Hashing with Argon2 in Java (#14009)

* Hashing with Argon2 in Java * Hashing with Argon2 in Java
2023-05-16 15:21:10 +00:00 · 2023-05-16 15:21:10 +00:00 · 43c4e4b337
parent a9a44221fc
commit 43c4e4b337
2 changed files with 72 additions and 1 deletions
--- a/core-java-modules/core-java-security-3/pom.xml
+++ b/core-java-modules/core-java-security-3/pom.xml
@ -30,12 +30,18 @@
            <artifactId>jaxb-api</artifactId>
            <version>${jaxb-api.version}</version>
        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-crypto</artifactId>
+            <version>${spring-security-crypto.version}</version>
+        </dependency>
    </dependencies>

    <properties>
-        <bouncycastle.version>1.60</bouncycastle.version>
+        <bouncycastle.version>1.70</bouncycastle.version>
        <commons-codec.version>1.11</commons-codec.version>
        <jaxb-api.version>2.3.1</jaxb-api.version>
+        <spring-security-crypto.version>6.0.3</spring-security-crypto.version>
    </properties>

 </project>
--- a/core-java-modules/core-java-security-3/src/test/java/com/baeldung/hash/argon/HashPasswordUnitTest.java
+++ b/core-java-modules/core-java-security-3/src/test/java/com/baeldung/hash/argon/HashPasswordUnitTest.java
@ -0,0 +1,65 @@
+package com.baeldung.hash.argon;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+import java.nio.charset.StandardCharsets;
+import java.security.SecureRandom;
+
+import org.bouncycastle.crypto.generators.Argon2BytesGenerator;
+import org.bouncycastle.crypto.params.Argon2Parameters;
+import org.bouncycastle.util.encoders.Hex;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
+
+import java.util.Arrays;
+import java.util.Base64;
+
+public class HashPasswordUnitTest {
+
+    @Test
+    public void givenRawPassword_whenEncodedWithArgon2_thenMatchesEncodedPassword() {
+        String rawPassword = "Baeldung";
+
+        Argon2PasswordEncoder arg2SpringSecurity = new Argon2PasswordEncoder(16, 32, 1, 60000, 10);
+        String hashPassword = arg2SpringSecurity.encode(rawPassword);
+
+        assertTrue(arg2SpringSecurity.matches(rawPassword, hashPassword));
+    }
+
+    @Test
+    public void givenRawPasswordAndSalt_whenArgon2AlgorithmIsUsed_thenHashIsCorrect() {
+        byte[] salt = generateSalt16Byte();
+        String password = "Baeldung";
+
+        int iterations = 2;
+        int memLimit = 66536;
+        int hashLength = 32;
+        int parallelism = 1;
+        Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id).withVersion(Argon2Parameters.ARGON2_VERSION_13)
+          .withIterations(iterations)
+          .withMemoryAsKB(memLimit)
+          .withParallelism(parallelism)
+          .withSalt(salt);
+
+        Argon2BytesGenerator generate = new Argon2BytesGenerator();
+        generate.init(builder.build());
+        byte[] result = new byte[hashLength];
+        generate.generateBytes(password.getBytes(StandardCharsets.UTF_8), result, 0, result.length);
+
+        Argon2BytesGenerator verifier = new Argon2BytesGenerator();
+        verifier.init(builder.build());
+        byte[] testHash = new byte[hashLength];
+        verifier.generateBytes(password.getBytes(StandardCharsets.UTF_8), testHash, 0, testHash.length);
+
+        assertTrue(Arrays.equals(result, testHash));
+    }
+
+    private static byte[] generateSalt16Byte() {
+        SecureRandom secureRandom = new SecureRandom();
+        byte[] salt = new byte[16];
+        secureRandom.nextBytes(salt);
+        return salt;
+    }
+
+}