diff --git a/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java b/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java index 788f1d6029..730e7b9540 100644 --- a/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java +++ b/core/src/main/java/org/springframework/security/providers/encoding/Md4PasswordEncoder.java @@ -55,7 +55,7 @@ public class Md4PasswordEncoder extends BaseDigestPasswordEncoder { } Md4 md4 = new Md4(); - md4.update(passBytes, 0, saltedPass.length()); + md4.update(passBytes, 0, passBytes.length); byte[] resBuf = md4.digest(); diff --git a/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java b/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java index 359c82fb7a..f95be64130 100644 --- a/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java +++ b/core/src/test/java/org/springframework/security/providers/encoding/Md4PasswordEncoderTests.java @@ -45,6 +45,12 @@ public class Md4PasswordEncoderTests extends TestCase { String encodedPassword = md4.encodePassword("", null); assertEquals("MdbP4NFq6TG3PFnX4MCJwA==", encodedPassword); } + + public void testNonAsciiPasswordHasCorrectHash() { + Md4PasswordEncoder md4 = new Md4PasswordEncoder(); + String encodedPassword = md4.encodePassword("你好", null); + assertEquals("a7f1196539fd1f85f754ffd185b16e6e", encodedPassword); + } public void testIsHexPasswordValid() { Md4PasswordEncoder md4 = new Md4PasswordEncoder(); diff --git a/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java b/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java index e1ab646631..3b92c8063b 100644 --- a/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java +++ b/core/src/test/java/org/springframework/security/providers/encoding/Md5PasswordEncoderTests.java @@ -40,6 +40,12 @@ public class Md5PasswordEncoderTests extends TestCase { assertEquals("a68aafd90299d0b137de28fb4bb68573", encoded); assertEquals("MD5", pe.getAlgorithm()); } + + public void testNonAsciiPasswordHasCorrectHash() { + Md5PasswordEncoder md5 = new Md5PasswordEncoder(); + String encodedPassword = md5.encodePassword("你好", null); + assertEquals("7eca689f0d3389d9dea66ae112e5cfd7", encodedPassword); + } public void testBase64() throws Exception { Md5PasswordEncoder pe = new Md5PasswordEncoder();