private void renewSecureRandom() { if (isSecureRandomOutDated()) { if (this.lock.tryLock()) { try { this.lastRenewTime.set(new Date().getTime()); this.secureRandom = createSecureRandom(); } finally { this.lock.unlock(); } } } }
@Override protected Account getAccount(final IdentityContext context, final V credentials) { return getAccount(context, credentials.getUsername()); }
/** * <p> Generates a random string to be used as a salt for passwords. </p> * * @return */ protected String generateSalt() { return String.valueOf(getSecureRandom().nextLong()); }
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { EncodedPasswordStorage hash = new EncodedPasswordStorage(); if (password.getValue() == null || isNullOrEmpty(password.getValue().toString())) { throw MESSAGES.credentialInvalidPassword(); } String rawPassword = new String(password.getValue()); String passwordSalt = generateSalt(); hash.setSalt(passwordSalt); hash.setEncodedHash(this.passwordEncoder.encode(saltPassword(rawPassword, passwordSalt))); if (effectiveDate != null) { hash.setEffectiveDate(effectiveDate); } hash.setExpiryDate(expiryDate); return hash; }
private SecureRandom createSecureRandom() { try { return getSecureRandomProvider().getSecureRandom(); } catch (Exception e) { throw new IdentityManagementException("Error getting SecureRandom instance from provider [" + this.secureRandomProvider + "].", e); } }
@Override public void setup(CredentialStore<?> store) { super.setup(store); String algorithm = getConfigurationProperty(store, ALGORITHM, DEFAULT_ALGORITHM); String intervalSeconds = getConfigurationProperty(store, INTERVAL_SECONDS, "" + DEFAULT_INTERVAL_SECONDS); String numberDigits = getConfigurationProperty(store, NUMBER_DIGITS, "" + DEFAULT_NUMBER_DIGITS); String delayWindow = getConfigurationProperty(store, DELAY_WINDOW, "" + DEFAULT_DELAY_WINDOW); this.totp = new TimeBasedOTP(algorithm, Integer.parseInt(numberDigits), Integer.valueOf(intervalSeconds), Integer.valueOf(delayWindow)); }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
private SecureRandom getSecureRandom() { renewSecureRandom(); return this.secureRandom; }
@Override public void update(IdentityContext context, Account account, TOTPCredential credential, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { // if a credential was not provided, updates only the secret. if (credential.getValue() != null && credential.getValue().length > 0) { super.update(context, account, credential, store, effectiveDate, expiryDate); } OTPCredentialStorage storage = new OTPCredentialStorage(); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); storage.setSecretKey(credential.getSecret()); storage.setDevice(getDevice(credential.getDevice())); store.storeCredential(context, account, storage); }
this.secureRandom = createSecureRandom();
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { EncodedPasswordStorage hash = new EncodedPasswordStorage(); if (password.getValue() == null || isNullOrEmpty(password.getValue().toString())) { throw MESSAGES.credentialInvalidPassword(); } String rawPassword = new String(password.getValue()); String passwordSalt = generateSalt(); hash.setSalt(passwordSalt); hash.setEncodedHash(this.passwordEncoder.encode(saltPassword(rawPassword, passwordSalt))); if (effectiveDate != null) { hash.setEffectiveDate(effectiveDate); } hash.setExpiryDate(expiryDate); return hash; }
private SecureRandom createSecureRandom() { try { return getSecureRandomProvider().getSecureRandom(); } catch (Exception e) { throw new IdentityManagementException("Error getting SecureRandom instance from provider [" + this.secureRandomProvider + "].", e); } }
@Override public void setup(CredentialStore<?> store) { super.setup(store); String algorithm = getConfigurationProperty(store, ALGORITHM, DEFAULT_ALGORITHM); String intervalSeconds = getConfigurationProperty(store, INTERVAL_SECONDS, "" + DEFAULT_INTERVAL_SECONDS); String numberDigits = getConfigurationProperty(store, NUMBER_DIGITS, "" + DEFAULT_NUMBER_DIGITS); String delayWindow = getConfigurationProperty(store, DELAY_WINDOW, "" + DEFAULT_DELAY_WINDOW); this.totp = new TimeBasedOTP(algorithm, Integer.parseInt(numberDigits), Integer.valueOf(intervalSeconds), Integer.valueOf(delayWindow)); }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
private SecureRandom getSecureRandom() { renewSecureRandom(); return this.secureRandom; }
@Override public void update(IdentityContext context, Account account, TOTPCredential credential, CredentialStore<?> store, Date effectiveDate, Date expiryDate) { // if a credential was not provided, updates only the secret. if (credential.getValue() != null && credential.getValue().length > 0) { super.update(context, account, credential, store, effectiveDate, expiryDate); } OTPCredentialStorage storage = new OTPCredentialStorage(); if (effectiveDate != null) { storage.setEffectiveDate(effectiveDate); } storage.setExpiryDate(expiryDate); storage.setSecretKey(credential.getSecret()); storage.setDevice(getDevice(credential.getDevice())); store.storeCredential(context, account, storage); }
this.secureRandom = createSecureRandom();
private void renewSecureRandom() { if (isSecureRandomOutDated()) { if (this.lock.tryLock()) { try { this.lastRenewTime.set(new Date().getTime()); this.secureRandom = createSecureRandom(); } finally { this.lock.unlock(); } } } }
/** * <p> Generates a random string to be used as a salt for passwords. </p> * * @return */ protected String generateSalt() { return String.valueOf(getSecureRandom().nextLong()); }
@Override protected Account getAccount(final IdentityContext context, final V credentials) { return getAccount(context, credentials.getUsername()); }