use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.
the class BSDUnixDESCryptTest method generateAndVerify.
private void generateAndVerify(String cryptString, String correctPassword) throws InvalidKeyException, InvalidKeySpecException {
final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
BSDUnixDESCryptPassword password = (BSDUnixDESCryptPassword) ModularCrypt.decode(cryptString);
final String algorithm = password.getAlgorithm();
// password is in raw form, need to translate first before verifying
password = (BSDUnixDESCryptPassword) spi.engineTranslatePassword(algorithm, password);
// Use the spec to generate a BSDUnixDESCryptPasswordImpl and then verify the hash
// using the correct password
assertTrue(spi.engineVerify(algorithm, password, correctPassword.toCharArray()));
assertFalse(spi.engineVerify(algorithm, password, "wrongpassword".toCharArray()));
// Create a new password using EncryptablePasswordSpec and check if the hash matches
// the hash from the spec
byte[] salt = new byte[3];
salt[0] = (byte) (password.getSalt() >> 16);
salt[1] = (byte) (password.getSalt() >> 8);
salt[2] = (byte) (password.getSalt());
BSDUnixDESCryptPasswordImpl password2 = (BSDUnixDESCryptPasswordImpl) spi.engineGeneratePassword(algorithm, new EncryptablePasswordSpec(correctPassword.toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(password.getIterationCount(), salt)));
assertEquals(password.getSalt(), password2.getSalt());
assertArrayEquals(password.getHash(), password2.getHash());
// Use the new password to obtain a spec and then check if this spec yields the same
// crypt string
assertEquals(cryptString, ModularCrypt.encodeAsString(password2));
}
use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.
the class UserPasswordPasswordUtilTest method testBsdDesCrypt.
@Test
public void testBsdDesCrypt() throws Exception {
byte[] orig = "{crypt}_N.../TTpyByTVvdmWGo".getBytes(StandardCharsets.UTF_8);
BSDUnixDESCryptPassword parsedPassword = (BSDUnixDESCryptPassword) UserPasswordPasswordUtil.parseUserPassword(orig);
assertEquals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, parsedPassword.getAlgorithm());
byte[] composed = UserPasswordPasswordUtil.composeUserPassword(parsedPassword);
assertEquals("{crypt}_N.../TTpyByTVvdmWGo", new String(composed, StandardCharsets.UTF_8));
}
use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.
the class ModularCrypt method getCryptStringToBuilder.
private static StringBuilder getCryptStringToBuilder(Password password) throws InvalidKeySpecException {
Assert.checkNotNullParam("password", password);
final StringBuilder b = new StringBuilder();
if (password instanceof BCryptPassword) {
BCryptPassword spec = (BCryptPassword) password;
b.append("$2a$");
if (spec.getIterationCount() < 10)
b.append(0);
b.append(spec.getIterationCount());
b.append("$");
ByteIterator.ofBytes(spec.getSalt()).base64Encode(BCRYPT, false).drainTo(b);
ByteIterator.ofBytes(spec.getHash()).base64Encode(BCRYPT, false).drainTo(b);
} else if (password instanceof BSDUnixDESCryptPassword) {
b.append('_');
final BSDUnixDESCryptPassword spec = (BSDUnixDESCryptPassword) password;
final int iterationCount = spec.getIterationCount();
b.appendCodePoint(MOD_CRYPT.encode(iterationCount & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 6) & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 12) & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 18) & 0x3f));
final int salt = spec.getSalt();
b.appendCodePoint(MOD_CRYPT.encode(salt & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((salt >> 6) & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((salt >> 12) & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((salt >> 18) & 0x3f));
