Search in sources :

Example 1 with DefaultPasswordEncoder

use of org.apereo.cas.util.crypto.DefaultPasswordEncoder in project cas by apereo.

the class Beans method newPasswordEncoder.

/**
     * New password encoder password encoder.
     *
     * @param properties the properties
     * @return the password encoder
     */
public static PasswordEncoder newPasswordEncoder(final PasswordEncoderProperties properties) {
    final String type = properties.getType();
    if (StringUtils.isBlank(type)) {
        LOGGER.debug("No password encoder type is defined, and so none shall be created");
        return NoOpPasswordEncoder.getInstance();
    }
    if (type.contains(".")) {
        try {
            LOGGER.debug("Configuration indicates use of a custom password encoder [{}]", type);
            final Class<PasswordEncoder> clazz = (Class<PasswordEncoder>) Class.forName(type);
            return clazz.newInstance();
        } catch (final Exception e) {
            LOGGER.error("Falling back to a no-op password encoder as CAS has failed to create " + "an instance of the custom password encoder class " + type, e);
            return NoOpPasswordEncoder.getInstance();
        }
    }
    final PasswordEncoderProperties.PasswordEncoderTypes encoderType = PasswordEncoderProperties.PasswordEncoderTypes.valueOf(type);
    switch(encoderType) {
        case DEFAULT:
            LOGGER.debug("Creating default password encoder with encoding alg [{}] and character encoding [{}]", properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
            return new DefaultPasswordEncoder(properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
        case STANDARD:
            LOGGER.debug("Creating standard password encoder with the secret defined in the configuration");
            return new StandardPasswordEncoder(properties.getSecret());
        case BCRYPT:
            LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", properties.getStrength());
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.debug("Creating BCRYPT encoder without secret");
                return new BCryptPasswordEncoder(properties.getStrength());
            }
            LOGGER.debug("Creating BCRYPT encoder with secret");
            return new BCryptPasswordEncoder(properties.getStrength(), new SecureRandom(properties.getSecret().getBytes(StandardCharsets.UTF_8)));
        case SCRYPT:
            LOGGER.debug("Creating SCRYPT encoder");
            return new SCryptPasswordEncoder();
        case PBKDF2:
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.debug("Creating PBKDF2 encoder without secret");
                return new Pbkdf2PasswordEncoder();
            }
            final int hashWidth = 256;
            return new Pbkdf2PasswordEncoder(properties.getSecret(), properties.getStrength(), hashWidth);
        case NONE:
        default:
            LOGGER.debug("No password encoder shall be created given the requested encoder type [{}]", type);
            return NoOpPasswordEncoder.getInstance();
    }
}
Also used : StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) NoOpPasswordEncoder(org.springframework.security.crypto.password.NoOpPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) SecureRandom(java.security.SecureRandom) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) BeanCreationException(org.springframework.beans.factory.BeanCreationException) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) PasswordEncoderProperties(org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 2 with DefaultPasswordEncoder

use of org.apereo.cas.util.crypto.DefaultPasswordEncoder in project cas by apereo.

the class PasswordEncoderUtils method newPasswordEncoder.

/**
 * New password encoder password encoder.
 *
 * @param properties         the properties
 * @param applicationContext the application context
 * @return the password encoder
 */
@SuppressWarnings("java:S5344")
public static PasswordEncoder newPasswordEncoder(final PasswordEncoderProperties properties, final ApplicationContext applicationContext) {
    val type = properties.getType();
    if (StringUtils.isBlank(type)) {
        LOGGER.trace("No password encoder type is defined, and so none shall be created");
        return NoOpPasswordEncoder.getInstance();
    }
    if (type.endsWith(".groovy")) {
        LOGGER.trace("Creating Groovy-based password encoder at [{}]", type);
        val resource = applicationContext.getResource(type);
        return new GroovyPasswordEncoder(resource, applicationContext);
    }
    if (type.contains(".")) {
        try {
            LOGGER.debug("Configuration indicates use of a custom password encoder [{}]", type);
            val clazz = (Class<PasswordEncoder>) Class.forName(type);
            return clazz.getDeclaredConstructor().newInstance();
        } catch (final Exception e) {
            val msg = "Falling back to a no-op password encoder as CAS has failed to create " + "an instance of the custom password encoder class " + type;
            LoggingUtils.error(LOGGER, msg, e);
            return NoOpPasswordEncoder.getInstance();
        }
    }
    val encoderType = PasswordEncoderProperties.PasswordEncoderTypes.valueOf(type);
    switch(encoderType) {
        case DEFAULT:
            LOGGER.debug("Creating default password encoder with encoding alg [{}] and character encoding [{}]", properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
            return new DefaultPasswordEncoder(properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
        case STANDARD:
            LOGGER.debug("Creating standard password encoder with the secret defined in the configuration");
            return new StandardPasswordEncoder(properties.getSecret());
        case BCRYPT:
            LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", properties.getStrength());
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.debug("Creating BCRYPT encoder without secret");
                return new BCryptPasswordEncoder(properties.getStrength());
            }
            LOGGER.debug("Creating BCRYPT encoder with secret");
            return new BCryptPasswordEncoder(properties.getStrength(), RandomUtils.getNativeInstance());
        case SCRYPT:
            LOGGER.debug("Creating SCRYPT encoder");
            return new SCryptPasswordEncoder();
        case SSHA:
            LOGGER.warn("Creating SSHA encoder; digest based password encoding is not considered secure. " + "This strategy is here to support legacy implementations and using it is considered insecure.");
            return new LdapShaPasswordEncoder();
        case PBKDF2:
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.trace("Creating PBKDF2 encoder without secret");
                return new Pbkdf2PasswordEncoder();
            }
            return new Pbkdf2PasswordEncoder(properties.getSecret(), properties.getStrength(), HASH_WIDTH);
        case GLIBC_CRYPT:
            val hasSecret = StringUtils.isNotBlank(properties.getSecret());
            val msg = String.format("Creating glibc CRYPT encoder with encoding alg [%s], strength [%s] and %ssecret", properties.getEncodingAlgorithm(), properties.getStrength(), BooleanUtils.toString(hasSecret, StringUtils.EMPTY, "without "));
            LOGGER.debug(msg);
            return new GlibcCryptPasswordEncoder(properties.getEncodingAlgorithm(), properties.getStrength(), properties.getSecret());
        case NONE:
        default:
            LOGGER.trace("No password encoder shall be created given the requested encoder type [{}]", type);
            return NoOpPasswordEncoder.getInstance();
    }
}
Also used : lombok.val(lombok.val) StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) GlibcCryptPasswordEncoder(org.apereo.cas.util.crypto.GlibcCryptPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) UtilityClass(lombok.experimental.UtilityClass) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) LdapShaPasswordEncoder(org.springframework.security.crypto.password.LdapShaPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 3 with DefaultPasswordEncoder

use of org.apereo.cas.util.crypto.DefaultPasswordEncoder in project cas by apereo.

the class DefaultPasswordEncoderTests method verifyBadInput.

@Test
public void verifyBadInput() {
    val encoder = new DefaultPasswordEncoder(null, null);
    assertNull(encoder.encode(null));
    assertNull(encoder.encode("password"));
}
Also used : lombok.val(lombok.val) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) Test(org.junit.jupiter.api.Test)

Example 4 with DefaultPasswordEncoder

use of org.apereo.cas.util.crypto.DefaultPasswordEncoder in project cas by apereo.

the class DefaultPasswordEncoderTests method verifyBadAlg.

@Test
public void verifyBadAlg() {
    val encoder = new DefaultPasswordEncoder("BadAlgorithm", null);
    assertNull(encoder.encode("password"));
}
Also used : lombok.val(lombok.val) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) Test(org.junit.jupiter.api.Test)

Aggregations

DefaultPasswordEncoder (org.apereo.cas.util.crypto.DefaultPasswordEncoder)4 lombok.val (lombok.val)3 Test (org.junit.jupiter.api.Test)2 BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)2 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)2 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)2 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)2 SecureRandom (java.security.SecureRandom)1 UtilityClass (lombok.experimental.UtilityClass)1 PasswordEncoderProperties (org.apereo.cas.configuration.model.core.authentication.PasswordEncoderProperties)1 GlibcCryptPasswordEncoder (org.apereo.cas.util.crypto.GlibcCryptPasswordEncoder)1 BeanCreationException (org.springframework.beans.factory.BeanCreationException)1 LdapShaPasswordEncoder (org.springframework.security.crypto.password.LdapShaPasswordEncoder)1 NoOpPasswordEncoder (org.springframework.security.crypto.password.NoOpPasswordEncoder)1 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)1