Search in sources :

Example 1 with GlibcCryptPasswordEncoder

use of org.apereo.cas.util.crypto.GlibcCryptPasswordEncoder in project cas by apereo.

the class PasswordEncoderUtils method newPasswordEncoder.

/**
 * New password encoder password encoder.
 *
 * @param properties         the properties
 * @param applicationContext the application context
 * @return the password encoder
 */
@SuppressWarnings("java:S5344")
public static PasswordEncoder newPasswordEncoder(final PasswordEncoderProperties properties, final ApplicationContext applicationContext) {
    val type = properties.getType();
    if (StringUtils.isBlank(type)) {
        LOGGER.trace("No password encoder type is defined, and so none shall be created");
        return NoOpPasswordEncoder.getInstance();
    }
    if (type.endsWith(".groovy")) {
        LOGGER.trace("Creating Groovy-based password encoder at [{}]", type);
        val resource = applicationContext.getResource(type);
        return new GroovyPasswordEncoder(resource, applicationContext);
    }
    if (type.contains(".")) {
        try {
            LOGGER.debug("Configuration indicates use of a custom password encoder [{}]", type);
            val clazz = (Class<PasswordEncoder>) Class.forName(type);
            return clazz.getDeclaredConstructor().newInstance();
        } catch (final Exception e) {
            val msg = "Falling back to a no-op password encoder as CAS has failed to create " + "an instance of the custom password encoder class " + type;
            LoggingUtils.error(LOGGER, msg, e);
            return NoOpPasswordEncoder.getInstance();
        }
    }
    val encoderType = PasswordEncoderProperties.PasswordEncoderTypes.valueOf(type);
    switch(encoderType) {
        case DEFAULT:
            LOGGER.debug("Creating default password encoder with encoding alg [{}] and character encoding [{}]", properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
            return new DefaultPasswordEncoder(properties.getEncodingAlgorithm(), properties.getCharacterEncoding());
        case STANDARD:
            LOGGER.debug("Creating standard password encoder with the secret defined in the configuration");
            return new StandardPasswordEncoder(properties.getSecret());
        case BCRYPT:
            LOGGER.debug("Creating BCRYPT password encoder given the strength [{}] and secret in the configuration", properties.getStrength());
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.debug("Creating BCRYPT encoder without secret");
                return new BCryptPasswordEncoder(properties.getStrength());
            }
            LOGGER.debug("Creating BCRYPT encoder with secret");
            return new BCryptPasswordEncoder(properties.getStrength(), RandomUtils.getNativeInstance());
        case SCRYPT:
            LOGGER.debug("Creating SCRYPT encoder");
            return new SCryptPasswordEncoder();
        case SSHA:
            LOGGER.warn("Creating SSHA encoder; digest based password encoding is not considered secure. " + "This strategy is here to support legacy implementations and using it is considered insecure.");
            return new LdapShaPasswordEncoder();
        case PBKDF2:
            if (StringUtils.isBlank(properties.getSecret())) {
                LOGGER.trace("Creating PBKDF2 encoder without secret");
                return new Pbkdf2PasswordEncoder();
            }
            return new Pbkdf2PasswordEncoder(properties.getSecret(), properties.getStrength(), HASH_WIDTH);
        case GLIBC_CRYPT:
            val hasSecret = StringUtils.isNotBlank(properties.getSecret());
            val msg = String.format("Creating glibc CRYPT encoder with encoding alg [%s], strength [%s] and %ssecret", properties.getEncodingAlgorithm(), properties.getStrength(), BooleanUtils.toString(hasSecret, StringUtils.EMPTY, "without "));
            LOGGER.debug(msg);
            return new GlibcCryptPasswordEncoder(properties.getEncodingAlgorithm(), properties.getStrength(), properties.getSecret());
        case NONE:
        default:
            LOGGER.trace("No password encoder shall be created given the requested encoder type [{}]", type);
            return NoOpPasswordEncoder.getInstance();
    }
}
Also used : lombok.val(lombok.val) StandardPasswordEncoder(org.springframework.security.crypto.password.StandardPasswordEncoder) GlibcCryptPasswordEncoder(org.apereo.cas.util.crypto.GlibcCryptPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) UtilityClass(lombok.experimental.UtilityClass) DefaultPasswordEncoder(org.apereo.cas.util.crypto.DefaultPasswordEncoder) LdapShaPasswordEncoder(org.springframework.security.crypto.password.LdapShaPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Aggregations

UtilityClass (lombok.experimental.UtilityClass)1 lombok.val (lombok.val)1 DefaultPasswordEncoder (org.apereo.cas.util.crypto.DefaultPasswordEncoder)1 GlibcCryptPasswordEncoder (org.apereo.cas.util.crypto.GlibcCryptPasswordEncoder)1 BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)1 LdapShaPasswordEncoder (org.springframework.security.crypto.password.LdapShaPasswordEncoder)1 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)1 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)1 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)1