private void parseEncodedPassword(final String password) { if (password != null && password.startsWith("{")) { int closingBracketIndex = password.indexOf('}'); String digest = password.substring(1, password.indexOf('}')); if (digest != null) { digest = digest.toUpperCase(); } try { encodedPassword = password.substring(closingBracketIndex + 1); cipher = CipherAlgorithm.valueOf(digest); } catch (IllegalArgumentException e) { LOG.error("Cipher algorithm not allowed: {}", digest, e); encodedPassword = null; } } }
public String decode(final String encodedValue, final CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { String value = null; if (encodedValue != null && cipherAlgorithm == CipherAlgorithm.AES) { final byte[] encoded = encodedValue.getBytes(StandardCharsets.UTF_8); final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, keySpec); value = new String(cipher.doFinal(Base64.getDecoder().decode(encoded)), StandardCharsets.UTF_8); } return value; }
@Override public boolean canDecodePassword() { return this.cipherAlgorithm != null && this.cipherAlgorithm.isInvertible(); }
private void setPassword(final User user, final String password, final SyncopeClientCompositeException scce) { try { String algorithm = confDAO.find("password.cipher.algorithm", CipherAlgorithm.AES.name()); user.setPassword(password, CipherAlgorithm.valueOf(algorithm)); } catch (IllegalArgumentException e) { SyncopeClientException invalidCiperAlgorithm = SyncopeClientException.build(ClientExceptionType.NotFound); invalidCiperAlgorithm.getElements().add(e.getMessage()); scce.addException(invalidCiperAlgorithm); throw scce; } }
private boolean cipherAlgorithmMatches(final String connectorAlgorithm, final CipherAlgorithm userAlgorithm) { if (userAlgorithm == null) { return false; } if (connectorAlgorithm.equals(userAlgorithm.name())) { return true; } // Special check for "SHA" (user sync'd from LDAP) return "SHA1".equals(connectorAlgorithm) && "SHA".equals(userAlgorithm.name()); }
new PropertyModel<>(schemaTO, "cipherAlgorithm")); cipherAlgorithm.setChoices(Arrays.asList(CipherAlgorithm.values()));
private boolean cipherAlgorithmMatches(final String connectorAlgorithm, final CipherAlgorithm userAlgorithm) { if (userAlgorithm == null) { return false; } if (connectorAlgorithm.equals(userAlgorithm.name())) { return true; } // Special check for "SHA" and "SSHA" (user pulled from LDAP) if (("SHA".equals(connectorAlgorithm) && userAlgorithm.name().startsWith("SHA")) || ("SSHA".equals(connectorAlgorithm) && userAlgorithm.name().startsWith("SSHA"))) { return true; } return false; }
new PropertyModel<>(modelObject.getPlainSchemaTO(), "cipherAlgorithm")); cipherAlgorithm.setChoices(Arrays.asList(CipherAlgorithm.values()));
private void parseEncodedPassword(final String password, final Connector connector) { if (password != null) { ConnInstance connInstance = connector.getConnInstance(); String cipherAlgorithm = getCipherAlgorithm(connInstance); if (!CLEARTEXT.equals(cipherAlgorithm)) { try { encodedPassword = password; cipher = CipherAlgorithm.valueOf(cipherAlgorithm); } catch (IllegalArgumentException e) { LOG.error("Cipher algorithm not allowed: {}", cipherAlgorithm, e); encodedPassword = null; } } } }
public String decode(final String encodedValue, final CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { String value = null; if (encodedValue != null && cipherAlgorithm == CipherAlgorithm.AES) { final byte[] encoded = encodedValue.getBytes(StandardCharsets.UTF_8); final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm()); cipher.init(Cipher.DECRYPT_MODE, keySpec); value = new String(cipher.doFinal(Base64.getDecoder().decode(encoded)), StandardCharsets.UTF_8); } return value; }
authenticated = ENCRYPTOR.verify( authentication.getCredentials().toString(), CipherAlgorithm.valueOf(adminPasswordAlgorithm), adminPassword); } else {
private Encryptor(final String secretKey) { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); int length = 16 - actualKey.length(); String randomChars = SecureRandomUtils.generateRandomPassword(length); actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); LOG.warn("The secret key is too short (< 16), adding some random characters. " + "Passwords encrypted with AES and this key will not be recoverable " + "as a result if the container is restarted."); } try { keySpec = new SecretKeySpec(ArrayUtils.subarray( actualKey.getBytes(StandardCharsets.UTF_8), 0, 16), CipherAlgorithm.AES.getAlgorithm()); } catch (Exception e) { LOG.error("Error during key specification", e); } }
