You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by ju...@apache.org on 2021/04/24 09:26:57 UTC
[jspwiki] 04/09: feat: Add SHA-256 support to
getSaltedPassword-method
This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 8812bcdc7e447ffd2742a56e5fc7420b1ecb948c
Author: samhareem <sa...@museoliitto.fi>
AuthorDate: Wed Mar 24 18:43:00 2021 +0200
feat: Add SHA-256 support to getSaltedPassword-method
---
.../main/java/org/apache/wiki/util/CryptoUtil.java | 31 ++++++++++++----------
1 file changed, 17 insertions(+), 14 deletions(-)
diff --git a/jspwiki-util/src/main/java/org/apache/wiki/util/CryptoUtil.java b/jspwiki-util/src/main/java/org/apache/wiki/util/CryptoUtil.java
index 691a37b..d99fce3 100644
--- a/jspwiki-util/src/main/java/org/apache/wiki/util/CryptoUtil.java
+++ b/jspwiki-util/src/main/java/org/apache/wiki/util/CryptoUtil.java
@@ -35,6 +35,8 @@ public final class CryptoUtil
{
private static final String SSHA = "{SSHA}";
+ private static final String SHA256 = "{SHA-256}";
+
private static final Random RANDOM = new SecureRandom();
private static final int DEFAULT_SALT_SIZE = 8;
@@ -118,8 +120,8 @@ public final class CryptoUtil
/**
* <p>
- * Creates an RFC 2307-compliant salted, hashed password with the SHA1
- * MessageDigest algorithm. After the password is digested, the first 20
+ * Creates an RFC 2307-compliant salted, hashed password with the SHA1 or SHA-256
+ * MessageDigest algorithm. After the password is digested, the first 20 or 32
* bytes of the digest will be the actual password hash; the remaining bytes
* will be a randomly generated salt of length {@link #DEFAULT_SALT_SIZE},
* for example: <blockquote><code>{SSHA}3cGWem65NCEkF5Ew5AEk45ak8LHUWAwPVXAyyw==</code></blockquote>
@@ -136,23 +138,24 @@ public final class CryptoUtil
*
* @param password the password to be digested
* @return the Base64-encoded password hash, prepended by
- * <code>{SSHA}</code>.
- * @throws NoSuchAlgorithmException If your JVM is completely b0rked and does not have SHA.
+ * <code>{SSHA}</code> or <code>{SHA256}</code>.
+ * @throws NoSuchAlgorithmException If your JVM does not supply the necessary algorithm. Should not happen.
*/
- public static String getSaltedPassword(final byte[] password ) throws NoSuchAlgorithmException
+ public static String getSaltedPassword(final byte[] password, final String algorithm ) throws NoSuchAlgorithmException
{
final byte[] salt = new byte[DEFAULT_SALT_SIZE];
RANDOM.nextBytes( salt );
- return getSaltedPassword( password, salt );
+
+ return getSaltedPassword( password, salt, algorithm );
}
/**
* <p>
- * Helper method that creates an RFC 2307-compliant salted, hashed password with the SHA1
- * MessageDigest algorithm. After the password is digested, the first 20
+ * Helper method that creates an RFC 2307-compliant salted, hashed password with the SHA1 or SHA256
+ * MessageDigest algorithm. After the password is digested, the first 20 or 32
* bytes of the digest will be the actual password hash; the remaining bytes
* will be the salt. Thus, supplying a password <code>testing123</code>
- * and a random salt <code>foo</code> produces the hash:
+ * and a random salt <code>foo</code> produces the hash when using SHA1:
* </p>
* <blockquote><code>{SSHA}yfT8SRT/WoOuNuA6KbJeF10OznZmb28=</code></blockquote>
* <p>
@@ -161,12 +164,12 @@ public final class CryptoUtil
*
* @param password the password to be digested
* @param salt the random salt
- * @return the Base64-encoded password hash, prepended by <code>{SSHA}</code>.
- * @throws NoSuchAlgorithmException If your JVM is totally b0rked and does not have SHA1.
+ * @return the Base64-encoded password hash, prepended by <code>{SSHA}</code> or <code>{SHA256}</code>.
+ * @throws NoSuchAlgorithmException If your JVM does not supply the necessary algorithm. Should not happen.
*/
- protected static String getSaltedPassword(final byte[] password, final byte[] salt ) throws NoSuchAlgorithmException
+ protected static String getSaltedPassword(final byte[] password, final byte[] salt, final String algorithm ) throws NoSuchAlgorithmException
{
- final MessageDigest digest = MessageDigest.getInstance( "SHA" );
+ final MessageDigest digest = MessageDigest.getInstance( algorithm );
digest.update( password );
final byte[] hash = digest.digest( salt );
@@ -176,7 +179,7 @@ public final class CryptoUtil
System.arraycopy(salt, 0, all, hash.length + 0, salt.length);
final byte[] base64 = Base64.getEncoder().encode( all );
- return SSHA + new String( base64, StandardCharsets.UTF_8 );
+ return algorithm + new String( base64, StandardCharsets.UTF_8 );
}
/**