JAVA-623: Moved 3 articles from core-java-security to security-2
This commit is contained in:
sampadawagde
parent
898c7c0618
commit
c18d09cd33
|
|
@ -3,17 +3,16 @@
|
|||
This module contains articles about core Java Security
|
||||
|
||||
### Relevant Articles:
|
||||
- [MD5 Hashing in Java](http://www.baeldung.com/java-md5)
|
||||
|
||||
- [Guide to the Cipher Class](http://www.baeldung.com/java-cipher-class)
|
||||
- [Introduction to SSL in Java](http://www.baeldung.com/java-ssl)
|
||||
- [Java KeyStore API](http://www.baeldung.com/java-keystore)
|
||||
- [Encrypting and Decrypting Files in Java](http://www.baeldung.com/java-cipher-input-output-stream)
|
||||
- [Hashing a Password in Java](https://www.baeldung.com/java-password-hashing)
|
||||
- [SSL Handshake Failures](https://www.baeldung.com/java-ssl-handshake-failures)
|
||||
- [SHA-256 and SHA3-256 Hashing in Java](https://www.baeldung.com/sha-256-hashing-java)
|
||||
- [Enabling TLS v1.2 in Java 7](https://www.baeldung.com/java-7-tls-v12)
|
||||
- [The Java SecureRandom Class](https://www.baeldung.com/java-secure-random)
|
||||
- [An Introduction to Java SASL](https://www.baeldung.com/java-sasl)
|
||||
- [A Guide to Java GSS API](https://www.baeldung.com/java-gss)
|
||||
- [Intro to the Java SecurityManager](https://www.baeldung.com/java-security-manager)
|
||||
- More articles: [[next -->]](/core-java-modules/core-java-security-2)
|
||||
|
||||
|
|
|
|||
|
|
@ -24,24 +24,9 @@
|
|||
<version>${assertj-core.version}</version>
|
||||
<scope>test</scope>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>commons-codec</groupId>
|
||||
<artifactId>commons-codec</artifactId>
|
||||
<version>${commons-codec.version}</version>
|
||||
</dependency>
|
||||
<dependency>
|
||||
<groupId>org.bouncycastle</groupId>
|
||||
<artifactId>bcprov-jdk15on</artifactId>
|
||||
<version>${bouncycastle.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<properties>
|
||||
<!-- util -->
|
||||
<bouncycastle.version>1.60</bouncycastle.version>
|
||||
<commons-codec.version>1.11</commons-codec.version>
|
||||
|
||||
<!-- testing -->
|
||||
<assertj-core.version>3.10.0</assertj-core.version>
|
||||
</properties>
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
public class DigestAlgorithms {
|
||||
|
||||
public static final String SHA3_256 = "SHA3-256";
|
||||
public static final String SHA_256 = "SHA-256";
|
||||
public static final String KECCAK_256 = "Keccak-256";
|
||||
|
||||
}
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import org.bouncycastle.jcajce.provider.digest.Keccak;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.Security;
|
||||
|
||||
import static com.baeldung.hashing.DigestAlgorithms.KECCAK_256;
|
||||
import static com.baeldung.hashing.SHACommonUtils.bytesToHex;
|
||||
|
||||
public class Keccak256Hashing {
|
||||
|
||||
public static String hashWithJavaMessageDigest(final String originalString) throws NoSuchAlgorithmException {
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
final MessageDigest digest = MessageDigest.getInstance(KECCAK_256);
|
||||
final byte[] encodedhash = digest.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return bytesToHex(encodedhash);
|
||||
}
|
||||
|
||||
public static String hashWithBouncyCastle(final String originalString) {
|
||||
Keccak.Digest256 digest256 = new Keccak.Digest256();
|
||||
byte[] hashbytes = digest256.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return new String(Hex.encode(hashbytes));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import com.google.common.hash.Hashing;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import static com.baeldung.hashing.DigestAlgorithms.SHA_256;
|
||||
import static com.baeldung.hashing.SHACommonUtils.bytesToHex;
|
||||
|
||||
public class SHA256Hashing {
|
||||
|
||||
