Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,141 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

46 Commits

Author SHA1 Message Date
Rob Winch e16b8e7976 Fix logback-test.xml 2017-08-17 16:42:01 -05:00
Rob Winch 07c3123696 Deprecate crypto.codec.Base64 
In commit 85719fc Base64 was removed. However, this class was never
deprecated properly. This commit adds it back and marks it as deprecated.

Fixes gh-4421
 2017-06-26 09:21:00 -05:00
Vedran Pavic 85719fcd64 Use Base64 implementation provided by Java 8 2017-05-10 00:27:36 -05:00
SendilKumar N c31bdb6390 SCryptPasswordEncoder to take default keyLength value 
Fixes gh-4225
Closes gh-4231
 2017-03-01 23:11:52 -06:00
Rob Winch bb834bccf6 Polish Exception Message 
Polish Exception message for bad salt in BCrypt

Issue gh-4147
 2016-12-06 08:45:08 -06:00
Jan Brennenstuhl 09436649cc handling null-values for salts properly now - fixes gh-4147 2016-12-06 08:43:19 -06:00
Kazuki Shimizu a1f771251a Improve exception message on Hex#decode 
Fixes gh-4043
 2016-08-29 15:10:39 -04:00
Rob Winch 8f880aea0e Polish Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:47:50 -05:00
vitaliy_kuzmich 5f658b3ffc Remove double salt in Pbkdf2PasswordEncoder 
Issue gh-3930
 2016-06-21 11:44:23 -05:00
Eddú Meléndez a2ead4cf7a Polish 
Fixes gh-3892
 2016-06-20 12:35:43 -05:00
Kim Saabye Pedersen 9fcfeaf225 BCryptPasswordEncoder validates strength 
Fixes gh-3862
 2016-05-20 14:54:26 -05:00
Will Tran b01437281d Bouncy Castle 1.47 Support 
This forces us to avoid using CipherOutputStream, and instead use the
BlockCiphers directly. As an extra measure for correctness, test the
equivalence of the BC implementations against data sizes from 1 to 2048
bytes.

Fixes gh-2917
 2016-04-18 08:35:57 -05:00
Will Tran 44fa624b6b Refactor test assumptions about JCE to common class. (#3817) 
Apply assumptions directly to test methods instead of checking for key
length in crypto.gradle.
 2016-04-14 17:02:31 -05:00
Will Tran 40208127e8 Skip tests when AesBytesEncryptor can't be created in CBC or GCM mode. (#3816) 
Tests would fail in cases where JCE unlimited strength was available but
GCM wasn't, like on JDK7.
 2016-04-14 15:21:20 -05:00
Will Tran 63b2cfe1cf Bouncy Castle implementations of AES-256 
Adds "AES/CBC/PKCS5Padding" and "AES/GCM/NoPadding"

Fixes gh-2917
 2016-04-13 16:28:55 -05:00
Rob Winch 95a3e30d9f Polish Pbkdf2PasswordEncoder 
Fixes gh-2158
Fixes gh-51
 2016-04-12 17:16:38 -05:00
Rob Worsnop 0ab7126e64 Added PBKDF2PasswordEncoder. 
- Also moved some logic into a new class, AbstractPasswordEncoder.
Both PBKDF2PasswordEncoder and the now-simplified
StandardPasswordEncoder extend AbstractPasswordEncoder.
 - Added tests for PBKDF2PasswordEncoder

Issue gh-2158
 2016-04-12 17:16:38 -05:00
Rob Winch f221920a19 Clean up code to conform to basic checkstyle 
Issue gh-3746
 2016-03-14 00:15:12 -05:00
Billy Korando 71d4ce96ad Convert to assertj 
Fixes gh-3175
 2016-03-09 14:30:17 -06:00
Rob Winch bb600a473e Start AssertJ Migration 
Issue gh-3175
 2016-03-09 14:26:30 -06:00
Rob Winch 8fbc7e0d2c Fix SCryptPasswordEncoder javadoc 
Issue gh-3702
 2016-03-03 14:18:50 -06:00
Rob Winch fc75a679d9 Polish SCryptPasswordEncoder 
* JKD8 Base64 -> Spring Security's Base64 to continue to support older JDKs
* Spaces to tabs
* Javadoc cleanup
* Remove of @Override to compile in Eclipse

