@Override public void updateCredential(UserCredentialModel cred) { CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType()); if (credentialEntity == null) { credentialEntity = new CredentialEntity(); credentialEntity.setId(KeycloakModelUtils.generateId()); credentialEntity.setType(cred.getType()); credentialEntity.setDevice(cred.getDevice()); credentialEntity.setUser(user); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } if (cred.getType().equals(UserCredentialModel.PASSWORD)) { byte[] salt = getSalt(); int hashIterations = 1; PasswordPolicy policy = realm.getPasswordPolicy(); if (policy != null) { hashIterations = policy.getHashIterations(); if (hashIterations == -1) hashIterations = 1; } credentialEntity.setValue( new Pbkdf2PasswordEncoder(salt).encode(cred.getValue(), hashIterations)); credentialEntity.setSalt(salt); credentialEntity.setHashIterations(hashIterations); } else { credentialEntity.setValue(cred.getValue()); } credentialEntity.setDevice(cred.getDevice()); em.flush(); }
private List<CredentialEntity> getCredentialEntities(UserEntity userEntity, String credType) { List<CredentialEntity> credentialEntities = new ArrayList<CredentialEntity>(); for (CredentialEntity entity : userEntity.getCredentials()) { if (entity.getType().equals(credType)) { credentialEntities.add(entity); } } // Avoiding direct use of credSecond.getCreatedDate() - credFirst.getCreatedDate() to prevent // Integer Overflow // Orders from most recent to least recent Collections.sort( credentialEntities, new Comparator<CredentialEntity>() { public int compare(CredentialEntity credFirst, CredentialEntity credSecond) { if (credFirst.getCreatedDate() > credSecond.getCreatedDate()) { return -1; } else if (credFirst.getCreatedDate() < credSecond.getCreatedDate()) { return 1; } else { return 0; } } }); return credentialEntities; }
private void setValue(CredentialEntity credentialEntity, UserCredentialModel cred) { UserCredentialValueModel encoded = PasswordHashManager.encode(session, realm, cred.getValue()); credentialEntity.setCreatedDate(Time.toMillis(Time.currentTime())); credentialEntity.setAlgorithm(encoded.getAlgorithm()); credentialEntity.setValue(encoded.getValue()); credentialEntity.setSalt(encoded.getSalt()); credentialEntity.setHashIterations(encoded.getHashIterations()); }
private CredentialEntity setCredentials(UserEntity user, UserCredentialModel cred) { CredentialEntity credentialEntity = new CredentialEntity(); credentialEntity.setId(KeycloakModelUtils.generateId()); credentialEntity.setType(cred.getType()); credentialEntity.setDevice(cred.getDevice()); credentialEntity.setUser(user); return credentialEntity; }
private CredentialEntity getCredentialEntity(UserEntity userEntity, String credType) { for (CredentialEntity entity : userEntity.getCredentials()) { if (entity.getType().equals(credType)) { return entity; } } return null; }
private void updatePasswordCredential(UserCredentialModel cred) { CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType()); if (credentialEntity == null) { credentialEntity = setCredentials(user, cred); setValue(credentialEntity, cred); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } else { int expiredPasswordsPolicyValue = -1; PasswordPolicy policy = realm.getPasswordPolicy(); if (policy != null) { expiredPasswordsPolicyValue = policy.getExpiredPasswords(); } if (expiredPasswordsPolicyValue != -1) { user.getCredentials().remove(credentialEntity); credentialEntity.setType(UserCredentialModel.PASSWORD_HISTORY); user.getCredentials().add(credentialEntity); List<CredentialEntity> credentialEntities = getCredentialEntities(user, UserCredentialModel.PASSWORD_HISTORY); if (credentialEntities.size() > expiredPasswordsPolicyValue - 1) { user.getCredentials() .removeAll( credentialEntities.subList( expiredPasswordsPolicyValue - 1, credentialEntities.size())); } credentialEntity = setCredentials(user, cred); setValue(credentialEntity, cred); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } else { List<CredentialEntity> credentialEntities = getCredentialEntities(user, UserCredentialModel.PASSWORD_HISTORY); if (credentialEntities != null && credentialEntities.size() > 0) { user.getCredentials().removeAll(credentialEntities); } setValue(credentialEntity, cred); } } }
