Package org.picketbox.plugins.vault
Class PicketBoxSecurityVault
- java.lang.Object
-
- org.picketbox.plugins.vault.PicketBoxSecurityVault
-
- All Implemented Interfaces:
SecurityVault
public class PicketBoxSecurityVault extends Object implements SecurityVault
An instance ofSecurityVault
that uses aKeyStore
The shared key just uses a concatenation of aUUID
and a keystore alias. The following options are expected in theSecurityVault.init(Map)
call: ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform KEYSTORE_URL: location where your keystore is located KEYSTORE_PASSWORD: keystore password. 'plain text' masked password (has to be prepended with MASK-) '{EXT}...' where the '...' is the exact command '{EXTC[:expiration_in_millis]}...' where the '...' is the exact command line that will be passed to the Runtime.exec(String) method to execute a platform command. The first line of the command output is used as the password. EXTC variant will cache the passwords for expiration_in_millis milliseconds. Default cache expiration is 0 = infinity. '{CMD}...' or '{CMDC}...' for a general command to execute. The general command is a string delimited by ',' where the first part is the actual command and further parts represents its parameters. The comma can be backslashed in order to keep it as the part of a parameter. '{CLASS[@modulename]}classname[:ctorargs]' where the '[:ctorargs]' is an optional string delimited by the ':' from the classname that will be passed to the classname ctor. The ctorargs itself is a comma delimited list of strings. The password is obtained from classname by invoking a 'char[] toCharArray()' method if found, otherwise, the 'String toString()' KEYSTORE_ALIAS: Alias where the keypair is located SALT: salt of the masked password. Ensured it is 8 characters in length ITERATION_COUNT: Iteration Count of the masked password. KEY_SIZE: Key size of encryption. Default is 128 bytes. CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS". KEYSTORE_TYPE: Key store type. Default is JCEKS.- Since:
- Aug 12, 2011
- Author:
- Anil.Saldhana@redhat.com, Peter Skopek (pskopek_at_redhat_dot_com)
-
-
Field Summary
Fields Modifier and Type Field Description static String
CREATE_KEYSTORE
protected static String
defaultKeyStoreType
static String
ENC_FILE_DIR
protected String
encryptionAlgorithm
protected boolean
finishedInit
static String
ITERATION_COUNT
static String
KEY_SIZE
protected int
keySize
protected KeyStore
keystore
static String
KEYSTORE_ALIAS
static String
KEYSTORE_PASSWORD
static String
KEYSTORE_TYPE
static String
KEYSTORE_URL
static String
PASS_MASK_PREFIX
static String
PUBLIC_CERT
static String
SALT
protected static String
VAULT_CONTENT_FILE
-
Constructor Summary
Constructors Constructor Description PicketBoxSecurityVault()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static void
copyFile(File sourceFile, File destFile)
Copy file method.boolean
exists(String vaultBlock, String attributeName)
Check whether an attribute value exists in the vaultbyte[]
handshake(Map<String,Object> handshakeOptions)
Retrieve the shared key from the vaultvoid
init(Map<String,Object> options)
Initialize the vaultboolean
isInitialized()
Determine if the vault is initializedSet<String>
keyList()
Get the currently vaulted VaultBlock_attribute Namesboolean
remove(String vaultBlock, String attributeName, byte[] sharedKey)
Remove an existing attribute valuechar[]
retrieve(String vaultBlock, String attributeName, byte[] sharedKey)
Retrieve the attribute valuevoid
store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey)
Store an attribute value
-
-
-
Field Detail
-
finishedInit
protected boolean finishedInit
-
keystore
protected KeyStore keystore
-
encryptionAlgorithm
protected String encryptionAlgorithm
-
keySize
protected int keySize
-
ENC_FILE_DIR
public static final String ENC_FILE_DIR
- See Also:
- Constant Field Values
-
KEYSTORE_URL
public static final String KEYSTORE_URL
- See Also:
- Constant Field Values
-
KEYSTORE_PASSWORD
public static final String KEYSTORE_PASSWORD
- See Also:
- Constant Field Values
-
KEYSTORE_ALIAS
public static final String KEYSTORE_ALIAS
- See Also:
- Constant Field Values
-
SALT
public static final String SALT
- See Also:
- Constant Field Values
-
ITERATION_COUNT
public static final String ITERATION_COUNT
- See Also:
- Constant Field Values
-
PASS_MASK_PREFIX
public static final String PASS_MASK_PREFIX
- See Also:
- Constant Field Values
-
PUBLIC_CERT
public static final String PUBLIC_CERT
- See Also:
- Constant Field Values
-
KEY_SIZE
public static final String KEY_SIZE
- See Also:
- Constant Field Values
-
CREATE_KEYSTORE
public static final String CREATE_KEYSTORE
- See Also:
- Constant Field Values
-
KEYSTORE_TYPE
public static final String KEYSTORE_TYPE
- See Also:
- Constant Field Values
-
VAULT_CONTENT_FILE
protected static final String VAULT_CONTENT_FILE
- See Also:
- Constant Field Values
-
defaultKeyStoreType
protected static final String defaultKeyStoreType
- See Also:
- Constant Field Values
-
-
Method Detail
-
init
public void init(Map<String,Object> options) throws SecurityVaultException
Description copied from interface:SecurityVault
Initialize the vault- Specified by:
init
in interfaceSecurityVault
- Throws:
SecurityVaultException
-
isInitialized
public boolean isInitialized()
Description copied from interface:SecurityVault
Determine if the vault is initialized- Specified by:
isInitialized
in interfaceSecurityVault
- Returns:
-
handshake
public byte[] handshake(Map<String,Object> handshakeOptions) throws SecurityVaultException
Description copied from interface:SecurityVault
Retrieve the shared key from the vault- Specified by:
handshake
in interfaceSecurityVault
- Parameters:
handshakeOptions
- a set of options that the vault identifies for handshake- Returns:
- Throws:
SecurityVaultException
-
keyList
public Set<String> keyList() throws SecurityVaultException
Description copied from interface:SecurityVault
Get the currently vaulted VaultBlock_attribute Names- Specified by:
keyList
in interfaceSecurityVault
- Returns:
- Throws:
SecurityVaultException
-
store
public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVault
Store an attribute value- Specified by:
store
in interfaceSecurityVault
- Parameters:
vaultBlock
- a string value that brings in the uniquenessattributeName
- name of the attribute- Throws:
SecurityVaultException
-
retrieve
public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVault
Retrieve the attribute value- Specified by:
retrieve
in interfaceSecurityVault
- Returns:
- Throws:
SecurityVaultException
-
exists
public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException
Description copied from interface:SecurityVault
Check whether an attribute value exists in the vault- Specified by:
exists
in interfaceSecurityVault
- Returns:
- Throws:
SecurityVaultException
- See Also:
SecurityVault.exists(String, String)
-
remove
public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
Description copied from interface:SecurityVault
Remove an existing attribute value- Specified by:
remove
in interfaceSecurityVault
- Returns:
- true if remove was successful, false otherwise
- Throws:
SecurityVaultException
-
copyFile
public static void copyFile(File sourceFile, File destFile) throws IOException
Copy file method.- Parameters:
sourceFile
-destFile
-- Throws:
IOException
-
-