public static String HashWithJavaMessageDigest(final String originalString) throws NoSuchAlgorithmException {
|
||||
final MessageDigest digest = MessageDigest.getInstance(SHA_256);
|
||||
final byte[] encodedhash = digest.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return bytesToHex(encodedhash);
|
||||
}
|
||||
|
||||
public static String hashWithGuava(final String originalString) {
|
||||
final String sha256hex = Hashing.sha256().hashString(originalString, StandardCharsets.UTF_8).toString();
|
||||
return sha256hex;
|
||||
}
|
||||
|
||||
public static String HashWithApacheCommons(final String originalString) {
|
||||
final String sha256hex = DigestUtils.sha256Hex(originalString);
|
||||
return sha256hex;
|
||||
}
|
||||
|
||||
public static String HashWithBouncyCastle(final String originalString) throws NoSuchAlgorithmException {
|
||||
final MessageDigest digest = MessageDigest.getInstance(SHA_256);
|
||||
final byte[] hash = digest.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
final String sha256hex = new String(Hex.encode(hash));
|
||||
return sha256hex;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,45 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import com.google.common.hash.Hashing;
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.bouncycastle.crypto.digests.SHA3Digest;
|
||||
import org.bouncycastle.jcajce.provider.digest.SHA3;
|
||||
import org.bouncycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.Security;
|
||||
|
||||
import static com.baeldung.hashing.DigestAlgorithms.SHA3_256;
|
||||
import static com.baeldung.hashing.SHACommonUtils.bytesToHex;
|
||||
|
||||
public class SHA3Hashing {
|
||||
|
||||
/* works with JDK9+ only */
|
||||
public static String hashWithJavaMessageDigestJDK9(final String originalString) throws NoSuchAlgorithmException {
|
||||
final MessageDigest digest = MessageDigest.getInstance(SHA3_256);
|
||||
final byte[] hashbytes = digest.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return bytesToHex(hashbytes);
|
||||
}
|
||||
|
||||
public static String hashWithJavaMessageDigest(final String originalString) throws NoSuchAlgorithmException {
|
||||
Security.addProvider(new BouncyCastleProvider());
|
||||
final MessageDigest digest = MessageDigest.getInstance(SHA3_256);
|
||||
final byte[] hashbytes = digest.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return bytesToHex(hashbytes);
|
||||
}
|
||||
|
||||
/* works with JDK9+ only */
|
||||
public static String hashWithApacheCommonsJDK9(final String originalString) {
|
||||
return new DigestUtils(SHA3_256).digestAsHex(originalString);
|
||||
}
|
||||
|
||||
public static String hashWithBouncyCastle(final String originalString) {
|
||||
SHA3.Digest256 digest256 = new SHA3.Digest256();
|
||||
byte[] hashbytes = digest256.digest(originalString.getBytes(StandardCharsets.UTF_8));
|
||||
return new String(Hex.encode(hashbytes));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
class SHACommonUtils {
|
||||
|
||||
public static String bytesToHex(byte[] hash) {
|
||||
StringBuffer hexString = new StringBuffer();
|
||||
for (byte h : hash) {
|
||||
String hex = Integer.toHexString(0xff & h);
|
||||
if (hex.length() == 1)
|
||||
hexString.append('0');
|
||||
hexString.append(hex);
|
||||
}
|
||||
return hexString.toString();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,149 +0,0 @@
|
|||
package com.baeldung.passwordhashing;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.SecureRandom;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.security.spec.KeySpec;
|
||||
import java.util.Arrays;
|
||||
import java.util.Base64;
|
||||
import java.util.regex.Matcher;
|
||||
import java.util.regex.Pattern;
|
||||
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
|
||||
/**
|
||||
* Hash passwords for storage, and test passwords against password tokens.
