Examples with PasswordCredentialModel org.keycloak.models.credential.PasswordCredentialModel used on opensource projects

Search in sources :

Example 1 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class UserTest method createUserWithDeprecatedCredentialsFormat.

@Test
public void createUserWithDeprecatedCredentialsFormat() throws IOException {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_creds");
    user.setEmail("email@localhost");
    PasswordCredentialModel pcm = PasswordCredentialModel.createFromValues("my-algorithm", "theSalt".getBytes(), 22, "ABC");
    // CredentialRepresentation hashedPassword = ModelToRepresentation.toRepresentation(pcm);
    String deprecatedCredential = "{\n" + "      \"type\" : \"password\",\n" + "      \"hashedSaltedValue\" : \"" + pcm.getPasswordSecretData().getValue() + "\",\n" + "      \"salt\" : \"" + Base64.encodeBytes(pcm.getPasswordSecretData().getSalt()) + "\",\n" + "      \"hashIterations\" : " + pcm.getPasswordCredentialData().getHashIterations() + ",\n" + "      \"algorithm\" : \"" + pcm.getPasswordCredentialData().getAlgorithm() + "\"\n" + "    }";
    CredentialRepresentation deprecatedHashedPassword = JsonSerialization.readValue(deprecatedCredential, CredentialRepresentation.class);
    Assert.assertNotNull(deprecatedHashedPassword.getHashedSaltedValue());
    Assert.assertNull(deprecatedHashedPassword.getCredentialData());
    deprecatedHashedPassword.setCreatedDate(1001l);
    deprecatedHashedPassword.setUserLabel("deviceX");
    deprecatedHashedPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(deprecatedHashedPassword));
    createUser(user, false);
    CredentialModel credentialHashed = fetchCredentials("user_creds");
    PasswordCredentialModel pcmh = PasswordCredentialModel.createFromCredentialModel(credentialHashed);
    assertNotNull("Expecting credential", credentialHashed);
    assertEquals("my-algorithm", pcmh.getPasswordCredentialData().getAlgorithm());
    assertEquals(Long.valueOf(1001), credentialHashed.getCreatedDate());
    assertEquals("deviceX", credentialHashed.getUserLabel());
    assertEquals(22, pcmh.getPasswordCredentialData().getHashIterations());
    assertEquals("ABC", pcmh.getPasswordSecretData().getValue());
    assertEquals("theSalt", new String(pcmh.getPasswordSecretData().getSalt()));
    assertEquals(CredentialRepresentation.PASSWORD, credentialHashed.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test)

Example 2 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class UserTest method createUserWithRawCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void createUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");
    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));
    createUser(user);
    CredentialModel credential = fetchCredentials("user_rawpw");
    assertNotNull("Expecting credential", credential);
    PasswordCredentialModel pcm = PasswordCredentialModel.createFromCredentialModel(credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, pcm.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, pcm.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", pcm.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) CredentialModel(org.keycloak.credential.CredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) OTPCredentialModel(org.keycloak.models.credential.OTPCredentialModel) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 3 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class UserTest method updateUserWithRawCredentials.

@Test
@AuthServerContainerExclude(AuthServer.REMOTE)
public void updateUserWithRawCredentials() {
    UserRepresentation user = new UserRepresentation();
    user.setUsername("user_rawpw");
    user.setEmail("email.raw@localhost");
    CredentialRepresentation rawPassword = new CredentialRepresentation();
    rawPassword.setValue("ABCD");
    rawPassword.setType(CredentialRepresentation.PASSWORD);
    user.setCredentials(Arrays.asList(rawPassword));
    String id = createUser(user);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", credential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, credential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, credential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("ABCD", credential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, credential.getType());
    UserResource userResource = realm.users().get(id);
    UserRepresentation userRep = userResource.toRepresentation();
    CredentialRepresentation rawPasswordForUpdate = new CredentialRepresentation();
    rawPasswordForUpdate.setValue("EFGH");
    rawPasswordForUpdate.setType(CredentialRepresentation.PASSWORD);
    userRep.setCredentials(Arrays.asList(rawPasswordForUpdate));
    updateUser(userResource, userRep);
    PasswordCredentialModel updatedCredential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials("user_rawpw"));
    assertNotNull("Expecting credential", updatedCredential);
    assertEquals(PasswordPolicy.HASH_ALGORITHM_DEFAULT, updatedCredential.getPasswordCredentialData().getAlgorithm());
    assertEquals(PasswordPolicy.HASH_ITERATIONS_DEFAULT, updatedCredential.getPasswordCredentialData().getHashIterations());
    assertNotEquals("EFGH", updatedCredential.getPasswordSecretData().getValue());
    assertEquals(CredentialRepresentation.PASSWORD, updatedCredential.getType());
}
Also used : CredentialRepresentation(org.keycloak.representations.idm.CredentialRepresentation) PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) UserResource(org.keycloak.admin.client.resource.UserResource) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthServerContainerExclude(org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude) Test(org.junit.Test)

Example 4 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordHashingTest method testPasswordRehashedWhenCredentialImportedWithDifferentKeySize.

