Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-1304

Elytron subsystem does not expose digest-sha-384 for digest password

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.2.0.Beta10
    • None
    • None
    • None

      For the sake of completeness add digest-sha-384 to allowed values of algorithm attribute of set-password operation

      /subsystem=elytron/ldap-realm=a:read-operation-description(name=set-password)
      "digest" => {
                      "type" => OBJECT,
                      "description" => "A digest password.",
                      "expressions-allowed" => false,
                      "required" => false,
                      "nillable" => true,
                      "value-type" => {
                          "algorithm" => {
                              "type" => STRING,
                              "description" => "The algorithm used to encrypt the password.",
                              "expressions-allowed" => false,
                              "required" => false,
                              "nillable" => true,
                              "default" => "digest-sha-512",
                              "allowed" => [
                                  "digest-md5",
                                  "digest-sha",
                                  "digest-sha-256",
                                  "digest-sha-512"
                              ]
                          },
                          "password" => {
                              "type" => STRING,
                              "description" => "The actual password to set.",
                              "expressions-allowed" => false,
                              "required" => true,
                              "nillable" => false,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          },
                          "realm" => {
                              "type" => STRING,
                              "description" => "The realm.",
                              "expressions-allowed" => false,
                              "required" => true,
                              "nillable" => false,
                              "min-length" => 1L,
                              "max-length" => 2147483647L
                          }
                      }
                  },
      

      Passwords of types otp, salted-simple-digest, simple-digest already expose sha-384 variant.

      Seems to me underlying Elytron implementation is already prepared for that.

      DigestPasswordImpl.java
          private static MessageDigest getMessageDigest(final String algorithm) throws NoSuchAlgorithmException {
              switch (algorithm) {
                  case ALGORITHM_DIGEST_MD5:
                      return MessageDigest.getInstance("MD5");
                  case ALGORITHM_DIGEST_SHA:
                      return MessageDigest.getInstance("SHA-1");
                  case ALGORITHM_DIGEST_SHA_256:
                      return MessageDigest.getInstance("SHA-256");
                  case ALGORITHM_DIGEST_SHA_384:
                      return MessageDigest.getInstance("SHA-384");
                  case ALGORITHM_DIGEST_SHA_512:
                      return MessageDigest.getInstance("SHA-512");
                  default:
                      throw log.noSuchAlgorithmInvalidAlgorithm(algorithm);
              }
          }
      

              yborgess1@redhat.com Yeray Borges Santana
              mchoma@redhat.com Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: