Removed salt from config and updated config files.
Change-Id: Idfd066f0e56f5e5568325e5ea6072fb12c551ff2
diff --git a/core/Changes b/core/Changes
index 8589452..a315367 100644
--- a/core/Changes
+++ b/core/Changes
@@ -1,3 +1,7 @@
+# version 0.62.4
+24/01/2020
+ - Removed salt from config and updated config files.
+
# version 0.62.3
03/12/2019
- Implemented pipe extension in the search API (margaretha)
diff --git a/core/pom.xml b/core/pom.xml
index be3b949..05faeee 100644
--- a/core/pom.xml
+++ b/core/pom.xml
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>0.62.3</version>
+ <version>0.62.4</version>
<properties>
<java.version>1.8</java.version>
@@ -240,7 +240,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Koral</artifactId>
- <version>[0.35,)</version>
+ <version>[0.36,)</version>
<exclusions>
<exclusion>
<groupId>org.eclipse.jetty</groupId>
@@ -298,7 +298,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Krill</artifactId>
- <version>[0.59.0,)</version>
+ <version>[0.59.1,)</version>
<exclusions>
<exclusion>
<groupId>org.glassfish.jersey.containers</groupId>
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index 26075d1..f66f196 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -72,7 +72,6 @@
private int tokenTTL;
private int shortTokenTTL;
private String[] rewrite_strategies;
- private String passcodeSaltField;
private String default_pos;
private String default_morphology;
@@ -197,10 +196,6 @@
properties.getProperty("security.tokenTTL", "72H"));
shortTokenTTL = TimeUtils.convertTimeToSeconds(
properties.getProperty("security.shortTokenTTL", "3H"));
-
- // passcodeSaltField =
- // properties.getProperty("security.passcode.salt",
- // "accountCreation");
}
@Deprecated
diff --git a/core/src/main/java/de/ids_mannheim/korap/constant/AuthenticationMethod.java b/core/src/main/java/de/ids_mannheim/korap/constant/AuthenticationMethod.java
index 7c7dbae..cbdc07f 100644
--- a/core/src/main/java/de/ids_mannheim/korap/constant/AuthenticationMethod.java
+++ b/core/src/main/java/de/ids_mannheim/korap/constant/AuthenticationMethod.java
@@ -10,5 +10,9 @@
*
*/
public enum AuthenticationMethod {
- LDAP, SHIBBOLETH, DATABASE, TEST;
+ LDAP,
+ // not available
+ SHIBBOLETH, DATABASE,
+ // by pass authentication for testing
+ TEST;
}
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java b/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
index 134ebdb..46f519a 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
+++ b/core/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
@@ -26,8 +26,7 @@
throws KustvaktException;
- public String secureHash (String input) throws NoSuchAlgorithmException,
- UnsupportedEncodingException, KustvaktException;
+ public String secureHash (String input);
/**
diff --git a/full/Changes b/full/Changes
index 86a0edc..816abfd 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,3 +1,7 @@
+# version 0.62.4
+24/01/2020
+ - Removed salt from config and updated config files.
+
# version 0.62.3
03/12/2019
- Implemented pipe extension in the search API (margaretha)
diff --git a/full/pom.xml b/full/pom.xml
index a1a4f02..6ba884a 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-full</artifactId>
- <version>0.62.3</version>
+ <version>0.62.4</version>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -205,7 +205,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>[0.62.3,)</version>
+ <version>[0.62.4,)</version>
</dependency>
<!-- LDAP -->
<dependency>
diff --git a/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
index 0f18f20..aaee8d2 100644
--- a/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
+++ b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
@@ -1,16 +1,12 @@
package de.ids_mannheim.korap.encryption;
-import de.ids_mannheim.korap.config.ContextHolder;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
import de.ids_mannheim.korap.config.Configurable;
+import de.ids_mannheim.korap.config.ContextHolder;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.user.User;
-
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Map;
/**
* @author hanl
@@ -35,8 +31,7 @@
@Override
- public String secureHash (String input) throws NoSuchAlgorithmException,
- UnsupportedEncodingException, KustvaktException {
+ public String secureHash (String input) {
return null;
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index cfe962d..b6d7e2b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -119,8 +119,7 @@
// specific device.
secret = codeGenerator.createRandomCode();
- secretHashcode = encryption.secureHash(secret,
- config.getPasscodeSaltField());
+ secretHashcode = encryption.secureHash(secret);
}
String id = codeGenerator.createRandomCode();
@@ -245,8 +244,7 @@
|| client.getRegisteredBy().equals(username)) {
String secret = codeGenerator.createRandomCode();
- String secretHashcode = encryption.secureHash(secret,
- config.getPasscodeSaltField());
+ String secretHashcode = encryption.secureHash(secret);
client.setSecret(secretHashcode);
clientDao.updateClient(client);
@@ -291,8 +289,7 @@
OAuth2Error.INVALID_CLIENT);
}
}
- else if (!encryption.checkHash(clientSecret, client.getSecret(),
- config.getPasscodeSaltField())) {
+ else if (!encryption.checkHash(clientSecret, client.getSecret())) {
throw new KustvaktException(
StatusCodes.CLIENT_AUTHENTICATION_FAILED,
"Invalid client credentials", OAuth2Error.INVALID_CLIENT);
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 7c8ec4c..68577ae 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -55,6 +55,7 @@
### (see de.ids_mannheim.korap.constant.AuthenticationMethod for possible
### oauth.password.authentication values)
oauth.password.authentication = TEST
+### used to determine native client, currently not used
oauth2.native.client.host = korap.ids-mannheim.de
oauth2.max.attempts = 1
# expiry in seconds (S), minutes (M), hours (H), days (D)
@@ -65,14 +66,6 @@
oauth2.default.scopes = search match_info
oauth2.client.credentials.scopes = client_info
-# JWT
-security.jwt.issuer=korap.ids-mannheim.de
-
-## token expiration
-security.longTokenTTL=150D
-security.tokenTTL=72H
-security.shortTokenTTL=45M
-
## see SecureRandom Number Generation Algorithms
## default SHA1PRNG
security.secure.random.algorithm=SHA1PRNG
@@ -81,19 +74,25 @@
## default MD5
security.md.algoritm = SHA-256
-### secure hash support: BCRYPT, ESAPICYPHER
+### secure hash support: BCRYPT
security.secure.hash.algorithm=BCRYPT
-security.passcode.salt=salt
+security.encryption.loadFactor = 10
+# JWT
+security.jwt.issuer=korap.ids-mannheim.de
+security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
+
+## token expiration (used in other authentication provider than OAuth2)
+security.longTokenTTL=150D
+security.tokenTTL=72H
+security.shortTokenTTL=45M
+
+# Session authentication
security.idleTimeoutDuration = 25M
security.multipleLogIn = true
security.loginAttemptNum = 3
security.authAttemptTTL = 45M
-security.encryption.loadFactor = 8
-security.validation.stringLength = 150
-security.validation.emailLength = 50
-security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
-
-## applicable: rewrite, foundry, filter, deny
-security.rewrite.strategies=filter, foundry, rewrite
\ No newline at end of file
+#EM: deprecated and not used
+#security.validation.stringLength = 150
+#security.validation.emailLength = 50
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 585d43c..03badfb 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -83,20 +83,12 @@
#openid.term.of.service =
openid.service.doc = https://github.com/KorAP/Kustvakt/wiki
-## JWT
-security.jwt.issuer=https://korap.ids-mannheim.de
-
## JWK
## must be set for openid
rsa.private = kustvakt_rsa.key
rsa.public = kustvakt_rsa_public.key
rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35
-## token expiration time
-security.longTokenTTL = 1D
-security.tokenTTL = 2S
-security.shortTokenTTL = 1S
-
## see SecureRandom Number Generation Algorithms
## default SHA1PRNG
security.secure.random.algorithm=SHA1PRNG
@@ -105,20 +97,25 @@
## default MD5
security.md.algoritm = SHA-256
-### secure hash support: BCRYPT, ESAPICYPHER
+### secure hash support: BCRYPT
security.secure.hash.algorithm=BCRYPT
-security.passcode.salt=salt
+security.encryption.loadFactor = 10
+## JWT
+security.jwt.issuer=https://korap.ids-mannheim.de
+security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
+
+## token expiration time
+security.longTokenTTL = 1D
+security.tokenTTL = 2S
+security.shortTokenTTL = 1S
+
+# Session authentication
security.idleTimeoutDuration = 25M
security.multipleLogIn = true
security.loginAttemptNum = 3
security.authAttemptTTL = 45M
-security.encryption.loadFactor = 8
+#EM: deprecated and not used
security.validation.stringLength = 150
security.validation.emailLength = 50
-
-security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
-
-## applicable: rewrite, foundry, filter, deny
-security.rewrite.strategies=filter, foundry, rewrite
\ No newline at end of file
diff --git a/lite/Changes b/lite/Changes
index 287819e..d60aed8 100644
--- a/lite/Changes
+++ b/lite/Changes
@@ -1,3 +1,7 @@
+# version 0.62.4
+24/01/2020
+ - Removed salt from config and updated config files.
+
# version 0.62.3
03/12/2019
- Implemented pipe extension in the search API (margaretha)
diff --git a/lite/pom.xml b/lite/pom.xml
index f06e3d1..1d59de6 100644
--- a/lite/pom.xml
+++ b/lite/pom.xml
@@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-lite</artifactId>
- <version>0.62.3</version>
+ <version>0.62.4</version>
<properties>
<java.version>1.8</java.version>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@@ -137,7 +137,7 @@
<dependency>
<groupId>de.ids_mannheim.korap</groupId>
<artifactId>Kustvakt-core</artifactId>
- <version>[0.62.3,)</version>
+ <version>[0.62.4,)</version>
</dependency>
<!-- Jersey test framework -->
<dependency>