Search in sources :

Example 1 with BSDUnixDESCryptPassword

use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.

the class BSDUnixDESCryptTest method generateAndVerify.

private void generateAndVerify(String cryptString, String correctPassword) throws InvalidKeyException, InvalidKeySpecException {
    final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
    BSDUnixDESCryptPassword password = (BSDUnixDESCryptPassword) ModularCrypt.decode(cryptString);
    final String algorithm = password.getAlgorithm();
    // password is in raw form, need to translate first before verifying
    password = (BSDUnixDESCryptPassword) spi.engineTranslatePassword(algorithm, password);
    // Use the spec to generate a BSDUnixDESCryptPasswordImpl and then verify the hash
    // using the correct password
    assertTrue(spi.engineVerify(algorithm, password, correctPassword.toCharArray()));
    assertFalse(spi.engineVerify(algorithm, password, "wrongpassword".toCharArray()));
    // Create a new password using EncryptablePasswordSpec and check if the hash matches
    // the hash from the spec
    byte[] salt = new byte[3];
    salt[0] = (byte) (password.getSalt() >> 16);
    salt[1] = (byte) (password.getSalt() >> 8);
    salt[2] = (byte) (password.getSalt());
    BSDUnixDESCryptPasswordImpl password2 = (BSDUnixDESCryptPasswordImpl) spi.engineGeneratePassword(algorithm, new EncryptablePasswordSpec(correctPassword.toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(password.getIterationCount(), salt)));
    assertEquals(password.getSalt(), password2.getSalt());
    assertArrayEquals(password.getHash(), password2.getHash());
    // Use the new password to obtain a spec and then check if this spec yields the same
    // crypt string
    assertEquals(cryptString, ModularCrypt.encodeAsString(password2));
}
Also used : IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) EncryptablePasswordSpec(org.wildfly.security.password.spec.EncryptablePasswordSpec) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword)

Example 2 with BSDUnixDESCryptPassword

use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.

the class UserPasswordPasswordUtilTest method testBsdDesCrypt.

@Test
public void testBsdDesCrypt() throws Exception {
    byte[] orig = "{crypt}_N.../TTpyByTVvdmWGo".getBytes(StandardCharsets.UTF_8);
    BSDUnixDESCryptPassword parsedPassword = (BSDUnixDESCryptPassword) UserPasswordPasswordUtil.parseUserPassword(orig);
    assertEquals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, parsedPassword.getAlgorithm());
    byte[] composed = UserPasswordPasswordUtil.composeUserPassword(parsedPassword);
    assertEquals("{crypt}_N.../TTpyByTVvdmWGo", new String(composed, StandardCharsets.UTF_8));
}
Also used : BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Test(org.junit.Test)

Example 3 with BSDUnixDESCryptPassword

use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.

the class ModularCrypt method getCryptStringToBuilder.

