@Override public Key getKey(String alias) throws IOException { assertActivatedKeyStore(); try { char[] passwd = securityManager.getMasterPassword(); try { return ks.getKey(alias, passwd); } finally { securityManager.disposePassword(passwd); } } catch (Exception e) { throw new IOException(e); } }
/** * Get master password for REST configuraton * * <p>The method inspects the stack trace to check for an authorized calling method. The * authenticated principal has to be an administrator * * <p>If authorization fails, an IOException is thrown * * @throws IOException */ public char[] getMasterPasswordForREST() throws IOException { if (checkAuthenticationForAdminRole() == false) { throw new IOException("Unauthorized user tries to read master password"); } String[][] allowedMethods = new String[][] { {"org.geoserver.rest.security.MasterPasswordController", "masterPasswordGet"} }; String result = checkStackTrace(10, allowedMethods); if (result != null) { throw new IOException("Unauthorized method wants to read master password\n" + result); } return getMasterPassword(); }
@Override public void setSecretKey(String alias, char[] key) throws IOException { assertActivatedKeyStore(); SecretKey mySecretKey = new SecretKeySpec(toBytes(key), "PBE"); KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(mySecretKey); char[] passwd = securityManager.getMasterPassword(); try { ks.setEntry(alias, skEntry, new KeyStore.PasswordProtection(passwd)); } catch (KeyStoreException e) { throw new IOException(e); } finally { securityManager.disposePassword(passwd); } }
/** Accessor for the geoserver master password. */ protected String getMasterPassword() { return new String(getSecurityManager().getMasterPassword()); } }
@Override public void storeKeyStore() throws IOException { // store away the keystore assertActivatedKeyStore(); try (OutputStream fos = getResource().out()) { char[] passwd = securityManager.getMasterPassword(); try { ks.store(fos, passwd); } catch (Exception e) { throw new IOException(e); } finally { securityManager.disposePassword(passwd); } } }
/** Accessor for the geoserver master password. */ protected String getMasterPassword() { return new String(getSecurityManager().getMasterPassword()); } }
UserDetails prepareForRootUser() { char[] mpw = null; try { mpw = manager.getMasterPassword(); String a1 = encodePasswordInA1Format( GeoServerUser.ROOT_USERNAME, GeoServerSecurityManager.REALM, mpw); return new UserDetailsPasswordWrapper(GeoServerUser.createRoot(), a1); } finally { if (mpw != null) manager.disposePassword(mpw); } }
writeMasterPasswordInfo(file, message, getMasterPassword()); return true;
String loadMasterPasswordDigest() throws IOException { // look for file Resource pwDigestFile = security().get(MASTER_PASSWD_DIGEST_FILENAME); if (pwDigestFile.getType() == Type.RESOURCE) { InputStream fin = pwDigestFile.in(); try { return IOUtils.toString(fin); } finally { fin.close(); } } else { // compute and store char[] masterPasswd = getMasterPassword(); try { return computeAndSaveMasterPasswordDigest(masterPasswd); } finally { disposePassword(masterPasswd); } } }
if (ks != null) return; char[] passwd = securityManager.getMasterPassword(); try { ks = KeyStore.getInstance(KEYSTORETYPE);
char[] passwd = securityManager.getMasterPassword();
@Test public void testMasterPasswordDumpNotOverwrite() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); File f = File.createTempFile("masterpw", "info"); try (FileOutputStream os = new FileOutputStream(f)) { os.write("This should not be overwritten!".getBytes(StandardCharsets.UTF_8)); } try { assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); dumpPWInfoFile(f); assertTrue(masterPWInfoFileContains(f, "This should not be overwritten!")); assertFalse(masterPWInfoFileContains(f, new String(secMgr.getMasterPassword()))); } finally { f.delete(); } }
@Test public void testMasterPasswordDump() throws Exception { GeoServerSecurityManager secMgr = getSecurityManager(); File f = File.createTempFile("masterpw", "info"); f.delete(); try { assertFalse(secMgr.dumpMasterPassword(Files.asResource(f))); TestingAuthenticationToken auth = new TestingAuthenticationToken( "admin", "geoserver", (List) Arrays.asList(GeoServerRole.ADMIN_ROLE)); auth.setAuthenticated(true); SecurityContextHolder.getContext().setAuthentication(auth); assertTrue(secMgr.dumpMasterPassword(Files.asResource(f))); dumpPWInfoFile(f); assertTrue(masterPWInfoFileContains(f, new String(secMgr.getMasterPassword()))); } finally { f.delete(); } }
assertEquals("defaultKey", new String(ksp.getUserGroupKey("default"))); assertTrue(ksp.isKeyStorePassword(getSecurityManager().getMasterPassword())); assertFalse(ksp.isKeyStorePassword("blabla".toCharArray()));