-
Bug
-
Resolution: Done
-
Major
-
None
-
None
-
None
For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation
/subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)
"digest" => { "type" => OBJECT, "description" => "A digest password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "value-type" => { "algorithm" => { "type" => STRING, "description" => "The algorithm used to encrypt the password.", "expressions-allowed" => false, "required" => false, "nillable" => true, "default" => "digest-sha-512", "allowed" => [ "digest-md5", "digest-sha", "digest-sha-256", "digest-sha-512" ] }, "password" => { "type" => STRING, "description" => "The actual password to set.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L }, "realm" => { "type" => STRING, "description" => "The realm.", "expressions-allowed" => false, "required" => true, "nillable" => false, "min-length" => 1L, "max-length" => 2147483647L } } },
Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant.
Seems to me underlying Elytron implementation is already prepared for that.
DigestPasswordImpl.java
private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException { switch (algorithm) { case ALGORITHM_DIGEST_MD5: return MessageDigest.getInstance("MD5"); case ALGORITHM_DIGEST_SHA: return MessageDigest.getInstance("SHA-1"); case ALGORITHM_DIGEST_SHA_256: return MessageDigest.getInstance("SHA-256"); case ALGORITHM_DIGEST_SHA_384: return MessageDigest.getInstance("SHA-384"); case ALGORITHM_DIGEST_SHA_512: return MessageDigest.getInstance("SHA-512"); default: throw log.noSuchAlgorithmInvalidAlgorithm(algorithm); } }
- clones
-
JBEAP-12316 Elytron subsystem does not expose digest-sha-384 for digest password
- Closed