[jboss-cvs] Picketbox SVN: r419 - branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon May 6 04:45:36 EDT 2013
Author: pskopek at redhat.com
Date: 2013-05-06 04:45:36 -0400 (Mon, 06 May 2013)
New Revision: 419
Modified:
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java
branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/SecurityVaultData.java
Log:
Hid implementation detail from SecurityVaultData class.
Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java 2013-05-06 08:43:44 UTC (rev 418)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/PicketBoxSecurityVault.java 2013-05-06 08:45:36 UTC (rev 419)
@@ -52,7 +52,6 @@
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
-import java.util.concurrent.ConcurrentHashMap;
/**
* An instance of {@link SecurityVault} that uses
@@ -221,7 +220,7 @@
* @see org.jboss.security.vault.SecurityVault#keyList()
*/
public Set<String> keyList() throws SecurityVaultException {
- return vaultContent.getVaultData().keySet();
+ return vaultContent.getVaultDataKeys();
}
/*
@@ -235,8 +234,6 @@
if(StringUtil.isNullOrEmpty(attributeName))
throw PicketBoxMessages.MESSAGES.invalidNullArgument("attributeName");
- vaultContent.getVaultData().put(dataKey(vaultBlock, attributeName), sharedKey);
-
String av = new String(attributeValue);
EncryptionUtil util = new EncryptionUtil(encryptionAlgorithm, keySize);
@@ -244,7 +241,7 @@
{
SecretKeySpec sKeySpec = new SecretKeySpec(adminKey.getEncoded(), encryptionAlgorithm);
byte[] encryptedData = util.encrypt(av.getBytes(), sKeySpec);
- vaultContent.getVaultData().put(dataKey(vaultBlock, attributeName), encryptedData);
+ vaultContent.addVaultData(alias, vaultBlock, attributeName, encryptedData);
}
catch (Exception e1)
{
@@ -269,7 +266,7 @@
if(StringUtil.isNullOrEmpty(attributeName))
throw PicketBoxMessages.MESSAGES.invalidNullArgument("attributeName");
- byte[] encryptedValue = vaultContent.getVaultData().get(dataKey(vaultBlock, attributeName));
+ byte[] encryptedValue = vaultContent.getVaultData(alias, vaultBlock, attributeName);
SecretKeySpec secretKeySpec = new SecretKeySpec(adminKey.getEncoded(), encryptionAlgorithm);
EncryptionUtil encUtil = new EncryptionUtil(encryptionAlgorithm, keySize);
@@ -287,7 +284,7 @@
* @see org.jboss.security.vault.SecurityVault#exists(String, String)
*/
public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException {
- return vaultContent.getVaultData().get(dataKey(vaultBlock, attributeName)) != null;
+ return vaultContent.getVaultData(alias, vaultBlock, attributeName) != null;
}
/*
@@ -297,7 +294,7 @@
throws SecurityVaultException
{
try {
- vaultContent.getVaultData().remove(dataKey(vaultBlock, attributeName));
+ vaultContent.deleteVaultData(alias, vaultBlock, attributeName);
}
catch(Exception e) {
return false;
@@ -328,7 +325,7 @@
private void setUpVault(String keystoreURL, String decodedEncFileDir) throws NoSuchAlgorithmException, IOException
{
- vaultContent = new SecurityVaultData(new ConcurrentHashMap<String, byte[]>());
+ vaultContent = new SecurityVaultData();
writeVaultData();
SecretKey sk = getAdminKey();
@@ -462,7 +459,8 @@
safeClose(ois);
}
- Map<String, byte[]> newVault = new ConcurrentHashMap<String, byte[]>();
+ // create new SecurityVaultData object for transformed vault data
+ vaultContent = new SecurityVaultData();
adminKey = null;
for (String key: theContent.keySet()) {
@@ -480,7 +478,7 @@
PicketBoxLogger.LOGGER.ambiguosKeyForSecurityVaultTransformation("_", vaultBlock, attributeName);
}
byte[] encodedAttributeValue = theContent.get(key);
- newVault.put(dataKey(vaultBlock, attributeName), encodedAttributeValue);
+ vaultContent.addVaultData(alias, vaultBlock, attributeName, encodedAttributeValue);
}
}
}
@@ -488,9 +486,6 @@
throw PicketBoxMessages.MESSAGES.missingAdminKeyInOriginalVaultData();
}
- // create new transformed vault data
- vaultContent = new SecurityVaultData(newVault);
-
// add secret key (admin_key) to keystore
KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(adminKey);
KeyStore.PasswordProtection p = new KeyStore.PasswordProtection(keyStorePWD);
@@ -551,17 +546,6 @@
}
- /**
- * Creates new format for data key in vault. All parameters has to be non-null.
- *
- * @param vaultBlock
- * @param attributeName
- * @param alias
- * @return
- */
- public static String dataKey(String vaultBlock, String attributeName) {
- return vaultBlock + StringUtil.PROPERTY_DEFAULT_SEPARATOR + attributeName;
- }
private void readVersionedVaultContent() throws Exception {
FileInputStream fis = null;
Modified: branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/SecurityVaultData.java
===================================================================
--- branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/SecurityVaultData.java 2013-05-06 08:43:44 UTC (rev 418)
+++ branches/embargo/4.0.16.Final-vault/security-jboss-sx/jbosssx/src/main/java/org/picketbox/plugins/vault/SecurityVaultData.java 2013-05-06 08:45:36 UTC (rev 419)
@@ -27,10 +27,12 @@
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.util.Map;
+import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
+import org.picketbox.util.StringUtil;
/**
* Security vault data store with version serialized data storage.
@@ -52,26 +54,32 @@
private transient Map<String, byte[]> vaultData = new ConcurrentHashMap<String,byte[]>();
+
/**
- * Constructor which fills the vault data.
- * @param vaultData
+ * Default constructor.
*/
- public SecurityVaultData(Map<String, byte[]> vaultData) {
- this.vaultData = vaultData;
+ public SecurityVaultData() {
}
/**
- * Default constructor for serialization purpose.
- * @param vaultData
+ * Writes object to the ObjectOutputSteream.
+ *
+ * @param oos
+ * @throws IOException
*/
- public SecurityVaultData() {
- }
-
private void writeObject(ObjectOutputStream oos) throws IOException {
oos.writeObject(new Integer(VERSION));
oos.writeObject(vaultData);
}
+ /**
+ * Reads object from the ObjectInputStream. This method needs to be changed when implementing
+ * changes in data and {@link VERSION} is changed.
+ *
+ * @param ois
+ * @throws IOException
+ * @throws ClassNotFoundException
+ */
@SuppressWarnings("unchecked")
private void readObject(ObjectInputStream ois) throws IOException, ClassNotFoundException {
int version = (Integer) ois.readObject();
@@ -89,12 +97,57 @@
}
/**
- * Returns vault data internal store.
+ * Retrieves the data stored in vault storage.
*
+ * @param keyAlias - currently not used (for possible future extension)
+ * @param vaultBlock
+ * @param attributeName
* @return
*/
- public Map<String, byte[]> getVaultData() {
- return vaultData;
+ byte[] getVaultData(String keyAlias, String vaultBlock, String attributeName) {
+ return vaultData.get(dataKey(keyAlias, vaultBlock, attributeName));
}
+
+ /**
+ *
+ * @param keyAlias
+ * @param vaultBlock
+ * @param attributeName
+ * @param encryptedData
+ */
+ void addVaultData(String keyAlias, String vaultBlock, String attributeName, byte[] encryptedData) {
+ vaultData.put(dataKey(keyAlias, vaultBlock, attributeName), encryptedData);
+ }
+ /**
+ *
+ * @param keyAlias
+ * @param vaultBlock
+ * @param attributeName
+ */
+ void deleteVaultData(String keyAlias, String vaultBlock, String attributeName) {
+ vaultData.remove(dataKey(keyAlias, vaultBlock, attributeName));
+ }
+
+ /**
+ * Returns mapping keys for all stored data.
+ * @return
+ */
+ Set<String> getVaultDataKeys() {
+ return vaultData.keySet();
+ }
+
+ /**
+ * Creates new format for data key in vault. All parameters has to be non-null.
+ *
+ * @param keyAlias - currently not used (for possible future extension)
+ * @param vaultBlock
+ * @param attributeName
+ * @param alias
+ * @return
+ */
+ private static String dataKey(String keyAlias, String vaultBlock, String attributeName) {
+ return vaultBlock + StringUtil.PROPERTY_DEFAULT_SEPARATOR + attributeName;
+ }
+
}
More information about the jboss-cvs-commits
mailing list