public <C extends Credential> C getCredential(final Class<C> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws IOException { Assert.checkNotNullParam("credentialType", credentialType); try { final CredentialStore credentialStore = credentialStoreFactory.create(); if (log.isTraceEnabled()) { log.tracef("CredentialStoreCredentialSource: obtaining credential: type = %s algorithm = %s exists = %b", alias, credentialType, credentialStore.exists(alias, credentialType)); } return credentialStore.retrieve(alias, credentialType, algorithmName, parameterSpec); } catch (UnsupportedCredentialTypeException e) { return null; } catch (GeneralSecurityException e) { throw log.unableToReadCredential(e); } } }
/** * Create an instance of {@link CredentialStore} and initialize it. * * @return the new instance * @throws GeneralSecurityException if instantiation fails for some reason */ @Override public CredentialStore get() throws ConfigXMLParseException { final CredentialStore credentialStore; try { if (providers != null) { credentialStore = providerName != null ? CredentialStore.getInstance(type, providerName, providers) : CredentialStore.getInstance(type, providers); } else { credentialStore = providerName != null ? CredentialStore.getInstance(type, providerName) : CredentialStore.getInstance(type); } credentialStore.initialize(attributes, credentialSource == null ? null : new CredentialStore.CredentialSourceProtectionParameter(credentialSource.get())); } catch (GeneralSecurityException e) { throw xmlLog.xmlFailedToCreateCredentialStore(location, e); } return credentialStore; }
/** * Remove the credentialType with from given alias matching the given criteria from the store. * * @param credentialAlias alias to remove credential(s) from * @param credentialType credential type to match (must not be {@code null}) * @param credentialAlgorithm the algorithm name to match, or {@code null} to match any * @throws CredentialStoreException if credential removal fails */ public void remove(String credentialAlias, Class<? extends Credential> credentialType, String credentialAlgorithm) throws CredentialStoreException { remove(credentialAlias, credentialType, credentialAlgorithm, null); }
CredentialStore credentialStore = credentialStoreService.getValue(); if (entryType == null || entryType.equals(PasswordCredential.class.getCanonicalName())) { if (credentialStore.exists(alias, PasswordCredential.class)) { throw ROOT_LOGGER.credentialAlreadyExists(alias, PasswordCredential.class.getName()); String alias = ALIAS.resolveModelAttribute(context, operation).asString(); CredentialStore credentialStore = credentialStoreService.getValue(); PasswordCredential retrieved = credentialStore.retrieve(alias, PasswordCredential.class); if (retrieved == null) { throw ROOT_LOGGER.credentialDoesNotExist(alias, PasswordCredential.class.getName()); credentialStore.remove(alias, PasswordCredential.class); context.addResponseWarning(Level.WARNING, ROOT_LOGGER.updateDependantServices(alias)); try { credentialStore.flush(); } catch (CredentialStoreException e) { credentialStore.store(alias, retrieved); throw e; if ( ! credentialStore.exists(alias, PasswordCredential.class)) { throw ROOT_LOGGER.credentialDoesNotExist(alias, PasswordCredential.class.getName());
/** * Retrieve credential stored in the store under the key and of the credential type * @param credentialAlias to find the credential in the store * @param credentialType - credential type to retrieve from under the credentialAlias from the store * @param <C> the class of type to which should be credential casted * @return instance of {@link Credential} stored in the store * @throws CredentialStoreException - if credentialAlias credentialType combination doesn't exist or credentialAlias cannot be retrieved * @throws UnsupportedCredentialTypeException when the credentialType is not supported */ public <C extends Credential> C retrieve(String credentialAlias, Class<C> credentialType) throws CredentialStoreException, UnsupportedCredentialTypeException { return retrieve(credentialAlias, credentialType, null, null, null); }
/** * Get a {@code CredentialStore} instance. The returned CredentialStore object will implement the given algorithm. * * @param algorithm the name of the algorithm * @return a {@code CredentialStore} instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static CredentialStore getInstance(String algorithm) throws NoSuchAlgorithmException { return getInstance(algorithm, INSTALLED_PROVIDERS); }
