/** * Encrypts a password in a crypt(3) compatible way. * <p> * A random salt and the default algorithm (currently SHA-512) are used. See {@link #crypt(String, String)} for * details. * * @param keyBytes * plaintext password * @return hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes) { return crypt(keyBytes, null); }
@Test public void testCrypt() { assertNotNull(new Crypt()); // just for Test Coverage }
/** * Calculates the digest using the strongest crypt(3) algorithm. * <p> * A random salt and the default algorithm (currently SHA-512) are used. * * @see #crypt(String, String) * @param key * plaintext password * @return hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final String key) { return crypt(key, null); }
return crypt(key.getBytes(Charsets.UTF_8), salt);
/** * An empty string as salt is invalid. * * The C and Perl implementations return an empty string, PHP threads it * as NULL. Our implementation should throw an Exception as any resulting * hash would not be verifyable with other implementations of crypt(). */ @Test(expected = IllegalArgumentException.class) public void testCryptWithEmptySalt() { Crypt.crypt("secret", ""); }
@Test public void testSha256CryptStrings() { // empty data assertEquals("$5$foo$Fq9CX624QIfnCAmlGiPKLlAasdacKCRxZztPoeo7o0B", Crypt.crypt("", "$5$foo")); // salt gets cut at dollar sign assertEquals("$5$45678$LulJuUIJIn.1uU.KPV9x92umMYFopzVDD.o2ZqA1i2/", Crypt.crypt("secret", "$5$45678")); assertEquals("$5$45678$LulJuUIJIn.1uU.KPV9x92umMYFopzVDD.o2ZqA1i2/", Crypt.crypt("secret", "$5$45678$012")); assertEquals("$5$45678$LulJuUIJIn.1uU.KPV9x92umMYFopzVDD.o2ZqA1i2/", Crypt.crypt("secret", "$5$45678$012$456")); // salt gets cut at maximum length assertEquals("$5$1234567890123456$GUiFKBSTUAGvcK772ulTDPltkTOLtFvPOmp9o.9FNPB", Crypt.crypt("secret", "$5$1234567890123456")); assertEquals("$5$1234567890123456$GUiFKBSTUAGvcK772ulTDPltkTOLtFvPOmp9o.9FNPB", Crypt.crypt("secret", "$5$1234567890123456789")); }
@Test public void testSha512CryptStrings() { // empty data assertEquals("$6$foo$Nywkte7LPWjaJhWjNeGJN.dFdY3pN1wYlGifyRLYOVlGS9EMSiZaDDe/BGSOYQ327q9.32I4UqQ5odsqvsBLX/", Crypt.crypt("", "$6$foo")); // salt gets cut at dollar sign assertEquals("$6$45678$f2en/Y053Knir/wu/T8DQKSbiUGcPcbXKsmyVlP820dIpXoY0KlqgUqRVFfavdRXwDMUZYsxPOymA4zgX0qE5.", Crypt.crypt("secret", "$6$45678")); assertEquals("$6$45678$f2en/Y053Knir/wu/T8DQKSbiUGcPcbXKsmyVlP820dIpXoY0KlqgUqRVFfavdRXwDMUZYsxPOymA4zgX0qE5.", Crypt.crypt("secret", "$6$45678$012")); assertEquals("$6$45678$f2en/Y053Knir/wu/T8DQKSbiUGcPcbXKsmyVlP820dIpXoY0KlqgUqRVFfavdRXwDMUZYsxPOymA4zgX0qE5.", Crypt.crypt("secret", "$6$45678$012$456")); // salt gets cut at maximum length assertEquals("$6$1234567890123456$d2HCAnimIF5VMqUnwaZ/4JhNDJ.ttsjm0nbbmc9eE7xUYiw79GMvXUc5ZqG5BlqkXSbASZxrvR0QefAgdLbeH.", Crypt.crypt("secret", "$6$1234567890123456")); assertEquals("$6$1234567890123456$d2HCAnimIF5VMqUnwaZ/4JhNDJ.ttsjm0nbbmc9eE7xUYiw79GMvXUc5ZqG5BlqkXSbASZxrvR0QefAgdLbeH.", Crypt.crypt("secret", "$6$1234567890123456789")); }
@Test public void testMd5CryptStrings() { // empty data assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt("", "$1$foo")); // salt gets cut at dollar sign assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234")); assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567")); assertEquals("$1$1234$ImZYBLmYC.rbBKg9ERxX70", Crypt.crypt("secret", "$1$1234$567$890")); // salt gets cut at maximum length assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$1234567890123456")); assertEquals("$1$12345678$hj0uLpdidjPhbMMZeno8X/", Crypt.crypt("secret", "$1$123456789012345678")); }
