pwd_migration.PersonAuthentication クラス

pwd_migration.PersonAuthentication の継承関係図

pwd_migration.PersonAuthentication 連携図

公開メンバ関数
def	__init__ (self, currentTimeMillis)
def	init (self, configurationAttributes)
def	destroy (self, configurationAttributes)
def	getApiVersion (self)
def	isValidAuthenticationMethod (self, usageType, configurationAttributes)
def	getAlternativeAuthenticationMethod (self, usageType, configurationAttributes)
def	authenticate (self, configurationAttributes, requestParameters, step)
def	prepareForStep (self, configurationAttributes, requestParameters, step)
def	getExtraParametersForStep (self, configurationAttributes, step)
def	getCountAuthenticationSteps (self, configurationAttributes)
def	getPageForStep (self, configurationAttributes, step)
def	logout (self, configurationAttributes, requestParameters)

公開変数類
	currentTimeMillis

詳解

構築子と解体子

__init__()

def pwd_migration.PersonAuthentication.__init__	(		self,
			currentTimeMillis
	)

    def __init__(self, currentTimeMillis):
        self.currentTimeMillis = currentTimeMillis

関数詳解

authenticate()

def pwd_migration.PersonAuthentication.authenticate	(		self,
			configurationAttributes,
			requestParameters,
			step
	)

    def authenticate(self, configurationAttributes, requestParameters, step):

        authenticationService = CdiUtil.bean(AuthenticationService)

        if (step == 1):
            print "BCrypt Auth. Authenticate for step 1"

            identity = CdiUtil.bean(Identity)
            credentials = identity.getCredentials()

            user_name = credentials.getUsername()
            user_password = credentials.getPassword()

            logged_in = False

            if (StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password)):
                userService = CdiUtil.bean(UserService)
                user = userService.getUser(user_name)
                hashed_stored_pass = user.getAttribute("userPassword")

                password_schema = ''

                # Determine password schema
                # Example for BCrypt: {BCRYPT}$2b$08$71gBXNKJ/iUBXqLjEdEXFesoUYQm5vrpKefi8YhV7ITGfAd9VNFaG
                for char in hashed_stored_pass:
                    if char == '{':
                        continue
                    if char == '}':
                        break    
                    password_schema = password_schema + char
                print("Password Schema is: " + password_schema)

                # OpenDJ's SSHA(512)
                if 'SSHA' in password_schema:
                    # Returns True if authenticated on the backend
                    logged_in = authenticationService.authenticate(user_name, user_password)

                # Pattern match BCRYPT and rewrite to SSHA
                elif 'BCRYPT' in password_schema:
                    # Pull salt from the stored hashed password
                    salt = hashed_stored_pass[8:]
                    salt = salt.split("$")[3].strip()
                    salt = salt[0:22]
                    salt = '$2a$08$' + salt

                    # Create BCrypt hash of challenge cleartext password using the gathered salt
                    challenge = BCrypt.hashpw(user_password,salt)

                    # Strip unnecessary revision($2a$) and rounds(08$) from both hashed passwords for comparison.
                    challenge = challenge.split("$")[3].strip()
                    stored = hashed_stored_pass.split("$")[3].strip()

                    print("Challenge Salt+Hash: " + challenge)
                    print("Stored Salt+Hash:    " + stored)

                    # Compare the hashses and update hash if there is a match.
                    if challenge in stored:

                        # Users hashed challenge password matches the stored hashed password in the backend
                        # Therefore we update the users password to the backend's password schema by passing it to OpenDJ
                        print("Updating hash..")
                        user.setAttribute("userPassword",user_password)
                        user = userService.updateUser(user)
                        print("Logging in..")

                        # Returns True
                        logged_in = authenticationService.authenticate(user_name)

                # Catch unknown schema types and output to oxauth_script.log
                # This script can be expanded to include other password schemas.
                else:
                    print("Unrecognized algorithm: " + password_schema)

            # If there is no match, logged_in will still be False and authentication will fail.
            if (not logged_in):
                return False
            logged_in = authenticationService.authenticate(user_name)
            return logged_in
        else:
            return False

destroy()

def pwd_migration.PersonAuthentication.destroy	(		self,
			configurationAttributes
	)

    def destroy(self, configurationAttributes):
        print "BCrypt Auth. Destroy"
        print "BCrypt Auth. Destroyed successfully"
        return True

getAlternativeAuthenticationMethod()

def pwd_migration.PersonAuthentication.getAlternativeAuthenticationMethod	(		self,
			usageType,
			configurationAttributes
	)

    def getAlternativeAuthenticationMethod(self, usageType, configurationAttributes):
        return None

getApiVersion()

def pwd_migration.PersonAuthentication.getApiVersion

(

self

)

    def getApiVersion(self):
        return 1

getCountAuthenticationSteps()

def pwd_migration.PersonAuthentication.getCountAuthenticationSteps	(		self,
			configurationAttributes
	)

    def getCountAuthenticationSteps(self, configurationAttributes):
        return 1

getExtraParametersForStep()

def pwd_migration.PersonAuthentication.getExtraParametersForStep	(		self,
			configurationAttributes,
			step
	)

    def getExtraParametersForStep(self, configurationAttributes, step):
        return None

getPageForStep()

def pwd_migration.PersonAuthentication.getPageForStep	(		self,
			configurationAttributes,
			step
	)

    def getPageForStep(self, configurationAttributes, step):
        return ""

init()

def pwd_migration.PersonAuthentication.init	(		self,
			configurationAttributes
	)

    def init(self, configurationAttributes):
        print "BCrypt Auth. Initialization"
        print "BCrypt Auth. Initialized successfully"
        return True   

isValidAuthenticationMethod()

def pwd_migration.PersonAuthentication.isValidAuthenticationMethod	(		self,
			usageType,
			configurationAttributes
	)

    def isValidAuthenticationMethod(self, usageType, configurationAttributes):
        return True

logout()

def pwd_migration.PersonAuthentication.logout	(		self,
			configurationAttributes,
			requestParameters
	)

    def logout(self, configurationAttributes, requestParameters):
        return True

prepareForStep()

def pwd_migration.PersonAuthentication.prepareForStep	(		self,
			configurationAttributes,
			requestParameters,
			step
	)

    def prepareForStep(self, configurationAttributes, requestParameters, step):
        if (step == 1):
            print "BCrypt Auth. Prepare for Step 1"
            return True
        else:
            return False

メンバ詳解

currentTimeMillis

pwd_migration.PersonAuthentication.currentTimeMillis

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/OpenId/gluu/src/oxAuth/Server/integrations/bcrypt_ssha_migration/pwd_migration.py

---

2018年09月30日(日) 14時46分56秒作成 - gluu / 構成:   1.8.13