org.picketbox.plugins.vault
public class PicketBoxSecurityVault extends Object implements org.jboss.security.vault.SecurityVault
SecurityVault
that uses
a KeyStore
The shared key just uses a concatenation of a UUID
and a keystore alias.
The following options are expected in the SecurityVault.init(Map)
call:
ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform
KEYSTORE_URL: location where your keystore is located
KEYSTORE_PASSWORD: keystore password.
'plain text' masked password (has to be prepended with MASK-)
'{EXT}...' where the '...' is the exact command
'{EXTC[:expiration_in_millis]}...' where the '...' is the exact command
line that will be passed to the Runtime.exec(String) method to execute a
platform command. The first line of the command output is used as the
password.
EXTC variant will cache the passwords for expiration_in_millis milliseconds.
Default cache expiration is 0 = infinity.
'{CMD}...' or '{CMDC}...' for a general command to execute. The general
command is a string delimited by ',' where the first part is the actual
command and further parts represents its parameters. The comma can be
backslashed in order to keep it as the part of a parameter.
'{CLASS}classname[:ctorargs]' where the '[:ctorargs]' is an optional
string delimited by the ':' from the classname that will be passed to the
classname ctor. The ctorargs itself is a comma delimited list of strings.
The password is obtained from classname by invoking a
'char[] toCharArray()' method if found, otherwise, the 'String toString()'
KEYSTORE_ALIAS: Alias where the keypair is located
SALT: salt of the masked password. Ensured it is 8 characters in length
ITERATION_COUNT: Iteration Count of the masked password.
KEY_SIZE: Key size of encryption. Default is 128 bytes.
CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS".
KEYSTORE_TYPE: Key store type. Default is JCEKS.Modifier and Type | Field and Description |
---|---|
static String |
CREATE_KEYSTORE |
protected static String |
defaultKeyStoreType |
static String |
ENC_FILE_DIR |
protected String |
encryptionAlgorithm |
protected boolean |
finishedInit |
static String |
ITERATION_COUNT |
static String |
KEY_SIZE |
protected int |
keySize |
protected KeyStore |
keystore |
static String |
KEYSTORE_ALIAS |
static String |
KEYSTORE_PASSWORD |
static String |
KEYSTORE_TYPE |
static String |
KEYSTORE_URL |
static String |
PASS_MASK_PREFIX |
static String |
PUBLIC_CERT |
static String |
SALT |
protected static String |
VAULT_CONTENT_FILE |
Constructor and Description |
---|
PicketBoxSecurityVault() |
Modifier and Type | Method and Description |
---|---|
static void |
copyFile(File sourceFile,
File destFile)
Copy file method.
|
boolean |
exists(String vaultBlock,
String attributeName) |
byte[] |
handshake(Map<String,Object> handshakeOptions) |
void |
init(Map<String,Object> options) |
boolean |
isInitialized() |
Set<String> |
keyList() |
boolean |
remove(String vaultBlock,
String attributeName,
byte[] sharedKey) |
char[] |
retrieve(String vaultBlock,
String attributeName,
byte[] sharedKey) |
void |
store(String vaultBlock,
String attributeName,
char[] attributeValue,
byte[] sharedKey) |
protected boolean finishedInit
protected KeyStore keystore
protected String encryptionAlgorithm
protected int keySize
public static final String ENC_FILE_DIR
public static final String KEYSTORE_URL
public static final String KEYSTORE_PASSWORD
public static final String KEYSTORE_ALIAS
public static final String SALT
public static final String ITERATION_COUNT
public static final String PASS_MASK_PREFIX
public static final String PUBLIC_CERT
public static final String KEY_SIZE
public static final String CREATE_KEYSTORE
public static final String KEYSTORE_TYPE
protected static final String VAULT_CONTENT_FILE
protected static final String defaultKeyStoreType
public void init(Map<String,Object> options) throws org.jboss.security.vault.SecurityVaultException
init
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public boolean isInitialized()
isInitialized
in interface org.jboss.security.vault.SecurityVault
public byte[] handshake(Map<String,Object> handshakeOptions) throws org.jboss.security.vault.SecurityVaultException
handshake
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public Set<String> keyList() throws org.jboss.security.vault.SecurityVaultException
keyList
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey) throws org.jboss.security.vault.SecurityVaultException
store
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws org.jboss.security.vault.SecurityVaultException
retrieve
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public boolean exists(String vaultBlock, String attributeName) throws org.jboss.security.vault.SecurityVaultException
exists
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
SecurityVault.exists(String, String)
public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws org.jboss.security.vault.SecurityVaultException
remove
in interface org.jboss.security.vault.SecurityVault
org.jboss.security.vault.SecurityVaultException
public static void copyFile(File sourceFile, File destFile) throws IOException
sourceFile
- destFile
- IOException
Copyright © 2015 JBoss Inc.. All Rights Reserved.