@Test public void testEncodedMatches() { String rawPassword = "password"; Md4PasswordEncoder md4 = new Md4PasswordEncoder(); String encodedPassword = md4.encode(rawPassword); assertThat(md4.matches(rawPassword, encodedPassword)).isTrue(); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void testEncodeUnsaltedPassword() { Md4PasswordEncoder md4 = new Md4PasswordEncoder(); md4.setEncodeHashAsBase64(true); assertThat(md4.matches("ww_uni123", "8zobtq72iAt0W6KNqavGwg==")).isTrue(); }
private String digest(String salt, CharSequence rawPassword) { if (rawPassword == null) { rawPassword = ""; } String saltedPassword = rawPassword + salt; byte[] saltedPasswordBytes = Utf8.encode(saltedPassword); Md4 md4 = new Md4(); md4.update(saltedPasswordBytes, 0, saltedPasswordBytes.length); byte[] digest = md4.digest(); String encoded = encode(digest); return salt + encoded; }
encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
@Test public void javadocWhenHasSaltThenMatches() { Md4PasswordEncoder encoder = new Md4PasswordEncoder(); assertThat(encoder.matches("password", "{thisissalt}6cc7924dad12ade79dfb99e424f25260")); } }
private String digest(String salt, CharSequence rawPassword) { if (rawPassword == null) { rawPassword = ""; } String saltedPassword = rawPassword + salt; byte[] saltedPasswordBytes = Utf8.encode(saltedPassword); Md4 md4 = new Md4(); md4.update(saltedPasswordBytes, 0, saltedPasswordBytes.length); byte[] digest = md4.digest(); String encoded = encode(digest); return salt + encoded; }
encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
@Test public void testNonAsciiPasswordHasCorrectHash() { Md4PasswordEncoder md4 = new Md4PasswordEncoder(); assertThat(md4.matches("\u4F60\u597d", "a7f1196539fd1f85f754ffd185b16e6e")).isTrue(); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void testEncodeSaltedPassword() { Md4PasswordEncoder md4 = new Md4PasswordEncoder(); md4.setEncodeHashAsBase64(true); assertThat(md4.matches("ww_uni123", "{Alan K Stewart}ZplT6P5Kv6Rlu6W4FIoYNA==")).isTrue(); }
private String digest(String salt, CharSequence rawPassword) { if (rawPassword == null) { rawPassword = ""; } String saltedPassword = rawPassword + salt; byte[] saltedPasswordBytes = Utf8.encode(saltedPassword); Md4 md4 = new Md4(); md4.update(saltedPasswordBytes, 0, saltedPasswordBytes.length); byte[] digest = md4.digest(); String encoded = encode(digest); return salt + encoded; }
encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void testEncodeNullPassword() { Md4PasswordEncoder md4 = new Md4PasswordEncoder(); md4.setEncodeHashAsBase64(true); assertThat(md4.matches(null, "MdbP4NFq6TG3PFnX4MCJwA==")).isTrue(); }
private String digest(String salt, CharSequence rawPassword) { if (rawPassword == null) { rawPassword = ""; } String saltedPassword = rawPassword + salt; byte[] saltedPasswordBytes = Utf8.encode(saltedPassword); Md4 md4 = new Md4(); md4.update(saltedPasswordBytes, 0, saltedPasswordBytes.length); byte[] digest = md4.digest(); String encoded = encode(digest); return salt + encoded; }
encoders.put(encodingId, new BCryptPasswordEncoder()); encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance());