use of org.apache.shiro.crypto.hash.Hash in project SSM by Intel-bigdata.
the class LdapRealm method createAuthenticationInfo.
@Override
protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) throws NamingException {
HashRequest.Builder builder = new HashRequest.Builder();
Hash credentialsHash = hashService.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
return new SimpleAuthenticationInfo(token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName());
}
use of org.apache.shiro.crypto.hash.Hash in project ANNIS by korpling.
the class ANNISUserRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
Validate.isInstanceOf(String.class, token.getPrincipal());
String userName = (String) token.getPrincipal();
if (userName.equals(anonymousUser)) {
// for anonymous users the user name equals the Password, so hash the user name
Sha256Hash hash = new Sha256Hash(userName);
return new SimpleAuthenticationInfo(userName, hash.getBytes(), ANNISUserRealm.class.getName());
}
User user = confManager.getUser(userName);
if (user != null) {
String passwordHash = user.getPasswordHash();
if (passwordHash != null) {
if (passwordHash.startsWith("$")) {
Shiro1CryptFormat fmt = new Shiro1CryptFormat();
Hash hashCredentials = fmt.parse(passwordHash);
if (hashCredentials instanceof SimpleHash) {
SimpleHash simpleHash = (SimpleHash) hashCredentials;
Validate.isTrue(simpleHash.getIterations() == 1, "Hash iteration count must be 1 for every password hash!");
// actually set the information from the user file
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(userName, simpleHash.getBytes(), ANNISUserRealm.class.getName());
info.setCredentialsSalt(new SerializableByteSource(simpleHash.getSalt()));
return info;
}
} else {
// fallback unsalted hex hash
SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(token.getPrincipal(), passwordHash, ANNISUserRealm.class.getName());
return info;
}
}
}
return null;
}
use of org.apache.shiro.crypto.hash.Hash in project shiro by apache.
the class DefaultPasswordService method passwordsMatch.
public boolean passwordsMatch(Object submittedPlaintext, String saved) {
ByteSource plaintextBytes = createByteSource(submittedPlaintext);
if (saved == null || saved.length() == 0) {
return plaintextBytes == null || plaintextBytes.isEmpty();
} else {
if (plaintextBytes == null || plaintextBytes.isEmpty()) {
return false;
}
}
// First check to see if we can reconstitute the original hash - this allows us to
// perform password hash comparisons even for previously saved passwords that don't
// match the current HashService configuration values. This is a very nice feature
// for password comparisons because it ensures backwards compatibility even after
// configuration changes.
HashFormat discoveredFormat = this.hashFormatFactory.getInstance(saved);
if (discoveredFormat != null && discoveredFormat instanceof ParsableHashFormat) {
ParsableHashFormat parsableHashFormat = (ParsableHashFormat) discoveredFormat;
Hash savedHash = parsableHashFormat.parse(saved);
return passwordsMatch(submittedPlaintext, savedHash);
}
// If we're at this point in the method's execution, We couldn't reconstitute the original hash.
// So, we need to hash the submittedPlaintext using current HashService configuration and then
// compare the formatted output with the saved string. This will correctly compare passwords,
// but does not allow changing the HashService configuration without breaking previously saved
// passwords:
// The saved text value can't be reconstituted into a Hash instance. We need to format the
// submittedPlaintext and then compare this formatted value with the saved value:
HashRequest request = createHashRequest(plaintextBytes);
Hash computed = this.hashService.computeHash(request);
String formatted = this.hashFormat.format(computed);
return saved.equals(formatted);
}
use of org.apache.shiro.crypto.hash.Hash in project knox by apache.
the class KnoxPamRealm method doGetAuthenticationInfo.
@Override
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
PAM pam = null;
UnixUser user = null;
try {
pam = new PAM(this.getService());
UsernamePasswordToken upToken = (UsernamePasswordToken) token;
user = pam.authenticate(upToken.getUsername(), new String(upToken.getPassword()));
} catch (PAMException e) {
handleAuthFailure(token, e.getMessage(), e);
} finally {
if (pam != null) {
pam.dispose();
}
}
HashRequest hashRequest = new HashRequest.Builder().setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build();
Hash credentialsHash = hashService.computeHash(hashRequest);
/* Coverity Scan CID 1361684 */
if (credentialsHash == null) {
handleAuthFailure(token, "Failed to compute hash", null);
}
return new SimpleAuthenticationInfo(new UnixUserPrincipal(user), credentialsHash.toHex(), credentialsHash.getSalt(), getName());
}
use of org.apache.shiro.crypto.hash.Hash in project knox by apache.
the class KnoxLdapRealm method createAuthenticationInfo.
@Override
protected AuthenticationInfo createAuthenticationInfo(AuthenticationToken token, Object ldapPrincipal, Object ldapCredentials, LdapContext ldapContext) throws NamingException {
HashRequest.Builder builder = new HashRequest.Builder();
Hash credentialsHash = hashService.computeHash(builder.setSource(token.getCredentials()).setAlgorithmName(HASHING_ALGORITHM).build());
return new SimpleAuthenticationInfo(token.getPrincipal(), credentialsHash.toHex(), credentialsHash.getSalt(), getName());
}
Aggregations