/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
@Test(expected = NullPointerException.class) public void testSha256CryptNullData() { Sha2Crypt.sha256Crypt((byte[]) null); }
@Test(expected = IllegalArgumentException.class) public void testSha256CryptWithEmptySalt() { Sha2Crypt.sha256Crypt("secret".getBytes(), ""); }
@Test public void testSha2CryptRounds() { // minimum rounds? assertEquals("$5$rounds=1000$abcd$b8MCU4GEeZIekOy5ahQ8EWfT330hvYGVeDYkBxXBva.", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=50$abcd$")); assertEquals("$5$rounds=1001$abcd$SQsJZs7KXKdd2DtklI3TY3tkD7UYA99RD0FBLm4Sk48", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=1001$abcd$")); assertEquals("$5$rounds=9999$abcd$Rh/8ngVh9oyuS6lL3.fsq.9xbvXJsfyKWxSjO2mPIa7", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=9999$abcd")); }
@Test public void testSha256CryptExplicitCall() { assertTrue(Sha2Crypt.sha256Crypt("secret".getBytes()).matches("^\\$5\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$")); assertTrue(Sha2Crypt.sha256Crypt("secret".getBytes(), null).matches("^\\$5\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$")); }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
@Test public void testSha2CryptRounds() { // minimum rounds? assertEquals("$5$rounds=1000$abcd$b8MCU4GEeZIekOy5ahQ8EWfT330hvYGVeDYkBxXBva.", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=50$abcd$")); assertEquals("$5$rounds=1001$abcd$SQsJZs7KXKdd2DtklI3TY3tkD7UYA99RD0FBLm4Sk48", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=1001$abcd$")); assertEquals("$5$rounds=9999$abcd$Rh/8ngVh9oyuS6lL3.fsq.9xbvXJsfyKWxSjO2mPIa7", Sha2Crypt.sha256Crypt("secret".getBytes(Charsets.UTF_8), "$5$rounds=9999$abcd")); }
@Test public void testSha256LargetThanBlocksize() { final byte[] buffer = new byte[200]; Arrays.fill(buffer, 0, 200, (byte)'A'); assertEquals("$5$abc$HbF3RRc15OwNKB/RZZ5F.1I6zsLcKXHQoSdB9Owx/Q8", Sha2Crypt.sha256Crypt(buffer, "$5$abc")); } }
/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$5$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha256Crypt(final byte[] keyBytes) { return sha256Crypt(keyBytes, null); }
public static boolean checkPassword(final String crypted, final String key) { String crypted2 = null; if (crypted == null) return false; if (crypted.length() < 24) return false; if (crypted.charAt(0) != '$') return false; final int offset2ndDolar = crypted.indexOf('$', 1); if (offset2ndDolar < 0) return false; final int offset3ndDolar = crypted.indexOf('$', offset2ndDolar + 1); if (offset3ndDolar < 0) return false; final String salt = crypted.substring(0, offset3ndDolar + 1); final byte[] keyBytes = key.getBytes(US_ASCII); if (crypted.startsWith("$1$")) { // MD5 crypted2 = Md5Crypt.md5Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$apr1$")) { // APR1 crypted2 = Md5Crypt.apr1Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$5$")) { // SHA2-256 crypted2 = Sha2Crypt.sha256Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$6$")) { // SHA2-512 crypted2 = Sha2Crypt.sha512Crypt(keyBytes.clone(), salt); } Arrays.fill(keyBytes, (byte) 0); if (crypted2 == null) return false; return crypted.equals(crypted2); }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
public PasswordEncrypt(final String key) { final byte[] keyBytes = key.getBytes(US_ASCII); this.md5 = Md5Crypt.md5Crypt(keyBytes.clone()); this.apr1 = Md5Crypt.apr1Crypt(keyBytes.clone()); this.sha256 = Sha2Crypt.sha256Crypt(keyBytes.clone()); this.sha512 = Sha2Crypt.sha512Crypt(keyBytes.clone()); Arrays.fill(keyBytes, (byte) 0); }