• Home
• com.eurodyn.qlack.fuse
• qlack-fuse-aaa
• 3.0.0
• source code
• Md5PasswordEncoder.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.eurodyn.qlack.fuse.aaa.util.Md5PasswordEncoder Maven / Gradle / Ivy

package com.eurodyn.qlack.fuse.aaa.util;

import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.security.crypto.codec.Hex;
import org.springframework.security.crypto.keygen.KeyGenerators;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * Provides the legacy password encoder as the default for the AAA.
 * !!! It should not be used as it is not secured.
 */
public class Md5PasswordEncoder implements PasswordEncoder {

    @Override
    public String encode(CharSequence rawPassword) {
        return DigestUtils.md5Hex(rawPassword.toString());
    }

    /**
     * Constant time comparison to prevent against timing attacks.
     */
    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        String rawHash = DigestUtils.md5Hex(rawPassword.toString());
        byte[] expected = Hex.decode(rawHash);
        byte[] actual = Hex.decode(encodedPassword);

        if (expected.length != actual.length) {
            return false;
        }

        int result = 0;

        for (int i = 0; i < expected.length; i++) {
            result |= expected[i] ^ actual[i];
        }

        return result == 0;
    }

    public byte[] generateSalt(int saltLength) {
        return KeyGenerators.secureRandom(saltLength).generateKey();
    }

}