Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Major] Privilege passwords are now salted!

This commit is contained in:
Robert von Burg 2017-05-22 14:37:48 +02:00
parent 4a32d06371
commit 4c9e66876a
117 changed files with 689 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
View File

@ -126,7 +126,7 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
}
@Override
public Certificate authenticate(String username, byte[] password) {
public Certificate authenticate(String username, char[] password) {
assertContainerStarted();
Certificate certificate = this.privilegeHandler.authenticate(username, password);
StrolchRealm realm = getContainer().getRealm(certificate);

2
li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
View File

@ -41,7 +41,7 @@ public interface PrivilegeHandler {
*
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, byte[])
*/
public Certificate authenticate(String username, byte[] password);
public Certificate authenticate(String username, char[] password);
/**
* Validate that the certificate is still valid

2
li.strolch.agent/src/test/java/li/strolch/agent/ComponentContainerTest.java
View File

@ -168,7 +168,7 @@ public class ComponentContainerTest {
private static Certificate login(StrolchAgent agent) {
PrivilegeHandler privilegeHandler = agent.getContainer().getPrivilegeHandler();
return privilegeHandler.authenticate("test", "test".getBytes());
return privilegeHandler.authenticate("test", "test".toCharArray());
}
public static void testPersistenceContainer(StrolchAgent agent) {

2
li.strolch.agent/src/test/java/li/strolch/policytest/PolicyHandlerTest.java
View File

@ -44,7 +44,7 @@ public class PolicyHandlerTest {
PolicyHandler policyHandler = agent.getContainer().getComponent(PolicyHandler.class);
ComponentContainer container = agent.getContainer();
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
try (StrolchTransaction tx = container.getRealm(StrolchConstants.DEFAULT_REALM).openTx(certificate,
"test")) {

2
li.strolch.agent/src/test/java/li/strolch/runtime/query/enums/EnumHandlerTest.java
View File

@ -43,7 +43,7 @@ public class EnumHandlerTest {
ComponentContainer container = agent.getContainer();
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
EnumHandler enumHandler = container.getComponent(EnumHandler.class);
StrolchEnum sexEnum = enumHandler.getEnum(certificate, "sex", Locale.ENGLISH);

2
li.strolch.agent/src/test/java/li/strolch/runtime/query/inmemory/FindByLocatorTest.java
View File

@ -52,7 +52,7 @@ public class FindByLocatorTest {
runtimeMock = new RuntimeMock(PATH_FIND_BY_LOCATOR_RUNTIME, ComponentContainerTest.PATH_TRANSIENT_CONTAINER);
runtimeMock.mockRuntime();
runtimeMock.startContainer();
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
}

2
li.strolch.agent/src/test/java/li/strolch/runtime/query/inmemory/QueryTest.java
View File

@ -52,7 +52,7 @@ public class QueryTest {
public static final String PATH_EMPTY_RUNTIME = "target/QueryTest/"; //$NON-NLS-1$
private Certificate login(ComponentContainer container) {
return container.getPrivilegeHandler().authenticate("test", "test".getBytes());
return container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
}
@Test

8
li.strolch.agent/src/test/resources/cachedtest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/cachedtest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/emptytest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/emptytest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/minimaltest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/minimaltest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/realmtest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/realmtest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/transactionaltest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/transactionaltest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/transienttest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/transienttest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.agent/src/test/resources/versioningtest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.agent/src/test/resources/versioningtest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.performancetest/src/runtime_postgresql/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

4
li.strolch.performancetest/src/runtime_postgresql/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -18,7 +18,7 @@
<Property name="realm" value="cached" />
</Properties>
</User>
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.performancetest/src/runtime_postgresql_versioning/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

4
li.strolch.performancetest/src/runtime_postgresql_versioning/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -18,7 +18,7 @@
<Property name="realm" value="cached" />
</Properties>
</User>
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.performancetest/src/runtime_transient/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.performancetest/src/runtime_transient/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="transient" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="transient" password="cc6072ac76d018d95c964ca3d8d1d934a2bf66a369bdf2ff5a539bf23ecde11b" salt="7472616e7369656e74">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.performancetest/src/runtime_xml/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

4
li.strolch.performancetest/src/runtime_xml/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -18,7 +18,7 @@
<Property name="realm" value="cached" />
</Properties>
</User>
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

4
li.strolch.performancetest/src/test/java/li/strolch/performance/PerformanceTest.java
View File

@ -18,7 +18,7 @@ public abstract class PerformanceTest {
@Test
public void runPerformanceTestCached() {
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".getBytes());
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".toCharArray());
ServiceHandler svcHandler = runtime().getServiceHandler();
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
@ -27,7 +27,7 @@ public abstract class PerformanceTest {
@Test
public void runPerformanceTestTransactional() {
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".getBytes());
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".toCharArray());
ServiceHandler svcHandler = runtime().getServiceHandler();
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());

2
li.strolch.performancetest/src/test/java/li/strolch/performance/PerformanceTransientTest.java
View File

@ -50,7 +50,7 @@ public class PerformanceTransientTest {
@Test
public void runPerformanceTest() {
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".getBytes());
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".toCharArray());
ServiceHandler svcHandler = runtimeMock.getServiceHandler();
svcHandler.doService(certificate, new PerformanceTestService(), new PerformanceTestArgument());

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/ActivityQueryTest.java
View File

@ -59,7 +59,7 @@ public class ActivityQueryTest extends QueryTest {
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
runtimeMock.startContainer();
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
ActivityMap activityMap = tx.getActivityMap();

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/AuditQueryTest.java
View File

@ -100,7 +100,7 @@ public class AuditQueryTest {
cal.set(2000, 11, 1);
future = cal.getTime();
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
int i = 0;
try (StrolchTransaction tx = realm.openTx(cert, "test")) {

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/ObserverUpdateTest.java
View File

@ -120,7 +120,7 @@ public class ObserverUpdateTest {
realm.getObserverHandler().registerObserver(Tags.RESOURCE, observer);
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
Certificate certificate = privilegeHandler.authenticate("test", "test".getBytes()); //$NON-NLS-1$ //$NON-NLS-2$
Certificate certificate = privilegeHandler.authenticate("test", "test".toCharArray()); //$NON-NLS-1$ //$NON-NLS-2$
// create order
Order newOrder = createOrder("MyTestOrder", "Test Name", "TestType", new Date(), State.CREATED); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/OrderQueryTest.java
View File

@ -78,7 +78,7 @@ public class OrderQueryTest extends QueryTest {
cal.set(2000, 11, 1);
future = cal.getTime();
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
OrderMap orderMap = tx.getOrderMap();

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/RealmTest.java
View File

@ -82,7 +82,7 @@ public class RealmTest extends AbstractModelTest {
String type = "Bla"; //$NON-NLS-1$
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.getBytes());
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.toCharArray());
{
StrolchRealm firstRealm = runtimeMock.getRealm(FIRST);

2
li.strolch.persistence.postgresql/src/test/java/li/strolch/persistence/postgresql/dao/test/ResourceDaoTest.java
View File

@ -55,7 +55,7 @@ public class ResourceDaoTest extends QueryTest {
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
runtimeMock.startContainer();
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
try (StrolchTransaction tx = realm.openTx(cert, "test")) {

8
li.strolch.persistence.postgresql/src/test/resources/cachedruntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.postgresql/src/test/resources/cachedruntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.postgresql/src/test/resources/cachedruntimeVersioning/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.postgresql/src/test/resources/cachedruntimeVersioning/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.postgresql/src/test/resources/realmtest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.postgresql/src/test/resources/realmtest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.postgresql/src/test/resources/transactionalruntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.postgresql/src/test/resources/transactionalruntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.postgresql/src/test/resources/transactionalruntimeVersioning/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.postgresql/src/test/resources/transactionalruntimeVersioning/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.xml/src/test/resources/cachedruntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.xml/src/test/resources/cachedruntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.xml/src/test/resources/existingDbRuntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.xml/src/test/resources/existingDbRuntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.persistence.xml/src/test/resources/transactionalruntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.persistence.xml/src/test/resources/transactionalruntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.planningwebapp/src/main/webapp/WEB-INF/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

8
li.strolch.planningwebapp/src/main/webapp/WEB-INF/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -20,7 +20,7 @@
</Properties>
</User>
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
<Firstname>Bob</Firstname>
<Lastname>Bernstein</Lastname>
<State>ENABLED</State>
@ -30,7 +30,7 @@
</Roles>
</User>
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
<Firstname>Jill</Firstname>
<Lastname>Johnson</Lastname>
<State>ENABLED</State>
@ -40,7 +40,7 @@
</Roles>
</User>
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
<Firstname>System User</Firstname>
<Lastname>Administrator</Lastname>
<State>SYSTEM</State>

8
li.strolch.privilege/config/PrivilegeConfig.xml
View File

@ -15,7 +15,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

8
li.strolch.privilege/config/PrivilegeConfigMerge.xml
View File

@ -11,7 +11,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.privilege/config/PrivilegeUsers.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<Users>
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

4
li.strolch.privilege/config/PrivilegeUsersMerge.xml
View File

@ -1,7 +1,7 @@
<?xml version="1.0" encoding="UTF-8"?>
<Users>
<User userId="1" username="userA" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
<User userId="1" username="userA" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>System User</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -12,7 +12,7 @@
</Roles>
</User>
<User userId="2" username="userB" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
<User userId="2" username="userB" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>System User</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

80
li.strolch.privilege/src/main/java/Temp.java Normal file
View File

@ -0,0 +1,80 @@
import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.text.MessageFormat;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
public class Temp {
public static void main(String[] args) throws Exception {
for (int i = 0; i < 10; i++) {
long start = System.nanoTime();
byte[] bytes = new byte[16];
SecureRandom secureRandom = new SecureRandom();
secureRandom.nextBytes(bytes);
String token = getHexString(bytes);
System.out.println(token);
String algorithm = "PBKDF2WithHmacSHA512";
char[] password = "admin".toCharArray();
byte[] salt = "admin".getBytes();
int iterations = 10000;
int keyLength = 256;
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keyLength);
SecretKey key = skf.generateSecret(spec);
byte[] res = key.getEncoded();
System.out.println("Password hash: " + getHexString(res));
System.out.println("Salt: " + getHexString(salt));
long end = System.nanoTime();
System.out.println("Took: " + formatNanoDuration(end - start));
}
}
public static String getHexString(byte[] raw) throws RuntimeException {
try {
byte[] hex = new byte[2 * raw.length];
int index = 0;
for (byte b : raw) {
int v = b & 0xFF;
hex[index++] = HEX_CHAR_TABLE[v >>> 4];
hex[index++] = HEX_CHAR_TABLE[v & 0xF];
}
return new String(hex, "ASCII"); //$NON-NLS-1$
} catch (UnsupportedEncodingException e) {
String msg = MessageFormat.format("Something went wrong while converting to HEX: {0}", e.getMessage()); //$NON-NLS-1$
throw new RuntimeException(msg, e);
}
}
public static String formatNanoDuration(final long nanos) {
if (nanos >= 3600000000000L) {
return String.format("%.0fh", (nanos / 3600000000000.0D)); //$NON-NLS-1$
} else if (nanos >= 60000000000L) {
return String.format("%.0fm", (nanos / 60000000000.0D)); //$NON-NLS-1$
} else if (nanos >= 1000000000L) {
return String.format("%.0fs", (nanos / 1000000000.0D)); //$NON-NLS-1$
} else if (nanos >= 1000000L) {
return String.format("%.0fms", (nanos / 1000000.0D)); //$NON-NLS-1$
} else if (nanos >= 1000L) {
return String.format("%.0fus", (nanos / 1000.0D)); //$NON-NLS-1$
} else {
return nanos + "ns"; //$NON-NLS-1$
}
}
private static final byte[] HEX_CHAR_TABLE = { (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4',
(byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd',
(byte) 'e', (byte) 'f' };
}

81
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultEncryptionHandler.java
View File

@ -15,13 +15,17 @@
*/
package li.strolch.privilege.handler;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.text.MessageFormat;
import java.util.Map;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -37,7 +41,7 @@ import li.strolch.utils.helper.StringHelper;
*
* Required parameters:
* <ul>
* <li> {@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
* <li>{@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
* </ul>
*
* @author Robert von Burg <eitch@eitchnet.ch>
@ -55,40 +59,47 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
private SecureRandom secureRandom;
/**
* The configured hash algorithm for this instance
* The configured algorithm for this instance
*/
private String hashAlgorithm;
private String algorithm;
@Override
public String convertToHash(String string) {
return convertToHash(string.getBytes());
}
/**
* The number of iterations to perform the hashing with
*/
private int iterations;
@Override
public String convertToHash(byte[] bytes) {
try {
return StringHelper.hashAsHex(this.hashAlgorithm, bytes);
} catch (RuntimeException e) {
if (e.getCause() == null)
throw e;
if (e.getCause().getClass().equals(NoSuchAlgorithmException.class))
throw new PrivilegeException(
MessageFormat.format("Algorithm {0} was not found!", this.hashAlgorithm), e.getCause()); //$NON-NLS-1$
if (e.getCause().getClass().equals(UnsupportedEncodingException.class))
throw new PrivilegeException("Charset ASCII is not supported!", e.getCause()); //$NON-NLS-1$
throw e;
}
}
/**
* The length of the secure key for the hashing
*/
private int keyLength;
@Override
public String nextToken() {
byte[] bytes = new byte[16];
this.secureRandom.nextBytes(bytes);
String randomString = new String(bytes);
return randomString;
return StringHelper.getHexString(bytes);
}
@Override
public byte[] nextSalt() {
byte[] bytes = new byte[32];
this.secureRandom.nextBytes(bytes);
return bytes;
}
@Override
public byte[] hashPassword(char[] password, byte[] salt) {
try {
SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
PBEKeySpec spec = new PBEKeySpec(password, salt, this.iterations, this.keyLength);
SecretKey key = skf.generateSecret(spec);
byte[] res = key.getEncoded();
return res;
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
throw new IllegalStateException(e);
}
}
@Override
@ -97,18 +108,14 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
this.secureRandom = new SecureRandom();
// get hash algorithm parameters
this.hashAlgorithm = parameterMap.get(XmlConstants.XML_PARAM_HASH_ALGORITHM);
if (this.hashAlgorithm == null || this.hashAlgorithm.isEmpty()) {
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM);
throw new PrivilegeException(msg);
}
this.algorithm = parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ALGORITHM, "PBKDF2WithHmacSHA512");
this.iterations = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ITERATIONS, "200000"));
this.keyLength = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "256"));
// test hash algorithm
try {
convertToHash("test"); //$NON-NLS-1$
DefaultEncryptionHandler.logger.info(MessageFormat
.format("Using hashing algorithm {0}", this.hashAlgorithm)); //$NON-NLS-1$
hashPassword("test".toCharArray(), "test".getBytes()); //$NON-NLS-1$
DefaultEncryptionHandler.logger.info(MessageFormat.format("Using hashing algorithm {0}", this.algorithm)); //$NON-NLS-1$
} catch (Exception e) {
String msg = "[{0}] Defined parameter {1} is invalid because of underlying exception: {2}"; //$NON-NLS-1$
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM,

112
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -404,7 +404,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
@Override
public UserRep addUser(Certificate certificate, UserRep userRepParam, byte[] password) {
public UserRep addUser(Certificate certificate, UserRep userRepParam, char[] password) {
try {
// validate user actually has this type of privilege
@ -433,18 +433,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
}
String passwordHash = null;
byte[] passwordHash = null;
byte[] salt = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// get new salt for user
salt = this.encryptionHandler.nextSalt();
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
passwordHash = this.encryptionHandler.hashPassword(password, salt);
}
// create new user
User newUser = createUser(userRep, passwordHash);
User newUser = createUser(userRep, passwordHash, salt);
// detect privilege conflicts
assertNoPrivilegeConflict(newUser);
@ -465,7 +469,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
@Override
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password) {
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password) {
try {
// validate user actually has this type of privilege
@ -491,17 +495,21 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
}
String passwordHash = null;
byte[] passwordHash = null;
byte[] salt = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// get new salt for user
salt = this.encryptionHandler.nextSalt();
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
passwordHash = this.encryptionHandler.hashPassword(password, salt);
}
User newUser = createUser(userRep, passwordHash);
User newUser = createUser(userRep, passwordHash, salt);
// detect privilege conflicts
assertNoPrivilegeConflict(newUser);
@ -532,8 +540,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
}
private User createUser(UserRep userRep, String passwordHash) {
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
private User createUser(UserRep userRep, byte[] passwordHash, byte[] salt) {
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, salt, userRep.getFirstname(),
userRep.getLastname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
userRep.getPropertyMap());
return user;
@ -563,7 +571,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
String userId = existingUser.getUserId();
String username = existingUser.getUsername();
String password = existingUser.getPassword();
byte[] password = existingUser.getPassword();
byte[] salt = existingUser.getSalt();
String firstname = existingUser.getFirstname();
String lastname = existingUser.getLastname();
UserState userState = existingUser.getUserState();
@ -582,7 +591,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
propertyMap = userRep.getPropertyMap();
// create new user
User newUser = new User(userId, username, password, firstname, lastname, userState, roles, locale, propertyMap);
User newUser = new User(userId, username, password, salt, firstname, lastname, userState, roles, locale,
propertyMap);
// detect privilege conflicts
assertNoPrivilegeConflict(newUser);
@ -657,8 +667,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
newRoles.add(roleName);
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
existingUser.getLocale(), existingUser.getProperties());
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
// detect privilege conflicts
assertNoPrivilegeConflict(newUser);
@ -699,8 +709,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
Set<String> newRoles = new HashSet<>(currentRoles);
newRoles.remove(roleName);
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
existingUser.getLocale(), existingUser.getProperties());
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
// delegate user replacement to persistence handler
this.persistenceHandler.replaceUser(newUser);
@ -725,8 +735,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// create new user
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
existingUser.getRoles(), locale, existingUser.getProperties());
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
existingUser.getUserState(), existingUser.getRoles(), locale, existingUser.getProperties());
// if the user is not setting their own locale, then make sure this user may set this user's locale
if (!certificate.getUsername().equals(username)) {
@ -747,7 +757,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
@Override
public void setUserPassword(Certificate certificate, String username, byte[] password) {
public void setUserPassword(Certificate certificate, String username, char[] password) {
try {
// validate user actually has this type of privilege
@ -760,18 +770,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new PrivilegeException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
}
String passwordHash = null;
byte[] passwordHash = null;
byte[] salt = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// get new salt for user
salt = this.encryptionHandler.nextSalt();
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
passwordHash = this.encryptionHandler.hashPassword(password, salt);
}
// create new user
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash,
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash, salt,
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
@ -815,8 +829,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// create new user
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
existingUser.getFirstname(), existingUser.getLastname(), state, existingUser.getRoles(),
existingUser.getLocale(), existingUser.getProperties());
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(), state,
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
// validate that this user may modify this user's state
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_STATE, new Tuple(existingUser, newUser)));
@ -1059,7 +1073,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// validate the response
UserChallenge userChallenge = this.userChallengeHandler.validateResponse(user, challenge);
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
String authToken = this.encryptionHandler.nextToken();
String sessionId = UUID.randomUUID().toString();
// create a new certificate, with details of the user
@ -1077,7 +1091,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
@Override
public Certificate authenticate(String username, byte[] password) {
public Certificate authenticate(String username, char[] password) {
try {
// username must be at least 2 characters in length
@ -1097,7 +1111,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// get 2 auth tokens
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
String authToken = this.encryptionHandler.nextToken();
// get next session id
String sessionId = UUID.randomUUID().toString();
@ -1232,15 +1246,12 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
* @throws InvalidCredentialsException
* if the given credentials are invalid, the user does not exist, or has no password set
*/
private User checkCredentialsAndUserState(String username, byte[] password)
private User checkCredentialsAndUserState(String username, char[] password)
throws InvalidCredentialsException, AccessDeniedException {
// and validate the password
validatePassword(password);
// we only work with hashed passwords
String passwordHash = this.encryptionHandler.convertToHash(password);
// get user object
User user = this.persistenceHandler.getUser(username);
// no user means no authentication
@ -1256,14 +1267,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new InvalidCredentialsException(msg);
}
// validate password
String pwHash = user.getPassword();
if (pwHash == null)
throw new AccessDeniedException(
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
if (!pwHash.equals(passwordHash))
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
// validate if user is allowed to login
// this also capture the trying to login of SYSTEM user
if (user.getUserState() != UserState.ENABLED) {
@ -1272,6 +1275,25 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new AccessDeniedException(msg);
}
byte[] pwHash = user.getPassword();
if (pwHash == null)
throw new AccessDeniedException(
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
byte[] salt = user.getSalt();
if (salt == null)
throw new AccessDeniedException(MessageFormat.format("User {0} has no salt and may not login!", salt)); //$NON-NLS-1$
// we only work with hashed passwords
byte[] passwordHash = this.encryptionHandler.hashPassword(password, salt);
logger.info("New hash: " + StringHelper.getHexString(passwordHash));
logger.info("User hash: " + StringHelper.getHexString(pwHash));
logger.info("User salt: " + StringHelper.getHexString(salt));
// validate password
if (!Arrays.equals(passwordHash, pwHash))
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
return user;
}
@ -1426,10 +1448,10 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
/**
* This simple implementation validates that the password is not null, and that the password string is not empty
*
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(byte[])
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(char[])
*/
@Override
public void validatePassword(byte[] password) throws PrivilegeException {
public void validatePassword(char[] password) throws PrivilegeException {
if (password == null || password.length == 0) {
throw new PrivilegeException("A password may not be empty!"); //$NON-NLS-1$
@ -1708,13 +1730,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
/**
* Passwords should not be kept as strings, as string are immutable, this method thus clears the byte array so that
* Passwords should not be kept as strings, as string are immutable, this method thus clears the char array so that
* the password is not in memory anymore
*
* @param password
* the byte array containing the passwort which is to be set to zeroes
* the char array containing the passwort which is to be set to zeroes
*/
private void clearPassword(byte[] password) {
private void clearPassword(char[] password) {
if (password != null) {
for (int i = 0; i < password.length; i++) {
password[i] = 0;
@ -1797,7 +1819,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// validate password
String pwHash = user.getPassword();
byte[] pwHash = user.getPassword();
if (pwHash != null) {
String msg = MessageFormat.format("System users must not have a password: {0}", systemUsername); //$NON-NLS-1$
throw new AccessDeniedException(msg);

25
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/EncryptionHandler.java
View File

@ -26,29 +26,30 @@ import java.util.Map;
public interface EncryptionHandler {
/**
* Calculates or generates a token which can be used to identify certificates and so forth
* Generates a token which can be used to identify certificates and so forth
*
* @return the secure token
* @return a new token
*/
public String nextToken();
/**
* Converts a given string, e.g. a password to a hash which is defined by the concrete implementation
* Generates a token which can be used to identify certificates and so forth
*
* @param string
* the string to convert
* @return the hash of the string after converting
* @return a new token
*/
public String convertToHash(String string);
public byte[] nextSalt();
/**
* Converts a given byte array, e.g. a password to a hash which is defined by the concrete implementation
* Hashes the given password with the given salt with the configured algorithm
*
* @param bytes
* the bytes to convert
* @return the hash of the string after converting
* @param password
* the password
* @param salt
* the salt
*
* @return the hashed password
*/
public String convertToHash(byte[] bytes);
public byte[] hashPassword(final char[] password, final byte[] salt);
/**
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the

24
li.strolch.privilege/src/main/java/li/strolch/privilege/handler/PrivilegeHandler.java
View File

@ -331,7 +331,7 @@ public interface PrivilegeHandler {
*
* <p>
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
* </p>
*
* @param certificate
@ -341,14 +341,14 @@ public interface PrivilegeHandler {
* @param password
* the password of the new user. If the password is null, then this is accepted but the user can not
* login, otherwise the password must be validated against
* {@link PrivilegeHandler#validatePassword(byte[])}
* {@link PrivilegeHandler#validatePassword(char[])}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate or the user already exists
*/
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password)
public UserRep addUser(Certificate certificate, UserRep userRep, char[] password)
throws AccessDeniedException, PrivilegeException;
/**
@ -390,7 +390,7 @@ public interface PrivilegeHandler {
*
* <p>
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
* </p>
*
* @param certificate
@ -400,14 +400,14 @@ public interface PrivilegeHandler {
* @param password
* the password of the new user. If the password is null, then this is accepted but the user can not
* login, otherwise the password must be validated against
* {@link PrivilegeHandler#validatePassword(byte[])}
* {@link PrivilegeHandler#validatePassword(char[])}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate or if the user does not exist
*/
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password)
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password)
throws AccessDeniedException, PrivilegeException;
/**
@ -481,7 +481,7 @@ public interface PrivilegeHandler {
* <p>
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
* can not login anymore. Otherwise the password must meet the requirements of the implementation under
* {@link PrivilegeHandler#validatePassword(byte[])}
* {@link PrivilegeHandler#validatePassword(char[])}
* </p>
*
* <p>
@ -495,14 +495,14 @@ public interface PrivilegeHandler {
* @param password
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
* Otherwise the password must meet the requirements of the implementation under
* {@link PrivilegeHandler#validatePassword(byte[])}
* {@link PrivilegeHandler#validatePassword(char[])}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserPassword(Certificate certificate, String username, byte[] password)
public void setUserPassword(Certificate certificate, String username, char[] password)
throws AccessDeniedException, PrivilegeException;
/**
@ -575,14 +575,14 @@ public interface PrivilegeHandler {
* the username of the {@link User} which is registered in the {@link PersistenceHandler}
* @param password
* the password with which this user is to be authenticated. Null passwords are not accepted and they
* must meet the requirements of the {@link #validatePassword(byte[])}-method
* must meet the requirements of the {@link #validatePassword(char[])}-method
*
* @return a {@link Certificate} with which this user may then perform actions
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, byte[] password) throws AccessDeniedException;
public Certificate authenticate(String username, char[] password) throws AccessDeniedException;
/**
* Invalidates the session for the given {@link Certificate}, effectively logging out the user who was authenticated
@ -630,7 +630,7 @@ public interface PrivilegeHandler {
* @throws PrivilegeException
* if the password does not implement the requirement of the concrete implementation
*/
public void validatePassword(byte[] password) throws PrivilegeException;
public void validatePassword(char[] password) throws PrivilegeException;
/**
* <p>

123
li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreaterUI.java
View File

@ -1,123 +0,0 @@
/*
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package li.strolch.privilege.helper;
import java.awt.Dimension;
import java.awt.GridLayout;
import java.awt.Toolkit;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.awt.event.KeyEvent;
import java.awt.event.KeyListener;
import javax.swing.JButton;
import javax.swing.JComboBox;
import javax.swing.JFrame;
import javax.swing.JLabel;
import javax.swing.JPasswordField;
import javax.swing.JTextField;
import javax.swing.SwingConstants;
import li.strolch.utils.helper.StringHelper;
/**
* Simple Swing UI to create passwords
*
* @author Robert von Burg <eitch@eitchnet.ch>
*/
@SuppressWarnings("nls")
public class PasswordCreaterUI {
/**
* Launches the UI
*
* @param args
* not used
*/
public static void main(String[] args) {
JFrame.setDefaultLookAndFeelDecorated(true);
JFrame frame = new JFrame();
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
frame.setTitle("Password creator");
frame.setLayout(new GridLayout(4, 2));
JLabel digest = new JLabel("Digest:", SwingConstants.RIGHT);
JLabel password = new JLabel("Password:", SwingConstants.RIGHT);
JLabel hash = new JLabel("Hash:", SwingConstants.RIGHT);
String[] digests = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512" };
final JComboBox<String> digestCombo = new JComboBox<>(digests);
digestCombo.setSelectedIndex(3);
final JPasswordField passwordField = new JPasswordField();
final JTextField hashField = new JTextField(150);
JButton digestBtn = new JButton("Digest");
passwordField.addKeyListener(new KeyListener() {
@Override
public void keyTyped(KeyEvent e) {
//
}
@Override
public void keyReleased(KeyEvent e) {
//
}
@Override
public void keyPressed(KeyEvent e) {
hashField.setText("");
}
});
digestBtn.addActionListener(new ActionListener() {
@Override
public void actionPerformed(ActionEvent e) {
try {
String digest = (String) digestCombo.getSelectedItem();
char[] passwordChar = passwordField.getPassword();
String password = new String(passwordChar);
String hash = StringHelper.hashAsHex(digest, password);
hashField.setText(hash);
} catch (Exception e1) {
e1.printStackTrace();
hashField.setText("Failed: " + e1.getLocalizedMessage());
}
}
});
frame.add(digest);
frame.add(digestCombo);
frame.add(password);
frame.add(passwordField);
frame.add(hash);
frame.add(hashField);
frame.add(new JLabel());
frame.add(digestBtn);
Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
int width = 500;
int height = 160;
frame.setSize(width, height);
frame.setLocation(screenSize.width / 2 - width, screenSize.height / 2 - height);
frame.setVisible(true);
}
}

82
li.strolch.privilege/src/main/java/li/strolch/privilege/helper/PasswordCreator.java
View File

@ -17,8 +17,12 @@ package li.strolch.privilege.helper;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.security.MessageDigest;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.SecretKeyFactory;
import li.strolch.privilege.handler.DefaultEncryptionHandler;
import li.strolch.utils.helper.StringHelper;
/**
@ -26,10 +30,6 @@ import li.strolch.utils.helper.StringHelper;
* Simple main class which can be used to create a hash from a password which the user must type in at the command line
* </p>
*
* <p>
* TODO: Note: currently the password input is echoed which is a security risk
* </p>
*
* @author Robert von Burg <eitch@eitchnet.ch>
*/
public class PasswordCreator {
@ -47,26 +47,82 @@ public class PasswordCreator {
String hashAlgorithm = null;
while (hashAlgorithm == null) {
System.out.print("Hash Algorithm [SHA-256]: ");
System.out.print("Hash Algorithm [PBKDF2WithHmacSHA512]: ");
String readLine = r.readLine().trim();
if (readLine.isEmpty()) {
hashAlgorithm = "SHA-256";
hashAlgorithm = "PBKDF2WithHmacSHA512";
} else {
try {
MessageDigest.getInstance(readLine);
SecretKeyFactory.getInstance(readLine);
hashAlgorithm = readLine;
} catch (Exception e) {
System.out.println(e.getLocalizedMessage());
System.err.println(e.getLocalizedMessage());
hashAlgorithm = null;
}
}
}
System.out.print("Password: ");
String password = r.readLine().trim();
System.out.print("Hash is: " + StringHelper.hashAsHex(hashAlgorithm, password));
}
int iterations = -1;
while (iterations == -1) {
System.out.print("Hash iterations [200000]: ");
String readLine = r.readLine().trim();
if (readLine.isEmpty()) {
iterations = 200000;
} else {
try {
iterations = Integer.parseInt(readLine);
} catch (Exception e) {
System.err.println(e.getLocalizedMessage());
iterations = -1;
}
}
}
int keyLength = -1;
while (keyLength == -1) {
System.out.print("Hash keyLength [256]: ");
String readLine = r.readLine().trim();
if (readLine.isEmpty()) {
keyLength = 256;
} else {
try {
keyLength = Integer.parseInt(readLine);
if (keyLength <= 0)
throw new IllegalArgumentException("KeyLength must be > 0");
} catch (Exception e) {
System.err.println(e.getLocalizedMessage());
keyLength = -1;
}
}
}
System.out.print("Password: ");
char[] password = r.readLine().trim().toCharArray();
System.out.print("Salt: ");
String saltS = StringHelper.getHexString(r.readLine().trim().getBytes());
byte[] salt = StringHelper.fromHexString(saltS);
Map<String, String> parameterMap = new HashMap<>();
parameterMap.put(XmlConstants.XML_PARAM_HASH_ALGORITHM, hashAlgorithm);
parameterMap.put(XmlConstants.XML_PARAM_HASH_ITERATIONS, "" + iterations);
parameterMap.put(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "" + keyLength);
DefaultEncryptionHandler encryptionHandler = new DefaultEncryptionHandler();
encryptionHandler.initialize(parameterMap);
byte[] passwordHash = encryptionHandler.hashPassword(password, salt);
String passwordHashS = StringHelper.getHexString(passwordHash);
System.out.println("Hash is: " + passwordHashS);
System.out.println("Salt is: " + saltS);
System.out.println();
System.out.println(XmlConstants.XML_ATTR_PASSWORD + "=\"" + passwordHashS + "\" " + XmlConstants.XML_ATTR_SALT
+ "=\"" + saltS + "\"");
}
}

15
li.strolch.privilege/src/main/java/li/strolch/privilege/helper/XmlConstants.java
View File

@ -233,11 +233,26 @@ public class XmlConstants {
*/
public static final String XML_ATTR_PASSWORD = "password";
/**
* XML_ATTR_SALT = "salt" :
*/
public static final String XML_ATTR_SALT = "salt";
/**
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
*/
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
/**
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
*/
public static final String XML_PARAM_HASH_ITERATIONS = "hashIterations";
/**
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
*/
public static final String XML_PARAM_HASH_KEY_LENGTH = "hashKeyLength";
/**
* XML_PARAM_USERS_FILE = "usersXmlFile" :
*/

19
li.strolch.privilege/src/main/java/li/strolch/privilege/model/internal/User.java
View File

@ -43,7 +43,8 @@ public final class User {
private final String userId;
private final String username;
private final String password;
private final byte[] password;
private final byte[] salt;
private final String firstname;
private final String lastname;
@ -78,7 +79,7 @@ public final class User {
* @param propertyMap
* a {@link Map} containing string value pairs of properties for this user
*/
public User(String userId, String username, String password, String firstname, String lastname,
public User(String userId, String username, byte[] password, byte[] salt, String firstname, String lastname,
UserState userState, Set<String> roles, Locale locale, Map<String, String> propertyMap) {
if (StringHelper.isEmpty(userId)) {
@ -107,7 +108,8 @@ public final class User {
this.userId = userId;
this.username = username;
this.password = StringHelper.isEmpty(password) ? null : password;
this.password = password;
this.salt = salt;
this.userState = userState;
this.firstname = firstname;
@ -148,10 +150,19 @@ public final class User {
*
* @return the hashed password for this {@link User}
*/
public String getPassword() {
public byte[] getPassword() {
return this.password;
}
/**
* Return the salt for this {@link User}
*
* @return the salt for this {@link User}
*/
public byte[] getSalt() {
return this.salt;
}
/**
* @return the first name
*/

6
li.strolch.privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersDomWriter.java
View File

@ -59,8 +59,10 @@ public class PrivilegeUsersDomWriter {
userElement.setAttribute(XmlConstants.XML_ATTR_USER_ID, user.getUserId());
userElement.setAttribute(XmlConstants.XML_ATTR_USERNAME, user.getUsername());
if (StringHelper.isNotEmpty(user.getPassword()))
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, user.getPassword());
if (user.getPassword() != null)
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, StringHelper.getHexString(user.getPassword()));
if (user.getSalt() != null)
userElement.setAttribute(XmlConstants.XML_ATTR_SALT, StringHelper.getHexString(user.getSalt()));
// add first name element
if (StringHelper.isNotEmpty(user.getFirstname())) {

15
li.strolch.privilege/src/main/java/li/strolch/privilege/xml/PrivilegeUsersSaxReader.java
View File

@ -35,6 +35,7 @@ import org.xml.sax.helpers.DefaultHandler;
import li.strolch.privilege.helper.XmlConstants;
import li.strolch.privilege.model.UserState;
import li.strolch.privilege.model.internal.User;
import li.strolch.utils.helper.StringHelper;
/**
* @author Robert von Burg <eitch@eitchnet.ch>
@ -114,7 +115,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
String userId;
String username;
String password;
byte[] password;
byte[] salt;
String firstName;
String lastname;
UserState userState;
@ -135,7 +137,12 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
if (qName.equals(XmlConstants.XML_USER)) {
this.userId = attributes.getValue(XmlConstants.XML_ATTR_USER_ID);
this.username = attributes.getValue(XmlConstants.XML_ATTR_USERNAME);
this.password = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
String passwordS = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
if (!StringHelper.isEmpty(passwordS))
this.password = StringHelper.fromHexString(passwordS);
String saltS = attributes.getValue(XmlConstants.XML_ATTR_SALT);
if (!StringHelper.isEmpty(saltS))
this.salt = StringHelper.fromHexString(saltS);
}
}
@ -165,8 +172,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
// NO-OP
} else if (qName.equals(XmlConstants.XML_USER)) {
User user = new User(this.userId, this.username, this.password, this.firstName, this.lastname,
this.userState, this.userRoles, this.locale, this.parameters);
User user = new User(this.userId, this.username, this.password, this.salt, this.firstName,
this.lastname, this.userState, this.userRoles, this.locale, this.parameters);
logger.info(MessageFormat.format("New User: {0}", user)); //$NON-NLS-1$
getUsers().add(user);
} else {

2
li.strolch.privilege/src/test/java/li/strolch/privilege/test/AbstractPrivilegeTest.java
View File

@ -22,7 +22,7 @@ public class AbstractPrivilegeTest {
protected PrivilegeHandler privilegeHandler;
protected PrivilegeContext ctx;
protected void login(String username, byte[] password) {
protected void login(String username, char[] password) {
Certificate certificate = privilegeHandler.authenticate(username, password);
assertTrue("Certificate is null!", certificate != null);
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);

2
li.strolch.privilege/src/test/java/li/strolch/privilege/test/PersistSessionsTest.java
View File

@ -37,7 +37,7 @@ public class PersistSessionsTest extends AbstractPrivilegeTest {
assertFalse("Sessions File should no yet exist", sessionsFile.exists());
// login and assert sessions file was written
login("admin", "admin".getBytes());
login("admin", "admin".toCharArray());
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
assertTrue("Sessions File should have been created!", sessionsFile.isFile());

4
li.strolch.privilege/src/test/java/li/strolch/privilege/test/PrivilegeConflictMergeTest.java
View File

@ -51,7 +51,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
@Test
public void shouldMergePrivileges1() {
try {
login("userA", "admin".getBytes());
login("userA", "admin".toCharArray());
IPrivilege privilege = this.ctx.getPrivilege("Foo");
assertTrue(privilege.isAllAllowed());
assertTrue(privilege.getAllowList().isEmpty());
@ -65,7 +65,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
@Test
public void shouldMergePrivileges2() {
try {
login("userB", "admin".getBytes());
login("userB", "admin".toCharArray());
IPrivilege privilege = this.ctx.getPrivilege("Bar");
assertFalse(privilege.isAllAllowed());
assertEquals(2, privilege.getAllowList().size());

12
li.strolch.privilege/src/test/java/li/strolch/privilege/test/PrivilegeTest.java
View File

@ -70,21 +70,21 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
private static final String ROLE_PRIVILEGE_ADMIN = "PrivilegeAdmin";
private static final String PRIVILEGE_USER_ACCESS = "UserAccessPrivilege";
private static final String ADMIN = "admin";
private static final byte[] PASS_ADMIN = "admin".getBytes();
private static final char[] PASS_ADMIN = "admin".toCharArray();
private static final String BOB = "bob";
private static final String TED = "ted";
private static final String SYSTEM_USER_ADMIN = "system_admin";
private static final String SYSTEM_USER_ADMIN2 = "system_admin2";
private static final byte[] PASS_BOB = "admin1".getBytes();
private static final char[] PASS_BOB = "admin1".toCharArray();
private static final String ROLE_APP_USER = "AppUser";
private static final String ROLE_MY = "MyRole";
private static final String ROLE_MY2 = "MyRole2";
private static final String ROLE_CHANGE_PW = "changePw";
private static final String ROLE_TEMP = "temp";
private static final String ROLE_USER = "user";
private static final byte[] PASS_DEF = "def".getBytes();
private static final byte[] PASS_BAD = "123".getBytes();
private static final byte[] PASS_TED = "12345".getBytes();
private static final char[] PASS_DEF = "def".toCharArray();
private static final char[] PASS_BAD = "123".toCharArray();
private static final char[] PASS_TED = "12345".toCharArray();
private static final Logger logger = LoggerFactory.getLogger(PrivilegeTest.class);
@ -223,7 +223,7 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
this.exception.expect(AccessDeniedException.class);
this.exception.expectMessage("User system_admin is a system user and may not login!");
try {
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.getBytes());
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.toCharArray());
} finally {
logout();
}

32
li.strolch.privilege/src/test/java/li/strolch/privilege/test/XmlTest.java
View File

@ -129,7 +129,7 @@ public class XmlTest {
assertEquals(6, containerModel.getParameterMap().size());
assertEquals(3, containerModel.getPolicies().size());
assertEquals(1, containerModel.getEncryptionHandlerParameterMap().size());
assertEquals(3, containerModel.getEncryptionHandlerParameterMap().size());
assertEquals(3, containerModel.getPersistenceHandlerParameterMap().size());
// TODO extend assertions to actual model
@ -184,7 +184,9 @@ public class XmlTest {
User admin = findUser("admin", users);
assertEquals("1", admin.getUserId());
assertEquals("admin", admin.getUsername());
assertEquals("8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918", admin.getPassword());
assertEquals("cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344",
StringHelper.getHexString(admin.getPassword()));
assertEquals("61646d696e", StringHelper.getHexString(admin.getSalt()));
assertEquals("Application", admin.getFirstname());
assertEquals("Administrator", admin.getLastname());
assertEquals(UserState.ENABLED, admin.getUserState());
@ -200,6 +202,7 @@ public class XmlTest {
assertEquals("2", systemAdmin.getUserId());
assertEquals("system_admin", systemAdmin.getUsername());
assertEquals(null, systemAdmin.getPassword());
assertEquals(null, systemAdmin.getSalt());
assertEquals("System User", systemAdmin.getFirstname());
assertEquals("Administrator", systemAdmin.getLastname());
assertEquals(UserState.SYSTEM, systemAdmin.getUserState());
@ -264,9 +267,8 @@ public class XmlTest {
Role systemAdminPrivileges = findRole("system_admin_privileges", roles);
assertEquals("system_admin_privileges", systemAdminPrivileges.getName());
assertEquals(2, systemAdminPrivileges.getPrivilegeNames().size());
assertThat(systemAdminPrivileges.getPrivilegeNames(),
containsInAnyOrder("li.strolch.privilege.handler.SystemAction",
"li.strolch.privilege.test.model.TestSystemRestrictable"));
assertThat(systemAdminPrivileges.getPrivilegeNames(), containsInAnyOrder(
"li.strolch.privilege.handler.SystemAction", "li.strolch.privilege.test.model.TestSystemRestrictable"));
IPrivilege testSystemUserAction = systemAdminPrivileges
.getPrivilege("li.strolch.privilege.handler.SystemAction");
@ -288,11 +290,9 @@ public class XmlTest {
Role restrictedRole = findRole("restrictedRole", roles);
assertEquals("restrictedRole", restrictedRole.getName());
assertEquals(1, restrictedRole.getPrivilegeNames().size());
assertThat(restrictedRole.getPrivilegeNames(),
containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
assertThat(restrictedRole.getPrivilegeNames(), containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
IPrivilege testSystemUserAction2 = restrictedRole
.getPrivilege("li.strolch.privilege.handler.SystemAction");
IPrivilege testSystemUserAction2 = restrictedRole.getPrivilege("li.strolch.privilege.handler.SystemAction");
assertEquals("li.strolch.privilege.handler.SystemAction", testSystemUserAction2.getName());
assertEquals("DefaultPrivilege", testSystemUserAction2.getPolicy());
assertFalse(testSystemUserAction2.isAllAllowed());
@ -341,16 +341,16 @@ public class XmlTest {
propertyMap.put("prop1", "value1");
userRoles = new HashSet<>();
userRoles.add("role1");
User user1 = new User("1", "user1", "blabla", "Bob", "White", UserState.DISABLED, userRoles, Locale.ENGLISH,
propertyMap);
User user1 = new User("1", "user1", "blabla".getBytes(), "blabla".getBytes(), "Bob", "White",
UserState.DISABLED, userRoles, Locale.ENGLISH, propertyMap);
users.add(user1);
propertyMap = new HashMap<>();
propertyMap.put("prop2", "value2");
userRoles = new HashSet<>();
userRoles.add("role2");
User user2 = new User("2", "user2", "haha", "Leonard", "Sheldon", UserState.ENABLED, userRoles, Locale.ENGLISH,
propertyMap);
User user2 = new User("2", "user2", "haha".getBytes(), "haha".getBytes(), "Leonard", "Sheldon",
UserState.ENABLED, userRoles, Locale.ENGLISH, propertyMap);
users.add(user2);
File modelFile = new File("./target/test/PrivilegeUsersTest.xml");
@ -370,7 +370,8 @@ public class XmlTest {
assertEquals(user1.getFirstname(), parsedUser1.getFirstname());
assertEquals(user1.getLastname(), parsedUser1.getLastname());
assertEquals(user1.getLocale(), parsedUser1.getLocale());
assertEquals(user1.getPassword(), parsedUser1.getPassword());
assertTrue(Arrays.equals(user1.getPassword(), parsedUser1.getPassword()));
assertTrue(Arrays.equals(user1.getSalt(), parsedUser1.getSalt()));
assertEquals(user1.getProperties(), parsedUser1.getProperties());
assertEquals(user1.getUserId(), parsedUser1.getUserId());
assertEquals(user1.getUserState(), parsedUser1.getUserState());
@ -379,7 +380,8 @@ public class XmlTest {
assertEquals(user2.getFirstname(), parsedUser2.getFirstname());
assertEquals(user2.getLastname(), parsedUser2.getLastname());
assertEquals(user2.getLocale(), parsedUser2.getLocale());
assertEquals(user2.getPassword(), parsedUser2.getPassword());
assertTrue(Arrays.equals(user2.getPassword(), parsedUser2.getPassword()));
assertTrue(Arrays.equals(user2.getSalt(), parsedUser2.getSalt()));
assertEquals(user2.getProperties(), parsedUser2.getProperties());
assertEquals(user2.getUserId(), parsedUser2.getUserId());
assertEquals(user2.getUserState(), parsedUser2.getUserState());

2
li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
View File

@ -138,7 +138,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
}
@Override
public Certificate authenticate(String username, byte[] password) {
public Certificate authenticate(String username, char[] password) {
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$

