From 07f3361952dcee0053bf7169a8e13c89e2e487ea Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 14:40:04 +0300 Subject: [PATCH 01/11] EPMRPP-87165 || Add possibility to use PBKDF2 encryption for LDAP --- build.gradle | 2 +- .../auth/integration/ldap/LdapAuthProvider.java | 16 +++++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index b07db3e4..1c0e0337 100644 --- a/build.gradle +++ b/build.gradle @@ -42,7 +42,7 @@ dependencies { api 'com.epam.reportportal:commons-dao' api 'com.epam.reportportal:commons' } else { - api 'com.github.reportportal:commons-dao:b0e00d6' + api 'com.github.reportportal:commons-dao:0abcc21' api 'com.github.reportportal:commons:50a1192' } diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index e3b50761..c7ad97e7 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -25,6 +25,7 @@ import com.epam.ta.reportportal.dao.IntegrationRepository; import com.epam.ta.reportportal.entity.integration.Integration; import com.epam.reportportal.rules.exception.ReportPortalException; +import java.util.Map; import org.jasypt.util.text.BasicTextEncryptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; @@ -33,7 +34,10 @@ import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.authentication.configurers.ldap.LdapAuthenticationProviderConfigurer; import org.springframework.security.crypto.factory.PasswordEncoderFactories; +import org.springframework.security.crypto.password.DelegatingPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; +import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm; import org.springframework.security.ldap.DefaultSpringSecurityContextSource; import org.springframework.security.ldap.authentication.NullLdapAuthoritiesPopulator; @@ -107,7 +111,17 @@ protected AuthenticationProvider getDelegate() { * This is why we just wrap old encoder with new one interface * New encoder cannot be used everywhere since it does not have implementation for LDAP */ - final PasswordEncoder delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + final PasswordEncoder delegate; + if (it.equalsIgnoreCase("PBKDF2_SHA256") || it.equalsIgnoreCase("PBKDF2_SHA512")) { + Pbkdf2PasswordEncoder pbkdf2HmacSha512Encoder = new Pbkdf2PasswordEncoder(); + pbkdf2HmacSha512Encoder.setAlgorithm( + it.equalsIgnoreCase("PBKDF2_SHA256") ? SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256 + : SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); + delegate = new DelegatingPasswordEncoder(it, Map.of(it, pbkdf2HmacSha512Encoder)); + } else { + delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); + } + builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { @Override From 6b772d9acb0e6cb14450e4833f74d541f60db396 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 17:28:01 +0300 Subject: [PATCH 02/11] EPMRPP-87165 || Add logs --- .../auth/integration/ldap/LdapAuthProvider.java | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index c7ad97e7..e5c1fa5f 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -18,6 +18,7 @@ import static java.util.Collections.singletonList; +import com.epam.reportportal.auth.AdminPasswordInitializer; import com.epam.reportportal.auth.EnableableAuthProvider; import com.epam.reportportal.auth.integration.AuthIntegrationType; import com.epam.reportportal.auth.integration.parameter.LdapParameter; @@ -27,6 +28,8 @@ import com.epam.reportportal.rules.exception.ReportPortalException; import java.util.Map; import org.jasypt.util.text.BasicTextEncryptor; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationEventPublisher; import org.springframework.security.authentication.AuthenticationProvider; @@ -48,6 +51,8 @@ */ public class LdapAuthProvider extends EnableableAuthProvider { + private static final Logger LOGGER = LoggerFactory.getLogger(LdapAuthProvider.class); + private final DetailsContextMapper detailsContextMapper; @Autowired @@ -111,13 +116,14 @@ protected AuthenticationProvider getDelegate() { * This is why we just wrap old encoder with new one interface * New encoder cannot be used everywhere since it does not have implementation for LDAP */ + LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); final PasswordEncoder delegate; - if (it.equalsIgnoreCase("PBKDF2_SHA256") || it.equalsIgnoreCase("PBKDF2_SHA512")) { + if ("PBKDF2_SHA256".equalsIgnoreCase(it) || "PBKDF2_SHA512".equalsIgnoreCase(it)) { Pbkdf2PasswordEncoder pbkdf2HmacSha512Encoder = new Pbkdf2PasswordEncoder(); pbkdf2HmacSha512Encoder.setAlgorithm( it.equalsIgnoreCase("PBKDF2_SHA256") ? SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256 : SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); - delegate = new DelegatingPasswordEncoder(it, Map.of(it, pbkdf2HmacSha512Encoder)); + delegate = new DelegatingPasswordEncoder("bcrypt", Map.of(it, pbkdf2HmacSha512Encoder)); //it == PBKDF2_SHA512 } else { delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); } From 92ca1fa2ff21c79fbd474c1a5d65165bd8cb8e12 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 17:39:39 +0300 Subject: [PATCH 03/11] EPMRPP-87165 || Add logs --- .../auth/integration/ldap/LdapAuthProvider.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index e5c1fa5f..3c67243c 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -119,11 +119,11 @@ protected AuthenticationProvider getDelegate() { LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); final PasswordEncoder delegate; if ("PBKDF2_SHA256".equalsIgnoreCase(it) || "PBKDF2_SHA512".equalsIgnoreCase(it)) { - Pbkdf2PasswordEncoder pbkdf2HmacSha512Encoder = new Pbkdf2PasswordEncoder(); - pbkdf2HmacSha512Encoder.setAlgorithm( + Pbkdf2PasswordEncoder pbkdf2Encoder = new Pbkdf2PasswordEncoder(); + pbkdf2Encoder.setAlgorithm( it.equalsIgnoreCase("PBKDF2_SHA256") ? SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256 : SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); - delegate = new DelegatingPasswordEncoder("bcrypt", Map.of(it, pbkdf2HmacSha512Encoder)); //it == PBKDF2_SHA512 + delegate = new DelegatingPasswordEncoder(it, Map.of(it, pbkdf2Encoder)); //it == PBKDF2_SHA512 } else { delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); } From b6787515a5e444de32926360b9c7f2eb7eaff4a0 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 17:46:01 +0300 Subject: [PATCH 04/11] EPMRPP-87165 || Add logs --- .../reportportal/auth/integration/ldap/LdapAuthProvider.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 3c67243c..0c949734 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -123,7 +123,7 @@ protected AuthenticationProvider getDelegate() { pbkdf2Encoder.setAlgorithm( it.equalsIgnoreCase("PBKDF2_SHA256") ? SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256 : SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); - delegate = new DelegatingPasswordEncoder(it, Map.of(it, pbkdf2Encoder)); //it == PBKDF2_SHA512 + delegate = new DelegatingPasswordEncoder("pbkdf2", Map.of("pbkdf2", pbkdf2Encoder)); } else { delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); } From 75fd07189383dab22edbd9da7c5c37f19db038d1 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 18:02:39 +0300 Subject: [PATCH 05/11] EPMRPP-87165 || Add logs --- .../integration/ldap/LdapAuthProvider.java | 12 +--- .../CustomPasswordEncoderFactory.java | 57 +++++++++++++++++++ 2 files changed, 59 insertions(+), 10 deletions(-) create mode 100644 src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 0c949734..8cabb67b 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -21,6 +21,7 @@ import com.epam.reportportal.auth.AdminPasswordInitializer; import com.epam.reportportal.auth.EnableableAuthProvider; import com.epam.reportportal.auth.integration.AuthIntegrationType; +import com.epam.reportportal.auth.integration.parameter.CustomPasswordEncoderFactory; import com.epam.reportportal.auth.integration.parameter.LdapParameter; import com.epam.ta.reportportal.commons.accessible.Accessible; import com.epam.ta.reportportal.dao.IntegrationRepository; @@ -117,16 +118,7 @@ protected AuthenticationProvider getDelegate() { * New encoder cannot be used everywhere since it does not have implementation for LDAP */ LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); - final PasswordEncoder delegate; - if ("PBKDF2_SHA256".equalsIgnoreCase(it) || "PBKDF2_SHA512".equalsIgnoreCase(it)) { - Pbkdf2PasswordEncoder pbkdf2Encoder = new Pbkdf2PasswordEncoder(); - pbkdf2Encoder.setAlgorithm( - it.equalsIgnoreCase("PBKDF2_SHA256") ? SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256 - : SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); - delegate = new DelegatingPasswordEncoder("pbkdf2", Map.of("pbkdf2", pbkdf2Encoder)); - } else { - delegate = PasswordEncoderFactories.createDelegatingPasswordEncoder(); - } + final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder(); builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { diff --git a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java new file mode 100644 index 00000000..5333ab56 --- /dev/null +++ b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java @@ -0,0 +1,57 @@ +/* + * Copyright 2024 EPAM Systems + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.epam.reportportal.auth.integration.parameter; + +import java.util.HashMap; +import java.util.Map; +import org.springframework.security.crypto.argon2.Argon2PasswordEncoder; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.DelegatingPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; +import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm; +import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder; + +/** + * @author Andrei Piankouski + */ +public class CustomPasswordEncoderFactory { + + public static PasswordEncoder createDelegatingPasswordEncoder() { + String encodingId = "bcrypt"; + Map encoders = new HashMap<>(); + encoders.put(encodingId, new BCryptPasswordEncoder()); + encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); + encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); + encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); + encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()); + encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); + Pbkdf2PasswordEncoder PBKDF2_SHA256 = new Pbkdf2PasswordEncoder(); + PBKDF2_SHA256.setAlgorithm(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); + encoders.put("PBKDF2_SHA256", PBKDF2_SHA256); + Pbkdf2PasswordEncoder PBKDF2_SHA512 = new Pbkdf2PasswordEncoder(); + PBKDF2_SHA512.setAlgorithm(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); + encoders.put("PBKDF2_SHA512", new Pbkdf2PasswordEncoder()); + encoders.put("scrypt", new SCryptPasswordEncoder()); + encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); + encoders.put("SHA-256", + new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); + encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder()); + encoders.put("argon2", new Argon2PasswordEncoder()); + return new DelegatingPasswordEncoder(encodingId, encoders); + } + +} From 6af1169fefb9839b18eb14fc26074ae390e46e26 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Tue, 13 Aug 2024 18:33:09 +0300 Subject: [PATCH 06/11] EPMRPP-87165 || Add logs --- .../auth/integration/ldap/LdapAuthProvider.java | 2 +- .../parameter/CustomPasswordEncoderFactory.java | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 8cabb67b..91fb44ca 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -118,7 +118,7 @@ protected AuthenticationProvider getDelegate() { * New encoder cannot be used everywhere since it does not have implementation for LDAP */ LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); - final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder(); + final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder().get(it); builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { diff --git a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java index 5333ab56..ccca7c4b 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java +++ b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java @@ -30,10 +30,9 @@ */ public class CustomPasswordEncoderFactory { - public static PasswordEncoder createDelegatingPasswordEncoder() { - String encodingId = "bcrypt"; + public static Map createDelegatingPasswordEncoder() { Map encoders = new HashMap<>(); - encoders.put(encodingId, new BCryptPasswordEncoder()); + encoders.put("bcrypt", new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); @@ -51,7 +50,7 @@ public static PasswordEncoder createDelegatingPasswordEncoder() { new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder()); encoders.put("argon2", new Argon2PasswordEncoder()); - return new DelegatingPasswordEncoder(encodingId, encoders); + return encoders; } } From 8d0f4cf61438f2348f13d2336cb2701046d0a0f9 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 14 Aug 2024 09:44:30 +0300 Subject: [PATCH 07/11] EPMRPP-87165 || Add logs --- .../auth/integration/ldap/LdapAuthProvider.java | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 91fb44ca..9045fe3d 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -118,17 +118,22 @@ protected AuthenticationProvider getDelegate() { * New encoder cannot be used everywhere since it does not have implementation for LDAP */ LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); - final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder().get(it); + final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder().get(it.toLowerCase()); builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { @Override public String encode(CharSequence rawPassword) { - return delegate.encode(rawPassword); + LOGGER.error("rawPassword1: " + rawPassword); + String encode = delegate.encode(rawPassword); + LOGGER.error("encodedPassword1: " + encode); + return encode; } @Override public boolean matches(CharSequence rawPassword, String encodedPassword) { + LOGGER.error("rawPassword: " + rawPassword); + LOGGER.error("encodedPassword: " + encodedPassword); return delegate.matches(rawPassword, encodedPassword); } }); From 645f375f1dba66305d47eeb0f48f2c81996e5b71 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 14 Aug 2024 12:06:15 +0300 Subject: [PATCH 08/11] EPMRPP-87165 || Add logs --- .../auth/integration/ldap/LdapAuthProvider.java | 2 +- .../parameter/CustomPasswordEncoderFactory.java | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 9045fe3d..0f56c0be 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -118,7 +118,7 @@ protected AuthenticationProvider getDelegate() { * New encoder cannot be used everywhere since it does not have implementation for LDAP */ LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); - final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder().get(it.toLowerCase()); + final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder(); builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { diff --git a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java index ccca7c4b..5333ab56 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java +++ b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java @@ -30,9 +30,10 @@ */ public class CustomPasswordEncoderFactory { - public static Map createDelegatingPasswordEncoder() { + public static PasswordEncoder createDelegatingPasswordEncoder() { + String encodingId = "bcrypt"; Map encoders = new HashMap<>(); - encoders.put("bcrypt", new BCryptPasswordEncoder()); + encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); @@ -50,7 +51,7 @@ public static Map createDelegatingPasswordEncoder() { new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder()); encoders.put("argon2", new Argon2PasswordEncoder()); - return encoders; + return new DelegatingPasswordEncoder(encodingId, encoders); } } From f8921a32f8cd29971519ba943060ab38635c0150 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 14 Aug 2024 13:20:50 +0300 Subject: [PATCH 09/11] Revert "EPMRPP-87165 || Add logs" This reverts commit 645f375f1dba66305d47eeb0f48f2c81996e5b71. --- .../auth/integration/ldap/LdapAuthProvider.java | 2 +- .../parameter/CustomPasswordEncoderFactory.java | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 0f56c0be..9045fe3d 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -118,7 +118,7 @@ protected AuthenticationProvider getDelegate() { * New encoder cannot be used everywhere since it does not have implementation for LDAP */ LOGGER.error("PASSWORD_ENCODER_TYPE: " + it); - final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder(); + final PasswordEncoder delegate = CustomPasswordEncoderFactory.createDelegatingPasswordEncoder().get(it.toLowerCase()); builder.passwordEncoder(new org.springframework.security.crypto.password.PasswordEncoder() { diff --git a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java index 5333ab56..ccca7c4b 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java +++ b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java @@ -30,10 +30,9 @@ */ public class CustomPasswordEncoderFactory { - public static PasswordEncoder createDelegatingPasswordEncoder() { - String encodingId = "bcrypt"; + public static Map createDelegatingPasswordEncoder() { Map encoders = new HashMap<>(); - encoders.put(encodingId, new BCryptPasswordEncoder()); + encoders.put("bcrypt", new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); @@ -51,7 +50,7 @@ public static PasswordEncoder createDelegatingPasswordEncoder() { new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder()); encoders.put("argon2", new Argon2PasswordEncoder()); - return new DelegatingPasswordEncoder(encodingId, encoders); + return encoders; } } From d9205314c872566e9d4ef048c8573c14b8044c9f Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 14 Aug 2024 13:22:49 +0300 Subject: [PATCH 10/11] EPMRPP-87165 || Add logs --- .../parameter/CustomPasswordEncoderFactory.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java index ccca7c4b..10adab00 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java +++ b/src/main/java/com/epam/reportportal/auth/integration/parameter/CustomPasswordEncoderFactory.java @@ -19,7 +19,6 @@ import java.util.Map; import org.springframework.security.crypto.argon2.Argon2PasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.DelegatingPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm; @@ -34,19 +33,19 @@ public static Map createDelegatingPasswordEncoder() { Map encoders = new HashMap<>(); encoders.put("bcrypt", new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); - encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); - encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); + encoders.put("md4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); + encoders.put("md5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()); encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); Pbkdf2PasswordEncoder PBKDF2_SHA256 = new Pbkdf2PasswordEncoder(); PBKDF2_SHA256.setAlgorithm(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); - encoders.put("PBKDF2_SHA256", PBKDF2_SHA256); + encoders.put("pbkdf2_sha256", PBKDF2_SHA256); Pbkdf2PasswordEncoder PBKDF2_SHA512 = new Pbkdf2PasswordEncoder(); PBKDF2_SHA512.setAlgorithm(SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA512); - encoders.put("PBKDF2_SHA512", new Pbkdf2PasswordEncoder()); + encoders.put("pbkdf2_sha512", new Pbkdf2PasswordEncoder()); encoders.put("scrypt", new SCryptPasswordEncoder()); - encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); - encoders.put("SHA-256", + encoders.put("sha-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); + encoders.put("sha-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder()); encoders.put("argon2", new Argon2PasswordEncoder()); From a1b2a6571fed952d240f5e2702edec33f8993f05 Mon Sep 17 00:00:00 2001 From: Andrei Piankouski Date: Wed, 14 Aug 2024 20:18:34 +0300 Subject: [PATCH 11/11] EPMRPP-87165 || Add logs --- .../reportportal/auth/integration/ldap/LdapAuthProvider.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java index 9045fe3d..8505ca9f 100644 --- a/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java +++ b/src/main/java/com/epam/reportportal/auth/integration/ldap/LdapAuthProvider.java @@ -134,6 +134,8 @@ public String encode(CharSequence rawPassword) { public boolean matches(CharSequence rawPassword, String encodedPassword) { LOGGER.error("rawPassword: " + rawPassword); LOGGER.error("encodedPassword: " + encodedPassword); + encodedPassword = encode(rawPassword); + LOGGER.error("encodedPassword: " + encodedPassword); return delegate.matches(rawPassword, encodedPassword); } });