() {
+ public SecurityVault run() throws Exception {
+ if (fqn == null || fqn.isEmpty()) {
+ return SecurityVaultFactory.get();
+ } else {
+ return SecurityVaultFactory.get(fqn);
+ }
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ Throwable t = e.getCause();
+ if (t instanceof SecurityVaultException) {
+ throw new VaultReaderException("Vault Reader Exception", t);
+ }
+ if (t instanceof RuntimeException) {
+ throw new RuntimeException("Runtime Exception:", t);
+ }
+ throw new RuntimeException("Runtime Exception:", t);
+ }
+ try {
+ vault.init(vaultOptions);
+ } catch (SecurityVaultException e) {
+ throw new VaultReaderException("Vault Reader Exception", e);
+ }
+ this.vault = vault;
+ }
+
+ public void destroyVault() {
+ vault = null;
+ }
+
+ public String retrieveFromVault(final String password) throws SecurityException {
+ if (isVaultFormat(password)) {
+
+ if (vault == null) {
+ throw new SecurityException("Vault is not initialized");
+ }
+
+ try {
+ return getValueAsString(password);
+ } catch (SecurityVaultException e) {
+ throw new SecurityException("Security Exception", e);
+ }
+
+ }
+ return password;
+ }
+
+ private String getValueAsString(String vaultString) throws SecurityVaultException {
+ char[] val = getValue(vaultString);
+ if (val != null)
+ return new String(val);
+ return null;
+ }
+
+ public boolean isVaultFormat(String str) {
+ return str != null && VAULT_PATTERN.matcher(str).matches();
+ }
+
+ private char[] getValue(String vaultString) throws SecurityVaultException {
+ String[] tokens = tokens(vaultString);
+ byte[] sharedKey = null;
+ if (tokens.length > 2) {
+ // only in case of conversion of old vault implementation
+ sharedKey = tokens[3].getBytes(VaultSession.CHARSET);
+ }
+ return vault.retrieve(tokens[1], tokens[2], sharedKey);
+ }
+
+ private String[] tokens(String vaultString) {
+ StringTokenizer tokenizer = new StringTokenizer(vaultString, "::");
+ int length = tokenizer.countTokens();
+ String[] tokens = new String[length];
+
+ int index = 0;
+ while (tokenizer != null && tokenizer.hasMoreTokens()) {
+ tokens[index++] = tokenizer.nextToken();
+ }
+ return tokens;
+ }
+
+ public String getKeystore_url() {
+ return keystore_url;
+ }
+
+ public void setKeystore_url(String keystore_url) {
+ this.keystore_url = keystore_url;
+ }
+
+ public String getKeystore_password() {
+ return keystore_password;
+ }
+
+ public void setKeystore_password(String keystore_password) {
+ this.keystore_password = keystore_password;
+ }
+
+ public String getKeystore_alias() {
+ return keystore_alias;
+ }
+
+ public void setKeystore_alias(String keystore_alias) {
+ this.keystore_alias = keystore_alias;
+ }
+
+ public String getSalt() {
+ return salt;
+ }
+
+ public void setSalt(String salt) {
+ this.salt = salt;
+ }
+
+ public String getIteration_count() {
+ return iteration_count;
+ }
+
+ public void setIteration_count(String iteration_count) {
+ this.iteration_count = iteration_count;
+ }
+
+ public String getEnc_file_dir() {
+ return enc_file_dir;
+ }
+
+ public void setEnc_file_dir(String enc_file_dir) {
+ this.enc_file_dir = enc_file_dir;
+ }
+}
Index: security/src/main/org/jboss/security/vault/RuntimeVaultServiceMBean.java
===================================================================
--- security/src/main/org/jboss/security/vault/RuntimeVaultServiceMBean.java (revision 0)
+++ security/src/main/org/jboss/security/vault/RuntimeVaultServiceMBean.java (working copy)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.security.vault;
+
+import javax.management.ObjectName;
+
+import org.jboss.mx.util.ObjectNameFactory;
+import org.jboss.system.ServiceMBean;
+
+public interface RuntimeVaultServiceMBean extends ServiceMBean {
+
+ ObjectName OBJECT_NAME = ObjectNameFactory.create("jboss:service=RuntimeVaultService");
+
+ public String getKeystore_url();
+
+ public void setKeystore_url(String keystore_url);
+
+ public String getKeystore_password();
+
+ public void setKeystore_password(String keystore_password);
+
+ public String getKeystore_alias();
+
+ public void setKeystore_alias(String keystore_alias);
+
+ public String getSalt();
+
+ public void setSalt(String salt);
+
+ public String getIteration_count();
+
+ public void setIteration_count(String iteration_count);
+
+ public String getEnc_file_dir();
+
+ public void setEnc_file_dir(String enc_file_dir);
+
+ public void performRuntime();
+}
Index: security/src/main/org/jboss/security/vault/VaultInteraction.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultInteraction.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultInteraction.java (working copy)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.io.Console;
+import java.util.Scanner;
+
+import org.jboss.security.vault.SecurityVault;
+
+/**
+ * Interaction with initialized {@link SecurityVault} via the {@link VaultTool}
+ *
+ * @author Anil Saldhana
+ */
+public class VaultInteraction {
+
+ private VaultSession vaultNISession;
+
+ public VaultInteraction(VaultSession vaultSession) {
+ this.vaultNISession = vaultSession;
+ }
+
+ public void start() {
+ Console console = System.console();
+
+ if (console == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ Scanner in = new Scanner(System.in);
+ while (true) {
+ String commandStr = "Please enter a Digit:: 0: Store a secured attribute " + " 1: Check whether a secured attribute exists "
+ + " 2: Exit";
+
+ System.out.println(commandStr);
+ int choice = in.nextInt();
+ switch (choice) {
+ case 0:
+ System.out.println("Task: Store a secured attribute");
+ char[] attributeValue = VaultInteractiveSession.getSensitiveValue("Please enter secured attribute value (such as password)");
+ String vaultBlock = null;
+
+ while (vaultBlock == null || vaultBlock.length() == 0) {
+ vaultBlock = console.readLine("Enter Vault Block:");
+ }
+
+ String attributeName = null;
+
+ while (attributeName == null || attributeName.length() == 0) {
+ attributeName = console.readLine("Enter Attribute Name:");
+ }
+ try {
+ vaultNISession.addSecuredAttributeWithDisplay(vaultBlock, attributeName, attributeValue);
+ } catch (Exception e) {
+ System.out.println("Exception occurred:" + e.getLocalizedMessage());
+ }
+ break;
+ case 1:
+ System.out.println("Task: Verify whether a secured attribute exists");
+ try {
+ vaultBlock = null;
+
+ while (vaultBlock == null || vaultBlock.length() == 0) {
+ vaultBlock = console.readLine("Enter Vault Block:");
+ }
+
+ attributeName = null;
+
+ while (attributeName == null || attributeName.length() == 0) {
+ attributeName = console.readLine("Enter Attribute Name:");
+ }
+ if (!vaultNISession.checkSecuredAttribute(vaultBlock, attributeName))
+ System.out.println("No value has been store for (" + vaultBlock + ", " + attributeName + ")");
+ else
+ System.out.println("A value exists for (" + vaultBlock + ", " + attributeName + ")");
+ } catch (Exception e) {
+ System.out.println("Exception occurred:" + e.getLocalizedMessage());
+ }
+ break;
+ default:
+ System.exit(0);
+ }
+ }
+ }
+}
\ No newline at end of file
Index: security/src/main/org/jboss/security/vault/VaultInteractiveSession.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultInteractiveSession.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultInteractiveSession.java (working copy)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.io.Console;
+import java.util.Arrays;
+
+/**
+ * An interactive session for {@link VaultTool}
+ *
+ * @author Anil Saldhana
+ */
+public class VaultInteractiveSession {
+
+ private String salt, keystoreURL, encDir, keystoreAlias;
+ private int iterationCount = 0;
+
+ // vault non-interactive session
+ private VaultSession vaultNISession = null;
+
+ public VaultInteractiveSession() {
+ }
+
+ public void start() {
+ Console console = System.console();
+
+ if (console == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ while (encDir == null || encDir.length() == 0) {
+ encDir = console
+ .readLine("Enter directory to store encrypted files:");
+ }
+
+ while (keystoreURL == null || keystoreURL.length() == 0) {
+ keystoreURL = console.readLine("Enter Keystore URL:");
+ }
+
+ char[] keystorePasswd = getSensitiveValue("Enter Keystore password");
+
+ try {
+ while (salt == null || salt.length() != 8) {
+ salt = console.readLine("Enter 8 character salt:");
+ }
+
+ String ic = console.readLine("Enter iteration count as a number (Eg: 44):");
+ iterationCount = Integer.parseInt(ic);
+ vaultNISession = new VaultSession(keystoreURL, new String(keystorePasswd), encDir, salt, iterationCount);
+
+ while (keystoreAlias == null || keystoreAlias.length() == 0) {
+ keystoreAlias = console.readLine("Enter Keystore Alias:");
+ }
+
+ System.out.println("Initializing Vault");
+ vaultNISession.startVaultSession(keystoreAlias);
+ vaultNISession.vaultConfigurationDisplay();
+
+ System.out.println("Vault is initialized and ready for use");
+ System.out.println("Handshake with Vault complete");
+
+ VaultInteraction vaultInteraction = new VaultInteraction(vaultNISession);
+ vaultInteraction.start();
+ } catch (Exception e) {
+ System.out.println("Exception encountered:" + e.getLocalizedMessage());
+ }
+ }
+
+ public static char[] getSensitiveValue(String passwordPrompt) {
+ while (true) {
+ if (passwordPrompt == null)
+ passwordPrompt = "Enter your password";
+
+ Console console = System.console();
+
+ char[] passwd = console.readPassword(passwordPrompt + ": ");
+ char[] passwd1 = console.readPassword(passwordPrompt + " again: ");
+ boolean noMatch = !Arrays.equals(passwd, passwd1);
+ if (noMatch)
+ System.out.println("Values entered don't match");
+ else {
+ System.out.println("Values match");
+ return passwd;
+ }
+ }
+ }
+
+}
\ No newline at end of file
Index: security/src/main/org/jboss/security/vault/VaultReader.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultReader.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultReader.java (working copy)
@@ -0,0 +1,51 @@
+/*
+* JBoss, Home of Professional Open Source.
+* Copyright 2011, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.security.vault;
+
+import java.util.Map;
+
+/**
+ *
+ * @author Kabir Khan
+ */
+public interface VaultReader {
+ boolean isVaultFormat(String encrypted);
+
+ /**
+ * Unmasks vaulted data. Vaulted data has the format {@code VAULT::vault_block::attribute_name::sharedKey}
+ *
+ *
+ * Vault Block acts as the unique id of a block such as "messaging", "security" etc Attribute Name is the name of the
+ * attribute whose value we are preserving Shared Key is the key generated by the off line vault during storage of the
+ * attribute value
+ *
+ *
+ * @param encrypted the masked data, may be {@code null}
+ * @return the unmasked data, or the original data if it is not vault data
+ */
+ String retrieveFromVault(String encrypted);
+
+ void createVault(final String fqn, final Map options) throws VaultReaderException;
+
+ void destroyVault();
+
+}
Index: security/src/main/org/jboss/security/vault/VaultReaderException.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultReaderException.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultReaderException.java (working copy)
@@ -0,0 +1,34 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright (c) 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+/**
+ * @author Carlo de Wolf
+ */
+public class VaultReaderException extends Exception {
+ public VaultReaderException(Throwable cause) {
+ super(cause);
+ }
+ public VaultReaderException(String message, Throwable cause) {
+ super(message,cause);
+ }
+}
Index: security/src/main/org/jboss/security/vault/VaultSession.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultSession.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultSession.java (working copy)
@@ -0,0 +1,325 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2012, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.security.vault;
+
+import java.io.File;
+import java.nio.charset.Charset;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.jboss.security.plugins.PBEUtils;
+import org.jboss.security.vault.SecurityVault;
+import org.jboss.security.vault.SecurityVaultException;
+import org.jboss.security.vault.SecurityVaultFactory;
+import org.jboss.security.plugins.vault.PicketBoxSecurityVault;
+
+/**
+ * Non-interactive session for {@link VaultTool}
+ *
+ * @author Peter Skopek
+ *
+ */
+public final class VaultSession {
+
+ public static final String VAULT_ENC_ALGORITHM = "PBEwithMD5andDES";
+
+ public static final Charset CHARSET = Charset.forName("UTF-8");
+
+ private String keystoreURL;
+ private String keystorePassword;
+ private String keystoreMaskedPassword;
+ private String encryptionDirectory;
+ private String salt;
+ private int iterationCount;
+
+ private SecurityVault vault;
+ private String vaultAlias;
+
+ /**
+ * Constructor to create VaultSession.
+ *
+ * @param keystoreURL
+ * @param keystorePassword
+ * @param encryptionDirectory
+ * @param salt
+ * @param iterationCount
+ * @throws Exception
+ */
+ public VaultSession(String keystoreURL, String keystorePassword, String encryptionDirectory, String salt, int iterationCount)
+ throws Exception {
+ this.keystoreURL = keystoreURL;
+ this.keystorePassword = keystorePassword;
+ this.encryptionDirectory = encryptionDirectory;
+ this.salt = salt;
+ this.iterationCount = iterationCount;
+ validate();
+ }
+
+ /**
+ * Validate fields sent to this class's constructor.
+ */
+ private void validate() throws Exception {
+ validateKeystoreURL();
+ validateEncryptionDirectory();
+ validateSalt();
+ validateIterationCount();
+ validateKeystorePassword();
+ }
+
+ protected void validateKeystoreURL() throws Exception {
+
+ File f = new File(keystoreURL);
+ if (!f.exists()) {
+ throw new Exception("Keystore [" + keystoreURL + "] doesn't exist."
+ + "\nkeystore could be created: "
+ + "keytool -genseckey -alias vault -storetype jceks -keyalg AES -keysize 128 -storepass secretsecret -keypass secretsecret -keystore "
+ + keystoreURL);
+ } else if (!f.canWrite() || !f.isFile()) {
+ throw new Exception("Keystore [" + keystoreURL + "] is not writable or not a file.");
+ }
+ }
+
+ protected void validateKeystorePassword() throws Exception {
+ if (keystorePassword == null) {
+ throw new Exception("Keystore password has to be specified.");
+ }
+ }
+
+ protected void validateEncryptionDirectory() throws Exception {
+ if (encryptionDirectory == null) {
+ throw new Exception("Encryption directory has to be specified.");
+ }
+ if (!encryptionDirectory.endsWith("/") || encryptionDirectory.endsWith("\\")) {
+ encryptionDirectory = encryptionDirectory + (System.getProperty("file.separator", "/"));
+ }
+ File d = new File(encryptionDirectory);
+ if (!d.exists()) {
+ if (!d.mkdirs()) {
+ throw new Exception("Cannot create encryption directory " + d.getAbsolutePath());
+ }
+ }
+ if (!d.isDirectory()) {
+ throw new Exception("Encryption directory is not a directory or doesn't exist. (" + encryptionDirectory + ")");
+ }
+ }
+
+ protected void validateIterationCount() throws Exception {
+ if (iterationCount < 1 && iterationCount > Integer.MAX_VALUE) {
+ throw new Exception("Iteration count has to be withing 1 - " + Integer.MAX_VALUE + ", but is " + iterationCount
+ + ".");
+ }
+ }
+
+ protected void validateSalt() throws Exception {
+ if (salt == null || salt.length() != 8) {
+ throw new Exception("Salt has to be exactly 8 characters long.");
+ }
+ }
+
+ /**
+ * Method to compute masked password based on class attributes.
+ *
+ * @return masked password prefixed with {link @PicketBoxSecurityVault.PASS_MASK_PREFIX}.
+ * @throws Exception
+ */
+ private String computeMaskedPassword() throws Exception {
+
+ // Create the PBE secret key
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(VAULT_ENC_ALGORITHM);
+
+ char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ String maskedPass = PBEUtils.encode64(keystorePassword.getBytes(), VAULT_ENC_ALGORITHM, cipherKey, cipherSpec);
+
+ return PicketBoxSecurityVault.PASS_MASK_PREFIX + maskedPass;
+ }
+
+ /**
+ * Initialize the underlying vault.
+ *
+ * @throws Exception
+ */
+ private void initSecurityVault() throws Exception {
+ try {
+ this.vault = SecurityVaultFactory.get();
+ this.vault.init(getVaultOptionsMap());
+ handshake();
+ } catch (SecurityVaultException e) {
+ throw new Exception("Exception encountered:" + e.getLocalizedMessage(), e);
+ }
+ }
+
+ /**
+ * Start the vault with given alias.
+ *
+ * @param vaultAlias
+ * @throws Exception
+ */
+ public void startVaultSession(String vaultAlias) throws Exception {
+ if (vaultAlias == null) {
+ throw new Exception("Vault alias has to be specified.");
+ }
+ this.keystoreMaskedPassword = computeMaskedPassword();
+ this.vaultAlias = vaultAlias;
+ initSecurityVault();
+ }
+
+ private Map getVaultOptionsMap() {
+ Map options = new HashMap();
+ options.put(PicketBoxSecurityVault.KEYSTORE_URL, keystoreURL);
+ options.put(PicketBoxSecurityVault.KEYSTORE_PASSWORD, keystoreMaskedPassword);
+ options.put(PicketBoxSecurityVault.KEYSTORE_ALIAS, vaultAlias);
+ options.put(PicketBoxSecurityVault.SALT, salt);
+ options.put(PicketBoxSecurityVault.ITERATION_COUNT, Integer.toString(iterationCount));
+ options.put(PicketBoxSecurityVault.ENC_FILE_DIR, encryptionDirectory);
+ return options;
+ }
+
+ private void handshake() throws SecurityVaultException {
+ Map handshakeOptions = new HashMap();
+ handshakeOptions.put(PicketBoxSecurityVault.PUBLIC_CERT, vaultAlias);
+ vault.handshake(handshakeOptions);
+ }
+
+ /**
+ * Add secured attribute to specified vault block. This method can be called only after successful
+ * startVaultSession() call.
+ *
+ * @param vaultBlock
+ * @param attributeName
+ * @param attributeValue
+ * @return secured attribute configuration
+ */
+ public String addSecuredAttribute(String vaultBlock, String attributeName, char[] attributeValue) throws Exception {
+ vault.store(vaultBlock, attributeName, attributeValue, null);
+ return securedAttributeConfigurationString(vaultBlock, attributeName);
+ }
+
+ /**
+ * Add secured attribute to specified vault block. This method can be called only after successful
+ * startVaultSession() call.
+ * After successful storage the secured attribute information will be displayed at standard output.
+ * For silent method @see addSecuredAttribute
+ *
+ * @param vaultBlock
+ * @param attributeName
+ * @param attributeValue
+ * @throws Exception
+ */
+ public void addSecuredAttributeWithDisplay(String vaultBlock, String attributeName, char[] attributeValue) throws Exception {
+ vault.store(vaultBlock, attributeName, attributeValue, null);
+ attributeCreatedDisplay(vaultBlock, attributeName);
+ }
+
+ /**
+ * Check whether secured attribute is already set for given vault block and attribute name. This method can be called only after
+ * successful startVaultSession() call.
+ *
+ * @param vaultBlock
+ * @param attributeName
+ * @return true is password already exists for given vault block and attribute name.
+ * @throws Exception
+ */
+ public boolean checkSecuredAttribute(String vaultBlock, String attributeName) throws Exception {
+ return vault.exists(vaultBlock, attributeName);
+ }
+
+ /**
+ * Display info about stored secured attribute.
+ *
+ * @param vaultBlock
+ * @param attributeName
+ */
+ private void attributeCreatedDisplay(String vaultBlock, String attributeName) {
+ System.out.println("Secured attribute value has been stored in vault. ");
+ System.out.println("Please make note of the following:");
+ System.out.println("********************************************");
+ System.out.println("Vault Block:" + vaultBlock);
+ System.out.println("Attribute Name:" + attributeName);
+ System.out.println("Configuration should be done as follows:");
+ System.out.println(securedAttributeConfigurationString(vaultBlock, attributeName));
+ System.out.println("********************************************");
+ }
+
+
+ /**
+ * Returns configuration string for secured attribute.
+ *
+ * @param vaultBlock
+ * @param attributeName
+ * @return
+ */
+ private String securedAttributeConfigurationString(String vaultBlock, String attributeName) {
+ return "VAULT::" + vaultBlock + "::" + attributeName + "::1";
+ }
+
+ /**
+ * Display info about vault itself in form of EAP5 configuration file.
+ */
+ public void vaultConfigurationDisplay() {
+ System.out.println("Vault Configuration in EAP5 server/xxx/conf/jboss-service.xml:");
+ System.out.println("********************************************");
+ System.out.println("...");
+ System.out.println(" ");
+ System.out.print(vaultConfiguration());
+ System.out.println(" ...");
+ System.out.println("********************************************");
+ }
+
+ /**
+ * Returns vault configuration string in user readable form.
+ *
+ * @return
+ */
+ public String vaultConfiguration() {
+ StringBuilder sb = new StringBuilder();
+ sb.append(" ").append("\n");
+ sb.append(" " + keystoreURL + "").append("\n");
+ sb.append(" " + keystoreMaskedPassword + "").append("\n");
+ sb.append(" " + vaultAlias + "").append("\n");
+ sb.append(" " + salt + "").append("\n");
+ sb.append(" " + iterationCount + "").append("\n");
+ sb.append(" " + encryptionDirectory + "").append("\n");
+ sb.append(" ").append("\n");
+ return sb.toString();
+ }
+
+ /**
+ * Method to get keystore masked password to use further in configuration.
+ * Has to be used after {@link startVaultSession} method.
+ *
+ * @return the keystoreMaskedPassword
+ */
+ public String getKeystoreMaskedPassword() {
+ return keystoreMaskedPassword;
+ }
+}
Index: security/src/main/org/jboss/security/vault/VaultTool.java
===================================================================
--- security/src/main/org/jboss/security/vault/VaultTool.java (revision 0)
+++ security/src/main/org/jboss/security/vault/VaultTool.java (working copy)
@@ -0,0 +1,223 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2011, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.security.vault;
+
+import java.io.Console;
+import java.util.Scanner;
+
+import org.apache.commons.cli.CommandLine;
+import org.apache.commons.cli.CommandLineParser;
+import org.apache.commons.cli.HelpFormatter;
+import org.apache.commons.cli.Option;
+import org.apache.commons.cli.OptionGroup;
+import org.apache.commons.cli.Options;
+import org.apache.commons.cli.ParseException;
+import org.apache.commons.cli.PosixParser;
+import org.jboss.security.vault.SecurityVault;
+
+/**
+ * Command Line Tool for the default implementation of the {@link SecurityVault}
+ *
+ * @author Anil Saldhana
+ * @author Peter Skopek
+ */
+public class VaultTool {
+
+ public static final String KEYSTORE_PARAM = "keystore";
+ public static final String KEYSTORE_PASSWORD_PARAM = "keystore-password";
+ public static final String ENC_DIR_PARAM = "enc-dir";
+ public static final String SALT_PARAM = "salt";
+ public static final String ITERATION_PARAM = "iteration";
+ public static final String ALIAS_PARAM = "alias";
+ public static final String VAULT_BLOCK_PARAM = "vault-block";
+ public static final String ATTRIBUTE_PARAM = "attribute";
+ public static final String SEC_ATTR_VALUE_PARAM = "sec-attr";
+ public static final String CHECK_SEC_ATTR_EXISTS_PARAM = "check-sec-attr";
+ public static final String HELP_PARAM = "help";
+
+ private VaultInteractiveSession session = null;
+ private VaultSession nonInteractiveSession = null;
+
+ private Options options = null;
+ private CommandLineParser parser = null;
+ private CommandLine cmdLine = null;
+
+ public void setSession(VaultInteractiveSession sess) {
+ session = sess;
+ }
+
+ public VaultInteractiveSession getSession() {
+ return session;
+ }
+
+ public static void main(String[] args) {
+
+ VaultTool tool = null;
+
+ if (args != null && args.length > 0) {
+ int returnVal = 0;
+ try {
+ tool = new VaultTool(args);
+ returnVal = tool.execute();
+ if (returnVal != 100)
+ tool.summary();
+ } catch (Exception e) {
+ System.err.println("Problem occured:");
+ e.printStackTrace(System.err);
+ System.exit(1);
+ }
+ System.exit(returnVal);
+ } else {
+ tool = new VaultTool();
+
+ System.out.println("**********************************");
+ System.out.println("**** JBoss Vault ***************");
+ System.out.println("**********************************");
+
+ Console console = System.console();
+
+ if (console == null) {
+ System.err.println("No console.");
+ System.exit(1);
+ }
+
+ Scanner in = new Scanner(System.in);
+ while (true) {
+ String commandStr = "Please enter a Digit:: 0: Start Interactive Session "
+ + " 1: Remove Interactive Session " + " 2: Exit";
+
+ System.out.println(commandStr);
+ int choice = in.nextInt();
+ switch (choice) {
+ case 0:
+ System.out.println("Starting an interactive session");
+ VaultInteractiveSession vsession = new VaultInteractiveSession();
+ tool.setSession(vsession);
+ vsession.start();
+ break;
+ case 1:
+ System.out.println("Removing the current interactive session");
+ tool.setSession(null);
+ break;
+ default:
+ System.exit(0);
+ }
+ }
+
+ }
+
+ }
+
+ public VaultTool(String[] args) {
+ initOptions();
+ parser = new PosixParser();
+ try {
+ cmdLine = parser.parse(options, args, true);
+ } catch (ParseException e) {
+ System.out.println("Problem while parsing command line parameters:");
+ e.printStackTrace(System.err);
+ System.exit(2);
+ }
+ }
+
+ public VaultTool() {
+ }
+
+ /**
+ * Build options for non-interactive VaultTool usage scenario.
+ *
+ * @return
+ */
+ private void initOptions() {
+ options = new Options();
+ options.addOption("k", KEYSTORE_PARAM, true, "Keystore URL");
+ options.addOption("p", KEYSTORE_PASSWORD_PARAM, true, "Keystore password");
+ options.addOption("e", ENC_DIR_PARAM, true, "Directory containing encrypted files");
+ options.addOption("s", SALT_PARAM, true, "8 character salt");
+ options.addOption("i", ITERATION_PARAM, true, "Iteration count");
+ options.addOption("v", ALIAS_PARAM, true, "Vault keystore alias");
+ options.addOption("b", VAULT_BLOCK_PARAM, true, "Vault block");
+ options.addOption("a", ATTRIBUTE_PARAM, true, "Attribute name");
+
+ OptionGroup og = new OptionGroup();
+ Option x = new Option("x", SEC_ATTR_VALUE_PARAM, true, "Secured attribute value (such as password) to store");
+ Option c = new Option("c", CHECK_SEC_ATTR_EXISTS_PARAM, false, "Check whether the secured attribute already exists in the vault");
+ Option h = new Option("h", HELP_PARAM, false, "Help");
+ og.addOption(x);
+ og.addOption(c);
+ og.addOption(h);
+ og.setRequired(true);
+ options.addOptionGroup(og);
+ }
+
+ private int execute() throws Exception {
+
+ if (cmdLine.hasOption(HELP_PARAM)) {
+ printUsage();
+ return 100;
+ }
+
+ String keystoreURL = cmdLine.getOptionValue(KEYSTORE_PARAM, "vault.keystore");
+ String keystorePassword = cmdLine.getOptionValue(KEYSTORE_PASSWORD_PARAM, "");
+ String encryptionDirectory = cmdLine.getOptionValue(ENC_DIR_PARAM, "vault");
+ String salt = cmdLine.getOptionValue(SALT_PARAM, "12345678");
+ int iterationCount = Integer.parseInt(cmdLine.getOptionValue(ITERATION_PARAM, "23"));
