@Override public boolean check(final String input, final String hash) { return BCrypt.checkpw(input, hash); } };
/** * Decodes the String to the {@link SimTok}. * Returns {@code null} if decoded token is NOT valid. */ public SimTok decode(final String token) { final int ndx = token.indexOf('.'); final String p1 = token.substring(0, ndx); final int ndx2 = token.indexOf('.', ndx + 1); final String p2 = token.substring(ndx + 1, ndx2); final String p3 = token.substring(ndx2 + 1); if (!BCrypt.checkpw(p1 + "." + p2 + "." + SECRET, p3)) { return null; } final String p2Decoded = Base64.decodeToString(p2); return JsonParser.create().parse(p2Decoded, SimTok.class); } }
/** * Test method for 'BCrypt.checkpw(String, String)' * expecting success */ @Test void testCheckpw_success() { for (String[] test_vector : test_vectors) { String plain = test_vector[0]; String expected = test_vector[2]; assertTrue(BCrypt.checkpw(plain, expected)); } }
/** * Test method for 'BCrypt.checkpw(String, String)' * expecting failure */ @Test void testCheckpw_failure() { for (int i = 0; i < test_vectors.length; i++) { int broken_index = (i + 4) % test_vectors.length; String plain = test_vectors[i][0]; String expected = test_vectors[broken_index][2]; assertFalse(BCrypt.checkpw(plain, expected)); } }
/** * Test for correct hashing of non-US-ASCII passwords */ @Test void testInternationalChars() { String pw1 = "\u2605\u2605\u2605\u2605\u2605\u2605\u2605\u2605"; String pw2 = "????????"; String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw2, h1)); String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt()); assertFalse(BCrypt.checkpw(pw1, h2)); }
@Test void testBCrypt() { String hash = BCrypt.hashpw("password", BCrypt.gensalt(7)); assertTrue(BCrypt.checkpw("password", hash)); }
@Test void testBCryptRandom() { for (int rounds = 0; rounds < 1000; rounds++) { String text = RandomString.get().randomAlphaNumeric(10); String hash = BCrypt.hashpw(text, BCrypt.gensalt(4)); assertTrue(BCrypt.checkpw(text, hash)); } }
@Override public boolean check(final String input, final String hash) { return BCrypt.checkpw(input, hash); } };
/** * Decodes the String to the {@link SimTok}. * Returns {@code null} if decoded token is NOT valid. */ public SimTok decode(final String token) { final int ndx = token.indexOf('.'); final String p1 = token.substring(0, ndx); final int ndx2 = token.indexOf('.', ndx + 1); final String p2 = token.substring(ndx + 1, ndx2); final String p3 = token.substring(ndx2 + 1); if (!BCrypt.checkpw(p1 + "." + p2 + "." + SECRET, p3)) { return null; } final String p2Decoded = Base64.decodeToString(p2); return JsonParser.create().parse(p2Decoded, SimTok.class); } }