[jboss-cvs] Picketbox SVN: r411 - in branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test: resources and 11 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 23 14:00:05 EDT 2013
Author: pskopek
Date: 2013-04-23 14:00:05 -0400 (Tue, 23 Apr 2013)
New Revision: 411
Added:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault.jks
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/long_alias_keystore/vault_data/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/readme.txt
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/readme.txt
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault_data/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/readme.txt
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault_data/
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
Removed:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault.keystore
Modified:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
Log:
Test changes after Security Vault changes.
Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java 2013-04-23 17:58:36 UTC (rev 410)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java 2013-04-23 18:00:05 UTC (rev 411)
@@ -41,13 +41,18 @@
*/
public class EncryptionUtilUnitTestCase
{
- String keyStoreURL = "src/test/resources/keystore/vault.keystore";
+ String keyStoreURL = "target/vaults/vault-enc/vault.jks";
String keyStorePass = "vault22";
String alias = "vault";
@Test
public void testEncryptDecrypt() throws Exception
{
+ SecurityVaultUnitTestCase.setInitialVaulConditions(
+ "src/test/resources/keystore/vault.jks", "target/vaults/vault-enc/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault-enc/vault_data");
+
+
KeyStore ks = KeyStoreUtil.getKeyStore(keyStoreURL, keyStorePass.toCharArray());
assertNotNull(ks);
EncryptionUtil encUtil = new EncryptionUtil("AES", 128);
Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-04-23 17:58:36 UTC (rev 410)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-04-23 18:00:05 UTC (rev 411)
@@ -23,61 +23,44 @@
import org.jboss.security.plugins.PBEUtils;
import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
import org.jboss.security.vault.SecurityVaultFactory;
import org.jboss.security.vault.SecurityVaultUtil;
-import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
import org.picketbox.plugins.vault.PicketBoxSecurityVault;
-import org.picketbox.util.StringUtil;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.nio.channels.FileChannel;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
+import junit.framework.Assert;
+
import static org.junit.Assert.*;
/**
* Unit Test the {@link SecurityVault} Implementation
+ *
+ * Note: replacement-vault.keystore has been created using:
+ * keytool -genkey -alias mykey -keystore replacement-vault.keystore -keyalg RSA -keysize 1024 -storepass supersecret11 -keypass supersecret11 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+ *
* @author Anil.Saldhana at redhat.com
* @since Aug 12, 2011
*/
public class SecurityVaultUnitTestCase
{
- String salt = "12438567";
- int iterationCount = 50;
+ //String dataDir = "${java.io.tmpdir}/enc/";
- String keyStorePass = "vault22";
-
- String maskedPWD;
-
- String dataDir = "${java.io.tmpdir}/enc/";
-
- @Before
- public void setup() throws Exception
- {
- setupEncryptionFilesDir(dataDir);
- }
-
- private void setupEncryptionFilesDir(String directoryName) {
-
- String dir = StringUtil.getSystemPropertyAsString(directoryName);
- File encDir = new File(dir);
-
- if(encDir.exists() == false)
- encDir.mkdirs();
-
- File encFile = new File(dir + "/enc.dat");
- if(encFile.exists())
- encFile.delete();
- }
-
@Test
- @Ignore
public void testDefaultVault() throws Exception
{
SecurityVault vault = SecurityVaultFactory.get();
@@ -87,43 +70,21 @@
}
@Test
- @Ignore
- public void testInitialization() throws Exception
+ public void testHandshake() throws Exception
{
- SecurityVault vault = SecurityVaultFactory.get();
- assertNotNull(vault);
- assertTrue(vault instanceof PicketBoxSecurityVault);
- assertFalse(vault.isInitialized());
- Map<String,Object> options = new HashMap<String,Object>();
- try
- {
- vault.init(options);
- fail("Should have thrown error");
- }
- catch(IllegalArgumentException iae)
- {
- }
- maskedPWD = getMaskedPassword(keyStorePass, salt,iterationCount);
+ setInitialVaulConditions("src/test/resources/keystore/vault.jks", "target/vaults/vault1/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault1/vault_data");
- options.putAll(getMap());
+ SecurityVault vault = getNewSecurityVaultInstance();
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/vault1/vault.jks",
+ "target/vaults/vault1/vault_data",
+ "vault", "12438567", 50, "vault22");
+
vault.init(options);
-
assertTrue(vault.isInitialized());
- }
-
- @Test
- public void testHandshake() throws Exception
- {
- SecurityVault vault = SecurityVaultFactory.get();
- Map<String,Object> options = new HashMap<String,Object>();
- maskedPWD = getMaskedPassword(keyStorePass, salt,iterationCount);
-
- options.putAll(getMap());
- vault.init(options);
- assertTrue(vault.isInitialized());
-
Map<String,Object> handshakeOptions = new HashMap<String,Object>();
handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT,"vault");
@@ -132,31 +93,25 @@
}
@Test
- public void testHandshakeForLongAlias() throws Exception
+ public void testHandshakeAnConversionForLongAlias() throws Exception
{
-
- SecurityVault vault = SecurityVaultFactory.get();
- String maskedPassword = getMaskedPassword("password1234", "87654321", 23);
- String encDir = "${java.io.tmpdir}/long_alias_keystore/";
- setupEncryptionFilesDir(encDir);
+ setInitialVaulConditions("src/test/resources/long_alias_keystore/vault.jks", "target/vaults/long_alias_keystore/vault.jks",
+ "src/test/resources/long_alias_keystore/vault_data", "target/vaults/long_alias_keystore/vault_data");
- Map<String,Object> options = new HashMap<String,Object>();
- options.put(PicketBoxSecurityVault.KEYSTORE_URL, "src/test/resources/long_alias_keystore/vault.jks");
- options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, maskedPassword);
- options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, "superverylongvaultname");
- options.put(PicketBoxSecurityVault.SALT, "87654321");
- options.put(PicketBoxSecurityVault.ITERATION_COUNT, String.valueOf(23));
- options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encDir);
+ SecurityVault vault = getNewSecurityVaultInstance();
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/long_alias_keystore/vault.jks",
+ "target/vaults/long_alias_keystore/vault_data",
+ "superverylongvaultname", "87654321", 23, "password1234");
vault.init(options);
assertTrue("Vault is supposed to be inicialized", vault.isInitialized());
Map<String,Object> handshakeOptions = new HashMap<String,Object>();
- handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, "superverylongvaultname");
-
byte[] sharedKey = vault.handshake(handshakeOptions);
assertNotNull(sharedKey);
-
+
+ // not relevant anymore, but leaving it as is
boolean containsLineBreaks = false;
for (byte b: sharedKey) {
if (b == '\n') {
@@ -170,22 +125,26 @@
@Test
public void testStoreAndRetrieve() throws Exception
{
+
+ setInitialVaulConditions("src/test/resources/keystore/vault.jks", "target/vaults/vault2/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault2/vault_data");
+
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/vault2/vault.jks",
+ "target/vaults/vault2/vault_data",
+ "vault", "12438567", 50, "vault22");
+
String vaultBlock = "SecBean";
String attributeName = "theAttribute";
char[] attributeValue = "someValue".toCharArray();
- SecurityVault vault = SecurityVaultFactory.get();
- Map<String,Object> options = new HashMap<String,Object>();
- maskedPWD = getMaskedPassword(keyStorePass, salt,iterationCount);
+ SecurityVault vault = getNewSecurityVaultInstance();
- options.putAll(getMap());
-
vault.init(options);
assertTrue(vault.isInitialized());
Map<String,Object> handshakeOptions = new HashMap<String,Object>();
- handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT,"vault");
byte[] sharedKey = vault.handshake(handshakeOptions);
assertNotNull(sharedKey);
@@ -205,7 +164,179 @@
assertFalse(vault.exists(vaultBlock+"1", attributeName+"2"));
}
+
+ /**
+ * See src/test/resources/vault-v0/readme.txt for initial vault setup (including secured attributes).
