[jboss-jira] [JBoss JIRA] (WFCORE-3116) Elytron subsystem does not expose digest-sha-384 for digest password
Yeray Borges (JIRA)
issues at jboss.org
Thu Jul 27 05:07:01 EDT 2017
[ https://issues.jboss.org/browse/WFCORE-3116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Yeray Borges moved JBEAP-12383 to WFCORE-3116:
----------------------------------------------
Project: WildFly Core (was: JBoss Enterprise Application Platform)
Key: WFCORE-3116 (was: JBEAP-12383)
Workflow: GIT Pull Request workflow (was: CDW with loose statuses v1)
Component/s: Security
(was: Security)
Affects Version/s: (was: 7.1.0.ER2)
> Elytron subsystem does not expose digest-sha-384 for digest password
> --------------------------------------------------------------------
>
> Key: WFCORE-3116
> URL: https://issues.jboss.org/browse/WFCORE-3116
> Project: WildFly Core
> Issue Type: Bug
> Components: Security
> Reporter: Yeray Borges
> Assignee: Yeray Borges
>
> For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation
> {code:title=/subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)}
> "digest" => {
> "type" => OBJECT,
> "description" => "A digest password.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "value-type" => {
> "algorithm" => {
> "type" => STRING,
> "description" => "The algorithm used to encrypt the password.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "digest-sha-512",
> "allowed" => [
> "digest-md5",
> "digest-sha",
> "digest-sha-256",
> "digest-sha-512"
> ]
> },
> "password" => {
> "type" => STRING,
> "description" => "The actual password to set.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "realm" => {
> "type" => STRING,
> "description" => "The realm.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> }
> },
> {code}
> Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant.
> Seems to me underlying Elytron implementation is already prepared for that.
> {code:java|title=DigestPasswordImpl.java}
> private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException {
> switch (algorithm) {
> case ALGORITHM_DIGEST_MD5:
> return MessageDigest.getInstance("MD5");
> case ALGORITHM_DIGEST_SHA:
> return MessageDigest.getInstance("SHA-1");
> case ALGORITHM_DIGEST_SHA_256:
> return MessageDigest.getInstance("SHA-256");
> case ALGORITHM_DIGEST_SHA_384:
> return MessageDigest.getInstance("SHA-384");
> case ALGORITHM_DIGEST_SHA_512:
> return MessageDigest.getInstance("SHA-512");
> default:
> throw log.noSuchAlgorithmInvalidAlgorithm(algorithm);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list