Added options for setting password hashing algorithm and iterations t…

…o the dataset provider module. Signed-off-by: Tomas Kyjovsky <[email protected]>
keycloak · Apr 18, 2024 · 64349a8 · 64349a8
1 parent edb737c
commit 64349a8
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 7 deletions.
diff --git a/dataset/dataset-import.sh b/dataset/dataset-import.sh
@@ -25,7 +25,7 @@ set_environment_variables () {
   CREATE_TIMEOUT="3600"
   THREADS="-1"
 
-  while getopts ":a:r:n:c:u:e:o:i:p:l:t:C:T:" OPT
+  while getopts ":a:r:n:c:u:e:o:g:i:p:l:t:C:T:" OPT
   do
     case $OPT in
       a)
@@ -49,6 +49,12 @@ set_environment_variables () {
       o)
         SESSIONS_COUNT=$OPTARG
         ;;
+      g)
+        HASH_ALGORITHM=$OPTARG
+        ;;
+      i)
+        HASH_ITERATIONS=$OPTARG
+        ;;
       p)
         REALM_PREFIX=$OPTARG
         ;;
@@ -72,11 +78,6 @@ set_environment_variables () {
   done
 }
 
-create_realms () {
-  echo "Creating $1 realm/s with $2 client/s and $3 user/s."
-  execute_command "create-realms?count=$1&clients-per-realm=$2&users-per-realm=$3&task-timeout=$4&threads-count=$5"
-}
-
 create_clients () {
   echo "Creating $1 client/s in realm $2"
   execute_command "create-clients?count=$1&realm-name=$2&task-timeout=$3&threads-count=$4"
@@ -189,7 +190,10 @@ main () {
   echo "Action: [$ACTION] "
   case "$ACTION" in
     create-realms)
-      create_realms $REALM_COUNT $CLIENTS_COUNT $USERS_COUNT $CREATE_TIMEOUT $THREADS
+      if [ -z "$HASH_ALGORITHM" ];  then HA_PARAM=""; HASH_ALGORITHM="default";  else HA_PARAM="&password-hash-algorithm=$HASH_ALGORITHM"; fi
+      if [ -z "$HASH_ITERATIONS" ]; then HI_PARAM=""; HASH_ITERATIONS="default"; else HI_PARAM="&password-hash-iterations=$HASH_ITERATIONS"; fi
+      echo "Creating $REALM_COUNT realms with $CLIENTS_COUNT clients and $USERS_COUNT users with $HASH_ITERATIONS password-hashing iterations using the $HASH_ALGORITHM algorithm."
+      execute_command "create-realms?count=$REALM_COUNT&clients-per-realm=$CLIENTS_COUNT&users-per-realm=$USERS_COUNT$HI_PARAM$HA_PARAM"
       exit 0
       ;;
     create-clients)

diff --git a/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java b/dataset/src/main/java/org/keycloak/benchmark/dataset/DatasetResourceProvider.java
@@ -913,6 +913,14 @@ private void createAndSetRealm(RealmContext context, int index, KeycloakSession
         realm.setEnabled(true);
         realm.setRegistrationAllowed(true);
         realm.setAccessCodeLifespan(60);
+        PasswordPolicy.Builder b = PasswordPolicy.build();
+        if (!config.getPasswordHashAlgorithm().isEmpty()) { // only set if parameter explicitly provided, see QueryParamFill.defaultValue()
+            b.put("hashAlgorithm", config.getPasswordHashAlgorithm());
+        }
+        if (config.getPasswordHashIterations() != -1) { // only set if parameter explicitly provided, see QueryParamIntFill.defaultValue()
+            b.put("hashIterations", config.getPasswordHashIterations().toString());
+        }
+        realm.setPasswordPolicy(b.build(session));
 
         if (config.getEventsEnabled()) {
             realm.setEventsEnabled(true);

diff --git a/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java b/dataset/src/main/java/org/keycloak/benchmark/dataset/config/DatasetConfig.java
@@ -150,6 +150,14 @@ public class DatasetConfig {
     @QueryParamIntFill(paramName = "client-roles-per-user", defaultValue = 4, operations = { CREATE_REALMS, CREATE_USERS })
     private Integer clientRolesPerUser;
 
+    // Password policy with the password hash algorithm.
+    @QueryParamFill(paramName = "password-hash-algorithm", operations = { CREATE_REALMS })
+    private String passwordHashAlgorithm;
+
+    // Password policy with the number of password hash iterations.
+    @QueryParamIntFill(paramName = "password-hash-iterations", operations = { CREATE_REALMS })
+    private Integer passwordHashIterations;
+
     // Check if eventStorage will be enabled for newly created realms
     @QueryParamFill(paramName = "events-enabled", defaultValue = "false", operations = { CREATE_REALMS })
     private String eventsEnabled;
@@ -297,6 +305,14 @@ public Integer getClientRolesPerUser() {
         return clientRolesPerUser;
     }
 
+    public String getPasswordHashAlgorithm() {
+        return passwordHashAlgorithm;
+    }
+
+    public Integer getPasswordHashIterations() {
+        return passwordHashIterations;
+    }
+
     public Boolean getEventsEnabled() {
         return Boolean.valueOf(eventsEnabled);
     }