Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1304

Elytron subsystem does not expose digest-sha-384 for digest password

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: None
    • Fix Version/s: 1.2.0.Beta10
    • Component/s: None
    • Labels:
      None

      Description

      For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation

      /subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)
      "digest" => {
                      "type" => OBJECT,
                      "description" => "A digest password.",
                      "expressions-allowed" => false,
                      "required" => false,
                      "nillable" => true,
                      "value-type" => {
                          "algorithm" => {
                              "type" => STRING,
                              "description" => "The algorithm used to encrypt the password.",
                              "expressions-allowed" => false,
                              "required" => false,
                              "nillable" => true,
                              "default" => "digest-sha-512",
                              "allowed" => [
                                  "digest-md5",
                                  "digest-sha",
                                  "digest-sha-256",
                                  "digest-sha-512"
                              ]
                          },
                          "password" => {
                              "type" => STRING,
                              "description" => "The actual password to set.",
                              "expressions-allowed" => false,
                              "required" => true,
                              "nillable" => false,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          },
                          "realm" => {
                              "type" => STRING,
                              "description" => "The realm.",
                              "expressions-allowed" => false,
                              "required" => true,
                              "nillable" => false,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          }
                      }
                  },
      

      Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant.

      Seems to me underlying Elytron implementation is already prepared for that.

      DigestPasswordImpl.java
          private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException {
              switch (algorithm) {
                  case ALGORITHM_DIGEST_MD5:
                      return MessageDigest.getInstance("MD5");
                  case ALGORITHM_DIGEST_SHA:
                      return MessageDigest.getInstance("SHA-1");
                  case ALGORITHM_DIGEST_SHA_256:
                      return MessageDigest.getInstance("SHA-256");
                  case ALGORITHM_DIGEST_SHA_384:
                      return MessageDigest.getInstance("SHA-384");
                  case ALGORITHM_DIGEST_SHA_512:
                      return MessageDigest.getInstance("SHA-512");
                  default:
                      throw log.noSuchAlgorithmInvalidAlgorithm(algorithm);
              }
          }
      

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  yersan Yeray Borges
                  Reporter:
                  mchoma Martin Choma
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: