[jboss-cvs] JBossAS SVN: r114601 - in projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src: main/java/org/jboss/security and 18 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Dec 16 21:09:48 EST 2013
Author: soul2zimate
Date: 2013-12-16 21:09:47 -0500 (Mon, 16 Dec 2013)
New Revision: 114601
Added:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/PicketBoxSecurityVault.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/SecurityVaultData.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/EncryptionUtil.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/KeyStoreUtil.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/SecurityActions.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/StringUtil.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault.jks
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault.jks
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault_data/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/replacement_keystore/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault_data/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/readme.txt
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault_data/
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
Modified:
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/CallerIdentityLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/ConfiguredIdentityLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
Log:
[SECURITY-775], backport vault functionality in jbosssx for EAP5.3
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/CallerIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/CallerIdentityLoginModule.java 2013-12-17 01:59:22 UTC (rev 114600)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/CallerIdentityLoginModule.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -34,6 +34,8 @@
import org.jboss.logging.Logger;
import org.jboss.security.RunAsIdentity;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* A simple login module that simply associates the principal making the
@@ -112,8 +114,17 @@
}
else
{
- password = pass.toCharArray();
- }
+ if (SecurityVaultUtil.isVaultFormat(pass)) {
+ try {
+ pass = SecurityVaultUtil.getValueAsString(pass);
+ } catch (SecurityVaultException e) {
+ throw new RuntimeException(e);
+ }
+ password = pass.toCharArray();
+ } else {
+ password = pass.toCharArray();
+ }
+ }
// Check the addRunAsRoles
String flag = (String) options.get("addRunAsRoles");
@@ -151,6 +162,10 @@
if( userPassword != null )
{
password = userPassword;
+ if(SecurityVaultUtil.isVaultFormat(password))
+ {
+ password = SecurityVaultUtil.getValue(password);
+ }
}
if (user != null)
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/ConfiguredIdentityLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/ConfiguredIdentityLoginModule.java 2013-12-17 01:59:22 UTC (rev 114600)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/resource/security/ConfiguredIdentityLoginModule.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -33,6 +33,8 @@
import org.jboss.logging.Logger;
import org.jboss.security.SimplePrincipal;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* A simple login module that simply associates the principal specified
@@ -85,6 +87,20 @@
log.warn("Creating LoginModule with no configured password!");
password = "";
}
+ else
+ {
+ if(SecurityVaultUtil.isVaultFormat(password))
+ {
+ try
+ {
+ password = SecurityVaultUtil.getValueAsString(password);
+ }
+ catch (SecurityVaultException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+ }
if(trace)
log.trace("got principal: " + principalName + ", username: " + userName + ", password: ***");
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2013-12-17 01:59:22 UTC (rev 114600)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -46,6 +46,7 @@
import org.jboss.security.SimpleGroup;
import org.jboss.security.Util;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
The org.jboss.security.auth.spi.LdapExtLoginModule, added in jboss-4.0.3, is an
@@ -391,6 +392,11 @@
char[] tmp = DecodeAction.decode(bindCredential, serviceName);
bindCredential = new String(tmp);
}
+ //Check if the credential is vaultified
+ if(bindCredential != null && SecurityVaultUtil.isVaultFormat(bindCredential))
+ {
+ bindCredential = SecurityVaultUtil.getValueAsString(bindCredential);
+ }
allowReferralsForAuth = Boolean.valueOf((String)options.get(ALLOW_REFERRALS_FOR_AUTH)).booleanValue();
baseDN = (String) options.get(BASE_CTX_DN);
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2013-12-17 01:59:22 UTC (rev 114600)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapLoginModule.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -43,6 +43,7 @@
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
+import org.jboss.security.vault.SecurityVaultUtil;
/**
* An implementation of LoginModule that authenticates against an LDAP server
@@ -332,6 +333,11 @@
char[] tmp = DecodeAction.decode(bindCredential, serviceName);
bindCredential = new String(tmp);
}
+ //Check if the credential is vaultified
+ if(bindCredential != null && SecurityVaultUtil.isVaultFormat(bindCredential))
+ {
+ bindCredential = SecurityVaultUtil.getValueAsString(bindCredential);
+ }
String principalDNPrefix = (String) options.get(PRINCIPAL_DN_PREFIX_OPT);
if (principalDNPrefix == null)
Modified: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2013-12-17 01:59:22 UTC (rev 114600)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/auth/spi/UsernamePasswordLoginModule.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -39,6 +39,8 @@
import org.jboss.crypto.digest.DigestCallback;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultUtil;
/** An abstract subclass of AbstractServerLoginModule that imposes
* an identity == String username, credentials == String password view on
@@ -263,8 +265,23 @@
// Hash the user entered password if password hashing is in use
if( hashAlgorithm != null && hashUserPassword == true )
password = createPasswordHash(username, password, DIGEST_CALLBACK);
+
// Validate the password supplied by the subclass
String expectedPassword = getUsersPassword();
+ // Check if the password is vaultified
+ if(SecurityVaultUtil.isVaultFormat(expectedPassword))
+ {
+ try
+ {
+ expectedPassword = SecurityVaultUtil.getValueAsString(expectedPassword);
+ }
+ catch (SecurityVaultException e)
+ {
+ LoginException le = new LoginException("Unable to get password value from vault");
+ le.initCause(e);
+ throw le;
+ }
+ }
// Allow the storeDigestCallback to hash the expected password
if( hashAlgorithm != null && hashStorePassword == true )
expectedPassword = createPasswordHash(username, expectedPassword, STORE_DIGEST_CALLBACK);
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/PicketBoxSecurityVault.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/PicketBoxSecurityVault.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/PicketBoxSecurityVault.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,653 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.plugins.vault;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.plugins.PBEUtils;
+import org.jboss.security.util.EncryptionUtil;
+import org.jboss.security.util.KeyStoreUtil;
+import org.jboss.security.util.StringUtil;
+import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.OutputStream;
+import java.nio.channels.FileChannel;
+import java.security.*;
+import java.security.KeyStore.Entry;
+import java.util.Enumeration;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+
+/**
+ * An instance of {@link SecurityVault} that uses
+ * a {@link KeyStore}
+ * The shared key just uses a concatenation of a {@link java.util.UUID}
+ * and a keystore alias.
+ *
+ * The following options are expected in the {@link SecurityVault#init(Map)} call:
+ * ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform
+ * KEYSTORE_URL: location where your keystore is located
+ * KEYSTORE_PASSWORD: Masked keystore password. Has to be prepended with MASK-
+ * KEYSTORE_ALIAS: Alias where the keypair is located
+ * SALT: salt of the masked password. Ensured it is 8 characters in length
+ * ITERATION_COUNT: Iteration Count of the masked password.
+ * KEY_SIZE: Key size of encryption. Default is 128 bytes.
+ * CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS".
+ * KEYSTORE_TYPE: Key store type. Default is JCEKS.
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @author Peter Skopek (pskopek_at_redhat_dot_com)
+ * @since Aug 12, 2011
+ */
+public class PicketBoxSecurityVault implements SecurityVault
+{
+ protected boolean finishedInit = false;
+
+ protected KeyStore keystore = null;
+
+ protected String encryptionAlgorithm = "AES";
+
+ protected int keySize = 128;
+
+ private char[] keyStorePWD = null;
+
+ private String alias = null;
+
+ private SecurityVaultData vaultContent = null;
+
+ private SecretKey adminKey;
+
+ private String decodedEncFileDir;
+
+ private boolean createKeyStore = false;
+
+ private String keyStoreType = defaultKeyStoreType;
+
+ // options
+ public static final String ENC_FILE_DIR = "ENC_FILE_DIR";
+
+ public static final String KEYSTORE_URL = "KEYSTORE_URL";
+
+ public static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
+
+ public static final String KEYSTORE_ALIAS = "KEYSTORE_ALIAS";
+
+ public static final String SALT = "SALT";
+
+ public static final String ITERATION_COUNT = "ITERATION_COUNT";
+
+ public static final String PASS_MASK_PREFIX = "MASK-";
+
+ public static final String PUBLIC_CERT = "PUBLIC_CERT";
+
+ public static final String KEY_SIZE = "KEY_SIZE";
+
+ public static final String CREATE_KEYSTORE = "CREATE_KEYSTORE";
+
+ public static final String KEYSTORE_TYPE = "KEYSTORE_TYPE";
+
+ // backward compatibility constants
+ private static final String ENCODED_FILE = "ENC.dat";
+ private static final String SHARED_KEY_FILE = "Shared.dat";
+ private static final String ADMIN_KEY = "ADMIN_KEY";
+
+ protected static final String VAULT_CONTENT_FILE = "VAULT.dat"; // versioned vault data file
+ protected static final String defaultKeyStoreType = "JCEKS";
+
+ private static final Logger log = Logger.getLogger(PicketBoxSecurityVault.class);
+
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#init(java.util.Map)
+ */
+ public void init(Map<String, Object> options) throws SecurityVaultException
+ {
+ if(options == null || options.isEmpty())
+ throw new IllegalArgumentException("Options map options is null or empty");
+
+ String keystoreURL = (String) options.get(KEYSTORE_URL);
+ if(keystoreURL == null)
+ throw new SecurityVaultException("Option " + KEYSTORE_URL + "is null or empty");
+
+ if (keystoreURL.contains("${")){
+ keystoreURL = keystoreURL.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR); // replace single ":" with PL default
+ }
+ keystoreURL = StringUtil.getSystemPropertyAsString(keystoreURL);
+
+ String maskedPassword = (String) options.get(KEYSTORE_PASSWORD);
+ if(maskedPassword == null)
+ throw new SecurityVaultException("Option " + KEYSTORE_PASSWORD + "is null or empty");
+ if(maskedPassword.startsWith(PASS_MASK_PREFIX) == false)
+ throw new SecurityVaultException("Keystore password is not masked");
+
+ String salt = (String) options.get(SALT);
+ if(salt == null)
+ throw new SecurityVaultException("Option " + SALT + "is null or empty");
+
+ String iterationCountStr = (String) options.get(ITERATION_COUNT);
+ if(iterationCountStr == null)
+ throw new SecurityVaultException("Option " + ITERATION_COUNT + "is null or empty");
+ int iterationCount = Integer.parseInt(iterationCountStr);
+
+ this.alias = (String) options.get(KEYSTORE_ALIAS);
+ if(alias == null)
+ throw new SecurityVaultException("Option " + KEYSTORE_ALIAS + "is null or empty");
+
+ String keySizeStr = (String) options.get(KEY_SIZE);
+ if(keySizeStr != null)
+ {
+ keySize = Integer.parseInt(keySizeStr);
+ }
+
+ String encFileDir = (String) options.get(ENC_FILE_DIR);
+ if(encFileDir == null)
+ throw new SecurityVaultException("Option " + ENC_FILE_DIR + "is null or empty");
+
+
+ createKeyStore = (options.get(CREATE_KEYSTORE) != null ? Boolean.parseBoolean((String) options.get(CREATE_KEYSTORE))
+ : createKeyStore);
+ keyStoreType = (options.get(KEYSTORE_TYPE) != null ? (String) options.get(KEYSTORE_TYPE) : defaultKeyStoreType);
+
+ try {
+ String keystorePass = decode(maskedPassword, salt, iterationCount);
+ keyStorePWD = keystorePass.toCharArray();
+ keystore = getKeyStore(keystoreURL);
+
+ checkAndConvertKeyStoreToJCEKS(keystoreURL);
+
+ } catch (Exception e) {
+ throw new SecurityVaultException(e);
+ }
+
+ // read and possibly convert vault content
+ readVaultContent(keystoreURL, encFileDir);
+
+ log.debug("Default Security Vault Implementation Initialized and Ready");
+ finishedInit = true;
+
+
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#isInitialized()
+ */
+ public boolean isInitialized()
+ {
+ return finishedInit;
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#handshake(java.util.Map)
+ */
+ public byte[] handshake(Map<String, Object> handshakeOptions) throws SecurityVaultException {
+ return new byte[keySize];
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#keyList()
+ */
+ public Set<String> keyList() throws SecurityVaultException {
+ return vaultContent.getVaultDataKeys();
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#store(java.lang.String, java.lang.String, char[], byte[])
+ */
+ public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey)
+ throws SecurityVaultException
+ {
+ if(StringUtil.isNullOrEmpty(vaultBlock))
+ throw new IllegalArgumentException("Argument vaultBlock cannot be null");
+ if(StringUtil.isNullOrEmpty(attributeName))
+ throw new IllegalArgumentException("Argument attributeName cannot be null");
+
+ String av = new String(attributeValue);
+
+ EncryptionUtil util = new EncryptionUtil(encryptionAlgorithm, keySize);
+ try
+ {
+ SecretKeySpec sKeySpec = new SecretKeySpec(adminKey.getEncoded(), encryptionAlgorithm);
+ byte[] encryptedData = util.encrypt(av.getBytes(), sKeySpec);
+ vaultContent.addVaultData(alias, vaultBlock, attributeName, encryptedData);
+ }
+ catch (Exception e1)
+ {
+ throw new SecurityVaultException("Unable to encrypt data", e1);
+ }
+
+ try {
+ writeVaultData();
+ }
+ catch (IOException e) {
+ throw new SecurityVaultException("Unable to write vault data file VAULT_CONTENT_FILE", e);
+ }
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#retrieve(java.lang.String, java.lang.String, byte[])
+ */
+ public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
+ {
+ if(StringUtil.isNullOrEmpty(vaultBlock))
+ throw new IllegalArgumentException("Argument vaultBlock cannot be null");
+ if(StringUtil.isNullOrEmpty(attributeName))
+ throw new IllegalArgumentException("Argument attributeName cannot be null");
+
+ byte[] encryptedValue = vaultContent.getVaultData(alias, vaultBlock, attributeName);
+
+ SecretKeySpec secretKeySpec = new SecretKeySpec(adminKey.getEncoded(), encryptionAlgorithm);
+ EncryptionUtil encUtil = new EncryptionUtil(encryptionAlgorithm, keySize);
+ try
+ {
+ return (new String(encUtil.decrypt(encryptedValue, secretKeySpec))).toCharArray();
+ }
+ catch (Exception e)
+ {
+ throw new SecurityVaultException(e);
+ }
+ }
+
+ /**
+ * @see org.jboss.security.vault.SecurityVault#exists(String, String)
+ */
+ public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException {
+ return vaultContent.getVaultData(alias, vaultBlock, attributeName) != null;
+ }
+
+ /*
+ * @see org.jboss.security.vault.SecurityVault#remove(java.lang.String, java.lang.String, byte[])
+ */
+ public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey)
+ throws SecurityVaultException
+ {
+ try {
+ vaultContent.deleteVaultData(alias, vaultBlock, attributeName);
+ }
+ catch(Exception e) {
+ return false;
+ }
+ return true;
+ }
+
+ private String decode(String maskedString, String salt, int iterationCount) throws Exception
+ {
+ String pbeAlgo = "PBEwithMD5andDES";
+ if (maskedString.startsWith(PASS_MASK_PREFIX))
+ {
+ // Create the PBE secret key
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo);
+
+ char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ maskedString = maskedString.substring(PASS_MASK_PREFIX.length());
+ String decodedValue = PBEUtils.decode64(maskedString, pbeAlgo, cipherKey, cipherSpec);
+
+ maskedString = decodedValue;
+ }
+ return maskedString;
+ }
+
+ private void setUpVault(String keystoreURL, String decodedEncFileDir) throws NoSuchAlgorithmException, IOException
+ {
+ vaultContent = new SecurityVaultData();
+ writeVaultData();
+
+ SecretKey sk = getAdminKey();
+ if (sk != null) {
+ adminKey = sk;
+ }
+ else {
+ // try to generate new admin key and store it under specified alias
+ EncryptionUtil util = new EncryptionUtil(encryptionAlgorithm, keySize);
+ sk = util.generateKey();
+ KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(sk);
+ try {
+ keystore.setEntry(alias, skEntry, new KeyStore.PasswordProtection(keyStorePWD));
+ adminKey = sk;
+ saveKeyStoreToFile(keystoreURL);
+ }
+ catch (KeyStoreException e) {
+ throw new RuntimeException("There is no SecretKey under the alias " + alias +" and the alias is already used to denote diffrent crypto object in the keystore.");
+ }
+ catch (Exception e) {
+ throw new RuntimeException("Unable to store keystore to file " + keystoreURL, e);
+ }
+ }
+ }
+
+ private void writeVaultData() throws IOException
+ {
+ FileOutputStream fos = null;
+ ObjectOutputStream oos = null;
+ try
+ {
+ fos = new FileOutputStream(decodedEncFileDir + VAULT_CONTENT_FILE);
+ oos = new ObjectOutputStream(fos);
+ oos.writeObject(vaultContent);
+ }
+ finally
+ {
+ safeClose(oos);
+ safeClose(fos);
+ }
+ }
+
+ private boolean vaultFileExists(String fileName)
+ {
+ File file = new File(this.decodedEncFileDir + fileName);
+ return file != null && file.exists();
+ }
+
+ private boolean directoryExists(String dir)
+ {
+ File file = new File(dir);
+ return file != null && file.exists();
+ }
+
+ private void safeClose(InputStream fis)
+ {
+ try
+ {
+ if(fis != null)
+ {
+ fis.close();
+ }
+ }
+ catch(Exception e)
+ {}
+ }
+
+ private void safeClose(OutputStream os)
+ {
+ try
+ {
+ if(os != null)
+ {
+ os.close();
+ }
+ }
+ catch(Exception e)
+ {}
+ }
+
+ private void readVaultContent(String keystoreURL, String encFileDir) throws SecurityVaultException {
+
+ try {
+ if (encFileDir.contains("${)")) {
+ encFileDir = encFileDir.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR);
+ }
+ decodedEncFileDir = StringUtil.getSystemPropertyAsString(encFileDir); // replace single ":" with PL default
+
+ if (directoryExists(decodedEncFileDir) == false)
+ throw new SecurityVaultException("File or directory " + decodedEncFileDir + " does not exist");
+
+ if (!(decodedEncFileDir.endsWith("/") || decodedEncFileDir.endsWith("\\"))) {
+ decodedEncFileDir = decodedEncFileDir + File.separator;
+ }
+
+ if (vaultFileExists(ENCODED_FILE)) {
+ if (vaultFileExists(VAULT_CONTENT_FILE)) {
+ log.error("Security Vault contains both covnerted " + VAULT_CONTENT_FILE + " and pre-conversion data " + ENCODED_FILE + ". Try to delete " + decodedEncFileDir + ENCODED_FILE + " file and start over again.");
+ throw new RuntimeException("Security Vault contains both covnerted " + VAULT_CONTENT_FILE + " and pre-conversion data " + ENCODED_FILE + ", failed to load vault");
+ } else {
+ convertVaultContent(keystoreURL, alias);
+ }
+ } else {
+ if (vaultFileExists(VAULT_CONTENT_FILE)) {
+ readVersionedVaultContent();
+ } else {
+ setUpVault(keystoreURL, decodedEncFileDir);
+ }
+ }
+
+ } catch (Exception e) {
+ throw new SecurityVaultException(e);
+ }
+
+ }
+
+ @SuppressWarnings("unchecked")
+ private void convertVaultContent(String keystoreURL, String alias) throws Exception {
+ FileInputStream fis = null;
+ ObjectInputStream ois = null;
+ Map<String, byte[]> theContent;
+
+ try {
+ fis = new FileInputStream(decodedEncFileDir + ENCODED_FILE);
+ ois = new ObjectInputStream(fis);
+ theContent = (Map<String, byte[]>) ois.readObject();
+ } finally {
+ safeClose(fis);
+ safeClose(ois);
+ }
+
+ // create new SecurityVaultData object for transformed vault data
+ vaultContent = new SecurityVaultData();
+
+ adminKey = null;
+ for (String key: theContent.keySet()) {
+ if (key.equals(ADMIN_KEY)) {
+ byte[] admin_key = theContent.get(key);
+ adminKey = new SecretKeySpec(admin_key, encryptionAlgorithm);
+ }
+ else {
+ if (key.contains("_")) {
+ StringTokenizer tokenizer = new StringTokenizer(key, "_");
+ String vaultBlock = tokenizer.nextToken();
+ String attributeName = tokenizer.nextToken();
+ if (tokenizer.hasMoreTokens()) {
+ attributeName = key.substring(vaultBlock.length() + 1);
+ log.info("Ambiguos vault block and attribute name stored in original security vault. Delimiter _ is part of vault block or attribute name. Took the first delimiter. Result vault block " + vaultBlock + " attribute name " + attributeName + ". Modify security vault manually.");
+ }
+ byte[] encodedAttributeValue = theContent.get(key);
+ vaultContent.addVaultData(alias, vaultBlock, attributeName, encodedAttributeValue);
+ }
+ }
+ }
+ if (adminKey == null) {
+ throw new RuntimeException("Security Vault conversion unsuccessful missing admin key in original vault data");
+ }
+
+ // add secret key (admin_key) to keystore
+ KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(adminKey);
+ KeyStore.PasswordProtection p = new KeyStore.PasswordProtection(keyStorePWD);
+ Entry e = keystore.getEntry(alias, p);
+ if (e != null) {
+ // rename the old entry
+ String originalAlias = alias + "-original";
+ keystore.setEntry(originalAlias, e, p);
+ keystore.deleteEntry(alias);
+ }
+ keystore.setEntry(alias, skEntry, new KeyStore.PasswordProtection(keyStorePWD));
+
+ // save the current keystore
+ saveKeyStoreToFile(keystoreURL);
+
+ // backup original vault file (shared key file cannot be saved for obvious reasons
+ copyFile(new File(decodedEncFileDir + ENCODED_FILE), new File(decodedEncFileDir + ENCODED_FILE + ".original"));
+
+ // save vault data file
+ writeVaultData();
+
+ // delete original vault files
+ File f = new File(decodedEncFileDir + ENCODED_FILE);
+ if (!f.delete()) {
+ log.warn("Cannot delete original security vault file " + f.getCanonicalPath() + ". Delete the file manually before next start, please.");
+ }
+ f = new File(decodedEncFileDir + SHARED_KEY_FILE);
+ if (!f.delete()) {
+ log.warn("Cannot delete original security vault file " + f.getCanonicalPath() + ". Delete the file manually before next start, please.");
+ }
+
+ }
+
+ private void saveKeyStoreToFile(String keystoreURL) throws Exception {
+ keystore.store(new FileOutputStream(new File(keystoreURL)), keyStorePWD);
+ }
+
+ private void checkAndConvertKeyStoreToJCEKS(String keystoreURL) throws Exception {
+ if (keystore.getType().equalsIgnoreCase("JKS")) {
+
+ // backup original keystore file
+ copyFile(new File(keystoreURL), new File(keystoreURL + ".original"));
+
+ KeyStore jceks = KeyStoreUtil.createKeyStore("JCEKS", keyStorePWD);
+
+ Enumeration<String> aliases = keystore.aliases();
+ while (aliases.hasMoreElements()) {
+ String entryAlias = aliases.nextElement();
+ KeyStore.PasswordProtection p = new KeyStore.PasswordProtection(keyStorePWD);
+ KeyStore.Entry e = keystore.getEntry(entryAlias, p);
+ jceks.setEntry(entryAlias, e, p);
+ }
+ keystore = jceks;
+ keyStoreType = "JCEKS"; // after conversion we have to change keyStoreType to the one we really have
+ saveKeyStoreToFile(keystoreURL);
+ log.info("Security Vault key store successfuly converted to JCEKS type " + KEYSTORE_URL + ". From now on use JCEKS as KEYSTORE_TYPE in Security Vault configuration.");
+ }
+ }
+
+
+
+ private void readVersionedVaultContent() throws Exception {
+ FileInputStream fis = null;
+ ObjectInputStream ois = null;
+ try {
+ fis = new FileInputStream(decodedEncFileDir + VAULT_CONTENT_FILE);
+ ois = new ObjectInputStream(fis);
+ vaultContent = (SecurityVaultData) ois.readObject();
+ } finally {
+ safeClose(fis);
+ safeClose(ois);
+ }
+
+ adminKey = getAdminKey();
+ if (adminKey == null) {
+ throw new RuntimeException("Security Vault does not contain SecretKey entry under alias " + alias);
+ }
+ }
+
+ /**
+ * Returns SecretKey stored in defined keystore under defined alias.
+ * If no such SecretKey exists returns null.
+ * @return
+ */
+ private SecretKey getAdminKey() {
+ try {
+ Entry e = keystore.getEntry(alias, new KeyStore.PasswordProtection(keyStorePWD));
+ if (e instanceof KeyStore.SecretKeyEntry) {
+ return ((KeyStore.SecretKeyEntry)e).getSecretKey();
+ }
+ }
+ catch (Exception e) {
+ log.info("Security Vault does not contain SecretKey entry under alias " + alias);
+ return null;
+ }
+ return null;
+ }
+
+ /**
+ * Copy file method.
+ *
+ * @param sourceFile
+ * @param destFile
+ * @throws IOException
+ */
+ public static void copyFile(File sourceFile, File destFile) throws IOException {
+ if (!destFile.exists()) {
+ destFile.createNewFile();
+ }
+ FileInputStream fIn = null;
+ FileOutputStream fOut = null;
+ FileChannel source = null;
+ FileChannel destination = null;
+ try {
+ fIn = new FileInputStream(sourceFile);
+ source = fIn.getChannel();
+ fOut = new FileOutputStream(destFile);
+ destination = fOut.getChannel();
+ long transfered = 0;
+ long bytes = source.size();
+ while (transfered < bytes) {
+ transfered += destination.transferFrom(source, 0, source.size());
+ destination.position(transfered);
+ }
+ } finally {
+ if (source != null) {
+ source.close();
+ } else if (fIn != null) {
+ fIn.close();
+ }
+ if (destination != null) {
+ destination.close();
+ } else if (fOut != null) {
+ fOut.close();
+ }
+ }
+ }
+
+ /**
+ * Get key store based on options passed to PicketBoxSecurityVault.
+ * @return
+ */
+ private KeyStore getKeyStore(String keystoreURL) {
+
+ try {
+ return KeyStoreUtil.getKeyStore(keyStoreType, keystoreURL, keyStorePWD);
+ }
+ catch (IOException e) {
+ // deliberately empty
+ }
+ catch (GeneralSecurityException e) {
+ throw new RuntimeException("Unable to get keystore " + keystoreURL, e);
+ }
+
+ try {
+ if (createKeyStore) {
+ return KeyStoreUtil.createKeyStore(keyStoreType, keyStorePWD);
+ }
+ }
+ catch (Throwable e) {
+ throw new RuntimeException("Unable to get keystore " + keystoreURL, e);
+ }
+
+ return null;
+ }
+
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/SecurityVaultData.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/SecurityVaultData.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/plugins/vault/SecurityVaultData.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,153 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.security.plugins.vault;
+
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.io.Serializable;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.util.StringUtil;
+
+/**
+ * Security vault data store with version serialized data storage.
+ *
+ * @author Peter Skopek (pskopek_at_redhat_dot_com)
+ *
+ */
+public class SecurityVaultData implements Serializable {
+
+ /**
+ * Do not change this suid, it is used for handling different versions of serialized data.
+ */
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Version to denote actual version of SecurityVaultData object.
+ */
+ private static final int VERSION = 1;
+
+ private transient Map<String, byte[]> vaultData = new ConcurrentHashMap<String,byte[]>();
+
+ private static final Logger log = Logger.getLogger(SecurityVaultData.class);
+
+ /**
+ * Default constructor.
+ */
+ public SecurityVaultData() {
+ }
+
+ /**
+ * Writes object to the ObjectOutputSteream.
+ *
+ * @param oos
+ * @throws IOException
+ */
+ private void writeObject(ObjectOutputStream oos) throws IOException {
+ oos.writeObject(new Integer(VERSION));
+ oos.writeObject(vaultData);
+ }
+
+ /**
+ * Reads object from the ObjectInputStream. This method needs to be changed when implementing
+ * changes in data and {@link VERSION} is changed.
+ *
+ * @param ois
+ * @throws IOException
+ * @throws ClassNotFoundException
+ */
+ @SuppressWarnings("unchecked")
+ private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
+ int version = (Integer) ois.readObject();
+
+ if (log.isDebugEnabled()) {
+ log.debug("Reading security vault data version " + String.valueOf(version) + " target version is " + String.valueOf(VERSION));
+ }
+
+ if (version == 1) {
+ this.vaultData = (Map<String, byte[]>)ois.readObject();
+ }
+ else {
+ throw new RuntimeException("Unrecognized security vault content version " + String.valueOf(version) + ", expecting (from 1 to " + String.valueOf(VERSION));
+ }
+ }
+
+ /**
+ * Retrieves the data stored in vault storage.
+ *
+ * @param keyAlias - currently not used (for possible future extension)
+ * @param vaultBlock
+ * @param attributeName
+ * @return
+ */
+ byte[] getVaultData(String keyAlias, String vaultBlock, String attributeName) {
+ return vaultData.get(dataKey(keyAlias, vaultBlock, attributeName));
+ }
+
+ /**
+ *
+ * @param keyAlias
+ * @param vaultBlock
+ * @param attributeName
+ * @param encryptedData
+ */
+ void addVaultData(String keyAlias, String vaultBlock, String attributeName, byte[] encryptedData) {
+ vaultData.put(dataKey(keyAlias, vaultBlock, attributeName), encryptedData);
+ }
+
+ /**
+ *
+ * @param keyAlias
+ * @param vaultBlock
+ * @param attributeName
+ */
+ void deleteVaultData(String keyAlias, String vaultBlock, String attributeName) {
+ vaultData.remove(dataKey(keyAlias, vaultBlock, attributeName));
+ }
+
+ /**
+ * Returns mapping keys for all stored data.
+ * @return
+ */
+ Set<String> getVaultDataKeys() {
+ return vaultData.keySet();
+ }
+
+ /**
+ * Creates new format for data key in vault. All parameters has to be non-null.
+ *
+ * @param keyAlias - currently not used (for possible future extension)
+ * @param vaultBlock
+ * @param attributeName
+ * @param alias
+ * @return
+ */
+ private static String dataKey(String keyAlias, String vaultBlock, String attributeName) {
+ return vaultBlock + StringUtil.PROPERTY_DEFAULT_SEPARATOR + attributeName;
+ }
+
+}
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/EncryptionUtil.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/EncryptionUtil.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/EncryptionUtil.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,138 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.util;
+
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.PublicKey;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
+/**
+ * Encryption/Decryption utility
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class EncryptionUtil
+{
+ private String encryptionAlgorithm;
+ private int keySize;
+
+ public EncryptionUtil(String encryptionAlgorithm, int keySize)
+ {
+ this.encryptionAlgorithm = encryptionAlgorithm;
+ this.keySize = keySize;
+ }
+
+ public SecretKey generateKey() throws NoSuchAlgorithmException
+ {
+ KeyGenerator kgen = KeyGenerator.getInstance(encryptionAlgorithm);
+ kgen.init(keySize);
+ SecretKey key = kgen.generateKey();
+ return key;
+ }
+
+ public byte[] encrypt(byte[] data, PublicKey publicKey, SecretKey key) throws Exception
+ {
+ // Get the KeyGenerator
+ KeyGenerator kgen = KeyGenerator.getInstance(this.encryptionAlgorithm);
+ kgen.init(keySize);
+
+ byte[] publicKeyEncoded = publicKey.getEncoded();
+
+ SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), encryptionAlgorithm);
+
+
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
+
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+
+ byte[] encrypted =
+ cipher.doFinal( data);
+ return encrypted;
+ }
+
+ public byte[] decrypt(byte[] encryptedData, KeyPair keypair, SecretKeySpec keySpec ) throws Exception
+ {
+ // Get the KeyGenerator
+ KeyGenerator kgen = KeyGenerator.getInstance(this.encryptionAlgorithm);
+ kgen.init(keySize);
+
+ byte[] publicKeyEncoded = keypair.getPrivate().getEncoded();
+
+
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
+
+ cipher.init(Cipher.DECRYPT_MODE, keySpec);
+ byte[] original = cipher.doFinal(encryptedData);
+ return original;
+ }
+
+ public byte[] decrypt(byte[] encryptedData, KeyPair keypair, SecretKey key ) throws Exception
+ {
+ // Get the KeyGenerator
+ KeyGenerator kgen = KeyGenerator.getInstance(this.encryptionAlgorithm);
+ kgen.init(keySize);
+
+ byte[] publicKeyEncoded = keypair.getPrivate().getEncoded();
+
+ SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), encryptionAlgorithm);
+
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
+
+ cipher.init(Cipher.DECRYPT_MODE, skeySpec);
+ byte[] original = cipher.doFinal(encryptedData);
+ return original;
+ }
+
+ public byte[] encrypt(byte[] data, SecretKey key) throws Exception
+ {
+ SecretKeySpec skeySpec = new SecretKeySpec(key.getEncoded(), encryptionAlgorithm);
+
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
+
+ cipher.init(Cipher.ENCRYPT_MODE, skeySpec);
+
+ byte[] encrypted =
+ cipher.doFinal( data);
+ return encrypted;
+ }
+
+ public byte[] decrypt(byte[] encryptedData, SecretKeySpec keySpec ) throws Exception
+ {
+
+ // Instantiate the cipher
+ Cipher cipher = Cipher.getInstance(encryptionAlgorithm);
+
+ cipher.init(Cipher.DECRYPT_MODE, keySpec);
+ byte[] original = cipher.doFinal(encryptedData);
+ return original;
+ }
+
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/KeyStoreUtil.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/KeyStoreUtil.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/KeyStoreUtil.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,359 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+
+/**
+ * Utility to handle Java Keystore
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @author Peter Skopek (pskopek_at_redhat_dot_com)
+ * @since Jan 12, 2009
+ */
+public class KeyStoreUtil
+{
+ /**
+ * Get the KeyStore
+ * @param keyStoreFile
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(File keyStoreFile, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ return getKeyStore(KeyStore.getDefaultType(), keyStoreFile, storePass);
+ }
+
+ /**
+ * Get the Keystore given the url to the keystore file as a string
+ * @param fileURL
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ return getKeyStore(KeyStore.getDefaultType(), fileURL, storePass);
+ }
+
+ /**
+ * Get the Keystore given the URL to the keystore
+ * @param url
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ return getKeyStore(KeyStore.getDefaultType(), url, storePass);
+ }
+
+ /**
+ * Get the Key Store
+ * <b>Note:</b> This method wants the InputStream to be not null.
+ * @param ksStream
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ * @throws IllegalArgumentException if ksStream is null
+ */
+ public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException,
+ IOException
+ {
+ return getKeyStore(KeyStore.getDefaultType(), ksStream, storePass);
+ }
+
+ /**
+ * Get the KeyStore
+ * @param keyStoreType or null for default
+ * @param keyStoreFile
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String keyStoreType, File keyStoreFile, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ FileInputStream fis = null;
+ try
+ {
+ fis = new FileInputStream(keyStoreFile);
+ return getKeyStore(keyStoreType, fis, storePass);
+ }
+ finally
+ {
+ safeClose(fis);
+ }
+ }
+
+ /**
+ * Get the Keystore given the url to the keystore file as a string
+ * @param keyStoreType or null for default
+ * @param fileURL
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String keyStoreType, String fileURL, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if (fileURL == null)
+ throw new IllegalArgumentException("Argument fileURL cannot be null");
+
+ File file = new File(fileURL);
+ FileInputStream fis = null;
+ try
+ {
+ fis = new FileInputStream(file);
+ return getKeyStore(keyStoreType, fis, storePass);
+ }
+ finally
+ {
+ safeClose(fis);
+ }
+ }
+
+ /**
+ * Get the Keystore given the URL to the keystore
+ * @param keyStoreType or null for default
+ * @param url
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String keyStoreType, URL url, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if (url == null)
+ throw new IllegalArgumentException("Argument url cannot be null");
+
+ InputStream is = null;
+ try
+ {
+ is = url.openStream();
+ return getKeyStore(keyStoreType, is, storePass);
+ }
+ finally
+ {
+ safeClose(is);
+ }
+ }
+
+ /**
+ * Get the Key Store
+ * <b>Note:</b> This method wants the InputStream to be not null.
+ * @param keyStoreType or null for default
+ * @param ksStream
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ * @throws IllegalArgumentException if ksStream is null
+ */
+ public static KeyStore getKeyStore(String keyStoreType, InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if (ksStream == null)
+ throw new IllegalArgumentException("Argument ksStream cannot be null");
+ KeyStore ks = KeyStore.getInstance((keyStoreType == null ? KeyStore.getDefaultType() : keyStoreType));
+ ks.load(ksStream, storePass);
+ return ks;
+ }
+
+ /**
+ * Generate a Key Pair
+ * @param algo (RSA, DSA etc)
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException
+ {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
+ return kpg.genKeyPair();
+ }
+
+ /**
+ * Get the Public Key from the keystore
+ * @param ks
+ * @param alias
+ * @param password
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws KeyStoreException,
+ NoSuchAlgorithmException, GeneralSecurityException
+ {
+ PublicKey publicKey = null;
+
+ // Get private key
+ Key key = ks.getKey(alias, password);
+ if (key instanceof PrivateKey)
+ {
+ // Get certificate of public key
+ Certificate cert = ks.getCertificate(alias);
+
+ // Get public key
+ publicKey = cert.getPublicKey();
+ }
+ // if alias is a certificate alias, get the public key from the certificate.
+ if (publicKey == null)
+ {
+ Certificate cert = ks.getCertificate(alias);
+ if (cert != null)
+ publicKey = cert.getPublicKey();
+ }
+ return publicKey;
+ }
+
+ /**
+ * Add a certificate to the KeyStore
+ * @param keystoreFile
+ * @param storePass
+ * @param alias
+ * @param cert
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static void addCertificate(File keystoreFile, char[] storePass, String alias, Certificate cert)
+ throws GeneralSecurityException, IOException
+ {
+ addCertificate(KeyStore.getDefaultType(), keystoreFile, storePass, alias, cert);
+ }
+
+ /**
+ * Add a certificate to the KeyStore
+ * @param keystoreFile
+ * @param storePass
+ * @param alias
+ * @param cert
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static void addCertificate(String keyStoreType, File keystoreFile, char[] storePass, String alias, Certificate cert)
+ throws GeneralSecurityException, IOException
+ {
+ KeyStore keystore = getKeyStore(keyStoreType, keystoreFile, storePass);
+
+ // Add the certificate
+ keystore.setCertificateEntry(alias, cert);
+
+ // Save the new keystore contents
+ FileOutputStream out = null;
+ try
+ {
+ out = new FileOutputStream(keystoreFile);
+ keystore.store(out, storePass);
+ out.close();
+ }
+ finally
+ {
+ safeClose(out);
+ }
+ }
+
+ /**
+ * Get the key pair from the keystore
+ * @param keystore
+ * @param alias
+ * @param password
+ * @return
+ * @throws Exception
+ */
+ public static KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) throws Exception
+ {
+ // Get private key
+ Key key = keystore.getKey(alias, password);
+ if (key instanceof PrivateKey)
+ {
+ // Get certificate of public key
+ java.security.cert.Certificate cert = keystore.getCertificate(alias);
+
+ // Get public key
+ PublicKey publicKey = cert.getPublicKey();
+
+ // Return a key pair
+ return new KeyPair(publicKey, (PrivateKey)key);
+ }
+ return null;
+ }
+
+ /**
+ * Create new empty keystore with specified keyStoreType and keyStorePWD
+ * @param keyStoreType - key store type
+ * @param keyStorePWD - key store password
+ * @return
+ * @throws Exception
+ */
+ public static KeyStore createKeyStore(String keyStoreType, char[] keyStorePWD) throws Exception {
+ KeyStore ks = KeyStore.getInstance(keyStoreType);
+ ks.load(null, keyStorePWD);
+ return ks;
+ }
+
+
+ private static void safeClose(InputStream fis)
+ {
+ try
+ {
+ if(fis != null)
+ {
+ fis.close();
+ }
+ }
+ catch(Exception e)
+ {}
+ }
+
+ private static void safeClose(OutputStream os)
+ {
+ try
+ {
+ if(os != null)
+ {
+ os.close();
+ }
+ }
+ catch(Exception e)
+ {}
+ }
+
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/SecurityActions.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/SecurityActions.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/SecurityActions.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,134 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.util;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ static Class<?> loadClass(final Class<?> theClass, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ ClassLoader classLoader = theClass.getClassLoader();
+
+ Class<?> clazz = loadClass(classLoader, fqn);
+ if (clazz == null)
+ {
+ classLoader = Thread.currentThread().getContextClassLoader();
+ clazz = loadClass(classLoader, fqn);
+ }
+ return clazz;
+ }
+ });
+ }
+
+ static Class<?> loadClass(final ClassLoader cl, final String fqn)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>()
+ {
+ public Class<?> run()
+ {
+ try
+ {
+ return cl.loadClass(fqn);
+ }
+ catch (ClassNotFoundException e)
+ {
+ }
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Set the system property
+ * @param key
+ * @param value
+ * @return
+ */
+ static void setSystemProperty(final String key, final String value)
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty(key, value);
+ return null;
+ }
+ });
+ }
+
+ /**
+ * Get the system property
+ * @param key
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run()
+ {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+
+ /**
+ * Load a resource based on the passed {@link Class} classloader.
+ * Failing which try with the Thread Context CL
+ * @param clazz
+ * @param resourceName
+ * @return
+ */
+ static URL loadResource(final Class<?> clazz, final String resourceName)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>()
+ {
+ public URL run()
+ {
+ URL url = null;
+ ClassLoader clazzLoader = clazz.getClassLoader();
+ url = clazzLoader.getResource(resourceName);
+
+ if (url == null)
+ {
+ clazzLoader = Thread.currentThread().getContextClassLoader();
+ url = clazzLoader.getResource(resourceName);
+ }
+
+ return url;
+ }
+ });
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/StringUtil.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/StringUtil.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/main/java/org/jboss/security/util/StringUtil.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,182 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.util;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.StringTokenizer;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.jboss.security.plugins.PBEUtils;
+
+/**
+ * Utility dealing with Strings
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 21, 2009
+ */
+public class StringUtil
+{
+ public static final String PROPERTY_DEFAULT_SEPARATOR = "::";
+
+ /**
+ * Check whether the passed string is null or empty
+ * @param str
+ * @return
+ */
+ public static boolean isNotNull(String str)
+ {
+ return str != null && !"".equals(str.trim());
+ }
+
+ /**
+ * Check whether the string is null or empty
+ * @param str
+ * @return
+ */
+ public static boolean isNullOrEmpty(String str)
+ {
+ return str == null || str.isEmpty();
+ }
+
+ /**
+ * <p>
+ * Get the system property value if the string is of the format ${sysproperty}
+ * </p>
+ * <p>
+ * You can insert default value when the system property is not set, by
+ * separating it at the beginning with ::
+ * </p>
+ * <p>
+ * <b>Examples:</b>
+ * </p>
+ *
+ * <p>
+ * ${idp} should resolve to a value if the system property "idp" is set.
+ * </p>
+ * <p>
+ * ${idp::http://localhost:8080} will resolve to http://localhost:8080 if the system property "idp" is not set.
+ * </p>
+ * @param str
+ * @return
+ */
+ public static String getSystemPropertyAsString(String str)
+ {
+ if (str == null)
+ throw new IllegalArgumentException("Argument str cannot be null");
+ if (str.contains("${"))
+ {
+ Pattern pattern = Pattern.compile("\\$\\{([^}]+)}");
+ Matcher matcher = pattern.matcher(str);
+
+ StringBuffer buffer = new StringBuffer();
+ String sysPropertyValue = null;
+
+ while (matcher.find())
+ {
+ String subString = matcher.group(1);
+ String defaultValue = "";
+
+ //Look for default value
+ if (subString.contains(StringUtil.PROPERTY_DEFAULT_SEPARATOR))
+ {
+ int index = subString.indexOf(StringUtil.PROPERTY_DEFAULT_SEPARATOR);
+ defaultValue = subString.substring(index + StringUtil.PROPERTY_DEFAULT_SEPARATOR.length());
+ subString = subString.substring(0, index);
+ }
+ sysPropertyValue = SecurityActions.getSystemProperty(subString, defaultValue);
+ if (sysPropertyValue.isEmpty())
+ {
+ throw new IllegalArgumentException("The specified system property " + matcher.group(1) + " is missing");
+ }
+ // in case of backslash on Win replace with double backslash
+ matcher.appendReplacement(buffer, sysPropertyValue.replace("\\", "\\\\"));
+ }
+
+ matcher.appendTail(buffer);
+ str = buffer.toString();
+ }
+ return str;
+ }
+
+ /**
+ * Match two strings else throw a {@link RuntimeException}
+ * @param first
+ * @param second
+ */
+ public static void match(String first, String second)
+ {
+ if (first.equals(second) == false)
+ throw new RuntimeException("Failed to match " + first + " and " + second);
+ }
+
+ /**
+ * Given a comma separated string, get the tokens as a {@link List}
+ * @param str
+ * @return
+ */
+ public static List<String> tokenize(String str)
+ {
+ List<String> list = new ArrayList<String>();
+ StringTokenizer tokenizer = new StringTokenizer(str, ",");
+ while (tokenizer.hasMoreTokens())
+ {
+ list.add(tokenizer.nextToken());
+ }
+ return list;
+ }
+
+ /**
+ * Given a masked password {@link String}, decode it
+ * @param maskedString a password string that is masked
+ * @param salt Salt
+ * @param iterationCount Iteration Count
+ * @return Decoded String
+ * @throws Exception
+ */
+ public static String decode(String maskedString, String salt, int iterationCount) throws Exception
+ {
+ String PASS_MASK_PREFIX = "MASK-";
+ String pbeAlgo = "PBEwithMD5andDES";
+ if (maskedString.startsWith(PASS_MASK_PREFIX))
+ {
+ // Create the PBE secret key
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo);
+
+ char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ maskedString = maskedString.substring(PASS_MASK_PREFIX.length());
+ String decodedValue = PBEUtils.decode64(maskedString, pbeAlgo, cipherKey, cipherSpec);
+
+ maskedString = decodedValue;
+ }
+ return maskedString;
+ }
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/EncryptionUtilUnitTestCase.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,72 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.vault;
+
+//import static org.junit.Assert.assertEquals;
+//import static org.junit.Assert.assertNotNull;
+import junit.framework.TestCase;
+
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PublicKey;
+
+import javax.crypto.SecretKey;
+
+//import org.junit.Test;
+import org.jboss.security.util.EncryptionUtil;
+import org.jboss.security.util.KeyStoreUtil;
+
+/**
+ * Unit test {@link EncryptionUtil}
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class EncryptionUtilUnitTestCase extends TestCase
+{
+ String keyStoreURL = "target/vaults/vault-enc/vault.jks";
+ String keyStorePass = "vault22";
+ String alias = "vault";
+
+ public void testEncryptDecrypt() throws Exception
+ {
+ SecurityVaultUnitTestCase.setInitialVaulConditions(
+ "src/test/resources/keystore/vault.jks", "target/vaults/vault-enc/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault-enc/vault_data");
+
+
+ KeyStore ks = KeyStoreUtil.getKeyStore(keyStoreURL, keyStorePass.toCharArray());
+ assertNotNull(ks);
+ EncryptionUtil encUtil = new EncryptionUtil("AES", 128);
+
+ PublicKey publicKey = KeyStoreUtil.getPublicKey(ks, "vault", keyStorePass.toCharArray());
+ assertNotNull(publicKey);
+
+ SecretKey secretKey = encUtil.generateKey();
+
+ byte[] encryptedData = encUtil.encrypt(keyStorePass.getBytes(), publicKey, secretKey);
+
+ KeyPair keypair = KeyStoreUtil.getPrivateKey(ks, alias, keyStorePass.toCharArray());
+ byte[] decryptedData = encUtil.decrypt(encryptedData, keypair, secretKey);
+ assertEquals(keyStorePass, new String(decryptedData));
+ }
+
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/java/org/jboss/test/security/vault/SecurityVaultUnitTestCase.java 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,481 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.vault;
+
+import junit.framework.TestCase;
+
+import org.jboss.security.plugins.PBEUtils;
+import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultFactory;
+import org.jboss.security.vault.SecurityVaultUtil;
+import org.jboss.security.plugins.vault.PicketBoxSecurityVault;
+import org.jboss.test.SecurityActions;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.nio.channels.FileChannel;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.HashMap;
+import java.util.Map;
+
+
+/**
+ * Unit Test the {@link SecurityVault} Implementation
+ *
+ * Note: replacement-vault.keystore has been created using:
+ * keytool -genkey -alias mykey -keystore replacement-vault.keystore -keyalg RSA -keysize 1024 -storepass supersecret11 -keypass supersecret11 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Aug 12, 2011
+ */
+public class SecurityVaultUnitTestCase extends TestCase
+{
+ //String dataDir = "${java.io.tmpdir}/enc/";
+
+ public void testDefaultVault() throws Exception
+ {
+ SecurityVault vault = SecurityVaultFactory.get();
+ assertNotNull(vault);
+ assertTrue(vault instanceof PicketBoxSecurityVault);
+ assertFalse(vault.isInitialized());
+ }
+
+ public void testHandshake() throws Exception
+ {
+
+ setInitialVaulConditions("src/test/resources/keystore/vault.jks", "target/vaults/vault1/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault1/vault_data");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/vault1/vault.jks",
+ "target/vaults/vault1/vault_data",
+ "vault", "12438567", 50, "vault22");
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ Map<String,Object> handshakeOptions = new HashMap<String,Object>();
+ handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT,"vault");
+
+ byte[] sharedKey = vault.handshake(handshakeOptions);
+ assertNotNull(sharedKey);
+ }
+
+ public void testHandshakeAnConversionForLongAlias() throws Exception
+ {
+ setInitialVaulConditions("src/test/resources/long_alias_keystore/vault.jks", "target/vaults/long_alias_keystore/vault.jks",
+ "src/test/resources/long_alias_keystore/vault_data", "target/vaults/long_alias_keystore/vault_data");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/long_alias_keystore/vault.jks",
+ "target/vaults/long_alias_keystore/vault_data",
+ "superverylongvaultname", "87654321", 23, "password1234");
+
+ vault.init(options);
+ assertTrue("Vault is supposed to be inicialized", vault.isInitialized());
+
