-
Notifications
You must be signed in to change notification settings - Fork 614
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Issue/1840 : Fix for Improve password encoding support for LDAP
- Loading branch information
1 parent
cc4c8d3
commit 22a5d88
Showing
7 changed files
with
141 additions
and
3 deletions.
There are no files selected for viewing
131 changes: 131 additions & 0 deletions
131
...in/java/org/carlspring/strongbox/authentication/api/ldap/CustomLdapUserDetailsMapper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,131 @@ | ||
package org.carlspring.strongbox.authentication.api.ldap; | ||
|
||
import java.util.Base64; | ||
|
||
import org.apache.commons.lang3.StringUtils; | ||
import org.slf4j.Logger; | ||
import org.slf4j.LoggerFactory; | ||
import org.springframework.security.crypto.codec.Hex; | ||
import org.springframework.security.crypto.codec.Utf8; | ||
import org.springframework.security.ldap.userdetails.LdapUserDetailsMapper; | ||
|
||
/** | ||
* @author mbharti | ||
* @date 19/10/20 | ||
*/ | ||
public class CustomLdapUserDetailsMapper | ||
extends LdapUserDetailsMapper | ||
{ | ||
|
||
private static final String PREFIX = "{"; | ||
|
||
private static final String SUFFIX = "}"; | ||
|
||
private boolean isBase64EncodedPassword; | ||
|
||
private static final Logger logger = LoggerFactory.getLogger(CustomLdapUserDetailsMapper.class); | ||
|
||
protected String mapPassword(Object passwordValue) | ||
{ | ||
String passwordValueString; | ||
|
||
if (!(passwordValue instanceof String)) | ||
{ | ||
passwordValueString = new String((byte[]) passwordValue); | ||
} | ||
else | ||
{ | ||
passwordValueString = (String) passwordValue; | ||
} | ||
|
||
if (!isBase64EncodedPassword()) | ||
{ | ||
return passwordValueString; | ||
} | ||
|
||
return decodeBase64EncodedPassword(passwordValueString); | ||
} | ||
|
||
private String decodeBase64EncodedPassword(String prefixEncodedPasswordString) | ||
{ | ||
|
||
try | ||
{ | ||
String algorithmUsed = extractId(prefixEncodedPasswordString); | ||
|
||
String base64DecodedPasswordAfterAlgorithm; | ||
|
||
String extractBase64EncodedHash = prefixEncodedPasswordString; | ||
|
||
if (StringUtils.isNotEmpty(algorithmUsed)) | ||
{ | ||
extractBase64EncodedHash = extractEncodedPassword(prefixEncodedPasswordString); | ||
|
||
base64DecodedPasswordAfterAlgorithm = | ||
PREFIX + algorithmUsed + SUFFIX + decodeBase64EncodedHashWithHex(extractBase64EncodedHash); | ||
} | ||
else | ||
{ | ||
base64DecodedPasswordAfterAlgorithm = new String( | ||
java.util.Base64.getDecoder().decode(Utf8.encode(extractBase64EncodedHash))); | ||
} | ||
|
||
return base64DecodedPasswordAfterAlgorithm; | ||
} | ||
catch (Exception e) | ||
{ | ||
logger.warn("Failed to match password after decoding base64encoded hash after algorithm"); | ||
return prefixEncodedPasswordString; | ||
} | ||
} | ||
|
||
private String decodeBase64EncodedHashWithHex(String base64EncodedHash) | ||
{ | ||
try | ||
{ | ||
return new String(Hex.encode(Base64.getDecoder().decode(Utf8.encode(base64EncodedHash)))); | ||
} | ||
catch (Exception ex) | ||
{ | ||
logger.warn("Failed to do Base64Decoding " + ex.getMessage()); | ||
} | ||
|
||
return base64EncodedHash; | ||
} | ||
|
||
private String extractEncodedPassword(String prefixEncodedPassword) | ||
{ | ||
int start = prefixEncodedPassword.indexOf(SUFFIX); | ||
|
||
return prefixEncodedPassword.substring(start + 1); | ||
} | ||
|
||
private String extractId(String prefixEncodedPassword) | ||
{ | ||
int start = prefixEncodedPassword.indexOf(PREFIX); | ||
|
||
if (start != 0) | ||
{ | ||
return StringUtils.EMPTY; | ||
} | ||
|
||
int end = prefixEncodedPassword.indexOf(SUFFIX, start); | ||
|
||
if (end < 0) | ||
{ | ||
return StringUtils.EMPTY; | ||
} | ||
|
||
return prefixEncodedPassword.substring(start + 1, end); | ||
} | ||
|
||
public boolean isBase64EncodedPassword() | ||
{ | ||
return isBase64EncodedPassword; | ||
} | ||
|
||
public void setBase64EncodedPassword(boolean base64EncodedPassword) | ||
{ | ||
isBase64EncodedPassword = base64EncodedPassword; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters