[jboss-cvs] JBossAS SVN: r114600 - in projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security: vault and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Dec 16 20:59:23 EST 2013
Author: soul2zimate
Date: 2013-12-16 20:59:22 -0500 (Mon, 16 Dec 2013)
New Revision: 114600
Added:
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityActions.java
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVault.java
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultException.java
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultFactory.java
projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java
Log:
[SECURITY-775], backport vault functionality in security-spi for EAP5.3
Added: projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityActions.java
===================================================================
--- projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityActions.java (rev 0)
+++ projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityActions.java 2013-12-17 01:59:22 UTC (rev 114600)
@@ -0,0 +1,64 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class SecurityActions
+{
+ static Class<?> loadClass(final Class<?> clazz, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader cl = clazz.getClassLoader();
+ Class<?> loadedClass = null;
+ try
+ {
+ loadedClass = cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ if(loadedClass == null)
+ {
+ try
+ {
+ loadedClass = Thread.currentThread().getContextClassLoader().loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ }
+ return loadedClass;
+ }
+ });
+
+ }
+}
\ No newline at end of file
Added: projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVault.java
===================================================================
--- projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVault.java (rev 0)
+++ projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVault.java 2013-12-17 01:59:22 UTC (rev 114600)
@@ -0,0 +1,101 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * Vault for secure storage of attributes
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public interface SecurityVault
+{
+ /**
+ * Initialize the vault
+ * @param options
+ */
+ void init(Map<String,Object> options) throws SecurityVaultException;
+
+ /**
+ * Determine if the vault is initialized
+ * @return
+ */
+ boolean isInitialized();
+
+ /**
+ * Retrieve the shared key from the vault
+ * @param handshakeOptions a set of options that the vault identifies for handshake
+ * @return
+ * @throws SecurityVaultException
+ */
+ byte[] handshake(Map<String,Object> handshakeOptions) throws SecurityVaultException;
+
+ /**
+ * Get the currently vaulted VaultBlock_attribute Names
+ * @return
+ * @throws SecurityVaultException
+ */
+ Set<String> keyList() throws SecurityVaultException;
+
+ /**
+ * Check whether an attribute value exists in the vault
+ * @param vaultBlock
+ * @param attributeName
+ * @return
+ * @throws SecurityVaultException
+ * @since v4.0.3
+ */
+ boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException;
+
+ /**
+ * Store an attribute value
+ * @param vaultBlock a string value that brings in the uniqueness
+ * @param attributeName name of the attribute
+ * @param attributeValue
+ * @param sharedKey
+ * @throws SecurityVaultException
+ */
+ void store(String vaultBlock, String attributeName,char[] attributeValue, byte[] sharedKey) throws SecurityVaultException;
+
+ /**
+ * Retrieve the attribute value
+ * @param vaultBlock
+ * @param attributeName
+ * @param sharedKey
+ * @return
+ * @throws SecurityVaultException
+ */
+ char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException;
+
+ /**
+ * Remove an existing attribute value
+ * @param vaultBlock
+ * @param attributeName
+ * @param sharedKey
+ * @return true if remove was successful, false otherwise
+ * @throws SecurityVaultException
+ * @since v4.0.4.final
+ */
+ boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException;
+}
\ No newline at end of file
Added: projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultException.java
===================================================================
--- projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultException.java (rev 0)
+++ projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultException.java 2013-12-17 01:59:22 UTC (rev 114600)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * General exception thrown from the vault operations
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class SecurityVaultException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = -463686701228652165L;
+
+ public SecurityVaultException()
+ {
+ super();
+ }
+
+ public SecurityVaultException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public SecurityVaultException(String msg)
+ {
+ super(msg);
+ }
+
+ public SecurityVaultException(Throwable cause)
+ {
+ super(cause);
+ }
+}
\ No newline at end of file
Added: projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultFactory.java
===================================================================
--- projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultFactory.java (rev 0)
+++ projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultFactory.java 2013-12-17 01:59:22 UTC (rev 114600)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+/**
+ * A factory to instantiate a {@link SecurityVault}
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class SecurityVaultFactory
+{
+ private static String defaultVault = "org.jboss.security.plugins.vault.PicketBoxSecurityVault";
+ private static SecurityVault vault= null;
+
+ /**
+ * Get an instance of {@link SecurityVault}
+ * Remember to initialize the vault by checking {@link SecurityVault#isInitialized()}
+ * @return an instance of {@link SecurityVault}
+ * @throws SecurityVaultException
+ */
+ public static SecurityVault get() throws SecurityVaultException
+ {
+ return get(defaultVault);
+ }
+
+ /**
+ * Get an instance of {@link SecurityVault}
+ * Remember to initialize the vault by checking {@link SecurityVault#isInitialized()}
+ * @param fqn fully qualified name of the vault implementation
+ * @return an instance of {@link SecurityVault}
+ * @throws SecurityVaultException
+ */
+ public static SecurityVault get(String fqn) throws SecurityVaultException
+ {
+ if(fqn == null)
+ return get();
+
+ if(vault == null)
+ {
+ Class<?> vaultClass = SecurityActions.loadClass(SecurityVaultFactory.class,fqn);
+ if(vaultClass == null)
+ throw new SecurityVaultException("Unable to load vault class");
+ try
+ {
+ vault = (SecurityVault) vaultClass.newInstance();
+ }
+ catch (Exception e)
+ {
+ throw new SecurityVaultException("Unable to instantiate vault class");
+ }
+ }
+ return vault;
+ }
+}
\ No newline at end of file
Added: projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java
===================================================================
--- projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java (rev 0)
+++ projects/security/security-spi/branches/Branch_2_0/spi/src/main/java/org/jboss/security/vault/SecurityVaultUtil.java 2013-12-17 01:59:22 UTC (rev 114600)
@@ -0,0 +1,140 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.util.StringTokenizer;
+
+/**
+ * Common utility methods associated with the {@link SecurityVault}
+ *
+ * @author anil saldhana
+ */
+public class SecurityVaultUtil
+{
+ public static final String VAULT_PREFIX = "VAULT";
+
+ /**
+ * Check whether the string has the format of the vault
+ *
+ * @param chars
+ * @return
+ */
+ public static boolean isVaultFormat(char[] chars)
+ {
+ if(chars == null)
+ {
+ return false;
+ }
+ String str = new String(chars);
+ return str.startsWith(VAULT_PREFIX);
+ }
+
+ /**
+ * Check whether the string has the format of the vault
+ *
+ * @param str
+ * @return
+ */
+ public static boolean isVaultFormat(String str)
+ {
+ return str != null && str.startsWith(VAULT_PREFIX);
+ }
+
+ /**
+ * <p>
+ * Given the vault formatted string, retrieve the attribute value from the
+ * vault
+ * </p>
+ * <p>
+ * Note: the vault formatted string will be of the form
+ * VAULT::vault_block::attribute_name::sharedKey
+ * </p>
+ *
+ * <p>
+ * Vault Block acts as the unique id of a block such as "messaging",
+ * "security" etc Attribute Name is the name of the attribute whose value we
+ * are preserving Shared Key is the key generated by the off line vault
+ * during storage of the attribute value
+ * </p>
+ *
+ * @param vaultString
+ * @return
+ * @throws SecurityVaultException
+ */
+ public static char[] getValue(String vaultString)
+ throws SecurityVaultException
+ {
+ if (!isVaultFormat(vaultString))
+ throw new IllegalArgumentException("Invalid vaultString format: " + vaultString);
+
+ String[] tokens = tokens(vaultString);
+
+ SecurityVault vault = SecurityVaultFactory.get();
+ if (!vault.isInitialized())
+ throw new SecurityVaultException("Vault is not initialized");
+ return vault.retrieve(tokens[1], tokens[2], tokens[3].getBytes());
+ }
+
+ /**
+ * @see #getValue(String)
+ * @param vaultString
+ * @return
+ * @throws SecurityVaultException
+ */
+ public static String getValueAsString(String vaultString)
+ throws SecurityVaultException
+ {
+ char[] val = getValue(vaultString);
+ if (val != null)
+ return new String(val);
+ return null;
+ }
+
+ /**
+ * Get the value from the vault
+ * @param chars vaultified set of characters
+ * @return
+ * @throws SecurityVaultException
+ */
+ public static char[] getValue(char[] chars)
+ throws SecurityVaultException
+ {
+ if(chars == null)
+ return null;
+ String vaultString = new String(chars);
+ return getValue(vaultString);
+ }
+
+ private static String[] tokens(String vaultString)
+ {
+ StringTokenizer tokenizer = new StringTokenizer(vaultString, "::");
+ int length = tokenizer.countTokens();
+ String[] tokens = new String[length];
+
+ int index = 0;
+ while (tokenizer != null && tokenizer.hasMoreTokens())
+ {
+ tokens[index++] = tokenizer.nextToken();
+ }
+ return tokens;
+ }
+}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list