public static UserCredentialValueModel encode(KeycloakSession session, PasswordPolicy passwordPolicy, String rawPassword) { String algorithm = passwordPolicy.getHashAlgorithm(); int iterations = passwordPolicy.getHashIterations(); if (iterations < 1) { iterations = 1; } PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, passwordPolicy.getHashAlgorithm()); if (provider == null) { log.warnv("Could not find hash provider {0} from password policy, using default provider {1}", algorithm, Constants.DEFAULT_HASH_ALGORITHM); provider = session.getProvider(PasswordHashProvider.class, Constants.DEFAULT_HASH_ALGORITHM); } return provider.encode(rawPassword, iterations); }
public static boolean verify(KeycloakSession session, PasswordPolicy passwordPolicy, String password, UserCredentialValueModel credential) { String algorithm = credential.getAlgorithm() != null ? credential.getAlgorithm() : passwordPolicy.getHashAlgorithm(); PasswordHashProvider provider = session.getProvider(PasswordHashProvider.class, algorithm); if (provider == null) { log.warnv("Could not find hash provider {0} for password", algorithm); return false; } return provider.verify(password, credential); }
private Set<String> getPasswordHashAlgorithms() { Set<String> hashAlgos = new HashSet<>(); boolean enmasseRealmsFound = false; KeycloakSession keycloakSession = keycloakSessionFactory.create(); KeycloakTransactionManager transactionManager = keycloakSession.getTransactionManager(); transactionManager.begin(); try { List<RealmModel> realms = keycloakSession.realms().getRealms(); for(RealmModel realm : realms) { if(realm.getAttribute("enmasse-realm",Boolean.FALSE)) { enmasseRealmsFound = true; hashAlgos.add(realm.getPasswordPolicy().getHashAlgorithm()); } } } finally { transactionManager.commit(); keycloakSession.close(); } if(!enmasseRealmsFound) { LOG.warn("No realms with attribute \"enmasse-realm\" found, only universally accepted SASL mechanisms will be offered"); } return hashAlgos; }