[squash] Added a function to authentication client to decrypt passwor…

…ds using encryption client before adding it
wildfly-security · Feb 7, 2024 · b19e179 · b19e179
1 parent ebcedca
commit b19e179
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 6 deletions.
diff --git a/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java b/auth/client/src/main/java/org/wildfly/security/auth/client/AuthenticationConfiguration.java
@@ -748,6 +748,23 @@ public AuthenticationConfiguration usePassword(Password password) {
         return password == null ? useCredentials(filtered) : useCredentials(filtered).useCredential(new PasswordCredential(password));
     }
 
+    /**
+     * Create a new configuration which is the same as this configuration, but which uses the given encrypted
+     * password to authenticate. The current encryption client configuration is loaded and is used to decrypt
+     * the encrypted password. If one does not exist, appropriate exception is thrown.
+     *
+     * @param encryptedPassword the password to use
+     * @return the new configuration
+     */
+    public AuthenticationConfiguration decryptAndUsePassword(String encryptedPassword) {
+        EncryptionClientContext ctx = EncryptionClientContext.captureCurrent();
+        if (ctx.encryptionClientConfiguration == null) {
+            throw new ExpressionResolutionException("No encryption client configuration available");
+        }
+        String password = ctx.encryptionClientConfiguration.encryptedExpressionResolver.resolveExpression(encryptedPassword, ctx.encryptionClientConfiguration);
+        return usePassword(password == null ? null : ClearPassword.createRaw(ClearPassword.ALGORITHM_CLEAR, password.toCharArray()));
+    }
+
     /**
      * Create a new configuration which is the same as this configuration, but which uses the given password to authenticate.
      *

diff --git a/...rc/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java b/...rc/test/java/org/wildfly/security/auth/client/EncryptionClientSaslAuthenticationTest.java
@@ -66,7 +66,7 @@
 
 public class EncryptionClientSaslAuthenticationTest {
     private static final File CREDSTORE_DIR = new File("./target/credstore");
-    private static final String CONFIG_FILE = "wildfly-encrypted-expression-ssl-config-v1_7.xml";
+    private static final String CONFIG_FILE = "wildfly-encryption-client-ssl-config-v1_7.xml";
     private static final String CRED_STORE_FILE = "mycredstore.cs";
     private static final String DEFAULT_RESOLVER = "my-resolver";
     private static final String PLAIN = "PLAIN";
@@ -147,8 +147,8 @@ public void testSuccessfulAuthWithXmlConfig() throws Exception {
                 .build();
 
         //Preparing the encrypted expression as a system property
-        EncryptedExpressionContext encContext = EncryptedExpressionContext.getContextManager().get();
-        String encryptedExpression = encContext.encryptedExpressionConfiguration.encryptedExpressionResolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encContext.encryptedExpressionConfiguration);
+        EncryptionClientContext encContext = EncryptionClientContext.getContextManager().get();
+        String encryptedExpression = encContext.encryptionClientConfiguration.encryptedExpressionResolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encContext.encryptionClientConfiguration);
         System.setProperty("ENC_EXP_PROP", encryptedExpression);
 
         //Creating SASL client from XML configuration file
@@ -188,8 +188,8 @@ public void testSuccessfulExchangeWithProgrammaticConfig() throws Exception {
                 .setPrefix("ENC");
 
         //Preparing the encrypted expression config
-        EncryptedExpressionConfiguration encConfig =
-                EncryptedExpressionConfiguration.empty()
+        EncryptionClientConfiguration encConfig =
+                EncryptionClientConfiguration.empty()
                         .addCredentialStore("myCredentialStore", credentialStore)
                         .addEncryptedExpressionResolver(resolver);
 
@@ -198,7 +198,7 @@ public void testSuccessfulExchangeWithProgrammaticConfig() throws Exception {
                 AuthenticationConfiguration.empty()
                         .setSaslMechanismSelector(SaslMechanismSelector.NONE.addMechanism(PLAIN))
                         .useName(USERNAME)
-                        .usePassword(resolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encConfig));
+                        .decryptAndUsePassword(resolver.createExpression(DEFAULT_RESOLVER, PASSWORD, encConfig));
 
         AuthenticationContext context = AuthenticationContext.empty();
         context = context.with(MatchRule.ALL.matchHost("masked"), authWithEncConfig);