Repository: syncope Updated Branches: refs/heads/master 7ee0bf22c -> 0913da283
SYNCOPE-1165 - Switch the default password cipher algorithm from SHA1 to SSHA256 Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/0913da28 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/0913da28 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/0913da28 Branch: refs/heads/master Commit: 0913da283a378fd87207b55b75b48266d3e98b18 Parents: 7ee0bf2 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Tue Jul 18 15:51:06 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Tue Jul 18 15:51:06 2017 +0100 ---------------------------------------------------------------------- .../src/main/resources/domains/MasterContent.xml | 2 +- .../core/spring/security/DefaultCredentialChecker.java | 3 ++- core/spring/src/main/resources/security.properties | 2 +- .../apache/syncope/core/spring/security/EncryptorTest.java | 8 ++++++++ pom.xml | 2 +- 5 files changed, 13 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/persistence-jpa/src/main/resources/domains/MasterContent.xml ---------------------------------------------------------------------- diff --git a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml index 9d42535..875647b 100644 --- a/core/persistence-jpa/src/main/resources/domains/MasterContent.xml +++ b/core/persistence-jpa/src/main/resources/domains/MasterContent.xml @@ -28,7 +28,7 @@ under the License. <CPlainAttr id="56db89b9-119e-4923-a16e-f42823b90c66" owner_id="cd64d66f-6fff-4008-b966-a06b1cc1436d" schema_id="password.cipher.algorithm"/> <CPlainAttrValue id="870323e8-8db6-4a64-b512-15f9fa094905" - attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SHA1"/> + attribute_id="56db89b9-119e-4923-a16e-f42823b90c66" stringValue="SSHA256"/> <!-- notificationjob.cronExpression: + not existing: NotificationJob runs according to NotificationJob.DEFAULT_CRON_EXP http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java ---------------------------------------------------------------------- diff --git a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java index a63c588..5eca9b0 100644 --- a/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java +++ b/core/spring/src/main/java/org/apache/syncope/core/spring/security/DefaultCredentialChecker.java @@ -30,7 +30,8 @@ public class DefaultCredentialChecker { private static final String DEFAULT_JWS_KEY = "ZW7pRixehFuNUtnY5Se47IemgMryTzazPPJ9CGX5LTCmsOJpOgHAQEuPQeV9A28f"; - private static final String DEFAULT_ADMIN_PASSWORD = "5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8"; + private static final String DEFAULT_ADMIN_PASSWORD = + "DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464"; private static final String DEFAULT_ANON_KEY = "anonymousKey"; http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/main/resources/security.properties ---------------------------------------------------------------------- diff --git a/core/spring/src/main/resources/security.properties b/core/spring/src/main/resources/security.properties index 5c39d1e..3f72ad0 100644 --- a/core/spring/src/main/resources/security.properties +++ b/core/spring/src/main/resources/security.properties @@ -16,7 +16,7 @@ # under the License. adminUser=${adminUser} adminPassword=${adminPassword} -adminPasswordAlgorithm=SHA1 +adminPasswordAlgorithm=SSHA256 anonymousUser=${anonymousUser} anonymousKey=${anonymousKey} http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java ---------------------------------------------------------------------- diff --git a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java index 064d970..cc0c2d6 100644 --- a/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java +++ b/core/spring/src/test/java/org/apache/syncope/core/spring/security/EncryptorTest.java @@ -73,4 +73,12 @@ public class EncryptorTest { assertEquals(password, decPassword); } + @Test + public void testSaltedHash() throws Exception { + String encPassword = encryptor.encode(password, CipherAlgorithm.SSHA256); + // System.out.println("ENC: " + encPassword); + assertNotNull(encPassword); + + assertTrue(encryptor.verify(password, CipherAlgorithm.SSHA256, encPassword)); + } } http://git-wip-us.apache.org/repos/asf/syncope/blob/0913da28/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index 6cb0840..8634e04 100644 --- a/pom.xml +++ b/pom.xml @@ -481,7 +481,7 @@ under the License. <adminUser>admin</adminUser> <anonymousUser>anonymous</anonymousUser> - <adminPassword>5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</adminPassword> + <adminPassword>DE088591C00CC98B36F5ADAAF7DA2B004CF7F2FE7BBB45B766B6409876E2F3DB13C7905C6AA59464</adminPassword> <!-- static keys, only used for build: generated overlays will override during archetype:generate --> <anonymousKey>anonymousKey</anonymousKey> <secretKey>1abcdefghilmnopqrstuvz2!</secretKey>