Search in sources :

Example 1 with SaltedHashPasswordSpec

use of org.wildfly.security.password.spec.SaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class PasswordFactorySpiImpl method engineGeneratePassword.

@Override
protected Password engineGeneratePassword(final String algorithm, final KeySpec keySpec) throws InvalidKeySpecException {
    switch(algorithm) {
        case ALGORITHM_CLEAR:
            {
                if (keySpec instanceof ClearPasswordSpec) {
                    return new ClearPasswordImpl(((ClearPasswordSpec) keySpec).getEncodedPassword().clone());
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    return new ClearPasswordImpl(((EncryptablePasswordSpec) keySpec).getPassword().clone());
                } else {
                    break;
                }
            }
        case ALGORITHM_BCRYPT:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new BCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new BCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_CRYPT_MD5:
            {
                if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixMD5CryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixMD5CryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_SUN_CRYPT_MD5:
        case ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new SunUnixMD5CryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new SunUnixMD5CryptPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_CRYPT_SHA_256:
        case ALGORITHM_CRYPT_SHA_512:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixSHACryptPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixSHACryptPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixSHACryptPasswordImpl(algorithm, (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_DIGEST_MD5:
        case ALGORITHM_DIGEST_SHA:
        case ALGORITHM_DIGEST_SHA_256:
        case ALGORITHM_DIGEST_SHA_384:
        case ALGORITHM_DIGEST_SHA_512:
        case ALGORITHM_DIGEST_SHA_512_256:
            if (keySpec instanceof DigestPasswordSpec) {
                return new DigestPasswordImpl(algorithm, (DigestPasswordSpec) keySpec);
            } else if (keySpec instanceof EncryptablePasswordSpec) {
                return new DigestPasswordImpl(algorithm, (EncryptablePasswordSpec) keySpec);
            }
            break;
        case ALGORITHM_SIMPLE_DIGEST_MD2:
        case ALGORITHM_SIMPLE_DIGEST_MD5:
        case ALGORITHM_SIMPLE_DIGEST_SHA_1:
        case ALGORITHM_SIMPLE_DIGEST_SHA_256:
        case ALGORITHM_SIMPLE_DIGEST_SHA_384:
        case ALGORITHM_SIMPLE_DIGEST_SHA_512:
            {
                if (keySpec instanceof HashPasswordSpec) {
                    try {
                        return new SimpleDigestPasswordImpl(algorithm, (HashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new SimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new SimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
        case ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
        case ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
        case ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
            if (keySpec instanceof SaltedHashPasswordSpec) {
                try {
                    return new SaltedSimpleDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            } else if (keySpec instanceof ClearPasswordSpec) {
                try {
                    return new SaltedSimpleDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            } else if (keySpec instanceof EncryptablePasswordSpec) {
                try {
                    final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                    final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                    if (parameterSpec == null) {
                        return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                    } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                        return new SaltedSimpleDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                    } else {
                        break;
                    }
                } catch (IllegalArgumentException | NullPointerException e) {
                    throw new InvalidKeySpecException(e);
                }
            }
            break;
        case ALGORITHM_CRYPT_DES:
            {
                if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new UnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new UnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new UnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | InvalidParameterSpecException | InvalidKeyException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_BSD_CRYPT_DES:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | InvalidParameterSpecException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new BSDUnixDESCryptPasswordImpl((ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new BSDUnixDESCryptPasswordImpl(encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (InvalidParameterSpecException | IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_SCRAM_SHA_1:
        case ALGORITHM_SCRAM_SHA_256:
        case ALGORITHM_SCRAM_SHA_384:
        case ALGORITHM_SCRAM_SHA_512:
            {
                if (keySpec instanceof IteratedSaltedHashPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (IteratedSaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof SaltedHashPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (SaltedHashPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof ClearPasswordSpec) {
                    try {
                        return new ScramDigestPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    } catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    try {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new ScramDigestPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec, encryptableSpec.getHashCharset());
                        } else {
                            break;
                        }
                    } catch (IllegalArgumentException | NullPointerException | InvalidKeyException | NoSuchAlgorithmException e) {
                        throw new InvalidKeySpecException(e);
                    }
                } else {
                    break;
                }
            }
        case ALGORITHM_OTP_MD5:
        case ALGORITHM_OTP_SHA1:
        case ALGORITHM_OTP_SHA_256:
        case ALGORITHM_OTP_SHA_384:
        case ALGORITHM_OTP_SHA_512:
            {
                if (keySpec instanceof OneTimePasswordSpec) {
                    return new OneTimePasswordImpl(algorithm, (OneTimePasswordSpec) keySpec);
                } else if (keySpec instanceof EncryptablePasswordSpec) {
                    final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                    final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                    try {
                        if (parameterSpec instanceof OneTimePasswordAlgorithmSpec) {
                            return new OneTimePasswordImpl(algorithm, encryptableSpec.getPassword(), (OneTimePasswordAlgorithmSpec) parameterSpec);
                        } else {
                            break;
                        }
                    } catch (SaslException e) {
                        throw new InvalidKeySpecException(e);
                    }
                }
                break;
            }
        default:
            {
                if (MaskedPassword.isMaskedAlgorithm(algorithm)) {
                    if (keySpec instanceof MaskedPasswordSpec) {
                        return new MaskedPasswordImpl(algorithm, (MaskedPasswordSpec) keySpec);
                    } else if (keySpec instanceof EncryptablePasswordSpec) {
                        final EncryptablePasswordSpec encryptableSpec = (EncryptablePasswordSpec) keySpec;
                        final AlgorithmParameterSpec parameterSpec = encryptableSpec.getAlgorithmParameterSpec();
                        if (parameterSpec == null) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword());
                        } else if (parameterSpec instanceof MaskedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (MaskedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof IteratedSaltedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedSaltedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof SaltedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (SaltedPasswordAlgorithmSpec) parameterSpec);
                        } else if (parameterSpec instanceof IteratedPasswordAlgorithmSpec) {
                            return new MaskedPasswordImpl(algorithm, encryptableSpec.getPassword(), (IteratedPasswordAlgorithmSpec) parameterSpec);
                        }
                    } else if (keySpec instanceof ClearPasswordSpec) {
                        return new MaskedPasswordImpl(algorithm, (ClearPasswordSpec) keySpec);
                    }
                    break;
                }
                break;
            }
    }
    throw log.invalidKeySpecUnknownAlgorithmOrIncompatiblePasswordSpec(algorithm, keySpec == null ? null : keySpec.getClass().getSimpleName());
}
Also used : MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) SaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) EncryptablePasswordSpec(org.wildfly.security.password.spec.EncryptablePasswordSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SaslException(javax.security.sasl.SaslException) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) IteratedSaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedSaltedPasswordAlgorithmSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) InvalidKeyException(java.security.InvalidKeyException) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) IteratedPasswordAlgorithmSpec(org.wildfly.security.password.spec.IteratedPasswordAlgorithmSpec) OneTimePasswordAlgorithmSpec(org.wildfly.security.password.spec.OneTimePasswordAlgorithmSpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) MaskedPasswordAlgorithmSpec(org.wildfly.security.password.spec.MaskedPasswordAlgorithmSpec) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)

Example 2 with SaltedHashPasswordSpec

use of org.wildfly.security.password.spec.SaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class PasswordKeyMapper method map.

@Override
public Credential map(ResultSet resultSet, Supplier<Provider[]> providers) throws SQLException {
    byte[] hash = null;
    char[] clear = null;
    byte[] salt = null;
    int iterationCount;
    String algorithmName = getDefaultAlgorithm();
    final ResultSetMetaData metaData = resultSet.getMetaData();
    if (algorithmColumn > 0) {
        algorithmName = resultSet.getString(algorithmColumn);
        if (algorithmName == null) {
            algorithmName = getDefaultAlgorithm();
        }
    }
    if (ClearPassword.ALGORITHM_CLEAR.equals(algorithmName)) {
        final String s = getStringColumn(metaData, resultSet, hashColumn);
        if (s != null) {
            clear = s.toCharArray();
        } else {
            hash = getBinaryColumn(metaData, resultSet, hashColumn, hashEncoding);
        }
    } else {
        if (saltColumn == -1 && iterationCountColumn == -1) {
            // try modular crypt
            final String s = getStringColumn(metaData, resultSet, hashColumn);
            if (s != null) {
                final char[] chars = s.toCharArray();
                final String identified = ModularCrypt.identifyAlgorithm(chars);
                if (identified != null) {
                    try {
                        Password modularCryptPassword = ModularCrypt.decode(chars);
                        if (log.isTraceEnabled()) {
                            log.tracef("Key Mapper: Password credential created using Modular Crypt algorithm [%s]", identified);
                        }
                        return new PasswordCredential(modularCryptPassword);
                    } catch (InvalidKeySpecException e) {
                        log.tracef(e, "Key Mapper: Unable to identify Modular Crypt algorithm [%s]", identified);
                    }
                }
            }
        }
        hash = getBinaryColumn(metaData, resultSet, hashColumn, hashEncoding);
    }
    if (saltColumn > 0) {
        salt = getBinaryColumn(metaData, resultSet, saltColumn, saltEncoding);
    }
    if (iterationCountColumn > 0) {
        iterationCount = resultSet.getInt(iterationCountColumn);
    } else {
        iterationCount = defaultIterationCount;
    }
    final PasswordFactory passwordFactory;
    try {
        passwordFactory = PasswordFactory.getInstance(algorithmName, providers);
    } catch (NoSuchAlgorithmException e) {
        throw log.couldNotObtainPasswordFactoryForAlgorithm(algorithmName, e);
    }
    PasswordSpec passwordSpec;
    if (hash != null) {
        if (salt != null) {
            if (iterationCount > 0) {
                passwordSpec = new IteratedSaltedHashPasswordSpec(hash, salt, iterationCount);
            } else {
                passwordSpec = new SaltedHashPasswordSpec(hash, salt);
            }
        } else {
            if (iterationCount > 0) {
                passwordSpec = new IteratedHashPasswordSpec(hash, iterationCount);
            } else {
                passwordSpec = new HashPasswordSpec(hash);
            }
        }
    } else if (clear != null) {
        passwordSpec = new ClearPasswordSpec(clear);
    } else {
        return null;
    }
    try {
        Password password = passwordFactory.generatePassword(passwordSpec);
        if (log.isTraceEnabled()) {
            log.tracef("Key Mapper: Password credential created using algorithm column value [%s]", algorithmName);
        }
        return new PasswordCredential(password);
    } catch (InvalidKeySpecException e) {
        throw log.invalidPasswordKeySpecificationForAlgorithm(algorithmName, e);
    }
}
Also used : IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) PasswordSpec(org.wildfly.security.password.spec.PasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) PasswordCredential(org.wildfly.security.credential.PasswordCredential) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) ResultSetMetaData(java.sql.ResultSetMetaData) PasswordFactory(org.wildfly.security.password.PasswordFactory) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) IteratedHashPasswordSpec(org.wildfly.security.password.spec.IteratedHashPasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword)

Example 3 with SaltedHashPasswordSpec

use of org.wildfly.security.password.spec.SaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class KeyStoreCredentialStore method store.

public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
    try {
        // first, attempt to encode the credential into a keystore entry
        final Class<? extends Credential> credentialClass = credential.getClass();
        final String algorithmName = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
        final AlgorithmParameterSpec parameterSpec = credential.castAndApply(AlgorithmCredential.class, AlgorithmCredential::getParameters);
        final KeyStore.Entry entry;
        if (credentialClass == SecretKeyCredential.class) {
            entry = new KeyStore.SecretKeyEntry(credential.castAndApply(SecretKeyCredential.class, SecretKeyCredential::getSecretKey));
        } else if (credentialClass == PublicKeyCredential.class) {
            final PublicKey publicKey = credential.castAndApply(PublicKeyCredential.class, PublicKeyCredential::getPublicKey);
            final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
            final X509EncodedKeySpec keySpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
            final byte[] encoded = keySpec.getEncoded();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoded, DATA_OID));
        } else if (credentialClass == KeyPairCredential.class) {
            final KeyPair keyPair = credential.castAndApply(KeyPairCredential.class, KeyPairCredential::getKeyPair);
            final PublicKey publicKey = keyPair.getPublic();
            final PrivateKey privateKey = keyPair.getPrivate();
            final KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
            // ensured by KeyPairCredential
            assert privateKey.getAlgorithm().equals(publicKey.getAlgorithm());
            final X509EncodedKeySpec publicSpec = keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class);
            final PKCS8EncodedKeySpec privateSpec = keyFactory.getKeySpec(keyFactory.translateKey(privateKey), PKCS8EncodedKeySpec.class);
            final DEREncoder encoder = new DEREncoder();
            encoder.startSequence();
            encoder.writeEncoded(publicSpec.getEncoded());
            encoder.writeEncoded(privateSpec.getEncoded());
            encoder.endSequence();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else if (credentialClass == X509CertificateChainPublicCredential.class) {
            final X509Certificate[] x509Certificates = credential.castAndApply(X509CertificateChainPublicCredential.class, X509CertificateChainPublicCredential::getCertificateChain);
            final DEREncoder encoder = new DEREncoder();
            encoder.encodeInteger(x509Certificates.length);
            encoder.startSequence();
            for (X509Certificate x509Certificate : x509Certificates) {
                encoder.writeEncoded(x509Certificate.getEncoded());
            }
            encoder.endSequence();
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else if (credentialClass == X509CertificateChainPrivateCredential.class) {
            @SuppressWarnings("ConstantConditions") X509CertificateChainPrivateCredential cred = (X509CertificateChainPrivateCredential) credential;
            entry = new KeyStore.PrivateKeyEntry(cred.getPrivateKey(), cred.getCertificateChain());
        } else if (credentialClass == BearerTokenCredential.class) {
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(credential.castAndApply(BearerTokenCredential.class, c -> c.getToken().getBytes(StandardCharsets.UTF_8)), DATA_OID));
        } else if (credentialClass == PasswordCredential.class) {
            final Password password = credential.castAndApply(PasswordCredential.class, PasswordCredential::getPassword);
            final String algorithm = password.getAlgorithm();
            final DEREncoder encoder = new DEREncoder();
            final PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(algorithm, () -> providers) : PasswordFactory.getInstance(algorithm);
            switch(algorithm) {
                case BCryptPassword.ALGORITHM_BCRYPT:
                case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
                case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
                case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
                case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
                case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
                case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
                    {
                        IteratedSaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeOctetString(passwordSpec.getSalt());
                        encoder.encodeInteger(passwordSpec.getIterationCount());
                        encoder.endSequence();
                        break;
                    }
                case ClearPassword.ALGORITHM_CLEAR:
                    {
                        final ClearPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class);
                        encoder.encodeOctetString(new String(passwordSpec.getEncodedPassword()));
                        break;
                    }
                case DigestPassword.ALGORITHM_DIGEST_MD5:
                case DigestPassword.ALGORITHM_DIGEST_SHA:
                case DigestPassword.ALGORITHM_DIGEST_SHA_256:
                case DigestPassword.ALGORITHM_DIGEST_SHA_384:
                case DigestPassword.ALGORITHM_DIGEST_SHA_512:
                case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
                    {
                        final DigestPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), DigestPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getUsername());
                        encoder.encodeOctetString(passwordSpec.getRealm());
                        encoder.encodeOctetString(passwordSpec.getDigest());
                        encoder.endSequence();
                        break;
                    }
                case OneTimePassword.ALGORITHM_OTP_MD5:
                case OneTimePassword.ALGORITHM_OTP_SHA1:
                case OneTimePassword.ALGORITHM_OTP_SHA_256:
                case OneTimePassword.ALGORITHM_OTP_SHA_384:
                case OneTimePassword.ALGORITHM_OTP_SHA_512:
                    {
                        final OneTimePasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), OneTimePasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeIA5String(passwordSpec.getSeed());
                        encoder.encodeInteger(passwordSpec.getSequenceNumber());
                        encoder.endSequence();
                        break;
                    }
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
                case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
                case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
                case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
                case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
                    {
                        final SaltedHashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), SaltedHashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getHash());
                        encoder.encodeOctetString(passwordSpec.getSalt());
                        encoder.endSequence();
                        break;
                    }
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
                case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
                    {
                        final HashPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), HashPasswordSpec.class);
                        encoder.startSequence();
                        encoder.encodeOctetString(passwordSpec.getDigest());
                        encoder.endSequence();
                        break;
                    }
                default:
                    {
                        if (MaskedPassword.isMaskedAlgorithm(algorithmName)) {
                            final MaskedPasswordSpec passwordSpec = passwordFactory.getKeySpec(passwordFactory.translate(password), MaskedPasswordSpec.class);
                            encoder.startSequence();
                            encoder.encodeOctetString(new String(passwordSpec.getInitialKeyMaterial()));
                            encoder.encodeInteger(passwordSpec.getIterationCount());
                            encoder.encodeOctetString(passwordSpec.getSalt());
                            encoder.encodeOctetString(passwordSpec.getMaskedPasswordBytes());
                            encoder.endSequence();
                            break;
                        } else {
                            throw log.unsupportedCredentialType(credentialClass);
                        }
                    }
            }
            entry = new KeyStore.SecretKeyEntry(new SecretKeySpec(encoder.getEncoded(), DATA_OID));
        } else {
            throw log.unsupportedCredentialType(credentialClass);
        }
        // now, store it under a unique alias
        final String ksAlias = calculateNewAlias(credentialAlias, credentialClass, algorithmName, parameterSpec);
        try (Hold hold = lockForWrite()) {
            keyStore.setEntry(ksAlias, entry, convertParameter(protectionParameter));
            final TopEntry topEntry = cache.computeIfAbsent(toLowercase(credentialAlias), TopEntry::new);
            final MidEntry midEntry = topEntry.getMap().computeIfAbsent(credentialClass, c -> new MidEntry(topEntry, c));
            final BottomEntry bottomEntry;
            if (algorithmName != null) {
                bottomEntry = midEntry.getMap().computeIfAbsent(algorithmName, n -> new BottomEntry(midEntry, n));
            } else {
                bottomEntry = midEntry.getOrCreateNoAlgorithm();
            }
            final String oldAlias;
            if (parameterSpec != null) {
                oldAlias = bottomEntry.getMap().put(new ParamKey(parameterSpec), ksAlias);
            } else {
                oldAlias = bottomEntry.setNoParams(ksAlias);
            }
            if (oldAlias != null && !oldAlias.equals(ksAlias)) {
                // unlikely but possible
                keyStore.deleteEntry(oldAlias);
            }
        }
    } catch (KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException | CertificateException e) {
        throw log.cannotWriteCredentialToStore(e);
    }
}
Also used : MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) KeyPair(java.security.KeyPair) Arrays(java.util.Arrays) Enumeration(java.util.Enumeration) SecretKeySpec(javax.crypto.spec.SecretKeySpec) KeyStoreException(java.security.KeyStoreException) CodePointIterator(org.wildfly.common.iteration.CodePointIterator) KeyUtil(org.wildfly.security.key.KeyUtil) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) GeneralSecurityException(java.security.GeneralSecurityException) Matcher(java.util.regex.Matcher) Map(java.util.Map) MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) PasswordSpec(org.wildfly.security.password.spec.PasswordSpec) Path(java.nio.file.Path) ReadWriteLock(java.util.concurrent.locks.ReadWriteLock) EmptyProvider(org.wildfly.security.EmptyProvider) Assert(org.wildfly.common.Assert) Set(java.util.Set) DEREncoder(org.wildfly.security.asn1.DEREncoder) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) StandardCharsets(java.nio.charset.StandardCharsets) PrivateKey(java.security.PrivateKey) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) SecretKey(javax.crypto.SecretKey) ByteArrayOutputStream(java.io.ByteArrayOutputStream) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) DERDecoder(org.wildfly.security.asn1.DERDecoder) ReentrantReadWriteLock(java.util.concurrent.locks.ReentrantReadWriteLock) PasswordFactory(org.wildfly.security.password.PasswordFactory) AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) IvParameterSpec(javax.crypto.spec.IvParameterSpec) PasswordCredential(org.wildfly.security.credential.PasswordCredential) ObjectOutputStream(java.io.ObjectOutputStream) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) Files(java.nio.file.Files) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec) DigestPassword(org.wildfly.security.password.interfaces.DigestPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) IOException(java.io.IOException) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) Paths(java.nio.file.Paths) CredentialStoreSpi(org.wildfly.security.credential.store.CredentialStoreSpi) AtomicFileOutputStream(org.wildfly.security.util.AtomicFileOutputStream) ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) X509Certificate(java.security.cert.X509Certificate) ByteIterator(org.wildfly.common.iteration.ByteIterator) CertificateFactory(java.security.cert.CertificateFactory) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) ObjectInputStream(java.io.ObjectInputStream) Security(java.security.Security) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) CredentialSource(org.wildfly.security.credential.source.CredentialSource) ByteArrayInputStream(java.io.ByteArrayInputStream) Locale(java.util.Locale) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) UnrecoverableEntryException(java.security.UnrecoverableEntryException) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) CredentialStore(org.wildfly.security.credential.store.CredentialStore) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyStore(java.security.KeyStore) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) KeyFactory(java.security.KeyFactory) Provider(java.security.Provider) List(java.util.List) Certificate(java.security.cert.Certificate) Pattern(java.util.regex.Pattern) SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) X500(org.wildfly.security.x500.X500) HashMap(java.util.HashMap) Cipher(javax.crypto.Cipher) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) HashSet(java.util.HashSet) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) NoSuchPaddingException(javax.crypto.NoSuchPaddingException) InvalidParameterSpecException(java.security.spec.InvalidParameterSpecException) ElytronMessages.log(org.wildfly.security.credential.store._private.ElytronMessages.log) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) OutputStream(java.io.OutputStream) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) Iterator(java.util.Iterator) ASN1Exception(org.wildfly.security.asn1.ASN1Exception) PublicKey(java.security.PublicKey) CertificateException(java.security.cert.CertificateException) Base32Alphabet(org.wildfly.common.codec.Base32Alphabet) AlgorithmParameters(java.security.AlgorithmParameters) BadPaddingException(javax.crypto.BadPaddingException) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Password(org.wildfly.security.password.Password) CredentialStoreException(org.wildfly.security.credential.store.CredentialStoreException) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) Credential(org.wildfly.security.credential.Credential) Collections(java.util.Collections) InputStream(java.io.InputStream) PrivateKey(java.security.PrivateKey) PasswordCredential(org.wildfly.security.credential.PasswordCredential) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) AlgorithmCredential(org.wildfly.security.credential.AlgorithmCredential) DEREncoder(org.wildfly.security.asn1.DEREncoder) SecretKeySpec(javax.crypto.spec.SecretKeySpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) KeyFactory(java.security.KeyFactory) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) DigestPassword(org.wildfly.security.password.interfaces.DigestPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) KeyPair(java.security.KeyPair) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) PublicKey(java.security.PublicKey) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyStoreException(java.security.KeyStoreException) InvalidKeyException(java.security.InvalidKeyException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) PasswordFactory(org.wildfly.security.password.PasswordFactory) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec) AlgorithmParameterSpec(java.security.spec.AlgorithmParameterSpec) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec)

Example 4 with SaltedHashPasswordSpec

use of org.wildfly.security.password.spec.SaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class KeyStoreCredentialStore method retrieve.

public <C extends Credential> C retrieve(final String credentialAlias, final Class<C> credentialType, final String credentialAlgorithm, final AlgorithmParameterSpec parameterSpec, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
    final KeyStore.Entry entry;
    final MidEntry midEntry;
    final BottomEntry bottomEntry;
    final String ksAlias;
    try (Hold hold = lockForRead()) {
        final TopEntry topEntry = cache.get(toLowercase(credentialAlias));
        if (topEntry == null) {
            log.trace("KeyStoreCredentialStore: alias not found in cache");
            return null;
        }
        if (topEntry.getMap().containsKey(credentialType)) {
            log.trace("KeyStoreCredentialStore: contains exact type");
            midEntry = topEntry.getMap().get(credentialType);
        } else {
            // loose (slow) match
            final Iterator<MidEntry> iterator = topEntry.getMap().values().iterator();
            for (; ; ) {
                if (!iterator.hasNext()) {
                    log.trace("KeyStoreCredentialStore: no assignable found");
                    return null;
                }
                MidEntry item = iterator.next();
                if (credentialType.isAssignableFrom(item.getCredentialType())) {
                    log.trace("KeyStoreCredentialStore: assignable found");
                    midEntry = item;
                    break;
                }
            }
        }
        if (credentialAlgorithm != null) {
            bottomEntry = midEntry.getMap().get(credentialAlgorithm);
        } else {
            // match any
            final Iterator<BottomEntry> iterator = midEntry.getMap().values().iterator();
            if (iterator.hasNext()) {
                bottomEntry = iterator.next();
            } else {
                bottomEntry = midEntry.getNoAlgorithm();
            }
        }
        if (bottomEntry == null) {
            log.tracef("KeyStoreCredentialStore: no entry for algorithm %s", credentialAlgorithm);
            return null;
        }
        if (parameterSpec != null) {
            ksAlias = bottomEntry.getMap().get(new ParamKey(parameterSpec));
        } else {
            // match any
            final Iterator<String> iterator = bottomEntry.getMap().values().iterator();
            if (iterator.hasNext()) {
                ksAlias = iterator.next();
            } else {
                ksAlias = bottomEntry.getNoParams();
            }
        }
        if (ksAlias == null) {
            log.tracef("KeyStoreCredentialStore: no entry for parameterSpec %s", parameterSpec);
            return null;
        }
        entry = keyStore.getEntry(ksAlias, convertParameter(protectionParameter));
    } catch (NoSuchAlgorithmException | UnrecoverableEntryException | KeyStoreException e) {
        throw log.cannotAcquireCredentialFromStore(e);
    }
    if (entry == null) {
        // odd, but we can handle it
        log.trace("KeyStoreCredentialStore: null entry");
        return null;
    }
    final Class<? extends Credential> matchedCredentialType = midEntry.getCredentialType();
    if (matchedCredentialType == SecretKeyCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry) {
            // simple
            final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            return credentialType.cast(new SecretKeyCredential(secretKey));
        } else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == PublicKeyCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry)
            try {
                // we store as a secret key because we can't store the public key properly...
                final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                final byte[] encoded = secretKey.getEncoded();
                final String matchedAlgorithm = bottomEntry.getAlgorithm();
                // because PublicKeyCredential is an AlgorithmCredential
                assert matchedAlgorithm != null;
                final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
                final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(encoded));
                return credentialType.cast(new PublicKeyCredential(publicKey));
            } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
                throw log.cannotAcquireCredentialFromStore(e);
            }
        else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == KeyPairCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry)
            try {
                final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                final byte[] encoded = secretKey.getEncoded();
                final String matchedAlgorithm = bottomEntry.getAlgorithm();
                // because KeyPairCredential is an AlgorithmCredential
                assert matchedAlgorithm != null;
                // extract public and private segments
                final DERDecoder decoder = new DERDecoder(encoded);
                decoder.startSequence();
                final byte[] publicBytes = decoder.drainElement();
                final byte[] privateBytes = decoder.drainElement();
                decoder.endSequence();
                final KeyFactory keyFactory = KeyFactory.getInstance(matchedAlgorithm);
                final PublicKey publicKey = keyFactory.generatePublic(new X509EncodedKeySpec(publicBytes));
                final PrivateKey privateKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(privateBytes));
                final KeyPair keyPair = new KeyPair(publicKey, privateKey);
                return credentialType.cast(new KeyPairCredential(keyPair));
            } catch (InvalidKeySpecException | NoSuchAlgorithmException | ASN1Exception e) {
                throw log.cannotAcquireCredentialFromStore(e);
            }
        else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == X509CertificateChainPublicCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry)
            try {
                // OK so this is pretty ugly, but the TrustedCertificateEntry type only holds a single cert so it's no good
                final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                final byte[] encoded = secretKey.getEncoded();
                final String matchedAlgorithm = bottomEntry.getAlgorithm();
                // because it is an AlgorithmCredential
                assert matchedAlgorithm != null;
                final DERDecoder decoder = new DERDecoder(encoded);
                final CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509);
                final int count = decoder.decodeInteger().intValueExact();
                final X509Certificate[] array = new X509Certificate[count];
                decoder.startSequence();
                int i = 0;
                while (decoder.hasNextElement()) {
                    final byte[] certBytes = decoder.drainElement();
                    array[i++] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certBytes));
                }
                decoder.endSequence();
                return credentialType.cast(new X509CertificateChainPublicCredential(array));
            } catch (ASN1Exception | CertificateException | ArrayIndexOutOfBoundsException e) {
                throw log.cannotAcquireCredentialFromStore(e);
            }
        else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == X509CertificateChainPrivateCredential.class) {
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            // an entry type that matches our credential type!
            final KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            final PrivateKey privateKey = privateKeyEntry.getPrivateKey();
            final Certificate[] certificateChain = privateKeyEntry.getCertificateChain();
            final X509Certificate[] x509Certificates = X500.asX509CertificateArray(certificateChain);
            return credentialType.cast(new X509CertificateChainPrivateCredential(privateKey, x509Certificates));
        } else {
            throw log.invalidCredentialStoreEntryType(KeyStore.PrivateKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == BearerTokenCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry) {
            final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            final byte[] encoded = secretKey.getEncoded();
            return credentialType.cast(new BearerTokenCredential(new String(encoded, StandardCharsets.UTF_8)));
        } else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else if (matchedCredentialType == PasswordCredential.class) {
        if (entry instanceof KeyStore.SecretKeyEntry)
            try {
                final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                final byte[] encoded = secretKey.getEncoded();
                final String matchedAlgorithm = bottomEntry.getAlgorithm();
                // because it is an AlgorithmCredential
                assert matchedAlgorithm != null;
                final DERDecoder decoder = new DERDecoder(encoded);
                // we use algorithm-based encoding rather than a standard that encompasses all password types.
                final PasswordSpec passwordSpec;
                switch(matchedAlgorithm) {
                    case BCryptPassword.ALGORITHM_BCRYPT:
                    case BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES:
                    case ScramDigestPassword.ALGORITHM_SCRAM_SHA_1:
                    case ScramDigestPassword.ALGORITHM_SCRAM_SHA_256:
                    case ScramDigestPassword.ALGORITHM_SCRAM_SHA_384:
                    case ScramDigestPassword.ALGORITHM_SCRAM_SHA_512:
                    case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5:
                    case SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT:
                    case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256:
                    case UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512:
                        {
                            decoder.startSequence();
                            final byte[] hash = decoder.decodeOctetString();
                            final byte[] salt = decoder.decodeOctetString();
                            final int iterationCount = decoder.decodeInteger().intValue();
                            decoder.endSequence();
                            passwordSpec = new IteratedSaltedHashPasswordSpec(hash, salt, iterationCount);
                            break;
                        }
                    case ClearPassword.ALGORITHM_CLEAR:
                        {
                            passwordSpec = new ClearPasswordSpec(decoder.decodeOctetStringAsString().toCharArray());
                            break;
                        }
                    case DigestPassword.ALGORITHM_DIGEST_MD5:
                    case DigestPassword.ALGORITHM_DIGEST_SHA:
                    case DigestPassword.ALGORITHM_DIGEST_SHA_256:
                    case DigestPassword.ALGORITHM_DIGEST_SHA_384:
                    case DigestPassword.ALGORITHM_DIGEST_SHA_512:
                    case DigestPassword.ALGORITHM_DIGEST_SHA_512_256:
                        {
                            decoder.startSequence();
                            final String username = decoder.decodeOctetStringAsString();
                            final String realm = decoder.decodeOctetStringAsString();
                            final byte[] digest = decoder.decodeOctetString();
                            decoder.endSequence();
                            passwordSpec = new DigestPasswordSpec(username, realm, digest);
                            break;
                        }
                    case OneTimePassword.ALGORITHM_OTP_MD5:
                    case OneTimePassword.ALGORITHM_OTP_SHA1:
                    case OneTimePassword.ALGORITHM_OTP_SHA_256:
                    case OneTimePassword.ALGORITHM_OTP_SHA_384:
                    case OneTimePassword.ALGORITHM_OTP_SHA_512:
                        {
                            decoder.startSequence();
                            final byte[] hash = decoder.decodeOctetString();
                            final String seed = decoder.decodeIA5String();
                            final int sequenceNumber = decoder.decodeInteger().intValue();
                            decoder.endSequence();
                            passwordSpec = new OneTimePasswordSpec(hash, seed, sequenceNumber);
                            break;
                        }
                    case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5:
                    case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1:
                    case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256:
                    case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384:
                    case SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512:
                    case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5:
                    case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1:
                    case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256:
                    case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384:
                    case SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512:
                    case UnixDESCryptPassword.ALGORITHM_CRYPT_DES:
                    case UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5:
                        {
                            decoder.startSequence();
                            final byte[] hash = decoder.decodeOctetString();
                            final byte[] salt = decoder.decodeOctetString();
                            decoder.endSequence();
                            passwordSpec = new SaltedHashPasswordSpec(hash, salt);
                            break;
                        }
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2:
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5:
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1:
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256:
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384:
                    case SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512:
                        {
                            decoder.startSequence();
                            final byte[] hash = decoder.decodeOctetString();
                            decoder.endSequence();
                            passwordSpec = new HashPasswordSpec(hash);
                            break;
                        }
                    default:
                        {
                            if (MaskedPassword.isMaskedAlgorithm(matchedAlgorithm)) {
                                decoder.startSequence();
                                final char[] initialKeyMaterial = decoder.decodeOctetStringAsString().toCharArray();
                                final int iterationCount = decoder.decodeInteger().intValue();
                                final byte[] salt = decoder.decodeOctetString();
                                final byte[] maskedPasswordBytes = decoder.decodeOctetString();
                                decoder.endSequence();
                                passwordSpec = new MaskedPasswordSpec(initialKeyMaterial, iterationCount, salt, maskedPasswordBytes);
                                break;
                            } else {
                                throw log.unsupportedCredentialType(credentialType);
                            }
                        }
                }
                PasswordFactory passwordFactory = providers != null ? PasswordFactory.getInstance(matchedAlgorithm, () -> providers) : PasswordFactory.getInstance(matchedAlgorithm);
                final Password password = passwordFactory.generatePassword(passwordSpec);
                return credentialType.cast(new PasswordCredential(password));
            } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
                throw log.cannotAcquireCredentialFromStore(e);
            }
        else {
            throw log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
        }
    } else {
        throw log.unableToReadCredentialTypeFromStore(matchedCredentialType);
    }
}
Also used : MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) MaskedPasswordSpec(org.wildfly.security.password.spec.MaskedPasswordSpec) PasswordSpec(org.wildfly.security.password.spec.PasswordSpec) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) PrivateKey(java.security.PrivateKey) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) PasswordCredential(org.wildfly.security.credential.PasswordCredential) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) SecretKeyCredential(org.wildfly.security.credential.SecretKeyCredential) OneTimePasswordSpec(org.wildfly.security.password.spec.OneTimePasswordSpec) InvalidKeySpecException(java.security.spec.InvalidKeySpecException) X509CertificateChainPublicCredential(org.wildfly.security.credential.X509CertificateChainPublicCredential) KeyPair(java.security.KeyPair) PublicKey(java.security.PublicKey) ASN1Exception(org.wildfly.security.asn1.ASN1Exception) X509EncodedKeySpec(java.security.spec.X509EncodedKeySpec) X509Certificate(java.security.cert.X509Certificate) DERDecoder(org.wildfly.security.asn1.DERDecoder) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) SecretKey(javax.crypto.SecretKey) PasswordFactory(org.wildfly.security.password.PasswordFactory) KeyPairCredential(org.wildfly.security.credential.KeyPairCredential) ByteArrayInputStream(java.io.ByteArrayInputStream) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate) DigestPasswordSpec(org.wildfly.security.password.spec.DigestPasswordSpec) BearerTokenCredential(org.wildfly.security.credential.BearerTokenCredential) ClearPasswordSpec(org.wildfly.security.password.spec.ClearPasswordSpec) CertificateFactory(java.security.cert.CertificateFactory) UnrecoverableEntryException(java.security.UnrecoverableEntryException) HashPasswordSpec(org.wildfly.security.password.spec.HashPasswordSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) IteratedSaltedHashPasswordSpec(org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec) KeyFactory(java.security.KeyFactory) UnixSHACryptPassword(org.wildfly.security.password.interfaces.UnixSHACryptPassword) OneTimePassword(org.wildfly.security.password.interfaces.OneTimePassword) DigestPassword(org.wildfly.security.password.interfaces.DigestPassword) BCryptPassword(org.wildfly.security.password.interfaces.BCryptPassword) MaskedPassword(org.wildfly.security.password.interfaces.MaskedPassword) ScramDigestPassword(org.wildfly.security.password.interfaces.ScramDigestPassword) SunUnixMD5CryptPassword(org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword) UnixMD5CryptPassword(org.wildfly.security.password.interfaces.UnixMD5CryptPassword) SimpleDigestPassword(org.wildfly.security.password.interfaces.SimpleDigestPassword) UnixDESCryptPassword(org.wildfly.security.password.interfaces.UnixDESCryptPassword) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword) BSDUnixDESCryptPassword(org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword) Password(org.wildfly.security.password.Password) ClearPassword(org.wildfly.security.password.interfaces.ClearPassword) X509CertificateChainPrivateCredential(org.wildfly.security.credential.X509CertificateChainPrivateCredential) KeyStoreException(java.security.KeyStoreException) PublicKeyCredential(org.wildfly.security.credential.PublicKeyCredential) KeyStore(java.security.KeyStore) PKCS8EncodedKeySpec(java.security.spec.PKCS8EncodedKeySpec)

