public class PicketBoxSecurityVault extends Object implements SecurityVault
SecurityVault that uses
a KeyStore
The shared key just uses a concatenation of a UUID
and a keystore alias.
The following options are expected in the SecurityVault.init(Map) call:
ENC_FILE_DIR: the location where the encoded files will be kept. End with "/" or "\" based on your platform
KEYSTORE_URL: location where your keystore is located
KEYSTORE_PASSWORD: keystore password.
'plain text' masked password (has to be prepended with MASK-)
'{EXT}...' where the '...' is the exact command
'{EXTC[:expiration_in_millis]}...' where the '...' is the exact command
line that will be passed to the Runtime.exec(String) method to execute a
platform command. The first line of the command output is used as the
password.
EXTC variant will cache the passwords for expiration_in_millis milliseconds.
Default cache expiration is 0 = infinity.
'{CMD}...' or '{CMDC}...' for a general command to execute. The general
command is a string delimited by ',' where the first part is the actual
command and further parts represents its parameters. The comma can be
backslashed in order to keep it as the part of a parameter.
'{CLASS[@modulename]}classname[:ctorargs]' where the '[:ctorargs]' is an optional
string delimited by the ':' from the classname that will be passed to the
classname ctor. The ctorargs itself is a comma delimited list of strings.
The password is obtained from classname by invoking a
'char[] toCharArray()' method if found, otherwise, the 'String toString()'
KEYSTORE_ALIAS: Alias where the keypair is located
SALT: salt of the masked password. Ensured it is 8 characters in length
ITERATION_COUNT: Iteration Count of the masked password.
KEY_SIZE: Key size of encryption. Default is 128 bytes.
CREATE_KEYSTORE: Whether PicketBox Security Vault has to create missing key store in time of initialization. Default is "FALSE". Implies KEYSTORE_TYPE "JCEKS".
KEYSTORE_TYPE: Key store type. Default is JCEKS.| Modifier and Type | Field and Description |
|---|---|
static String |
CREATE_KEYSTORE |
protected static String |
defaultKeyStoreType |
static String |
ENC_FILE_DIR |
protected String |
encryptionAlgorithm |
protected boolean |
finishedInit |
static String |
ITERATION_COUNT |
static String |
KEY_SIZE |
protected int |
keySize |
protected KeyStore |
keystore |
static String |
KEYSTORE_ALIAS |
static String |
KEYSTORE_PASSWORD |
static String |
KEYSTORE_TYPE |
static String |
KEYSTORE_URL |
static String |
PASS_MASK_PREFIX |
static String |
PUBLIC_CERT |
static String |
SALT |
protected static String |
VAULT_CONTENT_FILE |
| Constructor and Description |
|---|
PicketBoxSecurityVault() |
| Modifier and Type | Method and Description |
|---|---|
static void |
copyFile(File sourceFile,
File destFile)
Copy file method.
|
boolean |
exists(String vaultBlock,
String attributeName)
Check whether an attribute value exists in the vault
|
byte[] |
handshake(Map<String,Object> handshakeOptions)
Retrieve the shared key from the vault
|
void |
init(Map<String,Object> options)
Initialize the vault
|
boolean |
isInitialized()
Determine if the vault is initialized
|
Set<String> |
keyList()
Get the currently vaulted VaultBlock_attribute Names
|
boolean |
remove(String vaultBlock,
String attributeName,
byte[] sharedKey)
Remove an existing attribute value
|
char[] |
retrieve(String vaultBlock,
String attributeName,
byte[] sharedKey)
Retrieve the attribute value
|
void |
store(String vaultBlock,
String attributeName,
char[] attributeValue,
byte[] sharedKey)
Store an attribute value
|
protected boolean finishedInit
protected KeyStore keystore
protected String encryptionAlgorithm
protected int keySize
public static final String ENC_FILE_DIR
public static final String KEYSTORE_URL
public static final String KEYSTORE_PASSWORD
public static final String KEYSTORE_ALIAS
public static final String SALT
public static final String ITERATION_COUNT
public static final String PASS_MASK_PREFIX
public static final String PUBLIC_CERT
public static final String KEY_SIZE
public static final String CREATE_KEYSTORE
public static final String KEYSTORE_TYPE
protected static final String VAULT_CONTENT_FILE
protected static final String defaultKeyStoreType
public void init(Map<String,Object> options) throws SecurityVaultException
SecurityVaultinit in interface SecurityVaultSecurityVaultExceptionpublic boolean isInitialized()
SecurityVaultisInitialized in interface SecurityVaultpublic byte[] handshake(Map<String,Object> handshakeOptions) throws SecurityVaultException
SecurityVaulthandshake in interface SecurityVaulthandshakeOptions - a set of options that the vault identifies for handshakeSecurityVaultExceptionpublic Set<String> keyList() throws SecurityVaultException
SecurityVaultkeyList in interface SecurityVaultSecurityVaultExceptionpublic void store(String vaultBlock, String attributeName, char[] attributeValue, byte[] sharedKey) throws SecurityVaultException
SecurityVaultstore in interface SecurityVaultvaultBlock - a string value that brings in the uniquenessattributeName - name of the attributeSecurityVaultExceptionpublic char[] retrieve(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
SecurityVaultretrieve in interface SecurityVaultSecurityVaultExceptionpublic boolean exists(String vaultBlock, String attributeName) throws SecurityVaultException
SecurityVaultexists in interface SecurityVaultSecurityVaultExceptionSecurityVault.exists(String, String)public boolean remove(String vaultBlock, String attributeName, byte[] sharedKey) throws SecurityVaultException
SecurityVaultremove in interface SecurityVaultSecurityVaultExceptionpublic static void copyFile(File sourceFile, File destFile) throws IOException
sourceFile - destFile - IOExceptionCopyright © 2019 JBoss by Red Hat. All rights reserved.