+ Map<String,Object> handshakeOptions = new HashMap<String,Object>();
+ byte[] sharedKey = vault.handshake(handshakeOptions);
+ assertNotNull(sharedKey);
+
+ // not relevant anymore, but leaving it as is
+ boolean containsLineBreaks = false;
+ for (byte b: sharedKey) {
+ if (b == '\n') {
+ containsLineBreaks = true;
+ break;
+ }
+ }
+ assertFalse("Shared key returned from hadshake cannot contain line break character", containsLineBreaks);
+ }
+
+ public void testStoreAndRetrieve() throws Exception
+ {
+
+ setInitialVaulConditions("src/test/resources/keystore/vault.jks", "target/vaults/vault2/vault.jks",
+ "src/test/resources/keystore/vault_data", "target/vaults/vault2/vault_data");
+
+ Map<String,Object> options = getVaultOptionsMap(
+ "target/vaults/vault2/vault.jks",
+ "target/vaults/vault2/vault_data",
+ "vault", "12438567", 50, "vault22");
+
+ String vaultBlock = "SecBean";
+ String attributeName = "theAttribute";
+
+ char[] attributeValue = "someValue".toCharArray();
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ Map<String,Object> handshakeOptions = new HashMap<String,Object>();
+
+ byte[] sharedKey = vault.handshake(handshakeOptions);
+ assertNotNull(sharedKey);
+
+ vault.store(vaultBlock, attributeName, attributeValue , sharedKey);
+
+ assertTrue(vault.exists(vaultBlock, attributeName));
+ //Now retrieve
+ assertEquals(new String(attributeValue), new String(vault.retrieve(vaultBlock, attributeName, sharedKey)));
+
+ vault.store(vaultBlock+"1", attributeName+"2", attributeValue , sharedKey);
+ assertEquals(new String(attributeValue), new String(vault.retrieve(vaultBlock+"1", attributeName+"2", sharedKey)));
+
+ System.out.println("Currently storing:" + vault.keyList());
+
+ assertTrue(vault.remove(vaultBlock+"1", attributeName+"2", sharedKey));
+ assertFalse(vault.exists(vaultBlock+"1", attributeName+"2"));
+ }
+
+ /**
+ * See src/test/resources/vault-v0/readme.txt for initial vault setup (including secured attributes).
+ * @throws Exception
+ */
+ public void testConversion() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v0/vault-jks.keystore", "target/vaults/vault-v0/vault-jks.keystore",
+ "src/test/resources/vault-v0/vault_data", "target/vaults/vault-v0/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v0/vault-jks.keystore",
+ "target/vaults/vault-v0/vault_data",
+ "thealias", "24681359", 88, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+
+ // init should do the automatic conversion
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ byte[] sharedKey = vault.handshake(null);
+ assertNotNull(sharedKey);
+
+ // let's try to check if the converted vault contains all secret attributes from initial vault
+ assertSecretValue(vault, "vb", "attr1", "pwd1");
+ assertSecretValue(vault, "vb", "attr2", "pwd2");
+ assertSecretValue(vault, "vb1", "attr1", "pwd3");
+ assertSecretValue(vault, "vb2", "attr2", "pwd4");
+ assertSecretValue(vault, "vb2", "attr3", "pwd5");
+ assertSecretValue(vault, "vb", "attr3", "pwd6");
+
+
+ // get new instance of vault to simulate restart of application server
+ SecurityVault convertedVault = getNewSecurityVaultInstance();
+ assertFalse(convertedVault.isInitialized());
+ convertedVault.init(options);
+ assertTrue(convertedVault.isInitialized());
+
+ convertedVault.handshake(null);
+
+ // now try the same attributes on converted vault after restart
+ assertSecretValue(convertedVault, "vb", "attr1", "pwd1");
+ assertSecretValue(convertedVault, "vb", "attr2", "pwd2");
+ assertSecretValue(convertedVault, "vb1", "attr1", "pwd3");
+ assertSecretValue(convertedVault, "vb2", "attr2", "pwd4");
+ assertSecretValue(convertedVault, "vb2", "attr3", "pwd5");
+ assertSecretValue(convertedVault, "vb", "attr3", "pwd6");
+
+ }
+
+ public void testVault_V1_open_retrieve() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-jceks.keystore", "target/vaults/vault-v1/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1/vault-jceks.keystore",
+ "target/vaults/vault-v1/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if proper values are stored in the vault
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+
+ }
+
+ public void testVault_V1_open_wrong_alias() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-jceks.keystore", "target/vaults/vault-v1-wrong/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1-wrong/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1-wrong/vault-jceks.keystore",
+ "target/vaults/vault-v1-wrong/vault_data",
+ "thewrongalias", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+ try{
+ vault.init(options);
+ fail("Expected SecurityVaultException");
+ }
+ catch(SecurityVaultException e){
+ //expected SecurityVaultException
+ }
+ }
+
+ public void testVaultWithReplacedKeystore() throws Exception {
+
+ setInitialVaulConditions("src/test/resources/vault-v1/vault-replacement-jceks.keystore", "target/vaults/vault-v1/vault-jceks.keystore",
+ "src/test/resources/vault-v1/vault_data", "target/vaults/vault-v1/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1/vault-jceks.keystore",
+ "target/vaults/vault-v1/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if the converted vault contains all secret attributes from initial vault
+ try{
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ fail("Expected SecurityVaultException");
+ }catch(SecurityVaultException e){
+ //expected SecurityVaultException
+ }
+ try{
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+ fail("Expected SecurityVaultException");
+ }catch(SecurityVaultException e){
+ //expected SecurityVaultException
+ }
+ }
+
+ public void testMoreSecretKeys() throws Exception {
+ setInitialVaulConditions("src/test/resources/vault-v1-more/vault-jceks.keystore", "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "src/test/resources/vault-v1-more/vault_data", "target/vaults/vault-v1-more/vault_data");
+
+ final Map<String, Object> options = getVaultOptionsMap(
+ "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "target/vaults/vault-v1-more/vault_data",
+ "test", "12345678", 34, "secretsecret");
+
+ SecurityVault vault = getNewSecurityVaultInstance();
+ assertFalse(vault.isInitialized());
+
+ vault.init(options);
+ assertTrue(vault.isInitialized());
+
+ vault.handshake(null);
+
+ // let's try to check if proper values are stored in the vault
+ assertSecretValue(vault, "vb1", "attr11", "secret11");
+ assertSecretValue(vault, "vb1", "attr12", "secret12");
+
+ final Map<String, Object> options2 = getVaultOptionsMap(
+ "target/vaults/vault-v1-more/vault-jceks.keystore",
+ "target/vaults/vault-v1-more/vault_data",
+ "test2", "12345678", 34, "secretsecret");
+
+ SecurityVault vault2 = getNewSecurityVaultInstance();
+ assertFalse(vault2.isInitialized());
+
+ vault2.init(options2);
+ assertTrue(vault2.isInitialized());
+
+ vault2.handshake(null);
+
+ // let's try to check different alias can retrieve proper attribute
+ assertSecretValue(vault2, "vb1", "attr13", "secret13");
+
+ try {
+ assertSecretValue(vault2, "vb1", "attr11", "secret11");
+ fail("retrieving security attribute with different secret key alias has to fail.");
+ }
+ catch (SecurityVaultException e) {
+ // deliberately empty
+ }
+ catch (Throwable e) {
+ fail("unexpected exception " + e.getStackTrace().toString());
+ }
+
+
+ }
+
+ public void testUtil() throws Exception
+ {
+ assertFalse(SecurityVaultUtil.isVaultFormat((String)null));
+ assertFalse(SecurityVaultUtil.isVaultFormat((char[])null));
+ }
+
+ private String getMaskedPassword(String pwd, String salt, int iterationCount) throws Exception
+ {
+ String algo = "PBEwithMD5andDES";
+
+ // Create the PBE secret key
+ SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
+
+ char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ String maskedPass = PBEUtils.encode64(pwd.getBytes(), algo, cipherKey, cipherSpec);
+
+ return new String(PicketBoxSecurityVault.PASS_MASK_PREFIX) + maskedPass;
+ }
+
+
+ private Map<String, Object> getVaultOptionsMap(String keystore, String encDataDir, String alias, String salz, int iter,
+ String password) throws Exception {
+ Map<String, Object> options = new HashMap<String, Object>();
+ options.put(PicketBoxSecurityVault.KEYSTORE_URL, keystore);
+ options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, getMaskedPassword(password, salz, iter));
+ options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, alias);
+ options.put(PicketBoxSecurityVault.SALT, salz);
+ options.put(PicketBoxSecurityVault.ITERATION_COUNT, String.valueOf(iter));
+ options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encDataDir);
+ return options;
+ }
+
+ public static void setInitialVaulConditions(String originalKeyStoreFile, String targetKeyStoreFile,
+ String originalVaultContentDir, String targetVaultContentDir) throws Exception {
+
+ File tKS = new File(targetKeyStoreFile);
+ File parent = tKS.getParentFile();
+ if (!parent.exists()) {
+ parent.mkdirs();
+ }
+ SecurityVaultUnitTestCase.copyFile(new File(originalKeyStoreFile), tKS);
+
+ File targetVaultContent = new File(targetVaultContentDir);
+ cleanDirectory(targetVaultContent);
+ File originVault = new File(originalVaultContentDir);
+ for (File f : originVault.listFiles()) {
+ if (f.isFile()) // some version control systems add a hidden directory, we must make sure we won't copy those.
+ SecurityVaultUnitTestCase.copyFile(f, new File(targetVaultContent.getAbsolutePath() + File.separator + f.getName()));
+ }
+ }
+
+ /**
+ * Make clean new directory.
+ *
+ * @param directory
+ */
+ public static void cleanDirectory(File directory) {
+ if (directory.exists()) {
+ for (File f: directory.listFiles()) { f.delete(); }
+ directory.delete();
+ }
+ directory.mkdirs();
+ }
+
+ /**
+ * Copy file method.
+ *
+ * @param sourceFile
+ * @param destFile
+ * @throws IOException
+ */
+ public static void copyFile(File sourceFile, File destFile) throws IOException {
+ if (!destFile.exists()) {
+ destFile.createNewFile();
+ }
+ FileInputStream fIn = null;
+ FileOutputStream fOut = null;
+ FileChannel source = null;
+ FileChannel destination = null;
+ try {
+ fIn = new FileInputStream(sourceFile);
+ source = fIn.getChannel();
+ fOut = new FileOutputStream(destFile);
+ destination = fOut.getChannel();
+ long transfered = 0;
+ long bytes = source.size();
+ while (transfered < bytes) {
+ transfered += destination.transferFrom(source, 0, source.size());
+ destination.position(transfered);
+ }
+ } finally {
+ if (source != null) {
+ source.close();
+ } else if (fIn != null) {
+ fIn.close();
+ }
+ if (destination != null) {
+ destination.close();
+ } else if (fOut != null) {
+ fOut.close();
+ }
+ }
+ }
+
+ static Class<?> loadClass(final Class<?> clazz, final String fqn) {
+ return AccessController.doPrivileged(new PrivilegedAction<Class<?>>() {
+ public Class<?> run() {
+ ClassLoader cl = clazz.getClassLoader();
+ Class<?> loadedClass = null;
+ try {
+ loadedClass = cl.loadClass(fqn);
+ } catch (ClassNotFoundException e) {
+ }
+ return loadedClass;
+ }
+ });
+
+ }
+
+ private void assertSecretValue(SecurityVault vault, String vaultBlock, String attributeName, String expectedSecuredAttributeValue) throws SecurityVaultException {
+ assertEquals("Expected value has to match the one in vault. " + vaultBlock + ":" + attributeName + "=" + expectedSecuredAttributeValue,
+ new String(expectedSecuredAttributeValue),
+ new String(vault.retrieve(vaultBlock, attributeName, null)));
+ }
+
+ /**
+ * get new instance of vault to simulate restart of application server
+ * @return
+ * @throws Exception
+ */
+ private SecurityVault getNewSecurityVaultInstance() throws Exception {
+ Class<?> vaultClass = loadClass(SecurityVaultFactory.class, "org.jboss.security.plugins.vault.PicketBoxSecurityVault");
+ return (SecurityVault)vaultClass.newInstance();
+ }
+
+}
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,22 @@
+
+anil at localhost:~/picketbox/trunk/security-jboss-sx/jbosssx/src/test/resources/keystore$ keytool -genkey -alias vault -keyalg RSA -keysize 1024 -keystore vault.keystore -storetype JCEKS
+Enter keystore password: vault22
+Re-enter new password:vault22
+What is your first and last name?
+ [Unknown]: Picketbox vault
+What is the name of your organizational unit?
+ [Unknown]: picketbox
+What is the name of your organization?
+ [Unknown]: JBoss
+What is the name of your City or Locality?
+ [Unknown]: chicago
+What is the name of your State or Province?
+ [Unknown]: il
+What is the two-letter country code for this unit?
+ [Unknown]: us
+Is CN=Picketbox vault, OU=picketbox, O=JBoss, L=chicago, ST=il, C=us correct?
+ [no]: yes
+
+Enter key password for <vault>
+ (RETURN if same as keystore password):
+
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault.jks
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault.jks
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/ENC.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/keystore/vault_data/Shared.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,2 @@
+Keystore created using:
+keytool -genkey -alias superverylongvaultname -keyalg RSA -keysize 2048 -keystore vault.jks -storepass password1234 -keypass password1234 -dname "CN=vault,O=example.com"
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault.jks
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault.jks
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/long_alias_keystore/vault_data/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1 @@
+this vault data directory is empty
\ No newline at end of file
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/replacement_keystore/replacement-vault.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,32 @@
+Keystore creation:
+-----------------------------------
+keytool -genkey -alias thealias -keystore vault-jks.keystore -keyalg RSA -keysize 1024 -storepass secretsecret -keypass secretsecret -dname "CN=Picketbox vault,OU=picketbox,O=JBoss"
+
+
+Keystore maked password attribs:
+-----------------------------------
+<vault>
+ <vault-option name="KEYSTORE_URL" value="vault/vault-jks.keystore"/>
+ <vault-option name="KEYSTORE_PASSWORD" value="MASK-X6MP2urfgJoRURxC5tsFw"/>
+ <vault-option name="KEYSTORE_ALIAS" value="thealias"/>
+ <vault-option name="SALT" value="24681359"/>
+ <vault-option name="ITERATION_COUNT" value="88"/>
+ <vault-option name="ENC_FILE_DIR" value="vault/vault_data/"/>
+</vault>
+
+
+vault content created in 3 sessions:
+-----------------------------------
+1. interactive session:
+vb attr1 pwd1
+vb attr2 pwd2
+vb1 attr1 pwd3
+vb2 attr2 pwd4
+
+2. non-interactive session
+vb2 attr3 pwd5
+
+3. non-interactive session
+vb attr3 pwd6
+
+
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault-jks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/ENC.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v0/vault_data/Shared.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,8 @@
+keystore created:
+------------------
+keytool -genseckey -alias test -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+
+vault content created (from EAP6.1 dir):
+-----------------------------------------
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr11 -x secret11
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr12 -x secret12
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-jce-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault-replacement-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-jce-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1/vault_data/VAULT.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/readme.txt
===================================================================
--- projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/readme.txt (rev 0)
+++ projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/readme.txt 2013-12-17 02:09:47 UTC (rev 114601)
@@ -0,0 +1,10 @@
+keystore created:
+------------------
+keytool -genseckey -alias test -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+keytool -genseckey -alias test2 -storetype jceks -keystore vault-v1/vault-jceks.keystore -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret
+
+vault content created (from EAP6.1 dir):
+-----------------------------------------
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1-more/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr11 -x secret11
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1-more/vault-jceks.keystore -v test -p secretsecret -i 34 -s 12345678 -b vb1 -a attr12 -x secret12
+./bin/vault.sh -e vault-v1/vault_data/ -k vault-v1-more/vault-jceks.keystore -v test2 -p secretsecret -i 34 -s 12345678 -b vb1 -a attr13 -x secret13
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-jce-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault-replacement-jceks.keystore
___________________________________________________________________
Added: svn:mime-type
+ application/x-java-jce-keystore
Added: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
===================================================================
(Binary files differ)
Property changes on: projects/security/security-jboss-sx/branches/Branch_2_0/jbosssx/src/test/resources/vault-v1-more/vault_data/VAULT.dat
___________________________________________________________________
Added: svn:mime-type
+ application/octet-stream
More information about the jboss-cvs-commits
mailing list