private static StringBuilder getCryptStringToBuilder(Password password) throws InvalidKeySpecException {
    Assert.checkNotNullParam("password", password);
    final StringBuilder b = new StringBuilder();
    if (password instanceof BCryptPassword) {
        BCryptPassword spec = (BCryptPassword) password;
        b.append("$2a$");
        if (spec.getIterationCount() < 10)
            b.append(0);
        b.append(spec.getIterationCount());
        b.append("$");
        ByteIterator.ofBytes(spec.getSalt()).base64Encode(BCRYPT, false).drainTo(b);
        ByteIterator.ofBytes(spec.getHash()).base64Encode(BCRYPT, false).drainTo(b);
    } else if (password instanceof BSDUnixDESCryptPassword) {
        b.append('_');
        final BSDUnixDESCryptPassword spec = (BSDUnixDESCryptPassword) password;
        final int iterationCount = spec.getIterationCount();
        b.appendCodePoint(MOD_CRYPT.encode(iterationCount & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 6) & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 12) & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((iterationCount >> 18) & 0x3f));
        final int salt = spec.getSalt();
        b.appendCodePoint(MOD_CRYPT.encode(salt & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((salt >> 6) & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((salt >> 12) & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((salt >> 18) & 0x3f));
        ByteIterator.ofBytes(spec.getHash()).base64Encode(MOD_CRYPT, false).drainTo(b);
    } else if (password instanceof UnixDESCryptPassword) {
        final UnixDESCryptPassword spec = (UnixDESCryptPassword) password;
        final short salt = spec.getSalt();
        b.appendCodePoint(MOD_CRYPT.encode(salt & 0x3f));
        b.appendCodePoint(MOD_CRYPT.encode((salt >> 6) & 0x3f));
        ByteIterator.ofBytes(spec.getHash()).base64Encode(MOD_CRYPT, false).drainTo(b);
    } else if (password instanceof UnixMD5CryptPassword) {
        b.append("$1$");
        final UnixMD5CryptPassword spec = (UnixMD5CryptPassword) password;
        final byte[] salt = spec.getSalt();
        for (final byte sb : salt) {
            b.append((char) (sb & 0xff));
        }
        b.append('$');
        ByteIterator.ofBytes(spec.getHash(), MD5_IDX).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
    } else if (password instanceof SunUnixMD5CryptPassword) {
        final SunUnixMD5CryptPassword spec = (SunUnixMD5CryptPassword) password;
        final int iterationCount = spec.getIterationCount();
        if (iterationCount > 0) {
            b.append("$md5,rounds=").append(iterationCount).append('$');
        } else {
            b.append("$md5$");
        }
        final byte[] salt = spec.getSalt();
        for (final byte sb : salt) {
            b.append((char) (sb & 0xff));
        }
        switch(spec.getAlgorithm()) {
            case ALGORITHM_SUN_CRYPT_MD5:
                {
                    b.append("$$");
                    break;
                }
            case ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
                {
                    b.append("$");
                    break;
                }
            default:
                {
                    throw log.invalidKeySpecUnrecognizedKeySpecAlgorithm();
                }
        }
        ByteIterator.ofBytes(spec.getHash(), MD5_IDX).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
    } else if (password instanceof UnixSHACryptPassword) {
        final UnixSHACryptPassword spec = (UnixSHACryptPassword) password;
        final int[] interleave;
        switch(spec.getAlgorithm()) {
            case ALGORITHM_CRYPT_SHA_256:
                {
                    b.append("$5$");
                    interleave = SHA_256_IDX;
                    break;
                }
            case ALGORITHM_CRYPT_SHA_512:
                {
                    b.append("$6$");
                    interleave = SHA_512_IDX;
                    break;
                }
            default:
                {
                    throw log.invalidKeySpecUnrecognizedKeySpecAlgorithm();
                }
        }
        final int iterationCount = spec.getIterationCount();
        if (iterationCount != 5_000) {
            b.append("rounds=").append(iterationCount).append('$');
        }
        final byte[] salt = spec.getSalt();
        for (final byte sb : salt) {
            b.append((char) (sb & 0xff));
        }
        b.append('$');
        ByteIterator.ofBytes(spec.getHash(), interleave).base64Encode(MOD_CRYPT_LE, false).drainTo(b);
    } else if (password instanceof MaskedPassword) {
        final MaskedPassword spec = (MaskedPassword) password;
        b.append('$').append(spec.getAlgorithm()).append('$');
        b.append(spec.getInitialKeyMaterial()).append('$');
        b.append(spec.getIterationCount()).append('$');
        ByteIterator.ofBytes(spec.getSalt()).base64Encode().drainTo(b).append('$');
        ByteIterator.ofBytes(spec.getMaskedPasswordBytes()).base64Encode().drainTo(b);
        if (spec.getInitializationVector() != null) {
            b.append('$');
            ByteIterator.ofBytes(spec.getInitializationVector()).base64Encode().drainTo(b);
        }
    } else {
        throw log.invalidKeySpecPasswordSpecCannotBeRenderedAsString();
    }
    return b;
}
Also used : SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword)

Example 4 with BSDUnixDESCryptPassword

use of org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword in project wildfly-elytron by wildfly-security.

the class BSDUnixDESCryptTest method testParseCryptString.

@Test
public void testParseCryptString() throws InvalidKeySpecException {
    String cryptString = "_rH..saltodLocONXC9c";
    // Get the spec by parsing the crypt string
    BSDUnixDESCryptPassword password = (BSDUnixDESCryptPassword) ModularCrypt.decode(cryptString);
    assertEquals(1_271, password.getIterationCount());
    assertEquals(BSDUnixDESCryptPassword.BSD_CRYPT_DES_HASH_SIZE, password.getHash().length);
    // Use the spec to build a new crypt string and compare it to the original
    assertEquals(cryptString, ModularCrypt.encodeAsString(password));
}
Also used : BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Test(org.junit.Test)

Aggregations

BSDUnixDESCryptPassword (org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword)4 Test (org.junit.Test)2 BCryptPassword (org.wildfly.security.password.interfaces.BCryptPassword)1 MaskedPassword (org.wildfly.security.password.interfaces.MaskedPassword)1 SunUnixMD5CryptPassword (org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword)1 UnixDESCryptPassword (org.wildfly.security.password.interfaces.UnixDESCryptPassword)1 UnixMD5CryptPassword (org.wildfly.security.password.interfaces.UnixMD5CryptPassword)1 UnixSHACryptPassword (org.wildfly.security.password.interfaces.UnixSHACryptPassword)1 EncryptablePasswordSpec (org.wildfly.security.password.spec.EncryptablePasswordSpec)1 IteratedSaltedPasswordAlgorithmSpec (org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec)1