directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From elecha...@apache.org
Subject svn commit: r1785534 - in /directory/shared/branches/shared-value: ./ distribution/src/main/release/ distribution/src/main/release/licenses/ ldap/model/ ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/ ldap/model/src/main/java/or...
Date Sun, 05 Mar 2017 08:02:03 GMT
Author: elecharny
Date: Sun Mar  5 08:02:03 2017
New Revision: 1785534

URL: http://svn.apache.org/viewvc?rev=1785534&view=rev
Log:
Ported DIRSERVER-2180

Added:
    directory/shared/branches/shared-value/distribution/src/main/release/licenses/jbcrypt-LICENSE.txt
Modified:
    directory/shared/branches/shared-value/LICENSE
    directory/shared/branches/shared-value/distribution/src/main/release/NOTICE
    directory/shared/branches/shared-value/ldap/model/pom.xml
    directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/LdapSecurityConstants.java
    directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/password/PasswordUtil.java
    directory/shared/branches/shared-value/ldap/model/src/test/java/org/apache/directory/api/ldap/model/password/PasswordUtilTest.java
    directory/shared/branches/shared-value/pom.xml

Modified: directory/shared/branches/shared-value/LICENSE
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/LICENSE?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/LICENSE (original)
+++ directory/shared/branches/shared-value/LICENSE Sun Mar  5 08:02:03 2017
@@ -226,3 +226,24 @@ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER L
 OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION
 WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
+
+==================================================================================================
+jBCrypt 0.4.1 license
+--------------------------------------------------------------------------------------------------
+jBCrypt is subject to the following license:
+
+/*
+ * Copyright (c) 2006 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+*/

Modified: directory/shared/branches/shared-value/distribution/src/main/release/NOTICE
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/distribution/src/main/release/NOTICE?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/distribution/src/main/release/NOTICE (original)
+++ directory/shared/branches/shared-value/distribution/src/main/release/NOTICE Sun Mar  5
08:02:03 2017
@@ -30,4 +30,6 @@ developed by MetaStuff Ltd.  (http://sou
 This product includes/uses software, SLF4J API Module (http://www.slf4j.org),
 developed by QOS.ch  (http://www.qos.ch)
 
+This product includes/uses software, jBCrypt 0.4.1 (http://www.mindrot.org/files/jBCrypt)
+
 This product includes/uses software, XMLPullParser 3 - xpp3:xpp3:jar:1.1.3.4.O (http://www.extreme.indiana.edu/xgws/xsoap/xpp/mxp1/)

Added: directory/shared/branches/shared-value/distribution/src/main/release/licenses/jbcrypt-LICENSE.txt
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/distribution/src/main/release/licenses/jbcrypt-LICENSE.txt?rev=1785534&view=auto
==============================================================================
--- directory/shared/branches/shared-value/distribution/src/main/release/licenses/jbcrypt-LICENSE.txt
(added)
+++ directory/shared/branches/shared-value/distribution/src/main/release/licenses/jbcrypt-LICENSE.txt
Sun Mar  5 08:02:03 2017
@@ -0,0 +1,17 @@
+jBCrypt is subject to the following license:
+
+/*
+ * Copyright (c) 2006 Damien Miller <djm@mindrot.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */

Modified: directory/shared/branches/shared-value/ldap/model/pom.xml
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/model/pom.xml?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/model/pom.xml (original)
+++ directory/shared/branches/shared-value/ldap/model/pom.xml Sun Mar  5 08:02:03 2017
@@ -92,6 +92,11 @@
     </dependency>
 
     <dependency>
+      <groupId>de.svenkubiak</groupId>
+      <artifactId>jBCrypt</artifactId>
+    </dependency>
+
+    <dependency>
       <groupId>findbugs</groupId>
       <artifactId>annotations</artifactId>
       <scope>provided</scope>

Modified: directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/LdapSecurityConstants.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/LdapSecurityConstants.java?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/LdapSecurityConstants.java
(original)
+++ directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/constants/LdapSecurityConstants.java
Sun Mar  5 08:02:03 2017
@@ -68,6 +68,9 @@ public enum LdapSecurityConstants
     
     /** The crypt (SHA-512) encryption method */
     HASH_METHOD_CRYPT_SHA512("CRYPT-SHA-512", "SHA-512", "crypt", "$6$"),
+    
+    /** The BCrypt encryption method */
+    HASH_METHOD_CRYPT_BCRYPT("CRYPT-BCRYPT", "BCRYPT", "crypt", "$2a$"),
 
     /** The PBKDF2-based encryption method */
     HASH_METHOD_PKCS5S2("PKCS5S2", "PBKDF2WithHmacSHA1", "PKCS5S2");
@@ -211,6 +214,11 @@ public enum LdapSecurityConstants
             return HASH_METHOD_CRYPT_SHA512;
         }
 
+        if ( matches( algorithm, HASH_METHOD_CRYPT_BCRYPT ) )
+        {
+            return HASH_METHOD_CRYPT_BCRYPT;
+        }
+
         if ( matches( algorithm, HASH_METHOD_SHA256 ) )
         {
             return HASH_METHOD_SHA256;

Modified: directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/password/PasswordUtil.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/password/PasswordUtil.java?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/password/PasswordUtil.java
(original)
+++ directory/shared/branches/shared-value/ldap/model/src/main/java/org/apache/directory/api/ldap/model/password/PasswordUtil.java
Sun Mar  5 08:02:03 2017
@@ -38,6 +38,7 @@ import org.apache.directory.api.util.Bas
 import org.apache.directory.api.util.DateUtils;
 import org.apache.directory.api.util.Strings;
 
+import org.mindrot.jbcrypt.BCrypt;
 
 /**
  * A utility class containing methods related to processing passwords.
@@ -77,6 +78,9 @@ public final class PasswordUtil
     /** The CRYPT (SHA-512) hash length */
     public static final int CRYPT_SHA512_LENGTH = 86;
 
+    /** The CRYPT (BCrypt) hash length */
+    public static final int CRYPT_BCRYPT_LENGTH = 31;
+
     private static final byte[] CRYPT_SALT_CHARS = Strings
         .getBytesUtf8( "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
);
 
@@ -125,11 +129,17 @@ public final class PasswordUtil
                 String algorithm = Strings.toLowerCaseAscii( Strings.utf8ToString( credentials,
1, pos - 1 ) );
 
                 // support for crypt additional encryption algorithms (e.g. {crypt}$1$salt$ez2vlPGdaLYkJam5pWs/Y1)
-                // currently only one-digit IDs are defined thus this quick check
                 if ( credentials.length > pos + 3 && credentials[pos + 1] == '$'
-                    && Character.isDigit( credentials[pos + 2] ) && credentials[pos
+ 3] == '$' )
+                    && Character.isDigit( credentials[pos + 2] ) )
                 {
-                    algorithm += Strings.utf8ToString( credentials, pos + 1, 3 );
+                    if ( credentials[pos + 3] == '$' )
+                    {
+                        algorithm += Strings.utf8ToString( credentials, pos + 1, 3 );
+                    }
+                    else if ( credentials.length > pos + 4 && credentials[pos
+ 4] == '$' )
+                    {
+                        algorithm += Strings.utf8ToString( credentials, pos + 1, 4 );
+                    }
                 }
 
                 return LdapSecurityConstants.getAlgorithm( algorithm );
@@ -206,6 +216,10 @@ public final class PasswordUtil
             case HASH_METHOD_CRYPT_SHA512:
                 salt = generateCryptSalt( 8 );
                 break;
+                
+            case HASH_METHOD_CRYPT_BCRYPT:
+                salt = Strings.getBytesUtf8( BCrypt.gensalt() );
+                break;
 
             default:
                 salt = null;
@@ -216,7 +230,8 @@ public final class PasswordUtil
 
         sb.append( '{' ).append( Strings.upperCase( algorithm.getPrefix() ) ).append( '}'
);
 
-        if ( algorithm == LdapSecurityConstants.HASH_METHOD_CRYPT )
+        if ( algorithm == LdapSecurityConstants.HASH_METHOD_CRYPT
+            || algorithm == LdapSecurityConstants.HASH_METHOD_CRYPT_BCRYPT )
         {
             sb.append( Strings.utf8ToString( salt ) );
             sb.append( Strings.utf8ToString( hashedPassword ) );
@@ -313,7 +328,7 @@ public final class PasswordUtil
             // be able to encrypt the submitted user password in the next step
             PasswordDetails passwordDetails = PasswordUtil.splitCredentials( storedCredentials
);
 
-            // Reuse the saltedPassword informations to construct the encrypted
+            // Reuse the saltedPassword information to construct the encrypted
             // password given by the user.
             byte[] userPassword = PasswordUtil.encryptPassword( receivedCredentials, passwordDetails.getAlgorithm(),
                 passwordDetails.getSalt() );
@@ -410,6 +425,10 @@ public final class PasswordUtil
                     algorithm.getSubPrefix() + Strings.utf8ToString( salt ) );
                 String crypted2 = saltWithCrypted2.substring( saltWithCrypted2.lastIndexOf(
'$' ) + 1 );
                 return Strings.getBytesUtf8( crypted2 );
+
+            case HASH_METHOD_CRYPT_BCRYPT:
+                String crypted3 = BCrypt.hashpw( Strings.utf8ToString( credentials ), Strings.utf8ToString(
salt ) );
+                return Strings.getBytesUtf8( crypted3.substring( crypted3.length() - 31 )
);
                 
             case HASH_METHOD_PKCS5S2:
                 return generatePbkdf2Hash( credentials, algorithm, salt );
@@ -513,6 +532,12 @@ public final class PasswordUtil
                 split( credentials, algoLength, salt, password );
                 return new PasswordDetails( algorithm, salt, password );
 
