Verwaltung von LDAP Accounts und Gruppen
Peter Hormanns
2020-03-31 12eca73c21c77cb6adfb616e5b5305bba7808db1
store ssha512 password hash
5 files modified
62 ■■■■■ changed files
src/main/java/de/jalin/ldapadmin/beans/User.java 4 ●●● patch | view | raw | blame | history
src/main/java/de/jalin/ldapadmin/ldap/PasswordValidator.java 43 ●●●●● patch | view | raw | blame | history
src/main/java/de/jalin/ldapadmin/web/ProfileServlet.java 4 ●●● patch | view | raw | blame | history
src/main/java/de/jalin/ldapadmin/web/ResetPasswordServlet.java 6 ●●●●● patch | view | raw | blame | history
src/main/java/de/jalin/ldapadmin/web/UserServlet.java 5 ●●●● patch | view | raw | blame | history
src/main/java/de/jalin/ldapadmin/beans/User.java
@@ -1,6 +1,7 @@
package de.jalin.ldapadmin.beans;
import java.io.Serializable;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.List;
@@ -48,9 +49,10 @@
        this.password = password;
    }
    public void setAndValidatePassword(String password) throws SimplePasswordException {
    public void setAndValidatePassword(String password) throws SimplePasswordException, NoSuchAlgorithmException {
        final PasswordValidator validator = new PasswordValidator();
        validator.validate(password);
        validator.createSaltedSHA512Hash(password);
        this.password = password;
    }
src/main/java/de/jalin/ldapadmin/ldap/PasswordValidator.java
@@ -1,8 +1,20 @@
package de.jalin.ldapadmin.ldap;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import org.apache.commons.codec.binary.Base64;
public class PasswordValidator {
    private static final int MIN_PASSWORD_LEN = 6;
    private static final Base64 BASE64 = new Base64();
    private static final String LABEL = "{SSHA512}";
    private static final String SALT_CHARACTERS =
              "abcdefghijklmnopqrstuvwxyz"
            + "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
            + "0123456789$_";
    public void validate(final String password) throws SimplePasswordException {
        if (password == null || password.isEmpty()) {
@@ -38,4 +50,35 @@
        }
    }
    public static String randomSalt() {
        final StringBuffer buffer = new StringBuffer();
        for (int i=0; i < 8; i++) {
            double randomValue = Math.random() * 64.0f - 0.5d;
            int randomIndex = Math.round((float)randomValue);
            if (randomIndex < 0 || randomIndex >= SALT_CHARACTERS.length()) {
                randomIndex = 0;
            }
            buffer.append(SALT_CHARACTERS.charAt(randomIndex));
        }
        return buffer.toString();
    }
    public String createSaltedSHA512Hash(String passwd) throws NoSuchAlgorithmException {
        return createSaltedSHA512Hash(randomSalt(), passwd);
    }
    public static String createSaltedSHA512Hash(String salt, String passwd) throws NoSuchAlgorithmException {
        final byte[] saltBytes = salt.getBytes();
        MessageDigest sha = MessageDigest.getInstance("SHA-512");
        sha.reset();
        sha.update(passwd.getBytes());
        sha.update(saltBytes);
        byte[] pwHash = sha.digest();
        final byte[] hashBytes = new byte[pwHash.length + saltBytes.length];
        System.arraycopy(pwHash, 0, hashBytes, 0, pwHash.length);
        System.arraycopy(saltBytes, 0, hashBytes, pwHash.length, saltBytes.length);
        final String encode = BASE64.encodeAsString(hashBytes);
        return LABEL + new String(encode);
    }
}
src/main/java/de/jalin/ldapadmin/web/ProfileServlet.java
@@ -1,6 +1,7 @@
package de.jalin.ldapadmin.web;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.SortedMap;
@@ -110,7 +111,8 @@
            httpSession.setAttribute("errormessage", messages.getString("ProfileServlet.inputfield") + e.getFieldname() + " " + e.getCondition());
            req.getRequestDispatcher("/user.jsp").forward(req, resp);
            return;
        }
        } catch (NoSuchAlgorithmException e) {
            throwServletException(httpSession, e);        }
        try {
            if ("password".equals(operation)) {
                final User oldValue = usersDAO.read(dn);
src/main/java/de/jalin/ldapadmin/web/ResetPasswordServlet.java
@@ -8,6 +8,7 @@
import java.io.PrintWriter;
import java.io.Writer;
import java.net.InetAddress;
import java.security.NoSuchAlgorithmException;
import java.util.Collection;
import java.util.SortedMap;
@@ -17,6 +18,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.CharEncoding;
import org.apache.commons.net.smtp.SMTPClient;
import org.apache.commons.net.smtp.SMTPReply;
import org.apache.commons.net.smtp.SimpleSMTPHeader;
@@ -28,7 +30,6 @@
import de.jalin.ldapadmin.ldap.LDAPSessionException;
import de.jalin.ldapadmin.ldap.SimplePasswordException;
import de.jalin.ldapadmin.ldap.UsersDAO;
import org.apache.commons.lang.CharEncoding;
@WebServlet(name = "ResetPassword", urlPatterns = {"/passwordreset"}, loadOnStartup = 1)
public class ResetPasswordServlet extends AbstractLDAPServlet {
@@ -122,7 +123,8 @@
                            return;
                        }
                        throwServletException(httpSession, e);
                    }
                    } catch (NoSuchAlgorithmException e) {
                        throwServletException(httpSession, e);                    }
                }
            }
        }
src/main/java/de/jalin/ldapadmin/web/UserServlet.java
@@ -1,6 +1,7 @@
package de.jalin.ldapadmin.web;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
@@ -137,7 +138,9 @@
                httpSession.setAttribute("errormessage", messages.getString("UserServlet.input_field") + " \"" + e.getFieldname() + "\" " + e.getCondition());
                req.getRequestDispatcher("/user.jsp").forward(req, resp);
                return;
            }
            } catch (NoSuchAlgorithmException e) {
                throwServletException(httpSession, e);
            }
        }
        final GroupsDAO groupsDAO = new GroupsDAO(ldapSession);
        try {