[jboss-jira] [JBoss JIRA] (ELY-1444) Jdbc-realm with simple digest mapper

Martin Choma (JIRA) issues at jboss.org
Tue Nov 14 04:03:01 EST 2017 

    [ https://issues.jboss.org/browse/ELY-1444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13489677#comment-13489677 ] 

Martin Choma edited comment on ELY-1444 at 11/14/17 4:02 AM:
-------------------------------------------------------------

In DB there should be stored byte hash encoded with base64, e.g XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=

plain:                      password
hex form:                5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
encoded byte array: XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=

{code:java}
        // #1 approach
        byte[] preDigested = CodePointIterator.ofString(hexDigest).hexDecode().drain();
        // #2 approach
        PasswordFactory factory = PasswordFactory.getInstance(algorithmName);
        EncryptablePasswordSpec encryptableSpec = new EncryptablePasswordSpec(password, null);
        SimpleDigestPassword simplePassword = (SimpleDigestPassword) factory.generatePassword(encryptableSpec);

        Encoder encoder = Base64.getEncoder();
        System.out.println(encoder.encodeToString( simplePassword.getDigest()));
        System.out.println(encoder.encodeToString( preDigested ));
{code}

I think it is usual to store hashes in hex format. Could there be way to store hex format directly into DB? In that case there should way to disable jdbc-realm password mapper base64 utilization.


was (Author: mchoma):
In DB there should be stored byte hash encoded with base64, e.g XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=

plain:                      password
hex form:                5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
encoded byte array: XohImNooBHFR0OVvjcYpJ3NgPQ1qq73WKhHvch0VQtg=

{code:java}
        // #1 approach
        byte[] preDigested = CodePointIterator.ofString(hexDigest).hexDecode().drain();
        // #2 approach
        PasswordFactory factory = PasswordFactory.getInstance(algorithmName);
        EncryptablePasswordSpec encryptableSpec = new EncryptablePasswordSpec(password, null);
        SimpleDigestPassword simplePassword = (SimpleDigestPassword) factory.generatePassword(encryptableSpec);

        Encoder encoder = Base64.getEncoder();
        System.out.println(encoder.encodeToString( simplePassword.getDigest()));
        System.out.println(encoder.encodeToString( preDigested ));
{code}

> Jdbc-realm with simple digest mapper
> ------------------------------------
>
>                 Key: ELY-1444
>                 URL: https://issues.jboss.org/browse/ELY-1444
>             Project: WildFly Elytron
>          Issue Type: Bug
>          Components: Passwords
>    Affects Versions: 1.2.0.Beta9
>            Reporter: Martin Choma
>
> This is inspired by ELY-1435, but in this case trying simple digest hash.
> In db is stored this sha-256 password hash: 5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
> I get these values by http://passwordsgenerator.net/sha256-hash-generator/
> {noformat}
> 17:30:50,211 DEBUG [org.wildfly.security] (default task-3) Using UsernamePasswordAuthenticationMechanism for username authentication. Realm: [Some Realm], Username: [correctUser].
> 17:30:50,211 TRACE [org.wildfly.security] (default task-3) Handling RealmCallback: selected = [Some Realm]
> 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Handling NameCallback: authenticationName = correctUser
> 17:30:50,212 TRACE [org.wildfly.security] (default task-3) Principal assigning: [correctUser], pre-realm rewritten: [correctUser], realm name: [jdbc-realm], post-realm rewritten: [correctUser], realm rewritten: [correctUser]
> 17:30:50,215 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser
> 17:30:50,301 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT roles.name FROM users, roles, users_roles WHERE users.name=? AND users.id = users_roles.userid AND roles.id = users_roles.roleid with value correctUser
> 17:30:50,306 TRACE [org.wildfly.security] (default task-3) Executing principalQuery SELECT PASSWORD FROM USERS WHERE NAME = ? with value correctUser
> 17:30:50,324 DEBUG [org.wildfly.security] (default task-3) User correctUser authentication failed.
> 17:30:50,324 TRACE [org.wildfly.security] (default task-3) Handling AuthenticationCompleteCallback: fail
> {noformat}



--
This message was sent by Atlassian JIRA
(v7.5.0#75005)

More information about the jboss-jira mailing list