use of org.wildfly.security.password.spec.OneTimePasswordSpec in project wildfly-elytron by wildfly-security.
the class PasswordFactorySpiImpl method engineGeneratePassword.
@Override
protected Password engineGeneratePassword(final String algorithm, final KeySpec keySpec) throws InvalidKeySpecException {
switch(algorithm) {
case ALGORITHM_CLEAR:
{
if (keySpec instanceof ClearPasswordSpec) {
return new ClearPasswordImpl(((ClearPasswordSpec) keySpec).getEncodedPassword().clone());
} else if (keySpec instanceof EncryptablePasswordSpec) {
return new ClearPasswordImpl(((EncryptablePasswordSpec) keySpec).getPassword().clone());
} else {
break;
}
}
case ALGORITHM_BCRYPT:
{
if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
try {
return new BCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new BCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new BCryptPasswordImpl((ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new BCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new BCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_CRYPT_MD5:
{
if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new UnixMD5CryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new UnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_SUN_CRYPT_MD5:
case ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
{
if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
try {
return new SunUnixMD5CryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new SunUnixMD5CryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new SunUnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_CRYPT_SHA_256:
case ALGORITHM_CRYPT_SHA_512:
{
if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
try {
return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new UnixSHACryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new UnixSHACryptPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new UnixSHACryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new UnixSHACryptPasswordImpl(algorithm, (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new UnixSHACryptPasswordImpl(algorithm, (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_DIGEST_MD5:
case ALGORITHM_DIGEST_SHA:
case ALGORITHM_DIGEST_SHA_256:
case ALGORITHM_DIGEST_SHA_384:
case ALGORITHM_DIGEST_SHA_512:
case ALGORITHM_DIGEST_SHA_512_256:
if (keySpec instanceof DigestPasswordSpec) {
return new DigestPasswordImpl(algorithm, (DigestPasswordSpec) keySpec);
} else if (keySpec instanceof EncryptablePasswordSpec) {
return new DigestPasswordImpl(algorithm, (EncryptablePasswordSpec) keySpec);
}
break;
case ALGORITHM_SIMPLE_DIGEST_MD2:
case ALGORITHM_SIMPLE_DIGEST_MD5:
case ALGORITHM_SIMPLE_DIGEST_SHA_1:
case ALGORITHM_SIMPLE_DIGEST_SHA_256:
case ALGORITHM_SIMPLE_DIGEST_SHA_384:
case ALGORITHM_SIMPLE_DIGEST_SHA_512:
{
if (keySpec instanceof HashPasswordSpec) {
try {
return new SimpleDigestPasswordImpl(algorithm, (HashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new SimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new SimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
case ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new SaltedSimpleDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new SaltedSimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
}
break;
case ALGORITHM_CRYPT_DES:
{
if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new UnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new UnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | InvalidKeyException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_BSD_CRYPT_DES:
{
if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
try {
return new BSDUnixDESCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | InvalidParameterSpecException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new BSDUnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | InvalidParameterSpecException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new BSDUnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (InvalidParameterSpecException | IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_SCRAM_SHA_1:
case ALGORITHM_SCRAM_SHA_256:
case ALGORITHM_SCRAM_SHA_384:
