Exemple #1
0
  @Override
  public void updateCredential(UserCredentialModel cred) {
    CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());

    if (credentialEntity == null) {
      credentialEntity = new CredentialEntity();
      credentialEntity.setId(KeycloakModelUtils.generateId());
      credentialEntity.setType(cred.getType());
      credentialEntity.setDevice(cred.getDevice());
      credentialEntity.setUser(user);
      em.persist(credentialEntity);
      user.getCredentials().add(credentialEntity);
    }
    if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
      byte[] salt = getSalt();
      int hashIterations = 1;
      PasswordPolicy policy = realm.getPasswordPolicy();
      if (policy != null) {
        hashIterations = policy.getHashIterations();
        if (hashIterations == -1) hashIterations = 1;
      }
      credentialEntity.setValue(
          new Pbkdf2PasswordEncoder(salt).encode(cred.getValue(), hashIterations));
      credentialEntity.setSalt(salt);
      credentialEntity.setHashIterations(hashIterations);
    } else {
      credentialEntity.setValue(cred.getValue());
    }
    credentialEntity.setDevice(cred.getDevice());
    em.flush();
  }
Exemple #2
0
  private List<CredentialEntity> getCredentialEntities(UserEntity userEntity, String credType) {
    List<CredentialEntity> credentialEntities = new ArrayList<CredentialEntity>();
    for (CredentialEntity entity : userEntity.getCredentials()) {
      if (entity.getType().equals(credType)) {
        credentialEntities.add(entity);
      }
    }

    // Avoiding direct use of credSecond.getCreatedDate() - credFirst.getCreatedDate() to prevent
    // Integer Overflow
    // Orders from most recent to least recent
    Collections.sort(
        credentialEntities,
        new Comparator<CredentialEntity>() {
          public int compare(CredentialEntity credFirst, CredentialEntity credSecond) {
            if (credFirst.getCreatedDate() > credSecond.getCreatedDate()) {
              return -1;
            } else if (credFirst.getCreatedDate() < credSecond.getCreatedDate()) {
              return 1;
            } else {
              return 0;
            }
          }
        });
    return credentialEntities;
  }
Exemple #3
0
 private void setValue(CredentialEntity credentialEntity, UserCredentialModel cred) {
   UserCredentialValueModel encoded = PasswordHashManager.encode(session, realm, cred.getValue());
   credentialEntity.setCreatedDate(Time.toMillis(Time.currentTime()));
   credentialEntity.setAlgorithm(encoded.getAlgorithm());
   credentialEntity.setValue(encoded.getValue());
   credentialEntity.setSalt(encoded.getSalt());
   credentialEntity.setHashIterations(encoded.getHashIterations());
 }
Exemple #4
0
 private CredentialEntity setCredentials(UserEntity user, UserCredentialModel cred) {
   CredentialEntity credentialEntity = new CredentialEntity();
   credentialEntity.setId(KeycloakModelUtils.generateId());
   credentialEntity.setType(cred.getType());
   credentialEntity.setDevice(cred.getDevice());
   credentialEntity.setUser(user);
   return credentialEntity;
 }
Exemple #5
0
  private CredentialEntity getCredentialEntity(UserEntity userEntity, String credType) {
    for (CredentialEntity entity : userEntity.getCredentials()) {
      if (entity.getType().equals(credType)) {
        return entity;
      }
    }

    return null;
  }
Exemple #6
0
  private void updatePasswordCredential(UserCredentialModel cred) {
    CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());

    if (credentialEntity == null) {
      credentialEntity = setCredentials(user, cred);
      setValue(credentialEntity, cred);
      em.persist(credentialEntity);
      user.getCredentials().add(credentialEntity);
    } else {

      int expiredPasswordsPolicyValue = -1;
      PasswordPolicy policy = realm.getPasswordPolicy();
      if (policy != null) {
        expiredPasswordsPolicyValue = policy.getExpiredPasswords();
      }

      if (expiredPasswordsPolicyValue != -1) {
        user.getCredentials().remove(credentialEntity);
        credentialEntity.setType(UserCredentialModel.PASSWORD_HISTORY);
        user.getCredentials().add(credentialEntity);

        List<CredentialEntity> credentialEntities =
            getCredentialEntities(user, UserCredentialModel.PASSWORD_HISTORY);
        if (credentialEntities.size() > expiredPasswordsPolicyValue - 1) {
          user.getCredentials()
              .removeAll(
                  credentialEntities.subList(
                      expiredPasswordsPolicyValue - 1, credentialEntities.size()));
        }

        credentialEntity = setCredentials(user, cred);
        setValue(credentialEntity, cred);
        em.persist(credentialEntity);
        user.getCredentials().add(credentialEntity);
      } else {
        List<CredentialEntity> credentialEntities =
            getCredentialEntities(user, UserCredentialModel.PASSWORD_HISTORY);
        if (credentialEntities != null && credentialEntities.size() > 0) {
          user.getCredentials().removeAll(credentialEntities);
        }
        setValue(credentialEntity, cred);
      }
    }
  }
Exemple #7
0
  @Override
  public void updateCredential(UserCredentialModel cred) {

    if (cred.getType().equals(UserCredentialModel.PASSWORD)) {
      updatePasswordCredential(cred);
    } else if (UserCredentialModel.isOtp(cred.getType())) {
      updateOtpCredential(cred);

    } else {
      CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());

      if (credentialEntity == null) {
        credentialEntity = setCredentials(user, cred);
        credentialEntity.setValue(cred.getValue());
        em.persist(credentialEntity);
        user.getCredentials().add(credentialEntity);
      } else {
        credentialEntity.setValue(cred.getValue());
      }
    }
    em.flush();
  }
Exemple #8
0
  @Override
  public void updateCredentialDirectly(UserCredentialValueModel credModel) {
    CredentialEntity credentialEntity = getCredentialEntity(user, credModel.getType());

    if (credentialEntity == null) {
      credentialEntity = new CredentialEntity();
      credentialEntity.setId(KeycloakModelUtils.generateId());
      credentialEntity.setType(credModel.getType());
      credentialEntity.setUser(user);
      em.persist(credentialEntity);
      user.getCredentials().add(credentialEntity);
    }

    credentialEntity.setValue(credModel.getValue());
    credentialEntity.setSalt(credModel.getSalt());
    credentialEntity.setDevice(credModel.getDevice());
    credentialEntity.setHashIterations(credModel.getHashIterations());

    em.flush();
  }
Exemple #9
0
  @Override
  public List<UserCredentialValueModel> getCredentialsDirectly() {
    List<CredentialEntity> credentials = new ArrayList<CredentialEntity>(user.getCredentials());
    List<UserCredentialValueModel> result = new ArrayList<UserCredentialValueModel>();

    if (credentials != null) {
      for (CredentialEntity credEntity : credentials) {
        UserCredentialValueModel credModel = new UserCredentialValueModel();
        credModel.setType(credEntity.getType());
        credModel.setDevice(credEntity.getDevice());
        credModel.setValue(credEntity.getValue());
        credModel.setSalt(credEntity.getSalt());
        credModel.setHashIterations(credEntity.getHashIterations());

        result.add(credModel);
      }
    }

    return result;
  }
Exemple #10
0
  @Override
  public List<UserCredentialValueModel> getCredentialsDirectly() {
    List<CredentialEntity> credentials = new ArrayList<>(user.getCredentials());
    List<UserCredentialValueModel> result = new ArrayList<>();

    for (CredentialEntity credEntity : credentials) {
      UserCredentialValueModel credModel = new UserCredentialValueModel();
      credModel.setType(credEntity.getType());
      credModel.setDevice(credEntity.getDevice());
      credModel.setValue(credEntity.getValue());
      credModel.setCreatedDate(credEntity.getCreatedDate());
      credModel.setSalt(credEntity.getSalt());
      credModel.setHashIterations(credEntity.getHashIterations());
      credModel.setCounter(credEntity.getCounter());
      credModel.setAlgorithm(credEntity.getAlgorithm());
      credModel.setDigits(credEntity.getDigits());
      credModel.setPeriod(credEntity.getPeriod());

      result.add(credModel);
    }

    return result;
  }
Exemple #11
0
  private void updateOtpCredential(UserCredentialModel cred) {
    CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType());

    if (credentialEntity == null) {
      credentialEntity = setCredentials(user, cred);

      credentialEntity.setValue(cred.getValue());
      OTPPolicy otpPolicy = realm.getOTPPolicy();
      credentialEntity.setAlgorithm(otpPolicy.getAlgorithm());
      credentialEntity.setDigits(otpPolicy.getDigits());
      credentialEntity.setCounter(otpPolicy.getInitialCounter());
      credentialEntity.setPeriod(otpPolicy.getPeriod());
      em.persist(credentialEntity);
      user.getCredentials().add(credentialEntity);
    } else {
      OTPPolicy policy = realm.getOTPPolicy();
      credentialEntity.setDigits(policy.getDigits());
      credentialEntity.setCounter(policy.getInitialCounter());
      credentialEntity.setAlgorithm(policy.getAlgorithm());
      credentialEntity.setValue(cred.getValue());
      credentialEntity.setPeriod(policy.getPeriod());
    }
  }