use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.
the class PasswordSupportSuiteChild method testOneTimePasswordUser1Update.
@Test
public void testOneTimePasswordUser1Update() throws Exception {
OneTimePasswordSpec spec = new OneTimePasswordSpec(new byte[] { 'i', 'j', 'k' }, "lmn", 4321);
final PasswordFactory passwordFactory = PasswordFactory.getInstance("otp-sha1", WildFlyElytronPasswordProvider.getInstance());
final OneTimePassword password = (OneTimePassword) passwordFactory.generatePassword(spec);
assertNotNull(password);
ModifiableRealmIdentity identity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
assertNotNull(identity);
assertEquals(SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
assertEquals(SupportLevel.SUPPORTED, identity.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
identity.setCredentials(Collections.singleton(new PasswordCredential(password)));
ModifiableRealmIdentity newIdentity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
assertNotNull(newIdentity);
verifyPasswordSupport(newIdentity, OneTimePassword.ALGORITHM_OTP_SHA1, SupportLevel.SUPPORTED);
OneTimePassword otp = newIdentity.getCredential(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1).getPassword(OneTimePassword.class);
assertNotNull(otp);
assertEquals(4321, otp.getSequenceNumber());
Assert.assertArrayEquals(new byte[] { 'i', 'j', 'k' }, otp.getHash());
Assert.assertEquals("lmn", otp.getSeed());
}
use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.
the class PasswordSupportSuiteChild method testOneTimePasswordUser0.
@Test
public void testOneTimePasswordUser0() throws Exception {
SupportLevel support = simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, null, null);
assertEquals("Pre identity", SupportLevel.SUPPORTED, support);
RealmIdentity identity = simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
verifyPasswordSupport(identity, OneTimePassword.ALGORITHM_OTP_SHA1, SupportLevel.SUPPORTED);
OneTimePassword otp = identity.getCredential(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1).getPassword(OneTimePassword.class);
assertNotNull(otp);
assertEquals(1234, otp.getSequenceNumber());
Assert.assertArrayEquals(new byte[] { 'a', 'b', 'c', 'd' }, otp.getHash());
Assert.assertEquals("efgh", otp.getSeed());
}
use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.
the class OTPTest method testAuthenticationWithInvalidSequenceNumber.
@Test
public void testAuthenticationWithInvalidSequenceNumber() throws Exception {
final String algorithm = ALGORITHM_OTP_MD5;
final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class);
assertNotNull(clientFactory);
PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm);
final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), "ke1234", 0));
final SaslServerBuilder.BuilderReference<SecurityDomain> securityDomainReference = new SaslServerBuilder.BuilderReference<>();
final SaslServerBuilder.BuilderReference<Closeable> closeableReference = new SaslServerBuilder.BuilderReference<>();
try {
final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference);
final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE);
final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh);
byte[] message = saslClient.evaluateChallenge(new byte[0]);
try {
saslServer.evaluateResponse(message);
fail("Expected SaslException not thrown");
} catch (SaslException expected) {
}
saslClient.dispose();
saslServer.dispose();
// The password should remain unchanged
checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm);
} finally {
closeableReference.getReference().close();
}
}
use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.
the class OTPTest method checkPassword.
private void checkPassword(BuilderReference<SecurityDomain> domainReference, String userName, OneTimePassword expectedUpdatedPassword, String algorithmName) throws RealmUnavailableException {
SecurityDomain securityDomain = domainReference.getReference();
RealmIdentity realmIdentity = securityDomain.getIdentity(userName);
OneTimePassword updatedPassword = realmIdentity.getCredential(PasswordCredential.class, algorithmName).getPassword(OneTimePassword.class);
assertEquals(expectedUpdatedPassword.getAlgorithm(), updatedPassword.getAlgorithm());
assertArrayEquals(expectedUpdatedPassword.getHash(), updatedPassword.getHash());
assertEquals(expectedUpdatedPassword.getSeed(), updatedPassword.getSeed());
assertEquals(expectedUpdatedPassword.getSequenceNumber(), updatedPassword.getSequenceNumber());
realmIdentity.dispose();
}
use of org.wildfly.security.password.interfaces.OneTimePassword in project wildfly-elytron by wildfly-security.
the class OTPTest method testAuthenticationWithLongSeed.
@Test
public void testAuthenticationWithLongSeed() throws Exception {
final String algorithm = ALGORITHM_OTP_MD5;
final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class);
assertNotNull(clientFactory);
PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm);
final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), "thisSeedIsTooLong", 500));
final SaslServerBuilder.BuilderReference<SecurityDomain> securityDomainReference = new SaslServerBuilder.BuilderReference<>();
final SaslServerBuilder.BuilderReference<Closeable> closeableReference = new SaslServerBuilder.BuilderReference<>();
try {
final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference);
final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE);
final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh);
byte[] message = saslClient.evaluateChallenge(new byte[0]);
try {
saslServer.evaluateResponse(message);
fail("Expected SaslException not thrown");
} catch (SaslException expected) {
}
saslClient.dispose();
saslServer.dispose();
// The password should remain unchanged
checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm);
} finally {
closeableReference.getReference().close();
}
}
Aggregations