Package org.picketbox.plugins.vault
Class PicketBoxSecurityVault
- java.lang.Object
-
- org.picketbox.plugins.vault.PicketBoxSecurityVault
-
- All Implemented Interfaces:
SecurityVault
public class PicketBoxSecurityVault extends Object implements SecurityVault
An instance ofSecurityVaultthat uses aKeyStoreThe shared key just uses a concatenation of aUUIDand a keystore alias. The following options are expected in theSecurityVault.init(Map)call: ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform KEYSTORE_URL: location where your keystore is located KEYSTORE_PASSWORD: keystore password. 'plain text' masked password (has to be prepended with MASK-) '{EXT}...' where the '...' is the exact command '{EXTC[:expiration_in_millis]}...' where the '...' is the exact command line that will be passed to the Runtime.exec(String) method to execute a platform command. The first line of the command output is used as the password. EXTC variant will cache the passwords for expiration_in_millis milliseconds. Default cache expiration is 0 = infinity. '{CMD}...' or '{CMDC}...' for a general command to execute. The general command is a string delimited by ',' where the first part is the actual command and further parts represents its parameters. The comma can be backslashed in order to keep it as the part of a parameter. '{CLASS[@modulename]}classname[:ctorargs]' where the '[:ctorargs]' is an optional string delimited by the ':' from the classname that will be passed to the classname ctor. The ctorargs itself is a comma delimited list of strings. The password is obtained from classname by invoking a 'char[] toCharArray()' method if found, otherwise, the 'String toString()' KEYSTORE_ALIAS: Alias where the keypair is located SALT: salt of the masked password. Ensured it is 8 characters in length ITERATION_COUNT: Iteration Count of the masked password. KEY_SIZE: Key size of encryption. Default is 128 bytes. CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS". KEYSTORE_TYPE: Key store type. Default is JCEKS.- Since:
- Aug 12, 2011
- Author:
- Anil.Saldhana@redhat.com, Peter Skopek (pskopek_at_redhat_dot_com)
-
-
Field Summary
Fields Modifier and Type Field Description static StringCREATE_KEYSTOREprotected static StringdefaultKeyStoreTypestatic StringENC_FILE_DIRprotected StringencryptionAlgorithmprotected booleanfinishedInitstatic StringITERATION_COUNTstatic StringKEY_SIZEprotected intkeySizeprotected KeyStorekeystorestatic StringKEYSTORE_ALIASstatic StringKEYSTORE_PASSWORDstatic StringKEYSTORE_TYPEstatic StringKEYSTORE_URLstatic StringPASS_MASK_PREFIXstatic StringPUBLIC_CERTstatic StringSALTprotected static StringVAULT_CONTENT_FILE
-
Constructor Summary
Constructors Constructor Description PicketBoxSecurityVault()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static voidcopyFile(File sourceFile, File destFile)Copy file method.booleanexists(String vaultBlock, String attributeName)Check whether an attribute value exists in the vaultbyte[]handshake(Map<String,Object> handshakeOptions)Retrieve the shared key from the vaultvoidinit(Map<String,Object> options)Initialize the vaultbooleanisInitialized()Determine if the vault is initializedSet<String>keyList()Get the currently vaulted VaultBlock_attribute Namesbooleanremove(String vaultBlock, String attributeName, byte[] sharedKey)Remove an existing attribute valuechar[]retrieve(String vaultBlock, String attributeName, byte[] sharedKey)Retrieve the attribute valuevoidstore(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey)Store an attribute value
-
-
-
Field Detail
-
finishedInit
protected boolean finishedInit
-
keystore
protected KeyStore keystore
-
encryptionAlgorithm
protected String encryptionAlgorithm
-
keySize
protected int keySize
-
ENC_FILE_DIR
public static final String ENC_FILE_DIR
- See Also:
- Constant Field Values
-
KEYSTORE_URL
public static final String KEYSTORE_URL
- See Also:
- Constant Field Values
-
KEYSTORE_PASSWORD
public static final String KEYSTORE_PASSWORD
- See Also:
- Constant Field Values
-
KEYSTORE_ALIAS
public static final String KEYSTORE_ALIAS
- See Also:
- Constant Field Values
-
SALT
public static final String SALT
- See Also:
- Constant Field Values
-
ITERATION_COUNT
public static final String ITERATION_COUNT
- See Also:
- Constant Field Values
-
PASS_MASK_PREFIX
public static final String PASS_MASK_PREFIX
- See Also:
- Constant Field Values
-
PUBLIC_CERT
public static final String PUBLIC_CERT
- See Also:
- Constant Field Values
-
KEY_SIZE
public static final String KEY_SIZE
- See Also:
- Constant Field Values
-
CREATE_KEYSTORE
public static final String CREATE_KEYSTORE
- See Also:
- Constant Field Values
-
KEYSTORE_TYPE
public static final String KEYSTORE_TYPE
- See Also:
- Constant Field Values
-
VAULT_CONTENT_FILE
protected static final String VAULT_CONTENT_FILE
- See Also:
- Constant Field Values
-
defaultKeyStoreType
protected static final String defaultKeyStoreType
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public void init(Map<String,Object> options) throws SecurityVaultException
Description copied from interface:SecurityVaultInitialize the vault- Specified by:
initin interfaceSecurityVault- Throws:
SecurityVaultException
-
isInitialized
public boolean isInitialized()
Description copied from interface:SecurityVaultDetermine if the vault is initialized- Specified by:
isInitializedin interfaceSecurityVault- Returns:
-
handshake
public byte[] handshake(Map<String,Object> handshakeOptions) throws SecurityVaultException
Description copied from interface:SecurityVaultRetrieve the shared key from the vault- Specified by:
handshakein interfaceSecurityVault- Parameters:
handshakeOptions- a set of options that the vault identifies for handshake- Returns:
- Throws:
SecurityVaultException
-
keyList
public Set<String> keyList() throws SecurityVaultException
Description copied from interface:SecurityVaultGet the currently vaulted VaultBlock_attribute Names- Specified by:
keyListin interfaceSecurityVault- Returns:
- Throws:
SecurityVaultException
-
store
public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVaultStore an attribute value- Specified by:
storein interfaceSecurityVault- Parameters:
vaultBlock- a string value that brings in the uniquenessattributeName- name of the attribute- Throws:
SecurityVaultException
-
retrieve
public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVaultRetrieve the attribute value- Specified by:
retrievein interfaceSecurityVault- Returns:
- Throws:
SecurityVaultException
-
exists
public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException
Description copied from interface:SecurityVaultCheck whether an attribute value exists in the vault- Specified by:
existsin interfaceSecurityVault- Returns:
- Throws:
SecurityVaultException- See Also:
SecurityVault.exists(String, String)
-
remove
public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVaultRemove an existing attribute value- Specified by:
removein interfaceSecurityVault- Returns:
- true if remove was successful, false otherwise
- Throws:
SecurityVaultException
-
copyFile
public static void copyFile(File sourceFile, File destFile) throws IOException
Copy file method.- Parameters:
sourceFile-destFile-- Throws:
IOException
-
-