@Test public void testUnixCryptStrings() { // trivial test assertEquals("xxWAum7tHdIUw", Crypt.crypt("secret", "xx")); // empty data assertEquals("12UFlHxel6uMM", Crypt.crypt("", "12")); // salt gets cut at maximum length assertEquals("12FJgqDtVOg7Q", Crypt.crypt("secret", "12")); assertEquals("12FJgqDtVOg7Q", Crypt.crypt("secret", "12345678")); }
@Test public void testMd5CryptBytes() { // An empty Bytearray equals an empty String assertEquals("$1$foo$9mS5ExwgIECGE5YKlD5o91", Crypt.crypt(new byte[0], "$1$foo")); // UTF-8 stores \u00e4 "a with diaeresis" as two bytes 0xc3 0xa4. assertEquals("$1$./$52agTEQZs877L9jyJnCNZ1", Crypt.crypt("t\u00e4st", "$1$./$")); // ISO-8859-1 stores "a with diaeresis" as single byte 0xe4. assertEquals("$1$./$J2UbKzGe0Cpe63WZAt6p//", Crypt.crypt("t\u00e4st".getBytes(Charsets.ISO_8859_1), "$1$./$")); }
@Test public void testUnixCryptBytes() { // An empty Bytearray equals an empty String assertEquals("12UFlHxel6uMM", Crypt.crypt(new byte[0], "12")); // UTF-8 stores \u00e4 "a with diaeresis" as two bytes 0xc3 0xa4. assertEquals("./287bds2PjVw", Crypt.crypt("t\u00e4st", "./")); // ISO-8859-1 stores "a with diaeresis" as single byte 0xe4. assertEquals("./bLIFNqo9XKQ", Crypt.crypt("t\u00e4st".getBytes(Charsets.ISO_8859_1), "./")); assertEquals("./bLIFNqo9XKQ", Crypt.crypt(new byte[]{(byte) 0x74, (byte) 0xe4, (byte) 0x73, (byte) 0x74}, "./")); }
@Test public void testSha256CryptBytes() { // An empty Bytearray equals an empty String assertEquals("$5$foo$Fq9CX624QIfnCAmlGiPKLlAasdacKCRxZztPoeo7o0B", Crypt.crypt(new byte[0], "$5$foo")); // UTF-8 stores \u00e4 "a with diaeresis" as two bytes 0xc3 0xa4. assertEquals("$5$./$iH66LwY5sTDTdHeOxq5nvNDVAxuoCcyH/y6Ptte82P8", Crypt.crypt("t\u00e4st", "$5$./$")); // ISO-8859-1 stores "a with diaeresis" as single byte 0xe4. assertEquals("$5$./$qx5gFfCzjuWUOvsDDy.5Nor3UULPIqLVBZhgGNS0c14", Crypt.crypt("t\u00e4st".getBytes(Charsets.ISO_8859_1), "$5$./$")); }
@Test public void testSha512CryptBytes() { // An empty Bytearray equals an empty String assertEquals("$6$foo$Nywkte7LPWjaJhWjNeGJN.dFdY3pN1wYlGifyRLYOVlGS9EMSiZaDDe/BGSOYQ327q9.32I4UqQ5odsqvsBLX/", Crypt.crypt(new byte[0], "$6$foo")); // UTF-8 stores \u00e4 "a with diaeresis" as two bytes 0xc3 0xa4. assertEquals("$6$./$fKtWqslQkwI8ZxjdWoeS.jHHrte97bZxiwB5gwCRHX6LG62fUhT6Bb5MRrjWvieh0C/gxh8ItFuTsVy80VrED1", Crypt.crypt("t\u00e4st", "$6$./$")); // ISO-8859-1 stores "a with diaeresis" as single byte 0xe4. assertEquals("$6$./$L49DSK.d2df/LxGLJQMyS5A/Um.TdHqgc46j5FpScEPlqQHP5dEazltaDNDZ6UEs2mmNI6kPwtH/rsP9g5zBI.", Crypt.crypt("t\u00e4st".getBytes(Charsets.ISO_8859_1), "$6$./$")); }
@Test public void testMd5CryptLongInput() { assertEquals("$1$1234$MoxekaNNUgfPRVqoeYjCD/", Crypt.crypt("12345678901234567890", "$1$1234")); }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * A random salt and the default algorithm (currently SHA-512) are used. See {@link #crypt(String, String)} for * details. * * @param keyBytes * plaintext password * @return hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes) { return crypt(keyBytes, null); }
/** * Calculates the digest using the strongest crypt(3) algorithm. * <p> * A random salt and the default algorithm (currently SHA-512) are used. * * @see #crypt(String, String) * @param key * plaintext password * @return hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final String key) { return crypt(key, null); }
/** * Calculates the digest using the strongest crypt(3) algorithm. * <p> * A random salt and the default algorithm (currently SHA-512) are used. * * @see #crypt(String, String) * @param key * plaintext password * @return hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final String key) { return crypt(key, null); }
public static String createAuthField(String password) { return crypt(password); }