Removed salt from config and updated config files.
Change-Id: Idfd066f0e56f5e5568325e5ea6072fb12c551ff2
diff --git a/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
index 0f18f20..aaee8d2 100644
--- a/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
+++ b/full/src/main/java/de/ids_mannheim/korap/encryption/DefaultEncryption.java
@@ -1,16 +1,12 @@
package de.ids_mannheim.korap.encryption;
-import de.ids_mannheim.korap.config.ContextHolder;
+import java.math.BigInteger;
+import java.security.SecureRandom;
+
import de.ids_mannheim.korap.config.Configurable;
+import de.ids_mannheim.korap.config.ContextHolder;
import de.ids_mannheim.korap.exceptions.KustvaktException;
import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.user.User;
-
-import java.io.UnsupportedEncodingException;
-import java.math.BigInteger;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
-import java.util.Map;
/**
* @author hanl
@@ -35,8 +31,7 @@
@Override
- public String secureHash (String input) throws NoSuchAlgorithmException,
- UnsupportedEncodingException, KustvaktException {
+ public String secureHash (String input) {
return null;
}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
index cfe962d..b6d7e2b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ClientService.java
@@ -119,8 +119,7 @@
// specific device.
secret = codeGenerator.createRandomCode();
- secretHashcode = encryption.secureHash(secret,
- config.getPasscodeSaltField());
+ secretHashcode = encryption.secureHash(secret);
}
String id = codeGenerator.createRandomCode();
@@ -245,8 +244,7 @@
|| client.getRegisteredBy().equals(username)) {
String secret = codeGenerator.createRandomCode();
- String secretHashcode = encryption.secureHash(secret,
- config.getPasscodeSaltField());
+ String secretHashcode = encryption.secureHash(secret);
client.setSecret(secretHashcode);
clientDao.updateClient(client);
@@ -291,8 +289,7 @@
OAuth2Error.INVALID_CLIENT);
}
}
- else if (!encryption.checkHash(clientSecret, client.getSecret(),
- config.getPasscodeSaltField())) {
+ else if (!encryption.checkHash(clientSecret, client.getSecret())) {
throw new KustvaktException(
StatusCodes.CLIENT_AUTHENTICATION_FAILED,
"Invalid client credentials", OAuth2Error.INVALID_CLIENT);
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 7c8ec4c..68577ae 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -55,6 +55,7 @@
### (see de.ids_mannheim.korap.constant.AuthenticationMethod for possible
### oauth.password.authentication values)
oauth.password.authentication = TEST
+### used to determine native client, currently not used
oauth2.native.client.host = korap.ids-mannheim.de
oauth2.max.attempts = 1
# expiry in seconds (S), minutes (M), hours (H), days (D)
@@ -65,14 +66,6 @@
oauth2.default.scopes = search match_info
oauth2.client.credentials.scopes = client_info
-# JWT
-security.jwt.issuer=korap.ids-mannheim.de
-
-## token expiration
-security.longTokenTTL=150D
-security.tokenTTL=72H
-security.shortTokenTTL=45M
-
## see SecureRandom Number Generation Algorithms
## default SHA1PRNG
security.secure.random.algorithm=SHA1PRNG
@@ -81,19 +74,25 @@
## default MD5
security.md.algoritm = SHA-256
-### secure hash support: BCRYPT, ESAPICYPHER
+### secure hash support: BCRYPT
security.secure.hash.algorithm=BCRYPT
-security.passcode.salt=salt
+security.encryption.loadFactor = 10
+# JWT
+security.jwt.issuer=korap.ids-mannheim.de
+security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
+
+## token expiration (used in other authentication provider than OAuth2)
+security.longTokenTTL=150D
+security.tokenTTL=72H
+security.shortTokenTTL=45M
+
+# Session authentication
security.idleTimeoutDuration = 25M
security.multipleLogIn = true
security.loginAttemptNum = 3
security.authAttemptTTL = 45M
-security.encryption.loadFactor = 8
-security.validation.stringLength = 150
-security.validation.emailLength = 50
-security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
-
-## applicable: rewrite, foundry, filter, deny
-security.rewrite.strategies=filter, foundry, rewrite
\ No newline at end of file
+#EM: deprecated and not used
+#security.validation.stringLength = 150
+#security.validation.emailLength = 50
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 585d43c..03badfb 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -83,20 +83,12 @@
#openid.term.of.service =
openid.service.doc = https://github.com/KorAP/Kustvakt/wiki
-## JWT
-security.jwt.issuer=https://korap.ids-mannheim.de
-
## JWK
## must be set for openid
rsa.private = kustvakt_rsa.key
rsa.public = kustvakt_rsa_public.key
rsa.key.id = 74caa3a9-217c-49e6-94e9-2368fdd02c35
-## token expiration time
-security.longTokenTTL = 1D
-security.tokenTTL = 2S
-security.shortTokenTTL = 1S
-
## see SecureRandom Number Generation Algorithms
## default SHA1PRNG
security.secure.random.algorithm=SHA1PRNG
@@ -105,20 +97,25 @@
## default MD5
security.md.algoritm = SHA-256
-### secure hash support: BCRYPT, ESAPICYPHER
+### secure hash support: BCRYPT
security.secure.hash.algorithm=BCRYPT
-security.passcode.salt=salt
+security.encryption.loadFactor = 10
+## JWT
+security.jwt.issuer=https://korap.ids-mannheim.de
+security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
+
+## token expiration time
+security.longTokenTTL = 1D
+security.tokenTTL = 2S
+security.shortTokenTTL = 1S
+
+# Session authentication
security.idleTimeoutDuration = 25M
security.multipleLogIn = true
security.loginAttemptNum = 3
security.authAttemptTTL = 45M
-security.encryption.loadFactor = 8
+#EM: deprecated and not used
security.validation.stringLength = 150
security.validation.emailLength = 50
-
-security.sharedSecret=this-is-shared-secret-code-for-JWT-Signing.It-must-contains-minimum-256-bits
-
-## applicable: rewrite, foundry, filter, deny
-security.rewrite.strategies=filter, foundry, rewrite
\ No newline at end of file