|
||||
*
|
||||
* Instances of this class can be used concurrently by multiple threads.
|
||||
*
|
||||
* @author erickson
|
||||
* @see <a href="http://stackoverflow.com/a/2861125/3474">StackOverflow</a>
|
||||
*/
|
||||
public final class PBKDF2Hasher
|
||||
{
|
||||
|
||||
/**
|
||||
* Each token produced by this class uses this identifier as a prefix.
|
||||
*/
|
||||
public static final String ID = "$31$";
|
||||
|
||||
/**
|
||||
* The minimum recommended cost, used by default
|
||||
*/
|
||||
public static final int DEFAULT_COST = 16;
|
||||
|
||||
private static final String ALGORITHM = "PBKDF2WithHmacSHA1";
|
||||
|
||||
private static final int SIZE = 128;
|
||||
|
||||
private static final Pattern layout = Pattern.compile("\\$31\\$(\\d\\d?)\\$(.{43})");
|
||||
|
||||
private final SecureRandom random;
|
||||
|
||||
private final int cost;
|
||||
|
||||
public PBKDF2Hasher()
|
||||
{
|
||||
this(DEFAULT_COST);
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a password manager with a specified cost
|
||||
*
|
||||
* @param cost the exponential computational cost of hashing a password, 0 to 30
|
||||
*/
|
||||
public PBKDF2Hasher(int cost)
|
||||
{
|
||||
iterations(cost); /* Validate cost */
|
||||
this.cost = cost;
|
||||
this.random = new SecureRandom();
|
||||
}
|
||||
|
||||
private static int iterations(int cost)
|
||||
{
|
||||
if ((cost < 0) || (cost > 30))
|
||||
throw new IllegalArgumentException("cost: " + cost);
|
||||
return 1 << cost;
|
||||
}
|
||||
|
||||
/**
|
||||
* Hash a password for storage.
|
||||
*
|
||||
* @return a secure authentication token to be stored for later authentication
|
||||
*/
|
||||
public String hash(char[] password)
|
||||
{
|
||||
byte[] salt = new byte[SIZE / 8];
|
||||
random.nextBytes(salt);
|
||||
byte[] dk = pbkdf2(password, salt, 1 << cost);
|
||||
byte[] hash = new byte[salt.length + dk.length];
|
||||
System.arraycopy(salt, 0, hash, 0, salt.length);
|
||||
System.arraycopy(dk, 0, hash, salt.length, dk.length);
|
||||
Base64.Encoder enc = Base64.getUrlEncoder().withoutPadding();
|
||||
return ID + cost + '$' + enc.encodeToString(hash);
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate with a password and a stored password token.
|
||||
*
|
||||
* @return true if the password and token match
|
||||
*/
|
||||
public boolean checkPassword(char[] password, String token)
|
||||
{
|
||||
Matcher m = layout.matcher(token);
|
||||
if (!m.matches())
|
||||
throw new IllegalArgumentException("Invalid token format");
|
||||
int iterations = iterations(Integer.parseInt(m.group(1)));
|
||||
byte[] hash = Base64.getUrlDecoder().decode(m.group(2));
|
||||
byte[] salt = Arrays.copyOfRange(hash, 0, SIZE / 8);
|
||||
byte[] check = pbkdf2(password, salt, iterations);
|
||||
int zero = 0;
|
||||
for (int idx = 0; idx < check.length; ++idx)
|
||||
zero |= hash[salt.length + idx] ^ check[idx];
|
||||
return zero == 0;
|
||||
}
|
||||
|
||||
private static byte[] pbkdf2(char[] password, byte[] salt, int iterations)
|
||||
{
|
||||
KeySpec spec = new PBEKeySpec(password, salt, iterations, SIZE);
|
||||
try {
|
||||
SecretKeyFactory f = SecretKeyFactory.getInstance(ALGORITHM);
|
||||
return f.generateSecret(spec).getEncoded();
|
||||
}
|
||||
catch (NoSuchAlgorithmException ex) {
|
||||
throw new IllegalStateException("Missing algorithm: " + ALGORITHM, ex);
|
||||
}
|
||||
catch (InvalidKeySpecException ex) {
|
||||
throw new IllegalStateException("Invalid SecretKeyFactory", ex);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Hash a password in an immutable {@code String}.
|
||||
*
|
||||
* <p>Passwords should be stored in a {@code char[]} so that it can be filled
|
||||
* with zeros after use instead of lingering on the heap and elsewhere.
|
||||
*
|
||||
* @deprecated Use {@link #hash(char[])} instead
|
||||
*/
|
||||
@Deprecated
|
||||
public String hash(String password)
|
||||
{
|
||||
return hash(password.toCharArray());
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticate with a password in an immutable {@code String} and a stored
|
||||
* password token.
|
||||
*
|
||||
* @deprecated Use {@link #checkPassword(char[],String)} instead.
|
||||
* @see #hash(String)
|
||||
*/
|
||||
@Deprecated
|
||||
public boolean checkPassword(String password, String token)
|
||||
{
|
||||
return checkPassword(password.toCharArray(), token);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
package com.baeldung.passwordhashing;
|
||||
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
|
||||
/** A really simple SHA_512 Encryption example.
|
||||
*
|
||||
*/
|
||||
public class SHA512Hasher {
|
||||
|
||||
public String hash(String passwordToHash, byte[] salt){
|
||||
String generatedPassword = null;
|
||||
try {
|
||||
MessageDigest md = MessageDigest.getInstance("SHA-512");
|
||||
md.update(salt);
|
||||
byte[] bytes = md.digest(passwordToHash.getBytes(StandardCharsets.UTF_8));
|
||||
StringBuilder sb = new StringBuilder();
|
||||
for(int i=0; i< bytes.length ;i++){
|
||||
sb.append(Integer.toString((bytes[i] & 0xff) + 0x100, 16).substring(1));
|
||||
}
|
||||
generatedPassword = sb.toString();
|
||||
}
|
||||
catch (NoSuchAlgorithmException e){
|
||||
e.printStackTrace();
|
||||
}
|
||||
return generatedPassword;
|
||||
}
|
||||
|
||||
public boolean checkPassword(String hash, String attempt, byte[] salt){
|
||||
String generatedHash = hash(attempt, salt);
|
||||
return hash.equals(generatedHash);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
package com.baeldung.passwordhashing;
|
||||
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
import java.security.spec.KeySpec;
|
||||
|
||||
/** A really simple SimplePBKDF2 Encryption example.
|
||||
*
|
||||
*/
|
||||
public class SimplePBKDF2Hasher {
|
||||
|
||||
public static String hashSimple(String password, byte[] salt) throws Exception{
|
||||
KeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 65536, 128);
|
||||
SecretKeyFactory f = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
|
||||
byte[] hash = f.generateSecret(spec).getEncoded();
|
||||
return String.valueOf(hash);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,22 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
public class Keccak256HashingUnitTest {
|
||||
|
||||
private static String originalValue = "abc123";
|
||||
private static String hashedValue = "719accc61a9cc126830e5906f9d672d06eab6f8597287095a2c55a8b775e7016";
|
||||
|
||||
@Test public void testHashWithJavaMessageDigest() throws Exception {
|
||||
final String currentHashedValue = Keccak256Hashing.hashWithJavaMessageDigest(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test public void testHashWithBouncyCastle() {
|
||||
final String currentHashedValue = Keccak256Hashing.hashWithBouncyCastle(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,35 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
public class SHA256HashingUnitTest {
|
||||
|
||||
private static String originalValue = "abc123";
|
||||
private static String hashedValue = "6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090";
|
||||
|
||||
@Test
|
||||
public void testHashWithJavaMessageDigest() throws Exception {
|
||||
final String currentHashedValue = SHA256Hashing.HashWithJavaMessageDigest(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashWithGuava() throws Exception {
