public class PicketBoxSecurityVault extends Object implements SecurityVault
SecurityVault
that uses
a KeyStore
The shared key just uses a concatenation of a UUID
and a keystore alias.
The following options are expected in the SecurityVault.init(Map)
call:
ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform
KEYSTORE_URL: location where your keystore is located
KEYSTORE_PASSWORD: keystore password.
'plain text' masked password (has to be prepended with MASK-)
'{EXT}...' where the '...' is the exact command
'{EXTC[:expiration_in_millis]}...' where the '...' is the exact command
line that will be passed to the Runtime.exec(String) method to execute a
platform command. The first line of the command output is used as the
password.
EXTC variant will cache the passwords for expiration_in_millis milliseconds.
Default cache expiration is 0 = infinity.
'{CMD}...' or '{CMDC}...' for a general command to execute. The general
command is a string delimited by ',' where the first part is the actual
command and further parts represents its parameters. The comma can be
backslashed in order to keep it as the part of a parameter.
'{CLASS[@modulename]}classname[:ctorargs]' where the '[:ctorargs]' is an optional
string delimited by the ':' from the classname that will be passed to the
classname ctor. The ctorargs itself is a comma delimited list of strings.
The password is obtained from classname by invoking a
'char[] toCharArray()' method if found, otherwise, the 'String toString()'
KEYSTORE_ALIAS: Alias where the keypair is located
SALT: salt of the masked password. Ensured it is 8 characters in length
ITERATION_COUNT: Iteration Count of the masked password.
KEY_SIZE: Key size of encryption. Default is 128 bytes.
CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS".
KEYSTORE_TYPE: Key store type. Default is JCEKS.Modifier and Type | Field and Description |
---|---|
static String |
CREATE_KEYSTORE |
protected static String |
defaultKeyStoreType |
static String |
ENC_FILE_DIR |
protected String |
encryptionAlgorithm |
protected boolean |
finishedInit |
static String |
ITERATION_COUNT |
static String |
KEY_SIZE |
protected int |
keySize |
protected KeyStore |
keystore |
static String |
KEYSTORE_ALIAS |
static String |
KEYSTORE_PASSWORD |
static String |
KEYSTORE_TYPE |
static String |
KEYSTORE_URL |
static String |
PASS_MASK_PREFIX |
static String |
PUBLIC_CERT |
static String |
SALT |
protected static String |
VAULT_CONTENT_FILE |
Constructor and Description |
---|
PicketBoxSecurityVault() |
Modifier and Type | Method and Description |
---|---|
static void |
copyFile(File sourceFile,
File destFile)
Copy file method.
|
boolean |
exists(String vaultBlock,
String attributeName)
Check whether an attribute value exists in the vault
|
byte[] |
handshake(Map<String,Object> handshakeOptions)
Retrieve the shared key from the vault
|
void |
init(Map<String,Object> options)
Initialize the vault
|
boolean |
isInitialized()
Determine if the vault is initialized
|
Set<String> |
keyList()
Get the currently vaulted VaultBlock_attribute Names
|
boolean |
remove(String vaultBlock,
String attributeName,
byte[] sharedKey)
Remove an existing attribute value
|
char[] |
retrieve(String vaultBlock,
String attributeName,
byte[] sharedKey)
Retrieve the attribute value
|
void |
store(String vaultBlock,
String attributeName,
char[] attributeValue,
byte[] sharedKey)
Store an attribute value
|
protected boolean finishedInit
protected KeyStore keystore
protected String encryptionAlgorithm
protected int keySize
public static final String ENC_FILE_DIR
public static final String KEYSTORE_URL
public static final String KEYSTORE_PASSWORD
public static final String KEYSTORE_ALIAS
public static final String SALT
public static final String ITERATION_COUNT
public static final String PASS_MASK_PREFIX
public static final String PUBLIC_CERT
public static final String KEY_SIZE
public static final String CREATE_KEYSTORE
public static final String KEYSTORE_TYPE
protected static final String VAULT_CONTENT_FILE
protected static final String defaultKeyStoreType
public void init(Map<String,Object> options) throws SecurityVaultException
SecurityVault
init
in interface SecurityVault
SecurityVaultException
public boolean isInitialized()
SecurityVault
isInitialized
in interface SecurityVault
public byte[] handshake(Map<String,Object> handshakeOptions) throws SecurityVaultException
SecurityVault
handshake
in interface SecurityVault
handshakeOptions
- a set of options that the vault identifies for handshakeSecurityVaultException
public Set<String> keyList() throws SecurityVaultException
SecurityVault
keyList
in interface SecurityVault
SecurityVaultException
public void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey) throws SecurityVaultException
SecurityVault
store
in interface SecurityVault
vaultBlock
- a string value that brings in the uniquenessattributeName
- name of the attributeSecurityVaultException
public char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
SecurityVault
retrieve
in interface SecurityVault
SecurityVaultException
public boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException
SecurityVault
exists
in interface SecurityVault
SecurityVaultException
SecurityVault.exists(String, String)
public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
SecurityVault
remove
in interface SecurityVault
SecurityVaultException
public static void copyFile(File sourceFile, File destFile) throws IOException
sourceFile
- destFile
- IOException
Copyright © 2016 JBoss by Red Hat. All rights reserved.