SEC-1764: Ensure password encoders use UTF-8 charset when creating strings from byte arrays.
This commit is contained in:
parent
dc92baa257
commit
2b8d4684a1
|
@ -20,6 +20,7 @@ import java.io.UnsupportedEncodingException;
|
|||
import java.security.MessageDigest;
|
||||
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.crypto.codec.Utf8;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
|
||||
|
@ -101,7 +102,7 @@ public class LdapShaPasswordEncoder implements PasswordEncoder {
|
|||
prefix = forceLowerCasePrefix ? SSHA_PREFIX_LC : SSHA_PREFIX;
|
||||
}
|
||||
|
||||
return prefix + new String(Base64.encode(hash));
|
||||
return prefix + Utf8.decode(Base64.encode(hash));
|
||||
}
|
||||
|
||||
private byte[] extractSalt(String encPass) {
|
||||
|
|
|
@ -18,6 +18,7 @@ import java.io.UnsupportedEncodingException;
|
|||
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.security.crypto.codec.Utf8;
|
||||
|
||||
/**
|
||||
* MD4 implementation of PasswordEncoder.
|
||||
|
@ -60,7 +61,7 @@ public class Md4PasswordEncoder extends BaseDigestPasswordEncoder {
|
|||
byte[] resBuf = md4.digest();
|
||||
|
||||
if (getEncodeHashAsBase64()) {
|
||||
return new String(Base64.encode(resBuf));
|
||||
return Utf8.decode(Base64.encode(resBuf));
|
||||
} else {
|
||||
return new String(Hex.encode(resBuf));
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import java.security.NoSuchAlgorithmException;
|
|||
|
||||
import org.springframework.security.crypto.codec.Base64;
|
||||
import org.springframework.security.crypto.codec.Hex;
|
||||
import org.springframework.security.crypto.codec.Utf8;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
/**
|
||||
|
@ -92,7 +93,7 @@ public class MessageDigestPasswordEncoder extends BaseDigestPasswordEncoder {
|
|||
}
|
||||
|
||||
if (getEncodeHashAsBase64()) {
|
||||
return new String(Base64.encode(digest));
|
||||
return Utf8.decode(Base64.encode(digest));
|
||||
} else {
|
||||
return new String(Hex.encode(digest));
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue