/** * Base64-decode the current stream. * * @return an iterator over the decoded bytes */ public ByteIterator base64Decode() { return base64Decode(Base64Alphabet.STANDARD, true); }
/** * Base64-decode the current stream. * * @param alphabet the alphabet to use * @return an iterator over the decoded bytes */ public ByteIterator base64Decode(final Base64Alphabet alphabet) { return base64Decode(alphabet, true); }
private static byte[] getReplayNonce(HttpURLConnection connection) throws AcmeException { String nonce = connection.getHeaderField(REPLAY_NONCE); if (nonce == null) { return null; } return CodePointIterator.ofString(nonce).base64Decode(BASE64_URL, false).drain(); }
private void parseCertificate(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) algorithm = "X.509"; if (format == null) format = X509_FORMAT; try { final CertificateFactory certificateFactory = CertificateFactory.getInstance(algorithm); credentials.add(new X509CertificateChainPublicCredential((X509Certificate) certificateFactory.generateCertificate( CodePointIterator.ofString(text).base64Decode().asInputStream()))); } catch (CertificateException | ClassCastException e) { throw ElytronMessages.log.fileSystemRealmCertificateReadError(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private void parsePublicKey(final List<Credential> credentials, final XMLStreamReader streamReader) throws RealmUnavailableException, XMLStreamException { parseCredential(streamReader, (algorithm, format, text) -> { if (algorithm == null) { throw ElytronMessages.log.fileSystemRealmMissingAttribute("algorithm", path, streamReader.getLocation().getLineNumber(), name); } if (format == null) { format = X509_FORMAT; } else if (!X509_FORMAT.equals(format)) { throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name); } try { KeyFactory keyFactory = KeyFactory.getInstance(algorithm); credentials.add(new PublicKeyCredential(keyFactory.generatePublic(new PKCS8EncodedKeySpec(CodePointIterator.ofString(text).base64Decode().drain())))); } catch (NoSuchAlgorithmException e) { throw ElytronMessages.log.fileSystemRealmUnsupportedKeyAlgorithm(format, path, streamReader.getLocation().getLineNumber(), name, e); } catch (InvalidKeySpecException e) { throw ElytronMessages.log.fileSystemRealmUnsupportedKeyFormat(format, path, streamReader.getLocation().getLineNumber(), name); } }); }
private static Password createSimpleDigestPassword(String algorithm, int prefixSize, byte[] userPassword) throws InvalidKeySpecException { int length = userPassword.length - prefixSize; byte[] digest = CodePointIterator.ofUtf8Bytes(userPassword, prefixSize, length).base64Decode().drain(); return SimpleDigestPassword.createRaw(algorithm, digest); }
private static Password createSaltedSimpleDigestPassword(String algorithm, int prefixSize, byte[] userPassword) throws InvalidKeySpecException { int length = userPassword.length - prefixSize; byte[] decoded = CodePointIterator.ofUtf8Bytes(userPassword, prefixSize, length).base64Decode().drain(); int digestLength = expectedDigestLengthBytes(algorithm); int saltLength = decoded.length - digestLength; if (saltLength < 1) { throw log.insufficientDataToFormDigestAndSalt(); } byte[] digest = new byte[digestLength]; byte[] salt = new byte[saltLength]; System.arraycopy(decoded, 0, digest, 0, digestLength); System.arraycopy(decoded, digestLength, salt, 0, saltLength); return SaltedSimpleDigestPassword.createRaw(algorithm, digest, salt); }
private static byte[] decodeColumn(String string, Encoding encoding) { switch (encoding) { case BASE64: return CodePointIterator.ofString(string).base64Decode(Base64Alphabet.STANDARD, false).drain(); case HEX: return CodePointIterator.ofString(string).hexDecode().drain(); } throw new IllegalStateException(); }
Password password = passwordFactory.generatePassword(new OneTimePasswordSpec( CodePointIterator.ofString((String) hash) .base64Decode(Base64Alphabet.STANDARD, false).drain(), (String) seed, Integer.parseInt((String) sequence)));
private void parsePassword(final List<Credential> credentials, final XMLStreamReader streamReader) throws XMLStreamException, RealmUnavailableException { parseCredential(streamReader, (algorithm, format, text) -> { try { if (BASE64_FORMAT.equals(format)) { if (algorithm == null) { throw ElytronMessages.log.fileSystemRealmMissingAttribute("algorithm", path, streamReader.getLocation().getLineNumber(), name); } byte[] passwordBytes = CodePointIterator.ofChars(text.toCharArray()).base64Decode().drain(); PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); PasswordSpec passwordSpec = BasicPasswordSpecEncoding.decode(passwordBytes); if (passwordSpec != null) { credentials.add(new PasswordCredential(passwordFactory.generatePassword(passwordSpec))); } else { throw ElytronMessages.log.fileSystemRealmInvalidPasswordAlgorithm(algorithm, path, streamReader.getLocation().getLineNumber(), name); } } else if (MCF_FORMAT.equals(format)) { credentials.add(new PasswordCredential(ModularCrypt.decode(text))); } else { throw ElytronMessages.log.fileSystemRealmInvalidPasswordFormat(format, path, streamReader.getLocation().getLineNumber(), name); } } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw ElytronMessages.log.fileSystemRealmInvalidContent(path, streamReader.getLocation().getLineNumber(), name); } }); }
private static Password createCryptBasedPassword(byte[] userPassword) throws InvalidKeySpecException { if (userPassword.length != 20) { throw log.insufficientDataToFormDigestAndSalt(); } final int lo = ModularCrypt.MOD_CRYPT.decode(userPassword[7] & 0xff); final int hi = ModularCrypt.MOD_CRYPT.decode(userPassword[8] & 0xff); if (lo == -1 || hi == -1) { throw log.invalidSalt((char) lo, (char) hi); } short salt = (short) (lo | hi << 6); byte[] hash = CodePointIterator.ofUtf8Bytes(userPassword, 9, 11).base64Decode(ModularCrypt.MOD_CRYPT, false).drain(); return UnixDESCryptPassword.createRaw(ALGORITHM_CRYPT_DES, salt, hash); }
private static Password parseUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { assert cryptString.length == 13; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString); // 12 bit salt int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); short salt = (short) (s0 | s1 << 6); // 64 bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(8).drain(); return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, salt, hash); }
private byte[] decodeUsingAlphabet(String payload) { if (picketBoxCompatibility) { return picketBoxBase64Decode(payload); } else { ByteIterator byteIterator = isBase64(alphabet) ? CodePointIterator.ofString(payload).base64Decode(getAlphabet64(alphabet), usePadding) : CodePointIterator.ofString(payload).base32Decode(getAlphabet32(alphabet)); return byteIterator.drain(); } }
ByteIterator byteIterator = isBase64(alphabet) ? CodePointIterator.ofString(encodedIV).base64Decode(getAlphabet64(alphabet), false) : CodePointIterator.ofString(encodedIV).base32Decode(getAlphabet32(alphabet), false); ivSpec = new IvParameterSpec(byteIterator.drain());
byte[] decodedSalt = r.limitedTo(22).base64Decode(BCRYPT, false).drain(); byte[] decodedPassword = r.limitedTo(31).base64Decode(BCRYPT, false).drain();
public byte[] handleServerResponse(byte[] serverMessage) { // got a successful response if (serverMessage.length == 0) { return null; } // otherwise, server responded with a error message try { String errorMessage = ByteIterator.ofBytes(serverMessage).asUtf8String().base64Decode().asUtf8String().drainToString(); log.debugf("Got error message from server [%s].", errorMessage); } catch (Exception e) { log.errorf(e, "Server returned an unexpected message that is probably an error but could not be parsed."); } // send a last message to abort the authentication return new ByteStringBuilder().append(KV_DELIMITER).toArray(); } }
private static Password parseUnixMD5CryptPasswordString(final char[] cryptString) throws InvalidKeySpecException { assert cryptString[0] == '$'; // previously tested by doIdentifyAlgorithm assert cryptString[1] == '1'; // previously tested by doIdentifyAlgorithm assert cryptString[2] == '$'; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString, 3); try { final byte[] salt = r.delimitedBy('$').drainToString().getBytes(StandardCharsets.ISO_8859_1); if (! r.hasNext()) { throw log.invalidKeySpecNoSaltTerminatorGiven(); } r.next(); // skip $ final byte[] decoded = r.base64Decode(MOD_CRYPT_LE, false).limitedTo(MD5_IDX_REV.length).drain(); if (decoded.length != MD5_IDX.length) { throw log.invalidHashLength(); } byte[] hash = ByteIterator.ofBytes(decoded, MD5_IDX_REV).drain(); return UnixMD5CryptPassword.createRaw(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5, salt, hash); } catch (NoSuchElementException e) { throw log.invalidKeySpecUnexpectedEndOfPasswordStringWithCause(e); } }
private static Password createBsdCryptBasedPassword(byte[] userPassword) throws InvalidKeySpecException { if (userPassword.length != 27) { throw log.insufficientDataToFormDigestAndSalt(); } int b0 = ModularCrypt.MOD_CRYPT.decode(userPassword[8] & 0xff); int b1 = ModularCrypt.MOD_CRYPT.decode(userPassword[9] & 0xff); int b2 = ModularCrypt.MOD_CRYPT.decode(userPassword[10] & 0xff); int b3 = ModularCrypt.MOD_CRYPT.decode(userPassword[11] & 0xff); if (b0 == -1 || b1 == -1 || b2 == -1 || b3 == -1) { throw log.invalidRounds((char) b0, (char) b1, (char) b2, (char) b3); } int iterationCount = b0 | b1 << 6 | b2 << 12 | b3 << 18; b0 = ModularCrypt.MOD_CRYPT.decode(userPassword[12] & 0xff); b1 = ModularCrypt.MOD_CRYPT.decode(userPassword[13] & 0xff); b2 = ModularCrypt.MOD_CRYPT.decode(userPassword[14] & 0xff); b3 = ModularCrypt.MOD_CRYPT.decode(userPassword[15] & 0xff); if (b0 == -1 || b1 == -1 || b2 == -1 || b3 == -1) { throw log.invalidSalt((char) b0, (char) b1, (char) b2, (char) b3); } int salt = b0 | b1 << 6 | b2 << 12 | b3 << 18; byte[] hash = CodePointIterator.ofUtf8Bytes(userPassword, 16, 11).base64Decode(ModularCrypt.MOD_CRYPT, false).drain(); return BSDUnixDESCryptPassword.createRaw(ALGORITHM_BSD_CRYPT_DES, hash, salt, iterationCount); }
public ScramFinalServerMessage parseFinalServerMessage(final byte[] messageBytes) throws AuthenticationMechanismException { final ByteIterator bi = ByteIterator.ofBytes(messageBytes); final byte[] sig; try { int c = bi.next(); if (c == 'e') { if (bi.next() == '=') { throw saslScram.scramServerRejectedAuthentication(ScramServerErrorCode.fromErrorString(bi.delimitedBy(',').asUtf8String().drainToString())); } throw saslScram.mechInvalidMessageReceived(); } else if (c == 'v' && bi.next() == '=') { sig = bi.delimitedBy(',').asUtf8String().base64Decode().drain(); } else { throw saslScram.mechInvalidMessageReceived(); } if (bi.hasNext()) { throw saslScram.mechInvalidMessageReceived(); } } catch (IllegalArgumentException e) { throw saslScram.mechInvalidMessageReceived(); } return new ScramFinalServerMessage(sig, messageBytes); }
private static Password parseBSDUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { // Note that crypt strings have the format: "_{rounds}{salt}{hash}" as described // in the "DES Extended Format" section here: http://www.freebsd.org/cgi/man.cgi?crypt(3) assert cryptString.length == 20; assert cryptString[0] == '_'; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString, 1); // The next 4 characters correspond to the encoded number of rounds - this is decoded to a 24-bit integer int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); int s2 = MOD_CRYPT.decode(r.next()); int s3 = MOD_CRYPT.decode(r.next()); int iterationCount = s0 | s1 << 6 | s2 << 12 | s3 << 18; // The next 4 characters correspond to the encoded salt - this is decoded to a 24-bit integer s0 = MOD_CRYPT.decode(r.next()); s1 = MOD_CRYPT.decode(r.next()); s2 = MOD_CRYPT.decode(r.next()); s3 = MOD_CRYPT.decode(r.next()); int salt = s0 | s1 << 6 | s2 << 12 | s3 << 18; // The final 11 characters correspond to the encoded password - this is decoded to a 64-bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(11).drain(); return BSDUnixDESCryptPassword.createRaw(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, hash, salt, iterationCount); }