[Major] Privilege passwords are now salted!
This commit is contained in:
parent
4a32d06371
commit
4c9e66876a
|
@ -126,7 +126,7 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
|
|||
}
|
||||
|
||||
@Override
|
||||
public Certificate authenticate(String username, byte[] password) {
|
||||
public Certificate authenticate(String username, char[] password) {
|
||||
assertContainerStarted();
|
||||
Certificate certificate = this.privilegeHandler.authenticate(username, password);
|
||||
StrolchRealm realm = getContainer().getRealm(certificate);
|
||||
|
|
|
@ -41,7 +41,7 @@ public interface PrivilegeHandler {
|
|||
*
|
||||
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, byte[])
|
||||
*/
|
||||
public Certificate authenticate(String username, byte[] password);
|
||||
public Certificate authenticate(String username, char[] password);
|
||||
|
||||
/**
|
||||
* Validate that the certificate is still valid
|
||||
|
|
|
@ -168,7 +168,7 @@ public class ComponentContainerTest {
|
|||
|
||||
private static Certificate login(StrolchAgent agent) {
|
||||
PrivilegeHandler privilegeHandler = agent.getContainer().getPrivilegeHandler();
|
||||
return privilegeHandler.authenticate("test", "test".getBytes());
|
||||
return privilegeHandler.authenticate("test", "test".toCharArray());
|
||||
}
|
||||
|
||||
public static void testPersistenceContainer(StrolchAgent agent) {
|
||||
|
|
|
@ -44,7 +44,7 @@ public class PolicyHandlerTest {
|
|||
PolicyHandler policyHandler = agent.getContainer().getComponent(PolicyHandler.class);
|
||||
|
||||
ComponentContainer container = agent.getContainer();
|
||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
try (StrolchTransaction tx = container.getRealm(StrolchConstants.DEFAULT_REALM).openTx(certificate,
|
||||
"test")) {
|
||||
|
||||
|
|
|
@ -43,7 +43,7 @@ public class EnumHandlerTest {
|
|||
|
||||
ComponentContainer container = agent.getContainer();
|
||||
|
||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
|
||||
EnumHandler enumHandler = container.getComponent(EnumHandler.class);
|
||||
StrolchEnum sexEnum = enumHandler.getEnum(certificate, "sex", Locale.ENGLISH);
|
||||
|
|
|
@ -52,7 +52,7 @@ public class FindByLocatorTest {
|
|||
runtimeMock = new RuntimeMock(PATH_FIND_BY_LOCATOR_RUNTIME, ComponentContainerTest.PATH_TRANSIENT_CONTAINER);
|
||||
runtimeMock.mockRuntime();
|
||||
runtimeMock.startContainer();
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -52,7 +52,7 @@ public class QueryTest {
|
|||
public static final String PATH_EMPTY_RUNTIME = "target/QueryTest/"; //$NON-NLS-1$
|
||||
|
||||
private Certificate login(ComponentContainer container) {
|
||||
return container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
return container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -18,7 +18,7 @@
|
|||
<Property name="realm" value="cached" />
|
||||
</Properties>
|
||||
</User>
|
||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -18,7 +18,7 @@
|
|||
<Property name="realm" value="cached" />
|
||||
</Properties>
|
||||
</User>
|
||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="transient" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="transient" password="cc6072ac76d018d95c964ca3d8d1d934a2bf66a369bdf2ff5a539bf23ecde11b" salt="7472616e7369656e74">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -18,7 +18,7 @@
|
|||
<Property name="realm" value="cached" />
|
||||
</Properties>
|
||||
</User>
|
||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -18,7 +18,7 @@ public abstract class PerformanceTest {
|
|||
@Test
|
||||
public void runPerformanceTestCached() {
|
||||
|
||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".getBytes());
|
||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".toCharArray());
|
||||
|
||||
ServiceHandler svcHandler = runtime().getServiceHandler();
|
||||
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
||||
|
@ -27,7 +27,7 @@ public abstract class PerformanceTest {
|
|||
@Test
|
||||
public void runPerformanceTestTransactional() {
|
||||
|
||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".getBytes());
|
||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".toCharArray());
|
||||
|
||||
ServiceHandler svcHandler = runtime().getServiceHandler();
|
||||
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
||||
|
|
|
@ -50,7 +50,7 @@ public class PerformanceTransientTest {
|
|||
@Test
|
||||
public void runPerformanceTest() {
|
||||
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".getBytes());
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".toCharArray());
|
||||
|
||||
ServiceHandler svcHandler = runtimeMock.getServiceHandler();
|
||||
svcHandler.doService(certificate, new PerformanceTestService(), new PerformanceTestArgument());
|
||||
|
|
|
@ -59,7 +59,7 @@ public class ActivityQueryTest extends QueryTest {
|
|||
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
||||
runtimeMock.startContainer();
|
||||
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||
ActivityMap activityMap = tx.getActivityMap();
|
||||
|
|
|
@ -100,7 +100,7 @@ public class AuditQueryTest {
|
|||
cal.set(2000, 11, 1);
|
||||
future = cal.getTime();
|
||||
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||
int i = 0;
|
||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||
|
|
|
@ -120,7 +120,7 @@ public class ObserverUpdateTest {
|
|||
realm.getObserverHandler().registerObserver(Tags.RESOURCE, observer);
|
||||
|
||||
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
||||
Certificate certificate = privilegeHandler.authenticate("test", "test".getBytes()); //$NON-NLS-1$ //$NON-NLS-2$
|
||||
Certificate certificate = privilegeHandler.authenticate("test", "test".toCharArray()); //$NON-NLS-1$ //$NON-NLS-2$
|
||||
|
||||
// create order
|
||||
Order newOrder = createOrder("MyTestOrder", "Test Name", "TestType", new Date(), State.CREATED); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$
|
||||
|
|
|
@ -78,7 +78,7 @@ public class OrderQueryTest extends QueryTest {
|
|||
cal.set(2000, 11, 1);
|
||||
future = cal.getTime();
|
||||
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||
OrderMap orderMap = tx.getOrderMap();
|
||||
|
|
|
@ -82,7 +82,7 @@ public class RealmTest extends AbstractModelTest {
|
|||
String type = "Bla"; //$NON-NLS-1$
|
||||
|
||||
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
||||
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.getBytes());
|
||||
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.toCharArray());
|
||||
|
||||
{
|
||||
StrolchRealm firstRealm = runtimeMock.getRealm(FIRST);
|
||||
|
|
|
@ -55,7 +55,7 @@ public class ResourceDaoTest extends QueryTest {
|
|||
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
||||
runtimeMock.startContainer();
|
||||
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
||||
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -20,7 +20,7 @@
|
|||
</Properties>
|
||||
</User>
|
||||
|
||||
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
|
||||
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
|
||||
<Firstname>Bob</Firstname>
|
||||
<Lastname>Bernstein</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -30,7 +30,7 @@
|
|||
</Roles>
|
||||
|
||||
</User>
|
||||
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
|
||||
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
|
||||
<Firstname>Jill</Firstname>
|
||||
<Lastname>Johnson</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -40,7 +40,7 @@
|
|||
</Roles>
|
||||
|
||||
</User>
|
||||
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
|
||||
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
|
||||
<Firstname>System User</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>SYSTEM</State>
|
||||
|
|
|
@ -15,7 +15,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -11,7 +11,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Users>
|
||||
|
||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
||||
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Users>
|
||||
|
||||
<User userId="1" username="userA" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
||||
<User userId="1" username="userA" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>System User</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -12,7 +12,7 @@
|
|||
</Roles>
|
||||
</User>
|
||||
|
||||
<User userId="2" username="userB" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
||||
<User userId="2" username="userB" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>System User</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -0,0 +1,80 @@
|
|||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.SecureRandom;
|
||||
import java.text.MessageFormat;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
|
||||
public class Temp {
|
||||
|
||||
public static void main(String[] args) throws Exception {
|
||||
|
||||
for (int i = 0; i < 10; i++) {
|
||||
|
||||
long start = System.nanoTime();
|
||||
|
||||
byte[] bytes = new byte[16];
|
||||
SecureRandom secureRandom = new SecureRandom();
|
||||
secureRandom.nextBytes(bytes);
|
||||
String token = getHexString(bytes);
|
||||
System.out.println(token);
|
||||
|
||||
String algorithm = "PBKDF2WithHmacSHA512";
|
||||
char[] password = "admin".toCharArray();
|
||||
byte[] salt = "admin".getBytes();
|
||||
int iterations = 10000;
|
||||
int keyLength = 256;
|
||||
|
||||
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
|
||||
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keyLength);
|
||||
SecretKey key = skf.generateSecret(spec);
|
||||
byte[] res = key.getEncoded();
|
||||
|
||||
System.out.println("Password hash: " + getHexString(res));
|
||||
System.out.println("Salt: " + getHexString(salt));
|
||||
|
||||
long end = System.nanoTime();
|
||||
System.out.println("Took: " + formatNanoDuration(end - start));
|
||||
}
|
||||
}
|
||||
|
||||
public static String getHexString(byte[] raw) throws RuntimeException {
|
||||
try {
|
||||
byte[] hex = new byte[2 * raw.length];
|
||||
int index = 0;
|
||||
|
||||
for (byte b : raw) {
|
||||
int v = b & 0xFF;
|
||||
hex[index++] = HEX_CHAR_TABLE[v >>> 4];
|
||||
hex[index++] = HEX_CHAR_TABLE[v & 0xF];
|
||||
}
|
||||
|
||||
return new String(hex, "ASCII"); //$NON-NLS-1$
|
||||
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
String msg = MessageFormat.format("Something went wrong while converting to HEX: {0}", e.getMessage()); //$NON-NLS-1$
|
||||
throw new RuntimeException(msg, e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String formatNanoDuration(final long nanos) {
|
||||
if (nanos >= 3600000000000L) {
|
||||
return String.format("%.0fh", (nanos / 3600000000000.0D)); //$NON-NLS-1$
|
||||
} else if (nanos >= 60000000000L) {
|
||||
return String.format("%.0fm", (nanos / 60000000000.0D)); //$NON-NLS-1$
|
||||
} else if (nanos >= 1000000000L) {
|
||||
return String.format("%.0fs", (nanos / 1000000000.0D)); //$NON-NLS-1$
|
||||
} else if (nanos >= 1000000L) {
|
||||
return String.format("%.0fms", (nanos / 1000000.0D)); //$NON-NLS-1$
|
||||
} else if (nanos >= 1000L) {
|
||||
return String.format("%.0fus", (nanos / 1000.0D)); //$NON-NLS-1$
|
||||
} else {
|
||||
return nanos + "ns"; //$NON-NLS-1$
|
||||
}
|
||||
}
|
||||
|
||||
private static final byte[] HEX_CHAR_TABLE = { (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4',
|
||||
(byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd',
|
||||
(byte) 'e', (byte) 'f' };
|
||||
}
|
|
@ -15,13 +15,17 @@
|
|||
*/
|
||||
package li.strolch.privilege.handler;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.text.MessageFormat;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.crypto.SecretKey;
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
|
@ -37,7 +41,7 @@ import li.strolch.utils.helper.StringHelper;
|
|||
*
|
||||
* Required parameters:
|
||||
* <ul>
|
||||
* <li> {@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
|
||||
* <li>{@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
|
||||
* </ul>
|
||||
*
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
|
@ -55,40 +59,47 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
|
|||
private SecureRandom secureRandom;
|
||||
|
||||
/**
|
||||
* The configured hash algorithm for this instance
|
||||
* The configured algorithm for this instance
|
||||
*/
|
||||
private String hashAlgorithm;
|
||||
private String algorithm;
|
||||
|
||||
@Override
|
||||
public String convertToHash(String string) {
|
||||
return convertToHash(string.getBytes());
|
||||
}
|
||||
/**
|
||||
* The number of iterations to perform the hashing with
|
||||
*/
|
||||
private int iterations;
|
||||
|
||||
@Override
|
||||
public String convertToHash(byte[] bytes) {
|
||||
try {
|
||||
|
||||
return StringHelper.hashAsHex(this.hashAlgorithm, bytes);
|
||||
|
||||
} catch (RuntimeException e) {
|
||||
if (e.getCause() == null)
|
||||
throw e;
|
||||
if (e.getCause().getClass().equals(NoSuchAlgorithmException.class))
|
||||
throw new PrivilegeException(
|
||||
MessageFormat.format("Algorithm {0} was not found!", this.hashAlgorithm), e.getCause()); //$NON-NLS-1$
|
||||
if (e.getCause().getClass().equals(UnsupportedEncodingException.class))
|
||||
throw new PrivilegeException("Charset ASCII is not supported!", e.getCause()); //$NON-NLS-1$
|
||||
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
/**
|
||||
* The length of the secure key for the hashing
|
||||
*/
|
||||
private int keyLength;
|
||||
|
||||
@Override
|
||||
public String nextToken() {
|
||||
byte[] bytes = new byte[16];
|
||||
this.secureRandom.nextBytes(bytes);
|
||||
String randomString = new String(bytes);
|
||||
return randomString;
|
||||
return StringHelper.getHexString(bytes);
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] nextSalt() {
|
||||
byte[] bytes = new byte[32];
|
||||
this.secureRandom.nextBytes(bytes);
|
||||
return bytes;
|
||||
}
|
||||
|
||||
@Override
|
||||
public byte[] hashPassword(char[] password, byte[] salt) {
|
||||
|
||||
try {
|
||||
SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
|
||||
PBEKeySpec spec = new PBEKeySpec(password, salt, this.iterations, this.keyLength);
|
||||
SecretKey key = skf.generateSecret(spec);
|
||||
byte[] res = key.getEncoded();
|
||||
return res;
|
||||
|
||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
||||
throw new IllegalStateException(e);
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
|
@ -97,18 +108,14 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
|
|||
this.secureRandom = new SecureRandom();
|
||||
|
||||
// get hash algorithm parameters
|
||||
this.hashAlgorithm = parameterMap.get(XmlConstants.XML_PARAM_HASH_ALGORITHM);
|
||||
if (this.hashAlgorithm == null || this.hashAlgorithm.isEmpty()) {
|
||||
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
||||
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM);
|
||||
throw new PrivilegeException(msg);
|
||||
}
|
||||
this.algorithm = parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ALGORITHM, "PBKDF2WithHmacSHA512");
|
||||
this.iterations = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ITERATIONS, "200000"));
|
||||
this.keyLength = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "256"));
|
||||
|
||||
// test hash algorithm
|
||||
try {
|
||||
convertToHash("test"); //$NON-NLS-1$
|
||||
DefaultEncryptionHandler.logger.info(MessageFormat
|
||||
.format("Using hashing algorithm {0}", this.hashAlgorithm)); //$NON-NLS-1$
|
||||
hashPassword("test".toCharArray(), "test".getBytes()); //$NON-NLS-1$
|
||||
DefaultEncryptionHandler.logger.info(MessageFormat.format("Using hashing algorithm {0}", this.algorithm)); //$NON-NLS-1$
|
||||
} catch (Exception e) {
|
||||
String msg = "[{0}] Defined parameter {1} is invalid because of underlying exception: {2}"; //$NON-NLS-1$
|
||||
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM,
|
||||
|
|
|
@ -404,7 +404,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
@Override
|
||||
public UserRep addUser(Certificate certificate, UserRep userRepParam, byte[] password) {
|
||||
public UserRep addUser(Certificate certificate, UserRep userRepParam, char[] password) {
|
||||
try {
|
||||
|
||||
// validate user actually has this type of privilege
|
||||
|
@ -433,18 +433,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
||||
}
|
||||
|
||||
String passwordHash = null;
|
||||
byte[] passwordHash = null;
|
||||
byte[] salt = null;
|
||||
if (password != null) {
|
||||
|
||||
// validate password meets basic requirements
|
||||
validatePassword(password);
|
||||
|
||||
// get new salt for user
|
||||
salt = this.encryptionHandler.nextSalt();
|
||||
|
||||
// hash password
|
||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
||||
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||
}
|
||||
|
||||
// create new user
|
||||
User newUser = createUser(userRep, passwordHash);
|
||||
User newUser = createUser(userRep, passwordHash, salt);
|
||||
|
||||
// detect privilege conflicts
|
||||
assertNoPrivilegeConflict(newUser);
|
||||
|
@ -465,7 +469,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
@Override
|
||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password) {
|
||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password) {
|
||||
try {
|
||||
|
||||
// validate user actually has this type of privilege
|
||||
|
@ -491,17 +495,21 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
||||
}
|
||||
|
||||
String passwordHash = null;
|
||||
byte[] passwordHash = null;
|
||||
byte[] salt = null;
|
||||
if (password != null) {
|
||||
|
||||
// validate password meets basic requirements
|
||||
validatePassword(password);
|
||||
|
||||
// get new salt for user
|
||||
salt = this.encryptionHandler.nextSalt();
|
||||
|
||||
// hash password
|
||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
||||
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||
}
|
||||
|
||||
User newUser = createUser(userRep, passwordHash);
|
||||
User newUser = createUser(userRep, passwordHash, salt);
|
||||
|
||||
// detect privilege conflicts
|
||||
assertNoPrivilegeConflict(newUser);
|
||||
|
@ -532,8 +540,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
}
|
||||
|
||||
private User createUser(UserRep userRep, String passwordHash) {
|
||||
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
|
||||
private User createUser(UserRep userRep, byte[] passwordHash, byte[] salt) {
|
||||
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, salt, userRep.getFirstname(),
|
||||
userRep.getLastname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
|
||||
userRep.getPropertyMap());
|
||||
return user;
|
||||
|
@ -563,7 +571,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
String userId = existingUser.getUserId();
|
||||
String username = existingUser.getUsername();
|
||||
String password = existingUser.getPassword();
|
||||
byte[] password = existingUser.getPassword();
|
||||
byte[] salt = existingUser.getSalt();
|
||||
String firstname = existingUser.getFirstname();
|
||||
String lastname = existingUser.getLastname();
|
||||
UserState userState = existingUser.getUserState();
|
||||
|
@ -582,7 +591,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
propertyMap = userRep.getPropertyMap();
|
||||
|
||||
// create new user
|
||||
User newUser = new User(userId, username, password, firstname, lastname, userState, roles, locale, propertyMap);
|
||||
User newUser = new User(userId, username, password, salt, firstname, lastname, userState, roles, locale,
|
||||
propertyMap);
|
||||
|
||||
// detect privilege conflicts
|
||||
assertNoPrivilegeConflict(newUser);
|
||||
|
@ -657,8 +667,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
newRoles.add(roleName);
|
||||
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
|
||||
existingUser.getLocale(), existingUser.getProperties());
|
||||
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
|
||||
|
||||
// detect privilege conflicts
|
||||
assertNoPrivilegeConflict(newUser);
|
||||
|
@ -699,8 +709,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
Set<String> newRoles = new HashSet<>(currentRoles);
|
||||
newRoles.remove(roleName);
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
|
||||
existingUser.getLocale(), existingUser.getProperties());
|
||||
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
|
||||
|
||||
// delegate user replacement to persistence handler
|
||||
this.persistenceHandler.replaceUser(newUser);
|
||||
|
@ -725,8 +735,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
// create new user
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
|
||||
existingUser.getRoles(), locale, existingUser.getProperties());
|
||||
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||
existingUser.getUserState(), existingUser.getRoles(), locale, existingUser.getProperties());
|
||||
|
||||
// if the user is not setting their own locale, then make sure this user may set this user's locale
|
||||
if (!certificate.getUsername().equals(username)) {
|
||||
|
@ -747,7 +757,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
@Override
|
||||
public void setUserPassword(Certificate certificate, String username, byte[] password) {
|
||||
public void setUserPassword(Certificate certificate, String username, char[] password) {
|
||||
try {
|
||||
|
||||
// validate user actually has this type of privilege
|
||||
|
@ -760,18 +770,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new PrivilegeException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||
}
|
||||
|
||||
String passwordHash = null;
|
||||
byte[] passwordHash = null;
|
||||
byte[] salt = null;
|
||||
if (password != null) {
|
||||
|
||||
// validate password meets basic requirements
|
||||
validatePassword(password);
|
||||
|
||||
// get new salt for user
|
||||
salt = this.encryptionHandler.nextSalt();
|
||||
|
||||
// hash password
|
||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
||||
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||
}
|
||||
|
||||
// create new user
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash,
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash, salt,
|
||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
|
||||
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
|
||||
|
||||
|
@ -815,8 +829,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
// create new user
|
||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||
existingUser.getFirstname(), existingUser.getLastname(), state, existingUser.getRoles(),
|
||||
existingUser.getLocale(), existingUser.getProperties());
|
||||
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(), state,
|
||||
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
|
||||
|
||||
// validate that this user may modify this user's state
|
||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_STATE, new Tuple(existingUser, newUser)));
|
||||
|
@ -1059,7 +1073,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
|
||||
// validate the response
|
||||
UserChallenge userChallenge = this.userChallengeHandler.validateResponse(user, challenge);
|
||||
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
|
||||
String authToken = this.encryptionHandler.nextToken();
|
||||
String sessionId = UUID.randomUUID().toString();
|
||||
|
||||
// create a new certificate, with details of the user
|
||||
|
@ -1077,7 +1091,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
@Override
|
||||
public Certificate authenticate(String username, byte[] password) {
|
||||
public Certificate authenticate(String username, char[] password) {
|
||||
|
||||
try {
|
||||
// username must be at least 2 characters in length
|
||||
|
@ -1097,7 +1111,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
// get 2 auth tokens
|
||||
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
|
||||
String authToken = this.encryptionHandler.nextToken();
