public static final String encryptPassword(final String iPassword) { return OSecurityManager.instance() .createHash(iPassword, OGlobalConfiguration.SECURITY_USER_PASSWORD_DEFAULT_ALGORITHM.getValueAsString(), true); }
public String createHashWithSalt(final String iPassword, final int iIterations, final String algorithm) { final SecureRandom random = new SecureRandom(); final byte[] salt = new byte[SALT_SIZE]; random.nextBytes(salt); // Hash the password final byte[] hash = getPbkdf2(iPassword, salt, iIterations, HASH_SIZE, validateAlgorithm(algorithm)); return byteArrayToHexStr(hash) + ":" + byteArrayToHexStr(salt) + ":" + iIterations; }
public boolean checkPassword(final String iPassword) { return OSecurityManager.instance().checkPassword(iPassword, (String) document.field(PASSWORD_FIELD)); }
public String createSHA256(final String iInput) { return byteArrayToHexStr(digestSHA256(iInput)); }
/** * Checks if an hash string matches a password, based on the algorithm found on hash string. * * @param iHash * Hash string. Can contain the algorithm as prefix in the format <code>{ALGORITHM}-HASH</code>. * @param iPassword * @return */ public boolean checkPassword(final String iPassword, final String iHash) { if (iHash.startsWith(HASH_ALGORITHM_PREFIX)) { final String s = iHash.substring(HASH_ALGORITHM_PREFIX.length()); return createSHA256(iPassword).equals(s); } else if (iHash.startsWith(PBKDF2_ALGORITHM_PREFIX)) { final String s = iHash.substring(PBKDF2_ALGORITHM_PREFIX.length()); return checkPasswordWithSalt(iPassword, s, PBKDF2_ALGORITHM); } else if (iHash.startsWith(PBKDF2_SHA256_ALGORITHM_PREFIX)) { final String s = iHash.substring(PBKDF2_SHA256_ALGORITHM_PREFIX.length()); return checkPasswordWithSalt(iPassword, s, PBKDF2_SHA256_ALGORITHM); } // Do not compare raw strings against each other, to avoid timing attacks. // Instead, hash them both with a cryptographic hash function and // compare their hashes with a constant-time comparison method. return MessageDigest.isEqual(digestSHA256(iPassword), digestSHA256(iHash)); }
public boolean checkPasswordWithSalt(final String iPassword, final String iHash, final String algorithm) { if (!isAlgorithmSupported(algorithm)) { OLogManager.instance().error(this, "The password hash algorithm is not supported: %s", null, algorithm); return false; } // SPLIT PARTS final String[] params = iHash.split(":"); if (params.length != 3) throw new IllegalArgumentException("Hash does not contain the requested parts: <hash>:<salt>:<iterations>"); final byte[] hash = hexToByteArray(params[0]); final byte[] salt = hexToByteArray(params[1]); final int iterations = Integer.parseInt(params[2]); final byte[] testHash = getPbkdf2(iPassword, salt, iterations, hash.length, algorithm); return MessageDigest.isEqual(hash, testHash); }
final String algorithm = validateAlgorithm(iAlgorithm); transformed = createSHA256(iInput); } else if (PBKDF2_ALGORITHM.equalsIgnoreCase(algorithm)) { transformed = createHashWithSalt(iInput, OGlobalConfiguration.SECURITY_USER_PASSWORD_SALT_ITERATIONS.getValueAsInteger(), algorithm); } else if (PBKDF2_SHA256_ALGORITHM.equalsIgnoreCase(algorithm)) { transformed = createHashWithSalt(iInput, OGlobalConfiguration.SECURITY_USER_PASSWORD_SALT_ITERATIONS.getValueAsInteger(), algorithm); } else
public OSharedContextEmbedded(OStorage storage) { schema = new OSchemaEmbedded(this); security = OSecurityManager.instance().newSecurity(); indexManager = new OIndexManagerShared(storage); functionLibrary = new OFunctionLibraryImpl(); scheduler = new OSchedulerImpl(); sequenceLibrary = new OSequenceLibraryImpl(); liveQueryOps = new OLiveQueryHook.OLiveQueryOps(); liveQueryOpsV2 = new OLiveQueryHookV2.OLiveQueryOps(); commandCache = new OCommandCacheSoftRefs(storage.getUnderlying()); statementCache = new OStatementCache( storage.getConfiguration().getContextConfiguration().getValueAsInteger(OGlobalConfiguration.STATEMENT_CACHE_SIZE)); executionPlanCache = new OExecutionPlanCache( storage.getConfiguration().getContextConfiguration().getValueAsInteger(OGlobalConfiguration.STATEMENT_CACHE_SIZE)); this.registerListener(executionPlanCache); queryStats = new OQueryStats(); activeDistributedQueries = new HashMap<>(); ((OAbstractPaginatedStorage) storage).setStorageConfigurationUpdateListener(update -> { for (OMetadataUpdateListener listener : browseListeners()) { listener.onStorageConfigurationUpdate(storage.getName(), update); } }); }
@Override public Object execute(final Object iThis, final OIdentifiable iCurrentRecord, final OCommandContext iContext, final Object ioResult, final Object[] iParams) { if (iThis == null) return null; final String algorithm = iParams.length > 0 ? iParams[0].toString() : OSecurityManager.HASH_ALGORITHM; try { return OSecurityManager.createHash(iThis.toString(), algorithm); } catch (NoSuchAlgorithmException e) { throw OException.wrapException(new OCommandExecutionException("hash(): algorithm '" + algorithm + "' is not supported"), e); } catch (UnsupportedEncodingException e) { throw OException.wrapException(new OCommandExecutionException("hash(): encoding 'UTF-8' is not supported"), e); } } }
