private boolean passwordEquals(ProtectedStringType newPasswordPs, ProtectedStringType currentPassword) throws SchemaException { if (currentPassword == null) { return newPasswordPs == null; } try { return protector.compare(newPasswordPs, currentPassword); } catch (EncryptionException e) { throw new SystemException("Failed to compare " + shortDesc + ": " + e.getMessage(), e); } } }
private boolean isMatching(String newPassword, PrismProperty<Object> objectProperty) { for (Object objectRealValue: objectProperty.getRealValues()) { if (objectRealValue instanceof String) { if (newPassword.equals(objectRealValue)) { return true; } } else if (objectRealValue instanceof ProtectedStringType) { ProtectedStringType newPasswordPs = new ProtectedStringType(); newPasswordPs.setClearValue(newPassword); try { if (protector.compare(newPasswordPs, (ProtectedStringType)objectRealValue)) { return true; } } catch (SchemaException | EncryptionException e) { throw new SystemException(e); } } else { if (newPassword.equals(objectRealValue.toString())) { return true; } } } return false; }
protected boolean decryptAndMatch(ConnectionEnvironment connEnv, @NotNull MidPointPrincipal principal, ProtectedStringType protectedString, String enteredPassword) { ProtectedStringType entered = new ProtectedStringType(); entered.setClearValue(enteredPassword); try { return protector.compare(entered, protectedString); } catch (SchemaException | EncryptionException e) { // This is a serious error. It is not business as usual (e.g. wrong password or missing authorization). // This is either bug or serious misconfiguration (e.g. missing decryption key in keystore). // We do not want to just audit the failure. That would just log it on debug level. // But that would be too hard for system administrator to figure out what is going on - especially // if the administrator himself cannot log in. Therefore explicitly log those errors here. LOGGER.error("Error dealing with credentials of user \"{}\" credentials: {}", principal.getUsername(), e.getMessage()); recordAuthenticationFailure(principal, connEnv, "error decrypting password: "+e.getMessage()); throw new AuthenticationServiceException("web.security.provider.unavailable", e); } }
protected boolean compareProtectedString(String expectedClearValue, ProtectedStringType actualValue, CredentialsStorageTypeType storageType) throws EncryptionException, SchemaException { switch (storageType) { case NONE: return actualValue == null; case ENCRYPTION: if (actualValue == null) { return false; } if (!actualValue.isEncrypted()) { return false; } String actualClearPassword = protector.decryptString(actualValue); return expectedClearValue.equals(actualClearPassword); case HASHING: if (actualValue == null) { return false; } if (!actualValue.isHashed()) { return false; } ProtectedStringType expectedPs = new ProtectedStringType(); expectedPs.setClearValue(expectedClearValue); return protector.compare(actualValue, expectedPs); default: throw new IllegalArgumentException("Unknown storage "+storageType); } }
private void assertPasswords(String password, ProtectedStringType passwordAfterChange) throws SchemaException, EncryptionException { ProtectedStringType protectedStringType = new ProtectedStringType(); protectedStringType.setClearValue(password); AssertJUnit.assertTrue("Password doesn't match", protector.compare(protectedStringType, passwordAfterChange)); }
expectedProtectedString.setClearValue((String) expectedValue); if (protector.compare(repoProtectedString, expectedProtectedString)) { return ItemComparisonResult.MATCH; } else {
boolean compare1 = protector256.compare(pst, checkPstClear); boolean compare2 = protector256.compare(checkPstClear, pst); boolean compare3 = protector256.compare(pst, checkPstEnc); boolean compare4 = protector256.compare(checkPstEnc, pst); boolean compare5 = protector256.compare(pst, wrongPst); boolean compare6 = protector256.compare(wrongPst, pst); boolean compare7 = protector256.compare(pst, wrongPstEnc); boolean compare8 = protector256.compare(wrongPstEnc, pst); boolean compare9 = protector256.compare(pst, checkPstClear); boolean compare10 = protector256.compare(checkPstClear, pst); boolean compare1e = protector256.compare(checkPstClear, pstEncHash); boolean compare2e = protector256.compare(pstEncHash, checkPstClear); boolean compare3e = protector256.compare(pstEncHash, checkPstEnc); boolean compare4e = protector256.compare(checkPstEnc, pstEncHash);
expectedPs.setClearValue(expectedClearValue); assertTrue(message+": hash does not match, expected "+expectedClearValue+", but was "+actualValue, protector.compare(actualValue, expectedPs)); assertFalse(message+": unexpected encrypted value: "+actualValue, actualValue.isEncrypted()); assertNull(message+": unexpected clear value: "+actualValue, actualValue.getClearValue());
@Override public boolean checkPassword(String userOid, ProtectedStringType password, Task task, OperationResult parentResult) throws ObjectNotFoundException, SchemaException { OperationResult result = parentResult.createMinorSubresult(CHECK_PASSWORD); UserType userType; try { userType = objectResolver.getObjectSimple(UserType.class, userOid, null, task, result); } catch (ObjectNotFoundException e) { result.recordFatalError(e); throw e; } if (userType.getCredentials() == null || userType.getCredentials().getPassword() == null || userType.getCredentials().getPassword().getValue() == null) { return password == null; } ProtectedStringType currentPassword = userType.getCredentials().getPassword().getValue(); boolean cmp; try { cmp = protector.compare(password, currentPassword); } catch (EncryptionException e) { result.recordFatalError(e); throw new SystemException(e.getMessage(),e); } result.recordSuccess(); return cmp; }
ProtectedStringType oldUserPassword = userPasswordDeltaOldValues.iterator().next().getRealValue(); try { if (oldUserPassword.canGetCleartext() && protector.compare(oldUserPassword, oldProjectionPassword)) { outputTriple.clearMinusSet(); outputTriple.addToMinusSet(prismContext.itemFactory().createPropertyValue(oldUserPassword));
ProtectedStringType targetPropertyNewValue = (ProtectedStringType) targetPropertyNew.getRealValue(); try { if (protector.compare(resultValue, targetPropertyNewValue)) { delta = null; } else {