You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openmeetings.apache.org by so...@apache.org on 2019/12/20 18:00:54 UTC
[openmeetings] branch master updated: [OPENMEETINGS-2157] MD5 is dropped

This is an automated email from the ASF dual-hosted git repository.

solomax pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openmeetings.git


The following commit(s) were added to refs/heads/master by this push:
     new 350dd4b  [OPENMEETINGS-2157] MD5 is dropped
350dd4b is described below

commit 350dd4b8e3c81ae2dadba3a1722aa46076648045
Author: Maxim Solodovnik <so...@gmail.com>
AuthorDate: Sat Dec 21 01:00:39 2019 +0700

    [OPENMEETINGS-2157] MD5 is dropped
---
 .../org/apache/openmeetings/util/crypt/MD5.java    | 37 -----------------
 .../openmeetings/util/crypt/MD5Implementation.java | 48 ----------------------
 .../util/crypt/SCryptImplementation.java           |  3 --
 3 files changed, 88 deletions(-)

diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
deleted file mode 100644
index 3a96380..0000000
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5.java
+++ /dev/null
@@ -1,37 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License") +  you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.openmeetings.util.crypt;
-
-import static java.nio.charset.StandardCharsets.UTF_8;
-
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-
-import org.apache.commons.codec.binary.Hex;
-
-public class MD5 {
-	private MD5() {}
-
-	public static String checksum(String data) throws NoSuchAlgorithmException {
-		MessageDigest md5 = MessageDigest.getInstance("MD5");
-		byte[] b = data == null ? new byte[0] : data.getBytes(UTF_8);
-		md5.update(b, 0, b.length);
-		return Hex.encodeHexString(md5.digest());
-	}
-}
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
deleted file mode 100644
index b98c2ca..0000000
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/MD5Implementation.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License") +  you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.openmeetings.util.crypt;
-
-import java.security.NoSuchAlgorithmException;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Package private SHA256 implementation to be able to authenticate against
- * passwords created using OM earlier than 3.1.0
- */
-class MD5Implementation {
-	private static final Logger log = LoggerFactory.getLogger(MD5Implementation.class);
-
-	private MD5Implementation() {}
-
-	private static String hash(String str) {
-		String passPhrase = null;
-		try {
-			passPhrase = MD5.checksum(str);
-		} catch (NoSuchAlgorithmException e) {
-			log.error("Error", e);
-		}
-		return passPhrase;
-	}
-
-	static boolean verify(String str, String hash) {
-		return hash != null && hash.equals(hash(str));
-	}
-}
diff --git a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SCryptImplementation.java b/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SCryptImplementation.java
index b0465a6..960cdf5 100644
--- a/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SCryptImplementation.java
+++ b/openmeetings-util/src/main/java/org/apache/openmeetings/util/crypt/SCryptImplementation.java
@@ -96,9 +96,6 @@ public class SCryptImplementation implements ICrypt {
 		if (SHA256Implementation.verify(str, hash)) {
 			return true;
 		}
-		if (MD5Implementation.verify(str, hash)) {
-			return true;
-		}
 		return false;
 	}