public static String createHash(final String iInput, String iAlgorithm) throws NoSuchAlgorithmException, UnsupportedEncodingException { if (iAlgorithm == null) iAlgorithm = HASH_ALGORITHM; final MessageDigest msgDigest = MessageDigest.getInstance(iAlgorithm); return byteArrayToHexStr(msgDigest.digest(iInput.getBytes("UTF-8"))); }
public boolean checkPasswordWithSalt(final String iPassword, final String iHash) { return checkPasswordWithSalt(iPassword, iHash, OGlobalConfiguration.SECURITY_USER_PASSWORD_DEFAULT_ALGORITHM.getValueAsString()); }
private byte[] getPbkdf2(final String iPassword, final byte[] salt, final int iterations, final int bytes, final String algorithm) { String cacheKey = null; final String hashedPassword = createSHA256(iPassword + new String(salt)); if (SALT_CACHE != null) { // SEARCH IN CACHE FIRST cacheKey = hashedPassword + "|" + Arrays.toString(salt) + "|" + iterations + "|" + bytes; final byte[] encoded = SALT_CACHE.get(cacheKey); if (encoded != null) return encoded; } final PBEKeySpec spec = new PBEKeySpec(iPassword.toCharArray(), salt, iterations, bytes * 8); final SecretKeyFactory skf; try { skf = SecretKeyFactory.getInstance(algorithm); final byte[] encoded = skf.generateSecret(spec).getEncoded(); if (SALT_CACHE != null) { // SAVE IT IN CACHE SALT_CACHE.put(cacheKey, encoded); } return encoded; } catch (Exception e) { throw OException.wrapException(new OSecurityException("Cannot create a key with '" + algorithm + "' algorithm"), e); } }
public String createHashWithSalt(final String iPassword) { return createHashWithSalt(iPassword, OGlobalConfiguration.SECURITY_USER_PASSWORD_SALT_ITERATIONS.getValueAsInteger(), OGlobalConfiguration.SECURITY_USER_PASSWORD_DEFAULT_ALGORITHM.getValueAsString()); }
@SuppressWarnings("unchecked") @ConsoleCommand(description = "Set a server user. If the user already exists, the password and permissions are updated. For more information look at http://orientdb.com/docs/last/Security.html#orientdb-server-security", onlineHelp = "Console-Command-Set-Server-User") public void setServerUser(@ConsoleParameter(name = "user-name", description = "User name") String iServerUserName, @ConsoleParameter(name = "user-password", description = "User password") String iServerUserPasswd, @ConsoleParameter(name = "user-permissions", description = "Permissions, look at http://orientdb.com/docs/last/Security.html#servers-resources") String iPermissions) { if (iServerUserName == null || iServerUserName.length() == 0) throw new IllegalArgumentException("User name null or empty"); if (iPermissions == null || iPermissions.length() == 0) throw new IllegalArgumentException("User permissions null or empty"); final File serverCfgFile = new File("../config/orientdb-server-config.xml"); if (!serverCfgFile.exists()) throw new OConfigurationException("Cannot access to file " + serverCfgFile); try { final OServerConfigurationManager serverCfg = new OServerConfigurationManager(serverCfgFile); final String defAlgo = OGlobalConfiguration.SECURITY_USER_PASSWORD_DEFAULT_ALGORITHM.getValueAsString(); final String hashedPassword = OSecurityManager.instance().createHash(iServerUserPasswd, defAlgo, true); serverCfg.setUser(iServerUserName, hashedPassword, iPermissions); serverCfg.saveConfiguration(); message("\nServer user '%s' set correctly", iServerUserName); } catch (Exception e) { error("\nError on loading %s file: %s", serverCfgFile, e.toString()); } }
public boolean checkPassword(final String iPassword) { return OSecurityManager.instance().checkPassword(iPassword, getPassword()); }
public OUser authenticate(final String username, final String password) { if (delegate == null) throw new OSecurityAccessException("OSymmetricKeySecurity.authenticate() Delegate is null for username: " + username); if (database == null) throw new OSecurityAccessException("OSymmetricKeySecurity.authenticate() Database is null for username: " + username); final String dbName = database.getName(); OUser user = delegate.getUser(username); if (user == null) throw new OSecurityAccessException(dbName, "OSymmetricKeySecurity.authenticate() Username or Key is invalid for username: " + username); if (user.getAccountStatus() != OSecurityUser.STATUSES.ACTIVE) throw new OSecurityAccessException(dbName, "OSymmetricKeySecurity.authenticate() User '" + username + "' is not active"); try { OUserSymmetricKeyConfig userConfig = new OUserSymmetricKeyConfig(user); OSymmetricKey sk = OSymmetricKey.fromConfig(userConfig); String decryptedUsername = sk.decryptAsString(password); if (OSecurityManager.instance().checkPassword(username, decryptedUsername)) return user; } catch (Exception ex) { throw OException.wrapException(new OSecurityAccessException(dbName, "OSymmetricKeySecurity.authenticate() Exception for database: " + dbName + ", username: " + username + " " + ex .getMessage()), ex); } throw new OSecurityAccessException(dbName, "OSymmetricKeySecurity.authenticate() Username or Key is invalid for database: " + dbName + ", username: " + username); }