private String encode(CharSequence rawPassword, String salt) { byte[] input = Utf8.encode(salt + rawPassword); byte[] digest = messageDigest.digest(input); return messageDigest.getAlgorithm().toLowerCase() + "$" + salt + "$" + new String(Hex.encode(digest)); }
@Override public void userNotFound(String name, UaaAuthenticationDetails details) { try { // Store hash of name, to conceal accidental entry of sensitive info (e.g. password) name = Utf8.decode(Base64.encode(MessageDigest.getInstance("SHA-1").digest(Utf8.encode(name)))); } catch (NoSuchAlgorithmException shouldNeverHappen) { name = "NOSHA"; } createAuditRecord(name, AuditEventType.UserNotFound, getOrigin(details), ""); }
@Test public void compareOfWrongByteValueFails() { assertFalse(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("wrongvalue"))); }
@Test public void compareOfCorrectByteValueSucceeds() { assertTrue(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("bobspassword"))); }