directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pamarce...@apache.org
Subject svn commit: r1524098 - in /directory/studio/trunk/plugins: ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java
Date Tue, 17 Sep 2013 15:43:42 GMT
Author: pamarcelot
Date: Tue Sep 17 15:43:41 2013
New Revision: 1524098

URL: http://svn.apache.org/r1524098
Log:
Fix for DIRSTUDIO-950 (Add support for PKCS5S2 hashing mechanism in Password Dialog)

Modified:
    directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java
    directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java

Modified: directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java?rev=1524098&r1=1524097&r2=1524098&view=diff
==============================================================================
--- directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java
(original)
+++ directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java
Tue Sep 17 15:43:41 2013
@@ -21,11 +21,17 @@
 package org.apache.directory.studio.ldapbrowser.core.model;
 
 
+import java.security.Key;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.spec.KeySpec;
+
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
 
 import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants;
+import org.apache.directory.api.util.Strings;
 import org.apache.directory.studio.ldapbrowser.core.BrowserCoreMessages;
 import org.apache.directory.studio.ldapbrowser.core.utils.UnixCrypt;
 import org.apache.directory.studio.ldifparser.LdifUtils;
@@ -49,6 +55,7 @@ import org.apache.directory.studio.ldifp
  *   <li>SSHA-512</li>
  *   <li>MD5</li>
  *   <li>SMD5</li>
+ *   <li>PKCS5S2</li>
  *   <li>CRYPT</li>
  * </ul>
  *
@@ -121,7 +128,8 @@ public class Password
                     || ( LdapSecurityConstants.HASH_METHOD_SSHA256 == hashMethod )
                     || ( LdapSecurityConstants.HASH_METHOD_SSHA384 == hashMethod )
                     || ( LdapSecurityConstants.HASH_METHOD_SSHA512 == hashMethod )
-                    || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) )
+                    || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod )
+                    || ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) )
                 {
                     switch ( hashMethod )
                     {
@@ -140,6 +148,9 @@ public class Password
                         case HASH_METHOD_SMD5:
                             hashedPassword = new byte[16];
                             break;
+                        case HASH_METHOD_PKCS5S2:
+                            hashedPassword = new byte[20];
+                            break;
                         default:
                             break;
                     }
@@ -202,7 +213,8 @@ public class Password
             || ( LdapSecurityConstants.HASH_METHOD_SSHA256 == hashMethod )
             || ( LdapSecurityConstants.HASH_METHOD_SSHA384 == hashMethod )
             || ( LdapSecurityConstants.HASH_METHOD_SSHA512 == hashMethod )
-            || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) )
+            || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod )
+            || ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) )
         {
             this.salt = new byte[8];
             new SecureRandom().nextBytes( this.salt );
@@ -243,6 +255,10 @@ public class Password
         {
             this.hashedPassword = crypt( passwordAsPlaintext, this.salt );
         }
+        else if ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod )
+        {
+            this.hashedPassword = generatePbkdf2Hash( passwordAsPlaintext.getBytes(), hashMethod,
salt );
+        }
     }
 
 
@@ -290,6 +306,12 @@ public class Password
             byte[] crypted = crypt( testPasswordAsPlaintext, salt );
             verified = equals( crypted, hashedPassword );
         }
+        else if ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod )
+        {
+            byte[] hash = generatePbkdf2Hash( testPasswordAsPlaintext.getBytes(),
+                LdapSecurityConstants.HASH_METHOD_PKCS5S2, salt );
+            verified = equals( hash, hashedPassword );
+        }
 
         return verified;
     }
@@ -501,4 +523,29 @@ public class Password
         String crypted = saltWithCrypted.substring( 2 );
         return LdifUtils.utf8encode( crypted );
     }
+
+
+    /**
+     * generates a hash based on the <a href="http://en.wikipedia.org/wiki/PBKDF2">PKCS5S2
spec</a>
+     * 
+     * @param algorithm the algorithm to use
+     * @param password the credentials
+     * @param salt the optional salt
+     * @return the digested credentials
+     */
+    private static byte[] generatePbkdf2Hash( byte[] credentials, LdapSecurityConstants algorithm,
byte[] salt )
+    {
+        try
+        {
+            SecretKeyFactory sk = SecretKeyFactory.getInstance( algorithm.getAlgorithm()
);
+            char[] password = Strings.utf8ToString( credentials ).toCharArray();
+            KeySpec keySpec = new PBEKeySpec( password, salt, 1000, 160 );
+            Key key = sk.generateSecret( keySpec );
+            return key.getEncoded();
+        }
+        catch ( Exception e )
+        {
+            throw new RuntimeException( e );
+        }
+    }
 }

Modified: directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java
URL: http://svn.apache.org/viewvc/directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java?rev=1524098&r1=1524097&r2=1524098&view=diff
==============================================================================
--- directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java
(original)
+++ directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java
Tue Sep 17 15:43:41 2013
@@ -85,6 +85,7 @@ public class PasswordDialog extends Dial
             LdapSecurityConstants.HASH_METHOD_SSHA512,
             LdapSecurityConstants.HASH_METHOD_MD5,
             LdapSecurityConstants.HASH_METHOD_SMD5,
+            LdapSecurityConstants.HASH_METHOD_PKCS5S2,
             LdapSecurityConstants.HASH_METHOD_CRYPT,
             NO_HASH_METHOD };
 



Mime
View raw message