[Major] Privilege passwords are now salted!
This commit is contained in:
parent
4a32d06371
commit
4c9e66876a
|
@ -126,7 +126,7 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, byte[] password) {
|
public Certificate authenticate(String username, char[] password) {
|
||||||
assertContainerStarted();
|
assertContainerStarted();
|
||||||
Certificate certificate = this.privilegeHandler.authenticate(username, password);
|
Certificate certificate = this.privilegeHandler.authenticate(username, password);
|
||||||
StrolchRealm realm = getContainer().getRealm(certificate);
|
StrolchRealm realm = getContainer().getRealm(certificate);
|
||||||
|
|
|
@ -41,7 +41,7 @@ public interface PrivilegeHandler {
|
||||||
*
|
*
|
||||||
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, byte[])
|
* @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, byte[])
|
||||||
*/
|
*/
|
||||||
public Certificate authenticate(String username, byte[] password);
|
public Certificate authenticate(String username, char[] password);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Validate that the certificate is still valid
|
* Validate that the certificate is still valid
|
||||||
|
|
|
@ -168,7 +168,7 @@ public class ComponentContainerTest {
|
||||||
|
|
||||||
private static Certificate login(StrolchAgent agent) {
|
private static Certificate login(StrolchAgent agent) {
|
||||||
PrivilegeHandler privilegeHandler = agent.getContainer().getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = agent.getContainer().getPrivilegeHandler();
|
||||||
return privilegeHandler.authenticate("test", "test".getBytes());
|
return privilegeHandler.authenticate("test", "test".toCharArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static void testPersistenceContainer(StrolchAgent agent) {
|
public static void testPersistenceContainer(StrolchAgent agent) {
|
||||||
|
|
|
@ -44,7 +44,7 @@ public class PolicyHandlerTest {
|
||||||
PolicyHandler policyHandler = agent.getContainer().getComponent(PolicyHandler.class);
|
PolicyHandler policyHandler = agent.getContainer().getComponent(PolicyHandler.class);
|
||||||
|
|
||||||
ComponentContainer container = agent.getContainer();
|
ComponentContainer container = agent.getContainer();
|
||||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
try (StrolchTransaction tx = container.getRealm(StrolchConstants.DEFAULT_REALM).openTx(certificate,
|
try (StrolchTransaction tx = container.getRealm(StrolchConstants.DEFAULT_REALM).openTx(certificate,
|
||||||
"test")) {
|
"test")) {
|
||||||
|
|
||||||
|
|
|
@ -43,7 +43,7 @@ public class EnumHandlerTest {
|
||||||
|
|
||||||
ComponentContainer container = agent.getContainer();
|
ComponentContainer container = agent.getContainer();
|
||||||
|
|
||||||
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate certificate = container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
|
|
||||||
EnumHandler enumHandler = container.getComponent(EnumHandler.class);
|
EnumHandler enumHandler = container.getComponent(EnumHandler.class);
|
||||||
StrolchEnum sexEnum = enumHandler.getEnum(certificate, "sex", Locale.ENGLISH);
|
StrolchEnum sexEnum = enumHandler.getEnum(certificate, "sex", Locale.ENGLISH);
|
||||||
|
|
|
@ -52,7 +52,7 @@ public class FindByLocatorTest {
|
||||||
runtimeMock = new RuntimeMock(PATH_FIND_BY_LOCATOR_RUNTIME, ComponentContainerTest.PATH_TRANSIENT_CONTAINER);
|
runtimeMock = new RuntimeMock(PATH_FIND_BY_LOCATOR_RUNTIME, ComponentContainerTest.PATH_TRANSIENT_CONTAINER);
|
||||||
runtimeMock.mockRuntime();
|
runtimeMock.mockRuntime();
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -52,7 +52,7 @@ public class QueryTest {
|
||||||
public static final String PATH_EMPTY_RUNTIME = "target/QueryTest/"; //$NON-NLS-1$
|
public static final String PATH_EMPTY_RUNTIME = "target/QueryTest/"; //$NON-NLS-1$
|
||||||
|
|
||||||
private Certificate login(ComponentContainer container) {
|
private Certificate login(ComponentContainer container) {
|
||||||
return container.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
return container.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
<Property name="realm" value="cached" />
|
<Property name="realm" value="cached" />
|
||||||
</Properties>
|
</Properties>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
<Property name="realm" value="cached" />
|
<Property name="realm" value="cached" />
|
||||||
</Properties>
|
</Properties>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="transient" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="transient" password="cc6072ac76d018d95c964ca3d8d1d934a2bf66a369bdf2ff5a539bf23ecde11b" salt="7472616e7369656e74">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="cached" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="cached" password="14df65e4ec6adae5e426dff1248f8a4bafc9791b7d5a4dfad89b00e06803e679" salt="636163686564">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -18,7 +18,7 @@
|
||||||
<Property name="realm" value="cached" />
|
<Property name="realm" value="cached" />
|
||||||
</Properties>
|
</Properties>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="transactional" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="transactional" password="67252256c67e43fd6674cfd5e5d47536af5b8bc40eb297c1e9edf5da5fc1c2a6" salt="7472616e73616374696f6e616c">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -18,7 +18,7 @@ public abstract class PerformanceTest {
|
||||||
@Test
|
@Test
|
||||||
public void runPerformanceTestCached() {
|
public void runPerformanceTestCached() {
|
||||||
|
|
||||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".getBytes());
|
Certificate certificate = runtime().getPrivilegeHandler().authenticate("cached", "test".toCharArray());
|
||||||
|
|
||||||
ServiceHandler svcHandler = runtime().getServiceHandler();
|
ServiceHandler svcHandler = runtime().getServiceHandler();
|
||||||
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
||||||
|
@ -27,7 +27,7 @@ public abstract class PerformanceTest {
|
||||||
@Test
|
@Test
|
||||||
public void runPerformanceTestTransactional() {
|
public void runPerformanceTestTransactional() {
|
||||||
|
|
||||||
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".getBytes());
|
Certificate certificate = runtime().getPrivilegeHandler().authenticate("transactional", "test".toCharArray());
|
||||||
|
|
||||||
ServiceHandler svcHandler = runtime().getServiceHandler();
|
ServiceHandler svcHandler = runtime().getServiceHandler();
|
||||||
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
svcHandler.doService(certificate, new PerformanceTestService(), argInstance());
|
||||||
|
|
|
@ -50,7 +50,7 @@ public class PerformanceTransientTest {
|
||||||
@Test
|
@Test
|
||||||
public void runPerformanceTest() {
|
public void runPerformanceTest() {
|
||||||
|
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".getBytes());
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("transient", "test".toCharArray());
|
||||||
|
|
||||||
ServiceHandler svcHandler = runtimeMock.getServiceHandler();
|
ServiceHandler svcHandler = runtimeMock.getServiceHandler();
|
||||||
svcHandler.doService(certificate, new PerformanceTestService(), new PerformanceTestArgument());
|
svcHandler.doService(certificate, new PerformanceTestService(), new PerformanceTestArgument());
|
||||||
|
|
|
@ -59,7 +59,7 @@ public class ActivityQueryTest extends QueryTest {
|
||||||
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||||
ActivityMap activityMap = tx.getActivityMap();
|
ActivityMap activityMap = tx.getActivityMap();
|
||||||
|
|
|
@ -100,7 +100,7 @@ public class AuditQueryTest {
|
||||||
cal.set(2000, 11, 1);
|
cal.set(2000, 11, 1);
|
||||||
future = cal.getTime();
|
future = cal.getTime();
|
||||||
|
|
||||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||||
int i = 0;
|
int i = 0;
|
||||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||||
|
|
|
@ -120,7 +120,7 @@ public class ObserverUpdateTest {
|
||||||
realm.getObserverHandler().registerObserver(Tags.RESOURCE, observer);
|
realm.getObserverHandler().registerObserver(Tags.RESOURCE, observer);
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
||||||
Certificate certificate = privilegeHandler.authenticate("test", "test".getBytes()); //$NON-NLS-1$ //$NON-NLS-2$
|
Certificate certificate = privilegeHandler.authenticate("test", "test".toCharArray()); //$NON-NLS-1$ //$NON-NLS-2$
|
||||||
|
|
||||||
// create order
|
// create order
|
||||||
Order newOrder = createOrder("MyTestOrder", "Test Name", "TestType", new Date(), State.CREATED); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$
|
Order newOrder = createOrder("MyTestOrder", "Test Name", "TestType", new Date(), State.CREATED); //$NON-NLS-1$//$NON-NLS-2$ //$NON-NLS-3$
|
||||||
|
|
|
@ -78,7 +78,7 @@ public class OrderQueryTest extends QueryTest {
|
||||||
cal.set(2000, 11, 1);
|
cal.set(2000, 11, 1);
|
||||||
future = cal.getTime();
|
future = cal.getTime();
|
||||||
|
|
||||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||||
OrderMap orderMap = tx.getOrderMap();
|
OrderMap orderMap = tx.getOrderMap();
|
||||||
|
|
|
@ -82,7 +82,7 @@ public class RealmTest extends AbstractModelTest {
|
||||||
String type = "Bla"; //$NON-NLS-1$
|
String type = "Bla"; //$NON-NLS-1$
|
||||||
|
|
||||||
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
PrivilegeHandler privilegeHandler = runtimeMock.getAgent().getContainer().getPrivilegeHandler();
|
||||||
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.getBytes());
|
Certificate certificate = privilegeHandler.authenticate(TEST, TEST.toCharArray());
|
||||||
|
|
||||||
{
|
{
|
||||||
StrolchRealm firstRealm = runtimeMock.getRealm(FIRST);
|
StrolchRealm firstRealm = runtimeMock.getRealm(FIRST);
|
||||||
|
|
|
@ -55,7 +55,7 @@ public class ResourceDaoTest extends QueryTest {
|
||||||
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
new File(rootPath, DB_STORE_PATH_DIR).mkdir();
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
Certificate cert = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
StrolchRealm realm = runtimeMock.getRealm(StrolchConstants.DEFAULT_REALM);
|
||||||
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
try (StrolchTransaction tx = realm.openTx(cert, "test")) {
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
</Properties>
|
</Properties>
|
||||||
</User>
|
</User>
|
||||||
|
|
||||||
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
|
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
|
||||||
<Firstname>Bob</Firstname>
|
<Firstname>Bob</Firstname>
|
||||||
<Lastname>Bernstein</Lastname>
|
<Lastname>Bernstein</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
</Roles>
|
</Roles>
|
||||||
|
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
|
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
|
||||||
<Firstname>Jill</Firstname>
|
<Firstname>Jill</Firstname>
|
||||||
<Lastname>Johnson</Lastname>
|
<Lastname>Johnson</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
</Roles>
|
</Roles>
|
||||||
|
|
||||||
</User>
|
</User>
|
||||||
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
|
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
|
||||||
<Firstname>System User</Firstname>
|
<Firstname>System User</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>SYSTEM</State>
|
<State>SYSTEM</State>
|
||||||
|
|
|
@ -15,7 +15,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Users>
|
<Users>
|
||||||
|
|
||||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Users>
|
<Users>
|
||||||
|
|
||||||
<User userId="1" username="userA" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
<User userId="1" username="userA" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>System User</Firstname>
|
<Firstname>System User</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -12,7 +12,7 @@
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
|
|
||||||
<User userId="2" username="userB" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
<User userId="2" username="userB" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>System User</Firstname>
|
<Firstname>System User</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -0,0 +1,80 @@
|
||||||
|
import java.io.UnsupportedEncodingException;
|
||||||
|
import java.security.SecureRandom;
|
||||||
|
import java.text.MessageFormat;
|
||||||
|
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
import javax.crypto.SecretKeyFactory;
|
||||||
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
|
|
||||||
|
public class Temp {
|
||||||
|
|
||||||
|
public static void main(String[] args) throws Exception {
|
||||||
|
|
||||||
|
for (int i = 0; i < 10; i++) {
|
||||||
|
|
||||||
|
long start = System.nanoTime();
|
||||||
|
|
||||||
|
byte[] bytes = new byte[16];
|
||||||
|
SecureRandom secureRandom = new SecureRandom();
|
||||||
|
secureRandom.nextBytes(bytes);
|
||||||
|
String token = getHexString(bytes);
|
||||||
|
System.out.println(token);
|
||||||
|
|
||||||
|
String algorithm = "PBKDF2WithHmacSHA512";
|
||||||
|
char[] password = "admin".toCharArray();
|
||||||
|
byte[] salt = "admin".getBytes();
|
||||||
|
int iterations = 10000;
|
||||||
|
int keyLength = 256;
|
||||||
|
|
||||||
|
SecretKeyFactory skf = SecretKeyFactory.getInstance(algorithm);
|
||||||
|
PBEKeySpec spec = new PBEKeySpec(password, salt, iterations, keyLength);
|
||||||
|
SecretKey key = skf.generateSecret(spec);
|
||||||
|
byte[] res = key.getEncoded();
|
||||||
|
|
||||||
|
System.out.println("Password hash: " + getHexString(res));
|
||||||
|
System.out.println("Salt: " + getHexString(salt));
|
||||||
|
|
||||||
|
long end = System.nanoTime();
|
||||||
|
System.out.println("Took: " + formatNanoDuration(end - start));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String getHexString(byte[] raw) throws RuntimeException {
|
||||||
|
try {
|
||||||
|
byte[] hex = new byte[2 * raw.length];
|
||||||
|
int index = 0;
|
||||||
|
|
||||||
|
for (byte b : raw) {
|
||||||
|
int v = b & 0xFF;
|
||||||
|
hex[index++] = HEX_CHAR_TABLE[v >>> 4];
|
||||||
|
hex[index++] = HEX_CHAR_TABLE[v & 0xF];
|
||||||
|
}
|
||||||
|
|
||||||
|
return new String(hex, "ASCII"); //$NON-NLS-1$
|
||||||
|
|
||||||
|
} catch (UnsupportedEncodingException e) {
|
||||||
|
String msg = MessageFormat.format("Something went wrong while converting to HEX: {0}", e.getMessage()); //$NON-NLS-1$
|
||||||
|
throw new RuntimeException(msg, e);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String formatNanoDuration(final long nanos) {
|
||||||
|
if (nanos >= 3600000000000L) {
|
||||||
|
return String.format("%.0fh", (nanos / 3600000000000.0D)); //$NON-NLS-1$
|
||||||
|
} else if (nanos >= 60000000000L) {
|
||||||
|
return String.format("%.0fm", (nanos / 60000000000.0D)); //$NON-NLS-1$
|
||||||
|
} else if (nanos >= 1000000000L) {
|
||||||
|
return String.format("%.0fs", (nanos / 1000000000.0D)); //$NON-NLS-1$
|
||||||
|
} else if (nanos >= 1000000L) {
|
||||||
|
return String.format("%.0fms", (nanos / 1000000.0D)); //$NON-NLS-1$
|
||||||
|
} else if (nanos >= 1000L) {
|
||||||
|
return String.format("%.0fus", (nanos / 1000.0D)); //$NON-NLS-1$
|
||||||
|
} else {
|
||||||
|
return nanos + "ns"; //$NON-NLS-1$
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static final byte[] HEX_CHAR_TABLE = { (byte) '0', (byte) '1', (byte) '2', (byte) '3', (byte) '4',
|
||||||
|
(byte) '5', (byte) '6', (byte) '7', (byte) '8', (byte) '9', (byte) 'a', (byte) 'b', (byte) 'c', (byte) 'd',
|
||||||
|
(byte) 'e', (byte) 'f' };
|
||||||
|
}
|
|
@ -15,13 +15,17 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.privilege.handler;
|
package li.strolch.privilege.handler;
|
||||||
|
|
||||||
import java.io.UnsupportedEncodingException;
|
|
||||||
import java.security.MessageDigest;
|
import java.security.MessageDigest;
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.text.MessageFormat;
|
import java.text.MessageFormat;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.crypto.SecretKey;
|
||||||
|
import javax.crypto.SecretKeyFactory;
|
||||||
|
import javax.crypto.spec.PBEKeySpec;
|
||||||
|
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -37,7 +41,7 @@ import li.strolch.utils.helper.StringHelper;
|
||||||
*
|
*
|
||||||
* Required parameters:
|
* Required parameters:
|
||||||
* <ul>
|
* <ul>
|
||||||
* <li> {@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
|
* <li>{@link XmlConstants#XML_PARAM_HASH_ALGORITHM}</li>
|
||||||
* </ul>
|
* </ul>
|
||||||
*
|
*
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
@ -55,40 +59,47 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
|
||||||
private SecureRandom secureRandom;
|
private SecureRandom secureRandom;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The configured hash algorithm for this instance
|
* The configured algorithm for this instance
|
||||||
*/
|
*/
|
||||||
private String hashAlgorithm;
|
private String algorithm;
|
||||||
|
|
||||||
@Override
|
/**
|
||||||
public String convertToHash(String string) {
|
* The number of iterations to perform the hashing with
|
||||||
return convertToHash(string.getBytes());
|
*/
|
||||||
}
|
private int iterations;
|
||||||
|
|
||||||
@Override
|
/**
|
||||||
public String convertToHash(byte[] bytes) {
|
* The length of the secure key for the hashing
|
||||||
try {
|
*/
|
||||||
|
private int keyLength;
|
||||||
return StringHelper.hashAsHex(this.hashAlgorithm, bytes);
|
|
||||||
|
|
||||||
} catch (RuntimeException e) {
|
|
||||||
if (e.getCause() == null)
|
|
||||||
throw e;
|
|
||||||
if (e.getCause().getClass().equals(NoSuchAlgorithmException.class))
|
|
||||||
throw new PrivilegeException(
|
|
||||||
MessageFormat.format("Algorithm {0} was not found!", this.hashAlgorithm), e.getCause()); //$NON-NLS-1$
|
|
||||||
if (e.getCause().getClass().equals(UnsupportedEncodingException.class))
|
|
||||||
throw new PrivilegeException("Charset ASCII is not supported!", e.getCause()); //$NON-NLS-1$
|
|
||||||
|
|
||||||
throw e;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public String nextToken() {
|
public String nextToken() {
|
||||||
byte[] bytes = new byte[16];
|
byte[] bytes = new byte[16];
|
||||||
this.secureRandom.nextBytes(bytes);
|
this.secureRandom.nextBytes(bytes);
|
||||||
String randomString = new String(bytes);
|
return StringHelper.getHexString(bytes);
|
||||||
return randomString;
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[] nextSalt() {
|
||||||
|
byte[] bytes = new byte[32];
|
||||||
|
this.secureRandom.nextBytes(bytes);
|
||||||
|
return bytes;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public byte[] hashPassword(char[] password, byte[] salt) {
|
||||||
|
|
||||||
|
try {
|
||||||
|
SecretKeyFactory skf = SecretKeyFactory.getInstance(this.algorithm);
|
||||||
|
PBEKeySpec spec = new PBEKeySpec(password, salt, this.iterations, this.keyLength);
|
||||||
|
SecretKey key = skf.generateSecret(spec);
|
||||||
|
byte[] res = key.getEncoded();
|
||||||
|
return res;
|
||||||
|
|
||||||
|
} catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
|
||||||
|
throw new IllegalStateException(e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -97,18 +108,14 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
|
||||||
this.secureRandom = new SecureRandom();
|
this.secureRandom = new SecureRandom();
|
||||||
|
|
||||||
// get hash algorithm parameters
|
// get hash algorithm parameters
|
||||||
this.hashAlgorithm = parameterMap.get(XmlConstants.XML_PARAM_HASH_ALGORITHM);
|
this.algorithm = parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ALGORITHM, "PBKDF2WithHmacSHA512");
|
||||||
if (this.hashAlgorithm == null || this.hashAlgorithm.isEmpty()) {
|
this.iterations = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_ITERATIONS, "200000"));
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
this.keyLength = Integer.parseInt(parameterMap.getOrDefault(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "256"));
|
||||||
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM);
|
|
||||||
throw new PrivilegeException(msg);
|
|
||||||
}
|
|
||||||
|
|
||||||
// test hash algorithm
|
// test hash algorithm
|
||||||
try {
|
try {
|
||||||
convertToHash("test"); //$NON-NLS-1$
|
hashPassword("test".toCharArray(), "test".getBytes()); //$NON-NLS-1$
|
||||||
DefaultEncryptionHandler.logger.info(MessageFormat
|
DefaultEncryptionHandler.logger.info(MessageFormat.format("Using hashing algorithm {0}", this.algorithm)); //$NON-NLS-1$
|
||||||
.format("Using hashing algorithm {0}", this.hashAlgorithm)); //$NON-NLS-1$
|
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid because of underlying exception: {2}"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is invalid because of underlying exception: {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM,
|
msg = MessageFormat.format(msg, EncryptionHandler.class.getName(), XmlConstants.XML_PARAM_HASH_ALGORITHM,
|
||||||
|
|
|
@ -404,7 +404,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserRep addUser(Certificate certificate, UserRep userRepParam, byte[] password) {
|
public UserRep addUser(Certificate certificate, UserRep userRepParam, char[] password) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// validate user actually has this type of privilege
|
// validate user actually has this type of privilege
|
||||||
|
@ -433,18 +433,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
String passwordHash = null;
|
byte[] passwordHash = null;
|
||||||
|
byte[] salt = null;
|
||||||
if (password != null) {
|
if (password != null) {
|
||||||
|
|
||||||
// validate password meets basic requirements
|
// validate password meets basic requirements
|
||||||
validatePassword(password);
|
validatePassword(password);
|
||||||
|
|
||||||
|
// get new salt for user
|
||||||
|
salt = this.encryptionHandler.nextSalt();
|
||||||
|
|
||||||
// hash password
|
// hash password
|
||||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = createUser(userRep, passwordHash);
|
User newUser = createUser(userRep, passwordHash, salt);
|
||||||
|
|
||||||
// detect privilege conflicts
|
// detect privilege conflicts
|
||||||
assertNoPrivilegeConflict(newUser);
|
assertNoPrivilegeConflict(newUser);
|
||||||
|
@ -465,7 +469,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password) {
|
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// validate user actually has this type of privilege
|
// validate user actually has this type of privilege
|
||||||
|
@ -491,17 +495,21 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeException(MessageFormat.format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
String passwordHash = null;
|
byte[] passwordHash = null;
|
||||||
|
byte[] salt = null;
|
||||||
if (password != null) {
|
if (password != null) {
|
||||||
|
|
||||||
// validate password meets basic requirements
|
// validate password meets basic requirements
|
||||||
validatePassword(password);
|
validatePassword(password);
|
||||||
|
|
||||||
|
// get new salt for user
|
||||||
|
salt = this.encryptionHandler.nextSalt();
|
||||||
|
|
||||||
// hash password
|
// hash password
|
||||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
User newUser = createUser(userRep, passwordHash);
|
User newUser = createUser(userRep, passwordHash, salt);
|
||||||
|
|
||||||
// detect privilege conflicts
|
// detect privilege conflicts
|
||||||
assertNoPrivilegeConflict(newUser);
|
assertNoPrivilegeConflict(newUser);
|
||||||
|
@ -532,8 +540,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private User createUser(UserRep userRep, String passwordHash) {
|
private User createUser(UserRep userRep, byte[] passwordHash, byte[] salt) {
|
||||||
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
|
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, salt, userRep.getFirstname(),
|
||||||
userRep.getLastname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
|
userRep.getLastname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
|
||||||
userRep.getPropertyMap());
|
userRep.getPropertyMap());
|
||||||
return user;
|
return user;
|
||||||
|
@ -563,7 +571,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
String userId = existingUser.getUserId();
|
String userId = existingUser.getUserId();
|
||||||
String username = existingUser.getUsername();
|
String username = existingUser.getUsername();
|
||||||
String password = existingUser.getPassword();
|
byte[] password = existingUser.getPassword();
|
||||||
|
byte[] salt = existingUser.getSalt();
|
||||||
String firstname = existingUser.getFirstname();
|
String firstname = existingUser.getFirstname();
|
||||||
String lastname = existingUser.getLastname();
|
String lastname = existingUser.getLastname();
|
||||||
UserState userState = existingUser.getUserState();
|
UserState userState = existingUser.getUserState();
|
||||||
|
@ -582,7 +591,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
propertyMap = userRep.getPropertyMap();
|
propertyMap = userRep.getPropertyMap();
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(userId, username, password, firstname, lastname, userState, roles, locale, propertyMap);
|
User newUser = new User(userId, username, password, salt, firstname, lastname, userState, roles, locale,
|
||||||
|
propertyMap);
|
||||||
|
|
||||||
// detect privilege conflicts
|
// detect privilege conflicts
|
||||||
assertNoPrivilegeConflict(newUser);
|
assertNoPrivilegeConflict(newUser);
|
||||||
|
@ -657,8 +667,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
newRoles.add(roleName);
|
newRoles.add(roleName);
|
||||||
|
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
|
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||||
existingUser.getLocale(), existingUser.getProperties());
|
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
|
||||||
|
|
||||||
// detect privilege conflicts
|
// detect privilege conflicts
|
||||||
assertNoPrivilegeConflict(newUser);
|
assertNoPrivilegeConflict(newUser);
|
||||||
|
@ -699,8 +709,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Set<String> newRoles = new HashSet<>(currentRoles);
|
Set<String> newRoles = new HashSet<>(currentRoles);
|
||||||
newRoles.remove(roleName);
|
newRoles.remove(roleName);
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(), newRoles,
|
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||||
existingUser.getLocale(), existingUser.getProperties());
|
existingUser.getUserState(), newRoles, existingUser.getLocale(), existingUser.getProperties());
|
||||||
|
|
||||||
// delegate user replacement to persistence handler
|
// delegate user replacement to persistence handler
|
||||||
this.persistenceHandler.replaceUser(newUser);
|
this.persistenceHandler.replaceUser(newUser);
|
||||||
|
@ -725,8 +735,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
|
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(),
|
||||||
existingUser.getRoles(), locale, existingUser.getProperties());
|
existingUser.getUserState(), existingUser.getRoles(), locale, existingUser.getProperties());
|
||||||
|
|
||||||
// if the user is not setting their own locale, then make sure this user may set this user's locale
|
// if the user is not setting their own locale, then make sure this user may set this user's locale
|
||||||
if (!certificate.getUsername().equals(username)) {
|
if (!certificate.getUsername().equals(username)) {
|
||||||
|
@ -747,7 +757,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void setUserPassword(Certificate certificate, String username, byte[] password) {
|
public void setUserPassword(Certificate certificate, String username, char[] password) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
// validate user actually has this type of privilege
|
// validate user actually has this type of privilege
|
||||||
|
@ -760,18 +770,22 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
throw new PrivilegeException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
String passwordHash = null;
|
byte[] passwordHash = null;
|
||||||
|
byte[] salt = null;
|
||||||
if (password != null) {
|
if (password != null) {
|
||||||
|
|
||||||
// validate password meets basic requirements
|
// validate password meets basic requirements
|
||||||
validatePassword(password);
|
validatePassword(password);
|
||||||
|
|
||||||
|
// get new salt for user
|
||||||
|
salt = this.encryptionHandler.nextSalt();
|
||||||
|
|
||||||
// hash password
|
// hash password
|
||||||
passwordHash = this.encryptionHandler.convertToHash(password);
|
passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||||
}
|
}
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash,
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), passwordHash, salt,
|
||||||
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
|
existingUser.getFirstname(), existingUser.getLastname(), existingUser.getUserState(),
|
||||||
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
|
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
|
||||||
|
|
||||||
|
@ -815,8 +829,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
existingUser.getFirstname(), existingUser.getLastname(), state, existingUser.getRoles(),
|
existingUser.getSalt(), existingUser.getFirstname(), existingUser.getLastname(), state,
|
||||||
existingUser.getLocale(), existingUser.getProperties());
|
existingUser.getRoles(), existingUser.getLocale(), existingUser.getProperties());
|
||||||
|
|
||||||
// validate that this user may modify this user's state
|
// validate that this user may modify this user's state
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_STATE, new Tuple(existingUser, newUser)));
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_SET_USER_STATE, new Tuple(existingUser, newUser)));
|
||||||
|
@ -1059,7 +1073,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// validate the response
|
// validate the response
|
||||||
UserChallenge userChallenge = this.userChallengeHandler.validateResponse(user, challenge);
|
UserChallenge userChallenge = this.userChallengeHandler.validateResponse(user, challenge);
|
||||||
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
|
String authToken = this.encryptionHandler.nextToken();
|
||||||
String sessionId = UUID.randomUUID().toString();
|
String sessionId = UUID.randomUUID().toString();
|
||||||
|
|
||||||
// create a new certificate, with details of the user
|
// create a new certificate, with details of the user
|
||||||
|
@ -1077,7 +1091,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, byte[] password) {
|
public Certificate authenticate(String username, char[] password) {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// username must be at least 2 characters in length
|
// username must be at least 2 characters in length
|
||||||
|
@ -1097,7 +1111,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// get 2 auth tokens
|
// get 2 auth tokens
|
||||||
String authToken = this.encryptionHandler.convertToHash(this.encryptionHandler.nextToken());
|
String authToken = this.encryptionHandler.nextToken();
|
||||||
|
|
||||||
// get next session id
|
// get next session id
|
||||||
String sessionId = UUID.randomUUID().toString();
|
String sessionId = UUID.randomUUID().toString();
|
||||||
|
@ -1232,15 +1246,12 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
* @throws InvalidCredentialsException
|
* @throws InvalidCredentialsException
|
||||||
* if the given credentials are invalid, the user does not exist, or has no password set
|
* if the given credentials are invalid, the user does not exist, or has no password set
|
||||||
*/
|
*/
|
||||||
private User checkCredentialsAndUserState(String username, byte[] password)
|
private User checkCredentialsAndUserState(String username, char[] password)
|
||||||
throws InvalidCredentialsException, AccessDeniedException {
|
throws InvalidCredentialsException, AccessDeniedException {
|
||||||
|
|
||||||
// and validate the password
|
// and validate the password
|
||||||
validatePassword(password);
|
validatePassword(password);
|
||||||
|
|
||||||
// we only work with hashed passwords
|
|
||||||
String passwordHash = this.encryptionHandler.convertToHash(password);
|
|
||||||
|
|
||||||
// get user object
|
// get user object
|
||||||
User user = this.persistenceHandler.getUser(username);
|
User user = this.persistenceHandler.getUser(username);
|
||||||
// no user means no authentication
|
// no user means no authentication
|
||||||
|
@ -1256,14 +1267,6 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
throw new InvalidCredentialsException(msg);
|
throw new InvalidCredentialsException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate password
|
|
||||||
String pwHash = user.getPassword();
|
|
||||||
if (pwHash == null)
|
|
||||||
throw new AccessDeniedException(
|
|
||||||
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
|
||||||
if (!pwHash.equals(passwordHash))
|
|
||||||