ByteIterator.ofBytes(spec.getHash()).base64Encode(MOD_CRYPT, false).drainTo(b);
} else if (password instanceof UnixDESCryptPassword) {
final UnixDESCryptPassword spec = (UnixDESCryptPassword) password;
final short salt = spec.getSalt();
b.appendCodePoint(MOD_CRYPT.encode(salt & 0x3f));
b.appendCodePoint(MOD_CRYPT.encode((salt >> 6) & 0x3f));
ByteIterator.ofBytes(spec.getHash()).base64Encode(MOD_CRYPT, false).drainTo(b);
} else if (password instanceof UnixMD5CryptPassword) {
b.append("$1$");
final UnixMD5CryptPassword spec = (UnixMD5CryptPassword) password;
final byte[] salt = spec.getSalt();
for (final byte sb : salt) {
b.append((char) (sb & 0xff));
}
b.append('$');
ByteIterator.ofBytes(spec.getHash(), MD5_IDX).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
} else if (password instanceof SunUnixMD5CryptPassword) {
final SunUnixMD5CryptPassword spec = (SunUnixMD5CryptPassword) password;
final int iterationCount = spec.getIterationCount();
if (iterationCount > 0) {
b.append("$md5,rounds=").append(iterationCount).append('$');
} else {
b.append("$md5$");
}
final byte[] salt = spec.getSalt();
for (final byte sb : salt) {
b.append((char) (sb & 0xff));
}
switch(spec.getAlgorithm()) {
case ALGORITHM_SUN_CRYPT_MD5:
{
b.append("$$");
break;
}
case ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
{
b.append("$");
break;
}
default:
{
throw log.invalidKeySpecUnrecognizedKeySpecAlgorithm();
}
}
ByteIterator.ofBytes(spec.getHash(), MD5_IDX).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
} else if (password instanceof UnixSHACryptPassword) {
final UnixSHACryptPassword spec = (UnixSHACryptPassword) password;
final int[] interleave;
switch(spec.getAlgorithm()) {
case ALGORITHM_CRYPT_SHA_256:
{
b.append("$5$");
interleave = SHA_256_IDX;
break;
}
case ALGORITHM_CRYPT_SHA_512:
{
b.append("$6$");
interleave = SHA_512_IDX;
break;
}
default:
{
throw log.invalidKeySpecUnrecognizedKeySpecAlgorithm();
}
}
final int iterationCount = spec.getIterationCount();
if (iterationCount != 5_000) {
b.append("rounds=").append(iterationCount).append('$');
}
final byte[] salt = spec.getSalt();
for (final byte sb : salt) {
b.append((char) (sb & 0xff));
}
b.append('$');
ByteIterator.ofBytes(spec.getHash(), interleave).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
} else if (password instanceof MaskedPassword) {
final MaskedPassword spec = (MaskedPassword) password;
b.append('$').append(spec.getAlgorithm()).append('$');
b.append(spec.getInitialKeyMaterial()).append('$');
b.append(spec.getIterationCount()).append('$');
ByteIterator.ofBytes(spec.getSalt()).base64Encode().drainTo(b).append('$');
ByteIterator.ofBytes(spec.getMaskedPasswordBytes()).base64Encode().drainTo(b);
if (spec.getInitializationVector() != null) {
b.append('$');
ByteIterator.ofBytes(spec.getInitializationVector()).base64Encode().drainTo(b);
}
} else {
throw log.invalidKeySpecPasswordSpecCannotBeRenderedAsString();
}
return b;
}
use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.
the class BSDUnixDESCryptTest method testParseCryptString.
@Test
public void testParseCryptString() throws InvalidKeySpecException {
String cryptString = "_rH..saltodLocONXC9c";
// Get the spec by parsing the crypt string
BSDUnixDESCryptPassword password = (BSDUnixDESCryptPassword) ModularCrypt.decode(cryptString);
assertEquals(1_271, password.getIterationCount());
assertEquals(BSDUnixDESCryptPassword.BSD_CRYPT_DES_HASH_SIZE, password.getHash().length);
// Use the spec to build a new crypt string and compare it to the original
assertEquals(cryptString, ModularCrypt.encodeAsString(password));
}
Aggregations