[jboss-jira] [JBoss JIRA] (WFCORE-3116) Elytron subsystem does not expose digest-sha-384 for digest password
Brian Stansberry (JIRA)
issues at jboss.org
Mon Nov 20 16:46:00 EST 2017
[ https://issues.jboss.org/browse/WFCORE-3116?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFCORE-3116:
-------------------------------------
Issue Type: Enhancement (was: Bug)
> Elytron subsystem does not expose digest-sha-384 for digest password
> --------------------------------------------------------------------
>
> Key: WFCORE-3116
> URL: https://issues.jboss.org/browse/WFCORE-3116
> Project: WildFly Core
> Issue Type: Enhancement
> Components: Security
> Affects Versions: 3.0.0.Beta28
> Reporter: Yeray Borges
> Assignee: Yeray Borges
> Fix For: 4.0.0.Alpha4
>
>
> For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation
> {code:title=/subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)}
> "digest" => {
> "type" => OBJECT,
> "description" => "A digest password.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "value-type" => {
> "algorithm" => {
> "type" => STRING,
> "description" => "The algorithm used to encrypt the password.",
> "expressions-allowed" => false,
> "required" => false,
> "nillable" => true,
> "default" => "digest-sha-512",
> "allowed" => [
> "digest-md5",
> "digest-sha",
> "digest-sha-256",
> "digest-sha-512"
> ]
> },
> "password" => {
> "type" => STRING,
> "description" => "The actual password to set.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> },
> "realm" => {
> "type" => STRING,
> "description" => "The realm.",
> "expressions-allowed" => false,
> "required" => true,
> "nillable" => false,
> "min-length" => 1L,
> "max-length" => 2147483647L
> }
> }
> },
> {code}
> Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant.
> Seems to me underlying Elytron implementation is already prepared for that.
> {code:java|title=DigestPasswordImpl.java}
> private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException {
> switch (algorithm) {
> case ALGORITHM_DIGEST_MD5:
> return MessageDigest.getInstance("MD5");
> case ALGORITHM_DIGEST_SHA:
> return MessageDigest.getInstance("SHA-1");
> case ALGORITHM_DIGEST_SHA_256:
> return MessageDigest.getInstance("SHA-256");
> case ALGORITHM_DIGEST_SHA_384:
> return MessageDigest.getInstance("SHA-384");
> case ALGORITHM_DIGEST_SHA_512:
> return MessageDigest.getInstance("SHA-512");
> default:
> throw log.noSuchAlgorithmInvalidAlgorithm(algorithm);
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.5.0#75005)
More information about the jboss-jira
mailing list