2
li.strolch.rest/src/main/java/li/strolch/rest/StrolchSessionHandler.java
View File

@ -28,7 +28,7 @@ import li.strolch.rest.model.UserSession;
*/
public interface StrolchSessionHandler {
public Certificate authenticate(String username, byte[] password);
public Certificate authenticate(String username, char[] password);
public Certificate validate(String authToken);

5
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/AuthenticationService.java
View File

@ -92,7 +92,8 @@ public class AuthenticationService {
sb.append("Password was not given!"); //$NON-NLS-1$
}
byte[] password = passwordE == null ? new byte[] {} : Base64.getDecoder().decode(passwordE.getAsString());
char[] password = passwordE == null ? new char[] {}
: new String(Base64.getDecoder().decode(passwordE.getAsString())).toCharArray();
if (password.length < 3) {
if (sb.length() > 0)
sb.append("\n");
@ -295,7 +296,7 @@ public class AuthenticationService {
String msg = "Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!";
logger.warn(msg);
}
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);

2
li.strolch.rest/src/main/java/li/strolch/rest/endpoint/PrivilegeUsersService.java
View File

@ -360,7 +360,7 @@ public class PrivilegeUsersService {
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
arg.username = username;
arg.password = Base64.getDecoder().decode(password);
arg.password = new String(Base64.getDecoder().decode(password)).toCharArray();
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
if (svcResult.isOk()) {

8
li.strolch.rest/src/test/resources/withPrivilegeRuntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

8
li.strolch.rest/src/test/resources/withPrivilegeRuntime/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -20,7 +20,7 @@
</Properties>
</User>
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
<Firstname>Bob</Firstname>
<Lastname>Bernstein</Lastname>
<State>ENABLED</State>
@ -30,7 +30,7 @@
</Roles>
</User>
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
<Firstname>Jill</Firstname>
<Lastname>Johnson</Lastname>
<State>ENABLED</State>
@ -40,7 +40,7 @@
</Roles>
</User>
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
<Firstname>System User</Firstname>
<Lastname>Administrator</Lastname>
<State>SYSTEM</State>

2
li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserPasswordArgument.java
View File

@ -20,5 +20,5 @@ import li.strolch.service.api.ServiceArgument;
public class PrivilegeSetUserPasswordArgument extends ServiceArgument {
private static final long serialVersionUID = 1L;
public String username;
public byte[] password;
public char[] password;
}

2
li.strolch.service/src/test/java/li/strolch/command/AbstractRealmCommandTest.java
View File

@ -65,7 +65,7 @@ public abstract class AbstractRealmCommandTest {
runtimeMock.mockRuntime(rootPath, configSrc);
runtimeMock.startContainer();
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
importFromXml(REALM_CACHED, certificate, getServiceHandler());
importFromXml(REALM_TRANSACTIONAL, certificate, getServiceHandler());
}

2
li.strolch.service/src/test/java/li/strolch/migrations/MigrationsTest.java
View File

@ -56,7 +56,7 @@ public class MigrationsTest {
runtimeMock.mockRuntime(rootPath, configSrc);
runtimeMock.startContainer();
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
}
@AfterClass

2
li.strolch.service/src/test/java/li/strolch/service/test/AbstractRealmServiceTest.java
View File

@ -75,7 +75,7 @@ public abstract class AbstractRealmServiceTest {
runtimeMock.mockRuntime(rootPath, configSrc);
runtimeMock.startContainer();
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
importFromXml(REALM_CACHED, this.certificate, getServiceHandler());
importFromXml(REALM_TRANSACTIONAL, this.certificate, getServiceHandler());
}

2
li.strolch.service/src/test/java/li/strolch/service/test/GreetingServiceTest.java
View File

@ -37,7 +37,7 @@ public class GreetingServiceTest extends AbstractServiceTest {
GreetingArgument greetingArgument = new GreetingArgument();
greetingArgument.name = "Robert"; //$NON-NLS-1$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
try {
GreetingResult greetingResult = getServiceHandler().doService(certificate, greetingService,
greetingArgument);

2
li.strolch.service/src/test/java/li/strolch/service/test/LockingTest.java
View File

@ -72,7 +72,7 @@ public class LockingTest {
}
public static Certificate login() {
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
}
@Test

8
li.strolch.service/src/test/java/li/strolch/service/test/ServiceTest.java
View File

@ -74,7 +74,7 @@ public class ServiceTest extends AbstractServiceTest {
@Test
public void shouldFailWithNoAccess() {
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
try {
TestService testService = new TestService();
ServiceResult svcResult = getServiceHandler().doService(certificate, testService);
@ -88,7 +88,7 @@ public class ServiceTest extends AbstractServiceTest {
@Test
public void shouldNotFailWithAccess() {
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
try {
GreetingService service = new GreetingService();
GreetingArgument argument = new GreetingArgument();
@ -103,7 +103,7 @@ public class ServiceTest extends AbstractServiceTest {
@Test
public void shouldNotFailWithLogin1() {
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
try {
TestService testService = new TestService();
getServiceHandler().doService(certificate, testService);
@ -114,7 +114,7 @@ public class ServiceTest extends AbstractServiceTest {
@Test
public void shouldNotFailWithLogin2() {
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
try {
GreetingService service = new GreetingService();
GreetingArgument argument = new GreetingArgument();

2
li.strolch.service/src/test/java/li/strolch/service/test/XmlExportServiceTest.java
View File

@ -54,7 +54,7 @@ public class XmlExportServiceTest {
runtimeMock.mockRuntime(rootPath, configSrc);
runtimeMock.startContainer();
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
}
@AfterClass

8
li.strolch.service/src/test/resources/executiontest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.service/src/test/resources/executiontest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.service/src/test/resources/migrationstest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.service/src/test/resources/migrationstest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.service/src/test/resources/reporttest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.service/src/test/resources/reporttest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.service/src/test/resources/svctest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

4
li.strolch.service/src/test/resources/svctest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>
@ -15,7 +15,7 @@
<Role>AppUser</Role>
</Roles>
</User>
<User userId="3" username="admin" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="3" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.service/src/test/resources/transienttest/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

2
li.strolch.service/src/test/resources/transienttest/config/PrivilegeUsers.xml
View File

@ -6,7 +6,7 @@
<Role>agent</Role>
</Roles>
</User>
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
<Firstname>Application</Firstname>
<Lastname>Administrator</Lastname>
<State>ENABLED</State>

8
li.strolch.service/src/test/resources/withPrivilegeRuntime/config/PrivilegeConfig.xml
View File

@ -10,7 +10,13 @@
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
<!-- default iterations: 200000 -->
<Parameter name="hashIterations" value="10000" />
<!-- default key length: 256 -->
<Parameter name="hashKeyLength" value="256" />
</Parameters>
</EncryptionHandler>

Some files were not shown because too many files have changed in this diff Show More