private byte[] generateOtpHash(final String algorithm, final String passPhrase, final String seed, final int newSequenceNumber) throws NoSuchAlgorithmException, InvalidKeySpecException { PasswordFactory otpFactory = PasswordFactory.getInstance(algorithm, providers); OneTimePasswordAlgorithmSpec otpSpec = new OneTimePasswordAlgorithmSpec(algorithm, seed, newSequenceNumber); EncryptablePasswordSpec passwordSpec = new EncryptablePasswordSpec(passPhrase.toCharArray(), otpSpec); OneTimePassword otPassword = (OneTimePassword) otpFactory.generatePassword(passwordSpec); return otPassword.getHash(); } }
/** * Get array of password chars from TwoWayPassword * * @return * @throws SaslException */ public static char[] getTwoWayPasswordChars(TwoWayPassword password, Supplier<Provider[]> providers, ElytronMessages log) throws AuthenticationMechanismException { if (password == null) { throw log.mechNoPasswordGiven(); } try { PasswordFactory pf = PasswordFactory.getInstance(password.getAlgorithm(), providers); return pf.getKeySpec(pf.translate(password), ClearPasswordSpec.class).getEncodedPassword(); } catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException e) { throw log.mechCannotGetTwoWayPasswordChars(e); } } }
public boolean verify(final Supplier<Provider[]> providerSupplier, final Evidence evidence) { Assert.checkNotNullParam("providerSupplier", providerSupplier); Assert.checkNotNullParam("evidence", evidence); if (evidence instanceof PasswordGuessEvidence) try { final PasswordFactory factory = PasswordFactory.getInstance(password.getAlgorithm(), providerSupplier); return factory.verify(factory.translate(password), ((PasswordGuessEvidence) evidence).getGuess()); } catch (NoSuchAlgorithmException | InvalidKeyException ignored) { } return false; }
/** * Encode the given {@link Password} to a byte array. * * @param password the password to encode * @param providers providers to use with the underlying {@link PasswordFactory} * @return a byte array representing the encoded password or null if no encoder was capable to encode the given password */ public static byte[] encode(Password password, Supplier<Provider[]> providers) throws NoSuchAlgorithmException, InvalidKeySpecException { PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm(), providers); if (passwordFactory.convertibleToKeySpec(password, ClearPasswordSpec.class)) { return encodeClearPasswordSpec(passwordFactory.getKeySpec(password, ClearPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, DigestPasswordSpec.class)) { return encodeDigestPasswordSpec(passwordFactory.getKeySpec(password, DigestPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, SaltedHashPasswordSpec.class)) { return encodeSaltedHashPasswordSpec(passwordFactory.getKeySpec(password, SaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, IteratedSaltedHashPasswordSpec.class)) { return encodeIteratedSaltedHashSpec(passwordFactory.getKeySpec(password, IteratedSaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, HashPasswordSpec.class)) { return encodeHashPasswordSpec(passwordFactory.getKeySpec(password, HashPasswordSpec.class)); } return null; }
Assert.checkNotNullParam("providers", providers); try { final PasswordFactory passwordFactory = PasswordFactory.getInstance(passwordAlgorithm, providers); if (password != null) { return matchParameters != null ? passwordType.cast(passwordFactory.transform(password, matchParameters)) : password; final TwoWayPassword twoWayPassword = credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword(TwoWayPassword.class)); if (twoWayPassword != null) { final PasswordFactory clearFactory = PasswordFactory.getInstance(twoWayPassword.getAlgorithm(), providers); final ClearPasswordSpec spec = clearFactory.getKeySpec(clearFactory.translate(twoWayPassword), ClearPasswordSpec.class); if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(spec.getEncodedPassword(), generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(spec)); if (password != null) { if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(password, generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(new ClearPasswordSpec(password)));
final ClearPasswordSpec clearPasswordSpec; try { final PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm()); clearPasswordSpec = passwordFactory.getKeySpec(password, ClearPasswordSpec.class); } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { log.trace("Unable to get key spec", e);
/** * Get a password factory instance. The returned password factory object will implement the given algorithm. * * @param algorithm the name of the algorithm * @return a password factory instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static PasswordFactory getInstance(String algorithm) throws NoSuchAlgorithmException { return getInstance(algorithm, INSTALLED_PROVIDERS); }
accountEntry.getName()); actualPassword = passwordFactory.generatePassword(passwordSpec); return passwordFactory.verify(actualPassword, guess); } catch (InvalidKeySpecException | InvalidKeyException | IllegalStateException e) { throw new IllegalStateException(e);
return credentialType.cast(new PasswordCredential(passwordFactory.generatePassword(passwordSpec))); } catch (InvalidKeySpecException e) { throw new IllegalStateException(e);
/** * Get a password factory instance. The returned password factory object will implement the given algorithm. * * @param algorithm the name of the algorithm * @param providerSupplier the provider supplier to search * @return a password factory instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static PasswordFactory getInstance(String algorithm, Supplier<Provider[]> providerSupplier) throws NoSuchAlgorithmException { for (Provider provider : providerSupplier.get()) { final Provider.Service service = provider.getService("PasswordFactory", algorithm); if (service != null) { return new PasswordFactory((PasswordFactorySpi) service.newInstance(null), provider, algorithm); } } throw log.noSuchAlgorithmInvalidAlgorithm(algorithm); }
Assert.checkNotNullParam("providers", providers); try { final PasswordFactory passwordFactory = PasswordFactory.getInstance(passwordAlgorithm, providers); if (password != null) { return matchParameters != null ? passwordType.cast(passwordFactory.transform(password, matchParameters)) : password; final TwoWayPassword twoWayPassword = credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword(TwoWayPassword.class)); if (twoWayPassword != null) { final PasswordFactory clearFactory = PasswordFactory.getInstance(twoWayPassword.getAlgorithm(), providers); final ClearPasswordSpec spec = clearFactory.getKeySpec(clearFactory.translate(twoWayPassword), ClearPasswordSpec.class); if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(spec.getEncodedPassword(), generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(spec)); if (password != null) { if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(password, generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(new ClearPasswordSpec(password)));
if (entry instanceof PasswordEntry) try { final Password password = ((PasswordEntry) entry).getPassword(); final PasswordFactory passwordFactory1 = PasswordFactory.getInstance(password.getAlgorithm(), providersSupplier); final ClearPasswordSpec passwordSpec = passwordFactory1.getKeySpec(password, ClearPasswordSpec.class); return passwordSpec.getEncodedPassword(); } catch (GeneralSecurityException e) {
private PasswordFactory getPasswordFactory(final String algorithm) { try { return PasswordFactory.getInstance(algorithm, providers); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException(e); } }
@Override public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException { if (user == null || evidence instanceof PasswordGuessEvidence == false) { return false; } final char[] guess = ((PasswordGuessEvidence) evidence).getGuess(); String password = user.require(PASSWORD).asString(); final PasswordFactory passwordFactory = getPasswordFactory(ALGORITHM_CLEAR); final PasswordSpec passwordSpec = new ClearPasswordSpec(password.toCharArray()); final Password actualPassword; try { actualPassword = passwordFactory.generatePassword(passwordSpec); return passwordFactory.verify(actualPassword, guess); } catch (InvalidKeySpecException | InvalidKeyException | IllegalStateException e) { throw new IllegalStateException(e); } }
/** * Encode the given {@link Password} to a byte array. * * @param password the password to encode * @param providers providers to use with the underlying {@link PasswordFactory} * @return a byte array representing the encoded password or null if no encoder was capable to encode the given password */ public static byte[] encode(Password password, Supplier<Provider[]> providers) throws NoSuchAlgorithmException, InvalidKeySpecException { PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm(), providers); if (passwordFactory.convertibleToKeySpec(password, ClearPasswordSpec.class)) { return encodeClearPasswordSpec(passwordFactory.getKeySpec(password, ClearPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, DigestPasswordSpec.class)) { return encodeDigestPasswordSpec(passwordFactory.getKeySpec(password, DigestPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, SaltedHashPasswordSpec.class)) { return encodeSaltedHashPasswordSpec(passwordFactory.getKeySpec(password, SaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, IteratedSaltedHashPasswordSpec.class)) { return encodeIteratedSaltedHashSpec(passwordFactory.getKeySpec(password, IteratedSaltedHashPasswordSpec.class)); } else if (passwordFactory.convertibleToKeySpec(password, HashPasswordSpec.class)) { return encodeHashPasswordSpec(passwordFactory.getKeySpec(password, HashPasswordSpec.class)); } return null; }
return credentialType.cast(new PasswordCredential(passwordFactory.generatePassword(passwordSpec))); } catch (InvalidKeySpecException e) { throw new IllegalStateException(e);
/** * Get a password factory instance. The returned password factory object will implement the given algorithm. * * @param algorithm the name of the algorithm * @param provider the provider to use * @return a password factory instance * @throws NoSuchAlgorithmException if the given algorithm has no available implementations */ public static PasswordFactory getInstance(String algorithm, Provider provider) throws NoSuchAlgorithmException { final Provider.Service service = provider.getService("PasswordFactory", algorithm); if (service == null) throw log.noSuchAlgorithmInvalidAlgorithm(algorithm); return new PasswordFactory((PasswordFactorySpi) service.newInstance(null), provider, algorithm); }
private void updateCredential(final String newAlgorithm, final OneTimePasswordSpec newPasswordSpec) throws SaslException { try { final PasswordFactory passwordFactory = PasswordFactory.getInstance(newAlgorithm, providers); final OneTimePassword newPassword = (OneTimePassword) passwordFactory.generatePassword(newPasswordSpec); final CredentialUpdateCallback credentialUpdateCallback = new CredentialUpdateCallback(new PasswordCredential(newPassword)); handleCallbacks(exclusiveNameCallback, credentialUpdateCallback); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { throw saslOTP.mechUnableToUpdatePassword(userName).toSaslException(); } }
private static char[] keyStoreCredentialToPassword(ExceptionSupplier<KeyStore.Entry, ConfigXMLParseException> keyStoreCredential, Supplier<Provider[]> providers) throws GeneralSecurityException, ConfigXMLParseException { final KeyStore.Entry entry = keyStoreCredential == null ? null : keyStoreCredential.get(); if (entry instanceof PasswordEntry) { Password password = ((PasswordEntry) entry).getPassword(); final PasswordFactory passwordFactory = PasswordFactory.getInstance(password.getAlgorithm(), providers); password = passwordFactory.translate(password); final ClearPasswordSpec spec = passwordFactory.getKeySpec(password, ClearPasswordSpec.class); return spec.getEncodedPassword(); } else if (entry instanceof KeyStore.SecretKeyEntry) { final SecretKey secretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey(); final SecretKeyFactory instance = SecretKeyFactory.getInstance(secretKey.getAlgorithm()); final SecretKeySpec keySpec = (SecretKeySpec) instance.getKeySpec(secretKey, SecretKeySpec.class); final byte[] encoded = keySpec.getEncoded(); return encoded == null ? null : new String(encoded, StandardCharsets.UTF_8).toCharArray(); } else { return null; } }
Assert.checkNotNullParam("providers", providers); try { final PasswordFactory passwordFactory = PasswordFactory.getInstance(passwordAlgorithm, providers); if (password != null) { return matchParameters != null ? passwordType.cast(passwordFactory.transform(password, matchParameters)) : password; final TwoWayPassword twoWayPassword = credentialCallback.applyToCredential(PasswordCredential.class, c -> c.getPassword(TwoWayPassword.class)); if (twoWayPassword != null) { final PasswordFactory clearFactory = PasswordFactory.getInstance(twoWayPassword.getAlgorithm(), providers); final ClearPasswordSpec spec = clearFactory.getKeySpec(clearFactory.translate(twoWayPassword), ClearPasswordSpec.class); if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(spec.getEncodedPassword(), generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(spec)); if (password != null) { if (matchParameters != null) { return passwordType.cast(passwordFactory.generatePassword(new EncryptablePasswordSpec(password, generateParameters))); } else { return passwordType.cast(passwordFactory.generatePassword(new ClearPasswordSpec(password)));