Return-Path: X-Original-To: apmail-directory-commits-archive@www.apache.org Delivered-To: apmail-directory-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F14AA104A9 for ; Tue, 17 Sep 2013 15:44:05 +0000 (UTC) Received: (qmail 48113 invoked by uid 500); 17 Sep 2013 15:44:05 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 48081 invoked by uid 500); 17 Sep 2013 15:44:04 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 48070 invoked by uid 99); 17 Sep 2013 15:44:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 15:44:03 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 15:44:02 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 3C8D1238896F; Tue, 17 Sep 2013 15:43:42 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1524098 - in /directory/studio/trunk/plugins: ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java Date: Tue, 17 Sep 2013 15:43:42 -0000 To: commits@directory.apache.org From: pamarcelot@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20130917154342.3C8D1238896F@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: pamarcelot Date: Tue Sep 17 15:43:41 2013 New Revision: 1524098 URL: http://svn.apache.org/r1524098 Log: Fix for DIRSTUDIO-950 (Add support for PKCS5S2 hashing mechanism in Password Dialog) Modified: directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java Modified: directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java URL: http://svn.apache.org/viewvc/directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java?rev=1524098&r1=1524097&r2=1524098&view=diff ============================================================================== --- directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java (original) +++ directory/studio/trunk/plugins/ldapbrowser.core/src/main/java/org/apache/directory/studio/ldapbrowser/core/model/Password.java Tue Sep 17 15:43:41 2013 @@ -21,11 +21,17 @@ package org.apache.directory.studio.ldapbrowser.core.model; +import java.security.Key; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import java.security.spec.KeySpec; + +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; import org.apache.directory.api.ldap.model.constants.LdapSecurityConstants; +import org.apache.directory.api.util.Strings; import org.apache.directory.studio.ldapbrowser.core.BrowserCoreMessages; import org.apache.directory.studio.ldapbrowser.core.utils.UnixCrypt; import org.apache.directory.studio.ldifparser.LdifUtils; @@ -49,6 +55,7 @@ import org.apache.directory.studio.ldifp *
  • SSHA-512
    • *
  • MD5
    • *
  • SMD5
    • + *
  • PKCS5S2
    • *
  • CRYPT
    • * * @@ -121,7 +128,8 @@ public class Password || ( LdapSecurityConstants.HASH_METHOD_SSHA256 == hashMethod ) || ( LdapSecurityConstants.HASH_METHOD_SSHA384 == hashMethod ) || ( LdapSecurityConstants.HASH_METHOD_SSHA512 == hashMethod ) - || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) ) + || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) + || ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) ) { switch ( hashMethod ) { @@ -140,6 +148,9 @@ public class Password case HASH_METHOD_SMD5: hashedPassword = new byte[16]; break; + case HASH_METHOD_PKCS5S2: + hashedPassword = new byte[20]; + break; default: break; } @@ -202,7 +213,8 @@ public class Password || ( LdapSecurityConstants.HASH_METHOD_SSHA256 == hashMethod ) || ( LdapSecurityConstants.HASH_METHOD_SSHA384 == hashMethod ) || ( LdapSecurityConstants.HASH_METHOD_SSHA512 == hashMethod ) - || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) ) + || ( LdapSecurityConstants.HASH_METHOD_SMD5 == hashMethod ) + || ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) ) { this.salt = new byte[8]; new SecureRandom().nextBytes( this.salt ); @@ -243,6 +255,10 @@ public class Password { this.hashedPassword = crypt( passwordAsPlaintext, this.salt ); } + else if ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) + { + this.hashedPassword = generatePbkdf2Hash( passwordAsPlaintext.getBytes(), hashMethod, salt ); + } } @@ -290,6 +306,12 @@ public class Password byte[] crypted = crypt( testPasswordAsPlaintext, salt ); verified = equals( crypted, hashedPassword ); } + else if ( LdapSecurityConstants.HASH_METHOD_PKCS5S2 == hashMethod ) + { + byte[] hash = generatePbkdf2Hash( testPasswordAsPlaintext.getBytes(), + LdapSecurityConstants.HASH_METHOD_PKCS5S2, salt ); + verified = equals( hash, hashedPassword ); + } return verified; } @@ -501,4 +523,29 @@ public class Password String crypted = saltWithCrypted.substring( 2 ); return LdifUtils.utf8encode( crypted ); } + + + /** + * generates a hash based on the PKCS5S2 spec + * + * @param algorithm the algorithm to use + * @param password the credentials + * @param salt the optional salt + * @return the digested credentials + */ + private static byte[] generatePbkdf2Hash( byte[] credentials, LdapSecurityConstants algorithm, byte[] salt ) + { + try + { + SecretKeyFactory sk = SecretKeyFactory.getInstance( algorithm.getAlgorithm() ); + char[] password = Strings.utf8ToString( credentials ).toCharArray(); + KeySpec keySpec = new PBEKeySpec( password, salt, 1000, 160 ); + Key key = sk.generateSecret( keySpec ); + return key.getEncoded(); + } + catch ( Exception e ) + { + throw new RuntimeException( e ); + } + } } Modified: directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java URL: http://svn.apache.org/viewvc/directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java?rev=1524098&r1=1524097&r2=1524098&view=diff ============================================================================== --- directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java (original) +++ directory/studio/trunk/plugins/valueeditors/src/main/java/org/apache/directory/studio/valueeditors/password/PasswordDialog.java Tue Sep 17 15:43:41 2013 @@ -85,6 +85,7 @@ public class PasswordDialog extends Dial LdapSecurityConstants.HASH_METHOD_SSHA512, LdapSecurityConstants.HASH_METHOD_MD5, LdapSecurityConstants.HASH_METHOD_SMD5, + LdapSecurityConstants.HASH_METHOD_PKCS5S2, LdapSecurityConstants.HASH_METHOD_CRYPT, NO_HASH_METHOD };