public String getPassword() { if (credential != null && credential instanceof Password) { Password ptp = (Password) credential; return new String(ptp.getValue()); } return null; }
public String getPassword() { if (credential != null && credential instanceof Password) { Password ptp = (Password) credential; return new String(ptp.getValue()); } return null; }
public String getPassword() { if (credential != null && credential instanceof Password) { Password ptp = (Password) credential; return new String(ptp.getValue()); } return null; }
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { EncodedPasswordStorage hash = new EncodedPasswordStorage(); if (password.getValue() == null || isNullOrEmpty(password.getValue().toString())) { throw MESSAGES.credentialInvalidPassword(); } String rawPassword = new String(password.getValue()); String passwordSalt = generateSalt(); hash.setSalt(passwordSalt); hash.setEncodedHash(this.passwordEncoder.encode(saltPassword(rawPassword, passwordSalt))); if (effectiveDate != null) { hash.setEffectiveDate(effectiveDate); } hash.setExpiryDate(expiryDate); return hash; }
@Override public void update(IdentityContext context, Account account, Password password, LDAPIdentityStore store, Date effectiveDate, Date expiryDate) { if (store.getConfig().isActiveDirectory()) { updateADPassword(account, new String(password.getValue()), store); } else { ModificationItem[] mods = new ModificationItem[1]; try { BasicAttribute mod0 = new BasicAttribute(USER_PASSWORD_ATTRIBUTE, new String(password.getValue())); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0); store.getOperationManager().modifyAttribute(store.getBindingDN(account, true), mod0); } catch (Exception e) { throw new IdentityManagementException("Error updating password.", e); } } }
@Override public CredentialStorage createCredentialStorage(IdentityContext context, Account account, U password, S store, Date effectiveDate, Date expiryDate) { EncodedPasswordStorage hash = new EncodedPasswordStorage(); if (password.getValue() == null || isNullOrEmpty(password.getValue().toString())) { throw MESSAGES.credentialInvalidPassword(); } String rawPassword = new String(password.getValue()); String passwordSalt = generateSalt(); hash.setSalt(passwordSalt); hash.setEncodedHash(this.passwordEncoder.encode(saltPassword(rawPassword, passwordSalt))); if (effectiveDate != null) { hash.setEffectiveDate(effectiveDate); } hash.setExpiryDate(expiryDate); return hash; }
@Override public void update(IdentityContext context, Account account, Password password, LDAPIdentityStore store, Date effectiveDate, Date expiryDate) { if (store.getConfig().isActiveDirectory()) { updateADPassword(account, new String(password.getValue()), store); } else { ModificationItem[] mods = new ModificationItem[1]; try { BasicAttribute mod0 = new BasicAttribute(USER_PASSWORD_ATTRIBUTE, new String(password.getValue())); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0); store.getOperationManager().modifyAttribute(store.getBindingDN(account, true), mod0); } catch (Exception e) { throw new IdentityManagementException("Error updating password.", e); } } }
@Override public void update(Agent agent, Object credential, IdentityStore<?> identityStore, Date effectiveDate, Date expiryDate) { checkIdentityStoreInstance(identityStore); if (!Password.class.isInstance(credential)) { throw new IllegalArgumentException("Credential class [" + credential.getClass().getName() + "] not supported by this handler."); } Password password = (Password) credential; LDAPIdentityStore ldapIdentityStore = (LDAPIdentityStore) identityStore; LDAPUser ldapuser = (LDAPUser) ldapIdentityStore.getUser(agent.getId()); if (ldapIdentityStore.getConfig().isActiveDirectory()) { updateADPassword(ldapuser, new String(password.getValue()), ldapIdentityStore); } else { ModificationItem[] mods = new ModificationItem[1]; try { Attribute mod0 = new BasicAttribute(USER_PASSWORD_ATTRIBUTE, new String(password.getValue())); mods[0] = new ModificationItem(DirContext.REPLACE_ATTRIBUTE, mod0); ldapIdentityStore.getLdapManager().modifyAttribute(ldapuser.getDN(), mod0); } catch (Exception e) { } } }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override protected boolean validateCredential(IdentityContext context, final CredentialStorage storage, final V credentials, S store) { EncodedPasswordStorage hash = (EncodedPasswordStorage) storage; if (hash != null) { String rawPassword = new String(credentials.getPassword().getValue()); return this.passwordEncoder.verify(saltPassword(rawPassword, hash.getSalt()), hash.getEncodedHash()); } return false; }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); LDAPOperationManager operationManager = ldapIdentityStore.getOperationManager(); String bindingDN = ldapIdentityStore.getBindingDN(account); char[] password = credentials.getPassword().getValue(); if (operationManager.authenticate(bindingDN, new String(password))) { return true; } return false; }
@Override public void update(Agent agent, Object credential, IdentityStore<?> identityStore, Date effectiveDate, Date expiryDate) { CredentialStore store = validateCredentialStore(identityStore); if (!Password.class.isInstance(credential)) { throw new IllegalArgumentException("Credential class [" + credential.getClass().getName() + "] not supported by this handler."); } Password password = (Password) credential; SHASaltedPasswordEncoder encoder = new SHASaltedPasswordEncoder(512); SHASaltedPasswordStorage hash = new SHASaltedPasswordStorage(); hash.setSalt(generateSalt()); hash.setEncodedHash(encoder.encodePassword(hash.getSalt(), new String(password.getValue()))); hash.setEffectiveDate(effectiveDate); if(expiryDate != null){ hash.setExpiryDate(expiryDate); } store.storeCredential(agent, hash); }
@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { checkIdentityStoreInstance(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { LDAPIdentityStore ldapIdentityStore = (LDAPIdentityStore) identityStore; LDAPUser ldapUser = (LDAPUser) ldapIdentityStore.getUser(agent.getId()); char[] password = usernamePassword.getPassword().getValue(); boolean isValid = ldapIdentityStore.getLdapManager().authenticate(ldapUser.getDN(), new String(password)); if (isValid) { usernamePassword.setStatus(Status.VALID); } } }
@Override public void validate(Credentials credentials, IdentityStore<?> identityStore) { CredentialStore store = validateCredentialStore(identityStore); if (!UsernamePasswordCredentials.class.isInstance(credentials)) { throw new IllegalArgumentException("Credentials class [" + credentials.getClass().getName() + "] not supported by this handler."); } UsernamePasswordCredentials usernamePassword = (UsernamePasswordCredentials) credentials; usernamePassword.setStatus(Status.INVALID); Agent agent = identityStore.getAgent(usernamePassword.getUsername()); // If the user for the provided username cannot be found we fail validation if (agent != null) { SHASaltedPasswordStorage hash = store.retrieveCurrentCredential(agent, SHASaltedPasswordStorage.class); // If the stored hash is null we automatically fail validation if (hash != null) { SHASaltedPasswordEncoder encoder = new SHASaltedPasswordEncoder(512); String encoded = encoder.encodePassword(hash.getSalt(), new String(usernamePassword.getPassword().getValue())); if (hash.getEncodedHash().equals(encoded)) { usernamePassword.setStatus(Status.VALID); usernamePassword.setValidatedAgent(agent); } } else if (isLastCredentialExpired(agent, store, SHASaltedPasswordStorage.class)) { usernamePassword.setStatus(Status.EXPIRED); } } }
@Override protected boolean validateCredential(IdentityContext context, CredentialStorage credentialStorage, UsernamePasswordCredentials credentials, LDAPIdentityStore ldapIdentityStore) { Account account = getAccount(context, credentials.getUsername()); char[] password = credentials.getPassword().getValue(); String userDN = (String) account.getAttribute(LDAPIdentityStore.ENTRY_DN_ATTRIBUTE_NAME).getValue(); if (CREDENTIAL_LOGGER.isDebugEnabled()) { CREDENTIAL_LOGGER.debugf("Using DN [%s] for authentication of user [%s]", userDN, credentials.getUsername()); } if (ldapIdentityStore.getOperationManager().authenticate(userDN, new String(password))) { return true; } return false; } }