Search in sources :

Example 1 with IteratedSaltedHashPasswordSpec

use of org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class PasswordFactorySpiImpl method engineGeneratePassword.

@Override
protected Password engineGeneratePassword(final String algorithm, final KeySpec keySpec) throws InvalidKeySpecException {
    switch(algorithm) {
        case ALGORITHM_CLEAR:
            {
                if (keySpec instanceof ClearPasswordSpec) {
                    return new ClearPasswordImpl(((ClearPasswordSpec) keySpec).getEncodedPassword().clone());
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    return new ClearPasswordImpl(((EncryptablePasswordSpec) keySpec).getPassword().clone());
                } else {
                    break;
                }
            }
        case ALGORITHM_BCRYPT:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_CRYPT_MD5:
            {
                if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixMD5CryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_SUN_CRYPT_MD5:
        case ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_CRYPT_SHA_256:
        case ALGORITHM_CRYPT_SHA_512:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixSHACryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_DIGEST_MD5:
        case ALGORITHM_DIGEST_SHA:
        case ALGORITHM_DIGEST_SHA_256:
        case ALGORITHM_DIGEST_SHA_384:
        case ALGORITHM_DIGEST_SHA_512:
        case ALGORITHM_DIGEST_SHA_512_256:
            if (keySpec instanceof DigestPasswordSpec) {
                return new DigestPasswordImpl(algorithm, (DigestPasswordSpec) keySpec);
            } else if (keySpec instanceof EncryptablePasswordSpec) {
                return new DigestPasswordImpl(algorithm, (EncryptablePasswordSpec) keySpec);
            }
            break;
        case ALGORITHM_SIMPLE_DIGEST_MD2:
        case ALGORITHM_SIMPLE_DIGEST_MD5:
        case ALGORITHM_SIMPLE_DIGEST_SHA_1:
        case ALGORITHM_SIMPLE_DIGEST_SHA_256:
        case ALGORITHM_SIMPLE_DIGEST_SHA_384:
        case ALGORITHM_SIMPLE_DIGEST_SHA_512:
            {
                if (keySpec instanceof HashPasswordSpec) {
                    try {
                        return new SimpleDigestPasswordImpl(algorithm, (HashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new SimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new SimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
        case ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
            if (keySpec instanceof SaltedHashPasswordSpec) {
                try {
                    return new SaltedSimpleDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            } else if (keySpec instanceof ClearPasswordSpec) {
                try {
                    return new SaltedSimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            } else if (keySpec instanceof EncryptablePasswordSpec) {
                try {
                    final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                    final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                    if (parameterSpec == null) {
                        return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                    } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                        return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                    } else {
                        break;
                    }
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            }
            break;
        case ALGORITHM_CRYPT_DES:
            {
                if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_BSD_CRYPT_DES:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (InvalidParameterSpecException | IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_SCRAM_SHA_1:
        case ALGORITHM_SCRAM_SHA_256:
        case ALGORITHM_SCRAM_SHA_384:
        case ALGORITHM_SCRAM_SHA_512:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_OTP_MD5:
        case ALGORITHM_OTP_SHA1:
        case ALGORITHM_OTP_SHA_256:
        case ALGORITHM_OTP_SHA_384:
        case ALGORITHM_OTP_SHA_512:
            {
                if (keySpec instanceof OneTimePasswordSpec) {
                    return new OneTimePasswordImpl(algorithm, (OneTimePasswordSpec) keySpec);
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                    final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                    try {
                        if (parameterSpec instanceof OneTimePasswordAlgorithmSpec) {
                            return new OneTimePasswordImpl(algorithm, encryptableSpec.getPassword(), (OneTimePasswordAlgorithmSpec) parameterSpec);
                        } else {
                            break;
                        }
                    } catch (SaslException e) {
                        throw new InvalidKeySpecException(e);
                    }
                }
                break;
            }
        default:
            {
                if (MaskedPassword.isMaskedAlgorithm(algorithm)) {
                    if (keySpec instanceof MaskedPasswordSpec) {
                        return new MaskedPasswordImpl(algorithm, (MaskedPasswordSpec) keySpec);
                    } else if (keySpec instanceof EncryptablePasswordSpec) {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword());
                        } else if (parameterSpec instanceof MaskedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (MaskedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec);
                        }
                    } else if (keySpec instanceof ClearPasswordSpec) {
                        return new MaskedPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    }
                    break;
                }
                break;
            }
    }
    throw log.invalidKeySpecUnknownAlgorithmOrIncompatiblePasswordSpec(algorithm, keySpec == null ? null : keySpec.getClass().getSimpleName());
}
Also used : MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) SaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) EncryptablePasswordSpec(org.wildfly.security.password.spec.EncryptablePasswordSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SaslException(javax.security.sasl.SaslException) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) InvalidKeyException(java.security.InvalidKeyException) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) IteratedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedPasswordAlgorithmSpec) OneTimePasswordAlgorithmSpec(org.wildfly.security.password.spec.OneTimePasswordAlgorithmSpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) MaskedPasswordAlgorithmSpec(org.wildfly.security.password.spec.MaskedPasswordAlgorithmSpec) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)

