@Test public void testBasicFunctionality() { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1"); String raw = "abc123"; assertThat(pe.matches(raw, "{THIS_IS_A_SALT}b2f50ffcbd3407fe9415c062d55f54731f340d32")); }
@Test public void md5EncodeThenMatches() { String rawPassword = "password"; MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5"); String encode = pe.encode(rawPassword); assertThat(pe.matches(rawPassword, encode)).isTrue(); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void testBase64() throws Exception { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1"); pe.setEncodeHashAsBase64(true); String raw = "abc123"; assertThat(pe.matches(raw, "{THIS_IS_A_SALT}b2f50ffcbd3407fe9415c062d55f54731f340d32")); }
encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()); encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); encoders.put("scrypt", new SCryptPasswordEncoder()); encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
private String digest(String salt, CharSequence rawPassword) { String saltedPassword = rawPassword + salt; byte[] digest = this.digester.digest(Utf8.encode(saltedPassword)); String encoded = encode(digest); return salt + encoded; }
@Test public void md5StretchFactorIsProcessedCorrectly() throws Exception { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5"); pe.setIterations(2); // Calculate value using: // echo -n password{salt} | openssl md5 -binary | openssl md5 assertThat(pe.matches("password", "{salt}eb753fb0c370582b4ee01b30f304b9fc")).isTrue(); }
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
@Test(expected = IllegalStateException.class) public void testInvalidStrength() throws Exception { new MessageDigestPasswordEncoder("SHA-666"); } }
private String digest(String salt, CharSequence rawPassword) { String saltedPassword = rawPassword + salt; byte[] digest = this.digester.digest(Utf8.encode(saltedPassword)); String encoded = encode(digest); return salt + encoded; }
@Test public void md5Base64() throws Exception { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5"); pe.setEncodeHashAsBase64(true); assertThat(pe.matches("abc123", "{THIS_IS_A_SALT}poqv2QKZ0LE33ij7S7aFcw==")).isTrue(); }
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void test256() throws Exception { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("SHA-1"); String raw = "abc123"; assertThat(pe.matches(raw, "{THIS_IS_A_SALT}4b79b7de23eb23b78cc5ede227d532b8a51f89b2ec166f808af76b0dbedc47d7")); }
encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()); encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); encoders.put("scrypt", new SCryptPasswordEncoder()); encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());
private String digest(String salt, CharSequence rawPassword) { String saltedPassword = rawPassword + salt; byte[] digest = this.digester.digest(Utf8.encode(saltedPassword)); String encoded = encode(digest); return salt + encoded; }
/** * Encodes the rawPass using a MessageDigest. If a salt is specified it will be merged * with the password before encoding. * * @param rawPassword The plain text password * @return Hex string of password digest (or base64 encoded string if * encodeHashAsBase64 is enabled. */ public String encode(CharSequence rawPassword) { String salt = PREFIX + this.saltGenerator.generateKey() + SUFFIX; return digest(salt, rawPassword); }
/** * Takes a previously encoded password and compares it with a rawpassword after mixing * in the salt and encoding that value * * @param rawPassword plain text password * @param encodedPassword previously encoded password * @return true or false */ public boolean matches(CharSequence rawPassword, String encodedPassword) { String salt = extractSalt(encodedPassword); String rawPasswordEncoded = digest(salt, rawPassword); return PasswordEncoderUtils.equals(encodedPassword.toString(), rawPasswordEncoded); }
@Test public void md5MatchesWhenHasSalt() { MessageDigestPasswordEncoder pe = new MessageDigestPasswordEncoder("MD5"); assertThat(pe.matches("password", "{salt}ce421738b1c5540836bdc8ff707f1572")).isTrue(); }
encoders.put("ldap", new org.springframework.security.crypto.password.LdapShaPasswordEncoder()); encoders.put("MD4", new org.springframework.security.crypto.password.Md4PasswordEncoder()); encoders.put("MD5", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("MD5")); encoders.put("noop", org.springframework.security.crypto.password.NoOpPasswordEncoder.getInstance()); encoders.put("pbkdf2", new Pbkdf2PasswordEncoder()); encoders.put("scrypt", new SCryptPasswordEncoder()); encoders.put("SHA-1", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-1")); encoders.put("SHA-256", new org.springframework.security.crypto.password.MessageDigestPasswordEncoder("SHA-256")); encoders.put("sha256", new org.springframework.security.crypto.password.StandardPasswordEncoder());