1 Reply Latest reply on May 25, 2017 7:44 AM by Pradhap Rajamani

    custom encryption logic in jboss login module

    Pradhap Rajamani Newbie

      Dear All,

       

      My application is an Identity provider which uses picketlink to generate SAML token and as a part of authentication I'm using database login module of jboss security domain and password in my database is encrypted using SHA-256 algorithm using UTF-8 and Base64 encoding.So in my login module I have placed these algorithms and authentication is working fine .

       

      But if I need to place my own logic for encryption,how can I mention that in login module .For example if I'm using my own encoding logic instead of base64 ,How to do that. I also tried to figure out method responsible for processing these logic in picketbox module and tried to override it.But nothing worked .Please any one help me with this. Below is the code of my database login module

       

                        <authentication>

                              <login-module code="Database" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/auth"/>

                                  <module-option name="principalsQuery" value="select password from auth where user_name=?"/>

                                  <module-option name="rolesQuery" value="SELECT  role,'Roles' FROM role where user_name=?"/>

                                  <module-option name="hashAlgorithm" value="SHA-256"/>

                                  <module-option name="hashCharset" value="UTF-8"/>

                                  <module-option name="hashEncoding" value="Base64"/>

                              </login-module>

                          </authentication>

       

      The respective java encryption code is below:

       

                 MessageDigest digest = MessageDigest.getInstance("SHA-256");

                 byte[] hash = digest.digest(rawPassword.getBytes(StandardCharsets.UTF_8));

                 byte[] encoded = Base64.encodeBase64(hash);

                  String encryptedPassword=new String(encoded);

       

      If i'm using my own way of encoding instead of base64  as below:

       

                 StringBuilder sb = new StringBuilder();

                 MessageDigest digest = MessageDigest.getInstance("SHA-256");

                 byte[] hash = digest.digest(rawPassword.getBytes(StandardCharsets.UTF_8));

                for (int i = 0; i < hash.length; i++) {

                 sb.append(Integer.toString((hash[i] & 0xff) + 0x100, 16).substring(1));

        }

        String encryptedPassword=sb.toString();

       

      How to mention this encoding logic in my login module?

        • 1. Re: custom encryption logic in jboss login module
          Pradhap Rajamani Newbie

          Hello All,

           

          I have found a solution for this scenario. I have created a jar file which overrides createPasswordHash method of  usernamepasswordloginmodule class file  and in the overridden method  I have written my own logic of password encryption and then I created a new module in jboss and placed that jar file over there.I have also made changes in my login module code of jboss to use my custom module instead to picketbox module and it is working fine.If anyone requires the source code of jar file or if you have any further queries, Please give me a reply.