|
||||
|
||||
// get next session id
|
||||
String sessionId = UUID.randomUUID().toString();
|
||||
|
@ -1232,15 +1246,12 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
* @throws InvalidCredentialsException
|
||||
* if the given credentials are invalid, the user does not exist, or has no password set
|
||||
*/
|
||||
private User checkCredentialsAndUserState(String username, byte[] password)
|
||||
private User checkCredentialsAndUserState(String username, char[] password)
|
||||
throws InvalidCredentialsException, AccessDeniedException {
|
||||
|
||||
// and validate the password
|
||||
validatePassword(password);
|
||||
|
||||
// we only work with hashed passwords
|
||||
String passwordHash = this.encryptionHandler.convertToHash(password);
|
||||
|
||||
// get user object
|
||||
User user = this.persistenceHandler.getUser(username);
|
||||
// no user means no authentication
|
||||
|
@ -1256,14 +1267,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new InvalidCredentialsException(msg);
|
||||
}
|
||||
|
||||
// validate password
|
||||
String pwHash = user.getPassword();
|
||||
if (pwHash == null)
|
||||
throw new AccessDeniedException(
|
||||
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
||||
if (!pwHash.equals(passwordHash))
|
||||
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
||||
|
||||
// validate if user is allowed to login
|
||||
// this also capture the trying to login of SYSTEM user
|
||||
if (user.getUserState() != UserState.ENABLED) {
|
||||
|
@ -1272,6 +1275,25 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
throw new AccessDeniedException(msg);
|
||||
}
|
||||
|
||||
byte[] pwHash = user.getPassword();
|
||||
if (pwHash == null)
|
||||
throw new AccessDeniedException(
|
||||
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
||||
byte[] salt = user.getSalt();
|
||||
if (salt == null)
|
||||
throw new AccessDeniedException(MessageFormat.format("User {0} has no salt and may not login!", salt)); //$NON-NLS-1$
|
||||
|
||||
// we only work with hashed passwords
|
||||
byte[] passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||
|
||||
logger.info("New hash: " + StringHelper.getHexString(passwordHash));
|
||||
logger.info("User hash: " + StringHelper.getHexString(pwHash));
|
||||
logger.info("User salt: " + StringHelper.getHexString(salt));
|
||||
|
||||
// validate password
|
||||
if (!Arrays.equals(passwordHash, pwHash))
|
||||
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
||||
|
||||
return user;
|
||||
}
|
||||
|
||||
|
@ -1426,10 +1448,10 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
/**
|
||||
* This simple implementation validates that the password is not null, and that the password string is not empty
|
||||
*
|
||||
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(byte[])
|
||||
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(char[])
|
||||
*/
|
||||
@Override
|
||||
public void validatePassword(byte[] password) throws PrivilegeException {
|
||||
public void validatePassword(char[] password) throws PrivilegeException {
|
||||
|
||||
if (password == null || password.length == 0) {
|
||||
throw new PrivilegeException("A password may not be empty!"); //$NON-NLS-1$
|
||||
|
@ -1708,13 +1730,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* Passwords should not be kept as strings, as string are immutable, this method thus clears the byte array so that
|
||||
* Passwords should not be kept as strings, as string are immutable, this method thus clears the char array so that
|
||||
* the password is not in memory anymore
|
||||
*
|
||||
* @param password
|
||||
* the byte array containing the passwort which is to be set to zeroes
|
||||
* the char array containing the passwort which is to be set to zeroes
|
||||
*/
|
||||
private void clearPassword(byte[] password) {
|
||||
private void clearPassword(char[] password) {
|
||||
if (password != null) {
|
||||
for (int i = 0; i < password.length; i++) {
|
||||
password[i] = 0;
|
||||
|
@ -1797,7 +1819,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
|||
}
|
||||
|
||||
// validate password
|
||||
String pwHash = user.getPassword();
|
||||
byte[] pwHash = user.getPassword();
|
||||
if (pwHash != null) {
|
||||
String msg = MessageFormat.format("System users must not have a password: {0}", systemUsername); //$NON-NLS-1$
|
||||
throw new AccessDeniedException(msg);
|
||||
|
|
|
@ -26,29 +26,30 @@ import java.util.Map;
|
|||
public interface EncryptionHandler {
|
||||
|
||||
/**
|
||||
* Calculates or generates a token which can be used to identify certificates and so forth
|
||||
* Generates a token which can be used to identify certificates and so forth
|
||||
*
|
||||
* @return the secure token
|
||||
* @return a new token
|
||||
*/
|
||||
public String nextToken();
|
||||
|
||||
/**
|
||||
* Converts a given string, e.g. a password to a hash which is defined by the concrete implementation
|
||||
* Generates a token which can be used to identify certificates and so forth
|
||||
*
|
||||
* @param string
|
||||
* the string to convert
|
||||
* @return the hash of the string after converting
|
||||
* @return a new token
|
||||
*/
|
||||
public String convertToHash(String string);
|
||||
public byte[] nextSalt();
|
||||
|
||||
/**
|
||||
* Converts a given byte array, e.g. a password to a hash which is defined by the concrete implementation
|
||||
* Hashes the given password with the given salt with the configured algorithm
|
||||
*
|
||||
* @param bytes
|
||||
* the bytes to convert
|
||||
* @return the hash of the string after converting
|
||||
* @param password
|
||||
* the password
|
||||
* @param salt
|
||||
* the salt
|
||||
*
|
||||
* @return the hashed password
|
||||
*/
|
||||
public String convertToHash(byte[] bytes);
|
||||
public byte[] hashPassword(final char[] password, final byte[] salt);
|
||||
|
||||
/**
|
||||
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the
|
||||
|
|
|
@ -331,7 +331,7 @@ public interface PrivilegeHandler {
|
|||
*
|
||||
* <p>
|
||||
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
|
||||
* </p>
|
||||
*
|
||||
* @param certificate
|
||||
|
@ -341,14 +341,14 @@ public interface PrivilegeHandler {
|
|||
* @param password
|
||||
* the password of the new user. If the password is null, then this is accepted but the user can not
|
||||
* login, otherwise the password must be validated against
|
||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user for this certificate may not perform the action
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate or the user already exists
|
||||
*/
|
||||
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password)
|
||||
public UserRep addUser(Certificate certificate, UserRep userRep, char[] password)
|
||||
throws AccessDeniedException, PrivilegeException;
|
||||
|
||||
/**
|
||||
|
@ -390,7 +390,7 @@ public interface PrivilegeHandler {
|
|||
*
|
||||
* <p>
|
||||
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
|
||||
* </p>
|
||||
*
|
||||
* @param certificate
|
||||
|
@ -400,14 +400,14 @@ public interface PrivilegeHandler {
|
|||
* @param password
|
||||
* the password of the new user. If the password is null, then this is accepted but the user can not
|
||||
* login, otherwise the password must be validated against
|
||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user for this certificate may not perform the action
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate or if the user does not exist
|
||||
*/
|
||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password)
|
||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password)
|
||||
throws AccessDeniedException, PrivilegeException;
|
||||
|
||||
/**
|
||||
|
@ -481,7 +481,7 @@ public interface PrivilegeHandler {
|
|||
* <p>
|
||||
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
|
||||
* can not login anymore. Otherwise the password must meet the requirements of the implementation under
|
||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
|
@ -495,14 +495,14 @@ public interface PrivilegeHandler {
|
|||
* @param password
|
||||
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
|
||||
* Otherwise the password must meet the requirements of the implementation under
|
||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
||||
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user for this certificate may not perform the action
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public void setUserPassword(Certificate certificate, String username, byte[] password)
|
||||
public void setUserPassword(Certificate certificate, String username, char[] password)
|
||||
throws AccessDeniedException, PrivilegeException;
|
||||
|
||||
/**
|
||||
|
@ -575,14 +575,14 @@ public interface PrivilegeHandler {
|
|||
* the username of the {@link User} which is registered in the {@link PersistenceHandler}
|
||||
* @param password
|
||||
* the password with which this user is to be authenticated. Null passwords are not accepted and they
|
||||
* must meet the requirements of the {@link #validatePassword(byte[])}-method
|
||||
* must meet the requirements of the {@link #validatePassword(char[])}-method
|
||||
*
|
||||
* @return a {@link Certificate} with which this user may then perform actions
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
public Certificate authenticate(String username, byte[] password) throws AccessDeniedException;
|
||||
public Certificate authenticate(String username, char[] password) throws AccessDeniedException;
|
||||
|
||||
/**
|
||||
* Invalidates the session for the given {@link Certificate}, effectively logging out the user who was authenticated
|
||||
|
@ -630,7 +630,7 @@ public interface PrivilegeHandler {
|
|||
* @throws PrivilegeException
|
||||
* if the password does not implement the requirement of the concrete implementation
|
||||
*/
|
||||
public void validatePassword(byte[] password) throws PrivilegeException;
|
||||
public void validatePassword(char[] password) throws PrivilegeException;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
|
|
|
@ -1,123 +0,0 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.privilege.helper;
|
||||
|
||||
import java.awt.Dimension;
|
||||
import java.awt.GridLayout;
|
||||
import java.awt.Toolkit;
|
||||
import java.awt.event.ActionEvent;
|
||||
import java.awt.event.ActionListener;
|
||||
import java.awt.event.KeyEvent;
|
||||
import java.awt.event.KeyListener;
|
||||
|
||||
import javax.swing.JButton;
|
||||
import javax.swing.JComboBox;
|
||||
import javax.swing.JFrame;
|
||||
import javax.swing.JLabel;
|
||||
import javax.swing.JPasswordField;
|
||||
import javax.swing.JTextField;
|
||||
import javax.swing.SwingConstants;
|
||||
|
||||
import li.strolch.utils.helper.StringHelper;
|
||||
|
||||
/**
|
||||
* Simple Swing UI to create passwords
|
||||
*
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
@SuppressWarnings("nls")
|
||||
public class PasswordCreaterUI {
|
||||
|
||||
/**
|
||||
* Launches the UI
|
||||
*
|
||||
* @param args
|
||||
* not used
|
||||
*/
|
||||
public static void main(String[] args) {
|
||||
|
||||
JFrame.setDefaultLookAndFeelDecorated(true);
|
||||
|
||||
JFrame frame = new JFrame();
|
||||
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
||||
frame.setTitle("Password creator");
|
||||
frame.setLayout(new GridLayout(4, 2));
|
||||
|
||||
JLabel digest = new JLabel("Digest:", SwingConstants.RIGHT);
|
||||
JLabel password = new JLabel("Password:", SwingConstants.RIGHT);
|
||||
JLabel hash = new JLabel("Hash:", SwingConstants.RIGHT);
|
||||
|
||||
String[] digests = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512" };
|
||||
final JComboBox<String> digestCombo = new JComboBox<>(digests);
|
||||
digestCombo.setSelectedIndex(3);
|
||||
final JPasswordField passwordField = new JPasswordField();
|
||||
final JTextField hashField = new JTextField(150);
|
||||
|
||||
JButton digestBtn = new JButton("Digest");
|
||||
|
||||
passwordField.addKeyListener(new KeyListener() {
|
||||
|
||||
@Override
|
||||
public void keyTyped(KeyEvent e) {
|
||||
//
|
||||
}
|
||||
|
||||
@Override
|
||||
public void keyReleased(KeyEvent e) {
|
||||
//
|
||||
}
|
||||
|
||||
@Override
|
||||
public void keyPressed(KeyEvent e) {
|
||||
hashField.setText("");
|
||||
}
|
||||
});
|
||||
digestBtn.addActionListener(new ActionListener() {
|
||||
|
||||
@Override
|
||||
public void actionPerformed(ActionEvent e) {
|
||||
|
||||
try {
|
||||
String digest = (String) digestCombo.getSelectedItem();
|
||||
char[] passwordChar = passwordField.getPassword();
|
||||
String password = new String(passwordChar);
|
||||
String hash = StringHelper.hashAsHex(digest, password);
|
||||
hashField.setText(hash);
|
||||
} catch (Exception e1) {
|
||||
e1.printStackTrace();
|
||||
hashField.setText("Failed: " + e1.getLocalizedMessage());
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
frame.add(digest);
|
||||
frame.add(digestCombo);
|
||||
frame.add(password);
|
||||
frame.add(passwordField);
|
||||
frame.add(hash);
|
||||
frame.add(hashField);
|
||||
frame.add(new JLabel());
|
||||
frame.add(digestBtn);
|
||||
|
||||
Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
|
||||
int width = 500;
|
||||
int height = 160;
|
||||
frame.setSize(width, height);
|
||||
frame.setLocation(screenSize.width / 2 - width, screenSize.height / 2 - height);
|
||||
|
||||
frame.setVisible(true);
|
||||
}
|
||||
}
|
|
@ -17,8 +17,12 @@ package li.strolch.privilege.helper;
|
|||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.InputStreamReader;
|
||||
import java.security.MessageDigest;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
|
||||
import li.strolch.privilege.handler.DefaultEncryptionHandler;
|
||||
import li.strolch.utils.helper.StringHelper;
|
||||
|
||||
/**
|
||||
|
@ -26,10 +30,6 @@ import li.strolch.utils.helper.StringHelper;
|
|||
* Simple main class which can be used to create a hash from a password which the user must type in at the command line
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* TODO: Note: currently the password input is echoed which is a security risk
|
||||
* </p>
|
||||
*
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
public class PasswordCreator {
|
||||
|
@ -47,26 +47,82 @@ public class PasswordCreator {
|
|||
|
||||
String hashAlgorithm = null;
|
||||
while (hashAlgorithm == null) {
|
||||
System.out.print("Hash Algorithm [SHA-256]: ");
|
||||
System.out.print("Hash Algorithm [PBKDF2WithHmacSHA512]: ");
|
||||
String readLine = r.readLine().trim();
|
||||
|
||||
if (readLine.isEmpty()) {
|
||||
hashAlgorithm = "SHA-256";
|
||||
hashAlgorithm = "PBKDF2WithHmacSHA512";
|
||||
} else {
|
||||
|
||||
try {
|
||||
MessageDigest.getInstance(readLine);
|
||||
SecretKeyFactory.getInstance(readLine);
|
||||
hashAlgorithm = readLine;
|
||||
} catch (Exception e) {
|
||||
System.out.println(e.getLocalizedMessage());
|
||||
System.err.println(e.getLocalizedMessage());
|
||||
hashAlgorithm = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
System.out.print("Password: ");
|
||||
String password = r.readLine().trim();
|
||||
System.out.print("Hash is: " + StringHelper.hashAsHex(hashAlgorithm, password));
|
||||
}
|
||||
int iterations = -1;
|
||||
while (iterations == -1) {
|
||||
System.out.print("Hash iterations [200000]: ");
|
||||
String readLine = r.readLine().trim();
|
||||
|
||||
if (readLine.isEmpty()) {
|
||||
iterations = 200000;
|
||||
} else {
|
||||
|
||||
try {
|
||||
iterations = Integer.parseInt(readLine);
|
||||
} catch (Exception e) {
|
||||
System.err.println(e.getLocalizedMessage());
|
||||
iterations = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int keyLength = -1;
|
||||
while (keyLength == -1) {
|
||||
System.out.print("Hash keyLength [256]: ");
|
||||
String readLine = r.readLine().trim();
|
||||
|
||||
if (readLine.isEmpty()) {
|
||||
keyLength = 256;
|
||||
} else {
|
||||
|
||||
try {
|
||||
keyLength = Integer.parseInt(readLine);
|
||||
if (keyLength <= 0)
|
||||
throw new IllegalArgumentException("KeyLength must be > 0");
|
||||
} catch (Exception e) {
|
||||
System.err.println(e.getLocalizedMessage());
|
||||
keyLength = -1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
System.out.print("Password: ");
|
||||
char[] password = r.readLine().trim().toCharArray();
|
||||
System.out.print("Salt: ");
|
||||
String saltS = StringHelper.getHexString(r.readLine().trim().getBytes());
|
||||
byte[] salt = StringHelper.fromHexString(saltS);
|
||||
|
||||
Map<String, String> parameterMap = new HashMap<>();
|
||||
parameterMap.put(XmlConstants.XML_PARAM_HASH_ALGORITHM, hashAlgorithm);
|
||||
parameterMap.put(XmlConstants.XML_PARAM_HASH_ITERATIONS, "" + iterations);
|
||||
parameterMap.put(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "" + keyLength);
|
||||
|
||||
DefaultEncryptionHandler encryptionHandler = new DefaultEncryptionHandler();
|
||||
encryptionHandler.initialize(parameterMap);
|
||||
|
||||
byte[] passwordHash = encryptionHandler.hashPassword(password, salt);
|
||||
String passwordHashS = StringHelper.getHexString(passwordHash);
|
||||
System.out.println("Hash is: " + passwordHashS);
|
||||
System.out.println("Salt is: " + saltS);
|
||||
System.out.println();
|
||||
|
||||
System.out.println(XmlConstants.XML_ATTR_PASSWORD + "=\"" + passwordHashS + "\" " + XmlConstants.XML_ATTR_SALT
|
||||
+ "=\"" + saltS + "\"");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -233,11 +233,26 @@ public class XmlConstants {
|
|||
*/
|
||||
public static final String XML_ATTR_PASSWORD = "password";
|
||||
|
||||
/**
|
||||
* XML_ATTR_SALT = "salt" :
|
||||
*/
|
||||
public static final String XML_ATTR_SALT = "salt";
|
||||
|
||||
/**
|
||||
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||
*/
|
||||
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
|
||||
|
||||
/**
|
||||
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||
*/
|
||||
public static final String XML_PARAM_HASH_ITERATIONS = "hashIterations";
|
||||
|
||||
/**
|
||||
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||
*/
|
||||
public static final String XML_PARAM_HASH_KEY_LENGTH = "hashKeyLength";
|
||||
|
||||
/**
|
||||
* XML_PARAM_USERS_FILE = "usersXmlFile" :
|
||||
*/
|
||||
|
|
|
@ -43,7 +43,8 @@ public final class User {
|
|||
private final String userId;
|
||||
|
||||
private final String username;
|
||||
private final String password;
|
||||
private final byte[] password;
|
||||
private final byte[] salt;
|
||||
|
||||
private final String firstname;
|
||||
private final String lastname;
|
||||
|
@ -78,7 +79,7 @@ public final class User {
|
|||
* @param propertyMap
|
||||
* a {@link Map} containing string value pairs of properties for this user
|
||||
*/
|
||||
public User(String userId, String username, String password, String firstname, String lastname,
|
||||
public User(String userId, String username, byte[] password, byte[] salt, String firstname, String lastname,
|
||||
UserState userState, Set<String> roles, Locale locale, Map<String, String> propertyMap) {
|
||||
|
||||
if (StringHelper.isEmpty(userId)) {
|
||||
|
@ -107,7 +108,8 @@ public final class User {
|
|||
this.userId = userId;
|
||||
|
||||
this.username = username;
|
||||
this.password = StringHelper.isEmpty(password) ? null : password;
|
||||
this.password = password;
|
||||
this.salt = salt;
|
||||
this.userState = userState;
|
||||
|
||||
this.firstname = firstname;
|
||||
|
@ -148,10 +150,19 @@ public final class User {
|
|||
*
|
||||
* @return the hashed password for this {@link User}
|
||||
*/
|
||||
public String getPassword() {
|
||||
public byte[] getPassword() {
|
||||
return this.password;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the salt for this {@link User}
|
||||
*
|
||||
* @return the salt for this {@link User}
|
||||
*/
|
||||
public byte[] getSalt() {
|
||||
return this.salt;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the first name
|
||||
*/
|
||||
|
|
|
@ -59,8 +59,10 @@ public class PrivilegeUsersDomWriter {
|
|||
|
||||
userElement.setAttribute(XmlConstants.XML_ATTR_USER_ID, user.getUserId());
|
||||
userElement.setAttribute(XmlConstants.XML_ATTR_USERNAME, user.getUsername());
|
||||
if (StringHelper.isNotEmpty(user.getPassword()))
|
||||
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, user.getPassword());
|
||||
if (user.getPassword() != null)
|
||||
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, StringHelper.getHexString(user.getPassword()));
|
||||
if (user.getSalt() != null)
|
||||
userElement.setAttribute(XmlConstants.XML_ATTR_SALT, StringHelper.getHexString(user.getSalt()));
|
||||
|
||||
// add first name element
|
||||
if (StringHelper.isNotEmpty(user.getFirstname())) {
|
||||
|
|
|
@ -35,6 +35,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
|||
import li.strolch.privilege.helper.XmlConstants;
|
||||
import li.strolch.privilege.model.UserState;
|
||||
import li.strolch.privilege.model.internal.User;
|
||||
import li.strolch.utils.helper.StringHelper;
|
||||
|
||||
/**
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
|
@ -114,7 +115,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
|||
|
||||
String userId;
|
||||
String username;
|
||||
String password;
|
||||
byte[] password;
|
||||
byte[] salt;
|
||||
String firstName;
|
||||
String lastname;
|
||||
UserState userState;
|
||||
|
@ -135,7 +137,12 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
|||
if (qName.equals(XmlConstants.XML_USER)) {
|
||||
this.userId = attributes.getValue(XmlConstants.XML_ATTR_USER_ID);
|
||||
this.username = attributes.getValue(XmlConstants.XML_ATTR_USERNAME);
|
||||
this.password = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
|
||||
String passwordS = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
|
||||
if (!StringHelper.isEmpty(passwordS))
|
||||
this.password = StringHelper.fromHexString(passwordS);
|
||||
String saltS = attributes.getValue(XmlConstants.XML_ATTR_SALT);
|
||||
if (!StringHelper.isEmpty(saltS))
|
||||
this.salt = StringHelper.fromHexString(saltS);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -165,8 +172,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
|||
// NO-OP
|
||||
} else if (qName.equals(XmlConstants.XML_USER)) {
|
||||
|
||||
User user = new User(this.userId, this.username, this.password, this.firstName, this.lastname,
|
||||
this.userState, this.userRoles, this.locale, this.parameters);
|
||||
User user = new User(this.userId, this.username, this.password, this.salt, this.firstName,
|
||||
this.lastname, this.userState, this.userRoles, this.locale, this.parameters);
|
||||
logger.info(MessageFormat.format("New User: {0}", user)); //$NON-NLS-1$
|
||||
getUsers().add(user);
|
||||
} else {
|
||||
|
|
|
@ -22,7 +22,7 @@ public class AbstractPrivilegeTest {
|
|||
protected PrivilegeHandler privilegeHandler;
|
||||
protected PrivilegeContext ctx;
|
||||
|
||||
protected void login(String username, byte[] password) {
|
||||
protected void login(String username, char[] password) {
|
||||
Certificate certificate = privilegeHandler.authenticate(username, password);
|
||||
assertTrue("Certificate is null!", certificate != null);
|
||||
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
|
||||
|
|
|
@ -37,7 +37,7 @@ public class PersistSessionsTest extends AbstractPrivilegeTest {
|
|||
assertFalse("Sessions File should no yet exist", sessionsFile.exists());
|
||||
|
||||
// login and assert sessions file was written
|
||||
login("admin", "admin".getBytes());
|
||||
login("admin", "admin".toCharArray());
|
||||
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
|
||||
assertTrue("Sessions File should have been created!", sessionsFile.isFile());
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
|
|||
@Test
|
||||
public void shouldMergePrivileges1() {
|
||||
try {
|
||||
login("userA", "admin".getBytes());
|
||||
login("userA", "admin".toCharArray());
|
||||
IPrivilege privilege = this.ctx.getPrivilege("Foo");
|
||||
assertTrue(privilege.isAllAllowed());
|
||||
assertTrue(privilege.getAllowList().isEmpty());
|
||||
|
@ -65,7 +65,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
|
|||
@Test
|
||||
public void shouldMergePrivileges2() {
|
||||
try {
|
||||
login("userB", "admin".getBytes());
|
||||
login("userB", "admin".toCharArray());
|
||||
IPrivilege privilege = this.ctx.getPrivilege("Bar");
|
||||
assertFalse(privilege.isAllAllowed());
|
||||
assertEquals(2, privilege.getAllowList().size());
|
||||
|
|
|
@ -70,21 +70,21 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
|
|||
private static final String ROLE_PRIVILEGE_ADMIN = "PrivilegeAdmin";
|
||||
private static final String PRIVILEGE_USER_ACCESS = "UserAccessPrivilege";
|
||||
private static final String ADMIN = "admin";
|
||||
private static final byte[] PASS_ADMIN = "admin".getBytes();
|
||||
private static final char[] PASS_ADMIN = "admin".toCharArray();
|
||||
private static final String BOB = "bob";
|
||||
private static final String TED = "ted";
|
||||
private static final String SYSTEM_USER_ADMIN = "system_admin";
|
||||
private static final String SYSTEM_USER_ADMIN2 = "system_admin2";
|
||||
private static final byte[] PASS_BOB = "admin1".getBytes();
|
||||
private static final char[] PASS_BOB = "admin1".toCharArray();
|
||||
private static final String ROLE_APP_USER = "AppUser";
|
||||
private static final String ROLE_MY = "MyRole";
|
||||
private static final String ROLE_MY2 = "MyRole2";
|
||||
private static final String ROLE_CHANGE_PW = "changePw";
|
||||
private static final String ROLE_TEMP = "temp";
|
||||
private static final String ROLE_USER = "user";
|
||||
private static final byte[] PASS_DEF = "def".getBytes();
|
||||
private static final byte[] PASS_BAD = "123".getBytes();
|
||||
private static final byte[] PASS_TED = "12345".getBytes();
|
||||
private static final char[] PASS_DEF = "def".toCharArray();
|
||||
private static final char[] PASS_BAD = "123".toCharArray();
|
||||
private static final char[] PASS_TED = "12345".toCharArray();
|
||||
|
||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeTest.class);
|
||||
|
||||
|
@ -223,7 +223,7 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
|
|||
this.exception.expect(AccessDeniedException.class);
|
||||
this.exception.expectMessage("User system_admin is a system user and may not login!");
|
||||
try {
|
||||
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.getBytes());
|
||||
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.toCharArray());
|
||||
} finally {
|
||||
logout();
|
||||
}
|
||||
|
|
|
@ -129,7 +129,7 @@ public class XmlTest {
|
|||
|
||||
assertEquals(6, containerModel.getParameterMap().size());
|
||||
assertEquals(3, containerModel.getPolicies().size());
|
||||
assertEquals(1, containerModel.getEncryptionHandlerParameterMap().size());
|
||||
assertEquals(3, containerModel.getEncryptionHandlerParameterMap().size());
|
||||
assertEquals(3, containerModel.getPersistenceHandlerParameterMap().size());
|
||||
|
||||
// TODO extend assertions to actual model
|
||||
|
@ -184,7 +184,9 @@ public class XmlTest {
|
|||
User admin = findUser("admin", users);
|
||||
assertEquals("1", admin.getUserId());
|
||||
assertEquals("admin", admin.getUsername());
|
||||
assertEquals("8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918", admin.getPassword());
|
||||
assertEquals("cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344",
|
||||
StringHelper.getHexString(admin.getPassword()));
|
||||
assertEquals("61646d696e", StringHelper.getHexString(admin.getSalt()));
|
||||
assertEquals("Application", admin.getFirstname());
|
||||
assertEquals("Administrator", admin.getLastname());
|
||||
assertEquals(UserState.ENABLED, admin.getUserState());
|
||||
|
@ -200,6 +202,7 @@ public class XmlTest {
|
|||
assertEquals("2", systemAdmin.getUserId());
|
||||
assertEquals("system_admin", systemAdmin.getUsername());
|
||||
assertEquals(null, systemAdmin.getPassword());
|
||||
assertEquals(null, systemAdmin.getSalt());
|
||||
assertEquals("System User", systemAdmin.getFirstname());
|
||||
assertEquals("Administrator", systemAdmin.getLastname());
|
||||
assertEquals(UserState.SYSTEM, systemAdmin.getUserState());
|
||||
|
@ -264,9 +267,8 @@ public class XmlTest {
|
|||
Role systemAdminPrivileges = findRole("system_admin_privileges", roles);
|
||||
assertEquals("system_admin_privileges", systemAdminPrivileges.getName());
|
||||
assertEquals(2, systemAdminPrivileges.getPrivilegeNames().size());
|
||||
assertThat(systemAdminPrivileges.getPrivilegeNames(),
|
||||
containsInAnyOrder("li.strolch.privilege.handler.SystemAction",
|
||||
"li.strolch.privilege.test.model.TestSystemRestrictable"));
|
||||
assertThat(systemAdminPrivileges.getPrivilegeNames(), containsInAnyOrder(
|
||||
"li.strolch.privilege.handler.SystemAction", "li.strolch.privilege.test.model.TestSystemRestrictable"));
|
||||
|
||||
IPrivilege testSystemUserAction = systemAdminPrivileges
|
||||
.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
||||
|
@ -288,11 +290,9 @@ public class XmlTest {
|
|||
Role restrictedRole = findRole("restrictedRole", roles);
|
||||
assertEquals("restrictedRole", restrictedRole.getName());
|
||||
assertEquals(1, restrictedRole.getPrivilegeNames().size());
|
||||
assertThat(restrictedRole.getPrivilegeNames(),
|
||||
containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
|
||||
assertThat(restrictedRole.getPrivilegeNames(), containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
|
||||
|
||||
IPrivilege testSystemUserAction2 = restrictedRole
|
||||
.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
||||
IPrivilege testSystemUserAction2 = restrictedRole.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
||||
assertEquals("li.strolch.privilege.handler.SystemAction", testSystemUserAction2.getName());
|
||||
assertEquals("DefaultPrivilege", testSystemUserAction2.getPolicy());
|
||||
assertFalse(testSystemUserAction2.isAllAllowed());
|
||||
|
@ -341,16 +341,16 @@ public class XmlTest {
|
|||
propertyMap.put("prop1", "value1");
|
||||
userRoles = new HashSet<>();
|
||||
userRoles.add("role1");
|
||||
User user1 = new User("1", "user1", "blabla", "Bob", "White", UserState.DISABLED, userRoles, Locale.ENGLISH,
|
||||
propertyMap);
|
||||
User user1 = new User("1", "user1", "blabla".getBytes(), "blabla".getBytes(), "Bob", "White",
|
||||
UserState.DISABLED, userRoles, Locale.ENGLISH, propertyMap);
|
||||
users.add(user1);
|
||||
|
||||
propertyMap = new HashMap<>();
|
||||
propertyMap.put("prop2", "value2");
|
||||
userRoles = new HashSet<>();
|
||||
userRoles.add("role2");
|
||||
User user2 = new User("2", "user2", "haha", "Leonard", "Sheldon", UserState.ENABLED, userRoles, Locale.ENGLISH,
|
||||
propertyMap);
|
||||
User user2 = new User("2", "user2", "haha".getBytes(), "haha".getBytes(), "Leonard", "Sheldon",
|
||||
UserState.ENABLED, userRoles, Locale.ENGLISH, propertyMap);
|
||||
users.add(user2);
|
||||
|
||||
File modelFile = new File("./target/test/PrivilegeUsersTest.xml");
|
||||
|
@ -370,7 +370,8 @@ public class XmlTest {
|
|||
assertEquals(user1.getFirstname(), parsedUser1.getFirstname());
|
||||
assertEquals(user1.getLastname(), parsedUser1.getLastname());
|
||||
assertEquals(user1.getLocale(), parsedUser1.getLocale());
|
||||
assertEquals(user1.getPassword(), parsedUser1.getPassword());
|
||||
assertTrue(Arrays.equals(user1.getPassword(), parsedUser1.getPassword()));
|
||||
assertTrue(Arrays.equals(user1.getSalt(), parsedUser1.getSalt()));
|
||||
assertEquals(user1.getProperties(), parsedUser1.getProperties());
|
||||
assertEquals(user1.getUserId(), parsedUser1.getUserId());
|
||||
assertEquals(user1.getUserState(), parsedUser1.getUserState());
|
||||
|
@ -379,7 +380,8 @@ public class XmlTest {
|
|||
assertEquals(user2.getFirstname(), parsedUser2.getFirstname());
|
||||
assertEquals(user2.getLastname(), parsedUser2.getLastname());
|
||||
assertEquals(user2.getLocale(), parsedUser2.getLocale());
|
||||
assertEquals(user2.getPassword(), parsedUser2.getPassword());
|
||||
assertTrue(Arrays.equals(user2.getPassword(), parsedUser2.getPassword()));
|
||||
assertTrue(Arrays.equals(user2.getSalt(), parsedUser2.getSalt()));
|
||||
assertEquals(user2.getProperties(), parsedUser2.getProperties());
|
||||
assertEquals(user2.getUserId(), parsedUser2.getUserId());
|
||||
assertEquals(user2.getUserState(), parsedUser2.getUserState());
|
||||
|
|
|
@ -138,7 +138,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
|||
}
|
||||
|
||||
@Override
|
||||
public Certificate authenticate(String username, byte[] password) {
|
||||
public Certificate authenticate(String username, char[] password) {
|
||||
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
|
||||
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
|
||||
|
||||
|
|
|
@ -28,7 +28,7 @@ import li.strolch.rest.model.UserSession;
|
|||
*/
|
||||
public interface StrolchSessionHandler {
|
||||
|
||||
public Certificate authenticate(String username, byte[] password);
|
||||
public Certificate authenticate(String username, char[] password);
|
||||
|
||||
public Certificate validate(String authToken);
|
||||
|
||||
|
|
|
@ -92,7 +92,8 @@ public class AuthenticationService {
|
|||
sb.append("Password was not given!"); //$NON-NLS-1$
|
||||
}
|
||||
|
||||
byte[] password = passwordE == null ? new byte[] {} : Base64.getDecoder().decode(passwordE.getAsString());
|
||||
char[] password = passwordE == null ? new char[] {}
|
||||
: new String(Base64.getDecoder().decode(passwordE.getAsString())).toCharArray();
|
||||
if (password.length < 3) {
|
||||
if (sb.length() > 0)
|
||||
sb.append("\n");
|
||||
|
@ -295,7 +296,7 @@ public class AuthenticationService {
|
|||
String msg = "Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!";
|
||||
logger.warn(msg);
|
||||
}
|
||||
|
||||
|
||||
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
|
||||
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
|
||||
|
||||
|
|
|
@ -360,7 +360,7 @@ public class PrivilegeUsersService {
|
|||
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
|
||||
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
|
||||
arg.username = username;
|
||||
arg.password = Base64.getDecoder().decode(password);
|
||||
arg.password = new String(Base64.getDecoder().decode(password)).toCharArray();
|
||||
|
||||
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||
if (svcResult.isOk()) {
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
||||
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -20,7 +20,7 @@
|
|||
</Properties>
|
||||
</User>
|
||||
|
||||
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
|
||||
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
|
||||
<Firstname>Bob</Firstname>
|
||||
<Lastname>Bernstein</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -30,7 +30,7 @@
|
|||
</Roles>
|
||||
|
||||
</User>
|
||||
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
|
||||
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
|
||||
<Firstname>Jill</Firstname>
|
||||
<Lastname>Johnson</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -40,7 +40,7 @@
|
|||
</Roles>
|
||||
|
||||
</User>
|
||||
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
|
||||
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
|
||||
<Firstname>System User</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>SYSTEM</State>
|
||||
|
|
|
@ -20,5 +20,5 @@ import li.strolch.service.api.ServiceArgument;
|
|||
public class PrivilegeSetUserPasswordArgument extends ServiceArgument {
|
||||
private static final long serialVersionUID = 1L;
|
||||
public String username;
|
||||
public byte[] password;
|
||||
public char[] password;
|
||||
}
|
||||
|
|
|
@ -65,7 +65,7 @@ public abstract class AbstractRealmCommandTest {
|
|||
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||
runtimeMock.startContainer();
|
||||
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
|
||||
importFromXml(REALM_CACHED, certificate, getServiceHandler());
|
||||
importFromXml(REALM_TRANSACTIONAL, certificate, getServiceHandler());
|
||||
}
|
||||
|
|
|
@ -56,7 +56,7 @@ public class MigrationsTest {
|
|||
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||
runtimeMock.startContainer();
|
||||
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
@ -75,7 +75,7 @@ public abstract class AbstractRealmServiceTest {
|
|||
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||
runtimeMock.startContainer();
|
||||
|
||||
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
|
||||
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
|
||||
importFromXml(REALM_CACHED, this.certificate, getServiceHandler());
|
||||
importFromXml(REALM_TRANSACTIONAL, this.certificate, getServiceHandler());
|
||||
}
|
||||
|
|
|
@ -37,7 +37,7 @@ public class GreetingServiceTest extends AbstractServiceTest {
|
|||
GreetingArgument greetingArgument = new GreetingArgument();
|
||||
greetingArgument.name = "Robert"; //$NON-NLS-1$
|
||||
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
try {
|
||||
GreetingResult greetingResult = getServiceHandler().doService(certificate, greetingService,
|
||||
greetingArgument);
|
||||
|
|
|
@ -72,7 +72,7 @@ public class LockingTest {
|
|||
}
|
||||
|
||||
public static Certificate login() {
|
||||
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -74,7 +74,7 @@ public class ServiceTest extends AbstractServiceTest {
|
|||
@Test
|
||||
public void shouldFailWithNoAccess() {
|
||||
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
try {
|
||||
TestService testService = new TestService();
|
||||
ServiceResult svcResult = getServiceHandler().doService(certificate, testService);
|
||||
|
@ -88,7 +88,7 @@ public class ServiceTest extends AbstractServiceTest {
|
|||
|
||||
@Test
|
||||
public void shouldNotFailWithAccess() {
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
try {
|
||||
GreetingService service = new GreetingService();
|
||||
GreetingArgument argument = new GreetingArgument();
|
||||
|
@ -103,7 +103,7 @@ public class ServiceTest extends AbstractServiceTest {
|
|||
@Test
|
||||
public void shouldNotFailWithLogin1() {
|
||||
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
try {
|
||||
TestService testService = new TestService();
|
||||
getServiceHandler().doService(certificate, testService);
|
||||
|
@ -114,7 +114,7 @@ public class ServiceTest extends AbstractServiceTest {
|
|||
|
||||
@Test
|
||||
public void shouldNotFailWithLogin2() {
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||
try {
|
||||
GreetingService service = new GreetingService();
|
||||
GreetingArgument argument = new GreetingArgument();
|
||||
|
|
|
@ -54,7 +54,7 @@ public class XmlExportServiceTest {
|
|||
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||
runtimeMock.startContainer();
|
||||
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
@ -15,7 +15,7 @@
|
|||
<Role>AppUser</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="3" username="admin" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="3" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<Role>agent</Role>
|
||||
</Roles>
|
||||
</User>
|
||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
||||
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||
<Firstname>Application</Firstname>
|
||||
<Lastname>Administrator</Lastname>
|
||||
<State>ENABLED</State>
|
||||
|
|
|
@ -10,7 +10,13 @@
|
|||
|
||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||
<!-- default iterations: 200000 -->
|
||||
<Parameter name="hashIterations" value="10000" />
|
||||
<!-- default key length: 256 -->
|
||||
<Parameter name="hashKeyLength" value="256" />
|
||||
</Parameters>
|
||||
</EncryptionHandler>
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue