How to use

sha512Crypt

method

in

org.apache.commons.codec.digest.Sha2Crypt

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

@Test(expected = NullPointerException.class)
public void testSha512CryptNullData() {
  Sha2Crypt.sha512Crypt((byte[]) null);
}

@Test(expected = IllegalArgumentException.class)
public void testSha2CryptWrongSalt() {
  Sha2Crypt.sha512Crypt("secret".getBytes(Charsets.UTF_8), "xx");
}

@Test(expected = IllegalArgumentException.class)
public void testSha512CryptWithEmptySalt() {
  Sha2Crypt.sha512Crypt("secret".getBytes(), "");
}

@Test
public void testSha512CryptExplicitCall() {
  assertTrue(Sha2Crypt.sha512Crypt("secret".getBytes()).matches("^\\$6\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$"));
  assertTrue(Sha2Crypt.sha512Crypt("secret".getBytes(), null).matches("^\\$6\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$"));
}

  @Test
  public void testSha256LargetThanBlocksize() {
    final byte[] buffer = new byte[200];
    Arrays.fill(buffer, 0, 200, (byte)'A');
    assertEquals("$6$abc$oP/h8PRhCKIA66KSTjGwNsQMSLLZnuFOTjOhrqNrDkKgjTlpePSqibB0qtmDapMbP/zN1cUEYSeHFrpgqZ.GG1", Sha2Crypt.sha512Crypt(buffer, "$6$abc"));
  }
}

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 * 
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Generates a libc crypt() compatible "$6$" hash value with random salt.
 * <p>
 * See {@link Crypt#crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext to hash
 * @return complete hash value
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String sha512Crypt(final byte[] keyBytes) {
  return sha512Crypt(keyBytes, null);
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

/**
 * Encrypts a password in a crypt(3) compatible way.
 * <p>
 * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See
 * {@link #crypt(String, String)} for details.
 *
 * @param keyBytes
 *            plaintext password
 * @param salt
 *            salt value
 * @return hash value
 * @throws IllegalArgumentException
 *             if the salt does not match the allowed pattern
 * @throws RuntimeException
 *             when a {@link java.security.NoSuchAlgorithmException} is caught.
 */
public static String crypt(final byte[] keyBytes, final String salt) {
  if (salt == null) {
    return Sha2Crypt.sha512Crypt(keyBytes);
  } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) {
    return Sha2Crypt.sha512Crypt(keyBytes, salt);
  } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) {
    return Sha2Crypt.sha256Crypt(keyBytes, salt);
  } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) {
    return Md5Crypt.md5Crypt(keyBytes, salt);
  } else {
    return UnixCrypt.crypt(keyBytes, salt);
  }
}

public static boolean checkPassword(final String crypted, final String key) {
  String crypted2 = null;
  if (crypted == null)
    return false;
  if (crypted.length() < 24)
    return false;
  if (crypted.charAt(0) != '$')
    return false;
  final int offset2ndDolar = crypted.indexOf('$', 1);
  if (offset2ndDolar < 0)
    return false;
  final int offset3ndDolar = crypted.indexOf('$', offset2ndDolar + 1);
  if (offset3ndDolar < 0)
    return false;
  final String salt = crypted.substring(0, offset3ndDolar + 1);
  final byte[] keyBytes = key.getBytes(US_ASCII);
  if (crypted.startsWith("$1$")) { // MD5
    crypted2 = Md5Crypt.md5Crypt(keyBytes.clone(), salt);
  } else if (crypted.startsWith("$apr1$")) { // APR1
    crypted2 = Md5Crypt.apr1Crypt(keyBytes.clone(), salt);
  } else if (crypted.startsWith("$5$")) { // SHA2-256
    crypted2 = Sha2Crypt.sha256Crypt(keyBytes.clone(), salt);
  } else if (crypted.startsWith("$6$")) { // SHA2-512
    crypted2 = Sha2Crypt.sha512Crypt(keyBytes.clone(), salt);
  }
  Arrays.fill(keyBytes, (byte) 0);
  if (crypted2 == null)
    return false;
  return crypted.equals(crypted2);
}

public PasswordEncrypt(final String key) {
  final byte[] keyBytes = key.getBytes(US_ASCII);
  this.md5 = Md5Crypt.md5Crypt(keyBytes.clone());
  this.apr1 = Md5Crypt.apr1Crypt(keyBytes.clone());
  this.sha256 = Sha2Crypt.sha256Crypt(keyBytes.clone());
  this.sha512 = Sha2Crypt.sha512Crypt(keyBytes.clone());
  Arrays.fill(keyBytes, (byte) 0);
}

} else {
  String expectedHash = Sha2Crypt.sha512Crypt(resource.getPassword().getBytes(CharsetTools.UTF_8), resource.getHashedPassword());
  if (!StringTools.safeEquals(expectedHash, resource.getHashedPassword())) {
    updateHash = true;
  resource.setHashedPassword(Sha2Crypt.sha512Crypt(resource.getPassword().getBytes(CharsetTools.UTF_8)));
  changes.resourceUpdate(resource);