private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = users.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
@Override public Account verify(String id, Credential credential) { AccountImpl account = getAccount(id); if (credential instanceof DigestCredential) { DigestCredential digestCredential = (DigestCredential) credential; DigestCallbackHandler handler = new DigestCallbackHandler(id, digestCredential.getNonce(), digestCredential.getNonceCount(), digestCredential.getClientNonce(), digestCredential.getQop(), digestCredential.getRealm(), digestCredential.getHA2()); CallbackHandlerPolicyContextHandler.setCallbackHandler(handler); return verifyCredential(account, digestCredential.getClientDigest()); } else if(credential instanceof PasswordCredential) { final char[] password = ((PasswordCredential) credential).getPassword(); // The original array may be cleared, this integration relies on it being cached for use later. final char[] duplicate = Arrays.copyOf(password, password.length); return verifyCredential(account, duplicate); } else { return verifyCredential(account, credential); } }
@Override protected Account check(final Credential credential) { if (!(credential instanceof PasswordCredential)) return null; final PasswordCredential passwordCredential = (PasswordCredential) credential; return Arrays.equals(password, passwordCredential.getPassword()) ? this : null; } }
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential && account instanceof SimpleAccount) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = accounts.get(account.getPrincipal().getName()).getCredentials().getPassword(); return Arrays.equals(password, expectedPassword); } return false; } }
@Override public Account verify(String id, Credential credential) { if (id == null || id.trim().length() == 0) { return null; } FakeAccount account = accounts.get(id); if ((credential instanceof PasswordCredential) && String.valueOf(((PasswordCredential) credential).getPassword()).equals(account.password)) { account.roles.add( LightblueRestTestHarness.SECURITY_ROLE_AUTHENTICATED); return account; } return null; }
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = identities.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } return false; }
@Override public Account verify(String username, Credential credential) { if (username == null || credential == null || !(credential instanceof PasswordCredential)) { return null; } PasswordCredential pwc = (PasswordCredential) credential; try { Set<String> roles = getRoles(username, new String(pwc.getPassword())); Account acct = new SimpleAccount(username, pwc.getPassword(), roles); return acct; } catch (NamingException e) { LOGGER.error(e.getMessage(), e); } return null; }
private boolean verifyToken(Account account, Credential credential) { if (credential instanceof PasswordCredential && account instanceof SimpleAccount) { char[] token = ((PasswordCredential) credential).getPassword(); char[] expectedToken = cachedAccounts.get(account.getPrincipal().getName()).get().getCredentials().getPassword(); return Arrays.equals(token, expectedToken); } return false; }
@Override public Account verify(String id, Credential credential) { if(!(credential instanceof PasswordCredential)) { return null; } PasswordCredential pc = (PasswordCredential) credential; char[] pwdArr = pc.getPassword(); if(pwdArr != null && passwordEncoder.matches(new String(pwdArr), encodedPass)) { return new AccountImpl(id); } return null; }
private boolean verifyCredential(Account account, Credential credential) { String id = account.getPrincipal().getName(); SimpleAccount ourAccount = getAccount(id); if (ourAccount == null) { return false; } if (credential instanceof PasswordCredential && account instanceof SimpleAccount) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expected = ourAccount.getCredentials().getPassword(); return checkPassword( this.bcryptHashedPassword, password, expected); } return false; }
@SuppressWarnings("unchecked") private boolean verifyCredential(Account account, Credential credential) { boolean match = false; if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); User user = users.get(account.getPrincipal().getName()); String expectedPassword = user.getPassword(); try { match = HashUtil.validatePassword(password, expectedPassword); Arrays.fill(password, ' '); } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { logger.error("Exception:", e); } } if(logger.isDebugEnabled()) logger.debug("verfifyCredential = " + match); return match; }
/** * if client authenticates with the AbstractDbIdentityManager passing the * real credentials update the account in the auth-token cache, otherwise * the client authenticating with the auth-token will not see roles updates * until the cache expires (by default TTL is 15 minutes after last request) * * @param account */ private void updateAuthTokenCache(SimpleAccount account) { Cache<String, SimpleAccount> authTokenCache = AuthTokenIdentityManager.getInstance().getCachedAccounts(); String id = account.getPrincipal().getName(); Optional<SimpleAccount> _authTokenAccount = authTokenCache.get(id); if (_authTokenAccount != null && _authTokenAccount.isPresent()) { SimpleAccount authTokenAccount = _authTokenAccount.get(); SimpleAccount updatedAuthTokenAccount = new SimpleAccount( id, authTokenAccount.getCredentials().getPassword(), account.getRoles()); authTokenCache.put(id, updatedAuthTokenAccount); } }
private boolean verifyCredential(Account account, Credential credential) { if (credential instanceof PasswordCredential) { char[] password = ((PasswordCredential) credential).getPassword(); char[] expectedPassword = users.get(account.getPrincipal().getName()); return Arrays.equals(password, expectedPassword); } else if (credential instanceof DigestCredential) { DigestCredential digCred = (DigestCredential) credential; MessageDigest digest = null; try { digest = digCred.getAlgorithm().getMessageDigest(); digest.update(account.getPrincipal().getName().getBytes(UTF_8)); digest.update((byte) ':'); digest.update(digCred.getRealm().getBytes(UTF_8)); digest.update((byte) ':'); char[] expectedPassword = users.get(account.getPrincipal().getName()); digest.update(new String(expectedPassword).getBytes(UTF_8)); return digCred.verifyHA1(HexConverter.convertToHexBytes(digest.digest())); } catch (NoSuchAlgorithmException e) { throw new IllegalStateException("Unsupported Algorithm", e); } finally { digest.reset(); } } return false; }
final Entry entry = connector.auth(connection, userFilter, new String(passwordCredential.getPassword())); if (entry == null) return authenticationFailure("Authentication error: " + userFilter, null);
private char[] cacheSessionToken(Account authenticatedAccount) { String id = authenticatedAccount.getPrincipal().getName(); Optional<SimpleAccount> cachedTokenAccount = AuthTokenIdentityManager.getInstance().getCachedAccounts().get(id); if (cachedTokenAccount == null) { char[] token = nextToken(); SimpleAccount newCachedTokenAccount = new SimpleAccount( id, token, authenticatedAccount.getRoles()); AuthTokenIdentityManager.getInstance() .getCachedAccounts() .put(id, newCachedTokenAccount); return token; } else { return cachedTokenAccount.get().getCredentials().getPassword(); } }
private Account verify(String id, PasswordCredential credential) { assertMechanism(AuthMechanism.PLAIN); if (credential == null) { return null; } AuthorizingCallbackHandler ach = securityRealm.getAuthorizingCallbackHandler(AuthMechanism.PLAIN); Callback[] callbacks = new Callback[3]; callbacks[0] = new RealmCallback("Realm", securityRealm.getName()); callbacks[1] = new NameCallback("Username", id); callbacks[2] = new EvidenceVerifyCallback(new PasswordGuessEvidence(credential.getPassword())); try { ach.handle(callbacks); } catch (Exception e) { ROOT_LOGGER.debug("Failure handling Callback(s) for BASIC authentication.", e); return null; } if (((EvidenceVerifyCallback) callbacks[2]).isVerified() == false) { return null; } Principal user = new SimplePrincipal(id); Collection<Principal> userCol = Collections.singleton(user); SubjectUserInfo supplemental; try { supplemental = ach.createSubjectUserInfo(userCol); } catch (IOException e) { return null; } addInetPrincipal(supplemental.getSubject().getPrincipals()); return new RealmIdentityAccount(supplemental.getSubject(), user); }
@Override public Account verify(String id, Credential credential) { AccountImpl account = getAccount(id); if (credential instanceof DigestCredential) { DigestCredential digestCredential = (DigestCredential) credential; DigestCallbackHandler handler = new DigestCallbackHandler(id, digestCredential.getNonce(), digestCredential.getNonceCount(), digestCredential.getClientNonce(), digestCredential.getQop(), digestCredential.getRealm(), digestCredential.getHA2()); CallbackHandlerPolicyContextHandler.setCallbackHandler(handler); return verifyCredential(account, digestCredential.getClientDigest()); } else if(credential instanceof PasswordCredential) { final char[] password = ((PasswordCredential) credential).getPassword(); // The original array may be cleared, this integration relies on it being cached for use later. final char[] duplicate = Arrays.copyOf(password, password.length); return verifyCredential(account, duplicate); } else { return verifyCredential(account, credential); } }
@Override public Account verify(String id, Credential credential) { AccountImpl account = getAccount(id); if (credential instanceof DigestCredential) { DigestCredential digestCredential = (DigestCredential) credential; DigestCallbackHandler handler = new DigestCallbackHandler(id, digestCredential.getNonce(), digestCredential.getNonceCount(), digestCredential.getClientNonce(), digestCredential.getQop(), digestCredential.getRealm(), digestCredential.getHA2()); CallbackHandlerPolicyContextHandler.setCallbackHandler(handler); return verifyCredential(account, digestCredential.getClientDigest()); } else if(credential instanceof PasswordCredential) { final char[] password = ((PasswordCredential) credential).getPassword(); // The original array may be cleared, this integration relies on it being cached for use later. final char[] duplicate = Arrays.copyOf(password, password.length); return verifyCredential(account, duplicate); } else { return verifyCredential(account, credential); } }