/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8)); }
/** * Generates an Apache htpasswd compatible "$apr1$" MD5 based hash value. * <p> * The algorithm is identical to the crypt(3) "$1$" one but produces different outputs due to the different salt * prefix. * * @param keyBytes * plaintext string to hash. * @param salt * salt string including the prefix and optionally garbage at the end. Will be generated randomly if * null. * @return the hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes, final String salt) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8), salt); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. * */ public static String apr1Crypt(final byte[] keyBytes) { return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8)); }
@Test(expected = IllegalArgumentException.class) public void testApr1CryptWithInvalidSalt() { Md5Crypt.apr1Crypt(new byte[0], "!"); } }
@Test(expected = NullPointerException.class) public void testApr1CryptNullData() { Md5Crypt.apr1Crypt((byte[]) null); }
@Test public void testApr1CryptBytes() { // random salt final byte[] keyBytes = new byte[] { '!', 'b', 'c', '.' }; final String hash = Md5Crypt.apr1Crypt(keyBytes); assertEquals(hash, Md5Crypt.apr1Crypt("!bc.", hash)); // An empty Bytearray equals an empty String assertEquals("$apr1$foo$P27KyD1htb4EllIPEYhqi0", Md5Crypt.apr1Crypt(new byte[0], "$apr1$foo")); // UTF-8 stores \u00e4 "a with diaeresis" as two bytes 0xc3 0xa4. assertEquals("$apr1$./$EeFrYzWWbmTyGdf4xULYc.", Md5Crypt.apr1Crypt("t\u00e4st", "$apr1$./$")); // ISO-8859-1 stores "a with diaeresis" as single byte 0xe4. assertEquals("$apr1$./$kCwT1pY9qXAJElYG9q1QE1", Md5Crypt.apr1Crypt("t\u00e4st".getBytes(Charsets.ISO_8859_1), "$apr1$./$")); }
@Test(expected = IllegalArgumentException.class) public void testApr1CryptWithEmptySalt() { Md5Crypt.apr1Crypt("secret".getBytes(), ""); }
@Test public void testApr1CryptExplicitCall() { // When explicitly called the prefix is optional assertEquals("$apr1$1234$mAlH7FRST6FiRZ.kcYL.j1", Md5Crypt.apr1Crypt("secret", "1234")); // When explicitly called without salt, a random one will be used. assertTrue(Md5Crypt.apr1Crypt("secret".getBytes()).matches("^\\$apr1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$")); assertTrue(Md5Crypt.apr1Crypt("secret".getBytes(), null).matches("^\\$apr1\\$[a-zA-Z0-9./]{0,8}\\$.{1,}$")); }
@Test public void testApr1CryptStrings() { // A random example using htpasswd assertEquals("$apr1$TqI9WECO$LHZB2DqRlk9nObiB6vJG9.", Md5Crypt.apr1Crypt("secret", "$apr1$TqI9WECO")); // empty data assertEquals("$apr1$foo$P27KyD1htb4EllIPEYhqi0", Md5Crypt.apr1Crypt("", "$apr1$foo")); // salt gets cut at dollar sign assertEquals("$apr1$1234$mAlH7FRST6FiRZ.kcYL.j1", Md5Crypt.apr1Crypt("secret", "$apr1$1234")); assertEquals("$apr1$1234$mAlH7FRST6FiRZ.kcYL.j1", Md5Crypt.apr1Crypt("secret", "$apr1$1234$567")); assertEquals("$apr1$1234$mAlH7FRST6FiRZ.kcYL.j1", Md5Crypt.apr1Crypt("secret", "$apr1$1234$567$890")); // salt gets cut at maximum length assertEquals("$apr1$12345678$0lqb/6VUFP8JY/s/jTrIk0", Md5Crypt.apr1Crypt("secret", "$apr1$1234567890123456")); assertEquals("$apr1$12345678$0lqb/6VUFP8JY/s/jTrIk0", Md5Crypt.apr1Crypt("secret", "$apr1$123456789012345678")); }
@Test public void testApr1LongSalt() { assertEquals("$apr1$12345678$0lqb/6VUFP8JY/s/jTrIk0", Md5Crypt.apr1Crypt("secret", "12345678901234567890")); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8)); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8)); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8)); }
private boolean verifyMD5Password(String storedPassword, String passedPassword) { // We send in the password presented by the user and use the stored password as the salt // If they match, then the password matches the original non-encrypted stored password return Md5Crypt.apr1Crypt(passedPassword, storedPassword).equals(storedPassword); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String apr1Crypt(final String keyBytes) { return apr1Crypt(keyBytes.getBytes(Charsets.UTF_8)); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. * */ public static String apr1Crypt(final byte[] keyBytes) { return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8)); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. * */ public static String apr1Crypt(final byte[] keyBytes) { return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8)); }
/** * See {@link #apr1Crypt(String, String)} for details. * * @param keyBytes * plaintext string to hash. * @return the hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. * */ public static String apr1Crypt(final byte[] keyBytes) { return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8)); }
public static boolean validatePassword(String raw, String saved) { if (raw == null || saved == null) return false; if(KxConsts.PASSWORD_ALGORITHM_APR1.equals(PropsUtil.get(PropsKeys.AUTH_PASSWORD_ALGORITHM))) { String expect = Md5Crypt.apr1Crypt(raw, saved); return expect.equals(saved); } else { String expect = encodePassword(raw); return expect.equals(saved); } }