use of org.wildfly.security.asn1.ASN1Exception in project ldapsdk by pingidentity.
the class Filter method readFrom.
/**
* Reads and decodes a search filter from the provided ASN.1 stream reader.
*
* @param reader The ASN.1 stream reader from which to read the filter.
*
* @return The decoded search filter.
*
* @throws LDAPException If an error occurs while reading or parsing the
* search filter.
*/
@NotNull()
public static Filter readFrom(@NotNull final ASN1StreamReader reader) throws LDAPException {
try {
final Filter[] filterComps;
final Filter notComp;
final String attrName;
final ASN1OctetString assertionValue;
final ASN1OctetString subInitial;
final ASN1OctetString[] subAny;
final ASN1OctetString subFinal;
final String matchingRuleID;
final boolean dnAttributes;
final byte filterType = (byte) reader.peek();
switch(filterType) {
case FILTER_TYPE_AND:
case FILTER_TYPE_OR:
final ArrayList<Filter> comps = new ArrayList<>(5);
final ASN1StreamReaderSet elementSet = reader.beginSet();
while (elementSet.hasMoreElements()) {
comps.add(readFrom(reader));
}
filterComps = new Filter[comps.size()];
comps.toArray(filterComps);
notComp = null;
attrName = null;
assertionValue = null;
subInitial = null;
subAny = NO_SUB_ANY;
subFinal = null;
matchingRuleID = null;
dnAttributes = false;
break;
case FILTER_TYPE_NOT:
final ASN1Element notFilterElement;
try {
final ASN1Element e = reader.readElement();
notFilterElement = ASN1Element.decode(e.getValue());
} catch (final ASN1Exception ae) {
Debug.debugException(ae);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_CANNOT_DECODE_NOT_COMP.get(StaticUtils.getExceptionMessage(ae)), ae);
}
notComp = decode(notFilterElement);
filterComps = NO_FILTERS;
attrName = null;
assertionValue = null;
subInitial = null;
subAny = NO_SUB_ANY;
subFinal = null;
matchingRuleID = null;
dnAttributes = false;
break;
case FILTER_TYPE_EQUALITY:
case FILTER_TYPE_GREATER_OR_EQUAL:
case FILTER_TYPE_LESS_OR_EQUAL:
case FILTER_TYPE_APPROXIMATE_MATCH:
reader.beginSequence();
attrName = reader.readString();
assertionValue = new ASN1OctetString(reader.readBytes());
filterComps = NO_FILTERS;
notComp = null;
subInitial = null;
subAny = NO_SUB_ANY;
subFinal = null;
matchingRuleID = null;
dnAttributes = false;
break;
case FILTER_TYPE_SUBSTRING:
reader.beginSequence();
attrName = reader.readString();
ASN1OctetString tempSubInitial = null;
ASN1OctetString tempSubFinal = null;
final ArrayList<ASN1OctetString> subAnyList = new ArrayList<>(1);
final ASN1StreamReaderSequence subSequence = reader.beginSequence();
while (subSequence.hasMoreElements()) {
final byte type = (byte) reader.peek();
final ASN1OctetString s = new ASN1OctetString(type, reader.readBytes());
switch(type) {
case SUBSTRING_TYPE_SUBINITIAL:
tempSubInitial = s;
break;
case SUBSTRING_TYPE_SUBANY:
subAnyList.add(s);
break;
case SUBSTRING_TYPE_SUBFINAL:
tempSubFinal = s;
break;
default:
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_INVALID_SUBSTR_TYPE.get(StaticUtils.toHex(type)));
}
}
subInitial = tempSubInitial;
subFinal = tempSubFinal;
subAny = new ASN1OctetString[subAnyList.size()];
subAnyList.toArray(subAny);
filterComps = NO_FILTERS;
notComp = null;
assertionValue = null;
matchingRuleID = null;
dnAttributes = false;
break;
case FILTER_TYPE_PRESENCE:
attrName = reader.readString();
filterComps = NO_FILTERS;
notComp = null;
assertionValue = null;
subInitial = null;
subAny = NO_SUB_ANY;
subFinal = null;
matchingRuleID = null;
dnAttributes = false;
break;
case FILTER_TYPE_EXTENSIBLE_MATCH:
String tempAttrName = null;
ASN1OctetString tempAssertionValue = null;
String tempMatchingRuleID = null;
boolean tempDNAttributes = false;