Example 2 with IteratedSaltedHashPasswordSpec

use of org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class BSDUnixDESCryptTest method testConvertibleToKeySpec.

@Test
public void testConvertibleToKeySpec() throws InvalidKeySpecException {
    final PasswordFactorySpiImpl spi = new PasswordFactorySpiImpl();
    // Create a BSDUnixDESCryptPasswordImpl using EncryptablePasswordSpec
    int saltInt = 10914278;
    byte[] salt = new byte[3];
    salt[0] = (byte) (saltInt >> 16);
    salt[1] = (byte) (saltInt >> 8);
    salt[2] = (byte) (saltInt);
    BSDUnixDESCryptPasswordImpl password = (BSDUnixDESCryptPasswordImpl) spi.engineGeneratePassword(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, new EncryptablePasswordSpec("password".toCharArray(), new IteratedSaltedPasswordAlgorithmSpec(100, salt)));
    // The new password should only be convertible to IteratedSaltedHashPasswordSpec
    assertTrue(spi.engineConvertibleToKeySpec(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, password, IteratedSaltedHashPasswordSpec.class));
}
Also used : IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) EncryptablePasswordSpec(org.wildfly.security.password.spec.EncryptablePasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) Test(org.junit.Test)

Example 3 with IteratedSaltedHashPasswordSpec

use of org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class PasswordSupportTest method testVerifyAndObtainScramDigestPasswordCredential.

@Test
public void testVerifyAndObtainScramDigestPasswordCredential() throws Exception {
    String userName = "john";
    String userPassword = "scram_digest_abcd1234";
    IteratedSaltedHashPasswordSpec passwordSpec = createScramDigestPasswordTable(userName, userPassword);
    PasswordKeyMapper passwordKeyMapper = PasswordKeyMapper.builder().setDefaultAlgorithm(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256).setHashColumn(1).setSaltColumn(2).setIterationCountColumn(3).build();
    JdbcSecurityRealm securityRealm = JdbcSecurityRealm.builder().principalQuery("SELECT digest, salt, iterationCount FROM user_scram_digest_password where name = ?").withMapper(passwordKeyMapper).from(dataSourceRule.getDataSource()).setProviders(ELYTRON_PASSWORD_PROVIDERS).build();
    assertEquals(SupportLevel.POSSIBLY_SUPPORTED, securityRealm.getCredentialAcquireSupport(PasswordCredential.class, ScramDigestPassword.ALGORITHM_SCRAM_SHA_256, null));
    RealmIdentity realmIdentity = securityRealm.getRealmIdentity(new NamePrincipal(userName));
    assertEquals(SupportLevel.SUPPORTED, realmIdentity.getCredentialAcquireSupport(PasswordCredential.class, ScramDigestPassword.ALGORITHM_SCRAM_SHA_256, null));
    assertTrue(realmIdentity.verifyEvidence(new PasswordGuessEvidence(userPassword.toCharArray())));
    ScramDigestPassword storedPassword = realmIdentity.getCredential(PasswordCredential.class, ScramDigestPassword.ALGORITHM_SCRAM_SHA_256).getPassword(ScramDigestPassword.class);
    assertNotNull(storedPassword);
    assertArrayEquals(passwordSpec.getHash(), storedPassword.getDigest());
    assertArrayEquals(passwordSpec.getSalt(), storedPassword.getSalt());
    assertEquals(passwordSpec.getIterationCount(), storedPassword.getIterationCount());
}
Also used : ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) NamePrincipal(org.wildfly.security.auth.principal.NamePrincipal) PasswordCredential(org.wildfly.security.credential.PasswordCredential) PasswordGuessEvidence(org.wildfly.security.evidence.PasswordGuessEvidence) RealmIdentity(org.wildfly.security.auth.server.RealmIdentity) PasswordKeyMapper(org.wildfly.security.auth.realm.jdbc.mapper.PasswordKeyMapper) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) Test(org.junit.Test)

Example 4 with IteratedSaltedHashPasswordSpec

use of org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class PasswordKeyMapper method map.

@Override
public Credential map(ResultSet resultSet, Supplier<Provider[]> providers) throws SQLException {
    byte[] hash = null;
    char[] clear = null;
    byte[] salt = null;
    int iterationCount;
    String algorithmName = getDefaultAlgorithm();
    final ResultSetMetaData metaData = resultSet.getMetaData();
    if (algorithmColumn > 0) {
        algorithmName = resultSet.getString(algorithmColumn);
        if (algorithmName == null) {
            algorithmName = getDefaultAlgorithm();
        }
    }
    if (ClearPassword.ALGORITHM_CLEAR.equals(algorithmName)) {
        final String s = getStringColumn(metaData, resultSet, hashColumn);
        if (s != null) {
            clear = s.toCharArray();
        } else {
            hash = getBinaryColumn(metaData, resultSet, hashColumn, hashEncoding);
        }
    } else {
        if (saltColumn == -1 && iterationCountColumn == -1) {
            // try modular crypt
            final String s = getStringColumn(metaData, resultSet, hashColumn);
            if (s != null) {
                final char[] chars = s.toCharArray();
                final String identified = ModularCrypt.identifyAlgorithm(chars);
                if (identified != null) {
                    try {
                        Password modularCryptPassword = ModularCrypt.decode(chars);
                        if (log.isTraceEnabled()) {
                            log.tracef("Key Mapper: Password credential created using Modular Crypt algorithm [%s]", identified);
                        }
                        return new PasswordCredential(modularCryptPassword);
                    } catch (InvalidKeySpecException e) {
                        log.tracef(e, "Key Mapper: Unable to identify Modular Crypt algorithm [%s]", identified);
                    }
                }
            }
        }
        hash = getBinaryColumn(metaData, resultSet, hashColumn, hashEncoding);
    }
    if (saltColumn > 0) {
        salt = getBinaryColumn(metaData, resultSet, saltColumn, saltEncoding);
    }
    if (iterationCountColumn > 0) {
        iterationCount = resultSet.getInt(iterationCountColumn);
    } else {
        iterationCount = defaultIterationCount;
    }
    final PasswordFactory passwordFactory;
    try {
        passwordFactory = PasswordFactory.getInstance(algorithmName, providers);
    } catch (NoSuchAlgorithmException e) {
        throw log.couldNotObtainPasswordFactoryForAlgorithm(algorithmName, e);
    }
    PasswordSpec passwordSpec;
    if (hash != null) {
        if (salt != null) {
            if (iterationCount > 0) {
                passwordSpec = new IteratedSaltedHashPasswordSpec(hash, salt, iterationCount);
            } else {
                passwordSpec = new SaltedHashPasswordSpec(hash, salt);
            }
        } else {
            if (iterationCount > 0) {
                passwordSpec = new IteratedHashPasswordSpec(hash, iterationCount);
            } else {
                passwordSpec = new HashPasswordSpec(hash);
            }
        }
    } else if (clear != null) {
        passwordSpec = new ClearPasswordSpec(clear);
    } else {
        return null;
    }
    try {
        Password password = passwordFactory.generatePassword(passwordSpec);
        if (log.isTraceEnabled()) {
            log.tracef("Key Mapper: Password credential created using algorithm column value [%s]", algorithmName);
        }
        return new PasswordCredential(password);
    } catch (InvalidKeySpecException e) {
        throw log.invalidPasswordKeySpecificationForAlgorithm(algorithmName, e);
    }
}
Also used : IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) PasswordSpec(org.wildfly.security.password.spec.PasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) PasswordCredential(org.wildfly.security.credential.PasswordCredential) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) ResultSetMetaData(java.sql.ResultSetMetaData) PasswordFactory(org.wildfly.security.password.PasswordFactory) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)

Example 5 with IteratedSaltedHashPasswordSpec

use of org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class KeyStoreCredentialStore method store.

public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
    try {
        // first, attempt to encode the credential into a keystore entry
        final Class<? extends Credential> credentialClass = credential.getClass();
        final String algorithmName = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
        final AlgorithmParameterSpec parameterSpec = credential.castAndApply(AlgorithmCredential.class, AlgorithmCredential::getParameters);
        final KeyStore.Entry entry;
        if (credentialClass == SecretKeyCredential.class) {
            entry = new KeyStore.SecretKeyEntry(credential.castAndApply(SecretKeyCredential.class, SecretKeyCredential::getSecretKey));
        } else if (credentialClass == PublicKeyCredential.class) {
            final PublicKey publicKey = credential.castAndApply(PublicKeyCredential.class, PublicKeyCredential::getPublicKey);
            final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
            final X509EncodedKeySpec keySpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
            final byte[] encoded = keySpec.getEncoded();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoded, DATA_OID));
        } else if (credentialClass == KeyPairCredential.class) {
            final KeyPair keyPair = credential.castAndApply(KeyPairCredential.class, KeyPairCredential::getKeyPair);
            final PublicKey publicKey = keyPair.getPublic();
            final PrivateKey privateKey = keyPair.getPrivate();
            final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
            // ensured by KeyPairCredential
            assert privateKey.getAlgorithm().equals(publicKey.getAlgorithm());
            final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
            final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class);
            final DEREncoder encoder = new DEREncoder();
            encoder.startSequence();
            encoder.writeEncoded(publicSpec.getEncoded());
            encoder.writeEncoded(privateSpec.getEncoded());
            encoder.endSequence();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else if (credentialClass == X509CertificateChainPublicCredential.class) {
            final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain);
            final DEREncoder encoder = new DEREncoder();
            encoder.encodeInteger(x509Certificates.length);
            encoder.startSequence();
            for (X509Certificate x509Certificate : x509Certificates) {
                encoder.writeEncoded(x509Certificate.getEncoded());
            }
            encoder.endSequence();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else if (credentialClass == X509CertificateChainPrivateCredential.class) {
            @SuppressWarnings("ConstantConditions") X509CertificateChainPrivateCredential cred = (X509CertificateChainPrivateCredential) credential;
            entry = new KeyStore.PrivateKeyEntry(cred.getPrivateKey(), cred.getCertificateChain());
        } else if (credentialClass == BearerTokenCredential.class) {
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(credential.castAndApply(BearerTokenCredential.class, c -> c.getToken().getBytes(StandardCharsets.UTF_8)), DATA_OID));
        } else if (credentialClass == PasswordCredential.class) {
            final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword);
            final String algorithm = password.getAlgorithm();
            final DEREncoder encoder = new DEREncoder();
            final PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(algorithm, () -> providers) : PasswordFactory.getInstance(algorithm);
            switch(algorithm) {
                case BCryptPassword.ALGORITHM_BCRYPT:
                case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
                case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
                case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
                case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
                case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
                    {
                        IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeOctetString(passwordSpec.getSalt());
                        encoder.encodeInteger(passwordSpec.getIterationCount());
                        encoder.endSequence();
                        break;
                    }
                case ClearPassword.ALGORITHM_CLEAR:
                    {
                        final ClearPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class);
                        encoder.encodeOctetString(new String(passwordSpec.getEncodedPassword()));
                        break;
                    }
                case DigestPassword.ALGORITHM_DIGEST_MD5:
                case DigestPassword.ALGORITHM_DIGEST_SHA:
                case DigestPassword.ALGORITHM_DIGEST_SHA_256:
                case DigestPassword.ALGORITHM_DIGEST_SHA_384:
                case DigestPassword.ALGORITHM_DIGEST_SHA_512:
                case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
                    {
                        final DigestPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), DigestPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getUsername());
                        encoder.encodeOctetString(passwordSpec.getRealm());
                        encoder.encodeOctetString(passwordSpec.getDigest());
                        encoder.endSequence();
                        break;
                    }
                case OneTimePassword.ALGORITHM_OTP_MD5:
                case OneTimePassword.ALGORITHM_OTP_SHA1:
                case OneTimePassword.ALGORITHM_OTP_SHA_256:
                case OneTimePassword.ALGORITHM_OTP_SHA_384:
                case OneTimePassword.ALGORITHM_OTP_SHA_512:
                    {
                        final OneTimePasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), OneTimePasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeIA5String(passwordSpec.getSeed());
                        encoder.encodeInteger(passwordSpec.getSequenceNumber());
                        encoder.endSequence();
                        break;
                    }
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
                case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
                case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
                    {
                        final SaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), SaltedHashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeOctetString(passwordSpec.getSalt());
                        encoder.endSequence();
                        break;
                    }
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
                    {
                        final HashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), HashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getDigest());
                        encoder.endSequence();
                        break;
                    }
                default:
                    {
                        if (MaskedPassword.isMaskedAlgorithm(algorithmName)) {
                            final MaskedPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), MaskedPasswordSpec.class);
                            encoder.startSequence();
                            encoder.encodeOctetString(new String(passwordSpec.getInitialKeyMaterial()));
                            encoder.encodeInteger(passwordSpec.getIterationCount());
                            encoder.encodeOctetString(passwordSpec.getSalt());
                            encoder.encodeOctetString(passwordSpec.getMaskedPasswordBytes());
                            encoder.endSequence();
                            break;
                        } else {
                            throw log.unsupportedCredentialType(credentialClass);
                        }
                    }
            }
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else {
            throw log.unsupportedCredentialType(credentialClass);
        }
        // now, store it under a unique alias
        final String ksAlias = calculateNewAlias(credentialAlias, credentialClass, algorithmName, parameterSpec);
        try (Hold hold = lockForWrite()) {
            keyStore.setEntry(ksAlias, entry, convertParameter(protectionParameter));
            final TopEntry topEntry = cache.computeIfAbsent(toLowercase(credentialAlias), TopEntry::new);
            final MidEntry midEntry = topEntry.getMap().computeIfAbsent(credentialClass, c -> new MidEntry(topEntry, c));
            final BottomEntry bottomEntry;
            if (algorithmName != null) {
                bottomEntry = midEntry.getMap().computeIfAbsent(algorithmName, n -> new BottomEntry(midEntry, n));
            } else {
                bottomEntry = midEntry.getOrCreateNoAlgorithm();
            }
            final String oldAlias;
            if (parameterSpec != null) {
                oldAlias = bottomEntry.getMap().put(new ParamKey(parameterSpec), ksAlias);
            } else {
                oldAlias = bottomEntry.setNoParams(ksAlias);
            }
            if (oldAlias != null && !oldAlias.equals(ksAlias)) {
                // unlikely but possible
                keyStore.deleteEntry(oldAlias);
            }
        }
    } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | CertificateException e) {
        throw log.cannotWriteCredentialToStore(e);
    }
}
Also used : MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) Enumeration(java.util.Enumeration) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyStoreException(java.security.KeyStoreException) CodePointIterator(org.wildfly.common.iteration.CodePointIterator) KeyUtil(org.wildfly.security.key.KeyUtil) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) GeneralSecurityException(java.security.GeneralSecurityException) Matcher(java.util.regex.Matcher) Map(java.util.Map) MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) PasswordSpec(org.wildfly.security.password.spec.PasswordSpec) Path(java.nio.file.Path) ReadWriteLock(java.util.concurrent.locks.ReadWriteLock) EmptyProvider(org.wildfly.security.EmptyProvider) Assert(org.wildfly.common.Assert) Set(java.util.Set) DEREncoder(org.wildfly.security.asn1.DEREncoder) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) StandardCharsets(java.nio.charset.StandardCharsets) PrivateKey(java.security.PrivateKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) SecretKey(javax.crypto.SecretKey) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) DERDecoder(org.wildfly.security.asn1.DERDecoder) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) PasswordFactory(org.wildfly.security.password.PasswordFactory) AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) IvParameterSpec(javax.crypto.spec.IvParameterSpec) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ObjectOutputStream(java.io.ObjectOutputStream) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) Files(java.nio.file.Files) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec) DigestPassword(org.wildfly.security.password.interfaces.DigestPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) IOException(java.io.IOException) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) Paths(java.nio.file.Paths) CredentialStoreSpi(org.wildfly.security.credential.store.CredentialStoreSpi) AtomicFileOutputStream(org.wildfly.security.util.AtomicFileOutputStream) ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) X509Certificate(java.security.cert.X509Certificate) ByteIterator(org.wildfly.common.iteration.ByteIterator) CertificateFactory(java.security.cert.CertificateFactory) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) ObjectInputStream(java.io.ObjectInputStream) Security(java.security.Security) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) CredentialSource(org.wildfly.security.credential.source.CredentialSource) ByteArrayInputStream(java.io.ByteArrayInputStream) Locale(java.util.Locale) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) UnrecoverableEntryException(java.security.UnrecoverableEntryException) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) CredentialStore(org.wildfly.security.credential.store.CredentialStore) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyStore(java.security.KeyStore) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) KeyFactory(java.security.KeyFactory) Provider(java.security.Provider) List(java.util.List) Certificate(java.security.cert.Certificate) Pattern(java.util.regex.Pattern) SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) X500(org.wildfly.security.x500.X500) HashMap(java.util.HashMap) Cipher(javax.crypto.Cipher) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) HashSet(java.util.HashSet) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) ElytronMessages.log(org.wildfly.security.credential.store._private.ElytronMessages.log) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) OutputStream(java.io.OutputStream) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) Iterator(java.util.Iterator) ASN1Exception(org.wildfly.security.asn1.ASN1Exception) PublicKey(java.security.PublicKey) CertificateException(java.security.cert.CertificateException) Base32Alphabet(org.wildfly.common.codec.Base32Alphabet) AlgorithmParameters(java.security.AlgorithmParameters) BadPaddingException(javax.crypto.BadPaddingException) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Password(org.wildfly.security.password.Password) CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) Credential(org.wildfly.security.credential.Credential) Collections(java.util.Collections) InputStream(java.io.InputStream) PrivateKey(java.security.PrivateKey) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential) DEREncoder(org.wildfly.security.asn1.DEREncoder) SecretKeySpec(javax.crypto.spec.SecretKeySpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) KeyFactory(java.security.KeyFactory) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) DigestPassword(org.wildfly.security.password.interfaces.DigestPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) KeyPair(java.security.KeyPair) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) PublicKey(java.security.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyStoreException(java.security.KeyStoreException) InvalidKeyException(java.security.InvalidKeyException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) PasswordFactory(org.wildfly.security.password.PasswordFactory) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)

Aggregations

IteratedSaltedHashPasswordSpec (org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)17 Test (org.junit.Test)10 PasswordFactory (org.wildfly.security.password.PasswordFactory)7 ScramDigestPassword (org.wildfly.security.password.interfaces.ScramDigestPassword)6 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)4 HashMap (java.util.HashMap)4 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 SaslServer (javax.security.sasl.SaslServer)4 PasswordCredential (org.wildfly.security.credential.PasswordCredential)4 HashPasswordSpec (org.wildfly.security.password.spec.HashPasswordSpec)4 SaltedHashPasswordSpec (org.wildfly.security.password.spec.SaltedHashPasswordSpec)4 ScramCallbackHandlerUtils.createClientCallbackHandler (org.wildfly.security.sasl.scram.ScramCallbackHandlerUtils.createClientCallbackHandler)4 SaslServerBuilder (org.wildfly.security.sasl.test.SaslServerBuilder)4 SaslClientFactory (javax.security.sasl.SaslClientFactory)3 SaslException (javax.security.sasl.SaslException)3 Password (org.wildfly.security.password.Password)3 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)3 DigestPasswordSpec (org.wildfly.security.password.spec.DigestPasswordSpec)3