@Override public void get(final String tenantId, final String type, final String authId, final JsonObject clientContext, final Span span, final Handler<AsyncResult<CredentialsResult<JsonObject>>> resultHandler) { final JsonObject result = JsonObject.mapFrom(CredentialsObject.fromHashedPassword( authId, authId, PWD_HASH, CredentialsConstants.HASH_FUNCTION_SHA256, null, null, null)); resultHandler.handle(Future.succeededFuture( CredentialsResult.from(HttpURLConnection.HTTP_OK, JsonObject.mapFrom(result), CacheDirective.noCacheDirective()))); }
@Override public void get(final String tenantId, final String type, final String authId, final JsonObject clientContext, final Handler<AsyncResult<CredentialsResult<JsonObject>>> resultHandler) { final JsonObject result = JsonObject.mapFrom(CredentialsObject.fromHashedPassword( authId, authId, ClearTextPassword.encode(CredentialsConstants.HASH_FUNCTION_SHA256, null, "hono-secret"), CredentialsConstants.HASH_FUNCTION_SHA256, null, null, null)); resultHandler.handle(Future.succeededFuture( CredentialsResult.from(HttpURLConnection.HTTP_OK, JsonObject.mapFrom(result), CacheDirective.noCacheDirective()))); }
/** * Verifies that the base service accepts a request for adding * valid bcrypt hashed password credentials. * * @param ctx The vert.x test context. */ @Test public void testAddSucceedsForValidBcryptSecret(final TestContext ctx) { // see https://www.dailycred.com/article/bcrypt-calculator final CredentialsObject credentials = CredentialsObject.fromHashedPassword( "4711", "theDevice", "$2a$10$UK9lmSMlYmeXqABkTrDRsu1nlZRnAmGnBdPIWZoDajtjyxX18Dry.", CredentialsConstants.HASH_FUNCTION_BCRYPT, null, null, null); final EventBusMessage msg = createRequestForPayload(CredentialsConstants.CredentialsAction.add, JsonObject.mapFrom(credentials)); service.processRequest(msg).setHandler(ctx.asyncAssertSuccess(response -> { ctx.assertEquals(HttpURLConnection.HTTP_CREATED, response.getStatus()); })); }
/** * Verifies that the base service rejects a request for adding * BCrypt hashed password credentials containing a hash that uses more * than the configured maximum iterations. * * @param ctx The vert.x test context. */ @Test public void testAddFailsForBcryptSecretsWithTooManyIterations(final TestContext ctx) { // GIVEN a bcrypted password using more than the configured max iterations // see https://www.dailycred.com/article/bcrypt-calculator final CredentialsObject credentials = CredentialsObject.fromHashedPassword( "4711", "user", "$2a$11$gYh52ApJeJcLvKrXHkGm5.xtLf7PVJySmXrt0EvFfLjCfLdIdvoay", CredentialsConstants.HASH_FUNCTION_BCRYPT, null, null, null); final EventBusMessage msg = createRequestForPayload(CredentialsConstants.CredentialsAction.add, JsonObject.mapFrom(credentials)); // WHEN a client tries to add hashed password credentials service.processRequest(msg).setHandler(ctx.asyncAssertFailure(t -> { // THEN the request fails ctx.assertEquals(HttpURLConnection.HTTP_BAD_REQUEST, ((ServiceInvocationException) t).getErrorCode()); })); }