authenticated = ENCRYPTOR.verify( authentication.getCredentials().toString(), CipherAlgorithm.valueOf(adminPasswordAlgorithm), adminPassword); } else {
private Encryptor(final String secretKey) { String actualKey = secretKey; if (actualKey.length() < 16) { StringBuilder actualKeyPadding = new StringBuilder(actualKey); int length = 16 - actualKey.length(); String randomChars = SecureRandomUtils.generateRandomPassword(length); actualKeyPadding.append(randomChars); actualKey = actualKeyPadding.toString(); LOG.warn("The secret key is too short (< 16), adding some random characters. " + "Passwords encrypted with AES and this key will not be recoverable " + "as a result if the container is restarted."); } try { keySpec = new SecretKeySpec(ArrayUtils.subarray( actualKey.getBytes(StandardCharsets.UTF_8), 0, 16), CipherAlgorithm.AES.getAlgorithm()); } catch (Exception e) { LOG.error("Error during key specification", e); } }
public String encode(final String value, final CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { String encodedValue = null; if (value != null) { if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) { final byte[] cleartext = value.getBytes(StandardCharsets.UTF_8); final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, keySpec); encodedValue = new String(Base64.getEncoder().encode(cipher.doFinal(cleartext))); } else if (cipherAlgorithm == CipherAlgorithm.BCRYPT) { encodedValue = BCrypt.hashpw(value, BCrypt.gensalt()); } else { encodedValue = getDigester(cipherAlgorithm).digest(value); } } return encodedValue; }
public String encode(final String value, final CipherAlgorithm cipherAlgorithm) throws UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { String encodedValue = null; if (value != null) { if (cipherAlgorithm == null || cipherAlgorithm == CipherAlgorithm.AES) { final byte[] cleartext = value.getBytes(StandardCharsets.UTF_8); final Cipher cipher = Cipher.getInstance(CipherAlgorithm.AES.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, keySpec); encodedValue = new String(Base64.getEncoder().encode(cipher.doFinal(cleartext))); } else if (cipherAlgorithm == CipherAlgorithm.BCRYPT) { encodedValue = BCrypt.hashpw(value, BCrypt.gensalt()); } else { encodedValue = getDigester(cipherAlgorithm).digest(value); } } return encodedValue; }
private StandardStringDigester getDigester(final CipherAlgorithm cipherAlgorithm) { StandardStringDigester digester = digesters.get(cipherAlgorithm); if (digester == null) { digester = new StandardStringDigester(); if (cipherAlgorithm.getAlgorithm().startsWith("S-")) { // Salted ... digester.setAlgorithm(cipherAlgorithm.getAlgorithm().replaceFirst("S\\-", "")); digester.setIterations(SALT_ITERATIONS); digester.setSaltSizeBytes(SALT_SIZE_BYTES); digester.setInvertPositionOfPlainSaltInEncryptionResults(IPOPSIER); digester.setInvertPositionOfSaltInMessageBeforeDigesting(IPOSIMBD); digester.setUseLenientSaltSizeCheck(ULSSC); } else { // Not salted ... digester.setAlgorithm(cipherAlgorithm.getAlgorithm()); digester.setIterations(1); digester.setSaltSizeBytes(0); } digester.setStringOutputType(CommonUtils.STRING_OUTPUT_TYPE_HEXADECIMAL); digesters.put(cipherAlgorithm, digester); } return digester; } }
private StandardStringDigester getDigester(final CipherAlgorithm cipherAlgorithm) { StandardStringDigester digester = new StandardStringDigester(); if (cipherAlgorithm.getAlgorithm().startsWith("S-")) { // Salted ... digester.setAlgorithm(cipherAlgorithm.getAlgorithm().replaceFirst("S\\-", "")); digester.setIterations(SALT_ITERATIONS); digester.setSaltSizeBytes(SALT_SIZE_BYTES); digester.setInvertPositionOfPlainSaltInEncryptionResults(IPOPSIER); digester.setInvertPositionOfSaltInMessageBeforeDigesting(IPOSIMBD); digester.setUseLenientSaltSizeCheck(ULSSC); } else { // Not salted ... digester.setAlgorithm(cipherAlgorithm.getAlgorithm()); digester.setIterations(1); digester.setSaltSizeBytes(0); } digester.setStringOutputType(CommonUtils.STRING_OUTPUT_TYPE_HEXADECIMAL); return digester; } }