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
|
||||||
|
|
||||||
// validate if user is allowed to login
|
// validate if user is allowed to login
|
||||||
// this also capture the trying to login of SYSTEM user
|
// this also capture the trying to login of SYSTEM user
|
||||||
if (user.getUserState() != UserState.ENABLED) {
|
if (user.getUserState() != UserState.ENABLED) {
|
||||||
|
@ -1272,6 +1275,25 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
byte[] pwHash = user.getPassword();
|
||||||
|
if (pwHash == null)
|
||||||
|
throw new AccessDeniedException(
|
||||||
|
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
||||||
|
byte[] salt = user.getSalt();
|
||||||
|
if (salt == null)
|
||||||
|
throw new AccessDeniedException(MessageFormat.format("User {0} has no salt and may not login!", salt)); //$NON-NLS-1$
|
||||||
|
|
||||||
|
// we only work with hashed passwords
|
||||||
|
byte[] passwordHash = this.encryptionHandler.hashPassword(password, salt);
|
||||||
|
|
||||||
|
logger.info("New hash: " + StringHelper.getHexString(passwordHash));
|
||||||
|
logger.info("User hash: " + StringHelper.getHexString(pwHash));
|
||||||
|
logger.info("User salt: " + StringHelper.getHexString(salt));
|
||||||
|
|
||||||
|
// validate password
|
||||||
|
if (!Arrays.equals(passwordHash, pwHash))
|
||||||
|
throw new InvalidCredentialsException(MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
return user;
|
return user;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1426,10 +1448,10 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
/**
|
/**
|
||||||
* This simple implementation validates that the password is not null, and that the password string is not empty
|
* This simple implementation validates that the password is not null, and that the password string is not empty
|
||||||
*
|
*
|
||||||
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(byte[])
|
* @see li.strolch.privilege.handler.PrivilegeHandler#validatePassword(char[])
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void validatePassword(byte[] password) throws PrivilegeException {
|
public void validatePassword(char[] password) throws PrivilegeException {
|
||||||
|
|
||||||
if (password == null || password.length == 0) {
|
if (password == null || password.length == 0) {
|
||||||
throw new PrivilegeException("A password may not be empty!"); //$NON-NLS-1$
|
throw new PrivilegeException("A password may not be empty!"); //$NON-NLS-1$
|
||||||
|
@ -1708,13 +1730,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Passwords should not be kept as strings, as string are immutable, this method thus clears the byte array so that
|
* Passwords should not be kept as strings, as string are immutable, this method thus clears the char array so that
|
||||||
* the password is not in memory anymore
|
* the password is not in memory anymore
|
||||||
*
|
*
|
||||||
* @param password
|
* @param password
|
||||||
* the byte array containing the passwort which is to be set to zeroes
|
* the char array containing the passwort which is to be set to zeroes
|
||||||
*/
|
*/
|
||||||
private void clearPassword(byte[] password) {
|
private void clearPassword(char[] password) {
|
||||||
if (password != null) {
|
if (password != null) {
|
||||||
for (int i = 0; i < password.length; i++) {
|
for (int i = 0; i < password.length; i++) {
|
||||||
password[i] = 0;
|
password[i] = 0;
|
||||||
|
@ -1797,7 +1819,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate password
|
// validate password
|
||||||
String pwHash = user.getPassword();
|
byte[] pwHash = user.getPassword();
|
||||||
if (pwHash != null) {
|
if (pwHash != null) {
|
||||||
String msg = MessageFormat.format("System users must not have a password: {0}", systemUsername); //$NON-NLS-1$
|
String msg = MessageFormat.format("System users must not have a password: {0}", systemUsername); //$NON-NLS-1$
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
|
|
|
@ -26,29 +26,30 @@ import java.util.Map;
|
||||||
public interface EncryptionHandler {
|
public interface EncryptionHandler {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Calculates or generates a token which can be used to identify certificates and so forth
|
* Generates a token which can be used to identify certificates and so forth
|
||||||
*
|
*
|
||||||
* @return the secure token
|
* @return a new token
|
||||||
*/
|
*/
|
||||||
public String nextToken();
|
public String nextToken();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Converts a given string, e.g. a password to a hash which is defined by the concrete implementation
|
* Generates a token which can be used to identify certificates and so forth
|
||||||
*
|
*
|
||||||
* @param string
|
* @return a new token
|
||||||
* the string to convert
|
|
||||||
* @return the hash of the string after converting
|
|
||||||
*/
|
*/
|
||||||
public String convertToHash(String string);
|
public byte[] nextSalt();
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Converts a given byte array, e.g. a password to a hash which is defined by the concrete implementation
|
* Hashes the given password with the given salt with the configured algorithm
|
||||||
*
|
*
|
||||||
* @param bytes
|
* @param password
|
||||||
* the bytes to convert
|
* the password
|
||||||
* @return the hash of the string after converting
|
* @param salt
|
||||||
|
* the salt
|
||||||
|
*
|
||||||
|
* @return the hashed password
|
||||||
*/
|
*/
|
||||||
public String convertToHash(byte[] bytes);
|
public byte[] hashPassword(final char[] password, final byte[] salt);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the
|
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the
|
||||||
|
|
|
@ -331,7 +331,7 @@ public interface PrivilegeHandler {
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
||||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
|
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param certificate
|
* @param certificate
|
||||||
|
@ -341,14 +341,14 @@ public interface PrivilegeHandler {
|
||||||
* @param password
|
* @param password
|
||||||
* the password of the new user. If the password is null, then this is accepted but the user can not
|
* the password of the new user. If the password is null, then this is accepted but the user can not
|
||||||
* login, otherwise the password must be validated against
|
* login, otherwise the password must be validated against
|
||||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
*
|
*
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if the user for this certificate may not perform the action
|
* if the user for this certificate may not perform the action
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or the user already exists
|
* if there is anything wrong with this certificate or the user already exists
|
||||||
*/
|
*/
|
||||||
public UserRep addUser(Certificate certificate, UserRep userRep, byte[] password)
|
public UserRep addUser(Certificate certificate, UserRep userRep, char[] password)
|
||||||
throws AccessDeniedException, PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -390,7 +390,7 @@ public interface PrivilegeHandler {
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
|
||||||
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(byte[])}
|
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* @param certificate
|
* @param certificate
|
||||||
|
@ -400,14 +400,14 @@ public interface PrivilegeHandler {
|
||||||
* @param password
|
* @param password
|
||||||
* the password of the new user. If the password is null, then this is accepted but the user can not
|
* the password of the new user. If the password is null, then this is accepted but the user can not
|
||||||
* login, otherwise the password must be validated against
|
* login, otherwise the password must be validated against
|
||||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
*
|
*
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if the user for this certificate may not perform the action
|
* if the user for this certificate may not perform the action
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate or if the user does not exist
|
* if there is anything wrong with this certificate or if the user does not exist
|
||||||
*/
|
*/
|
||||||
public UserRep replaceUser(Certificate certificate, UserRep userRep, byte[] password)
|
public UserRep replaceUser(Certificate certificate, UserRep userRep, char[] password)
|
||||||
throws AccessDeniedException, PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -481,7 +481,7 @@ public interface PrivilegeHandler {
|
||||||
* <p>
|
* <p>
|
||||||
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
|
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
|
||||||
* can not login anymore. Otherwise the password must meet the requirements of the implementation under
|
* can not login anymore. Otherwise the password must meet the requirements of the implementation under
|
||||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* <p>
|
* <p>
|
||||||
|
@ -495,14 +495,14 @@ public interface PrivilegeHandler {
|
||||||
* @param password
|
* @param password
|
||||||
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
|
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
|
||||||
* Otherwise the password must meet the requirements of the implementation under
|
* Otherwise the password must meet the requirements of the implementation under
|
||||||
* {@link PrivilegeHandler#validatePassword(byte[])}
|
* {@link PrivilegeHandler#validatePassword(char[])}
|
||||||
*
|
*
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if the user for this certificate may not perform the action
|
* if the user for this certificate may not perform the action
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if there is anything wrong with this certificate
|
* if there is anything wrong with this certificate
|
||||||
*/
|
*/
|
||||||
public void setUserPassword(Certificate certificate, String username, byte[] password)
|
public void setUserPassword(Certificate certificate, String username, char[] password)
|
||||||
throws AccessDeniedException, PrivilegeException;
|
throws AccessDeniedException, PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -575,14 +575,14 @@ public interface PrivilegeHandler {
|
||||||
* the username of the {@link User} which is registered in the {@link PersistenceHandler}
|
* the username of the {@link User} which is registered in the {@link PersistenceHandler}
|
||||||
* @param password
|
* @param password
|
||||||
* the password with which this user is to be authenticated. Null passwords are not accepted and they
|
* the password with which this user is to be authenticated. Null passwords are not accepted and they
|
||||||
* must meet the requirements of the {@link #validatePassword(byte[])}-method
|
* must meet the requirements of the {@link #validatePassword(char[])}-method
|
||||||
*
|
*
|
||||||
* @return a {@link Certificate} with which this user may then perform actions
|
* @return a {@link Certificate} with which this user may then perform actions
|
||||||
*
|
*
|
||||||
* @throws AccessDeniedException
|
* @throws AccessDeniedException
|
||||||
* if the user credentials are not valid
|
* if the user credentials are not valid
|
||||||
*/
|
*/
|
||||||
public Certificate authenticate(String username, byte[] password) throws AccessDeniedException;
|
public Certificate authenticate(String username, char[] password) throws AccessDeniedException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Invalidates the session for the given {@link Certificate}, effectively logging out the user who was authenticated
|
* Invalidates the session for the given {@link Certificate}, effectively logging out the user who was authenticated
|
||||||
|
@ -630,7 +630,7 @@ public interface PrivilegeHandler {
|
||||||
* @throws PrivilegeException
|
* @throws PrivilegeException
|
||||||
* if the password does not implement the requirement of the concrete implementation
|
* if the password does not implement the requirement of the concrete implementation
|
||||||
*/
|
*/
|
||||||
public void validatePassword(byte[] password) throws PrivilegeException;
|
public void validatePassword(char[] password) throws PrivilegeException;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* <p>
|
* <p>
|
||||||
|
|
|
@ -1,123 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
package li.strolch.privilege.helper;
|
|
||||||
|
|
||||||
import java.awt.Dimension;
|
|
||||||
import java.awt.GridLayout;
|
|
||||||
import java.awt.Toolkit;
|
|
||||||
import java.awt.event.ActionEvent;
|
|
||||||
import java.awt.event.ActionListener;
|
|
||||||
import java.awt.event.KeyEvent;
|
|
||||||
import java.awt.event.KeyListener;
|
|
||||||
|
|
||||||
import javax.swing.JButton;
|
|
||||||
import javax.swing.JComboBox;
|
|
||||||
import javax.swing.JFrame;
|
|
||||||
import javax.swing.JLabel;
|
|
||||||
import javax.swing.JPasswordField;
|
|
||||||
import javax.swing.JTextField;
|
|
||||||
import javax.swing.SwingConstants;
|
|
||||||
|
|
||||||
import li.strolch.utils.helper.StringHelper;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Simple Swing UI to create passwords
|
|
||||||
*
|
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
|
||||||
*/
|
|
||||||
@SuppressWarnings("nls")
|
|
||||||
public class PasswordCreaterUI {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Launches the UI
|
|
||||||
*
|
|
||||||
* @param args
|
|
||||||
* not used
|
|
||||||
*/
|
|
||||||
public static void main(String[] args) {
|
|
||||||
|
|
||||||
JFrame.setDefaultLookAndFeelDecorated(true);
|
|
||||||
|
|
||||||
JFrame frame = new JFrame();
|
|
||||||
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
|
|
||||||
frame.setTitle("Password creator");
|
|
||||||
frame.setLayout(new GridLayout(4, 2));
|
|
||||||
|
|
||||||
JLabel digest = new JLabel("Digest:", SwingConstants.RIGHT);
|
|
||||||
JLabel password = new JLabel("Password:", SwingConstants.RIGHT);
|
|
||||||
JLabel hash = new JLabel("Hash:", SwingConstants.RIGHT);
|
|
||||||
|
|
||||||
String[] digests = new String[] { "MD2", "MD5", "SHA-1", "SHA-256", "SHA-384", "SHA-512" };
|
|
||||||
final JComboBox<String> digestCombo = new JComboBox<>(digests);
|
|
||||||
digestCombo.setSelectedIndex(3);
|
|
||||||
final JPasswordField passwordField = new JPasswordField();
|
|
||||||
final JTextField hashField = new JTextField(150);
|
|
||||||
|
|
||||||
JButton digestBtn = new JButton("Digest");
|
|
||||||
|
|
||||||
passwordField.addKeyListener(new KeyListener() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void keyTyped(KeyEvent e) {
|
|
||||||
//
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void keyReleased(KeyEvent e) {
|
|
||||||
//
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void keyPressed(KeyEvent e) {
|
|
||||||
hashField.setText("");
|
|
||||||
}
|
|
||||||
});
|
|
||||||
digestBtn.addActionListener(new ActionListener() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void actionPerformed(ActionEvent e) {
|
|
||||||
|
|
||||||
try {
|
|
||||||
String digest = (String) digestCombo.getSelectedItem();
|
|
||||||
char[] passwordChar = passwordField.getPassword();
|
|
||||||
String password = new String(passwordChar);
|
|
||||||
String hash = StringHelper.hashAsHex(digest, password);
|
|
||||||
hashField.setText(hash);
|
|
||||||
} catch (Exception e1) {
|
|
||||||
e1.printStackTrace();
|
|
||||||
hashField.setText("Failed: " + e1.getLocalizedMessage());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
});
|
|
||||||
|
|
||||||
frame.add(digest);
|
|
||||||
frame.add(digestCombo);
|
|
||||||
frame.add(password);
|
|
||||||
frame.add(passwordField);
|
|
||||||
frame.add(hash);
|
|
||||||
frame.add(hashField);
|
|
||||||
frame.add(new JLabel());
|
|
||||||
frame.add(digestBtn);
|
|
||||||
|
|
||||||
Dimension screenSize = Toolkit.getDefaultToolkit().getScreenSize();
|
|
||||||
int width = 500;
|
|
||||||
int height = 160;
|
|
||||||
frame.setSize(width, height);
|
|
||||||
frame.setLocation(screenSize.width / 2 - width, screenSize.height / 2 - height);
|
|
||||||
|
|
||||||
frame.setVisible(true);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -17,8 +17,12 @@ package li.strolch.privilege.helper;
|
||||||
|
|
||||||
import java.io.BufferedReader;
|
import java.io.BufferedReader;
|
||||||
import java.io.InputStreamReader;
|
import java.io.InputStreamReader;
|
||||||
import java.security.MessageDigest;
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.crypto.SecretKeyFactory;
|
||||||
|
|
||||||
|
import li.strolch.privilege.handler.DefaultEncryptionHandler;
|
||||||
import li.strolch.utils.helper.StringHelper;
|
import li.strolch.utils.helper.StringHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -26,10 +30,6 @@ import li.strolch.utils.helper.StringHelper;
|
||||||
* Simple main class which can be used to create a hash from a password which the user must type in at the command line
|
* Simple main class which can be used to create a hash from a password which the user must type in at the command line
|
||||||
* </p>
|
* </p>
|
||||||
*
|
*
|
||||||
* <p>
|
|
||||||
* TODO: Note: currently the password input is echoed which is a security risk
|
|
||||||
* </p>
|
|
||||||
*
|
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
*/
|
*/
|
||||||
public class PasswordCreator {
|
public class PasswordCreator {
|
||||||
|
@ -47,26 +47,82 @@ public class PasswordCreator {
|
||||||
|
|
||||||
String hashAlgorithm = null;
|
String hashAlgorithm = null;
|
||||||
while (hashAlgorithm == null) {
|
while (hashAlgorithm == null) {
|
||||||
System.out.print("Hash Algorithm [SHA-256]: ");
|
System.out.print("Hash Algorithm [PBKDF2WithHmacSHA512]: ");
|
||||||
String readLine = r.readLine().trim();
|
String readLine = r.readLine().trim();
|
||||||
|
|
||||||
if (readLine.isEmpty()) {
|
if (readLine.isEmpty()) {
|
||||||
hashAlgorithm = "SHA-256";
|
hashAlgorithm = "PBKDF2WithHmacSHA512";
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
try {
|
try {
|
||||||
MessageDigest.getInstance(readLine);
|
SecretKeyFactory.getInstance(readLine);
|
||||||
hashAlgorithm = readLine;
|
hashAlgorithm = readLine;
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
System.out.println(e.getLocalizedMessage());
|
System.err.println(e.getLocalizedMessage());
|
||||||
hashAlgorithm = null;
|
hashAlgorithm = null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
System.out.print("Password: ");
|
int iterations = -1;
|
||||||
String password = r.readLine().trim();
|
while (iterations == -1) {
|
||||||
System.out.print("Hash is: " + StringHelper.hashAsHex(hashAlgorithm, password));
|
System.out.print("Hash iterations [200000]: ");
|
||||||
}
|
String readLine = r.readLine().trim();
|
||||||
|
|
||||||
|
if (readLine.isEmpty()) {
|
||||||
|
iterations = 200000;
|
||||||
|
} else {
|
||||||
|
|
||||||
|
try {
|
||||||
|
iterations = Integer.parseInt(readLine);
|
||||||
|
} catch (Exception e) {
|
||||||
|
System.err.println(e.getLocalizedMessage());
|
||||||
|
iterations = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
int keyLength = -1;
|
||||||
|
while (keyLength == -1) {
|
||||||
|
System.out.print("Hash keyLength [256]: ");
|
||||||
|
String readLine = r.readLine().trim();
|
||||||
|
|
||||||
|
if (readLine.isEmpty()) {
|
||||||
|
keyLength = 256;
|
||||||
|
} else {
|
||||||
|
|
||||||
|
try {
|
||||||
|
keyLength = Integer.parseInt(readLine);
|
||||||
|
if (keyLength <= 0)
|
||||||
|
throw new IllegalArgumentException("KeyLength must be > 0");
|
||||||
|
} catch (Exception e) {
|
||||||
|
System.err.println(e.getLocalizedMessage());
|
||||||
|
keyLength = -1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
System.out.print("Password: ");
|
||||||
|
char[] password = r.readLine().trim().toCharArray();
|
||||||
|
System.out.print("Salt: ");
|
||||||
|
String saltS = StringHelper.getHexString(r.readLine().trim().getBytes());
|
||||||
|
byte[] salt = StringHelper.fromHexString(saltS);
|
||||||
|
|
||||||
|
Map<String, String> parameterMap = new HashMap<>();
|
||||||
|
parameterMap.put(XmlConstants.XML_PARAM_HASH_ALGORITHM, hashAlgorithm);
|
||||||
|
parameterMap.put(XmlConstants.XML_PARAM_HASH_ITERATIONS, "" + iterations);
|
||||||
|
parameterMap.put(XmlConstants.XML_PARAM_HASH_KEY_LENGTH, "" + keyLength);
|
||||||
|
|
||||||
|
DefaultEncryptionHandler encryptionHandler = new DefaultEncryptionHandler();
|
||||||
|
encryptionHandler.initialize(parameterMap);
|
||||||
|
|
||||||
|
byte[] passwordHash = encryptionHandler.hashPassword(password, salt);
|
||||||
|
String passwordHashS = StringHelper.getHexString(passwordHash);
|
||||||
|
System.out.println("Hash is: " + passwordHashS);
|
||||||
|
System.out.println("Salt is: " + saltS);
|
||||||
|
System.out.println();
|
||||||
|
|
||||||
|
System.out.println(XmlConstants.XML_ATTR_PASSWORD + "=\"" + passwordHashS + "\" " + XmlConstants.XML_ATTR_SALT
|
||||||
|
+ "=\"" + saltS + "\"");
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -233,11 +233,26 @@ public class XmlConstants {
|
||||||
*/
|
*/
|
||||||
public static final String XML_ATTR_PASSWORD = "password";
|
public static final String XML_ATTR_PASSWORD = "password";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* XML_ATTR_SALT = "salt" :
|
||||||
|
*/
|
||||||
|
public static final String XML_ATTR_SALT = "salt";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||||
*/
|
*/
|
||||||
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
|
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||||
|
*/
|
||||||
|
public static final String XML_PARAM_HASH_ITERATIONS = "hashIterations";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
|
||||||
|
*/
|
||||||
|
public static final String XML_PARAM_HASH_KEY_LENGTH = "hashKeyLength";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* XML_PARAM_USERS_FILE = "usersXmlFile" :
|
