boolean remove = false; T pw = (T) it.next(); if (reversible != null && !reversible.equals(pw.isReversible())) { remove = true; && strong.equals(pw.isAvailableWithoutStrongCryptogaphy())) { remove = true; } else { try { pw.initialize(this); } catch (IOException e) { LOGGER.log( Level.WARNING, "Error initializing password encoder " + pw.getName() + ", skipping", e); it.remove();
public String encodePassword(String rawPass, Object salt) throws UnsupportedOperationException { for (GeoServerPasswordEncoder enc : encoders) { try { return enc.encodePassword(rawPass, salt); } catch (Exception e) { LOG.fine("Password encode failed with " + enc.getName()); } } throw new UnsupportedOperationException(); }
public GeoServerMultiplexingPasswordEncoder( GeoServerSecurityManager secMgr, GeoServerUserGroupService service) { encoders = new HashSet<GeoServerPasswordEncoder>(); for (GeoServerPasswordEncoder enc : secMgr.loadPasswordEncoders()) { if (StringUtils.hasLength(enc.getPrefix())) { if (service != null) { try { if (enc instanceof GeoServerPBEPasswordEncoder) { if (!secMgr.getKeyStoreProvider().hasUserGroupKey(service.getName())) { continue; // cannot use pbe encoder, no key } } enc.initializeFor(service); } catch (IOException e) { throw new RuntimeException(e); } } encoders.add(enc); } } }
String decode(String value, List<GeoServerPasswordEncoder> encoders) { for (GeoServerPasswordEncoder encoder : encoders) { if (encoder.isReversible() == false) continue; // should not happen if (encoder.isResponsibleForEncoding(value)) { return encoder.decode(value); } } return value; } }
@Test public void testPlainTextEncoder() { GeoServerPasswordEncoder encoder = getPlainTextPasswordEncoder(); assertEquals(PasswordEncodingType.PLAIN, encoder.getEncodingType()); assertEquals("plain:" + testPassword, encoder.encodePassword(testPassword, null)); assertTrue(encoder.isResponsibleForEncoding("plain:123")); assertFalse(encoder.isResponsibleForEncoding("digest1:123")); String enc = encoder.encodePassword(testPassword, null); String enc2 = encoder.encodePassword(testPasswordArray, null); assertTrue(encoder.isPasswordValid(enc, testPassword, null)); assertTrue(encoder.isPasswordValid(enc, testPasswordArray, null)); assertTrue(encoder.isPasswordValid(enc2, testPassword, null)); assertTrue(encoder.isPasswordValid(enc2, testPasswordArray, null)); assertFalse(encoder.isPasswordValid(enc, "plain:blabla", null)); assertFalse(encoder.isPasswordValid(enc, "plain:blabla".toCharArray(), null)); assertFalse(encoder.isPasswordValid(enc2, "plain:blabla", null)); assertFalse(encoder.isPasswordValid(enc2, "plain:blabla".toCharArray(), null)); assertEquals(testPassword, encoder.decode(enc)); assertTrue(Arrays.equals(testPasswordArray, encoder.decodeToCharArray(enc))); assertEquals(testPassword, encoder.decode(enc2)); assertTrue(Arrays.equals(testPasswordArray, encoder.decodeToCharArray(enc2))); enc = encoder.encodePassword("", null); assertTrue(encoder.isPasswordValid(enc, "", null)); enc2 = encoder.encodePassword(emptyArray, null); assertTrue(encoder.isPasswordValid(enc, emptyArray, null)); }
GeoServerPasswordEncoder encoder = getSecurityManager().loadPasswordEncoder(GeoServerEmptyPasswordEncoder.class); assertEquals(PasswordEncodingType.EMPTY, encoder.getEncodingType()); String encodedPassword = encoder.getPrefix() + GeoServerPasswordEncoder.PREFIX_DELIMTER; assertEquals(encodedPassword, encoder.encodePassword((String) null, null)); assertEquals(encodedPassword, encoder.encodePassword((char[]) null, null)); assertEquals(encodedPassword, encoder.encodePassword("", null)); assertEquals(encodedPassword, encoder.encodePassword(new char[] {}, null)); assertEquals(encodedPassword, encoder.encodePassword("blbal", null)); assertEquals(encodedPassword, encoder.encodePassword("blbal".toCharArray(), null)); assertFalse(encoder.isPasswordValid(encodedPassword, "blabla", null)); assertFalse(encoder.isPasswordValid(encodedPassword, "blabla".toCharArray(), null)); assertFalse(encoder.isPasswordValid(encodedPassword, "", null)); assertFalse(encoder.isPasswordValid(encodedPassword, "".toCharArray(), null)); encoder.decode(""); fail("Must fail, empty passwords cannot be decoded"); } catch (UnsupportedOperationException ex) {
encoder.initialize(getSecurityManager()); assertEquals(PasswordEncodingType.ENCRYPT, encoder.getEncodingType()); encoder.encodePassword(testPassword, null) .startsWith( encoder.getPrefix() + AbstractGeoserverPasswordEncoder.PREFIX_DELIMTER)); String enc = encoder.encodePassword(testPassword, null); String enc2 = encoder.encodePassword(testPasswordArray, null); assertTrue(encoder.isPasswordValid(enc, testPassword, null)); assertTrue(encoder.isPasswordValid(enc, testPasswordArray, null)); assertTrue(encoder.isPasswordValid(enc2, testPassword, null)); assertTrue(encoder.isPasswordValid(enc2, testPasswordArray, null)); assertFalse(encoder.isPasswordValid(enc, "crypt1:blabla", null)); assertFalse(encoder.isPasswordValid(enc, "crypt1:blabla".toCharArray(), null)); assertFalse(encoder.isPasswordValid(enc2, "crypt1:blabla", null)); assertFalse(encoder.isPasswordValid(enc2, "crypt1:blabla".toCharArray(), null)); assertEquals(testPassword, encoder.decode(enc)); assertTrue(Arrays.equals(testPasswordArray, encoder.decodeToCharArray(enc))); assertEquals(testPassword, encoder.decode(enc2)); assertTrue(Arrays.equals(testPasswordArray, encoder.decodeToCharArray(enc2))); enc = encoder.encodePassword("", null); assertTrue(encoder.isPasswordValid(enc, "", null)); assertTrue(encoder2.isPasswordValid(enc, "", null)); enc2 = encoder.encodePassword(emptyArray, null);
if (enc.getEncodingType() == PasswordEncodingType.ENCRYPT) { KeyStoreProvider prov = getSecurityManager().getKeyStoreProvider(); String alias = prov.aliasForGroupService(name); enc.initializeFor(this);
/** * validates and encodes the password. Do nothing for a not changed password of an existing user * * @param user * @throws IOException */ protected void preparePassword(GeoServerUser user) throws IOException, PasswordPolicyException { char[] passwordArray = user.getPassword() != null ? user.getPassword().toCharArray() : null; if (PasswordValidatorImpl.passwordStartsWithEncoderPrefix(passwordArray) != null) return; // do nothing, password already encoded // we have a plain text password // validate it getSecurityManager() .loadPasswordValidator(getPasswordValidatorName()) .validatePassword(passwordArray); // validation ok, initializer encoder and set encoded password GeoServerPasswordEncoder enc = getSecurityManager().loadPasswordEncoder(getPasswordEncoderName()); enc.initializeFor(this); user.setPassword(enc.encodePassword(user.getPassword(), null)); }
PasswordEncoderNamesModel(List<GeoServerPasswordEncoder> encoders) { encoderNames = new ArrayList<String>(); for (GeoServerPasswordEncoder pe : encoders) { encoderNames.add(pe.getName()); } }
GeoServerPasswordEncoder encoder = store.getSecurityManager().loadPasswordEncoder(store.getPasswordEncoderName()); encoder.initializeFor(store); if (encoder.isResponsibleForEncoding(user.getPassword())) continue; // nothing to do try { String rawpass = mEncoder.decode(user.getPassword()); String encPass = encoder.encodePassword(rawpass, null); user.setPassword(encPass); try {
GeoServerPasswordEncoder encoder = manager.loadPasswordEncoder(passwordEncoderName); if (encoder!=null) { visibility = encoder.isReversible();
/** * Encrypts a parameter value. * * <p>If no encoder is configured then the value is returned as is. */ public String encode(String value) { String encoderName = securityManager.getSecurityConfig().getConfigPasswordEncrypterName(); if (encoderName != null) { GeoServerPasswordEncoder pwEncoder = securityManager.loadPasswordEncoder(encoderName); if (pwEncoder != null) { String prefix = pwEncoder.getPrefix(); if (value.startsWith(prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER)) { throw new RuntimeException( "Cannot encode a password with prefix: " + prefix + GeoServerPasswordEncoder.PREFIX_DELIMTER); } value = pwEncoder.encodePassword(value, null); } } else { LOGGER.warning("Encryption disabled, no password encoder set"); } return value; }
if (!encoder.isReversible()) { throw createSecurityException(INVALID_PASSWORD_ENCODER_$1, encrypterName); if (encoder != null && encoder.isAvailableWithoutStrongCryptogaphy() == false) { throw createSecurityException(INVALID_STRONG_CONFIG_PASSWORD_ENCODER);
public static Set<String> getNotAllowedPrefixes() { if (notAllowedPrefixes != null) return notAllowedPrefixes; synchronized (lock) { if (notAllowedPrefixes != null) return notAllowedPrefixes; notAllowedPrefixes = new HashSet<String>(); for (GeoServerPasswordEncoder enc : GeoServerExtensions.extensions(GeoServerPasswordEncoder.class)) { notAllowedPrefixes.add(enc.getPrefix() + GeoServerPasswordEncoder.PREFIX_DELIMTER); } return notAllowedPrefixes; } }
public boolean isPasswordValid(String encPass, String rawPass, Object salt) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.isPasswordValid(encPass, rawPass, salt); }
public char[] decodeToCharArray(String encPass) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.decodeToCharArray(encPass); }
public String decode(String encPass) throws UnsupportedOperationException { GeoServerPasswordEncoder enc = lookupEncoderForEncodedPassword(encPass); return enc.decode(encPass); }
/** * Loads a password encoder with the specified name. * * @return The password encoder, or <code>null</code> if non found matching the name. */ public GeoServerPasswordEncoder loadPasswordEncoder(String name) { GeoServerPasswordEncoder encoder = (GeoServerPasswordEncoder) GeoServerExtensions.bean(name); if (encoder != null) { try { encoder.initialize(this); } catch (IOException e) { throw new RuntimeException("Error occurred initializing password encoder"); } } return encoder; }