private static String sha512ConsentAttributeNames(final Map<String, Object> attributes) { val allNames = String.join("|", attributes.keySet()); return DigestUtils.sha512(allNames); }
/** * Computes hex encoded SHA digest. * * @param data data to be hashed * @return sha hash */ public static String sha(final String data) { return digest(MessageDigestAlgorithms.SHA_1, data); }
/** * Computes digest. * * @param alg Digest algorithm to use * @param data data to be hashed * @return hash */ public static byte[] rawDigest(final String alg, final byte[] data) { try { val digest = getMessageDigestInstance(alg); return digest.digest(data); } catch (final Exception cause) { throw new SecurityException(cause); } }
@Override public WebApplicationService extractService(final HttpServletRequest request) { val service = extractServiceInternal(request); if (service == null) { LOGGER.trace("Extractor did not generate service."); } else { LOGGER.trace("Extractor generated service type [{}] for: [{}]", service.getClass().getName(), DigestUtils.abbreviate(service.getId())); } return service; }
/** * Computes SHA digest. * * @param data data to be hashed * @return sha hash */ public static byte[] sha(final byte[] data) { return rawDigest(MessageDigestAlgorithms.SHA_1, data); }
/** * Sha base 64 string. * * @param salt the salt * @param data the data * @return the string */ public static String shaBase64(final String salt, final String data) { return shaBase64(salt, data, null); }
private static String calculateCodeVerifierHash(final String method, final String codeVerifier) { if ("plain".equalsIgnoreCase(method)) { return codeVerifier; } if ("S256".equalsIgnoreCase(method)) { val sha256 = DigestUtils.sha256(codeVerifier); return EncodingUtils.encodeUrlSafeBase64(sha256.getBytes(StandardCharsets.UTF_8)); } throw new CredentialsException("Code verification method is unrecognized: " + method); } }
/** * Read object from json. * * @param jsonString the json string * @return the type */ protected T readObjectFromString(final String jsonString) { try { LOGGER.trace("Attempting to consume [{}]", jsonString); return this.objectMapper.readValue(jsonString, getTypeToSerialize()); } catch (final Exception e) { LOGGER.error("Cannot read/parse [{}] to deserialize into type [{}]. This may be caused " + "in the absence of a configuration/support module that knows how to interpret the fragment, " + "specially if the fragment describes a CAS registered service definition. " + "Internal parsing error is [{}]", DigestUtils.abbreviate(jsonString), getTypeToSerialize(), e.getMessage()); LOGGER.debug(e.getMessage(), e); } return null; } }
/** * Computes hex encoded digest. * * @param alg Digest algorithm to use * @param data data to be hashed * @return hex encoded hash */ public static String digest(final String alg, final byte[] data) { return EncodingUtils.hexEncode(rawDigest(alg, data)); }
/** * Redirect request for authentication. * * @param pair the pair * @param request the request * @param response the response * @throws Exception the exception */ protected void issueAuthenticationRequestRedirect(final Pair<? extends SignableSAMLObject, MessageContext> pair, final HttpServletRequest request, final HttpServletResponse response) throws Exception { val authnRequest = (AuthnRequest) pair.getLeft(); val serviceUrl = constructServiceUrl(request, response, pair); LOGGER.debug("Created service url [{}]", DigestUtils.abbreviate(serviceUrl)); val initialUrl = CommonUtils.constructRedirectUrl(casProperties.getServer().getLoginUrl(), CasProtocolConstants.PARAMETER_SERVICE, serviceUrl, authnRequest.isForceAuthn(), authnRequest.isPassive()); val urlToRedirectTo = buildRedirectUrlByRequestedAuthnContext(initialUrl, authnRequest, request); LOGGER.debug("Redirecting SAML authN request to [{}]", urlToRedirectTo); val authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo); }
private static String sha512ConsentAttributeValues(final Map<String, Object> attributes) { val allValues = attributes.values().stream() .map(CollectionUtils::toCollection) .map(c -> c.stream().map(Object::toString).collect(Collectors.joining())) .collect(Collectors.joining("|")); return DigestUtils.sha512(allValues); }
/** * Sha base 32 string. * * @param salt the salt * @param data the data * @param separator a string separator, if any * @param chunked the chunked * @return the string */ public static String shaBase32(final String salt, final String data, final String separator, final boolean chunked) { val result = rawDigest(MessageDigestAlgorithms.SHA_1, salt, separator == null ? data : data + separator); return EncodingUtils.encodeBase32(result, chunked); }
/** * Computes hex encoded SHA512 digest. * * @param data data to be hashed * @return sha-512 hash */ public static String sha512(final String data) { return digest(MessageDigestAlgorithms.SHA_512, data.getBytes(StandardCharsets.UTF_8)); }
/** * Raw digest byte [ ]. * * @param alg the alg * @param salt the salt * @param data the data * @return the byte [ ] */ public static byte[] rawDigest(final String alg, final String salt, final String... data) { try { val digest = getMessageDigestInstance(alg); Arrays.stream(data).forEach(d -> digest.update(d.getBytes(StandardCharsets.UTF_8))); return digest.digest(salt.getBytes(StandardCharsets.UTF_8)); } catch (final Exception cause) { throw new SecurityException(cause); } }
@Audit( action = "SERVICE_TICKET", actionResolverName = "GRANT_SERVICE_TICKET_RESOLVER", resourceResolverName = "GRANT_SERVICE_TICKET_RESOURCE_RESOLVER") @Override public ServiceTicket grantServiceTicket(final String ticketGrantingTicketId, final Service service, final AuthenticationResult authenticationResult) throws AuthenticationException, AbstractTicketException { val credentialProvided = authenticationResult != null && authenticationResult.isCredentialProvided(); val ticketGrantingTicket = getTicket(ticketGrantingTicketId, TicketGrantingTicket.class); val selectedService = resolveServiceFromAuthenticationRequest(service); val registeredService = this.servicesManager.findServiceBy(selectedService); enforceRegisteredServiceAccess(selectedService, ticketGrantingTicket, registeredService); val currentAuthentication = evaluatePossibilityOfMixedPrincipals(authenticationResult, ticketGrantingTicket); RegisteredServiceAccessStrategyUtils.ensureServiceSsoAccessIsAllowed(registeredService, selectedService, ticketGrantingTicket, credentialProvided); evaluateProxiedServiceIfNeeded(selectedService, ticketGrantingTicket, registeredService); getAuthenticationSatisfiedByPolicy(currentAuthentication, new ServiceContext(selectedService, registeredService)); val latestAuthentication = ticketGrantingTicket.getRoot().getAuthentication(); AuthenticationCredentialsThreadLocalBinder.bindCurrent(latestAuthentication); val principal = latestAuthentication.getPrincipal(); val factory = (ServiceTicketFactory) this.ticketFactory.get(ServiceTicket.class); val serviceTicket = factory.create(ticketGrantingTicket, service, credentialProvided, ServiceTicket.class); this.ticketRegistry.updateTicket(ticketGrantingTicket); this.ticketRegistry.addTicket(serviceTicket); LOGGER.info("Granted ticket [{}] for service [{}] and principal [{}]", serviceTicket.getId(), DigestUtils.abbreviate(service.getId()), principal.getId()); doPublishEvent(new CasServiceTicketGrantedEvent(this, ticketGrantingTicket, serviceTicket)); return serviceTicket; }
/** * Encode ticket id into a SHA-512. * * @param ticketId the ticket id * @return the ticket */ protected String encodeTicketId(final String ticketId) { if (!isCipherExecutorEnabled()) { LOGGER.trace(MESSAGE); return ticketId; } if (StringUtils.isBlank(ticketId)) { return ticketId; } val encodedId = DigestUtils.sha512(ticketId); LOGGER.debug("Encoded original ticket id [{}] to [{}]", ticketId, encodedId); return encodedId; }
/** * Sha base 64 string. * * @param salt the salt * @param data the data * @param separator the separator * @return the string */ public static String shaBase64(final String salt, final String data, final String separator) { val result = rawDigest(MessageDigestAlgorithms.SHA_1, salt, separator == null ? data : data + separator); return EncodingUtils.encodeBase64(result); }
/** * Computes hex encoded digest. * * @param alg Digest algorithm to use * @param data data to be hashed * @return hex encoded hash */ public static String digest(final String alg, final String data) { return digest(alg, data.getBytes(StandardCharsets.UTF_8)); }
/** * Build registered service cache key string. * * @param service the service * @return the string */ public static String buildRegisteredServiceCacheKey(final SamlRegisteredService service) { val key = service.getMetadataLocation(); LOGGER.trace("Determined cache key for service [{}] as [{}]", service.getName(), key); val hashedKey = DigestUtils.sha512(key); LOGGER.trace("Hashed service cache key as [{}]", hashedKey); return hashedKey; } }
/** * Sha base 64 string. * * @param salt the salt * @param data the data * @param separator a string separator, if any * @param chunked the chunked * @return the string */ public static String shaBase64(final String salt, final String data, final String separator, final boolean chunked) { val result = rawDigest(MessageDigestAlgorithms.SHA_1, salt, separator == null ? data : data + separator); return EncodingUtils.encodeBase64(result, chunked); }