+ * @throws Exception
+ */
@Test
+ public void testConversion() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v0/vault-jks.keystore", "target/vaults/vault-v0/vault-jks.keystore",
+ "src/test/resources/vault-v0/vault_data", "target/vaults/vault-v0/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v0/vault-jks.keystore",
+ "target/vaults/vault-v0/vault_data",
+ "thealias", "24681359", 88, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+
+ // init should do the automatic conversion
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ byte[] sharedKey = vault.handshake(null);
+ assertNotNull(sharedKey);
+
+ // let's try to check if the converted vault contains all secret attributes from initial vault
+ assertSecretValue(vault, "vb", "attr1", "pwd1");
+ assertSecretValue(vault, "vb", "attr2", "pwd2");
+ assertSecretValue(vault, "vb1", "attr1", "pwd3");
+ assertSecretValue(vault, "vb2", "attr2", "pwd4");
+ assertSecretValue(vault, "vb2", "attr3", "pwd5");
+ assertSecretValue(vault, "vb", "attr3", "pwd6");
+
+
+ // get new instance of vault to simulate restart of application server
+ SecurityVault convertedVault = getNewSecurityVaultInstance();
+ assertFalse(convertedVault.isInitialized());
+ convertedVault.init(options);
+ assertTrue(convertedVault.isInitialized());
+
+ convertedVault.handshake(null);
+
+ // now try the same attributes on converted vault after restart
+ assertSecretValue(convertedVault, "vb", "attr1", "pwd1");
+ assertSecretValue(convertedVault, "vb", "attr2", "pwd2");
+ assertSecretValue(convertedVault, "vb1", "attr1", "pwd3");
+ assertSecretValue(convertedVault, "vb2", "attr2", "pwd4");
+ assertSecretValue(convertedVault, "vb2", "attr3", "pwd5");
+ assertSecretValue(convertedVault, "vb", "attr3", "pwd6");
+
+ }
+
+ @Test
+ public void testVault_V1_open_retrieve() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-jceks.keystore", "target/vaults/vault-v1/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1/vault-jceks.keystore",
+ "target/vaults/vault-v1/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if proper values are stored in the vault
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+
+ }
+
+ @Test(expected = SecurityVaultException.class)
+ public void testVault_V1_open_wrong_alias() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-jceks.keystore", "target/vaults/vault-v1-wrong/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1-wrong/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1-wrong/vault-jceks.keystore",
+ "target/vaults/vault-v1-wrong/vault_data",
+ "thewrongalias", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+
+ }
+
+ @Test(expected = SecurityVaultException.class)
+ public void testVaultWithReplacedKeystore() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-replacement-jceks.keystore", "target/vaults/vault-v1/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1/vault-jceks.keystore",
+ "target/vaults/vault-v1/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if the converted vault contains all secret attributes from initial vault
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+
+ }
+
+ @Test
+ public void testMoreSecretKeys() throws Exception {
+ setInitialVaulConditions("src/test/resources/vault-v1-more/vault-jceks.keystore", "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "src/test/resources/vault-v1-more/vault_data", "target/vaults/vault-v1-more/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "target/vaults/vault-v1-more/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if proper values are stored in the vault
