Class PicketBoxSecurityVault

  • All Implemented Interfaces:
    SecurityVault

    public class PicketBoxSecurityVault
    extends Object
    implements SecurityVault
    An instance of SecurityVault that uses a KeyStore The shared key just uses a concatenation of a UUID and a keystore alias. The following options are expected in the SecurityVault.init(Map) call: ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform KEYSTORE_URL: location where your keystore is located KEYSTORE_PASSWORD: keystore password. 'plain text' masked password (has to be prepended with MASK-) '{EXT}...' where the '...' is the exact command '{EXTC[:expiration_in_millis]}...' where the '...' is the exact command line that will be passed to the Runtime.exec(String) method to execute a platform command. The first line of the command output is used as the password. EXTC variant will cache the passwords for expiration_in_millis milliseconds. Default cache expiration is 0 = infinity. '{CMD}...' or '{CMDC}...' for a general command to execute. The general command is a string delimited by ',' where the first part is the actual command and further parts represents its parameters. The comma can be backslashed in order to keep it as the part of a parameter. '{CLASS[@modulename]}classname[:ctorargs]' where the '[:ctorargs]' is an optional string delimited by the ':' from the classname that will be passed to the classname ctor. The ctorargs itself is a comma delimited list of strings. The password is obtained from classname by invoking a 'char[] toCharArray()' method if found, otherwise, the 'String toString()' KEYSTORE_ALIAS: Alias where the keypair is located SALT: salt of the masked password. Ensured it is 8 characters in length ITERATION_COUNT: Iteration Count of the masked password. KEY_SIZE: Key size of encryption. Default is 128 bytes. CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS". KEYSTORE_TYPE: Key store type. Default is JCEKS.
    Since:
    Aug 12, 2011
    Author:
    Anil.Saldhana@redhat.com, Peter Skopek (pskopek_at_redhat_dot_com)