@Test public void passivity() { String encodedPassword = "ab1146a8458d4ce4e65789e5a3f60e423373cfa10b01abd23739e5ae2fdc37f8e9ede4ae6da65264"; String rawPassword = "password"; assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); }
@Test public void matches() { String result = this.encoder.encode("password"); assertThat(result.equals("password")).isFalse(); assertThat(this.encoder.matches("password", result)).isTrue(); }
@Test public void matchWhenBase64ThenSuccess() { this.encoder.setEncodeHashAsBase64(true); String rawPassword = "password"; String encodedPassword = "3FOwOMcDgxP+z1x/sv184LFY2WVD+ZGMgYP3LPOSmCcDmk1XPYvcCQ=="; assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); java.util.Base64.getDecoder().decode(encodedPassword); // validate can decode as Base64 }
@Test public void matchesLengthChecked() { String result = this.encoder.encode("password"); assertThat(this.encoder.matches("password", result.substring(0, result.length() - 2))).isFalse(); }
@Test public void matchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); String rawPassword = "password"; String encodedPassword = "821447f994e2b04c5014e31fa9fca4ae1cc9f2188c4ed53d3ddb5ba7980982b51a0ecebfc0b81a79"; assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); } /**
@Test public void notMatches() { String result = this.encoder.encode("password"); assertThat(this.encoder.matches("bogus", result)).isFalse(); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { byte[] digested = decode(encodedPassword); byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength()); return matches(digested, encode(rawPassword, salt)); }
@Test public void encodeAndMatchWhenBase64ThenSuccess() { this.encoder.setEncodeHashAsBase64(true); String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { byte[] digested = decode(encodedPassword); byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength()); return matches(digested, encode(rawPassword, salt)); }
private void run(int iterations, int count) { long HALF_SECOND = 500L; long avg = 0; while (avg < HALF_SECOND) { iterations += 10000; Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", iterations, 256); String encoded = encoder.encode("password"); System.out.println("Trying " + iterations); long start = System.currentTimeMillis(); for (int i = 0; i < count; i++) { encoder.matches("password", encoded); } long end = System.currentTimeMillis(); long diff = end - start; avg = diff / count; System.out.println("Avgerage " + avg); } System.out.println("Iterations " + iterations); } }
@Test public void encodeAndMatchWhenSha256ThenSuccess() { this.encoder.setAlgorithm(Pbkdf2PasswordEncoder.SecretKeyFactoryAlgorithm.PBKDF2WithHmacSHA256); String rawPassword = "password"; String encodedPassword = this.encoder.encode(rawPassword); assertThat(this.encoder.matches(rawPassword, encodedPassword)).isTrue(); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { byte[] digested = decode(encodedPassword); byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength()); return matches(digested, encode(rawPassword, salt)); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { byte[] digested = decode(encodedPassword); byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength()); return matches(digested, encode(rawPassword, salt)); }
@Override public boolean matches(CharSequence rawPassword, String encodedPassword) { byte[] digested = decode(encodedPassword); byte[] salt = subArray(digested, 0, this.saltGenerator.getKeyLength()); return matches(digested, encode(rawPassword, salt)); }