for (String csAlias : cs.getAliases()) { writer.print(csAlias); writer.print(separator); if (cs.exists(alias, PasswordCredential.class)) { Password password = cs.retrieve(alias, PasswordCredential.class).getPassword(); if (password instanceof ClearPassword) { clearPassword = new String(((ClearPassword) password).getPassword());
/** * Initialize Credential Store service with given attributes. * This procedure should set {@link CredentialStoreSpi#initialized} after successful initialization. * * @param attributes attributes to used to pass information to Credential Store service * @param protectionParameter the protection parameter to use when accessing the store * @throws CredentialStoreException if initialization fails due to any reason */ public void initialize(Map<String, String> attributes, ProtectionParameter protectionParameter) throws CredentialStoreException { initialize(attributes, protectionParameter, null); }
private static void storeSecret(CredentialStore credentialStore, String alias, String secretValue) throws CredentialStoreException { char[] secret = secretValue != null ? secretValue.toCharArray() : new char[0]; credentialStore.store(alias, createCredentialFromPassword(secret)); try { credentialStore.flush(); } catch (CredentialStoreException e) { // operation fails, remove the entry from the store, to avoid an inconsistency between // the store on the FS and in the memory credentialStore.remove(alias, PasswordCredential.class); throw e; } }
/** * Flush the contents of this credential store to storage. This method may be a no-op on credential stores * without backing storage or which do not buffer changes. * * @throws CredentialStoreException if flushing the store fails for some reason */ public void flush() throws CredentialStoreException { if (isModifiable()) { spi.flush(); } else { throw log.nonModifiableCredentialStore("flush"); } }
public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws IOException { Assert.checkNotNullParam("credentialType", credentialType); try { final CredentialStore credentialStore = credentialStoreFactory.create(); return credentialStore.exists(alias, credentialType) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED; } catch (UnsupportedCredentialTypeException e) { return SupportLevel.UNSUPPORTED; } catch (GeneralSecurityException e) { throw log.unableToReadCredential(e); } }
/** * Get a {@code CredentialStore} instance. The returned CredentialStore object will implement the given algorithm. * * @param algorithm the name of the algorithm * @param provider the provider to use * @return a {@code CredentialStore} instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static CredentialStore getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException { final Provider.Service service = provider.getService(CREDENTIAL_STORE_TYPE, algorithm); if (service == null) throw new NoSuchAlgorithmException(algorithm); return new CredentialStore(provider, (CredentialStoreSpi) service.newInstance(null), algorithm); }
/** * Store credential to the store under the given alias. If given alias already contains specific credential type type the credential * replaces older one. <em>Note:</em> {@link CredentialStoreSpi} supports storing of multiple entries (credential types) per alias. * Each must be of different credential type. * @param credentialAlias to store the credential to the store * @param credential instance of {@link Credential} to store * @param <C> the class of type to which should be credential casted * @throws CredentialStoreException when the credential cannot be stored * @throws UnsupportedCredentialTypeException when the credentialType is not supported */ public <C extends Credential> void store(String credentialAlias, C credential) throws CredentialStoreException, UnsupportedCredentialTypeException { store(credentialAlias, credential, null); }
@Override public void start(StartContext startContext) throws StartException { Path loc = location == null ? null : resolveLocation(); try { ROOT_LOGGER.tracef("starting CredentialStore: name = %s", name); credentialStoreAttributes.put(CS_LOCATION_ATTRIBUTE, loc == null ? null : loc.toAbsolutePath().toString()); CredentialStore cs = getCredentialStoreInstance(); Provider[] otherProvidersArr = otherProviders.getOptionalValue(); if (ROOT_LOGGER.isTraceEnabled()) { ROOT_LOGGER.tracef( "initializing CredentialStore: name = %s type = %s provider = %s otherProviders = %s attributes = %s", name, type, provider, Arrays.toString(otherProvidersArr), credentialStoreAttributes ); } synchronized (EmptyProvider.getInstance()) { cs.initialize(credentialStoreAttributes, resolveCredentialStoreProtectionParameter(), otherProvidersArr); } if (credentialStoreAttributes.get(ElytronDescriptionConstants.CREATE).equals("true") && loc != null && !loc.toFile().exists()){ ROOT_LOGGER.tracef("CredentialStore %s does not exist, creating", name); cs.flush(); } credentialStore.set(cs); ROOT_LOGGER.tracef("CredentialStore started: name = %s credentialStore = %s", name, cs); } catch (Exception e) { throw ElytronSubsystemMessages.ROOT_LOGGER.unableToStartService(e); } }
