java source code of PasswordManager

hawkular-metrics-master
- job-scheduler
  - src
    - main
      - java
        org
        hawkular
        metrics
        scheduler
        impl
        Lock.java
        JobParametersImpl.java
        UnregisteredJobException.java
        LockManager.java
        TestScheduler.java
        SchedulerImpl.java
        JobDetailsImpl.java
        ScheduledExecution.java
        JobsService.java
        api
        JobDetails.java
        JobStatus.java
        Trigger.java
        JobParameters.java
        JobsManager.java
        RepeatingTrigger.java
        SingleExecutionTrigger.java
        Scheduler.java
    - test
      - resources
        logback-test.xml
        testng.xml
      - java
        org
        hawkular
        metrics
        scheduler
        impl
        JobExecutionTest.java
        JobSchedulerTest.java
        JobSchedulingTest.java
        api
        RepeatingTriggerTest.java
  - pom.xml
- .travis.swagger.sh
- data-generator
  - src
    - main
      - java
        org
        hawkular
        metrics
        generator
        DataGenerator.java
  - pom.xml
  - README.adoc
- CONTRIBUTING.adoc
- pom.xml
- containers
  - pom.xml
  - hawkular-htpasswd
    - src
      - main
        java
        org
        hawkular
        openshift
        htpasswd
        CreatePassword.java
    - pom.xml
  - hawkular-openshift-security-filter
    - src
      - main
        resources
        META-INF
        services
        io.undertow.servlet.ServletExtension
        java
        org
        hawkular
        openshift
        auth
        SecurityOption.java
        OpenshiftAuthHandler.java
        Authenticator.java
        Utils.java
        BasicAuthenticator.java
        OpenshiftAuthServletExtension.java
        TokenAuthenticator.java
        PasswordManager.java
        org
        hawkular
        openshift
        namespace
        NamespaceOverrideMapper.java
        NamespaceHandler.java
        NamespaceListener.java
    - pom.xml
- mvnw
- dist
  - pom.xml
  - containers
    - hawkular-metrics-openshift
      - src
        main
        webapp
        WEB-INF
        openshift-security-filter.properties
        jboss-deployment-structure.xml
      - pom.xml
- LICENSE
- api
  - metrics-api-jaxrs
    - src
      - main
        resources
        META-INF
        services
        javax.ws.rs.ext.Providers
        io.undertow.servlet.ServletExtension
        xsl
        apiout2html.xsl
        apiout2docbook.xsl
        apiout2html_overview.xsl
        rest-doc
        base.adoc
        java
        org
        hawkular
        metrics
        api
        jaxrs
        log
        time
        RequestTimeLogger.java
        TimerLoggerServletExtension.java
        RestLogger.java
        RestLogging.java
        HttpErrorLoggerExtension.java
        QueryRequest.java
        util
        Logged.java
        ObjectMapperProducer.java
        StringValue.java
        JacksonConfig.java
        OriginValidation.java
        MetricTypeTextConverter.java
        CassandraClusterNotUpException.java
        ManifestInformation.java
        JobSchedulerFactory.java
        SchemaVersionChecker.java
        SchemaVersionCheckException.java
        ApiUtils.java
        config
        ConfigurableProducer.java
        exception
        mappers
        NotSupportedExceptionMapper.java
        NotFoundExceptionMapper.java
        NotAcceptableExceptionMapper.java
        ExceptionMapperUtils.java
        BadRequestExceptionMapper.java
        NotAllowedExceptionMapper.java
        ApplicationExceptionMapper.java
        ReaderExceptionMapper.java
        AggregatedStatsQueryRequest.java
        interceptor
        EmptyPayloadException.java
        EmptyPayloadInterceptor.java
        param
        PercentilesConverter.java
        ConvertersProvider.java
        TimeAndSortParams.java
        OrderConverter.java
        DurationConverter.java
        TagNamesConverter.java
        MetricTypeConverter.java
        TimeAndBucketParams.java
        TagsConverter.java
        HawkularMetricsRestApp.java
        swagger
        SwaggerFilter.java
        handler
        MetricHandler.java
        BaseHandler.java
        StringHandler.java
        AvailabilityHandler.java
        StatusHandler.java
        AdminHandler.java
        MetricsServiceHandler.java
        CounterHandler.java
        PingHandler.java
        template
        IMetricsHandler.java
        TenantsHandler.java
        GaugeHandler.java
        observer
        ResultSetObserver.java
        MetricCreatedObserver.java
        NamedDataPointObserver.java
        TenantCreatedObserver.java
        EntityCreatedObserver.java
        StatsQueryRequest.java
        MetricsServiceLifecycle.java
        filter
        CacheControlFilter.java
        CorsResponseFilter.java
        EmptyPayloadFilter.java
        AdminFilter.java
        TenantFilter.java
        CorsRequestFilter.java
        MetricsServiceStateFilter.java
        RequestLoggingFilter.java
        servlet
        OpenshiftServlet.java
        rx
        ServletWriteListener.java
        ObservableServlet.java
        webapp
        WEB-INF
        jboss-web.xml