Issue gh-3702
 2016-03-03 14:06:08 -06:00
Shazin 7d02e259df Add SCryptPasswordEncoder 
Fixes gh-3702
 2016-03-03 10:24:29 -06:00
Rob Winch 69274d9aa8 SEC-2521: Improve StandardPasswordEncoder performance 2015-10-27 11:20:24 -05:00
Rob Winch 8cc9108601 Merge pull request #209 from raindev/patch-1 
Remove unused imports from SecureRandomBytesKeyGenerator
 2015-08-06 08:54:09 -05:00
Thomas Darimont ad1d858e2b SEC-3056 - Fix JavaDoc errors. 
Fixed JavaDoc errors accross multiple modules in order to make javadoc happy with Java 8.
 2015-08-03 08:02:24 -05:00
Andrew Barchuk 3832647ecf Remove unused imports 2015-07-14 16:35:11 +03:00
Rob Winch 3db01bd9d6 SEC-3002: Add JUnit Assume to GCM encryption tests 
Not all JDKs have GCM installed on them.
 2015-07-13 16:22:18 -05:00
Dave Syer a48cc18858 SEC-3002: Add new option for AES encryption with GCM 
The Galois Counter Mode (GCM) is held to be superior than the current
default CBC. This change adds an extra parameter to the constructor
of AesBytesEncryptor and a new convenience method in Encryptors.
 2015-07-09 23:27:33 -05:00
Rob Winch ae6af5d73c SEC-2915: Updated Java Code Formatting 2015-03-25 13:09:18 -05:00
Luke Taylor 743960d2d8 SEC-2122: Fix broken integration tests. 
Modified BCryptPasswordEncoder to no longer throw an
IllegalArgumentException when the encoded password is empty or
the incorrect format for bcrypt. Instead it now logs a warning
that non bcrypt data was found.

The Dms integration tests were failing after being changed to
use bcrypt and this fixes the issue.
 2013-05-21 23:13:08 +01:00
Luke Taylor d6524feb62 SEC-2122: Change doc to prioritize bcrypt use 2013-05-17 18:42:47 +01:00
Rob Winch a6bded86c2 SEC-1990: Polishing code cleanup on BCrypt 
- Formatting
 - Renamed test to be BCryptTests to better align with Spring Security's naming conventions
 2012-07-05 14:12:14 -05:00
Joseph Walton 14a5135ac3 SEC-1990: Clean up jBCrypt and include its tests. 
Merge in changes from jBCrypt.
- Use a ByteArrayOutputStream to cache bytes.
- Pass a StringBuilder into encode_base64.
- Refactor string comparison into its own method.
- General clean up.
 2012-07-05 14:04:39 -05:00
Luke Taylor 3760d792ea SEC-1890: Add checks for validity of stored bcrypt hash 
When checking for a match, the BCryptPasswordEncoder validates
the stored hash against a pattern to check that it actually is
a bcrypt value.
 2012-02-22 14:36:13 +00:00
Dave Syer 8565116f20 SEC-1472: Add crypto wrappers for BCrypt 2011-11-02 18:10:19 +00:00
Luke Taylor 45d938566c Some tests for Base64 encoding. 2011-08-12 19:44:27 +01:00
Luke Taylor 89b7b2b935 SEC-1764: Remove use of Java 6 method Arrays.copyOfRange. 2011-06-15 11:22:17 +01:00
Luke Taylor e27f655e9d SEC-1689: Re-instate crypto as separate library (for use in non-Spring Security apps), as well as packaging with core. 2011-06-10 00:01:25 +01:00
Luke Taylor 50828cdd43 SEC-1689: Move crypto module code to core for simplicity. 2011-03-10 18:58:47 +00:00
Rob Winch 8c08eeb57b SEC-1666: Use constant time comparison for sensitive data. 
Constant time comparison helps to mitigate timing attacks. See the following link for more information

 * http://rdist.root.org/2010/07/19/exploiting-remote-timing-attacks/
 * http://en.wikipedia.org/wiki/Timing_attack for more information.
 2011-01-31 23:03:51 -06:00
Rob Winch 2e822e9abe SEC-1659: Ensure that Digester is returning digest(digest(value)...) instead of digesting the same value multiple times. 
Make it so that the Digester returns digest(digest(value)...) instead of digesting the same value multiple times. This
alligns with the OWASP recommendations at http://www.owasp.org/index.php/Hashing_Java#Hardening_against_the_attacker.27s_attack
 2011-01-30 22:30:01 -06:00
Luke Taylor 162cb64baa SEC-1659: Label crypto utils package as only for internal use. 2011-01-19 18:19:58 +00:00
Keith Donald b646e44646 SEC-1659: fixed bundlor step of build 2011-01-19 18:17:03 +00:00
Keith Donald ea76efdb2c SEC-1659: favor AES encryption instead of DES as standard symmetric encryption algorithm 2011-01-19 18:17:02 +00:00
Keith Donald ffa7301e7f SEC-1569: initial commit of spring-security-crypto module, consisting of encrypt, keygen, password, and util packages 2011-01-19 18:17:02 +00:00