* XML_PARAM_USERS_FILE = "usersXmlFile" :
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -43,7 +43,8 @@ public final class User {
|
||||||
private final String userId;
|
private final String userId;
|
||||||
|
|
||||||
private final String username;
|
private final String username;
|
||||||
private final String password;
|
private final byte[] password;
|
||||||
|
private final byte[] salt;
|
||||||
|
|
||||||
private final String firstname;
|
private final String firstname;
|
||||||
private final String lastname;
|
private final String lastname;
|
||||||
|
@ -78,7 +79,7 @@ public final class User {
|
||||||
* @param propertyMap
|
* @param propertyMap
|
||||||
* a {@link Map} containing string value pairs of properties for this user
|
* a {@link Map} containing string value pairs of properties for this user
|
||||||
*/
|
*/
|
||||||
public User(String userId, String username, String password, String firstname, String lastname,
|
public User(String userId, String username, byte[] password, byte[] salt, String firstname, String lastname,
|
||||||
UserState userState, Set<String> roles, Locale locale, Map<String, String> propertyMap) {
|
UserState userState, Set<String> roles, Locale locale, Map<String, String> propertyMap) {
|
||||||
|
|
||||||
if (StringHelper.isEmpty(userId)) {
|
if (StringHelper.isEmpty(userId)) {
|
||||||
|
@ -107,7 +108,8 @@ public final class User {
|
||||||
this.userId = userId;
|
this.userId = userId;
|
||||||
|
|
||||||
this.username = username;
|
this.username = username;
|
||||||
this.password = StringHelper.isEmpty(password) ? null : password;
|
this.password = password;
|
||||||
|
this.salt = salt;
|
||||||
this.userState = userState;
|
this.userState = userState;
|
||||||
|
|
||||||
this.firstname = firstname;
|
this.firstname = firstname;
|
||||||
|
@ -148,10 +150,19 @@ public final class User {
|
||||||
*
|
*
|
||||||
* @return the hashed password for this {@link User}
|
* @return the hashed password for this {@link User}
|
||||||
*/
|
*/
|
||||||
public String getPassword() {
|
public byte[] getPassword() {
|
||||||
return this.password;
|
return this.password;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return the salt for this {@link User}
|
||||||
|
*
|
||||||
|
* @return the salt for this {@link User}
|
||||||
|
*/
|
||||||
|
public byte[] getSalt() {
|
||||||
|
return this.salt;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the first name
|
* @return the first name
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -59,8 +59,10 @@ public class PrivilegeUsersDomWriter {
|
||||||
|
|
||||||
userElement.setAttribute(XmlConstants.XML_ATTR_USER_ID, user.getUserId());
|
userElement.setAttribute(XmlConstants.XML_ATTR_USER_ID, user.getUserId());
|
||||||
userElement.setAttribute(XmlConstants.XML_ATTR_USERNAME, user.getUsername());
|
userElement.setAttribute(XmlConstants.XML_ATTR_USERNAME, user.getUsername());
|
||||||
if (StringHelper.isNotEmpty(user.getPassword()))
|
if (user.getPassword() != null)
|
||||||
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, user.getPassword());
|
userElement.setAttribute(XmlConstants.XML_ATTR_PASSWORD, StringHelper.getHexString(user.getPassword()));
|
||||||
|
if (user.getSalt() != null)
|
||||||
|
userElement.setAttribute(XmlConstants.XML_ATTR_SALT, StringHelper.getHexString(user.getSalt()));
|
||||||
|
|
||||||
// add first name element
|
// add first name element
|
||||||
if (StringHelper.isNotEmpty(user.getFirstname())) {
|
if (StringHelper.isNotEmpty(user.getFirstname())) {
|
||||||
|
|
|
@ -35,6 +35,7 @@ import org.xml.sax.helpers.DefaultHandler;
|
||||||
import li.strolch.privilege.helper.XmlConstants;
|
import li.strolch.privilege.helper.XmlConstants;
|
||||||
import li.strolch.privilege.model.UserState;
|
import li.strolch.privilege.model.UserState;
|
||||||
import li.strolch.privilege.model.internal.User;
|
import li.strolch.privilege.model.internal.User;
|
||||||
|
import li.strolch.utils.helper.StringHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||||
|
@ -114,7 +115,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
||||||
|
|
||||||
String userId;
|
String userId;
|
||||||
String username;
|
String username;
|
||||||
String password;
|
byte[] password;
|
||||||
|
byte[] salt;
|
||||||
String firstName;
|
String firstName;
|
||||||
String lastname;
|
String lastname;
|
||||||
UserState userState;
|
UserState userState;
|
||||||
|
@ -135,7 +137,12 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
||||||
if (qName.equals(XmlConstants.XML_USER)) {
|
if (qName.equals(XmlConstants.XML_USER)) {
|
||||||
this.userId = attributes.getValue(XmlConstants.XML_ATTR_USER_ID);
|
this.userId = attributes.getValue(XmlConstants.XML_ATTR_USER_ID);
|
||||||
this.username = attributes.getValue(XmlConstants.XML_ATTR_USERNAME);
|
this.username = attributes.getValue(XmlConstants.XML_ATTR_USERNAME);
|
||||||
this.password = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
|
String passwordS = attributes.getValue(XmlConstants.XML_ATTR_PASSWORD);
|
||||||
|
if (!StringHelper.isEmpty(passwordS))
|
||||||
|
this.password = StringHelper.fromHexString(passwordS);
|
||||||
|
String saltS = attributes.getValue(XmlConstants.XML_ATTR_SALT);
|
||||||
|
if (!StringHelper.isEmpty(saltS))
|
||||||
|
this.salt = StringHelper.fromHexString(saltS);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -165,8 +172,8 @@ public class PrivilegeUsersSaxReader extends DefaultHandler {
|
||||||
// NO-OP
|
// NO-OP
|
||||||
} else if (qName.equals(XmlConstants.XML_USER)) {
|
} else if (qName.equals(XmlConstants.XML_USER)) {
|
||||||
|
|
||||||
User user = new User(this.userId, this.username, this.password, this.firstName, this.lastname,
|
User user = new User(this.userId, this.username, this.password, this.salt, this.firstName,
|
||||||
this.userState, this.userRoles, this.locale, this.parameters);
|
this.lastname, this.userState, this.userRoles, this.locale, this.parameters);
|
||||||
logger.info(MessageFormat.format("New User: {0}", user)); //$NON-NLS-1$
|
logger.info(MessageFormat.format("New User: {0}", user)); //$NON-NLS-1$
|
||||||
getUsers().add(user);
|
getUsers().add(user);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -22,7 +22,7 @@ public class AbstractPrivilegeTest {
|
||||||
protected PrivilegeHandler privilegeHandler;
|
protected PrivilegeHandler privilegeHandler;
|
||||||
protected PrivilegeContext ctx;
|
protected PrivilegeContext ctx;
|
||||||
|
|
||||||
protected void login(String username, byte[] password) {
|
protected void login(String username, char[] password) {
|
||||||
Certificate certificate = privilegeHandler.authenticate(username, password);
|
Certificate certificate = privilegeHandler.authenticate(username, password);
|
||||||
assertTrue("Certificate is null!", certificate != null);
|
assertTrue("Certificate is null!", certificate != null);
|
||||||
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
|
PrivilegeContext privilegeContext = privilegeHandler.getPrivilegeContext(certificate);
|
||||||
|
|
|
@ -37,7 +37,7 @@ public class PersistSessionsTest extends AbstractPrivilegeTest {
|
||||||
assertFalse("Sessions File should no yet exist", sessionsFile.exists());
|
assertFalse("Sessions File should no yet exist", sessionsFile.exists());
|
||||||
|
|
||||||
// login and assert sessions file was written
|
// login and assert sessions file was written
|
||||||
login("admin", "admin".getBytes());
|
login("admin", "admin".toCharArray());
|
||||||
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
|
this.privilegeHandler.isCertificateValid(ctx.getCertificate());
|
||||||
assertTrue("Sessions File should have been created!", sessionsFile.isFile());
|
assertTrue("Sessions File should have been created!", sessionsFile.isFile());
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
|
||||||
@Test
|
@Test
|
||||||
public void shouldMergePrivileges1() {
|
public void shouldMergePrivileges1() {
|
||||||
try {
|
try {
|
||||||
login("userA", "admin".getBytes());
|
login("userA", "admin".toCharArray());
|
||||||
IPrivilege privilege = this.ctx.getPrivilege("Foo");
|
IPrivilege privilege = this.ctx.getPrivilege("Foo");
|
||||||
assertTrue(privilege.isAllAllowed());
|
assertTrue(privilege.isAllAllowed());
|
||||||
assertTrue(privilege.getAllowList().isEmpty());
|
assertTrue(privilege.getAllowList().isEmpty());
|
||||||
|
@ -65,7 +65,7 @@ public class PrivilegeConflictMergeTest extends AbstractPrivilegeTest {
|
||||||
@Test
|
@Test
|
||||||
public void shouldMergePrivileges2() {
|
public void shouldMergePrivileges2() {
|
||||||
try {
|
try {
|
||||||
login("userB", "admin".getBytes());
|
login("userB", "admin".toCharArray());
|
||||||
IPrivilege privilege = this.ctx.getPrivilege("Bar");
|
IPrivilege privilege = this.ctx.getPrivilege("Bar");
|
||||||
assertFalse(privilege.isAllAllowed());
|
assertFalse(privilege.isAllAllowed());
|
||||||
assertEquals(2, privilege.getAllowList().size());
|
assertEquals(2, privilege.getAllowList().size());
|
||||||
|
|
|
@ -70,21 +70,21 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
|
||||||
private static final String ROLE_PRIVILEGE_ADMIN = "PrivilegeAdmin";
|
private static final String ROLE_PRIVILEGE_ADMIN = "PrivilegeAdmin";
|
||||||
private static final String PRIVILEGE_USER_ACCESS = "UserAccessPrivilege";
|
private static final String PRIVILEGE_USER_ACCESS = "UserAccessPrivilege";
|
||||||
private static final String ADMIN = "admin";
|
private static final String ADMIN = "admin";
|
||||||
private static final byte[] PASS_ADMIN = "admin".getBytes();
|
private static final char[] PASS_ADMIN = "admin".toCharArray();
|
||||||
private static final String BOB = "bob";
|
private static final String BOB = "bob";
|
||||||
private static final String TED = "ted";
|
private static final String TED = "ted";
|
||||||
private static final String SYSTEM_USER_ADMIN = "system_admin";
|
private static final String SYSTEM_USER_ADMIN = "system_admin";
|
||||||
private static final String SYSTEM_USER_ADMIN2 = "system_admin2";
|
private static final String SYSTEM_USER_ADMIN2 = "system_admin2";
|
||||||
private static final byte[] PASS_BOB = "admin1".getBytes();
|
private static final char[] PASS_BOB = "admin1".toCharArray();
|
||||||
private static final String ROLE_APP_USER = "AppUser";
|
private static final String ROLE_APP_USER = "AppUser";
|
||||||
private static final String ROLE_MY = "MyRole";
|
private static final String ROLE_MY = "MyRole";
|
||||||
private static final String ROLE_MY2 = "MyRole2";
|
private static final String ROLE_MY2 = "MyRole2";
|
||||||
private static final String ROLE_CHANGE_PW = "changePw";
|
private static final String ROLE_CHANGE_PW = "changePw";
|
||||||
private static final String ROLE_TEMP = "temp";
|
private static final String ROLE_TEMP = "temp";
|
||||||
private static final String ROLE_USER = "user";
|
private static final String ROLE_USER = "user";
|
||||||
private static final byte[] PASS_DEF = "def".getBytes();
|
private static final char[] PASS_DEF = "def".toCharArray();
|
||||||
private static final byte[] PASS_BAD = "123".getBytes();
|
private static final char[] PASS_BAD = "123".toCharArray();
|
||||||
private static final byte[] PASS_TED = "12345".getBytes();
|
private static final char[] PASS_TED = "12345".toCharArray();
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(PrivilegeTest.class);
|
private static final Logger logger = LoggerFactory.getLogger(PrivilegeTest.class);
|
||||||
|
|
||||||
|
@ -223,7 +223,7 @@ public class PrivilegeTest extends AbstractPrivilegeTest {
|
||||||
this.exception.expect(AccessDeniedException.class);
|
this.exception.expect(AccessDeniedException.class);
|
||||||
this.exception.expectMessage("User system_admin is a system user and may not login!");
|
this.exception.expectMessage("User system_admin is a system user and may not login!");
|
||||||
try {
|
try {
|
||||||
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.getBytes());
|
login(SYSTEM_USER_ADMIN, SYSTEM_USER_ADMIN.toCharArray());
|
||||||
} finally {
|
} finally {
|
||||||
logout();
|
logout();
|
||||||
}
|
}
|
||||||
|
|
|
@ -129,7 +129,7 @@ public class XmlTest {
|
||||||
|
|
||||||
assertEquals(6, containerModel.getParameterMap().size());
|
assertEquals(6, containerModel.getParameterMap().size());
|
||||||
assertEquals(3, containerModel.getPolicies().size());
|
assertEquals(3, containerModel.getPolicies().size());
|
||||||
assertEquals(1, containerModel.getEncryptionHandlerParameterMap().size());
|
assertEquals(3, containerModel.getEncryptionHandlerParameterMap().size());
|
||||||
assertEquals(3, containerModel.getPersistenceHandlerParameterMap().size());
|
assertEquals(3, containerModel.getPersistenceHandlerParameterMap().size());
|
||||||
|
|
||||||
// TODO extend assertions to actual model
|
// TODO extend assertions to actual model
|
||||||
|
@ -184,7 +184,9 @@ public class XmlTest {
|
||||||
User admin = findUser("admin", users);
|
User admin = findUser("admin", users);
|
||||||
assertEquals("1", admin.getUserId());
|
assertEquals("1", admin.getUserId());
|
||||||
assertEquals("admin", admin.getUsername());
|
assertEquals("admin", admin.getUsername());
|
||||||
assertEquals("8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918", admin.getPassword());
|
assertEquals("cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344",
|
||||||
|
StringHelper.getHexString(admin.getPassword()));
|
||||||
|
assertEquals("61646d696e", StringHelper.getHexString(admin.getSalt()));
|
||||||
assertEquals("Application", admin.getFirstname());
|
assertEquals("Application", admin.getFirstname());
|
||||||
assertEquals("Administrator", admin.getLastname());
|
assertEquals("Administrator", admin.getLastname());
|
||||||
assertEquals(UserState.ENABLED, admin.getUserState());
|
assertEquals(UserState.ENABLED, admin.getUserState());
|
||||||
|
@ -200,6 +202,7 @@ public class XmlTest {
|
||||||
assertEquals("2", systemAdmin.getUserId());
|
assertEquals("2", systemAdmin.getUserId());
|
||||||
assertEquals("system_admin", systemAdmin.getUsername());
|
assertEquals("system_admin", systemAdmin.getUsername());
|
||||||
assertEquals(null, systemAdmin.getPassword());
|
assertEquals(null, systemAdmin.getPassword());
|
||||||
|
assertEquals(null, systemAdmin.getSalt());
|
||||||
assertEquals("System User", systemAdmin.getFirstname());
|
assertEquals("System User", systemAdmin.getFirstname());
|
||||||
assertEquals("Administrator", systemAdmin.getLastname());
|
assertEquals("Administrator", systemAdmin.getLastname());
|
||||||
assertEquals(UserState.SYSTEM, systemAdmin.getUserState());
|
assertEquals(UserState.SYSTEM, systemAdmin.getUserState());
|
||||||
|
@ -264,9 +267,8 @@ public class XmlTest {
|
||||||
Role systemAdminPrivileges = findRole("system_admin_privileges", roles);
|
Role systemAdminPrivileges = findRole("system_admin_privileges", roles);
|
||||||
assertEquals("system_admin_privileges", systemAdminPrivileges.getName());
|
assertEquals("system_admin_privileges", systemAdminPrivileges.getName());
|
||||||
assertEquals(2, systemAdminPrivileges.getPrivilegeNames().size());
|
assertEquals(2, systemAdminPrivileges.getPrivilegeNames().size());
|
||||||
assertThat(systemAdminPrivileges.getPrivilegeNames(),
|
assertThat(systemAdminPrivileges.getPrivilegeNames(), containsInAnyOrder(
|
||||||
containsInAnyOrder("li.strolch.privilege.handler.SystemAction",
|
"li.strolch.privilege.handler.SystemAction", "li.strolch.privilege.test.model.TestSystemRestrictable"));
|
||||||
"li.strolch.privilege.test.model.TestSystemRestrictable"));
|
|
||||||
|
|
||||||
IPrivilege testSystemUserAction = systemAdminPrivileges
|
IPrivilege testSystemUserAction = systemAdminPrivileges
|
||||||
.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
||||||
|
@ -288,11 +290,9 @@ public class XmlTest {
|
||||||
Role restrictedRole = findRole("restrictedRole", roles);
|
Role restrictedRole = findRole("restrictedRole", roles);
|
||||||
assertEquals("restrictedRole", restrictedRole.getName());
|
assertEquals("restrictedRole", restrictedRole.getName());
|
||||||
assertEquals(1, restrictedRole.getPrivilegeNames().size());
|
assertEquals(1, restrictedRole.getPrivilegeNames().size());
|
||||||
assertThat(restrictedRole.getPrivilegeNames(),
|
assertThat(restrictedRole.getPrivilegeNames(), containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
|
||||||
containsInAnyOrder("li.strolch.privilege.handler.SystemAction"));
|
|
||||||
|
|
||||||
IPrivilege testSystemUserAction2 = restrictedRole
|
IPrivilege testSystemUserAction2 = restrictedRole.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
||||||
.getPrivilege("li.strolch.privilege.handler.SystemAction");
|
|
||||||
assertEquals("li.strolch.privilege.handler.SystemAction", testSystemUserAction2.getName());
|
assertEquals("li.strolch.privilege.handler.SystemAction", testSystemUserAction2.getName());
|
||||||
assertEquals("DefaultPrivilege", testSystemUserAction2.getPolicy());
|
assertEquals("DefaultPrivilege", testSystemUserAction2.getPolicy());
|
||||||
assertFalse(testSystemUserAction2.isAllAllowed());
|
assertFalse(testSystemUserAction2.isAllAllowed());
|
||||||
|
@ -341,16 +341,16 @@ public class XmlTest {
|
||||||
propertyMap.put("prop1", "value1");
|
propertyMap.put("prop1", "value1");
|
||||||
userRoles = new HashSet<>();
|
userRoles = new HashSet<>();
|
||||||
userRoles.add("role1");
|
userRoles.add("role1");
|
||||||
User user1 = new User("1", "user1", "blabla", "Bob", "White", UserState.DISABLED, userRoles, Locale.ENGLISH,
|
User user1 = new User("1", "user1", "blabla".getBytes(), "blabla".getBytes(), "Bob", "White",
|
||||||
propertyMap);
|
UserState.DISABLED, userRoles, Locale.ENGLISH, propertyMap);
|
||||||
users.add(user1);
|
users.add(user1);
|
||||||
|
|
||||||
propertyMap = new HashMap<>();
|
propertyMap = new HashMap<>();
|
||||||
propertyMap.put("prop2", "value2");
|
propertyMap.put("prop2", "value2");
|
||||||
userRoles = new HashSet<>();
|
userRoles = new HashSet<>();
|
||||||
userRoles.add("role2");
|
userRoles.add("role2");
|
||||||
User user2 = new User("2", "user2", "haha", "Leonard", "Sheldon", UserState.ENABLED, userRoles, Locale.ENGLISH,
|
User user2 = new User("2", "user2", "haha".getBytes(), "haha".getBytes(), "Leonard", "Sheldon",
|
||||||
propertyMap);
|
UserState.ENABLED, userRoles, Locale.ENGLISH, propertyMap);
|
||||||
users.add(user2);
|
users.add(user2);
|
||||||
|
|
||||||
File modelFile = new File("./target/test/PrivilegeUsersTest.xml");
|
File modelFile = new File("./target/test/PrivilegeUsersTest.xml");
|
||||||
|
@ -370,7 +370,8 @@ public class XmlTest {
|
||||||
assertEquals(user1.getFirstname(), parsedUser1.getFirstname());
|
assertEquals(user1.getFirstname(), parsedUser1.getFirstname());
|
||||||
assertEquals(user1.getLastname(), parsedUser1.getLastname());
|
assertEquals(user1.getLastname(), parsedUser1.getLastname());
|
||||||
assertEquals(user1.getLocale(), parsedUser1.getLocale());
|
assertEquals(user1.getLocale(), parsedUser1.getLocale());
|
||||||
assertEquals(user1.getPassword(), parsedUser1.getPassword());
|
assertTrue(Arrays.equals(user1.getPassword(), parsedUser1.getPassword()));
|
||||||
|
assertTrue(Arrays.equals(user1.getSalt(), parsedUser1.getSalt()));
|
||||||
assertEquals(user1.getProperties(), parsedUser1.getProperties());
|
assertEquals(user1.getProperties(), parsedUser1.getProperties());
|
||||||
assertEquals(user1.getUserId(), parsedUser1.getUserId());
|
assertEquals(user1.getUserId(), parsedUser1.getUserId());
|
||||||
assertEquals(user1.getUserState(), parsedUser1.getUserState());
|
assertEquals(user1.getUserState(), parsedUser1.getUserState());
|
||||||
|
@ -379,7 +380,8 @@ public class XmlTest {
|
||||||
assertEquals(user2.getFirstname(), parsedUser2.getFirstname());
|
assertEquals(user2.getFirstname(), parsedUser2.getFirstname());
|
||||||
assertEquals(user2.getLastname(), parsedUser2.getLastname());
|
assertEquals(user2.getLastname(), parsedUser2.getLastname());
|
||||||
assertEquals(user2.getLocale(), parsedUser2.getLocale());
|
assertEquals(user2.getLocale(), parsedUser2.getLocale());
|
||||||
assertEquals(user2.getPassword(), parsedUser2.getPassword());
|
assertTrue(Arrays.equals(user2.getPassword(), parsedUser2.getPassword()));
|
||||||
|
assertTrue(Arrays.equals(user2.getSalt(), parsedUser2.getSalt()));
|
||||||
assertEquals(user2.getProperties(), parsedUser2.getProperties());
|
assertEquals(user2.getProperties(), parsedUser2.getProperties());
|
||||||
assertEquals(user2.getUserId(), parsedUser2.getUserId());
|
assertEquals(user2.getUserId(), parsedUser2.getUserId());
|
||||||
assertEquals(user2.getUserState(), parsedUser2.getUserState());
|
assertEquals(user2.getUserState(), parsedUser2.getUserState());
|
||||||
|
|
|
@ -138,7 +138,7 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Certificate authenticate(String username, byte[] password) {
|
public Certificate authenticate(String username, char[] password) {
|
||||||
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
|
DBC.PRE.assertNotEmpty("Username must be set!", username); //$NON-NLS-1$
|
||||||
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
|
DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ import li.strolch.rest.model.UserSession;
|
||||||
*/
|
*/
|
||||||
public interface StrolchSessionHandler {
|
public interface StrolchSessionHandler {
|
||||||
|
|
||||||
public Certificate authenticate(String username, byte[] password);
|
public Certificate authenticate(String username, char[] password);
|
||||||
|
|
||||||
public Certificate validate(String authToken);
|
public Certificate validate(String authToken);
|
||||||
|
|
||||||
|
|
|
@ -92,7 +92,8 @@ public class AuthenticationService {
|
||||||
sb.append("Password was not given!"); //$NON-NLS-1$
|
sb.append("Password was not given!"); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] password = passwordE == null ? new byte[] {} : Base64.getDecoder().decode(passwordE.getAsString());
|
char[] password = passwordE == null ? new char[] {}
|
||||||
|
: new String(Base64.getDecoder().decode(passwordE.getAsString())).toCharArray();
|
||||||
if (password.length < 3) {
|
if (password.length < 3) {
|
||||||
if (sb.length() > 0)
|
if (sb.length() > 0)
|
||||||
sb.append("\n");
|
sb.append("\n");
|
||||||
|
@ -295,7 +296,7 @@ public class AuthenticationService {
|
||||||
String msg = "Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!";
|
String msg = "Authorization cookie is secure, but connection is not secure! Cookie won't be passed to client!";
|
||||||
logger.warn(msg);
|
logger.warn(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
|
NewCookie cookie = new NewCookie(StrolchRestfulConstants.STROLCH_AUTHORIZATION, certificate.getAuthToken(),
|
||||||
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
|
"/", null, "Authorization header", (int) TimeUnit.DAYS.toSeconds(1), secureCookie);
|
||||||
|
|
||||||
|
|
|
@ -360,7 +360,7 @@ public class PrivilegeUsersService {
|
||||||
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
|
PrivilegeSetUserPasswordService svc = new PrivilegeSetUserPasswordService();
|
||||||
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
|
PrivilegeSetUserPasswordArgument arg = new PrivilegeSetUserPasswordArgument();
|
||||||
arg.username = username;
|
arg.username = username;
|
||||||
arg.password = Base64.getDecoder().decode(password);
|
arg.password = new String(Base64.getDecoder().decode(password)).toCharArray();
|
||||||
|
|
||||||
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
|
ServiceResult svcResult = svcHandler.doService(cert, svc, arg);
|
||||||
if (svcResult.isOk()) {
|
if (svcResult.isOk()) {
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="1" username="admin" password="8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918">
|
<User userId="1" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -20,7 +20,7 @@
|
||||||
</Properties>
|
</Properties>
|
||||||
</User>
|
</User>
|
||||||
|
|
||||||
<User userId="2" username="bob" password="81b637d8fcd2c6da6359e6963113a1170de795e4b725b84d1e0b4cfd9ec58ce9">
|
<User userId="2" username="bob" password="d4466de3cad2a005930c4317ad0fcb307422c63b8febd5d7721195cd511edde5" salt="626f62">
|
||||||
<Firstname>Bob</Firstname>
|
<Firstname>Bob</Firstname>
|
||||||
<Lastname>Bernstein</Lastname>
|
<Lastname>Bernstein</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
</Roles>
|
</Roles>
|
||||||
|
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="jill" password="8cf37351b60f00084392043ce2e6256b96cea92949f90c7abce464cf164fbfa6">
|
<User userId="3" username="jill" password="b7d33c8305bf89ed21be111270310a7450198be8be6b362e52999c2500eb5218" salt="6a696c6c">
|
||||||
<Firstname>Jill</Firstname>
|
<Firstname>Jill</Firstname>
|
||||||
<Lastname>Johnson</Lastname>
|
<Lastname>Johnson</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
</Roles>
|
</Roles>
|
||||||
|
|
||||||
</User>
|
</User>
|
||||||
<User userId="4" username="sysAdmin" password="8cffb494ef5ff3f74a571206e141d4fb84f833e431b98c8b3be43727c4cbddc1">
|
<User userId="4" username="sysAdmin" password="fd6a5e8f6a59fbb18109444c5ea99ac326353cd664cc8d61a3a785081e7f4aa0" salt="73797341646d696e">
|
||||||
<Firstname>System User</Firstname>
|
<Firstname>System User</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>SYSTEM</State>
|
<State>SYSTEM</State>
|
||||||
|
|
|
@ -20,5 +20,5 @@ import li.strolch.service.api.ServiceArgument;
|
||||||
public class PrivilegeSetUserPasswordArgument extends ServiceArgument {
|
public class PrivilegeSetUserPasswordArgument extends ServiceArgument {
|
||||||
private static final long serialVersionUID = 1L;
|
private static final long serialVersionUID = 1L;
|
||||||
public String username;
|
public String username;
|
||||||
public byte[] password;
|
public char[] password;
|
||||||
}
|
}
|
||||||
|
|
|
@ -65,7 +65,7 @@ public abstract class AbstractRealmCommandTest {
|
||||||
runtimeMock.mockRuntime(rootPath, configSrc);
|
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
|
certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
|
||||||
importFromXml(REALM_CACHED, certificate, getServiceHandler());
|
importFromXml(REALM_CACHED, certificate, getServiceHandler());
|
||||||
importFromXml(REALM_TRANSACTIONAL, certificate, getServiceHandler());
|
importFromXml(REALM_TRANSACTIONAL, certificate, getServiceHandler());
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ public class MigrationsTest {
|
||||||
runtimeMock.mockRuntime(rootPath, configSrc);
|
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
@AfterClass
|
@AfterClass
|
||||||
|
|
|
@ -75,7 +75,7 @@ public abstract class AbstractRealmServiceTest {
|
||||||
runtimeMock.mockRuntime(rootPath, configSrc);
|
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), "test".getBytes());
|
this.certificate = runtimeMock.getPrivilegeHandler().authenticate(getUsername(), getUsername().toCharArray());
|
||||||
importFromXml(REALM_CACHED, this.certificate, getServiceHandler());
|
importFromXml(REALM_CACHED, this.certificate, getServiceHandler());
|
||||||
importFromXml(REALM_TRANSACTIONAL, this.certificate, getServiceHandler());
|
importFromXml(REALM_TRANSACTIONAL, this.certificate, getServiceHandler());
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,7 @@ public class GreetingServiceTest extends AbstractServiceTest {
|
||||||
GreetingArgument greetingArgument = new GreetingArgument();
|
GreetingArgument greetingArgument = new GreetingArgument();
|
||||||
greetingArgument.name = "Robert"; //$NON-NLS-1$
|
greetingArgument.name = "Robert"; //$NON-NLS-1$
|
||||||
|
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||||
try {
|
try {
|
||||||
GreetingResult greetingResult = getServiceHandler().doService(certificate, greetingService,
|
GreetingResult greetingResult = getServiceHandler().doService(certificate, greetingService,
|
||||||
greetingArgument);
|
greetingArgument);
|
||||||
|
|
|
@ -72,7 +72,7 @@ public class LockingTest {
|
||||||
}
|
}
|
||||||
|
|
||||||
public static Certificate login() {
|
public static Certificate login() {
|
||||||
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
return runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -74,7 +74,7 @@ public class ServiceTest extends AbstractServiceTest {
|
||||||
@Test
|
@Test
|
||||||
public void shouldFailWithNoAccess() {
|
public void shouldFailWithNoAccess() {
|
||||||
|
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||||
try {
|
try {
|
||||||
TestService testService = new TestService();
|
TestService testService = new TestService();
|
||||||
ServiceResult svcResult = getServiceHandler().doService(certificate, testService);
|
ServiceResult svcResult = getServiceHandler().doService(certificate, testService);
|
||||||
|
@ -88,7 +88,7 @@ public class ServiceTest extends AbstractServiceTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void shouldNotFailWithAccess() {
|
public void shouldNotFailWithAccess() {
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("jill", "jill".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||||
try {
|
try {
|
||||||
GreetingService service = new GreetingService();
|
GreetingService service = new GreetingService();
|
||||||
GreetingArgument argument = new GreetingArgument();
|
GreetingArgument argument = new GreetingArgument();
|
||||||
|
@ -103,7 +103,7 @@ public class ServiceTest extends AbstractServiceTest {
|
||||||
@Test
|
@Test
|
||||||
public void shouldNotFailWithLogin1() {
|
public void shouldNotFailWithLogin1() {
|
||||||
|
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||||
try {
|
try {
|
||||||
TestService testService = new TestService();
|
TestService testService = new TestService();
|
||||||
getServiceHandler().doService(certificate, testService);
|
getServiceHandler().doService(certificate, testService);
|
||||||
|
@ -114,7 +114,7 @@ public class ServiceTest extends AbstractServiceTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void shouldNotFailWithLogin2() {
|
public void shouldNotFailWithLogin2() {
|
||||||
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".getBytes()); //$NON-NLS-1$//$NON-NLS-2$
|
Certificate certificate = runtimeMock.getPrivilegeHandler().authenticate("bob", "bob".toCharArray()); //$NON-NLS-1$//$NON-NLS-2$
|
||||||
try {
|
try {
|
||||||
GreetingService service = new GreetingService();
|
GreetingService service = new GreetingService();
|
||||||
GreetingArgument argument = new GreetingArgument();
|
GreetingArgument argument = new GreetingArgument();
|
||||||
|
|
|
@ -54,7 +54,7 @@ public class XmlExportServiceTest {
|
||||||
runtimeMock.mockRuntime(rootPath, configSrc);
|
runtimeMock.mockRuntime(rootPath, configSrc);
|
||||||
runtimeMock.startContainer();
|
runtimeMock.startContainer();
|
||||||
|
|
||||||
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".getBytes());
|
certificate = runtimeMock.getPrivilegeHandler().authenticate("test", "test".toCharArray());
|
||||||
}
|
}
|
||||||
|
|
||||||
@AfterClass
|
@AfterClass
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="3" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
<Role>AppUser</Role>
|
<Role>AppUser</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="3" username="admin" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="3" username="admin" password="cb69962946617da006a2f95776d78b49e5ec7941d2bdb2d25cdb05f957f64344" salt="61646d696e">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
<Role>agent</Role>
|
<Role>agent</Role>
|
||||||
</Roles>
|
</Roles>
|
||||||
</User>
|
</User>
|
||||||
<User userId="2" username="test" password="9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08">
|
<User userId="2" username="test" password="fdd9d2def3475e1d5cc87107b87e14fd6adbca664c2874fc379a1e53931c0428" salt="74657374">
|
||||||
<Firstname>Application</Firstname>
|
<Firstname>Application</Firstname>
|
||||||
<Lastname>Administrator</Lastname>
|
<Lastname>Administrator</Lastname>
|
||||||
<State>ENABLED</State>
|
<State>ENABLED</State>
|
||||||
|
|
|
@ -10,7 +10,13 @@
|
||||||
|
|
||||||
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
<EncryptionHandler class="li.strolch.privilege.handler.DefaultEncryptionHandler">
|
||||||
<Parameters>
|
<Parameters>
|
||||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
<!-- WARNING: If you change iterations or keyLength, then all passwords are invalid -->
|
||||||
|
<!-- default algorithm is: PBKDF2WithHmacSHA512 -->
|
||||||
|
<Parameter name="hashAlgorithm" value="PBKDF2WithHmacSHA512" />
|
||||||
|
<!-- default iterations: 200000 -->
|
||||||
|
<Parameter name="hashIterations" value="10000" />
|
||||||
|
<!-- default key length: 256 -->
|
||||||
|
<Parameter name="hashKeyLength" value="256" />
|
||||||
</Parameters>
|
</Parameters>
|
||||||
</EncryptionHandler>
|
</EncryptionHandler>
|
||||||
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue