Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature/bcryptutil passwordmatches #20171

Merged
merged 2 commits into from
Sep 16, 2021
Merged

Feature/bcryptutil passwordmatches #20171

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
9403d35
Added a matches method to BcryptUtil.java to facilitate the checking …
stephennimmo Sep 15, 2021
83d1d70
Merge branch 'quarkusio:main' into feature/bcryptutil_passwordmatches
stephennimmo Sep 15, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions ...-security-common/runtime/src/main/java/io/quarkus/elytron/security/common/BcryptUtil.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,12 @@
package io.quarkus.elytron.security.common;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.spec.InvalidKeySpecException;
import java.util.Objects;

import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.WildFlyElytronPasswordProvider;
import org.wildfly.security.password.interfaces.BCryptPassword;
Expand Down Expand Up @@ -89,4 +91,26 @@ public static String bcryptHash(String password, int iterationCount, byte[] salt
throw new RuntimeException(e);
}
}

/**
* Matches a plain text string against an existing Modular Crypt Format bcrypt hash
*
* @param plainText the plain text string to check
* @param passwordHash the Modular Crypt Format bcrypt hash to compare against
* @return the boolean result of whether or not the plain text matches the decoded Modular Crypt Format bcrypt hash
* @throws NullPointerException if the plainText password or passwordHash is null
*/
public static boolean matches(String plainText, String passwordHash) {
Objects.requireNonNull(plainText, "plainText password is required");
Objects.requireNonNull(passwordHash, "passwordHash is required");
try {
PasswordFactory passwordFactory = PasswordFactory.getInstance(BCryptPassword.ALGORITHM_BCRYPT, provider);
Password userPasswordDecoded = ModularCrypt.decode(passwordHash);
Password userPasswordRestored = passwordFactory.translate(userPasswordDecoded);
return passwordFactory.verify(userPasswordRestored, plainText.toCharArray());
} catch (NoSuchAlgorithmException | InvalidKeySpecException | InvalidKeyException e) {
// can't really happen
throw new RuntimeException(e);
}
}
}
14 changes: 14 additions & 0 deletions ...mmon/runtime/src/test/java/io/quarkus/elytron/security/common/runtime/BcryptUtilTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,4 +39,18 @@ public void testHashesTheSameHash() throws InvalidKeySpecException, NoSuchAlgori
String adminProducedBcrypt = BcryptUtil.bcryptHash("admin", 10, knownSalt);
Assertions.assertEquals(adminKnownBcrypt, adminProducedBcrypt);
}

@Test
public void testPasswordMatches() {
String testPassword = "fubar";
String testPasswordHash = BcryptUtil.bcryptHash(testPassword);
Assertions.assertTrue(BcryptUtil.matches(testPassword, testPasswordHash));
}

@Test
public void testPasswordNotMatches() {
String testPassword = "fubar";
String testPasswordHash = BcryptUtil.bcryptHash(testPassword);
Assertions.assertFalse(BcryptUtil.matches("fubar2", testPasswordHash));
}
}