RE: Fusion not leaving maintenance mode

@randall

Don't know your OS, but in case your error is related to what I found on a recent Windows/Postgres install:
https://fusionauth.io/community/forum/topic/2219/maintenance-mode-db-creation-fails-without-message-with-postgresql-15-on-windows

Thank you.
https://github.com/FusionAuth/fusionauth-issues/issues/971

In case it helps anyone, a version of the ASP.NET Core Identity PasswordHasher HashPasswordV3

package com.mycompany.fusionauth.plugins;

import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.util.Base64;
import io.fusionauth.plugin.spi.security.PasswordEncryptor;

/**
* Example password hashing based on Asp.Net Core Identity PasswordHasher HashPasswordV3.
*/
public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor implements PasswordEncryptor {

  @Override
  public int defaultFactor() {
    return 10_000;
  }

  @Override
  public String encrypt(String password, String salt, int factor) {
    if (factor <= 0) {
      throw new IllegalArgumentException("Invalid factor value [" + factor + "]");
    }

    SecretKeyFactory keyFactory;
    try {
      keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
    } catch (NoSuchAlgorithmException e) {
      throw new IllegalStateException("No such algorithm [PBKDF2WithHmacSHA256]");
    }

	int keyLength = 32; // numBytesRequested
	byte[] saltBytes = Base64.getDecoder().decode(salt); // assumes Base64 encoded salt. saltSize: 16 bytes

    KeySpec keySpec = new PBEKeySpec(password.toCharArray(), saltBytes, factor, keyLength * 8);
    SecretKey secret;
    try {
      secret = keyFactory.generateSecret(keySpec); // subkey
    } catch (InvalidKeySpecException e) {
      throw new IllegalArgumentException("Could not generate secret key for algorithm [PBKDF2WithHmacSHA256]");
    }
	
	byte[] outputBytes = new byte[13 + saltBytes.length + secret.getEncoded().length];
	outputBytes[0] = 0x01; // format marker
	WriteNetworkByteOrder(outputBytes, 1, 1);
	WriteNetworkByteOrder(outputBytes, 5, factor);
	WriteNetworkByteOrder(outputBytes, 9, saltBytes.length);
	System.arraycopy(saltBytes, 0, outputBytes, 13, saltBytes.length);
	System.arraycopy(secret.getEncoded(), 0, outputBytes, 13 + saltBytes.length, secret.getEncoded().length);
	
	return new String(Base64.getEncoder().encode(outputBytes));
  }
  
  private static void WriteNetworkByteOrder(byte[] buffer, int offset, int value)
  {
	buffer[offset + 0] = (byte)(value >> 24);
	buffer[offset + 1] = (byte)(value >> 16);
	buffer[offset + 2] = (byte)(value >> 8);
	buffer[offset + 3] = (byte)(value >> 0);
  }
}

package com.mycompany.fusionauth.plugins;

import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import static org.testng.Assert.assertEquals;

public class ExampleDotNetPBDKF2HMACSHA256PasswordEncryptorTest {
  @Test(dataProvider = "hashes")
  public void encrypt(String password, String salt, String hash) {
    ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor encryptor = new ExampleDotNetPBDKF2HMACSHA256PasswordEncryptor();
    assertEquals(encryptor.encrypt(password, salt, 10_000), hash);
  }

  @DataProvider(name = "hashes")
  public Object[][] hashes() {
    return new Object[][]{
        {"MyExamplePassword", "CVsv6SwPJr7WDrVvAb+7aw==", "AQAAAAEAACcQAAAAEAlbL+ksDya+1g61bwG/u2ssOcnQU6Q2xo9tmijJv0zM2GsxeOl04NSpXRsAveBBag=="},
    };
  }
}

Two updates:

• The workaround to use the explicit IP instead of localhost only works sometimes, indicating that there continues to be some kind of timing/timeout issue in Production mode, but not in Development mode.
• Adding a second processor seems to have actually fixed the issue.

Thanks. I believe the RSS feed for the release announcements will work for us.