You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by co...@apache.org on 2017/07/18 15:18:21 UTC
syncope git commit: SYNCOPE-1165 - Switch the default password cipher
algorithm from SHA1 to SSHA256
Repository: syncope
Updated Branches:
refs/heads/master 7ee0bf22c -> 0913da283
SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo
Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0913da28
Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0913da28
Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0913da28
Branch: refs/heads/master
Commit: 0913da283a378fd87207b55b75b48266d3e98b18
Parents: 7ee0bf2
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Jul 18 15:51:06 2017 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Jul 18 15:51:06 2017 +0100
----------------------------------------------------------------------
.../src/main/resources/domains/MasterContent.xml | 2 +-
.../core/spring/security/DefaultCredentialChecker.java | 3 ++-
core/spring/src/main/resources/security.properties | 2 +-
.../apache/syncope/core/spring/security/EncryptorTest.java | 8 ++++++++
pom.xml | 2 +-
5 files changed, 13 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
----------------------------------------------------------------------
diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
index 9d42535..875647b 100644
--- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
+++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml
@@ -28,7 +28,7 @@ under the License.
<CPlainAttr id="56db89b9-119e-4923-a16e-f42823b90c66"
owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="password.cipher.algorithm"/>
<CPlainAttrValue id="870323e8-8db6-4a64-b512-15f9fa094905"
- attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SHA1"/>
+ attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SSHA256"/>
<!-- notificationjob.cronExpression:
+ not existing: NotificationJob runs according to NotificationJob.DEFAULT_CRON_EXP
http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
----------------------------------------------------------------------
diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
index a63c588..5eca9b0 100644
--- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
+++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java
@@ -30,7 +30,8 @@ public class DefaultCredentialChecker {
private static final String DEFAULT_JWS_KEY = "ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f";
- private static final String DEFAULT_ADMIN_PASSWORD = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8";
+ private static final String DEFAULT_ADMIN_PASSWORD =
+ "DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464";
private static final String DEFAULT_ANON_KEY = "anonymousKey";
http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/main/resources/security.properties
----------------------------------------------------------------------
diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties
index 5c39d1e..3f72ad0 100644
--- a/core/spring/src/main/resources/security.properties
+++ b/core/spring/src/main/resources/security.properties
@@ -16,7 +16,7 @@
# under the License.
adminUser=${adminUser}
adminPassword=${adminPassword}
-adminPasswordAlgorithm=SHA1
+adminPasswordAlgorithm=SSHA256
anonymousUser=${anonymousUser}
anonymousKey=${anonymousKey}
http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
----------------------------------------------------------------------
diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
index 064d970..cc0c2d6 100644
--- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
+++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java
@@ -73,4 +73,12 @@ public class EncryptorTest {
assertEquals(password, decPassword);
}
+ @Test
+ public void testSaltedHash() throws Exception {
+ String encPassword = encryptor.encode(password, CipherAlgorithm.SSHA256);
+ // System.out.println("ENC: " + encPassword);
+ assertNotNull(encPassword);
+
+ assertTrue(encryptor.verify(password, CipherAlgorithm.SSHA256, encPassword));
+ }
}
http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 6cb0840..8634e04 100644
--- a/pom.xml
+++ b/pom.xml
@@ -481,7 +481,7 @@ under the License.
<adminUser>admin</adminUser>
<anonymousUser>anonymous</anonymousUser>
- <adminPassword>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</adminPassword>
+ <adminPassword>DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464</adminPassword>
<!-- static keys, only used for build: generated overlays will override during archetype:generate -->
<anonymousKey>anonymousKey</anonymousKey>
<secretKey>1abcdefghilmnopqrstuvz2!</secretKey>