+
+ nonInteractiveSession = new VaultSession(keystoreURL, keystorePassword, encryptionDirectory, salt, iterationCount);
+
+ nonInteractiveSession.startVaultSession(cmdLine.getOptionValue("alias", "vault"));
+
+ String vaultBlock = cmdLine.getOptionValue(VAULT_BLOCK_PARAM, "vb");
+ String attributeName = cmdLine.getOptionValue(ATTRIBUTE_PARAM, "password");
+
+ if (cmdLine.hasOption(CHECK_SEC_ATTR_EXISTS_PARAM)) {
+ // check password
+ if (nonInteractiveSession.checkSecuredAttribute(vaultBlock, attributeName)) {
+ System.out.println("Password already exists.");
+ return 0;
+ } else {
+ System.out.println("Password doesn't exist.");
+ return 5;
+ }
+ } else {
+ // add password
+ String password = cmdLine.getOptionValue(SEC_ATTR_VALUE_PARAM, "password");
+ nonInteractiveSession.addSecuredAttributeWithDisplay(vaultBlock, attributeName, password.toCharArray());
+ return 0;
+ }
+ }
+
+ private void summary() {
+ nonInteractiveSession.vaultConfigurationDisplay();
+ }
+
+ private void printUsage() {
+ HelpFormatter help = new HelpFormatter();
+ String suffix = (VaultTool.isWindows() ? ".bat" : ".sh");
+ help.printHelp("vault" + suffix + " | ", options, true);
+ }
+
+ public static boolean isWindows() {
+ String opsys = System.getProperty("os.name").toLowerCase();
+ return (opsys.indexOf("win") >= 0);
+ }
+}
\ No newline at end of file
Index: server/src/etc/conf/all/jboss-service.xml
===================================================================
--- server/src/etc/conf/all/jboss-service.xml (revision 114601)
+++ server/src/etc/conf/all/jboss-service.xml (working copy)
@@ -321,4 +321,18 @@
+
+
+
+
Index: testsuite/imports/sections/security.xml
===================================================================
--- testsuite/imports/sections/security.xml (revision 114601)
+++ testsuite/imports/sections/security.xml (working copy)
@@ -528,6 +528,56 @@
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
\ No newline at end of file
+
Index: testsuite/src/main/org/jboss/test/security/test/VaultPasswordUnitTestCase.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/test/VaultPasswordUnitTestCase.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/test/VaultPasswordUnitTestCase.java (working copy)
@@ -0,0 +1,185 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.test;
+
+import java.net.HttpURLConnection;
+import java.nio.file.Paths;
+import java.util.HashMap;
+
+import javax.naming.InitialContext;
+import javax.rmi.PortableRemoteObject;
+
+import junit.framework.Test;
+
+import org.apache.commons.httpclient.Cookie;
+import org.apache.commons.httpclient.Header;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.HttpState;
+import org.apache.commons.httpclient.methods.GetMethod;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.jboss.test.JBossTestCase;
+import org.jboss.test.security.vault.SimpleSessionHome;
+import org.jboss.test.security.vault.SimpleSessionObject;
+import org.jboss.test.security.vault.VaultHandler;
+
+/**
+ * @author wangchao
+ *
+ */
+public class VaultPasswordUnitTestCase extends JBossTestCase {
+
+ static final String VAULT_BLOCK = "testBlock";
+ static final String USERNAME = "user1";
+ static final String PASSWORD = "password1ForVault";
+
+ private VaultHandler vaultHandler;
+ private HttpClient httpConn = new HttpClient();
+ private HashMap attributes;
+
+ private String baseURLNoAuth;
+
+ public static Test suite() throws Exception {
+ Test test = getDeploySetup(VaultPasswordUnitTestCase.class, "vault-password.ear");
+ return test;
+ }
+
+ public VaultPasswordUnitTestCase(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ String RESOURCE_LOCATION = Paths.get(VaultPasswordUnitTestCase.class.getResource("/security/vault/ds-vault/").toURI()).toString();
+
+ baseURLNoAuth = "http://" + getServerHost() + ":" + Integer.getInteger("web.port", 8080) + "/";
+
+ log.info("RESOURCE_LOCATION=" + RESOURCE_LOCATION);
+
+ vaultHandler = new VaultHandler(RESOURCE_LOCATION);
+
+ // create security attributes
+ String attributeName = "password";
+ String vaultPasswordString = vaultHandler.addSecuredAttribute(VAULT_BLOCK, attributeName, PASSWORD.toCharArray());
+ log.debug("vaultPasswordString=" + vaultPasswordString);
+
+ // create new vault information for server
+ attributes = new HashMap();
+ attributes.put("Keystore_url", vaultHandler.getKeyStore());
+ attributes.put("Keystore_password", vaultHandler.getMaskedKeyStorePassword());
+ attributes.put("Keystore_alias", vaultHandler.getAlias());
+ attributes.put("Salt", vaultHandler.getSalt());
+ attributes.put("Iteration_count", vaultHandler.getIterationCountAsString());
+ attributes.put("Enc_file_dir", vaultHandler.getEncodedVaultFileDirectory());
+
+ log.debug("Vault created in sever configuration");
+
+ InitialContext ctx = getInitialContext();
+ String jndiName = "vaulttest/ejbs/SimpleSessionBean";
+ Object ref = ctx.lookup(jndiName);
+
+ SimpleSessionHome ejbHome = (SimpleSessionHome) PortableRemoteObject.narrow(ref, SimpleSessionHome.class);
+ SimpleSessionObject ejbObject = ejbHome.create();
+
+ // register VaultMBean with simple session bean
+ String response = ejbObject.ping();
+ assertEquals("pong", response);
+ ejbObject.registerVaultMBean(attributes);
+ }
+
+ protected void tearDown() throws Exception {
+ // remove temporary files
+ vaultHandler.cleanUp();
+ }
+
+ public void testVaultPasswordAuth() throws Exception {
+ log.info("+++ testVaultPasswordAuth");
+ doSecureGetWithLogin("war1/restricted/SecuredServlet");
+ /*
+ * Access the resource without attempting a login to validate that the session is valid and that any caching on the
+ * server is working as expected.
+ */
+ doSecureGet("war1/restricted/SecuredServlet");
+ }
+
+ public PostMethod doSecureGetWithLogin(String path) throws Exception {
+ return doSecureGetWithLogin(path, "user1", "password1ForVault");
+ }
+
+ public PostMethod doSecureGetWithLogin(String path, String username, String password) throws Exception {
+ GetMethod indexGet = new GetMethod(baseURLNoAuth + path);
+ int responseCode = httpConn.executeMethod(indexGet);
+ String body = indexGet.getResponseBodyAsString();
+ assertTrue("Get OK(" + responseCode + ")", responseCode == HttpURLConnection.HTTP_OK);
+ assertTrue("Redirected to login page", body.indexOf("j_security_check") > 0);
+
+ HttpState state = httpConn.getState();
+ Cookie[] cookies = state.getCookies();
+ String sessionID = null;
+ for (int c = 0; c < cookies.length; c++) {
+ Cookie k = cookies[c];
+ if (k.getName().equalsIgnoreCase("JSESSIONID"))
+ sessionID = k.getValue();
+ }
+ getLog().debug("Saw JSESSIONID=" + sessionID);
+
+ // Submit the login form
+ PostMethod formPost = new PostMethod(baseURLNoAuth + "war1/j_security_check");
+ formPost.addRequestHeader("Referer", baseURLNoAuth + "war1/login.html");
+ formPost.addParameter("j_username", username);
+ formPost.addParameter("j_password", password);
+ responseCode = httpConn.executeMethod(formPost.getHostConfiguration(), formPost, state);
+ String response = formPost.getStatusText();
+ log.debug("responseCode=" + responseCode + ", response=" + response);
+ assertTrue("Saw HTTP_MOVED_TEMP", responseCode == HttpURLConnection.HTTP_MOVED_TEMP);
+
+ // Follow the redirect to the SecureServlet
+ Header location = formPost.getResponseHeader("Location");
+ String indexURI = location.getValue();
+ GetMethod war1Index = new GetMethod(indexURI);
+ responseCode = httpConn.executeMethod(war1Index.getHostConfiguration(), war1Index, state);
+ response = war1Index.getStatusText();
+ log.debug("responseCode=" + responseCode + ", response=" + response);
+ assertTrue("Get OK", responseCode == HttpURLConnection.HTTP_OK);
+ body = war1Index.getResponseBodyAsString();
+ if (body.indexOf("j_security_check") > 0)
+ fail("get of " + indexURI + " redirected to login page");
+ return formPost;
+ }
+
+ public void doSecureGet(String path) throws Exception {
+ HttpState state = httpConn.getState();
+ Cookie[] cookies = state.getCookies();
+ String sessionID = null;
+ for (int c = 0; c < cookies.length; c++) {
+ Cookie k = cookies[c];
+ if (k.getName().equalsIgnoreCase("JSESSIONID"))
+ sessionID = k.getValue();
+ }
+ getLog().debug("Saw JSESSIONID=" + sessionID);
+
+ // Submit the login form
+ GetMethod indexGet = new GetMethod(baseURLNoAuth + path);
+ int responseCode = httpConn.executeMethod(indexGet.getHostConfiguration(), indexGet, state);
+ assertTrue("Get OK(" + responseCode + ")", responseCode == HttpURLConnection.HTTP_OK);
+ }
+}
Index: testsuite/src/main/org/jboss/test/security/vault/SimpleSession.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/vault/SimpleSession.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/vault/SimpleSession.java (working copy)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.vault;
+
+import java.util.Map;
+
+import javax.ejb.Remote;
+
+@Remote
+public interface SimpleSession {
+ public String ping();
+
+ public void registerVaultMBean(Map attributes) throws Exception;
+}
Index: testsuite/src/main/org/jboss/test/security/vault/SimpleSessionBean.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/vault/SimpleSessionBean.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/vault/SimpleSessionBean.java (working copy)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.security.vault;
+
+import java.rmi.RemoteException;
+import java.util.Map;
+
+import javax.ejb.CreateException;
+import javax.ejb.EJBException;
+import javax.ejb.SessionBean;
+import javax.ejb.SessionContext;
+import javax.ejb.Stateless;
+import javax.management.Attribute;
+import javax.management.AttributeList;
+import javax.management.InstanceAlreadyExistsException;
+import javax.management.MBeanServerConnection;
+import javax.management.ObjectName;
+import javax.naming.InitialContext;
+
+@Stateless
+public class SimpleSessionBean implements SessionBean {
+
+ public String ping() throws Exception, RemoteException {
+ return "pong";
+ }
+
+ public void registerVaultMBean(Map attributes) throws Exception, RemoteException {
+ String className = "org.jboss.security.vault.RuntimeVaultService";
+ ObjectName name = new ObjectName("jboss", "service", "RuntimeVaultService");
+ InitialContext ctx = new InitialContext();
+ MBeanServerConnection server = (MBeanServerConnection) ctx.lookup("jmx/invoker/RMIAdaptor");
+ try {
+ if (server.isRegistered(name))
+ throw new InstanceAlreadyExistsException(name + " already registered.");
+
+ server.createMBean(className, name);
+
+ AttributeList attrList = new AttributeList();
+
+ for (Map.Entry entry : attributes.entrySet())
+ attrList.add(new Attribute(entry.getKey(), entry.getValue()));
+
+ server.setAttributes(name, attrList);
+
+ server.invoke(name, "performRuntime", null, null);
+ } finally {
+ server.unregisterMBean(name);
+ }
+ }
+
+ @Override
+ public void setSessionContext(SessionContext ctx) throws EJBException, RemoteException {
+
+ }
+
+ @Override
+ public void ejbRemove() throws EJBException, RemoteException {
+
+ }
+
+ @Override
+ public void ejbActivate() throws EJBException, RemoteException {
+
+ }
+
+ @Override
+ public void ejbPassivate() throws EJBException, RemoteException {
+
+ }
+
+ public void ejbCreate() throws CreateException {
+ }
+}
Index: testsuite/src/main/org/jboss/test/security/vault/SimpleSessionHome.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/vault/SimpleSessionHome.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/vault/SimpleSessionHome.java (working copy)
@@ -0,0 +1,38 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.vault;
+
+import java.rmi.RemoteException;
+
+import javax.ejb.CreateException;
+import javax.ejb.EJBHome;
+
+/**
+ * @author wangchao
+ *
+ */
+public interface SimpleSessionHome extends EJBHome {
+
+ public SimpleSessionObject create() throws RemoteException, CreateException;
+
+}
Index: testsuite/src/main/org/jboss/test/security/vault/SimpleSessionObject.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/vault/SimpleSessionObject.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/vault/SimpleSessionObject.java (working copy)
@@ -0,0 +1,39 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.vault;
+
+import java.rmi.RemoteException;
+import java.util.Map;
+
+import javax.ejb.EJBObject;
+
+/**
+ * @author wangchao
+ *
+ */
+public interface SimpleSessionObject extends EJBObject {
+
+ public String ping() throws Exception, RemoteException;
+
+ public void registerVaultMBean(Map attributes) throws Exception, RemoteException;
+}
Index: testsuite/src/main/org/jboss/test/security/vault/VaultHandler.java
===================================================================
--- testsuite/src/main/org/jboss/test/security/vault/VaultHandler.java (revision 0)
+++ testsuite/src/main/org/jboss/test/security/vault/VaultHandler.java (working copy)
@@ -0,0 +1,321 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2013, Red Hat, Inc., and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.jboss.test.security.vault;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.util.Random;
+
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.plugins.vault.PicketBoxSecurityVault;
+import org.jboss.security.util.KeyStoreUtil;
+import org.jboss.security.vault.VaultSession;
+
+/**
+ * VaultHandler is a handler for PicketBox Security Vault associated files. It can be used one-to-one with vault. It can create
+ * required keystore and after action delete all vault data files. It should be used for testing purpose only.
+ *
+ * @author Peter Skopek (pskopek at redhat dot com)
+ *
+ */
+public class VaultHandler {
+
+ private static Logger LOGGER = Logger.getLogger(VaultHandler.class);
+
+ public static final String ENC_DAT_FILE = "ENC.dat";
+ public static final String SHARED_DAT_FILE = "Shared.dat";
+ public static final String VAULT_DAT_FILE = "VAULT.dat";
+ public static final String DEFAULT_KEYSTORE_FILE = "vault.keystore";
+
+ private String encodedVaultFileDirectory;
+ private String keyStoreType;
+ private String keyStore;
+ private String keyStorePassword;
+ private int keySize = 128;
+ private String alias = "defaultalias";
+ private String salt;
+ private int iterationCount;
+
+ private VaultSession vaultSession;
+
+ private static String FILE_SEPARATOR = System.getProperty("file.separator");
+ private static String TMP_DIR = System.getProperty("java.io.tmpdir");
+ private static String DEFAULT_PASSWORD = "super_secret";
+
+ /**
+ * Create vault with all required files. It is the most complete constructor. If keyStore doesn't exist it will be created
+ * with specified keyStoreType and encryption directory will be created if not existent.
+ *
+ * @param keyStore
+ * @param keyStorePassword
+ * @param keyStoreType - JCEKS, JKS or null
+ * @param encodedVaultFileDirectory
+ * @param keySize
+ * @param alias
+ * @param salt
+ * @param iterationCount
+ */
+ public VaultHandler(String keyStore, String keyStorePassword, String keyStoreType, String encodedVaultFileDirectory,
+ int keySize, String alias, String salt, int iterationCount) {
+
+ if (alias != null) {
+ this.alias = alias;
+ }
+
+ if (keySize != 0) {
+ this.keySize = keySize;
+ }
+
+ if (keyStoreType == null) {
+ this.keyStoreType = "JCEKS";
+ } else {
+ if (!keyStoreType.equals("JCEKS") && !keyStoreType.equals("JKS")) {
+ throw new IllegalArgumentException("Wrong keyStoreType. Supported are only (JCEKS or JKS). Preferred is JCEKS.");
+ }
+ this.keyStoreType = keyStoreType;
+ }
+
+ if (keyStorePassword == null) {
+ this.keyStorePassword = DEFAULT_PASSWORD;
+ } else if (keyStorePassword.startsWith(PicketBoxSecurityVault.PASS_MASK_PREFIX)) {
+ throw new IllegalArgumentException("keyStorePassword cannot be a masked password, use plain text password, please");
+ } else {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ try {
+ File keyStoreFile = new File(keyStore);
+ if (!keyStoreFile.exists()) {
+ if (!this.keyStoreType.equals("JCEKS")) {
+ throw new RuntimeException("keyStoreType has to be JCEKS when creating new key store");
+ }
+ KeyStore ks = KeyStoreUtil.createKeyStore(this.keyStoreType, this.keyStorePassword.toCharArray());
+ KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+ keyGenerator.init(this.keySize);
+ SecretKey secretKey = keyGenerator.generateKey();
+ KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(secretKey);
+ KeyStore.PasswordProtection p = new KeyStore.PasswordProtection(this.keyStorePassword.toCharArray());
+ ks.setEntry(this.alias, skEntry, p);
+ ks.store(new FileOutputStream(keyStoreFile), this.keyStorePassword.toCharArray());
+ }
+ this.keyStore = keyStoreFile.getAbsolutePath();
+ } catch (Exception e) {
+ throw new RuntimeException("Problem creating keyStore: ", e);
+ }
+
+ File vaultDirectory = new File(encodedVaultFileDirectory);
+
+ if (!vaultDirectory.exists()) {
+ vaultDirectory.mkdirs();
+ this.encodedVaultFileDirectory = vaultDirectory.getAbsolutePath();
+ } else if (!vaultDirectory.isDirectory()) {
+ throw new RuntimeException("Vault encryption directory has to be directory, but "
+ + vaultDirectory.getAbsolutePath() + " is not.");
+ }
+
+ this.encodedVaultFileDirectory = vaultDirectory.getAbsolutePath();
+
+ if (salt == null) {
+ String tmp = Long.toHexString(System.currentTimeMillis()) + Long.toHexString(System.currentTimeMillis())
+ + Long.toHexString(System.currentTimeMillis()) + Long.toHexString(System.currentTimeMillis());
+ this.salt = tmp.substring(0, 8);
+ } else {
+ this.salt = salt;
+ }
+
+ if (iterationCount <= 0) {
+ this.iterationCount = new Random().nextInt(90) + 1;
+ }
+
+ if (LOGGER.isDebugEnabled()) {
+ logCreatedVault();
+ }
+
+ try {
+ this.vaultSession = new VaultSession(this.keyStore, this.keyStorePassword, this.encodedVaultFileDirectory,
+ this.salt, this.iterationCount);
+ this.vaultSession.startVaultSession(this.alias);
+ } catch (Exception e) {
+ throw new RuntimeException("Problem creating VaultSession: ", e);
+ }
+ LOGGER.debug("VaultSession started");
+ }
+
+ /**
+ * Constructor with all default values, but keyStore and encodedVaultFileDirectory.
+ *
+ * @param keyStore
+ * @param encodedVaultFileDirectory
+ */
+ public VaultHandler(String keyStore, String encodedVaultFileDirectory) {
+ this(keyStore, null, null, encodedVaultFileDirectory, 0, null, null, 0);
+ }
+
+ /**
+ * Constructor with all default values, but encodedVaultFileDirectory.
+ *
+ * @param keyStore
+ */
+ public VaultHandler(String encodedVaultFileDirectory) {
+ this(encodedVaultFileDirectory + FILE_SEPARATOR + DEFAULT_KEYSTORE_FILE, encodedVaultFileDirectory);
+ }
+
+ /**
+ * Constructor with all default values.
+ */
+ public VaultHandler() {
+ this(TMP_DIR);
+ }
+
+ public String getMaskedKeyStorePassword() {
+ if (vaultSession != null) {
+ return vaultSession.getKeystoreMaskedPassword();
+ } else {
+ throw new RuntimeException("getMaskedKeyStorePassword: Vault inside this handler is not initialized or created");
+ }
+
+ }
+
+ public String addSecuredAttribute(String vaultBlock, String attributeName, char[] attributeValue) {
+ if (vaultSession != null) {
+ try {
+ return vaultSession.addSecuredAttribute(vaultBlock, attributeName, attributeValue);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ } else {
+ throw new RuntimeException("addSecuredAttribute: Vault inside this handler is not initialized or created");
+ }
+ }
+
+ public boolean exists(String vaultBlock, String attributeName) {
+ if (vaultSession != null) {
+ try {
+ return vaultSession.checkSecuredAttribute(vaultBlock, attributeName);
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ } else {
+ throw new RuntimeException("exists: Vault inside this handler is not initialized or created");
+ }
+ }
+
+ /**
+ * Return VaultSession for further vault manipulation when needed.
+ *
+ * @return
+ */
+ public VaultSession getVaultSession() {
+ return vaultSession;
+ }
+
+ /**
+ * Delete all associated vault files and keystore. After this action VaultHandler is not usable anymore.
+ */
+ public void cleanUp() {
+
+ File fk = new File(keyStore);
+ fk.delete();
+
+ File f = new File(encodedVaultFileDirectory + FILE_SEPARATOR + VAULT_DAT_FILE);
+ f.delete();
+
+ f = new File(keyStore + ".original");
+ if (f.exists()) {
+ f.delete();
+ }
+
+ f = new File(encodedVaultFileDirectory + FILE_SEPARATOR + ENC_DAT_FILE);
+ if (f.exists()) {
+ f.delete();
+ }
+
+ f = new File(encodedVaultFileDirectory + FILE_SEPARATOR + ENC_DAT_FILE + ".original");
+ if (f.exists()) {
+ f.delete();
+ }
+
+ f = new File(encodedVaultFileDirectory + FILE_SEPARATOR + SHARED_DAT_FILE);
+ if (f.exists()) {
+ f.delete();
+ }
+
+ // there might be a KEYSTORE_README file in the directory as a placeholder
+ f = new File(encodedVaultFileDirectory + FILE_SEPARATOR + "KEYSTORE_README");
+ if (f.exists()) {
+ f.delete();
+ }
+
+ vaultSession = null;
+ }
+
+ public String getEncodedVaultFileDirectory() {
+ return encodedVaultFileDirectory;
+ }
+
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ public String getKeyStore() {
+ return keyStore;
+ }
+
+ public int getKeySize() {
+ return keySize;
+ }
+
+ public String getAlias() {
+ return alias;
+ }
+
+ public String getSalt() {
+ return salt;
+ }
+
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ public int getIterationCount() {
+ return iterationCount;
+ }
+
+ public String getIterationCountAsString() {
+ return Integer.toString(iterationCount);
+ }
+
+ private void logCreatedVault() {
+ LOGGER.debug("keystoreURL=" + keyStore);
+ LOGGER.debug("KEYSTORE_PASSWORD=" + keyStorePassword);
+ LOGGER.debug("ENC_FILE_DIR=" + encodedVaultFileDirectory);
+ LOGGER.debug("KEYSTORE_ALIAS=" + alias);
+ LOGGER.debug("SALT=" + salt);
+ LOGGER.debug("ITERATION_COUNT=" + iterationCount);
+ }
+
+}
Index: testsuite/src/resources/security/vault/META-INF/ejb-jar.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/META-INF/ejb-jar.xml
===================================================================
--- testsuite/src/resources/security/vault/META-INF/ejb-jar.xml (revision 114601)
+++ testsuite/src/resources/security/vault/META-INF/ejb-jar.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/META-INF/ejb-jar.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/META-INF/jboss.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/META-INF/jboss.xml
===================================================================
--- testsuite/src/resources/security/vault/META-INF/jboss.xml (revision 114601)
+++ testsuite/src/resources/security/vault/META-INF/jboss.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/META-INF/jboss.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/application.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/application.xml
===================================================================
--- testsuite/src/resources/security/vault/application.xml (revision 114601)
+++ testsuite/src/resources/security/vault/application.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/application.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/client.keystore
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/x-java-keystore
Index: testsuite/src/resources/security/vault/client.keystore
===================================================================
--- testsuite/src/resources/security/vault/client.keystore (revision 114601)
+++ testsuite/src/resources/security/vault/client.keystore (working copy)
Property changes on: testsuite/src/resources/security/vault/client.keystore
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-java-keystore
\ No newline at end of property
Index: testsuite/src/resources/security/vault/ds-vault/KEYSTORE_README
===================================================================
--- testsuite/src/resources/security/vault/ds-vault/KEYSTORE_README (revision 0)
+++ testsuite/src/resources/security/vault/ds-vault/KEYSTORE_README (working copy)
@@ -0,0 +1,3 @@
+This is just a place holder for the resource directory security/ds-vault to be created in target Maven directory.
+vault.keystore file will be created programmatically by VaultHandler class to avoid
+keystore binary problems when running on different JDKs than original keystore was created.
\ No newline at end of file
Index: testsuite/src/resources/security/vault/error.html
===================================================================
Index: testsuite/src/resources/security/vault/jboss-app.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/jboss-app.xml
===================================================================
--- testsuite/src/resources/security/vault/jboss-app.xml (revision 114601)
+++ testsuite/src/resources/security/vault/jboss-app.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/jboss-app.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/jboss-service.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/jboss-service.xml
===================================================================
--- testsuite/src/resources/security/vault/jboss-service.xml (revision 114601)
+++ testsuite/src/resources/security/vault/jboss-service.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/jboss-service.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/jboss-web.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/jboss-web.xml
===================================================================
--- testsuite/src/resources/security/vault/jboss-web.xml (revision 114601)
+++ testsuite/src/resources/security/vault/jboss-web.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/jboss-web.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/jsse.keystore
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/x-java-keystore
Index: testsuite/src/resources/security/vault/jsse.keystore
===================================================================
--- testsuite/src/resources/security/vault/jsse.keystore (revision 114601)
+++ testsuite/src/resources/security/vault/jsse.keystore (working copy)
Property changes on: testsuite/src/resources/security/vault/jsse.keystore
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-java-keystore
\ No newline at end of property
Index: testsuite/src/resources/security/vault/login.html
===================================================================
--- testsuite/src/resources/security/vault/login.html (revision 0)
+++ testsuite/src/resources/security/vault/login.html (working copy)
@@ -0,0 +1,26 @@
+
+
+
+Login Page for Examples
+
+
+
+
+
+
+
Index: testsuite/src/resources/security/vault/pwdmsk-vault/KEYSTORE_README
===================================================================
--- testsuite/src/resources/security/vault/pwdmsk-vault/KEYSTORE_README (revision 0)
+++ testsuite/src/resources/security/vault/pwdmsk-vault/KEYSTORE_README (working copy)
@@ -0,0 +1,3 @@
+This is just a place holder for the resource directory security/pwdmsk-vault to be created in target Maven directory.
+vault.keystore file will be created programmatically by VaultHandler class to avoid
+keystore binary problems when running on different JDKs than original keystore was created.
\ No newline at end of file
Index: testsuite/src/resources/security/vault/restricted/restricted.html
===================================================================
--- testsuite/src/resources/security/vault/restricted/restricted.html (revision 0)
+++ testsuite/src/resources/security/vault/restricted/restricted.html (working copy)
@@ -0,0 +1,10 @@
+
+
+
+ Programmatic Login Secure Page
+
+
+
+Programmatic Login Secure Page
+
+
Index: testsuite/src/resources/security/vault/security-config.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/security-config.xml
===================================================================
--- testsuite/src/resources/security/vault/security-config.xml (revision 114601)
+++ testsuite/src/resources/security/vault/security-config.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/security-config.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: testsuite/src/resources/security/vault/server.keystore
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/x-java-keystore
Index: testsuite/src/resources/security/vault/server.keystore
===================================================================
--- testsuite/src/resources/security/vault/server.keystore (revision 114601)
+++ testsuite/src/resources/security/vault/server.keystore (working copy)
Property changes on: testsuite/src/resources/security/vault/server.keystore
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/x-java-keystore
\ No newline at end of property
Index: testsuite/src/resources/security/vault/vault-roles.properties
===================================================================
--- testsuite/src/resources/security/vault/vault-roles.properties (revision 0)
+++ testsuite/src/resources/security/vault/vault-roles.properties (working copy)
@@ -0,0 +1,2 @@
+# org.jboss.security.auth.spi.UsersRolesLoginModule username to roles mapping
+user1=AuthorizedUser
\ No newline at end of file
Index: testsuite/src/resources/security/vault/vault-users.properties
===================================================================
--- testsuite/src/resources/security/vault/vault-users.properties (revision 0)
+++ testsuite/src/resources/security/vault/vault-users.properties (working copy)
@@ -0,0 +1,2 @@
+guest=guest
+user1=VAULT::testBlock::password::1
Index: testsuite/src/resources/security/vault/vaulttest-web.xml
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/xml
Index: testsuite/src/resources/security/vault/vaulttest-web.xml
===================================================================
--- testsuite/src/resources/security/vault/vaulttest-web.xml (revision 114601)
+++ testsuite/src/resources/security/vault/vaulttest-web.xml (working copy)
Property changes on: testsuite/src/resources/security/vault/vaulttest-web.xml
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/xml
\ No newline at end of property
Index: thirdparty/pom.xml
===================================================================
--- thirdparty/pom.xml (revision 114601)
+++ thirdparty/pom.xml (working copy)
@@ -1270,6 +1270,11 @@
-->
+ commons-cli
+ commons-cli
+
+
+
org.apache.santuario
xmlsec