Java 类org.apache.commons.codec.digest.Crypt 实例源码

public static boolean isHashCorrect(final String plainToken, final String hash) {
    if(plainToken == null || hash == null){
        return false;
    }

    final String check = Crypt.crypt(plainToken, hash);
    return hash.equals(check);
}

public String generateSalt(String password) {
  // Password hash format comes from crypt(3) using SHA-512,
  // which is $6$<salt>$<hashed_word>
  // We need to save the salt portion so that the hash can be
  // consistently generated across requests.
  final String passwordHash = Crypt.crypt(password);
  return passwordHash.substring(0, passwordHash.lastIndexOf("$"));
}

@Test
public void canCreateViewFromEntity() throws IOException {
  final UUID uuid = UUID.randomUUID();
  final String salt = new CryptSaltFactory().generateSalt("test-password");
  final String passwordHash = Crypt.crypt("test-password", salt);

  final UserCredentialVersion userCredential = mock(UserCredentialVersion.class);
  when(userCredential.getName()).thenReturn("/foo");
  when(userCredential.getUuid()).thenReturn(uuid);
  when(userCredential.getCredentialType()).thenReturn("user");
  when(userCredential.getPassword()).thenReturn("test-password");
  when(userCredential.getUsername()).thenReturn("test-username");
  when(userCredential.getSalt()).thenReturn(salt);

  UserView actual = (UserView) UserView.fromEntity(userCredential);

  assertThat(JsonTestHelper.serializeToString(actual), equalTo("{"
      + "\"type\":\"user\","
      + "\"version_created_at\":null,"
      + "\"id\":\"" + uuid.toString() + "\","
      + "\"name\":\"/foo\","
      + "\"value\":{"
      + "\"username\":\"test-username\","
      + "\"password\":\"test-password\","
      + "\"password_hash\":\"" + passwordHash + "\""
      + "}}"));
}

/**
 * htpasswd supports a few other password encryption schemes than the StandardCredentialsRealm.
 *
 * @param requestCredentials
 * @param storedCredentials
 * @return true if the request password validates against the stored password
 */
@Override
protected boolean validatePassword(StandardCredentials requestCredentials, StandardCredentials storedCredentials) {
    final String storedPassword = storedCredentials.getPassword();
    final String username = requestCredentials.getUsername();
    final String password = requestCredentials.getPassword();
    boolean authenticated = false;

    // test Apache MD5 variant encrypted password
    if (storedPassword.startsWith("$apr1$")) {
        if (storedPassword.equals(Md5Crypt.apr1Crypt(password, storedPassword))) {
            log.trace("Apache MD5 encoded password matched for user '{}'", username);
            authenticated = true;
        }
    }
    // test Unsalted SHA password
    else if (storedPassword.startsWith("{SHA}")) {
        String password64 = Base64.encodeBase64String(DigestUtils.sha1(password));
        if (storedPassword.substring("{SHA}".length()).equals(password64)) {
            log.trace("Unsalted SHA-1 encoded password matched for user '{}'", username);
            authenticated = true;
        }
    }
    // test Libc Crypt password
    else if (!isAllowClearTextPasswords() && storedPassword.equals(Crypt.crypt(password, storedPassword))) {
        log.trace("Libc crypt encoded password matched for user '{}'", username);
        authenticated = true;
    }
    // test Clear Text password
    else if (isAllowClearTextPasswords() && storedPassword.equals(password)) {
        log.trace("Clear text password matched for user '{}'", username);
        authenticated = true;
    }

    return authenticated;
}

private boolean verifyMD5Crypt(String token, String password) {
    String[] parts = token.split("\\$");
    if (parts.length != 4) {
        return false;
    }
    if (!parts[1].equals("6")) {
        return false;
    }
    String salt = parts[2];
    String myHashString = Crypt.crypt(password, "$6$" + salt + "$");
    return myHashString.equals(token);
}

@Override
public boolean incrementToken() throws IOException {
    for (;;) {
        if (!input.incrementToken())
            return false;
        String term = salt == null ? Crypt.crypt(termAtt.toString())
                : Crypt.crypt(termAtt.toString(), salt);
        createToken(term);
        return true;
    }
}

/**
 * encrypts the given credentials based on the algorithm name and optional salt
 *
 * @param credentials the credentials to be encrypted
 * @param algorithm the algorithm to be used for encrypting the credentials
 * @param salt value to be used as salt (optional)
 * @return the encrypted credentials
 */
private static byte[] encryptPassword( byte[] credentials, LdapSecurityConstants algorithm, byte[] salt )
{
    switch ( algorithm )
    {
        case HASH_METHOD_SHA:
        case HASH_METHOD_SSHA:
            return digest( LdapSecurityConstants.HASH_METHOD_SHA, credentials, salt );

        case HASH_METHOD_SHA256:
        case HASH_METHOD_SSHA256:
            return digest( LdapSecurityConstants.HASH_METHOD_SHA256, credentials, salt );

        case HASH_METHOD_SHA384:
        case HASH_METHOD_SSHA384:
            return digest( LdapSecurityConstants.HASH_METHOD_SHA384, credentials, salt );

        case HASH_METHOD_SHA512:
        case HASH_METHOD_SSHA512:
            return digest( LdapSecurityConstants.HASH_METHOD_SHA512, credentials, salt );

        case HASH_METHOD_MD5:
        case HASH_METHOD_SMD5:
            return digest( LdapSecurityConstants.HASH_METHOD_MD5, credentials, salt );

        case HASH_METHOD_CRYPT:
            String saltWithCrypted = Crypt.crypt( Strings.utf8ToString( credentials ), Strings
                .utf8ToString( salt ) );
            String crypted = saltWithCrypted.substring( 2 );
            return Strings.getBytesUtf8( crypted );

        case HASH_METHOD_CRYPT_MD5:
        case HASH_METHOD_CRYPT_SHA256:
        case HASH_METHOD_CRYPT_SHA512:
            String saltWithCrypted2 = Crypt.crypt( Strings.utf8ToString( credentials ),
                algorithm.getSubPrefix() + Strings.utf8ToString( salt ) );
            String crypted2 = saltWithCrypted2.substring( saltWithCrypted2.lastIndexOf( '$' ) + 1 );
            return Strings.getBytesUtf8( crypted2 );

        case HASH_METHOD_CRYPT_BCRYPT:
            String crypted3 = BCrypt.hashPw( Strings.utf8ToString( credentials ), Strings.utf8ToString( salt ) );
            return Strings.getBytesUtf8( crypted3.substring( crypted3.length() - 31 ) );

        case HASH_METHOD_PKCS5S2:
            return generatePbkdf2Hash( credentials, algorithm, salt );

        default:
            return credentials;
    }
}

public static String getAuthEmailHash(String authEmail) {
    return Crypt.crypt(authEmail);
}

public static boolean checkPasswordWithHash(String enteredPassword, String storedHash) {
    return storedHash.equals(Crypt.crypt(enteredPassword, storedHash));
}

public static String generateHash(final String token) {
    return Crypt.crypt(token);
}

@JsonProperty(value = "password_hash", access = READ_ONLY)
@SuppressWarnings("unused")
public String getPasswordHash() {
  return Crypt.crypt(getPassword(), getSalt());
}

public static String crypt(String key, String salt) {
  return Crypt.crypt(key, salt);
}

public static String crypt(String key) {
  String salt = getSalt();
  return Crypt.crypt(key, salt);
}

private static boolean validateCryptPassword(String hashed, String plain) {
    String result = Crypt.crypt(plain, hashed);
    return hashed.equals(result);
}

public static boolean cryptCheck(String plaintext, String hashed) {
  return hashed.equals(Crypt.crypt(plaintext, hashed));
}

private String cryptMD5Crypt(String password) {
    return Crypt.crypt(password);
}