+            case HASH_METHOD_CRYPT_BCRYPT:
+                    salt = Arrays.copyOfRange( credentials, algoLength, credentials.length
- 31 );
+                    password = Arrays.copyOfRange( credentials, credentials.length - 31,
credentials.length );
+                    
+                    return new PasswordDetails( algorithm, salt, password );
+
             case HASH_METHOD_CRYPT_MD5:
             case HASH_METHOD_CRYPT_SHA256:
             case HASH_METHOD_CRYPT_SHA512:
@@ -600,8 +625,8 @@ public final class PasswordUtil
      * 
      * Note: this has been implemented to generate hashes compatible with what JIRA generates.
      *       See the <a href="http://pythonhosted.org/passlib/lib/passlib.hash.atlassian_pbkdf2_sha1.html">JIRA's
passlib</a>
+     * @param credentials the credentials
      * @param algorithm the algorithm to use
-     * @param password the credentials
      * @param salt the optional salt
      * @return the digested credentials
      */

Modified: directory/shared/branches/shared-value/ldap/model/src/test/java/org/apache/directory/api/ldap/model/password/PasswordUtilTest.java
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/ldap/model/src/test/java/org/apache/directory/api/ldap/model/password/PasswordUtilTest.java?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/ldap/model/src/test/java/org/apache/directory/api/ldap/model/password/PasswordUtilTest.java
(original)
+++ directory/shared/branches/shared-value/ldap/model/src/test/java/org/apache/directory/api/ldap/model/password/PasswordUtilTest.java
Sun Mar  5 08:02:03 2017
@@ -22,6 +22,7 @@ package org.apache.directory.api.ldap.mo
 
 
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_CRYPT;
+import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_CRYPT_BCRYPT;
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_CRYPT_MD5;
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_CRYPT_SHA256;
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_CRYPT_SHA512;
@@ -36,6 +37,7 @@ import static org.apache.directory.api.l
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_SSHA256;
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_SSHA384;
 import static org.apache.directory.api.ldap.model.constants.LdapSecurityConstants.HASH_METHOD_SSHA512;
+import static org.apache.directory.api.ldap.model.password.PasswordUtil.CRYPT_BCRYPT_LENGTH;
 import static org.apache.directory.api.ldap.model.password.PasswordUtil.CRYPT_LENGTH;
 import static org.apache.directory.api.ldap.model.password.PasswordUtil.CRYPT_MD5_LENGTH;
 import static org.apache.directory.api.ldap.model.password.PasswordUtil.CRYPT_SHA256_LENGTH;
@@ -348,8 +350,26 @@ public class PasswordUtilTest
     }
 
 
-    private void testPassword( String plainText, String encrypted, LdapSecurityConstants
algorithm, int passwordLength,
-        int saltLength )
+    @Test
+    public void testPasswordCRYPT2aEncrypted()
+    {
+        testPassword( "secret",
+            "{CRYPT}$2a$06$LH2xIb/TZmajuLJGDNuegeeY.SCwkg6YAVLNXTh8n4Xfb1uwmLXg6",
+            HASH_METHOD_CRYPT_BCRYPT, CRYPT_BCRYPT_LENGTH, 29 );
+    }
+
+
+    @Test
+    public void testPasswordCRYPT2aEncryptedLowercase()
+    {
+        testPassword( "secret",
+            "{crypt}$2a$06$LH2xIb/TZmajuLJGDNuegeeY.SCwkg6YAVLNXTh8n4Xfb1uwmLXg6",
+            HASH_METHOD_CRYPT_BCRYPT, CRYPT_BCRYPT_LENGTH, 29 );
+    }
+
+
+    private void testPassword(String plainText, String encrypted, LdapSecurityConstants algorithm,
int passwordLength,
+                              int saltLength )
     {
         // assert findAlgorithm
         assertEquals( algorithm, PasswordUtil.findAlgorithm( Strings.getBytesUtf8( encrypted
) ) );

Modified: directory/shared/branches/shared-value/pom.xml
URL: http://svn.apache.org/viewvc/directory/shared/branches/shared-value/pom.xml?rev=1785534&r1=1785533&r2=1785534&view=diff
==============================================================================
--- directory/shared/branches/shared-value/pom.xml (original)
+++ directory/shared/branches/shared-value/pom.xml Sun Mar  5 08:02:03 2017
@@ -53,6 +53,7 @@
     <dom4j.version>1.6.1</dom4j.version>
     <findbugs.annotations.version>1.0.0</findbugs.annotations.version>
     <forbiddenapis.version>2.2</forbiddenapis.version>
+    <jbcrypt.version>0.4.1</jbcrypt.version>
     <junit.version>4.12</junit.version>
     <log4j.version>1.2.17</log4j.version>
     <logback.version>1.1.8</logback.version>
@@ -590,6 +591,12 @@
         <artifactId>junit</artifactId>
         <version>${junit.version}</version>
       </dependency>
+
+      <dependency>
+        <groupId>de.svenkubiak</groupId>
+        <artifactId>jBCrypt</artifactId>
+        <version>${jbcrypt.version}</version>
+      </dependency> 
       
       <dependency>
         <groupId>xml-apis</groupId>



Mime
View raw message