@Override
public void userNotFound(String name, UaaAuthenticationDetails details) {
try {
// Store hash of name, to conceal accidental entry of sensitive info (e.g. password)
name =
Utf8.decode(Base64.encode(MessageDigest.getInstance("SHA-1").digest(Utf8.encode(name))));
} catch (NoSuchAlgorithmException shouldNeverHappen) {
name = "NOSHA";
}
createAuditRecord(name, AuditEventType.UserNotFound, getOrigin(details), "");
}
private String encode(CharSequence rawPassword, String salt) {
byte[] input = Utf8.encode(salt + rawPassword);
byte[] digest = messageDigest.digest(input);
return messageDigest.getAlgorithm().toLowerCase()
+ "$"
+ salt
+ "$"
+ new String(Hex.encode(digest));
}
@Test
public void compareOfWrongByteValueFails() {
assertFalse(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("wrongvalue")));
}
@Test
public void compareOfCorrectByteValueSucceeds() {
assertTrue(template.compare("uid=bob,ou=people", "userPassword", Utf8.encode("bobspassword")));
}