Search in sources :

Example 1 with OneTimePassword

use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.

the class PasswordSupportSuiteChild method testOneTimePasswordUser1Update.

@Test
public void testOneTimePasswordUser1Update() throws Exception {
    OneTimePasswordSpec spec = new OneTimePasswordSpec(new byte[] { 'i', 'j', 'k' }, "lmn", 4321);
    final PasswordFactory passwordFactory = PasswordFactory.getInstance("otp-sha1", WildFlyElytronPasswordProvider.getInstance());
    final OneTimePassword password = (OneTimePassword) passwordFactory.generatePassword(spec);
    assertNotNull(password);
    ModifiableRealmIdentity identity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
    assertNotNull(identity);
    assertEquals(SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
    assertEquals(SupportLevel.SUPPORTED, identity.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
    identity.setCredentials(Collections.singleton(new PasswordCredential(password)));
    ModifiableRealmIdentity newIdentity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
    assertNotNull(newIdentity);
    verifyPasswordSupport(newIdentity, OneTimePassword.ALGORITHM_OTP_SHA1, SupportLevel.SUPPORTED);
    OneTimePassword otp = newIdentity.getCredential(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1).getPassword(OneTimePassword.class);
    assertNotNull(otp);
    assertEquals(4321, otp.getSequenceNumber());
    Assert.assertArrayEquals(new byte[] { 'i', 'j', 'k' }, otp.getHash());
    Assert.assertEquals("lmn", otp.getSeed());
}
Also used : OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) PasswordFactory(org.wildfly.security.password.PasswordFactory) ModifiableRealmIdentity(org.wildfly.security.auth.server.ModifiableRealmIdentity) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(org.wildfly.security.credential.PasswordCredential) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) Test(org.junit.Test)

Example 2 with OneTimePassword

use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.

the class PasswordSupportSuiteChild method testOneTimePasswordUser0.

@Test
public void testOneTimePasswordUser0() throws Exception {
    SupportLevel support = simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, null, null);
    assertEquals("Pre identity", SupportLevel.SUPPORTED, support);
    RealmIdentity identity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
    verifyPasswordSupport(identity, OneTimePassword.ALGORITHM_OTP_SHA1, SupportLevel.SUPPORTED);
    OneTimePassword otp = identity.getCredential(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1).getPassword(OneTimePassword.class);
    assertNotNull(otp);
    assertEquals(1234, otp.getSequenceNumber());
    Assert.assertArrayEquals(new byte[] { 'a', 'b', 'c', 'd' }, otp.getHash());
    Assert.assertEquals("efgh", otp.getSeed());
}
Also used : NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(org.wildfly.security.credential.PasswordCredential) RealmIdentity(org.wildfly.security.auth.server.RealmIdentity) ModifiableRealmIdentity(org.wildfly.security.auth.server.ModifiableRealmIdentity) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) SupportLevel(org.wildfly.security.auth.SupportLevel) Test(org.junit.Test)

Example 3 with OneTimePassword

use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.

the class OTPTest method testAuthenticationWithInvalidSequenceNumber.

@Test
public void testAuthenticationWithInvalidSequenceNumber() throws Exception {
    final String algorithm = ALGORITHM_OTP_MD5;
    final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class);
    assertNotNull(clientFactory);
    PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm);
    final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), "ke1234", 0));
    final SaslServerBuilder.BuilderReference<SecurityDomain> securityDomainReference = new SaslServerBuilder.BuilderReference<>();
    final SaslServerBuilder.BuilderReference<Closeable> closeableReference = new SaslServerBuilder.BuilderReference<>();
    try {
        final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference);
        final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE);
        final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh);
        byte[] message = saslClient.evaluateChallenge(new byte[0]);
        try {
            saslServer.evaluateResponse(message);
            fail("Expected SaslException not thrown");
        } catch (SaslException expected) {
        }
        saslClient.dispose();
        saslServer.dispose();
        // The password should remain unchanged
        checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm);
    } finally {
        closeableReference.getReference().close();
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) SaslServer(javax.security.sasl.SaslServer) Closeable(java.io.Closeable) SaslClientFactory(javax.security.sasl.SaslClientFactory) SaslTestUtil.obtainSaslClientFactory(org.wildfly.security.sasl.test.SaslTestUtil.obtainSaslClientFactory) SaslException(javax.security.sasl.SaslException) SaslServerBuilder(org.wildfly.security.sasl.test.SaslServerBuilder) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslClient(javax.security.sasl.SaslClient) PasswordFactory(org.wildfly.security.password.PasswordFactory) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) BuilderReference(org.wildfly.security.sasl.test.SaslServerBuilder.BuilderReference) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) Password(org.wildfly.security.password.Password) Test(org.junit.Test)

Example 4 with OneTimePassword

use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.

the class OTPTest method checkPassword.

private void checkPassword(BuilderReference<SecurityDomain> domainReference, String userName, OneTimePassword expectedUpdatedPassword, String algorithmName) throws RealmUnavailableException {
    SecurityDomain securityDomain = domainReference.getReference();
    RealmIdentity realmIdentity = securityDomain.getIdentity(userName);
    OneTimePassword updatedPassword = realmIdentity.getCredential(PasswordCredential.class, algorithmName).getPassword(OneTimePassword.class);
    assertEquals(expectedUpdatedPassword.getAlgorithm(), updatedPassword.getAlgorithm());
    assertArrayEquals(expectedUpdatedPassword.getHash(), updatedPassword.getHash());
    assertEquals(expectedUpdatedPassword.getSeed(), updatedPassword.getSeed());
    assertEquals(expectedUpdatedPassword.getSequenceNumber(), updatedPassword.getSequenceNumber());
    realmIdentity.dispose();
}
Also used : PasswordCredential(org.wildfly.security.credential.PasswordCredential) RealmIdentity(org.wildfly.security.auth.server.RealmIdentity) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain)

Example 5 with OneTimePassword

use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.

the class OTPTest method testAuthenticationWithLongSeed.

@Test
public void testAuthenticationWithLongSeed() throws Exception {
    final String algorithm = ALGORITHM_OTP_MD5;
    final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class);
    assertNotNull(clientFactory);
    PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm);
    final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), "thisSeedIsTooLong", 500));
    final SaslServerBuilder.BuilderReference<SecurityDomain> securityDomainReference = new SaslServerBuilder.BuilderReference<>();
    final SaslServerBuilder.BuilderReference<Closeable> closeableReference = new SaslServerBuilder.BuilderReference<>();
    try {
        final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference);
        final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE);
        final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh);
        byte[] message = saslClient.evaluateChallenge(new byte[0]);
        try {
            saslServer.evaluateResponse(message);
            fail("Expected SaslException not thrown");
        } catch (SaslException expected) {
        }
        saslClient.dispose();
        saslServer.dispose();
        // The password should remain unchanged
        checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm);
    } finally {
        closeableReference.getReference().close();
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) SaslServer(javax.security.sasl.SaslServer) Closeable(java.io.Closeable) SaslClientFactory(javax.security.sasl.SaslClientFactory) SaslTestUtil.obtainSaslClientFactory(org.wildfly.security.sasl.test.SaslTestUtil.obtainSaslClientFactory) SaslException(javax.security.sasl.SaslException) SaslServerBuilder(org.wildfly.security.sasl.test.SaslServerBuilder) SecurityDomain(org.wildfly.security.auth.server.SecurityDomain) SaslClient(javax.security.sasl.SaslClient) PasswordFactory(org.wildfly.security.password.PasswordFactory) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) BuilderReference(org.wildfly.security.sasl.test.SaslServerBuilder.BuilderReference) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) Password(org.wildfly.security.password.Password) Test(org.junit.Test)

Aggregations

OneTimePassword (org.wildfly.security.password.interfaces.OneTimePassword)29 PasswordFactory (org.wildfly.security.password.PasswordFactory)27 OneTimePasswordSpec (org.wildfly.security.password.spec.OneTimePasswordSpec)25 Test (org.junit.Test)24 CallbackHandler (javax.security.auth.callback.CallbackHandler)19 SecurityDomain (org.wildfly.security.auth.server.SecurityDomain)19 Password (org.wildfly.security.password.Password)19 Closeable (java.io.Closeable)18 SaslClient (javax.security.sasl.SaslClient)18 SaslClientFactory (javax.security.sasl.SaslClientFactory)18 SaslServer (javax.security.sasl.SaslServer)18 SaslServerBuilder (org.wildfly.security.sasl.test.SaslServerBuilder)18 BuilderReference (org.wildfly.security.sasl.test.SaslServerBuilder.BuilderReference)18 SaslTestUtil.obtainSaslClientFactory (org.wildfly.security.sasl.test.SaslTestUtil.obtainSaslClientFactory)18 SaslException (javax.security.sasl.SaslException)10 PasswordCredential (org.wildfly.security.credential.PasswordCredential)9 ModifiableRealmIdentity (org.wildfly.security.auth.server.ModifiableRealmIdentity)6 NamePrincipal (org.wildfly.security.auth.principal.NamePrincipal)5 EncryptablePasswordSpec (org.wildfly.security.password.spec.EncryptablePasswordSpec)4 Ignore (org.junit.Ignore)3