/** * checks a candidate password against the expected credential defined for a given user. the * expected credentials can be supplied as an expectedPassword OR as a combination of the SHA-256 * hash of the expected password plus a defined salt. the combination of the SHA+SALT allows * credentials to be supplied in a non-plaintext manner. */ public static boolean checkPassword( String candidatePassword, String expectedPassword, String expectedPasswordSha256, String salt) { if (expectedPassword != null) { return expectedPassword.equals(candidatePassword); } else if (expectedPasswordSha256 != null) { String hashedCandidatePassword = PasswordHasher.sha256(salt, candidatePassword); return expectedPasswordSha256.equals(hashedCandidatePassword); } return false; }