Example 5 with SaltedHashPasswordSpec

use of org.wildfly.security.password.spec.SaltedHashPasswordSpec in project wildfly-elytron by wildfly-security.

the class SaltedSimpleDigestPasswordTest method performTest.

/**
 * Perform a test for the specified algorithm with the pre-prepared digest for that algorithm.
 *
 * @param algorithmName the algorithm to use to perform a test.
 * @param base64Digest the Base64 representation of the expected digest for this algorithm.
 */
private void performTest(final String algorithmName, final char[] base64Digest) throws Exception {
    byte[] preDigested = CodePointIterator.ofChars(base64Digest, 0).base64Decode(Base64Alphabet.STANDARD, false).drain();
    PasswordFactory pf = PasswordFactory.getInstance(algorithmName);
    // Encryptable Spec -> Password
    SaltedPasswordAlgorithmSpec spac = new SaltedPasswordAlgorithmSpec(salt);
    EncryptablePasswordSpec eps = new EncryptablePasswordSpec(password, spac);
    SaltedSimpleDigestPassword tsdp = (SaltedSimpleDigestPassword) pf.generatePassword(eps);
    validatePassword(tsdp, preDigested, pf);
    assertTrue("Convertable to key spec", pf.convertibleToKeySpec(tsdp, SaltedHashPasswordSpec.class));
    SaltedHashPasswordSpec tsdps = pf.getKeySpec(tsdp, SaltedHashPasswordSpec.class);
    assertTrue("Salt Correctly Passed", Arrays.equals(salt, tsdps.getSalt()));
    assertTrue("Digest Correctly Generated", Arrays.equals(preDigested, tsdps.getHash()));
    // Digest into Spec -> Password
    tsdps = new SaltedHashPasswordSpec(preDigested, salt);
    tsdp = (SaltedSimpleDigestPassword) pf.generatePassword(tsdps);
    validatePassword(tsdp, preDigested, pf);
    // Custom SaltedSimpleDigestPassword implementation.
    TestPasswordImpl tpi = new TestPasswordImpl(algorithmName, salt, preDigested);
    tsdp = (SaltedSimpleDigestPassword) pf.translate(tpi);
    validatePassword(tsdp, preDigested, pf);
}
Also used : PasswordFactory(org.wildfly.security.password.PasswordFactory) SaltedPasswordAlgorithmSpec(org.wildfly.security.password.spec.SaltedPasswordAlgorithmSpec) SaltedHashPasswordSpec(org.wildfly.security.password.spec.SaltedHashPasswordSpec) EncryptablePasswordSpec(org.wildfly.security.password.spec.EncryptablePasswordSpec) SaltedSimpleDigestPassword(org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword)

Aggregations

SaltedHashPasswordSpec (org.wildfly.security.password.spec.SaltedHashPasswordSpec)5 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 InvalidKeySpecException (java.security.spec.InvalidKeySpecException)4 PasswordFactory (org.wildfly.security.password.PasswordFactory)4 ClearPasswordSpec (org.wildfly.security.password.spec.ClearPasswordSpec)4 HashPasswordSpec (org.wildfly.security.password.spec.HashPasswordSpec)4 IteratedSaltedHashPasswordSpec (org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec)4 PasswordCredential (org.wildfly.security.credential.PasswordCredential)3 Password (org.wildfly.security.password.Password)3 ClearPassword (org.wildfly.security.password.interfaces.ClearPassword)3 DigestPasswordSpec (org.wildfly.security.password.spec.DigestPasswordSpec)3 MaskedPasswordSpec (org.wildfly.security.password.spec.MaskedPasswordSpec)3 OneTimePasswordSpec (org.wildfly.security.password.spec.OneTimePasswordSpec)3 PasswordSpec (org.wildfly.security.password.spec.PasswordSpec)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2 InvalidKeyException (java.security.InvalidKeyException)2 KeyFactory (java.security.KeyFactory)2 KeyPair (java.security.KeyPair)2 KeyStore (java.security.KeyStore)2 KeyStoreException (java.security.KeyStoreException)2