case ALGORITHM_SCRAM_SHA_512:
{
if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
try {
return new ScramDigestPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof SaltedHashPasswordSpec) {
try {
return new ScramDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof ClearPasswordSpec) {
try {
return new ScramDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
} catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else if (keySpec instanceof EncryptablePasswordSpec) {
try {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
} else {
break;
}
} catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
throw new InvalidKeySpecException(e);
}
} else {
break;
}
}
case ALGORITHM_OTP_MD5:
case ALGORITHM_OTP_SHA1:
case ALGORITHM_OTP_SHA_256:
case ALGORITHM_OTP_SHA_384:
case ALGORITHM_OTP_SHA_512:
{
if (keySpec instanceof OneTimePasswordSpec) {
return new OneTimePasswordImpl(algorithm, (OneTimePasswordSpec) keySpec);
} else if (keySpec instanceof EncryptablePasswordSpec) {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
try {
if (parameterSpec instanceof OneTimePasswordAlgorithmSpec) {
return new OneTimePasswordImpl(algorithm, encryptableSpec.getPassword(), (OneTimePasswordAlgorithmSpec) parameterSpec);
} else {
break;
}
} catch (SaslException e) {
throw new InvalidKeySpecException(e);
}
}
break;
}
default:
{
if (MaskedPassword.isMaskedAlgorithm(algorithm)) {
if (keySpec instanceof MaskedPasswordSpec) {
return new MaskedPasswordImpl(algorithm, (MaskedPasswordSpec) keySpec);
} else if (keySpec instanceof EncryptablePasswordSpec) {
final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
if (parameterSpec == null) {
return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword());
} else if (parameterSpec instanceof MaskedPasswordAlgorithmSpec) {
return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (MaskedPasswordAlgorithmSpec) parameterSpec);
} else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec);
} else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec);
} else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec);
}
} else if (keySpec instanceof ClearPasswordSpec) {
return new MaskedPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
}
break;
}
break;
}
}
throw log.invalidKeySpecUnknownAlgorithmOrIncompatiblePasswordSpec(algorithm, keySpec == null ? null : keySpec.getClass().getSimpleName());
}
use of org.wildfly.security.password.spec.OneTimePasswordSpec in project wildfly-elytron by wildfly-security.
the class PasswordSupportSuiteChild method testOneTimePasswordUser1Update.
@Test
public void testOneTimePasswordUser1Update() throws Exception {
OneTimePasswordSpec spec = new OneTimePasswordSpec(new byte[] { 'i', 'j', 'k' }, "lmn", 4321);
final PasswordFactory passwordFactory = PasswordFactory.getInstance("otp-sha1", WildFlyElytronPasswordProvider.getInstance());
final OneTimePassword password = (OneTimePassword) passwordFactory.generatePassword(spec);
assertNotNull(password);
ModifiableRealmIdentity identity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
assertNotNull(identity);
assertEquals(SupportLevel.POSSIBLY_SUPPORTED, simpleToDnRealm.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
assertEquals(SupportLevel.SUPPORTED, identity.getCredentialAcquireSupport(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1, null));
identity.setCredentials(Collections.singleton(new PasswordCredential(password)));
ModifiableRealmIdentity newIdentity = (ModifiableRealmIdentity) simpleToDnRealm.getRealmIdentity(new NamePrincipal("userWithOtp"));
assertNotNull(newIdentity);
verifyPasswordSupport(newIdentity, OneTimePassword.ALGORITHM_OTP_SHA1, SupportLevel.SUPPORTED);
OneTimePassword otp = newIdentity.getCredential(PasswordCredential.class, OneTimePassword.ALGORITHM_OTP_SHA1).getPassword(OneTimePassword.class);
assertNotNull(otp);
assertEquals(4321, otp.getSequenceNumber());
Assert.assertArrayEquals(new byte[] { 'i', 'j', 'k' }, otp.getHash());
Assert.assertEquals("lmn", otp.getSeed());
}
use of org.wildfly.security.password.spec.OneTimePasswordSpec in project wildfly-elytron by wildfly-security.
the class KeyStoreCredentialStore method store.
public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
try {
// first, attempt to encode the credential into a keystore entry
final Class<? extends Credential> credentialClass = credential.getClass();
final String algorithmName = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
final AlgorithmParameterSpec parameterSpec = credential.castAndApply(AlgorithmCredential.class, AlgorithmCredential::getParameters);
final KeyStore.Entry entry;
if (credentialClass == SecretKeyCredential.class) {
entry = new KeyStore.SecretKeyEntry(credential.castAndApply(SecretKeyCredential.class, SecretKeyCredential::getSecretKey));
} else if (credentialClass == PublicKeyCredential.class) {
final PublicKey publicKey = credential.castAndApply(PublicKeyCredential.class, PublicKeyCredential::getPublicKey);
final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
final X509EncodedKeySpec keySpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
final byte[] encoded = keySpec.getEncoded();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoded, DATA_OID));
} else if (credentialClass == KeyPairCredential.class) {
final KeyPair keyPair = credential.castAndApply(KeyPairCredential.class, KeyPairCredential::getKeyPair);
final PublicKey publicKey = keyPair.getPublic();
final PrivateKey privateKey = keyPair.getPrivate();
final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
// ensured by KeyPairCredential
assert privateKey.getAlgorithm().equals(publicKey.getAlgorithm());
final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class);
final DEREncoder encoder = new DEREncoder();
encoder.startSequence();
encoder.writeEncoded(publicSpec.getEncoded());
encoder.writeEncoded(privateSpec.getEncoded());
encoder.endSequence();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else if (credentialClass == X509CertificateChainPublicCredential.class) {
final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain);
final DEREncoder encoder = new DEREncoder();
encoder.encodeInteger(x509Certificates.length);
encoder.startSequence();
for (X509Certificate x509Certificate : x509Certificates) {
encoder.writeEncoded(x509Certificate.getEncoded());
}
encoder.endSequence();
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else if (credentialClass == X509CertificateChainPrivateCredential.class) {
@SuppressWarnings("ConstantConditions") X509CertificateChainPrivateCredential cred = (X509CertificateChainPrivateCredential) credential;
entry = new KeyStore.PrivateKeyEntry(cred.getPrivateKey(), cred.getCertificateChain());
} else if (credentialClass == BearerTokenCredential.class) {
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(credential.castAndApply(BearerTokenCredential.class, c -> c.getToken().getBytes(StandardCharsets.UTF_8)), DATA_OID));
} else if (credentialClass == PasswordCredential.class) {
final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword);
final String algorithm = password.getAlgorithm();
final DEREncoder encoder = new DEREncoder();
final PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(algorithm, () -> providers) : PasswordFactory.getInstance(algorithm);
switch(algorithm) {
case BCryptPassword.ALGORITHM_BCRYPT:
case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
{
IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.encodeInteger(passwordSpec.getIterationCount());
encoder.endSequence();
break;
}
case ClearPassword.ALGORITHM_CLEAR:
{
final ClearPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class);
encoder.encodeOctetString(new String(passwordSpec.getEncodedPassword()));
break;
}
case DigestPassword.ALGORITHM_DIGEST_MD5:
case DigestPassword.ALGORITHM_DIGEST_SHA:
case DigestPassword.ALGORITHM_DIGEST_SHA_256:
case DigestPassword.ALGORITHM_DIGEST_SHA_384:
case DigestPassword.ALGORITHM_DIGEST_SHA_512:
case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
{
final DigestPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), DigestPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getUsername());
encoder.encodeOctetString(passwordSpec.getRealm());
encoder.encodeOctetString(passwordSpec.getDigest());
encoder.endSequence();
break;
}
case OneTimePassword.ALGORITHM_OTP_MD5:
case OneTimePassword.ALGORITHM_OTP_SHA1:
case OneTimePassword.ALGORITHM_OTP_SHA_256:
case OneTimePassword.ALGORITHM_OTP_SHA_384:
case OneTimePassword.ALGORITHM_OTP_SHA_512:
{
final OneTimePasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), OneTimePasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeIA5String(passwordSpec.getSeed());
encoder.encodeInteger(passwordSpec.getSequenceNumber());
encoder.endSequence();
break;
}
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
{
final SaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), SaltedHashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getHash());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.endSequence();
break;
}
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
{
final HashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), HashPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(passwordSpec.getDigest());
encoder.endSequence();
break;
}
default:
{
if (MaskedPassword.isMaskedAlgorithm(algorithmName)) {
final MaskedPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), MaskedPasswordSpec.class);
encoder.startSequence();
encoder.encodeOctetString(new String(passwordSpec.getInitialKeyMaterial()));
encoder.encodeInteger(passwordSpec.getIterationCount());
encoder.encodeOctetString(passwordSpec.getSalt());
encoder.encodeOctetString(passwordSpec.getMaskedPasswordBytes());
encoder.endSequence();
break;
} else {
throw log.unsupportedCredentialType(credentialClass);
}
}
}
entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
} else {
throw log.unsupportedCredentialType(credentialClass);
}
// now, store it under a unique alias
final String ksAlias = calculateNewAlias(credentialAlias, credentialClass, algorithmName, parameterSpec);
try (Hold hold = lockForWrite()) {
keyStore.setEntry(ksAlias, entry, convertParameter(protectionParameter));
final TopEntry topEntry = cache.computeIfAbsent(toLowercase(credentialAlias), TopEntry::new);
final MidEntry midEntry = topEntry.getMap().computeIfAbsent(credentialClass, c -> new MidEntry(topEntry, c));
final BottomEntry bottomEntry;
if (algorithmName != null) {
bottomEntry = midEntry.getMap().computeIfAbsent(algorithmName, n -> new BottomEntry(midEntry, n));
} else {
bottomEntry = midEntry.getOrCreateNoAlgorithm();
}
final String oldAlias;
if (parameterSpec != null) {
oldAlias = bottomEntry.getMap().put(new ParamKey(parameterSpec), ksAlias);
} else {
oldAlias = bottomEntry.setNoParams(ksAlias);
}
if (oldAlias != null && !oldAlias.equals(ksAlias)) {
// unlikely but possible
keyStore.deleteEntry(oldAlias);
}
}
} catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | CertificateException e) {
throw log.cannotWriteCredentialToStore(e);
}
}
use of org.wildfly.security.password.spec.OneTimePasswordSpec in project wildfly-elytron by wildfly-security.
the class KeyStoreCredentialStore method retrieve.
public <C extends Credential> C retrieve(final String credentialAlias, final Class<C> credentialType, final String credentialAlgorithm, final AlgorithmParameterSpec parameterSpec, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
final KeyStore.Entry entry;
final MidEntry midEntry;
final BottomEntry bottomEntry;
final String ksAlias;
try (Hold hold = lockForRead()) {
final TopEntry topEntry = cache.get(toLowercase(credentialAlias));
if (topEntry == null) {
log.trace("KeyStoreCredentialStore: alias not found in cache");
return null;
}
if (topEntry.getMap().containsKey(credentialType)) {
log.trace("KeyStoreCredentialStore: contains exact type");
midEntry = topEntry.getMap().get(credentialType);
} else {
// loose (slow) match
final Iterator<MidEntry> iterator = topEntry.getMap().values().iterator();
for (; ; ) {
if (!iterator.hasNext()) {
log.trace("KeyStoreCredentialStore: no assignable found");
return null;
}
MidEntry item = iterator.next();
if (credentialType.isAssignableFrom(item.getCredentialType())) {
log.trace("KeyStoreCredentialStore: assignable found");
midEntry = item;
break;
}
}
}
if (credentialAlgorithm != null) {
bottomEntry = midEntry.getMap().get(credentialAlgorithm);
} else {
// match any
final Iterator<BottomEntry> iterator = midEntry.getMap().values().iterator();
if (iterator.hasNext()) {
bottomEntry = iterator.next();
} else {
bottomEntry = midEntry.getNoAlgorithm();
}
}
if (bottomEntry == null) {
log.tracef("KeyStoreCredentialStore: no entry for algorithm %s", credentialAlgorithm);
return null;
}
if (parameterSpec != null) {
ksAlias = bottomEntry.getMap().get(new ParamKey(parameterSpec));
} else {
// match any
final Iterator<String> iterator = bottomEntry.getMap().values().iterator();
if (iterator.hasNext()) {
ksAlias = iterator.next();
} else {
ksAlias = bottomEntry.getNoParams();
}
}
if (ksAlias == null) {
log.tracef("KeyStoreCredentialStore: no entry for parameterSpec %s", parameterSpec);
return null;
}
entry = keyStore.getEntry(ksAlias, convertParameter(protectionParameter));
} catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
if (entry == null) {
// odd, but we can handle it
log.trace("KeyStoreCredentialStore: null entry");
return null;
}
final Class<? extends Credential> matchedCredentialType = midEntry.getCredentialType();
if (matchedCredentialType == SecretKeyCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry) {
// simple
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
return credentialType.cast(new SecretKeyCredential(secretKey));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == PublicKeyCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
// we store as a secret key because we can't store the public key properly...
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because PublicKeyCredential is an AlgorithmCredential
assert matchedAlgorithm != null;
final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(encoded));
return credentialType.cast(new PublicKeyCredential(publicKey));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == KeyPairCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because KeyPairCredential is an AlgorithmCredential
assert matchedAlgorithm != null;
// extract public and private segments
final DERDecoder decoder = new DERDecoder(encoded);
decoder.startSequence();
final byte[] publicBytes = decoder.drainElement();
final byte[] privateBytes = decoder.drainElement();
decoder.endSequence();
final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicBytes));
final PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateBytes));
final KeyPair keyPair = new KeyPair(publicKey, privateKey);
return credentialType.cast(new KeyPairCredential(keyPair));
} catch (InvalidKeySpecException | NoSuchAlgorithmException | ASN1Exception e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == X509CertificateChainPublicCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
// OK so this is pretty ugly, but the TrustedCertificateEntry type only holds a single cert so it's no good
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because it is an AlgorithmCredential
assert matchedAlgorithm != null;
final DERDecoder decoder = new DERDecoder(encoded);
final CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509);
final int count = decoder.decodeInteger().intValueExact();
final X509Certificate[] array = new X509Certificate[count];
decoder.startSequence();
int i = 0;
while (decoder.hasNextElement()) {
final byte[] certBytes = decoder.drainElement();
array[i++] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
}
decoder.endSequence();
return credentialType.cast(new X509CertificateChainPublicCredential(array));
} catch (ASN1Exception | CertificateException | ArrayIndexOutOfBoundsException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == X509CertificateChainPrivateCredential.class) {
if (entry instanceof KeyStore.PrivateKeyEntry) {
// an entry type that matches our credential type!
final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
final PrivateKey privateKey = privateKeyEntry.getPrivateKey();
final Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
final X509Certificate[] x509Certificates = X500.asX509CertificateArray(certificateChain);
return credentialType.cast(new X509CertificateChainPrivateCredential(privateKey, x509Certificates));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.PrivateKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == BearerTokenCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry) {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
return credentialType.cast(new BearerTokenCredential(new String(encoded, StandardCharsets.UTF_8)));
} else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else if (matchedCredentialType == PasswordCredential.class) {
if (entry instanceof KeyStore.SecretKeyEntry)
try {
final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
final byte[] encoded = secretKey.getEncoded();
final String matchedAlgorithm = bottomEntry.getAlgorithm();
// because it is an AlgorithmCredential
assert matchedAlgorithm != null;
final DERDecoder decoder = new DERDecoder(encoded);
// we use algorithm-based encoding rather than a standard that encompasses all password types.
