/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
@Test(expected = NullPointerException.class) public void testSha512CryptNullData() { Sha2Crypt.sha512Crypt((byte[]) null); }
@Test(expected = IllegalArgumentException.class) public void testSha2CryptWrongSalt() { Sha2Crypt.sha512Crypt("secret".getBytes(Charsets.UTF_8), "xx"); }
@Test(expected = IllegalArgumentException.class) public void testSha512CryptWithEmptySalt() { Sha2Crypt.sha512Crypt("secret".getBytes(), ""); }
@Test public void testSha512CryptExplicitCall() { assertTrue(Sha2Crypt.sha512Crypt("secret".getBytes()).matches("^\\$6\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$")); assertTrue(Sha2Crypt.sha512Crypt("secret".getBytes(), null).matches("^\\$6\\$[a-zA-Z0-9./]{0,16}\\$.{1,}$")); }
@Test public void testSha256LargetThanBlocksize() { final byte[] buffer = new byte[200]; Arrays.fill(buffer, 0, 200, (byte)'A'); assertEquals("$6$abc$oP/h8PRhCKIA66KSTjGwNsQMSLLZnuFOTjOhrqNrDkKgjTlpePSqibB0qtmDapMbP/zN1cUEYSeHFrpgqZ.GG1", Sha2Crypt.sha512Crypt(buffer, "$6$abc")); } }
/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Generates a libc crypt() compatible "$6$" hash value with random salt. * <p> * See {@link Crypt#crypt(String, String)} for details. * * @param keyBytes * plaintext to hash * @return complete hash value * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String sha512Crypt(final byte[] keyBytes) { return sha512Crypt(keyBytes, null); }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
/** * Encrypts a password in a crypt(3) compatible way. * <p> * If no salt is provided, a random salt and the default algorithm (currently SHA-512) will be used. See * {@link #crypt(String, String)} for details. * * @param keyBytes * plaintext password * @param salt * salt value * @return hash value * @throws IllegalArgumentException * if the salt does not match the allowed pattern * @throws RuntimeException * when a {@link java.security.NoSuchAlgorithmException} is caught. */ public static String crypt(final byte[] keyBytes, final String salt) { if (salt == null) { return Sha2Crypt.sha512Crypt(keyBytes); } else if (salt.startsWith(Sha2Crypt.SHA512_PREFIX)) { return Sha2Crypt.sha512Crypt(keyBytes, salt); } else if (salt.startsWith(Sha2Crypt.SHA256_PREFIX)) { return Sha2Crypt.sha256Crypt(keyBytes, salt); } else if (salt.startsWith(Md5Crypt.MD5_PREFIX)) { return Md5Crypt.md5Crypt(keyBytes, salt); } else { return UnixCrypt.crypt(keyBytes, salt); } }
public static boolean checkPassword(final String crypted, final String key) { String crypted2 = null; if (crypted == null) return false; if (crypted.length() < 24) return false; if (crypted.charAt(0) != '$') return false; final int offset2ndDolar = crypted.indexOf('$', 1); if (offset2ndDolar < 0) return false; final int offset3ndDolar = crypted.indexOf('$', offset2ndDolar + 1); if (offset3ndDolar < 0) return false; final String salt = crypted.substring(0, offset3ndDolar + 1); final byte[] keyBytes = key.getBytes(US_ASCII); if (crypted.startsWith("$1$")) { // MD5 crypted2 = Md5Crypt.md5Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$apr1$")) { // APR1 crypted2 = Md5Crypt.apr1Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$5$")) { // SHA2-256 crypted2 = Sha2Crypt.sha256Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$6$")) { // SHA2-512 crypted2 = Sha2Crypt.sha512Crypt(keyBytes.clone(), salt); } Arrays.fill(keyBytes, (byte) 0); if (crypted2 == null) return false; return crypted.equals(crypted2); }
public PasswordEncrypt(final String key) { final byte[] keyBytes = key.getBytes(US_ASCII); this.md5 = Md5Crypt.md5Crypt(keyBytes.clone()); this.apr1 = Md5Crypt.apr1Crypt(keyBytes.clone()); this.sha256 = Sha2Crypt.sha256Crypt(keyBytes.clone()); this.sha512 = Sha2Crypt.sha512Crypt(keyBytes.clone()); Arrays.fill(keyBytes, (byte) 0); }
} else { String expectedHash = Sha2Crypt.sha512Crypt(resource.getPassword().getBytes(CharsetTools.UTF_8), resource.getHashedPassword()); if (!StringTools.safeEquals(expectedHash, resource.getHashedPassword())) { updateHash = true; resource.setHashedPassword(Sha2Crypt.sha512Crypt(resource.getPassword().getBytes(CharsetTools.UTF_8))); changes.resourceUpdate(resource);