/**
* checks a candidate password against the expected credential defined for a given user. the
* expected credentials can be supplied as an expectedPassword OR as a combination of the SHA-256
* hash of the expected password plus a defined salt. the combination of the SHA+SALT allows
* credentials to be supplied in a non-plaintext manner.
*/
public static boolean checkPassword(
String candidatePassword,
String expectedPassword,
String expectedPasswordSha256,
String salt) {
if (expectedPassword != null) {
return expectedPassword.equals(candidatePassword);
} else if (expectedPasswordSha256 != null) {
String hashedCandidatePassword = PasswordHasher.sha256(salt, candidatePassword);
return expectedPasswordSha256.equals(hashedCandidatePassword);
}
return false;
}
