs1.store("alias1", new PasswordCredential(pwd2));
cs1.flush();
LOG.info("Credential Store 1: {}, aliases: {}", cs1, cs1.getAliases());
PasswordCredential pwd = cs1.retrieve("alias1", PasswordCredential.class);
LOG.info("Retrieved password: {}", new String(((ClearPassword) pwd.getPassword()).getPassword()));
}
use of org.wildfly.security.password.interfaces.ClearPassword in project keycloak by keycloak.
the class ElytronCSKeyStoreProvider method obtainSecretInternal.
@Override
protected VaultRawSecret obtainSecretInternal(String vaultSecretId) {
try {
PasswordCredential credential = this.credentialStore.retrieve(vaultSecretId, PasswordCredential.class);
if (credential == null) {
// alias not found, password type doesn't match entry, or algorithm (clear) doesn't match entry.
logger.debugf("Cannot find secret %s in credential store", vaultSecretId);
return DefaultVaultRawSecret.forBuffer(Optional.empty());
}
char[] secret = credential.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword);
ByteBuffer buffer = StandardCharsets.UTF_8.encode(CharBuffer.wrap(secret));
return DefaultVaultRawSecret.forBuffer(Optional.of(buffer));
} catch (CredentialStoreException e) {
// this might happen if there is an error when trying to retrieve the secret from the store.
logger.debugf(e, "Unable to retrieve secret %s from credential store", vaultSecretId);
return DefaultVaultRawSecret.forBuffer(Optional.empty());
}
}
Aggregations