        beans.xml
        web.xml
        static
        favicon.ico
        welcome.css
        fonts
        exo-2
        latin-ext.woff2
        latin.woff2
        cyrillic.woff2
        fonts.css
        index.html
        status.js
      - test
        java
        org
        hawkular
        metrics
        api
        jaxrs
        config
        ConfigurableProducerTest.java
        param
        TagsConverterTest.java
        InvalidTagNamesConverterTest.java
        InvalidDurationConverterTest.java
        InvalidTagsConverterTest.java
        OrderConverterTest.java
        DurationConverterTest.java
        MetricTypeConverterTest.java
        TagNamesConverterTest.java
    - ping.html
    - pom.xml
    - README.adoc
  - metrics-api-util
    - src
      - main
        resources
        META-INF
        services
        javax.enterprise.inject.spi.Extension
        java
        org
        hawkular
        metrics
        api
        jaxrs
        util
        EagerExtension.java
        MetricRegistryProvider.java
        Eager.java
        config
        Configurable.java
        ConfigurationKey.java
        ConfigurationProperty.java
        ServiceReadyEvent.java
        ServiceReady.java
    - pom.xml
- .travis.maven.settings.xml
- README.adoc
- .mvn
  - extensions.xml
  - wrapper
    - maven-wrapper.properties
  - srcdeps.yaml
- .travis.yml
- integration-tests
  - jmh-benchmark
    - src
      - main
        java
        org
        hawkular
        metrics
        benchmark
        jmh
        InsertBenchmark.java
        util
        MockCassandraManager.java
        ClusterManager.java
        MetricServiceManager.java
        SCassandraManager.java
        LiveCassandraManager.java
    - pom.xml
    - run.sh
  - pom.xml
  - metrics-api-jaxrs-test
    - src
      - main
        java
        org
        hawkular
        metrics
        api
        jaxrs
        util
        JobSchedulerFactory.java
        handler
        JobSchedulerHandler.java
    - pom.xml
  - rest-tests-jaxrs
    - src
      - test
        groovy
        org
        hawkular
        metrics
        rest
        MetricsITest.groovy
        ErrorsITest.groovy
        CORSITest.groovy
        ExpressionTagQueryITest.groovy
        StringITest.groovy
        GaugeMetricStatisticsITest.groovy
        CassandraBackendITest.groovy
        AvailabilityMetricStatisticsITest.groovy
        BaseITest.groovy
        CountersITest.groovy
        GaugesITest.groovy
        StatusITest.groovy
        TenantITest.groovy
        TagsITest.groovy
        RootITest.groovy
        RESTTest.groovy
        AdminITest.groovy
        AvailabilityITest.groovy
    - pom.xml
  - load-tests
    - src
      - test
        resources
        gatling.conf
        scala
        org
        hawkular
        metrics
        loadtest
        MetricsSimulation.scala
    - pom.xml
    - README.adoc
  - hawkular-server-tests
    - src
      - main
        resources
        standalone.xsl
      - test
        resources
        logback-test.xml
        groovy
        org
        hawkular
        metrics
        BaseITest.groovy
        NewDataListenerITest.groovy
    - server-provisioning.xml
    - pom.xml
- core
  - datetime-service
    - src
      - main
        java
        org
        hawkular
        metrics
        datetime
        DateTimeService.java
    - pom.xml
  - schema-installer
    - src
      - main
        resources
        logback.xml
        java
        org
        hawkular
        metrics
        schema
        Installer.java
    - pom.xml
    - README.adoc
    - mylogback.xml
  - metrics-model
    - src
      - main
        java
        org
        hawkular
        metrics
        model
        MetricType.java
        ApiError.java
        Buckets.java
        NamedDataPoint.java
        AggregatedValue.java
        Utils.java
        AvailabilityType.java
        Metric.java
        Retention.java
        DataPoint.java
        AvailabilityBucketPoint.java
        AggregationTemplate.java
        Interval.java
        TagRequest.java
        BucketPoint.java
        NumericBucketPoint.java
        exception
        RuntimeApiError.java
        TenantAlreadyExistsException.java
        TenantDoesNotExistException.java
        MetricAlreadyExistsException.java
        fasterxml
        jackson
        AvailabilityTypeSerializer.java
        MetricTypeDeserializer.java
        MetricTypeKeyDeserializer.java
        AvailabilityTypeDeserializer.java
        MetricTypeKeySerializer.java
        MetricTypeSerializer.java
        AvailabilityTypeKeySerializer.java
        Tenant.java
        MixedMetricsRequest.java
        Percentile.java
        Status.java
        TenantDefinition.java
        param
        Percentiles.java
        Tags.java
        BucketConfig.java
        Duration.java
        TagNames.java
        TimeRange.java
        TaggedBucketPoint.java
        MetricId.java
        CassandraStatus.java
      - test
        java
        org
        hawkular
        metrics
        model
        BucketsTest.java
        IntervalTest.java
        param
        TimeRangeTest.java
        BucketConfigTest.java
    - pom.xml
  - configuration-service
    - src
      - main
        java
        org
        hawkular
        metrics
        sysconfig
        Configuration.java
        ConfigurationService.java
      - test
        java
        org
        hawkular
        metrics
        sysconfig
        ConfigurationServiceTest.java
    - pom.xml
  - rx-java-driver
    - src
      - main
        java
        org
        hawkular
        rx
        cassandra
        driver
        ResultSetToRowsTransformer.java
        RxSession.java
        RxSessionImpl.java
      - test
        java
        org
        hawkular
        rx
        cassandra
        driver
        MockResultSet.java
        MockRow.java
        ResultSetToRowsTransformerTest.java
    - pom.xml
  - metrics-core-service
    - src
      - main
        resources
        cassandra.yaml
        antlr4
        org
        hawkular
        metrics
        core
        service
        tags
        parser
        TagQuery.g4
        java
        org
        hawkular
        metrics
        core
        util
        GCGraceSecondsManager.java
        service
        tags
        SimpleTagQueryParser.java
        ExpressionTagQueryParser.java
        TagsConverter.java
        parser
        TagQueryParser.java
        TagQueryBaseListener.java
        TagQueryListener.java
        TagQueryVisitor.java
        TagQueryBaseVisitor.java
        TagQueryLexer.java
        transformers
        DataPointDecompressTransformer.java
        MetricIdFromMetricIndexRowTransformer.java
        MinMaxTimestampTransformer.java
        MetricIdentifierFromFullDataRowTransformer.java
        TaggedBucketPointTransformer.java
        BatchStatementTransformer.java
        DataPointCompressTransformer.java
        MetricsIndexRowTransformer.java
        SortedMerge.java
        TaggedDataPointCollector.java
        BoundBatchStatementTransformer.java
        TagsIndexRowTransformerFilter.java
        NumericBucketPointTransformer.java
        ItemsToSetTransformer.java
        NumericDataPointCollector.java
        MetricFromDataRowTransformer.java
        TempTableCompressTransformer.java
        DataAccess.java
        Aggregate.java
        UUIDGen.java
        MetricsThreadFactory.java
        TimeUUIDUtils.java
        PercentileWrapper.java
        compress
        CompressedPointContainer.java
        TagsDeserializer.java
        CompressorHeader.java
        TagsSerializer.java
        log
        CoreLogging.java
        CoreLogger.java
        AvailabilityDataPointCollector.java
        SumNumericBucketPointCollector.java
        Functions.java
        Order.java
        TempTablesCleaner.java
        MetricTypeFilter.java
        DataAccessImpl.java
        MetricsService.java
        VoidSubscriber.java
        PatternUtil.java
        TTLDataPoint.java
        Table.java
        MetricsServiceImpl.java
        DataRetentionsMapper.java
        jobs
        JobsServiceImpl.java
        CompressData.java
        JobsServiceImplMBean.java
        TempTableCreator.java
        DeleteTenant.java
        TempDataCompressor.java
        JobsService.java
        TagQueryLexer.tokens
        TagQuery.tokens
      - test
        resources
        logback-test.xml
        conf.json
        java
        org
        hawkular
        metrics
        core
        impl
        GenerateDataITest.java
        compress
        CompressionTest.java
        TagsMapSerializingTest.java
        CompressorHeaderTest.java
        operators
        SortedMergeTest.java
        service
        tags
        SimpleTagQueryParserTest.java
        DelegatingDataAccess.java
        transformers
        BatchStatementTransformerTest.java
        AvailabilityBucketPointMatcher.java
        DataAccessITest.java
        BaseITest.java
        AvailabilityDataPointCollectorTest.java
        TestDataAccessFactory.java
        metrics
        MixedMetricsITest.java
        GaugeITest.java
        StringITest.java
        TagsITest.java
        ExpressionTagQueryITest.java
        BaseMetricsITest.java
        CounterITest.java
        AvailabilityITest.java
        jobs
        CompressDataJobITest.java
        DeleteTenantITest.java
    - pom.xml
  - schema
    - src
      - main
        resources
        org
        hawkular
        schema
        cassalog.groovy
        bootstrap.groovy
        updates
        schema-0.19.0.groovy
        schema-0.27.0.groovy
        schema-0.30.0.groovy
        schema-0.20.0.groovy
        schema-0.21.0.groovy
        schema-0.15.0.groovy
        schema-0.23.0.groovy
        schema-0.18.0.groovy
        schema-0.26.0.groovy
        java
        org
        hawkular
        metrics
        schema
        VersionUtil.java
        SchemaService.java
        VersionUpdateException.java
    - pom.xml
- .travis.diagnose.sh
- .travis.install.cassandra.sh
- .gitignore
- mvnw.cmd
- ansible-build
  - ansible.cfg
  - hosts
  - hawkular.yml
  - README.md
  - roles
    - create_image
      - templates
        hawkular-metrics-wrapper.sh
        logging.properties
        standalone.xml
        config.properties
        Dockerfile
        docker-compose.yml
        standalone.conf
      - tasks
        main.yml
      - defaults
        main.yml

