/** * Get a code point iterator for a character array. * * @param chars the array * @param offs the array offset * @return the code point iterator */ public static CodePointIterator ofChars(final char[] chars, final int offs) { return ofChars(chars, offs, chars.length - offs); }
/** * Get a code point iterator for a character array. * * @param chars the array * @return the code point iterator */ public static CodePointIterator ofChars(final char[] chars) { return ofChars(chars, 0, chars.length); }
private static byte[] mask(final String algorithm, final char[] initialKeyMaterial, final int iterationCount, final byte[] salt, final char[] chars) throws InvalidKeySpecException { final Cipher cipher = getCipher(algorithm, initialKeyMaterial, iterationCount, salt, Cipher.ENCRYPT_MODE); try { return cipher.doFinal(CodePointIterator.ofChars(chars).asUtf8().drain()); } catch (IllegalBlockSizeException | BadPaddingException e) { throw new InvalidKeySpecException(e); } }
private void parsePassword(final List<Credential> credentials, final XMLStreamReader streamReader) throws XMLStreamException, RealmUnavailableException { parseCredential(streamReader, (algorithm, format, text) -> { try { if (BASE64_FORMAT.equals(format)) { if (algorithm == null) { throw ElytronMessages.log.fileSystemRealmMissingAttribute("algorithm", path, streamReader.getLocation().getLineNumber(), name); } byte[] passwordBytes = CodePointIterator.ofChars(text.toCharArray()).base64Decode().drain(); PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm); PasswordSpec passwordSpec = BasicPasswordSpecEncoding.decode(passwordBytes); if (passwordSpec != null) { credentials.add(new PasswordCredential(passwordFactory.generatePassword(passwordSpec))); } else { throw ElytronMessages.log.fileSystemRealmInvalidPasswordAlgorithm(algorithm, path, streamReader.getLocation().getLineNumber(), name); } } else if (MCF_FORMAT.equals(format)) { credentials.add(new PasswordCredential(ModularCrypt.decode(text))); } else { throw ElytronMessages.log.fileSystemRealmInvalidPasswordFormat(format, path, streamReader.getLocation().getLineNumber(), name); } } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { throw ElytronMessages.log.fileSystemRealmInvalidContent(path, streamReader.getLocation().getLineNumber(), name); } }); }
composeCryptBasedPassword(out, (UnixDESCryptPassword) password); } else if (ALGORITHM_CLEAR.equals(algorithm)) { return CodePointIterator.ofChars(((ClearPassword)password).getPassword()).asUtf8().drain(); } else { return null;
public void store(final String credentialAlias, final Credential credential, final CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException, UnsupportedCredentialTypeException { if (! modifiable) { throw log.nonModifiableCredentialStore("store"); } if (protectionParameter != null) { throw log.invalidProtectionParameter(protectionParameter); } // Vault can only store clear passwords; let's check out the type first. final char[] chars = credential.castAndApply(PasswordCredential.class, c -> c.getPassword().castAndApply(ClearPassword.class, ClearPassword::getPassword)); if (chars == null) { throw log.unsupportedCredentialType(credential.getClass()); } byte[] encoded; try { final Cipher cipher = Cipher.getInstance(adminKey.getAlgorithm()); cipher.init(Cipher.ENCRYPT_MODE, adminKey); encoded = cipher.doFinal(CodePointIterator.ofChars(chars).asUtf8().drain()); } catch (NoSuchAlgorithmException | IllegalBlockSizeException | BadPaddingException | NoSuchPaddingException | InvalidKeyException e) { throw log.cannotWriteCredentialToStore(e); } synchronized (data) { data.put(credentialAlias, encoded); } }
private static byte[] encodeClearPasswordSpec(ClearPasswordSpec keySpec) throws InvalidKeySpecException { byte[] passwordBytes = CodePointIterator.ofChars(keySpec.getEncodedPassword()).asUtf8().drain(); return new ByteStringBuilder().append(CLEAR_PASSWORD_SPEC_ID).append(passwordBytes).toArray(); }
try { MessageDigest messageDigest = MessageDigest.getInstance(algorithm); ByteIterator byteIterator = CodePointIterator.ofChars(nonce.toCharArray()).base64Decode(); byte[] nonceBytes = byteIterator.drain(); if (nonceBytes.length != PREFIX_LENGTH + messageDigest.getDigestLength()) {
private static Password parseUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { assert cryptString.length == 13; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString); // 12 bit salt int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); short salt = (short) (s0 | s1 << 6); // 64 bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(8).drain(); return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, salt, hash); }
private static Password parseUnixMD5CryptPasswordString(final char[] cryptString) throws InvalidKeySpecException { assert cryptString[0] == '$'; // previously tested by doIdentifyAlgorithm assert cryptString[1] == '1'; // previously tested by doIdentifyAlgorithm assert cryptString[2] == '$'; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString, 3); try { final byte[] salt = r.delimitedBy('$').drainToString().getBytes(StandardCharsets.ISO_8859_1); if (! r.hasNext()) { throw log.invalidKeySpecNoSaltTerminatorGiven(); } r.next(); // skip $ final byte[] decoded = r.base64Decode(MOD_CRYPT_LE, false).limitedTo(MD5_IDX_REV.length).drain(); if (decoded.length != MD5_IDX.length) { throw log.invalidHashLength(); } byte[] hash = ByteIterator.ofBytes(decoded, MD5_IDX_REV).drain(); return UnixMD5CryptPassword.createRaw(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5, salt, hash); } catch (NoSuchElementException e) { throw log.invalidKeySpecUnexpectedEndOfPasswordStringWithCause(e); } }
CodePointIterator r = CodePointIterator.ofChars(cryptString, minor == 0 ? 3 : 4); try {
private static Password parseBSDUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { // Note that crypt strings have the format: "_{rounds}{salt}{hash}" as described // in the "DES Extended Format" section here: http://www.freebsd.org/cgi/man.cgi?crypt(3) assert cryptString.length == 20; assert cryptString[0] == '_'; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString, 1); // The next 4 characters correspond to the encoded number of rounds - this is decoded to a 24-bit integer int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); int s2 = MOD_CRYPT.decode(r.next()); int s3 = MOD_CRYPT.decode(r.next()); int iterationCount = s0 | s1 << 6 | s2 << 12 | s3 << 18; // The next 4 characters correspond to the encoded salt - this is decoded to a 24-bit integer s0 = MOD_CRYPT.decode(r.next()); s1 = MOD_CRYPT.decode(r.next()); s2 = MOD_CRYPT.decode(r.next()); s3 = MOD_CRYPT.decode(r.next()); int salt = s0 | s1 << 6 | s2 << 12 | s3 << 18; // The final 11 characters correspond to the encoded password - this is decoded to a 64-bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(11).drain(); return BSDUnixDESCryptPassword.createRaw(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES, hash, salt, iterationCount); }
/** * Get a code point iterator for a character array. * * @param chars the array * @param offs the array offset * @return the code point iterator */ public static CodePointIterator ofChars(final char[] chars, final int offs) { return ofChars(chars, offs, chars.length - offs); }
/** * Get a code point iterator for a character array. * * @param chars the array * @return the code point iterator */ public static CodePointIterator ofChars(final char[] chars) { return ofChars(chars, 0, chars.length); }
private static byte[] mask(final String algorithm, final char[] initialKeyMaterial, final int iterationCount, final byte[] salt, final char[] chars) throws InvalidKeySpecException { final Cipher cipher = getCipher(algorithm, initialKeyMaterial, iterationCount, salt, Cipher.ENCRYPT_MODE); try { return cipher.doFinal(CodePointIterator.ofChars(chars).asUtf8().drain()); } catch (IllegalBlockSizeException | BadPaddingException e) { throw new InvalidKeySpecException(e); } }
private static byte[] mask(final String algorithm, final char[] initialKeyMaterial, final int iterationCount, final byte[] salt, final char[] chars) throws InvalidKeySpecException { final Cipher cipher = getCipher(algorithm, initialKeyMaterial, iterationCount, salt, Cipher.ENCRYPT_MODE); try { return cipher.doFinal(CodePointIterator.ofChars(chars).asUtf8().drain()); } catch (IllegalBlockSizeException | BadPaddingException e) { throw new InvalidKeySpecException(e); } }
private static byte[] mask(final String algorithm, final char[] initialKeyMaterial, final int iterationCount, final byte[] salt, final char[] chars) throws InvalidKeySpecException { final Cipher cipher = getCipher(algorithm, initialKeyMaterial, iterationCount, salt, Cipher.ENCRYPT_MODE); try { return cipher.doFinal(CodePointIterator.ofChars(chars).asUtf8().drain()); } catch (IllegalBlockSizeException | BadPaddingException e) { throw new InvalidKeySpecException(e); } }
private static Password parseUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { assert cryptString.length == 13; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString); // 12 bit salt int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); short salt = (short) (s0 | s1 << 6); // 64 bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(8).drain(); return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, salt, hash); }
private static Password parseUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { assert cryptString.length == 13; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString); // 12 bit salt int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); short salt = (short) (s0 | s1 << 6); // 64 bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(8).drain(); return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, salt, hash); }
private static Password parseUnixDESCryptPasswordString(char[] cryptString) throws InvalidKeySpecException { assert cryptString.length == 13; // previously tested by doIdentifyAlgorithm CodePointIterator r = CodePointIterator.ofChars(cryptString); // 12 bit salt int s0 = MOD_CRYPT.decode(r.next()); int s1 = MOD_CRYPT.decode(r.next()); short salt = (short) (s0 | s1 << 6); // 64 bit hash byte[] hash = r.base64Decode(MOD_CRYPT, false).limitedTo(8).drain(); return UnixDESCryptPassword.createRaw(UnixDESCryptPassword.ALGORITHM_CRYPT_DES, salt, hash); }