final ASN1StreamReaderSequence emSequence = reader.beginSequence();
while (emSequence.hasMoreElements()) {
final byte type = (byte) reader.peek();
switch(type) {
case EXTENSIBLE_TYPE_ATTRIBUTE_NAME:
tempAttrName = reader.readString();
break;
case EXTENSIBLE_TYPE_MATCHING_RULE_ID:
tempMatchingRuleID = reader.readString();
break;
case EXTENSIBLE_TYPE_MATCH_VALUE:
tempAssertionValue = new ASN1OctetString(type, reader.readBytes());
break;
case EXTENSIBLE_TYPE_DN_ATTRIBUTES:
tempDNAttributes = reader.readBoolean();
break;
default:
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_EXTMATCH_INVALID_TYPE.get(StaticUtils.toHex(type)));
}
}
if ((tempAttrName == null) && (tempMatchingRuleID == null)) {
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_EXTMATCH_NO_ATTR_OR_MRID.get());
}
if (tempAssertionValue == null) {
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_EXTMATCH_NO_VALUE.get());
}
attrName = tempAttrName;
assertionValue = tempAssertionValue;
matchingRuleID = tempMatchingRuleID;
dnAttributes = tempDNAttributes;
filterComps = NO_FILTERS;
notComp = null;
subInitial = null;
subAny = NO_SUB_ANY;
subFinal = null;
break;
default:
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_ELEMENT_INVALID_TYPE.get(StaticUtils.toHex(filterType)));
}
return new Filter(null, filterType, filterComps, notComp, attrName, assertionValue, subInitial, subAny, subFinal, matchingRuleID, dnAttributes);
} catch (final LDAPException le) {
Debug.debugException(le);
throw le;
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_FILTER_CANNOT_DECODE.get(StaticUtils.getExceptionMessage(e)), e);
}
}
use of org.wildfly.security.asn1.ASN1Exception in project ldapsdk by pingidentity.
the class Control method decode.
/**
* Decodes the provided ASN.1 sequence as an LDAP control.
*
* @param controlSequence The ASN.1 sequence to be decoded.
*
* @return The decoded control.
*
* @throws LDAPException If a problem occurs while attempting to decode the
* provided ASN.1 sequence as an LDAP control.
*/
@NotNull()
public static Control decode(@NotNull final ASN1Sequence controlSequence) throws LDAPException {
final ASN1Element[] elements = controlSequence.elements();
if ((elements.length < 1) || (elements.length > 3)) {
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_CONTROL_DECODE_INVALID_ELEMENT_COUNT.get(elements.length));
}
final String oid = ASN1OctetString.decodeAsOctetString(elements[0]).stringValue();
boolean isCritical = false;
ASN1OctetString value = null;
if (elements.length == 2) {
switch(elements[1].getType()) {
case ASN1Constants.UNIVERSAL_BOOLEAN_TYPE:
try {
isCritical = ASN1Boolean.decodeAsBoolean(elements[1]).booleanValue();
} catch (final ASN1Exception ae) {
Debug.debugException(ae);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_CONTROL_DECODE_CRITICALITY.get(StaticUtils.getExceptionMessage(ae)), ae);
}
break;
case ASN1Constants.UNIVERSAL_OCTET_STRING_TYPE:
value = ASN1OctetString.decodeAsOctetString(elements[1]);
break;
default:
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_CONTROL_INVALID_TYPE.get(StaticUtils.toHex(elements[1].getType())));
}
} else if (elements.length == 3) {
try {
isCritical = ASN1Boolean.decodeAsBoolean(elements[1]).booleanValue();
} catch (final ASN1Exception ae) {
Debug.debugException(ae);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_CONTROL_DECODE_CRITICALITY.get(StaticUtils.getExceptionMessage(ae)), ae);
}
value = ASN1OctetString.decodeAsOctetString(elements[2]);
}
return decode(oid, isCritical, value);
}
use of org.wildfly.security.asn1.ASN1Exception in project ldapsdk by pingidentity.
the class LDAPResult method readLDAPResultFrom.
/**
* Creates a new LDAP result object with the provided message ID and with the
* protocol op and controls read from the given ASN.1 stream reader.
*
* @param messageID The LDAP message ID for the LDAP message that is
* associated with this LDAP result.
* @param messageSequence The ASN.1 stream reader sequence used in the
* course of reading the LDAP message elements.
* @param reader The ASN.1 stream reader from which to read the
* protocol op and controls.
*
* @return The decoded LDAP result.
*
* @throws LDAPException If a problem occurs while reading or decoding data
* from the ASN.1 stream reader.
*/
@NotNull()
static LDAPResult readLDAPResultFrom(final int messageID, @NotNull final ASN1StreamReaderSequence messageSequence, @NotNull final ASN1StreamReader reader) throws LDAPException {
try {
final ASN1StreamReaderSequence protocolOpSequence = reader.beginSequence();
final byte protocolOpType = protocolOpSequence.getType();
final ResultCode resultCode = ResultCode.valueOf(reader.readEnumerated());
String matchedDN = reader.readString();
if (matchedDN.isEmpty()) {
matchedDN = null;
}
String diagnosticMessage = reader.readString();
if (diagnosticMessage.isEmpty()) {
diagnosticMessage = null;
}
String[] referralURLs = StaticUtils.NO_STRINGS;
if (protocolOpSequence.hasMoreElements()) {
final ArrayList<String> refList = new ArrayList<>(1);
final ASN1StreamReaderSequence refSequence = reader.beginSequence();
while (refSequence.hasMoreElements()) {
refList.add(reader.readString());
}
referralURLs = new String[refList.size()];
refList.toArray(referralURLs);
}
Control[] responseControls = NO_CONTROLS;
if (messageSequence.hasMoreElements()) {
final ArrayList<Control> controlList = new ArrayList<>(1);
final ASN1StreamReaderSequence controlSequence = reader.beginSequence();
while (controlSequence.hasMoreElements()) {
controlList.add(Control.readFrom(reader));
}
responseControls = new Control[controlList.size()];
controlList.toArray(responseControls);
}
return new LDAPResult(protocolOpType, messageID, resultCode, diagnosticMessage, matchedDN, referralURLs, responseControls);
} catch (final LDAPException le) {
Debug.debugException(le);
throw le;
} catch (final ASN1Exception ae) {
Debug.debugException(ae);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_RESULT_CANNOT_DECODE.get(ae.getMessage()), ae);
} catch (final Exception e) {
Debug.debugException(e);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_RESULT_CANNOT_DECODE.get(StaticUtils.getExceptionMessage(e)), e);
}
}
use of org.wildfly.security.asn1.ASN1Exception in project ldapsdk by pingidentity.
the class Attribute method decode.
/**
* Decodes the provided ASN.1 sequence as an LDAP attribute.
*
* @param encodedAttribute The ASN.1 sequence to be decoded as an LDAP
* attribute. It must not be {@code null}.
*
* @return The decoded LDAP attribute.
*
* @throws LDAPException If a problem occurs while attempting to decode the
* provided ASN.1 sequence as an LDAP attribute.
*/
@NotNull()
public static Attribute decode(@NotNull final ASN1Sequence encodedAttribute) throws LDAPException {
Validator.ensureNotNull(encodedAttribute);
final ASN1Element[] elements = encodedAttribute.elements();
if (elements.length != 2) {
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_ATTR_DECODE_INVALID_COUNT.get(elements.length));
}
final String name = ASN1OctetString.decodeAsOctetString(elements[0]).stringValue();
final ASN1Set valueSet;
try {
valueSet = ASN1Set.decodeAsSet(elements[1]);
} catch (final ASN1Exception ae) {
Debug.debugException(ae);
throw new LDAPException(ResultCode.DECODING_ERROR, ERR_ATTR_DECODE_VALUE_SET.get(StaticUtils.getExceptionMessage(ae)), ae);
}
final ASN1OctetString[] values = new ASN1OctetString[valueSet.elements().length];
for (int i = 0; i < values.length; i++) {
values[i] = ASN1OctetString.decodeAsOctetString(valueSet.elements()[i]);
}
return new Attribute(name, CaseIgnoreStringMatchingRule.getInstance(), values);
}
use of org.wildfly.security.asn1.ASN1Exception in project wildfly-elytron by wildfly-security.
the class KeyStoreCredentialStore method retrieve.
public <C extends Credential> C retrieve(final String credentialAlias, final Class<C> credentialType, final String credentialAlgorithm, final AlgorithmParameterSpec parameterSpec, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
final KeyStore.Entry entry;
final MidEntry midEntry;
final BottomEntry bottomEntry;
final String ksAlias;
try (Hold hold = lockForRead()) {
final TopEntry topEntry = cache.get(toLowercase(credentialAlias));
if (topEntry == null) {
log.trace("KeyStoreCredentialStore: alias not found in cache");
return null;
}
if (topEntry.getMap().containsKey(credentialType)) {
log.trace("KeyStoreCredentialStore: contains exact type");
midEntry = topEntry.getMap().get(credentialType);
} else {
// loose (slow) match
final Iterator<MidEntry> iterator = topEntry.getMap().values().iterator();
for (; ; ) {
if (!iterator.hasNext()) {
log.trace("KeyStoreCredentialStore: no assignable found");
return null;
}
MidEntry item = iterator.next();
if (credentialType.isAssignableFrom(item.getCredentialType())) {
log.trace("KeyStoreCredentialStore: assignable found");
midEntry = item;
break;
}
}
}
if (credentialAlgorithm != null) {
bottomEntry = midEntry.getMap().get(credentialAlgorithm);
} else {
// match any
final Iterator<BottomEntry> iterator = midEntry.getMap().values().iterator();
if (iterator.hasNext()) {
bottomEntry = iterator.next();
} else {
bottomEntry = midEntry.getNoAlgorithm();
}
}
if (bottomEntry == null) {
log.tracef("KeyStoreCredentialStore: no entry for algorithm %s", credentialAlgorithm);
return null;
}
if (parameterSpec != null) {
ksAlias = bottomEntry.getMap().get(new ParamKey(parameterSpec));
} else {
// match any
final Iterator<String> iterator = bottomEntry.getMap().values().iterator();
if (iterator.hasNext()) {
ksAlias = iterator.next();
} else {
ksAlias = bottomEntry.getNoParams();
}
}
if (ksAlias == null) {
log.tracef("KeyStoreCredentialStore: no entry for parameterSpec %s", parameterSpec);
return null;
}
entry = keyStore.getEntry(ksAlias, convertParameter(protectionParameter));
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (entry == null) {
// odd, but we can handle it
log.trace("KeyStoreCredentialStore: null entry");
return null;
}
final Class<? extends Credential> matchedCredentialType = midEntry.getCredentialType();
if (matchedCredentialType == SecretKeyCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry) {
// simple
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
return credentialType.cast(new SecretKeyCredential(secretKey));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == PublicKeyCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
// we store as a secret key because we can't store the public key properly...
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because PublicKeyCredential is an AlgorithmCredential
assert matchedAlgorithm != null;
final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(encoded));
return credentialType.cast(new PublicKeyCredential(publicKey));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == KeyPairCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because KeyPairCredential is an AlgorithmCredential
assert matchedAlgorithm != null;
// extract public and private segments
final DERDecoder decoder = new DERDecoder(encoded);
decoder.startSequence();
final byte[] publicBytes = decoder.drainElement();
final byte[] privateBytes = decoder.drainElement();
decoder.endSequence();
final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicBytes));
final PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateBytes));
final KeyPair keyPair = new KeyPair(publicKey, privateKey);
return credentialType.cast(new KeyPairCredential(keyPair));
} catch (InvalidKeySpecException | NoSuchAlgorithmException | ASN1Exception e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == X509CertificateChainPublicCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
// OK so this is pretty ugly, but the TrustedCertificateEntry type only holds a single cert so it's no good
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because it is an AlgorithmCredential
assert matchedAlgorithm != null;
final DERDecoder decoder = new DERDecoder(encoded);
final CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509);
final int count = decoder.decodeInteger().intValueExact();
final X509Certificate[] array = new X509Certificate[count];
decoder.startSequence();
int i = 0;
while (decoder.hasNextElement()) {
final byte[] certBytes = decoder.drainElement();
array[i++] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
}
decoder.endSequence();
return credentialType.cast(new X509CertificateChainPublicCredential(array));
} catch (ASN1Exception | CertificateException | ArrayIndexOutOfBoundsException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == X509CertificateChainPrivateCredential.class) {
if (entry instanceof KeyStore.PrivateKeyEntry) {
// an entry type that matches our credential type!
final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
final PrivateKey privateKey = privateKeyEntry.getPrivateKey();
final Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
final X509Certificate[] x509Certificates = X500.asX509CertificateArray(certificateChain);
return credentialType.cast(new X509CertificateChainPrivateCredential(privateKey, x509Certificates));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.PrivateKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == BearerTokenCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry) {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
return credentialType.cast(new BearerTokenCredential(new String(encoded, StandardCharsets.UTF_8)));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == PasswordCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because it is an AlgorithmCredential
assert matchedAlgorithm != null;
final DERDecoder decoder = new DERDecoder(encoded);
// we use algorithm-based encoding rather than a standard that encompasses all password types.
final PasswordSpec passwordSpec;
switch(matchedAlgorithm) {
case BCryptPassword.ALGORITHM_BCRYPT:
case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final byte[] salt = decoder.decodeOctetString();
final int iterationCount = decoder.decodeInteger().intValue();
decoder.endSequence();
passwordSpec = new IteratedSaltedHashPasswordSpec(hash, salt, iterationCount);
break;
}
case ClearPassword.ALGORITHM_CLEAR:
{
passwordSpec = new ClearPasswordSpec(decoder.decodeOctetStringAsString().toCharArray());
break;
}
case DigestPassword.ALGORITHM_DIGEST_MD5:
case DigestPassword.ALGORITHM_DIGEST_SHA:
case DigestPassword.ALGORITHM_DIGEST_SHA_256:
case DigestPassword.ALGORITHM_DIGEST_SHA_384:
case DigestPassword.ALGORITHM_DIGEST_SHA_512:
case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
{
decoder.startSequence();
final String username = decoder.decodeOctetStringAsString();
final String realm = decoder.decodeOctetStringAsString();
final byte[] digest = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new DigestPasswordSpec(username, realm, digest);
break;
}
case OneTimePassword.ALGORITHM_OTP_MD5:
case OneTimePassword.ALGORITHM_OTP_SHA1:
case OneTimePassword.ALGORITHM_OTP_SHA_256:
case OneTimePassword.ALGORITHM_OTP_SHA_384:
case OneTimePassword.ALGORITHM_OTP_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final String seed = decoder.decodeIA5String();
final int sequenceNumber = decoder.decodeInteger().intValue();
decoder.endSequence();
passwordSpec = new OneTimePasswordSpec(hash, seed, sequenceNumber);
break;
}
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final byte[] salt = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new SaltedHashPasswordSpec(hash, salt);
break;
}
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new HashPasswordSpec(hash);
break;
}
default:
{
if (MaskedPassword.isMaskedAlgorithm(matchedAlgorithm)) {
decoder.startSequence();
final char[] initialKeyMaterial = decoder.decodeOctetStringAsString().toCharArray();
final int iterationCount = decoder.decodeInteger().intValue();
final byte[] salt = decoder.decodeOctetString();
final byte[] maskedPasswordBytes = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new MaskedPasswordSpec(initialKeyMaterial, iterationCount, salt, maskedPasswordBytes);
break;
} else {
throw log.unsupportedCredentialType(credentialType);
}
}
}
PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(matchedAlgorithm, () -> providers) : PasswordFactory.getInstance(matchedAlgorithm);
final Password password = passwordFactory.generatePassword(passwordSpec);
return credentialType.cast(new PasswordCredential(password));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else {
throw log.unableToReadCredentialTypeFromStore(matchedCredentialType);
}
}
Aggregations