Search in sources :

Example 6 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project entando-core by entando.

the class OAuthConsumerDAO method fillStatement.

private int fillStatement(ConsumerRecordVO consumer, int index, boolean add, PreparedStatement stat) throws SQLException {
    int idx = index;
    if (add || !StringUtils.isBlank(consumer.getSecret())) {
        String encoded = new BCryptPasswordEncoder().encode(consumer.getSecret());
        stat.setString(idx++, "{bcrypt}" + encoded);
    }
    stat.setString(idx++, consumer.getName());
    stat.setString(idx++, consumer.getDescription());
    stat.setString(idx++, consumer.getCallbackUrl());
    stat.setString(idx++, consumer.getScope());
    stat.setString(idx++, consumer.getAuthorizedGrantTypes());
    if (null != consumer.getExpirationDate()) {
        stat.setTimestamp(idx++, new Timestamp(consumer.getExpirationDate().getTime()));
    } else {
        stat.setNull(idx++, Types.TIMESTAMP);
    }
    if (add) {
        Date now = new Date();
        consumer.setIssuedDate(now);
        stat.setTimestamp(idx++, new Timestamp(now.getTime()));
    }
    return idx;
}
Also used : Timestamp(java.sql.Timestamp) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Date(java.util.Date)

Example 7 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project apollo by ctripcorp.

the class ApolloPasswordEncoderFactory method createDelegatingPasswordEncoder.

/**
 * Creates a {@link DelegatingPasswordEncoder} with default mappings {@link
 * PasswordEncoderFactories#createDelegatingPasswordEncoder()}, and add a placeholder encoder for
 * oidc {@link PlaceholderPasswordEncoder}
 *
 * @return the {@link PasswordEncoder} to use
 */
@SuppressWarnings("deprecation")
public static PasswordEncoder createDelegatingPasswordEncoder() {
    // copy from PasswordEncoderFactories, and it's should follow the upgrade of the PasswordEncoderFactories
    String encodingId = "bcrypt";
    Map<String, PasswordEncoder> encoders = new HashMap<>();
    encoders.put(encodingId, new BCryptPasswordEncoder());
    encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder());
    encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder());
    encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5"));
    encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
    encoders.put("pbkdf2", new Pbkdf2PasswordEncoder());
    encoders.put("scrypt", new SCryptPasswordEncoder());
    encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1"));
    encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256"));
    encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
    encoders.put("argon2", new Argon2PasswordEncoder());
    // placeholder encoder for oidc
    encoders.put(PlaceholderPasswordEncoder.ENCODING_ID, new PlaceholderPasswordEncoder());
    DelegatingPasswordEncoder delegatingPasswordEncoder = new DelegatingPasswordEncoder(encodingId, encoders);
    // todo: adapt the old password, and it should be removed in the next feature version of the 1.9.x
    delegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(new PasswordEncoderAdapter(encoders.get(encodingId)));
    return delegatingPasswordEncoder;
}
Also used : BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) Argon2PasswordEncoder(org.springframework.security.crypto.argon2.Argon2PasswordEncoder) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) PlaceholderPasswordEncoder(com.ctrip.framework.apollo.portal.spi.oidc.PlaceholderPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) HashMap(java.util.HashMap) DelegatingPasswordEncoder(org.springframework.security.crypto.password.DelegatingPasswordEncoder) Pbkdf2PasswordEncoder(org.springframework.security.crypto.password.Pbkdf2PasswordEncoder) Argon2PasswordEncoder(org.springframework.security.crypto.argon2.Argon2PasswordEncoder) PlaceholderPasswordEncoder(com.ctrip.framework.apollo.portal.spi.oidc.PlaceholderPasswordEncoder) SCryptPasswordEncoder(org.springframework.security.crypto.scrypt.SCryptPasswordEncoder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)

Example 8 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project webofneeds by researchstudio-sat.

the class UserService method generateRecoveryKey.

/**
 * Generates a new recovery key for the user
 */
@Transactional(propagation = Propagation.REQUIRED)
public String generateRecoveryKey(String email, String password) throws UserNotFoundException, IncorrectPasswordException {
    logger.debug("changing password for user {}", email);
    User user = getByUsernameWithKeystorePassword(email);
    if (user == null) {
        throw new UserNotFoundException("cannot generate recovery key: user not found");
    }
    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    if (!passwordEncoder.matches(password, user.getPassword())) {
        throw new IncorrectPasswordException("cannot generate recovery key: incorrect password");
    }
    KeystorePasswordHolder keystorePasswordHolder = user.getKeystorePasswordHolder();
    KeystoreHolder keystoreHolder = user.getKeystoreHolder();
    String keystorePassword = keystorePasswordHolder.getPassword(password);
    StringBuilder sb = new StringBuilder();
    sb.append("MY__").append(randomStringGenerator.nextString(4)).append("_").append(randomStringGenerator.nextString(4)).append("_").append(randomStringGenerator.nextString(4)).append("_").append(randomStringGenerator.nextString(4)).append("__KEY");
    String recoveryKey = sb.toString();
    KeystorePasswordHolder recoverableKeystorePasswordHolder = new KeystorePasswordHolder();
    recoverableKeystorePasswordHolder.setPassword(keystorePassword, recoveryKey);
    keystorePasswordRepository.save(recoverableKeystorePasswordHolder);
    user.setRecoverableKeystorePasswordHolder(recoverableKeystorePasswordHolder);
    userRepository.save(user);
    return recoveryKey;
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) KeystoreHolder(won.owner.model.KeystoreHolder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Transactional(org.springframework.transaction.annotation.Transactional)

Example 9 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project webofneeds by researchstudio-sat.

the class UserService method registerUser.

/**
 * Registers the specified user with password and an optional role. Assumes
 * values have already been checked for syntactic validity.
 *
 * @param email
 * @param password
 * @param role
 * @throws UserAlreadyExistsException
 * @return the created User
 */
public User registerUser(String email, String password, String role, String privateId) throws UserAlreadyExistsException {
    User user = getByUsername(email);
    if (user != null) {
        throw new UserAlreadyExistsException();
    }
    try {
        PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
        user = new User(email, passwordEncoder.encode(password), role);
        user.setEmail(email);
        if (privateId != null) {
            user.setPrivateId(privateId);
        }
        // transfer only available when flag is set therefore we can just set
        user.setAcceptedTermsOfService(true);
        // this
        // to true (i think)
        KeystorePasswordHolder keystorePassword = new KeystorePasswordHolder();
        // generate a password for the keystore and save it in the database, encrypted
        // with a symmetric key
        // derived from the user's password
        keystorePassword.setPassword(KeystorePasswordUtils.generatePassword(KeystorePasswordUtils.KEYSTORE_PASSWORD_BYTES), password);
        // keystorePassword = keystorePasswordRepository.save(keystorePassword);
        // generate the keystore for the user
        KeystoreHolder keystoreHolder = new KeystoreHolder();
        try {
            // create the keystore if it doesnt exist yet
            keystoreHolder.getKeystore(keystorePassword.getPassword(password));
        } catch (Exception e) {
            throw new IllegalStateException("could not create keystore for user " + email);
        }
        // keystoreHolder = keystoreHolderRepository.save(keystoreHolder);
        user.setKeystorePasswordHolder(keystorePassword);
        user.setKeystoreHolder(keystoreHolder);
        return save(user);
    } catch (DataIntegrityViolationException e) {
        // username is already in database
        throw new UserAlreadyExistsException();
    }
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) KeystoreHolder(won.owner.model.KeystoreHolder) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) KeyStoreException(java.security.KeyStoreException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) KeyStoreIOException(won.owner.model.KeyStoreIOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) DataIntegrityViolationException(org.springframework.dao.DataIntegrityViolationException)

Example 10 with BCryptPasswordEncoder

use of org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder in project webofneeds by researchstudio-sat.

the class UserService method changePassword.

/**
 * Changes the specified user's password from old to new, changes user's key
 * store password and invalidates all persistent logins.
 *
 * @param username
 * @param newPassword
 * @param oldPassword
 * @throws UserNotFoundException when the private User is not found
 * @throws KeyStoreIOException if something goes wrong loading or saving the
 * keystore
 * @throws IncorrectPasswordException if the old password is not the actual old
 * password of the user
 */
@Transactional(propagation = Propagation.REQUIRED)
public User changePassword(String username, String newPassword, String oldPassword) throws UserNotFoundException, KeyStoreIOException, IncorrectPasswordException {
    logger.debug("changing password for user {}", username);
    PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
    User user = getByUsernameWithKeystorePassword(username);
    if (user == null) {
        throw new UserNotFoundException("cannot change password: user not found");
    }
    if (!passwordEncoder.matches(oldPassword, user.getPassword())) {
        throw new IncorrectPasswordException("cannot change password: old password is incorrect");
    }
    KeystorePasswordHolder keystorePasswordHolder = user.getKeystorePasswordHolder();
    String oldKeystorePassword = keystorePasswordHolder.getPassword(oldPassword);
    logger.debug("re-encrypting keystore for user {} with new keystore password", username);
    String newKeystorePassword = changeKeystorePassword(user, oldKeystorePassword);
    // everything has worked so far, now make the changes
    user.setPassword(passwordEncoder.encode(newPassword));
    keystorePasswordHolder.setPassword(newKeystorePassword, newPassword);
    user.setKeystorePasswordHolder(keystorePasswordHolder);
    // we delete the recoverable keystore key as it will no longer work
    user.setRecoverableKeystorePasswordHolder(null);
    save(user);
    logger.debug("password changed for user {}", username);
    // persistent logins won't work any more as we changed the keystore password, so
    // let's delete them
    persistentLoginRepository.deleteByUsername(username);
    return user;
}
Also used : User(won.owner.model.User) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) ExpensiveSecureRandomString(won.protocol.util.ExpensiveSecureRandomString) KeystorePasswordHolder(won.owner.model.KeystorePasswordHolder) BCryptPasswordEncoder(org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder) Transactional(org.springframework.transaction.annotation.Transactional)

Aggregations

BCryptPasswordEncoder (org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder)48 PasswordEncoder (org.springframework.security.crypto.password.PasswordEncoder)18 Test (org.junit.jupiter.api.Test)7 KeystorePasswordHolder (won.owner.model.KeystorePasswordHolder)7 User (won.owner.model.User)7 SCryptPasswordEncoder (org.springframework.security.crypto.scrypt.SCryptPasswordEncoder)6 DelegatingPasswordEncoder (org.springframework.security.crypto.password.DelegatingPasswordEncoder)5 NoOpPasswordEncoder (org.springframework.security.crypto.password.NoOpPasswordEncoder)5 Pbkdf2PasswordEncoder (org.springframework.security.crypto.password.Pbkdf2PasswordEncoder)5 StandardPasswordEncoder (org.springframework.security.crypto.password.StandardPasswordEncoder)5 User (com.github.liuweijw.business.admin.domain.User)4 HashMap (java.util.HashMap)4 Transactional (org.springframework.transaction.annotation.Transactional)4 KeystoreHolder (won.owner.model.KeystoreHolder)4 ExpensiveSecureRandomString (won.protocol.util.ExpensiveSecureRandomString)4 PrePermissions (com.github.liuweijw.business.commons.web.aop.PrePermissions)3 Date (java.util.Date)3 lombok.val (lombok.val)3 Bean (org.springframework.context.annotation.Bean)3 DataIntegrityViolationException (org.springframework.dao.DataIntegrityViolationException)3