/*
 * Copyright 2014-2019 Red Hat, Inc. and/or its affiliates
 * and other contributors as indicated by the @author tags.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.hawkular.openshift.auth;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;

import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;

import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.codec.digest.Md5Crypt;
import org.apache.commons.codec.digest.Sha2Crypt;

public class PasswordManager {

    private static final String MD5_PREFIX = "$apr1$";
    private static final String SHA_PREFIX = "{SHA}";
    private static final String SHA256_PREFIX = "$5$";
    private static final String SHA512_PREFIX = "$6$";
    private static final String PBKDF2_SHA256_PREFIX = "$pbkdf2-sha256$";
    private static final String PBKDF2_SHA512_PREFIX = "$pbkdf2-sha512$";
    private static final int DEFAULT_ITERATIONS_PBKDF2 = 25000;

    public boolean isAuthorized(String storedCredential, String passedPassword) {
        return (storedCredential.startsWith(MD5_PREFIX) && verifyMD5Password(storedCredential, passedPassword))
                || (storedCredential.startsWith(SHA_PREFIX) && verifySHA1Password(storedCredential, passedPassword))
                ||
                (storedCredential.startsWith(SHA256_PREFIX) && verifySHA256Password(storedCredential, passedPassword))
                ||
                (storedCredential.startsWith(SHA512_PREFIX) && verifySHA512Password(storedCredential, passedPassword))
                || (storedCredential.startsWith(PBKDF2_SHA256_PREFIX) &&
                verifyPBDKF2Password(storedCredential, passedPassword))
                || (storedCredential.startsWith(PBKDF2_SHA512_PREFIX) &&
                verifyPBDKF2Password(storedCredential, passedPassword));
    }


    private boolean verifyMD5Password(String storedCredential, String passedPassword) {
        // We send in the password presented by the user and use the stored password as the salt
        // If they match, then the password matches the original non-encrypted stored password
        return Md5Crypt.apr1Crypt(passedPassword, storedCredential).equals(storedCredential);
    }

    private boolean verifySHA1Password(String storedCredential, String passedPassword) {
        //Remove the SHA_PREFIX from the password string
        String storedPassword = storedCredential.substring(SHA_PREFIX.length());

        //Get the SHA digest and encode it in Base64
        byte[] digestedPasswordBytes = DigestUtils.sha1(passedPassword);
        String digestedPassword = Base64.getEncoder().encodeToString(digestedPasswordBytes);

        //Check if the stored password matches the passed one
        return digestedPassword.equals(storedPassword);
    }

    private boolean verifySHA256Password(String storedCredential, String passedPassword) {
        //Obtain the salt from the beginning of the storedPassword
        String salt = storedCredential.substring(0, storedCredential.lastIndexOf("$") + 1);

        String digestedPassword = Sha2Crypt.sha256Crypt(passedPassword.getBytes(), salt);

        //Check if the stored password matches the passed one
        return digestedPassword.equals(storedCredential);
    }

    private boolean verifySHA512Password(String storedCredential, String passedPassword) {
        //Obtain the salt from the beginning of the storedPassword
        String salt = storedCredential.substring(0, storedCredential.lastIndexOf("$") + 1);

        String digestedPassword = Sha2Crypt.sha512Crypt(passedPassword.getBytes(), salt);

        //Check if the stored password matches the passed one
        return digestedPassword.equals(storedCredential);
    }

    private boolean verifyPBDKF2Password(String storedCredential, String passedPassword) {
        String[] creds = storedCredential.split("\\$");
        if (creds.length != 5) {
            // TODO verify ok to throw exception here if using other password types
            throw new RuntimeException("Stored password checksum not valid. Check password store.");
        }
        String pbkdf2Algorithm = "PBKDF2WithHmacSHA256";
        int keySize = Base64.getDecoder().decode(creds[4]).length * 8;
        if (keySize == 256) {
            // default
        } else if (keySize == 512) {
            pbkdf2Algorithm = "PBKDF2WithHmacSHA512";
        } else {
            throw new RuntimeException("Stored password is not a valid size. Check password store.");
        }
        byte[] salt = Base64.getDecoder().decode(creds[3].getBytes());
        String encoded = encodePBDKF2(passedPassword, Integer.parseInt(creds[2]), salt, keySize, pbkdf2Algorithm);

        return encoded.equals(creds[4]);
    }

    private String encodePBDKF2(String rawPassword, int iterations, byte[] salt, int keySize, String pbkdf2Algorithm) {
        KeySpec spec = new PBEKeySpec(rawPassword.toCharArray(), salt, iterations, keySize);

        try {
            byte[] key = SecretKeyFactory.getInstance(pbkdf2Algorithm).generateSecret(spec).getEncoded();
            return Base64.getEncoder().encodeToString(key);
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException("PBKDF2 algorithm not found", e);
        } catch (InvalidKeySpecException e) {
            throw new RuntimeException("Password could not be encoded", e);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public String createPBDKF2SHA256Password(String password) {
        return createPBDKF2Password(password, DEFAULT_ITERATIONS_PBKDF2, 256);
    }

    public String createPBDKF2SHA512Password(String password) {
        return createPBDKF2Password(password, DEFAULT_ITERATIONS_PBKDF2, 512);
    }

    private String createPBDKF2Password(String password, int iterations, int keySize) {
        String prefix = PBKDF2_SHA256_PREFIX;
        String pbkdf2Algorithm = "PBKDF2WithHmacSHA256";
        if (keySize == 256) {
            // default
        } else if (keySize == 512) {
            prefix = PBKDF2_SHA512_PREFIX;
            pbkdf2Algorithm = "PBKDF2WithHmacSHA512";
        } else {
            throw new RuntimeException("Keysize must be 256 or 512");
        }
        if (iterations < 10000) {
            throw new RuntimeException("Iterations must be above 10000 when specified.");
        }

        byte[] salt = getSalt();
        String saltEncoded = Base64.getEncoder().encodeToString(salt);
        String checksum = encodePBDKF2(password, iterations, salt, keySize, pbkdf2Algorithm);

        return prefix + iterations + "$" + saltEncoded + "$" + checksum;
    }

    private byte[] getSalt() {
        byte[] buffer = new byte[16];
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.nextBytes(buffer);
        return buffer;
    }
}