@Test
public void testPasswordRehashedWhenCredentialImportedWithDifferentKeySize() {
    setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha512PasswordHashProviderFactory.ID + ") and hashIterations(" + Pbkdf2Sha512PasswordHashProviderFactory.DEFAULT_ITERATIONS + ")");
    String username = "testPasswordRehashedWhenCredentialImportedWithDifferentKeySize";
    String password = "password";
    // Encode with a specific key size ( 256 instead of default: 512)
    Pbkdf2PasswordHashProvider specificKeySizeHashProvider = new Pbkdf2PasswordHashProvider(Pbkdf2Sha512PasswordHashProviderFactory.ID, Pbkdf2Sha512PasswordHashProviderFactory.PBKDF2_ALGORITHM, Pbkdf2Sha512PasswordHashProviderFactory.DEFAULT_ITERATIONS, 256);
    String encodedPassword = specificKeySizeHashProvider.encode(password, -1);
    // Create a user with the encoded password, simulating a user import from a different system using a specific key size
    UserRepresentation user = UserBuilder.create().username(username).password(encodedPassword).build();
    ApiUtil.createUserWithAdminClient(adminClient.realm("test"), user);
    loginPage.open();
    loginPage.login(username, password);
    PasswordCredentialModel postLoginCredentials = PasswordCredentialModel.createFromCredentialModel(fetchCredentials(username));
    assertEquals(encodedPassword.length() * 2, postLoginCredentials.getPasswordSecretData().getValue().length());
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) Pbkdf2PasswordHashProvider(org.keycloak.credential.hash.Pbkdf2PasswordHashProvider) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Example 5 with PasswordCredentialModel

use of org.keycloak.models.credential.PasswordCredentialModel in project keycloak by keycloak.

the class PasswordHashingTest method testPasswordRehashedOnAlgorithmChanged.

@Test
public void testPasswordRehashedOnAlgorithmChanged() throws Exception {
    setPasswordPolicy("hashAlgorithm(" + Pbkdf2Sha256PasswordHashProviderFactory.ID + ") and hashIterations(1)");
    String username = "testPasswordRehashedOnAlgorithmChanged";
    createUser(username);
    PasswordCredentialModel credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials(username));
    assertEquals(Pbkdf2Sha256PasswordHashProviderFactory.ID, credential.getPasswordCredentialData().getAlgorithm());
    assertEncoded(credential, "password", credential.getPasswordSecretData().getSalt(), "PBKDF2WithHmacSHA256", 1);
    setPasswordPolicy("hashAlgorithm(" + Pbkdf2PasswordHashProviderFactory.ID + ") and hashIterations(1)");
    loginPage.open();
    loginPage.login(username, "password");
    credential = PasswordCredentialModel.createFromCredentialModel(fetchCredentials(username));
    assertEquals(Pbkdf2PasswordHashProviderFactory.ID, credential.getPasswordCredentialData().getAlgorithm());
    assertEncoded(credential, "password", credential.getPasswordSecretData().getSalt(), "PBKDF2WithHmacSHA1", 1);
}
Also used : PasswordCredentialModel(org.keycloak.models.credential.PasswordCredentialModel) Test(org.junit.Test) AbstractTestRealmKeycloakTest(org.keycloak.testsuite.AbstractTestRealmKeycloakTest)

Aggregations

PasswordCredentialModel (org.keycloak.models.credential.PasswordCredentialModel)23 Test (org.junit.Test)17 AbstractTestRealmKeycloakTest (org.keycloak.testsuite.AbstractTestRealmKeycloakTest)8 UserRepresentation (org.keycloak.representations.idm.UserRepresentation)7 CredentialModel (org.keycloak.credential.CredentialModel)6 CredentialRepresentation (org.keycloak.representations.idm.CredentialRepresentation)6 OTPCredentialModel (org.keycloak.models.credential.OTPCredentialModel)4 PasswordHashProvider (org.keycloak.credential.hash.PasswordHashProvider)3 PasswordPolicy (org.keycloak.models.PasswordPolicy)3 UserCredentialModel (org.keycloak.models.UserCredentialModel)3 AuthServerContainerExclude (org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude)3 FileInputStream (java.io.FileInputStream)2 LinkedList (java.util.LinkedList)2 UserResource (org.keycloak.admin.client.resource.UserResource)2 ExportImportManager (org.keycloak.exportimport.ExportImportManager)2 GroupModel (org.keycloak.models.GroupModel)2 RealmModel (org.keycloak.models.RealmModel)2 RoleModel (org.keycloak.models.RoleModel)2 OnUserCache (org.keycloak.models.cache.OnUserCache)2 UserCache (org.keycloak.models.cache.UserCache)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial