Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2012, Red Hat, Inc., and individual contributors
   * as indicated by the @author tags. See the copyright.txt file in the
   * distribution for a full listing of individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
   * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.wildfly.test.security;
 
 import java.io.File;
 import java.util.Map;
 
 
Non-interactive session for VaultTool

Author(s):
Peter Skopek
 
 public final class VaultSession {
 
     public static final String VAULT_ENC_ALGORITHM = "PBEwithMD5andDES";
 
     static final Charset CHARSET = .;
 
     private String keystoreURL;
     private String keystorePassword;
     private String keystoreMaskedPassword;
     private String encryptionDirectory;
     private String salt;
     private int iterationCount;
 
     private SecurityVault vault;
     private String vaultAlias;

    
Constructor to create VaultSession.

Parameters:
keystoreURL
keystorePassword
encryptionDirectory
salt
iterationCount
Throws:
java.lang.Exception
 
     public VaultSession(String keystoreURLString keystorePasswordString encryptionDirectoryString saltint iterationCount)
             throws Exception {
         this. = keystoreURL;
         this. = keystorePassword;
         this. = encryptionDirectory;
         this. = salt;
         this. = iterationCount;
         validate();
     }

    
Validate fields sent to this class's constructor.
 
     private void validate() throws Exception {
         validateKeystoreURL();
         validateEncryptionDirectory();
         validateSalt();
         validateIterationCount();
         validateKeystorePassword();
     }
 
     protected void validateKeystoreURL() throws Exception {
 
         File f = new File();
         if (!f.exists()) {
             throw new Exception(String.format("Keystore '%s' doesn't exist." + "\nkeystore could be created: "
            + "keytool -genseckey -alias Vault -storetype jceks -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret -keystore %s",
                    ));
        } else if (!f.canWrite() || !f.isFile()) {
            throw new Exception(String.format("Keystore [%s] is not writable or not a file."));
        }
    }
    protected void validateKeystorePassword() throws Exception {
        if ( == null) {
            throw new Exception("Keystore password has to be specified.");
        }
    }
    protected void validateEncryptionDirectory() throws Exception {
        if ( == null) {
            throw new Exception("Encryption directory has to be specified.");
        }
        if (!.endsWith("/") || .endsWith("\\")) {
             =  + (System.getProperty("file.separator""/"));
        }
        File d = new File();
        if (!d.exists()) {
            if (!d.mkdirs()) {
                throw new Exception(String.format("Cannot create encryption directory %s"d.getAbsolutePath()));
            }
        }
        if (!d.isDirectory()) {
            throw new Exception(String.format("Encryption directory is not a directory or doesn't exist. (%s)"));
        }
    }
    protected void validateIterationCount() throws Exception {
        if ( < 1 &&  > .) {
            throw new Exception(String.format("Iteration count has to be within 1 - "
                    + . + ", but it is %s.", String.valueOf()));
        }
    }
    protected void validateSalt() throws Exception {
        if ( == null || .length() != 8) {
            throw new Exception("Salt has to be exactly 8 characters long.");
        }
    }

    
Method to compute masked password based on class attributes.

Returns:
masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}.
Throws:
java.lang.Exception
    private String computeMaskedPassword() throws Exception {
        // Create the PBE secret key
        SecretKeyFactory factory = SecretKeyFactory.getInstance();
        char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
        PBEParameterSpec cipherSpec = new PBEParameterSpec(.getBytes(), );
        PBEKeySpec keySpec = new PBEKeySpec(password);
        SecretKey cipherKey = factory.generateSecret(keySpec);
        String maskedPass = PBEUtils.encode64(.getBytes(), cipherKeycipherSpec);
        return . + maskedPass;
    }

    
Initialize the underlying vault.

    private void initSecurityVault() throws Exception {
        try {
            this. = SecurityVaultFactory.get();
            this..init(getVaultOptionsMap());
            handshake();
        } catch (SecurityVaultException e) {
            throw new Exception("Exception encountered:"e);
        }
    }

    
Start the vault with given alias.

Parameters:
vaultAlias
Throws:
java.lang.Exception
    public void startVaultSession(String vaultAliasthrows Exception {
        if (vaultAlias == null) {
            throw new Exception("Vault alias has to be specified.");
        }
        this. = (org.jboss.security.Util.isPasswordCommand())
                ? 
                : computeMaskedPassword();
        this. = vaultAlias;
        initSecurityVault();
    }
    private Map<StringObjectgetVaultOptionsMap() {
        Map<StringObjectoptions = new HashMap<StringObject>();
        options.put(.);
        return options;
    }
    private void handshake() throws SecurityVaultException {
        Map<StringObjecthandshakeOptions = new HashMap<StringObject>();
        handshakeOptions.put(.);
        .handshake(handshakeOptions);
    }

    
Add secured attribute to specified vault block. This method can be called only after successful startVaultSession() call.

Parameters:
vaultBlock
attributeName
attributeValue
Returns:
secured attribute configuration
    public String addSecuredAttribute(String vaultBlockString attributeNamechar[] attributeValuethrows Exception {
        .store(vaultBlockattributeNameattributeValuenull);
        return securedAttributeConfigurationString(vaultBlockattributeName);
    }

    
Add secured attribute to specified vault block. This method can be called only after successful startVaultSession() call. After successful storage the secured attribute information will be displayed at standard output. For silent method

Parameters:
vaultBlock
attributeName
attributeValue
Throws:
java.lang.Exception
See also:
addSecuredAttribute
    public void addSecuredAttributeWithDisplay(String vaultBlockString attributeNamechar[] attributeValuethrows Exception {
        .store(vaultBlockattributeNameattributeValuenull);
        attributeCreatedDisplay(vaultBlockattributeName);
    }

    
Check whether secured attribute is already set for given vault block and attribute name. This method can be called only after successful startVaultSession() call.

Parameters:
vaultBlock
attributeName
Returns:
true is password already exists for given vault block and attribute name.
Throws:
java.lang.Exception
    public boolean checkSecuredAttribute(String vaultBlockString attributeNamethrows Exception {
        return .exists(vaultBlockattributeName);
    }

    
This method removes secured attribute stored in org.jboss.security.vault.SecurityVault. After successful remove operation returns true. Otherwise false.

Parameters:
vaultBlock security vault block
attributeName Attribute name stored in security vault
Returns:
true is operation is successful, otherwise false
Throws:
java.lang.Exception
    public boolean removeSecuredAttribute(String vaultBlockString attributeNamethrows Exception {
        return .remove(vaultBlockattributeNamenull);
    }

    
Display info about stored secured attribute.

Parameters:
vaultBlock
attributeName
    private void attributeCreatedDisplay(String vaultBlockString attributeName) {
        ..println(String.format("Secured attribute value has been stored in Vault.\n" +
            "Please make note of the following:\n" +
            "********************************************\n" +
            "Vault Block:%s\n" + "Attribute Name:%s\n" +
            "Configuration should be done as follows:\n" +
            "%s\n" +
            "********************************************"vaultBlockattributeNamesecuredAttributeConfigurationString(vaultBlockattributeName)));
    }

    
Returns configuration string for secured attribute.

Parameters:
vaultBlock
attributeName
Returns:
    private String securedAttributeConfigurationString(String vaultBlockString attributeName) {
        return "VAULT::" + vaultBlock + "::" + attributeName + "::1";
    }

    
Display info about vault itself in form of AS7 configuration file.
    public void vaultConfigurationDisplay() {
        ..println("Vault Configuration in WildFly configuration file:");
        ..println("********************************************");
        ..println("...");
        ..println("</extensions>");
        ..println("<management> ...");
        ..println("********************************************");
    }

    
Returns vault configuration string in user readable form.

Returns:
    public String vaultConfiguration() {
        StringBuilder sb = new StringBuilder();
        sb.append("<vault>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_URL\" value=\"").append().append("\"/>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_PASSWORD\" value=\"").append().append("\"/>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_ALIAS\" value=\"").append().append("\"/>").append("\n");
        sb.append("  <vault-option name=\"SALT\" value=\"").append().append("\"/>").append("\n");
        sb.append("  <vault-option name=\"ITERATION_COUNT\" value=\"").append().append("\"/>").append("\n");
        sb.append("  <vault-option name=\"ENC_FILE_DIR\" value=\"").append().append("\"/>").append("\n");
        sb.append("</vault>");
        return sb.toString();
    }

    
Method to get keystore masked password to use further in configuration. Has to be used after startVaultSession method.

Returns:
the keystoreMaskedPassword
    public String getKeystoreMaskedPassword() {
        return ;
    }

    
Display format for couple of vault block and attribute name.

Parameters:
vaultBlock
attributeName
Returns:
formatted java.lang.String
    static String blockAttributeDisplayFormat(String vaultBlockString attributeName) {
        return "[" + vaultBlock + "::" + attributeName + "]";
    }
New to GrepCode? Check out our FAQ X