final PasswordSpec passwordSpec;
switch(matchedAlgorithm) {
case BCryptPassword.ALGORITHM_BCRYPT:
case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final byte[] salt = decoder.decodeOctetString();
final int iterationCount = decoder.decodeInteger().intValue();
decoder.endSequence();
passwordSpec = new IteratedSaltedHashPasswordSpec(hash, salt, iterationCount);
break;
}
case ClearPassword.ALGORITHM_CLEAR:
{
passwordSpec = new ClearPasswordSpec(decoder.decodeOctetStringAsString().toCharArray());
break;
}
case DigestPassword.ALGORITHM_DIGEST_MD5:
case DigestPassword.ALGORITHM_DIGEST_SHA:
case DigestPassword.ALGORITHM_DIGEST_SHA_256:
case DigestPassword.ALGORITHM_DIGEST_SHA_384:
case DigestPassword.ALGORITHM_DIGEST_SHA_512:
case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
{
decoder.startSequence();
final String username = decoder.decodeOctetStringAsString();
final String realm = decoder.decodeOctetStringAsString();
final byte[] digest = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new DigestPasswordSpec(username, realm, digest);
break;
}
case OneTimePassword.ALGORITHM_OTP_MD5:
case OneTimePassword.ALGORITHM_OTP_SHA1:
case OneTimePassword.ALGORITHM_OTP_SHA_256:
case OneTimePassword.ALGORITHM_OTP_SHA_384:
case OneTimePassword.ALGORITHM_OTP_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final String seed = decoder.decodeIA5String();
final int sequenceNumber = decoder.decodeInteger().intValue();
decoder.endSequence();
passwordSpec = new OneTimePasswordSpec(hash, seed, sequenceNumber);
break;
}
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
final byte[] salt = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new SaltedHashPasswordSpec(hash, salt);
break;
}
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
{
decoder.startSequence();
final byte[] hash = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new HashPasswordSpec(hash);
break;
}
default:
{
if (MaskedPassword.isMaskedAlgorithm(matchedAlgorithm)) {
decoder.startSequence();
final char[] initialKeyMaterial = decoder.decodeOctetStringAsString().toCharArray();
final int iterationCount = decoder.decodeInteger().intValue();
final byte[] salt = decoder.decodeOctetString();
final byte[] maskedPasswordBytes = decoder.decodeOctetString();
decoder.endSequence();
passwordSpec = new MaskedPasswordSpec(initialKeyMaterial, iterationCount, salt, maskedPasswordBytes);
break;
} else {
throw log.unsupportedCredentialType(credentialType);
}
}
}
PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(matchedAlgorithm, () -> providers) : PasswordFactory.getInstance(matchedAlgorithm);
final Password password = passwordFactory.generatePassword(passwordSpec);
return credentialType.cast(new PasswordCredential(password));
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
throw log.cannotAcquireCredentialFromStore(e);
}
else {
throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
}
} else {
throw log.unableToReadCredentialTypeFromStore(matchedCredentialType);
}
}
use of org.wildfly.security.password.spec.OneTimePasswordSpec in project wildfly-elytron by wildfly-security.
the class OTPTest method testAuthenticationWithInvalidSequenceNumber.
@Test
public void testAuthenticationWithInvalidSequenceNumber() throws Exception {
final String algorithm = ALGORITHM_OTP_MD5;
final SaslClientFactory clientFactory = obtainSaslClientFactory(OTPSaslClientFactory.class);
assertNotNull(clientFactory);
PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm);
final Password password = passwordFactory.generatePassword(new OneTimePasswordSpec(CodePointIterator.ofString("505d889f90085847").hexDecode().drain(), "ke1234", 0));
final SaslServerBuilder.BuilderReference<SecurityDomain> securityDomainReference = new SaslServerBuilder.BuilderReference<>();
final SaslServerBuilder.BuilderReference<Closeable> closeableReference = new SaslServerBuilder.BuilderReference<>();
try {
final SaslServer saslServer = createSaslServer(password, closeableReference, securityDomainReference);
final CallbackHandler cbh = createClientCallbackHandler("userName", "This is a test.", PASS_PHRASE, algorithm, HEX_RESPONSE);
final SaslClient saslClient = clientFactory.createSaslClient(new String[] { SaslMechanismInformation.Names.OTP }, null, "test", "testserver1.example.com", Collections.<String, Object>emptyMap(), cbh);
byte[] message = saslClient.evaluateChallenge(new byte[0]);
try {
saslServer.evaluateResponse(message);
fail("Expected SaslException not thrown");
} catch (SaslException expected) {
}
saslClient.dispose();
saslServer.dispose();
// The password should remain unchanged
checkPassword(securityDomainReference, "userName", (OneTimePassword) password, algorithm);
} finally {
closeableReference.getReference().close();
}
}
Aggregations