2 * Copyright © 2018 Inocybe Technologies and others. All rights reserved.
4 * This program and the accompanying materials are made available under the
5 * terms of the Eclipse Public License v1.0 which accompanies this distribution,
6 * and is available at http://www.eclipse.org/legal/epl-v10.html
8 package org.opendaylight.aaa.impl.password.service;
10 import org.apache.shiro.codec.Base64;
11 import org.apache.shiro.crypto.hash.DefaultHashService;
12 import org.apache.shiro.crypto.hash.HashRequest;
13 import org.apache.shiro.crypto.hash.SimpleHashRequest;
14 import org.apache.shiro.util.ByteSource;
15 import org.opendaylight.aaa.api.password.service.PasswordHash;
16 import org.opendaylight.aaa.api.password.service.PasswordHashService;
17 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfig;
18 import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.password.service.config.rev170619.PasswordServiceConfigBuilder;
19 import org.slf4j.Logger;
20 import org.slf4j.LoggerFactory;
22 public class DefaultPasswordHashService implements PasswordHashService {
23 private static final Logger LOG = LoggerFactory.getLogger(DefaultPasswordHashService.class);
25 public static final String DEFAULT_HASH_ALGORITHM = "SHA-512";
26 public static final int DEFAULT_NUM_ITERATIONS = 20000;
28 private final DefaultHashService hashService;
30 public DefaultPasswordHashService() {
31 this(new PasswordServiceConfigBuilder().build());
34 public DefaultPasswordHashService(final PasswordServiceConfig passwordServiceConfig) {
35 hashService = createHashService(passwordServiceConfig.getIterations(), passwordServiceConfig.getAlgorithm(),
36 passwordServiceConfig.getPrivateSalt());
40 public PasswordHash getPasswordHash(final String password) {
41 final var hash = hashService.computeHash(new HashRequest.Builder()
42 .setAlgorithmName(hashService.getHashAlgorithmName())
43 .setIterations(hashService.getHashIterations())
44 .setSource(ByteSource.Util.bytes(password))
46 return PasswordHashImpl.create(
47 hash.getAlgorithmName(),
48 hash.getSalt().toBase64(),
54 public PasswordHash getPasswordHash(final String password, final String salt) {
55 final var hash = hashService.computeHash(new SimpleHashRequest(
56 hashService.getHashAlgorithmName(),
57 ByteSource.Util.bytes(password),
58 ByteSource.Util.bytes(Base64.decode(salt)),
59 hashService.getHashIterations()));
60 return PasswordHashImpl.create(
61 hash.getAlgorithmName(),
62 hash.getSalt().toBase64(),
68 public boolean passwordsMatch(final String plaintext, final String stored, final String salt) {
69 return getPasswordHash(plaintext, salt).getHashedPassword().equals(stored);
72 private static DefaultHashService createHashService(final Integer numIterations, final String hashAlgorithm,
73 final String privateSalt) {
74 final DefaultHashService hashService = new DefaultHashService();
76 if (numIterations != null) {
77 hashService.setHashIterations(numIterations);
78 LOG.info("DefaultPasswordHashService will utilize configured iteration count={}", numIterations);
80 hashService.setHashIterations(DEFAULT_NUM_ITERATIONS);
81 LOG.info("DefaultPasswordHashService will utilize default iteration count={}", DEFAULT_NUM_ITERATIONS);
84 if (hashAlgorithm != null) {
85 hashService.setHashAlgorithmName(hashAlgorithm);
86 LOG.info("DefaultPasswordHashService will utilize configured algorithm={}", hashAlgorithm);
88 hashService.setHashAlgorithmName(DEFAULT_HASH_ALGORITHM);
89 LOG.info("DefaultPasswordHashService will utilize default algorithm={}", DEFAULT_HASH_ALGORITHM);
92 if (privateSalt != null) {
93 hashService.setPrivateSalt(ByteSource.Util.bytes(privateSalt));
94 LOG.info("DefaultPasswordHashService will utilize a configured private salt");
96 hashService.setGeneratePublicSalt(true);
97 LOG.info("DefaultPasswordHashService will not utilize a private salt, since none was configured");