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+
+ final Map<String, Object> options2 = getVaultOptionsMap(
+ "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "target/vaults/vault-v1-more/vault_data",
+ "test2", "12345678", 34, "secretsecret");
+
+ SecurityVault vault2 = getNewSecurityVaultInstance();
+ assertFalse(vault2.isInitialized());
+
+ vault2.init(options2);
+ assertTrue(vault2.isInitialized());
+
+ vault2.handshake(null);
+
+ // let's try to check different alias can retrieve proper attribute
+ assertSecretValue(vault2, "vb1", "attr13", "secret13");
+
+ try {
+ assertSecretValue(vault2, "vb1", "attr11", "secret11");
+ fail("retrieving security attribute with different secret key alias has to fail.");
+ }
+ catch (SecurityVaultException e) {
+ // deliberately empty
+ }
+ catch (Throwable e) {
+ fail("unexpected exception " + e.getStackTrace().toString());
+ }
+
+
+ }
+
+ @Test
public void testUtil() throws Exception
{
assertFalse(SecurityVaultUtil.isVaultFormat((String)null));
@@ -229,17 +360,119 @@
return new String(PicketBoxSecurityVault.PASS_MASK_PREFIX) + maskedPass;
}
- private Map<String,Object> getMap()
- {
- Map<String,Object> options = new HashMap<String,Object>();
- options.put(PicketBoxSecurityVault.KEYSTORE_URL, "src/test/resources/keystore/vault.keystore");
- options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, maskedPWD);
- options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, "vault");
- options.put(PicketBoxSecurityVault.SALT, salt);
- options.put(PicketBoxSecurityVault.ITERATION_COUNT, "" + iterationCount);
- options.put(PicketBoxSecurityVault.ENC_FILE_DIR,dataDir);
-
+ private Map<String, Object> getVaultOptionsMap(String keystore, String encDataDir, String alias, String salz, int iter,
+ String password) throws Exception {
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(PicketBoxSecurityVault.KEYSTORE_URL, keystore);
+ options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, getMaskedPassword(password, salz, iter));
+ options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, alias);
+ options.put(PicketBoxSecurityVault.SALT, salz);
+ options.put(PicketBoxSecurityVault.ITERATION_COUNT, String.valueOf(iter));
+ options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encDataDir);
return options;
}
+
+ public static void setInitialVaulConditions(String originalKeyStoreFile, String targetKeyStoreFile,
+ String originalVaultContentDir, String targetVaultContentDir) throws Exception {
+
+ File tKS = new File(targetKeyStoreFile);
+ File parent = tKS.getParentFile();
+ if (!parent.exists()) {
+ parent.mkdirs();
+ }
+ SecurityVaultUnitTestCase.copyFile(new File(originalKeyStoreFile), tKS);
+
+ File targetVaultContent = new File(targetVaultContentDir);
+ cleanDirectory(targetVaultContent);
+ File originVault = new File(originalVaultContentDir);
+ for (File f : originVault.listFiles()) {
+ SecurityVaultUnitTestCase.copyFile(f, new File(targetVaultContent.getAbsolutePath() + File.separator + f.getName()));
+ }
+ }
+
+ /**
+ * Make clean new directory.
+ *
+ * @param directory
+ */
+ public static void cleanDirectory(File directory) {
+ if (directory.exists()) {
+ for (File f: directory.listFiles()) { f.delete(); }
+ directory.delete();
+ }
+ directory.mkdirs();
+ }
+
+ /**
+ * Copy file method.
+ *
+ * @param sourceFile
+ * @param destFile
+ * @throws IOException
+ */
+ public static void copyFile(File sourceFile, File destFile) throws IOException {
+ if (!destFile.exists()) {
+ destFile.createNewFile();
+ }
+ FileInputStream fIn = null;
+ FileOutputStream fOut = null;
+ FileChannel source = null;
+ FileChannel destination = null;
+ try {
+ fIn = new FileInputStream(sourceFile);
+ source = fIn.getChannel();
+ fOut = new FileOutputStream(destFile);
+ destination = fOut.getChannel();
+ long transfered = 0;
+ long bytes = source.size();
+ while (transfered < bytes) {
+ transfered += destination.transferFrom(source, 0, source.size());
+ destination.position(transfered);
+ }
+ } finally {
+ if (source != null) {
+ source.close();
+ } else if (fIn != null) {
+ fIn.close();
+ }
+ if (destination != null) {
+ destination.close();
+ } else if (fOut != null) {
+ fOut.close();
+ }
+ }
+ }
+
+ static Class<?> loadClass(final Class<?> clazz, final String fqn) {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() {
+ public Class<?> run() {
+ ClassLoader cl = clazz.getClassLoader();
+ Class<?> loadedClass = null;
+ try {
+ loadedClass = cl.loadClass(fqn);
+ } catch (ClassNotFoundException e) {
+ }
+ return loadedClass;
+ }
+ });
+
+ }
+
+ private void assertSecretValue(SecurityVault vault, String vaultBlock, String attributeName, String expectedSecuredAttributeValue) throws SecurityVaultException {
+ assertEquals("Expected value has to match the one in vault. " + vaultBlock + ":" + attributeName + "=" + expectedSecuredAttributeValue,
+ new String(expectedSecuredAttributeValue),
+ new String(vault.retrieve(vaultBlock, attributeName, null)));
+ }
+
+ /**
+ * get new instance of vault to simulate restart of application server
+ * @return
+ * @throws Exception
+ */
+ private SecurityVault getNewSecurityVaultInstance() throws Exception {
+ Class<?> vaultClass = loadClass(SecurityVaultFactory.class, "org.picketbox.plugins.vault.PicketBoxSecurityVault");
+ return (SecurityVault)vaultClass.newInstance();
+ }
+
}
\ No newline at end of file
Copied: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault.jks (from rev 408, branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault.keystore)
===================================================================
(Binary files differ)
Deleted: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault.keystore
===================================================================
(Binary files differ)
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt (rev 0)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt 2013-04-23 18:00:05 UTC (rev 411)
@@ -0,0 +1 @@
+this vault data directory is empty
\ No newline at end of file
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/readme.txt
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/readme.txt (rev 0)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/readme.txt 2013-04-23 18:00:05 UTC (rev 411)
@@ -0,0 +1,32 @@
+Keystore creation:
+-----------------------------------
+keytool -genkey -alias thealias -keystore vault-jks.keystore -keyalg RSA -keysize 1024 -storepass secretsecret -keypass secretsecret -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+
+
+Keystore maked password attribs:
+-----------------------------------
+<vault>
+ <vault-option name="KEYSTORE_URL" value="vault/vault-jks.keystore"/>
+ <vault-option name="KEYSTORE_PASSWORD" value="MASK-X6MP2urfgJoRURxC5tsFw"/>
+ <vault-option name="KEYSTORE_ALIAS" value="thealias"/>
+ <vault-option name="SALT" value="24681359"/>
+ <vault-option name="ITERATION_COUNT" value="88"/>
+ <vault-option name="ENC_FILE_DIR" value="vault/vault_data/"/>
+</vault>
+
+
+vault content created in 3 sessions:
+-----------------------------------
+1. interactive session:
+vb attr1 pwd1
+vb attr2 pwd2
+vb1 attr1 pwd3
+vb2 attr2 pwd4
+
+2. non-interactive session
+vb2 attr3 pwd5
+
+3. non-interactive session
+vb attr3 pwd6
+
+
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/readme.txt
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/readme.txt (rev 0)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/readme.txt 2013-04-23 18:00:05 UTC (rev 411)
@@ -0,0 +1,8 @@
+keystore created:
+------------------
+keytool -genseckey -alias test -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+
+vault content created (from EAP6.1 dir):
+-----------------------------------------
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr11 -x secret11
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr12 -x secret12
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/readme.txt
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/readme.txt (rev 0)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/readme.txt 2013-04-23 18:00:05 UTC (rev 411)
@@ -0,0 +1,10 @@
+keystore created:
+------------------
+keytool -genseckey -alias test -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+keytool -genseckey -alias test2 -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+
+vault content created (from EAP6.1 dir):
+-----------------------------------------
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr11 -x secret11
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr12 -x secret12
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test2 -p secretsecret -i 34 -s 12345678 -b vb1 -a attr13 -x secret13
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
===================================================================
(Binary files differ)
Property changes on: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list