Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  /*
   * JBoss, Home of Professional Open Source.
   * Copyright 2012, Red Hat, Inc., and individual contributors
   * as indicated by the @author tags. See the copyright.txt file in the
   * distribution for a full listing of individual contributors.
   *
   * This is free software; you can redistribute it and/or modify it
   * under the terms of the GNU Lesser General Public License as
   * published by the Free Software Foundation; either version 2.1 of
  * the License, or (at your option) any later version.
  *
  * This software is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * Lesser General Public License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public
  * License along with this software; if not, write to the Free
  * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
  * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
  */
 
 package org.jboss.as.security.vault;
 
 import java.io.File;
 import java.util.Map;
 
 
Non-interactive session for VaultTool

Author(s):
Peter Skopek
 
 public final class VaultSession {
 
     public static final String VAULT_ENC_ALGORITHM = "PBEwithMD5andDES";
 
     static final Charset CHARSET = .;
 
     private String keystoreURL;
     private String keystorePassword;
     private String keystoreMaskedPassword;
     private String encryptionDirectory;
     private String salt;
     private int iterationCount;
 
     private SecurityVault vault;
     private String vaultAlias;

    
Constructor to create VaultSession.

Parameters:
keystoreURL
keystorePassword
encryptionDirectory
salt
iterationCount
Throws:
java.lang.Exception
 
     public VaultSession(String keystoreURLString keystorePasswordString encryptionDirectoryString saltint iterationCount)
             throws Exception {
         this. = keystoreURL;
         this. = keystorePassword;
         this. = encryptionDirectory;
         this. = salt;
         this. = iterationCount;
         validate();
     }

    
Validate fields sent to this class's constructor.
 
     private void validate() throws Exception {
         validateKeystoreURL();
         validateEncryptionDirectory();
         validateSalt();
         validateIterationCount();
         validateKeystorePassword();
     }
 
     protected void validateKeystoreURL() throws Exception {
 
         File f = new File();
         if (!f.exists()) {
        } else if (!f.canWrite() || !f.isFile()) {
            throw ..keyStoreNotWritable();
        }
    }
    protected void validateKeystorePassword() throws Exception {
        if ( == null) {
            throw ..keyStorePasswordNotSpecified();
        }
    }
    protected void validateEncryptionDirectory() throws Exception {
        if ( == null) {
            throw new Exception("Encryption directory has to be specified.");
        }
        if (!.endsWith("/") || .endsWith("\\")) {
             =  + (System.getProperty("file.separator""/"));
        }
        File d = new File();
        if (!d.exists()) {
            if (!d.mkdirs()) {
                throw ..cannotCreateEncryptionDirectory(d.getAbsolutePath());
            }
        }
        if (!d.isDirectory()) {
        }
    }
    protected void validateIterationCount() throws Exception {
        if ( < 1 &&  > .) {
        }
    }
    protected void validateSalt() throws Exception {
        if ( == null || .length() != 8) {
            throw ..saltWrongLength();
        }
    }

    
Method to compute masked password based on class attributes.

Returns:
masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}.
Throws:
java.lang.Exception
    private String computeMaskedPassword() throws Exception {
        // Create the PBE secret key
        SecretKeyFactory factory = SecretKeyFactory.getInstance();
        char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
        PBEParameterSpec cipherSpec = new PBEParameterSpec(.getBytes(), );
        PBEKeySpec keySpec = new PBEKeySpec(password);
        SecretKey cipherKey = factory.generateSecret(keySpec);
        String maskedPass = PBEUtils.encode64(.getBytes(), cipherKeycipherSpec);
        return . + maskedPass;
    }

    
Initialize the underlying vault.

    private void initSecurityVault() throws Exception {
        try {
            this. = SecurityVaultFactory.get();
            this..init(getVaultOptionsMap());
            handshake();
        } catch (SecurityVaultException e) {
            throw ..securityVaultException(e);
        }
    }

    
Start the vault with given alias.

Parameters:
vaultAlias
Throws:
java.lang.Exception
    public void startVaultSession(String vaultAliasthrows Exception {
        if (vaultAlias == null) {
            throw ..vaultAliasNotSpecified();
        }
        this. = (org.jboss.security.Util.isPasswordCommand())
                ? 
                : computeMaskedPassword();
        this. = vaultAlias;
        initSecurityVault();
    }
    private Map<StringObjectgetVaultOptionsMap() {
        Map<StringObjectoptions = new HashMap<StringObject>();
        options.put(.);
        return options;
    }
    private void handshake() throws SecurityVaultException {
        Map<StringObjecthandshakeOptions = new HashMap<StringObject>();
        handshakeOptions.put(.);
        .handshake(handshakeOptions);
    }

    
Add secured attribute to specified vault block. This method can be called only after successful startVaultSession() call.

Parameters:
vaultBlock
attributeName
attributeValue
Returns:
secured attribute configuration
    public String addSecuredAttribute(String vaultBlockString attributeNamechar[] attributeValuethrows Exception {
        .store(vaultBlockattributeNameattributeValuenull);
        return securedAttributeConfigurationString(vaultBlockattributeName);
    }

    
Add secured attribute to specified vault block. This method can be called only after successful startVaultSession() call. After successful storage the secured attribute information will be displayed at standard output. For silent method

Parameters:
vaultBlock
attributeName
attributeValue
Throws:
java.lang.Exception
See also:
addSecuredAttribute
    public void addSecuredAttributeWithDisplay(String vaultBlockString attributeNamechar[] attributeValuethrows Exception {
        .store(vaultBlockattributeNameattributeValuenull);
        attributeCreatedDisplay(vaultBlockattributeName);
    }

    
Check whether secured attribute is already set for given vault block and attribute name. This method can be called only after successful startVaultSession() call.

Parameters:
vaultBlock
attributeName
Returns:
true is password already exists for given vault block and attribute name.
Throws:
java.lang.Exception
    public boolean checkSecuredAttribute(String vaultBlockString attributeNamethrows Exception {
        return .exists(vaultBlockattributeName);
    }

    
Display info about stored secured attribute.

Parameters:
vaultBlock
attributeName
    private void attributeCreatedDisplay(String vaultBlockString attributeName) {
        ..println(..vaultAttributeCreateDisplay(vaultBlockattributeName,
                securedAttributeConfigurationString(vaultBlockattributeName)));
    }

    
Returns configuration string for secured attribute.

Parameters:
vaultBlock
attributeName
Returns:
    private String securedAttributeConfigurationString(String vaultBlockString attributeName) {
        return "VAULT::" + vaultBlock + "::" + attributeName + "::1";
    }

    
Display info about vault itself in form of AS7 configuration file.
    public void vaultConfigurationDisplay() {
        ..println("********************************************");
        ..println("...");
        ..println("</extensions>");
        ..println("<management> ...");
        ..println("********************************************");
    }

    
Returns vault configuration string in user readable form.

Returns:
    public String vaultConfiguration() {
        StringBuilder sb = new StringBuilder();
        sb.append("<vault>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_URL\" value=\"" +  + "\"/>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_PASSWORD\" value=\"" +  + "\"/>").append("\n");
        sb.append("  <vault-option name=\"KEYSTORE_ALIAS\" value=\"" +  + "\"/>").append("\n");
        sb.append("  <vault-option name=\"SALT\" value=\"" +  + "\"/>").append("\n");
        sb.append("  <vault-option name=\"ITERATION_COUNT\" value=\"" +  + "\"/>").append("\n");
        sb.append("  <vault-option name=\"ENC_FILE_DIR\" value=\"" +  + "\"/>").append("\n");
        sb.append("</vault>");
        return sb.toString();
    }

    
Method to get keystore masked password to use further in configuration. Has to be used after startVaultSession method.

Returns:
the keystoreMaskedPassword
    public String getKeystoreMaskedPassword() {
        return ;
    }
New to GrepCode? Check out our FAQ X