/** * Retrieve credential stored in the store under the key and of the credential type. * * @param credentialAlias to find the credential in the store * @param credentialType credential type to retrieve from under the credentialAlias from the store * @param credentialAlgorithm the credential algorithm to match, or {@code null} to match any * @param <C> the class of type to which should be credential casted * @return instance of {@link Credential} stored in the store * @throws CredentialStoreException if credentialAlias credentialType combination doesn't exist or credentialAlias cannot be retrieved */ public <C extends Credential> C retrieve(String credentialAlias, Class<C> credentialType, String credentialAlgorithm) throws CredentialStoreException { return retrieve(credentialAlias, credentialType, credentialAlgorithm, null, null); }
/** * Get a {@code CredentialStore} instance. The returned CredentialStore object will implement the given algorithm. * * @param algorithm the name of the algorithm * @param providerName the name of the provider to use * @return a {@code CredentialStore} instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations * @throws NoSuchProviderException if given provider name cannot match any registered {@link Provider} */ public static CredentialStore getInstance(String algorithm, String providerName) throws NoSuchAlgorithmException, NoSuchProviderException { final Provider provider = Security.getProvider(providerName); if (provider == null) throw new NoSuchProviderException(providerName); return getInstance(algorithm, provider); }
/** * Initialize Credential Store service with given attributes. * This procedure should set {@link CredentialStoreSpi#initialized} after successful initialization. * * @param attributes attributes to used to pass information to Credential Store service * @throws CredentialStoreException if initialization fails due to any reason */ public void initialize(Map<String, String> attributes) throws CredentialStoreException { initialize(attributes, null); }
/** * Remove the credentialType with from given alias matching the given criteria from the store. * * @param credentialAlias alias to remove credential(s) from * @param credentialType credential type to match (must not be {@code null}) * @param credentialAlgorithm the algorithm name to match, or {@code null} to match any * @param parameterSpec the parameters to match, or {@code null} to match any * @throws CredentialStoreException if credential removal fails */ public void remove(String credentialAlias, Class<? extends Credential> credentialType, String credentialAlgorithm, AlgorithmParameterSpec parameterSpec) throws CredentialStoreException { if (isModifiable()) { spi.remove(credentialAlias, credentialType, credentialAlgorithm, parameterSpec); } else { throw log.nonModifiableCredentialStore("remove"); } }
public SupportLevel getCredentialAcquireSupport(final Class<? extends Credential> credentialType, final String algorithmName, final AlgorithmParameterSpec parameterSpec) throws IOException { Assert.checkNotNullParam("credentialType", credentialType); try { final CredentialStore credentialStore = credentialStoreFactory.create(); return credentialStore.exists(alias, credentialType) ? SupportLevel.POSSIBLY_SUPPORTED : SupportLevel.UNSUPPORTED; } catch (UnsupportedCredentialTypeException e) { return SupportLevel.UNSUPPORTED; } catch (GeneralSecurityException e) { throw log.unableToReadCredential(e); } }
/** * Get a {@code CredentialStore} instance. The returned CredentialStore object will implement the given algorithm. * * @param algorithm the name of the algorithm * @param providers supplier of provider instances to search. * @return a {@code CredentialStore} instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static CredentialStore getInstance(String algorithm, Supplier<Provider[]> providers) throws NoSuchAlgorithmException { checkNotNullParam("providers", providers); for (Provider provider : providers.get()) { final Provider.Service service = provider.getService(CREDENTIAL_STORE_TYPE, algorithm); if (service != null) { return new CredentialStore(provider, (CredentialStoreSpi) service.newInstance(null), algorithm); } } throw new NoSuchAlgorithmException(); }