Skip to content
[Jenkins]Jenkins
log in

Package: AuthenticationUtils

AuthenticationUtils

nameinstructionbranchcomplexitylinemethod
cryptCredential(CryptAlgorithm, String)
M: 26 C: 0
0%
M: 3 C: 0
0%
M: 3 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
decryptAes(String)
M: 31 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 8 C: 0
0%
M: 1 C: 0
0%
doBCrypt(String)
M: 26 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
doSha(String)
M: 65 C: 0
0%
M: 2 C: 0
0%
M: 2 C: 0
0%
M: 14 C: 0
0%
M: 1 C: 0
0%
encryptAes(String)
M: 28 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 7 C: 0
0%
M: 1 C: 0
0%
generateKey()
M: 13 C: 0
0%
M: 0 C: 0
100%
M: 1 C: 0
0%
M: 3 C: 0
0%
M: 1 C: 0
0%

Coverage

1: /*******************************************************************************
2: * Copyright (c) 2016, 2022 Eurotech and/or its affiliates and others
3: *
4: * This program and the accompanying materials are made
5: * available under the terms of the Eclipse Public License 2.0
6: * which is available at https://www.eclipse.org/legal/epl-2.0/
7: *
8: * SPDX-License-Identifier: EPL-2.0
9: *
10: * Contributors:
11: * Eurotech - initial API and implementation
12: * Red Hat Inc
13: *******************************************************************************/
14: package org.eclipse.kapua.service.authentication.shiro.utils;
15:
16: import org.apache.shiro.codec.Base64;
17: import org.apache.shiro.crypto.hash.Sha256Hash;
18: import org.apache.shiro.crypto.hash.Sha512Hash;
19: import org.eclipse.kapua.KapuaException;
20: import org.eclipse.kapua.KapuaRuntimeException;
21: import org.eclipse.kapua.commons.crypto.CryptoUtil;
22: import org.eclipse.kapua.commons.util.ArgumentValidator;
23: import org.eclipse.kapua.service.authentication.KapuaAuthenticationErrorCodes;
24: import org.eclipse.kapua.service.authentication.shiro.setting.KapuaCryptoSetting;
25: import org.eclipse.kapua.service.authentication.shiro.setting.KapuaCryptoSettingKeys;
26: import org.springframework.security.crypto.bcrypt.BCrypt;
27:
28: import javax.crypto.BadPaddingException;
29: import javax.crypto.Cipher;
30: import javax.crypto.IllegalBlockSizeException;
31: import javax.crypto.NoSuchPaddingException;
32: import javax.crypto.spec.SecretKeySpec;
33: import java.security.InvalidKeyException;
34: import java.security.Key;
35: import java.security.NoSuchAlgorithmException;
36: import java.security.SecureRandom;
37:
38: /**
39: * Authentication utilities.
40: *
41: * @since 1.0
42: */
43: public class AuthenticationUtils {
44:
45: private static final String CIPHER_ALGORITHM = "AES";
46:
47: private AuthenticationUtils() {
48: }
49:
50: /**
51: * Encrypts and return the plain credential value (unencrypted value).
52: *
53: * @param plainValue
54: * @return the encrypted credential
55: * @throws KapuaException when something goes wrong
56: */
57: public static String cryptCredential(CryptAlgorithm algorithm, String plainValue)
58: throws KapuaException {
59: //
60: // Argument validator
61: ArgumentValidator.notEmptyOrNull(plainValue, "plainValue");
62:
63: //
64: // Do crypt
65: String cryptedValue;
66:• switch (algorithm) {
67: case BCRYPT:
68: cryptedValue = doBCrypt(plainValue);
69: break;
70: case SHA:
71: cryptedValue = doSha(plainValue);
72: break;
73: default:
74: throw new KapuaRuntimeException(KapuaAuthenticationErrorCodes.CREDENTIAL_CRYPT_ERROR, null, (Object[]) null);
75: }
76:
77: return cryptedValue;
78: }
79:
80: private static String doSha(String plainValue) {
81: try {
82: //
83: // Retrieve Crypt Settings
84: KapuaCryptoSetting settings = KapuaCryptoSetting.getInstance();
85: int saltLength = settings.getInt(KapuaCryptoSettingKeys.CRYPTO_SHA_SALT_LENGTH);
86: String shaAlgorithm = settings.getString(KapuaCryptoSettingKeys.CRYPTO_SHA_ALGORITHM);
87:
88: //
89: // Generate salt
90: SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
91: byte[] bSalt = new byte[saltLength];
92: random.nextBytes(bSalt);
93: String salt = Base64.encodeToString(bSalt);
94:
95: //
96: // Hash value
97: String hashedValue;
98:• switch (shaAlgorithm) {
99: case "SHA256":
100: hashedValue = (new Sha256Hash(plainValue, salt)).toHex();
101: break;
102: case "SHA512":
103: default:
104: hashedValue = (new Sha512Hash(plainValue, salt)).toHex();
105: break;
106: }
107:
108: //
109: // Return value
110: return salt + ":" + hashedValue;
111: } catch (NoSuchAlgorithmException e) {
112: throw new KapuaRuntimeException(KapuaAuthenticationErrorCodes.CREDENTIAL_CRYPT_ERROR, e);
113: }
114: }
115:
116: private static String doBCrypt(String plainValue) {
117: try {
118: //
119: // Retrieve Crypt Settings
120: KapuaCryptoSetting settings = KapuaCryptoSetting.getInstance();
121: int logRound = settings.getInt(KapuaCryptoSettingKeys.CRYPTO_BCRYPT_LOG_ROUNDS);
122:
123: //
124: // Generate salt
125: SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
126: String salt = BCrypt.gensalt(logRound, random);
127:
128: //
129: // Hash and return value
130: return BCrypt.hashpw(plainValue, salt);
131: } catch (NoSuchAlgorithmException e) {
132: throw new KapuaRuntimeException(KapuaAuthenticationErrorCodes.CREDENTIAL_CRYPT_ERROR, e, (Object[]) null);
133: }
134: }
135:
136: /**
137: * Encrypt the given string using the AES algorithm provided by {@link Cipher}
138: *
139: * @param value the string to encrypt
140: * @return the encrypted string
141: * @deprecated Since 2.0.0. Please make use of {@link CryptoUtil#encryptAes(String)}.
142: */
143: @Deprecated
144: public static String encryptAes(String value) {
145: try {
146: Key key = generateKey();
147: Cipher c = Cipher.getInstance(CIPHER_ALGORITHM);
148: c.init(Cipher.ENCRYPT_MODE, key);
149:
150: byte[] encryptedBytes = c.doFinal(value.getBytes());
151:
152: return java.util.Base64.getUrlEncoder().withoutPadding().encodeToString(encryptedBytes);
153: } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
154: throw new KapuaRuntimeException(KapuaAuthenticationErrorCodes.CREDENTIAL_CRYPT_ERROR, e);
155: }
156: }
157:
158: /**
159: * Decrypt the given string using the AES algorithm provided by {@link Cipher}
160: *
161: * @param encryptedValue the string to decrypt
162: * @return the decrypted string
163: * @deprecated Since 2.0.0. Please make use of {@link CryptoUtil#decryptAes(String)}.
164: */
165: @Deprecated
166: public static String decryptAes(String encryptedValue) {
167: try {
168: Key key = generateKey();
169: Cipher c = Cipher.getInstance(CIPHER_ALGORITHM);
170: c.init(Cipher.DECRYPT_MODE, key);
171:
172: byte[] decodedValue = java.util.Base64.getUrlDecoder().decode(encryptedValue);
173: byte[] decryptedBytes = c.doFinal(decodedValue);
174:
175: return new String(decryptedBytes);
176: } catch (NoSuchAlgorithmException | NoSuchPaddingException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException e) {
177: throw new KapuaRuntimeException(KapuaAuthenticationErrorCodes.CREDENTIAL_CRYPT_ERROR, e);
178: }
179: }
180:
181: /**
182: * Constructs a secret key from the given byte array from {@link KapuaCryptoSettingKeys#CIPHER_KEY}.
183: *
184: * @return a {@link SecretKeySpec} object
185: * @deprecated Since 2.0.0. Please make use of {@link CryptoUtil}
186: */
187: @Deprecated
188: private static Key generateKey() {
189:
190: // Retrieve Cipher Settings
191: KapuaCryptoSetting settings = KapuaCryptoSetting.getInstance();
192: byte[] cipherSecretKey = settings.getString(KapuaCryptoSettingKeys.CIPHER_KEY).getBytes();
193:
194: return new SecretKeySpec(cipherSecretKey, CIPHER_ALGORITHM);
195: }
196: }