/** * Generate unique code */ public static String generateCode(Participant p, ActionBeanContext context) { String salt = context.getServletContext().getInitParameter(PARTICIPANTPOINTS_SALT_PARAM); if (salt == null){ log.warn("The '"+PARTICIPANTPOINTS_SALT_PARAM+ "' is not configured as context param. Using the insecure, default salt"); salt = DEFAULT_SALT; } StringBuffer sb = new StringBuffer(); sb.append(p.getKarateka().getName()); sb.append(p.getKarateka().getSurname()); sb.append(p.getVanencompetition().getDate()); String hash = Md5Crypt.apr1Crypt(sb.toString(), salt); return hash; }
/** * htpasswd supports a few other password encryption schemes than the StandardCredentialsRealm. * * @param requestCredentials * @param storedCredentials * @return true if the request password validates against the stored password */ @Override protected boolean validatePassword(StandardCredentials requestCredentials, StandardCredentials storedCredentials) { final String storedPassword = storedCredentials.getPassword(); final String username = requestCredentials.getUsername(); final String password = requestCredentials.getPassword(); boolean authenticated = false; // test Apache MD5 variant encrypted password if (storedPassword.startsWith("$apr1$")) { if (storedPassword.equals(Md5Crypt.apr1Crypt(password, storedPassword))) { log.trace("Apache MD5 encoded password matched for user '{}'", username); authenticated = true; } } // test Unsalted SHA password else if (storedPassword.startsWith("{SHA}")) { String password64 = Base64.encodeBase64String(DigestUtils.sha1(password)); if (storedPassword.substring("{SHA}".length()).equals(password64)) { log.trace("Unsalted SHA-1 encoded password matched for user '{}'", username); authenticated = true; } } // test Libc Crypt password else if (!isAllowClearTextPasswords() && storedPassword.equals(Crypt.crypt(password, storedPassword))) { log.trace("Libc crypt encoded password matched for user '{}'", username); authenticated = true; } // test Clear Text password else if (isAllowClearTextPasswords() && storedPassword.equals(password)) { log.trace("Clear text password matched for user '{}'", username); authenticated = true; } return authenticated; }
/** * Compare login and password with hash from htpsswd * * @param login * @param password * @return boolean */ public static boolean compareCredential(String login, String password) { if (isSetup()) { // Get salt from apr1 hashed by login String salt = getSaltFromLogin(login); String hash = Md5Crypt.apr1Crypt(password, salt); if (dataHtpasswd.contains(login + ":" + hash)) { return true; } } return false; }
public static boolean authenticateMd5Passwords(final String authValue, final Iterable<String> passwords) { final Matcher matcher = MD5_PATTERN.matcher(authValue); if (matcher.matches()) { final String known = matcher.group(1); final String salt = matcher.group(2); for (String password : passwords) { final String offered = Md5Crypt.md5Crypt(password.getBytes(), salt); if (known.equals(offered)) { return true; } } } return false; }
public PasswordEncrypt(final String key) { final byte[] keyBytes = key.getBytes(US_ASCII); this.md5 = Md5Crypt.md5Crypt(keyBytes.clone()); this.apr1 = Md5Crypt.apr1Crypt(keyBytes.clone()); this.sha256 = Sha2Crypt.sha256Crypt(keyBytes.clone()); this.sha512 = Sha2Crypt.sha512Crypt(keyBytes.clone()); Arrays.fill(keyBytes, (byte) 0); }
public static boolean checkPassword(final String crypted, final String key) { String crypted2 = null; if (crypted == null) return false; if (crypted.length() < 24) return false; if (crypted.charAt(0) != '$') return false; final int offset2ndDolar = crypted.indexOf('$', 1); if (offset2ndDolar < 0) return false; final int offset3ndDolar = crypted.indexOf('$', offset2ndDolar + 1); if (offset3ndDolar < 0) return false; final String salt = crypted.substring(0, offset3ndDolar + 1); final byte[] keyBytes = key.getBytes(US_ASCII); if (crypted.startsWith("$1$")) { // MD5 crypted2 = Md5Crypt.md5Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$apr1$")) { // APR1 crypted2 = Md5Crypt.apr1Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$5$")) { // SHA2-256 crypted2 = Sha2Crypt.sha256Crypt(keyBytes.clone(), salt); } else if (crypted.startsWith("$6$")) { // SHA2-512 crypted2 = Sha2Crypt.sha512Crypt(keyBytes.clone(), salt); } Arrays.fill(keyBytes, (byte) 0); if (crypted2 == null) return false; return crypted.equals(crypted2); }
@NonNull @Override public String encode(@NonNull String text) { return Md5Crypt.md5Crypt(text.getBytes()); }
/** * Creates a new md5 salted hash based from user id and user email. */ public static String generate(UserData userData) { String raw = Long.toString(userData.getUserId()) + "" + userData.getEmail(); return Md5Crypt.md5Crypt(raw.getBytes()); }
public static final String hashMd5Password(final String cleantextPassword) { return Md5Crypt.md5Crypt(cleantextPassword.getBytes()); }
private static boolean validateMd5Password(String hashed, String plain) { String result = Md5Crypt.apr1Crypt(plain, hashed); return hashed.equals(result); }
private boolean verifyMD5Password(String storedPassword, String passedPassword) { // We send in the password presented by the user and use the stored password as the salt // If they match, then the password matches the original non-encrypted stored password return Md5Crypt.apr1Crypt(passedPassword, storedPassword).equals(storedPassword); }
public static boolean md5Check(String plaintext, String hashed) { return hashed.equals(Md5Crypt.apr1Crypt(plaintext, hashed)); }