@Override public void updateCredential(UserCredentialModel cred) { if (cred.getType().equals(UserCredentialModel.PASSWORD)) { updatePasswordCredential(cred); } else if (UserCredentialModel.isOtp(cred.getType())) { updateOtpCredential(cred); } else { CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType()); if (credentialEntity == null) { credentialEntity = setCredentials(user, cred); credentialEntity.setValue(cred.getValue()); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } else { credentialEntity.setValue(cred.getValue()); } } em.flush(); }
@Override public void updateCredentialDirectly(UserCredentialValueModel credModel) { CredentialEntity credentialEntity = getCredentialEntity(user, credModel.getType()); if (credentialEntity == null) { credentialEntity = new CredentialEntity(); credentialEntity.setId(KeycloakModelUtils.generateId()); credentialEntity.setType(credModel.getType()); credentialEntity.setUser(user); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } credentialEntity.setValue(credModel.getValue()); credentialEntity.setSalt(credModel.getSalt()); credentialEntity.setDevice(credModel.getDevice()); credentialEntity.setHashIterations(credModel.getHashIterations()); em.flush(); }
@Override public List<UserCredentialValueModel> getCredentialsDirectly() { List<CredentialEntity> credentials = new ArrayList<CredentialEntity>(user.getCredentials()); List<UserCredentialValueModel> result = new ArrayList<UserCredentialValueModel>(); if (credentials != null) { for (CredentialEntity credEntity : credentials) { UserCredentialValueModel credModel = new UserCredentialValueModel(); credModel.setType(credEntity.getType()); credModel.setDevice(credEntity.getDevice()); credModel.setValue(credEntity.getValue()); credModel.setSalt(credEntity.getSalt()); credModel.setHashIterations(credEntity.getHashIterations()); result.add(credModel); } } return result; }
@Override public List<UserCredentialValueModel> getCredentialsDirectly() { List<CredentialEntity> credentials = new ArrayList<>(user.getCredentials()); List<UserCredentialValueModel> result = new ArrayList<>(); for (CredentialEntity credEntity : credentials) { UserCredentialValueModel credModel = new UserCredentialValueModel(); credModel.setType(credEntity.getType()); credModel.setDevice(credEntity.getDevice()); credModel.setValue(credEntity.getValue()); credModel.setCreatedDate(credEntity.getCreatedDate()); credModel.setSalt(credEntity.getSalt()); credModel.setHashIterations(credEntity.getHashIterations()); credModel.setCounter(credEntity.getCounter()); credModel.setAlgorithm(credEntity.getAlgorithm()); credModel.setDigits(credEntity.getDigits()); credModel.setPeriod(credEntity.getPeriod()); result.add(credModel); } return result; }
private void updateOtpCredential(UserCredentialModel cred) { CredentialEntity credentialEntity = getCredentialEntity(user, cred.getType()); if (credentialEntity == null) { credentialEntity = setCredentials(user, cred); credentialEntity.setValue(cred.getValue()); OTPPolicy otpPolicy = realm.getOTPPolicy(); credentialEntity.setAlgorithm(otpPolicy.getAlgorithm()); credentialEntity.setDigits(otpPolicy.getDigits()); credentialEntity.setCounter(otpPolicy.getInitialCounter()); credentialEntity.setPeriod(otpPolicy.getPeriod()); em.persist(credentialEntity); user.getCredentials().add(credentialEntity); } else { OTPPolicy policy = realm.getOTPPolicy(); credentialEntity.setDigits(policy.getDigits()); credentialEntity.setCounter(policy.getInitialCounter()); credentialEntity.setAlgorithm(policy.getAlgorithm()); credentialEntity.setValue(cred.getValue()); credentialEntity.setPeriod(policy.getPeriod()); } }