|
||||
final String currentHashedValue = SHA256Hashing.hashWithGuava(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashWithApacheCommans() throws Exception {
|
||||
final String currentHashedValue = SHA256Hashing.HashWithApacheCommons(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashWithBouncyCastle() throws Exception {
|
||||
final String currentHashedValue = SHA256Hashing.HashWithBouncyCastle(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
}
|
||||
|
|
@ -1,38 +0,0 @@
|
|||
package com.baeldung.hashing;
|
||||
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
|
||||
public class SHA3HashingUnitTest {
|
||||
|
||||
private static String originalValue = "abc123";
|
||||
private static String hashedValue = "f58fa3df820114f56e1544354379820cff464c9c41cb3ca0ad0b0843c9bb67ee";
|
||||
|
||||
/* works with JDK9+ only */
|
||||
//@Test
|
||||
public void testHashWithJavaMessageDigestJDK9() throws Exception {
|
||||
final String currentHashedValue = SHA3Hashing.hashWithJavaMessageDigestJDK9(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashWithJavaMessageDigest() throws Exception {
|
||||
final String currentHashedValue = SHA3Hashing.hashWithJavaMessageDigest(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
/* works with JDK9+ only */
|
||||
//@Test
|
||||
public void testHashWithApacheCommonsJDK9() {
|
||||
final String currentHashedValue = SHA3Hashing.hashWithApacheCommonsJDK9(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testHashWithBouncyCastle() {
|
||||
final String currentHashedValue = SHA3Hashing.hashWithBouncyCastle(originalValue);
|
||||
assertEquals(hashedValue, currentHashedValue);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,75 +0,0 @@
|
|||
package com.baeldung.java.md5;
|
||||
|
||||
import static org.assertj.core.api.Assertions.assertThat;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Paths;
|
||||
import java.security.MessageDigest;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
|
||||
import javax.xml.bind.DatatypeConverter;
|
||||
|
||||
import org.apache.commons.codec.digest.DigestUtils;
|
||||
import org.junit.Test;
|
||||
|
||||
import com.google.common.hash.HashCode;
|
||||
import com.google.common.hash.Hashing;
|
||||
|
||||
public class JavaMD5UnitTest {
|
||||
|
||||
String filename = "src/test/resources/test_md5.txt";
|
||||
String checksum = "5EB63BBBE01EEED093CB22BB8F5ACDC3";
|
||||
|
||||
String hash = "35454B055CC325EA1AF2126E27707052";
|
||||
String password = "ILoveJava";
|
||||
|
||||
@Test
|
||||
public void givenPassword_whenHashing_thenVerifying() throws NoSuchAlgorithmException {
|
||||
String hash = "35454B055CC325EA1AF2126E27707052";
|
||||
String password = "ILoveJava";
|
||||
|
||||
MessageDigest md = MessageDigest.getInstance("MD5");
|
||||
md.update(password.getBytes());
|
||||
byte[] digest = md.digest();
|
||||
String myHash = DatatypeConverter.printHexBinary(digest).toUpperCase();
|
||||
|
||||
assertThat(myHash.equals(hash)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenFile_generatingChecksum_thenVerifying() throws NoSuchAlgorithmException, IOException {
|
||||
String filename = "src/test/resources/test_md5.txt";
|
||||
String checksum = "5EB63BBBE01EEED093CB22BB8F5ACDC3";
|
||||
|
||||
MessageDigest md = MessageDigest.getInstance("MD5");
|
||||
md.update(Files.readAllBytes(Paths.get(filename)));
|
||||
byte[] digest = md.digest();
|
||||
String myChecksum = DatatypeConverter.printHexBinary(digest).toUpperCase();
|
||||
|
||||
assertThat(myChecksum.equals(checksum)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPassword_whenHashingUsingCommons_thenVerifying() {
|
||||
String hash = "35454B055CC325EA1AF2126E27707052";
|
||||
String password = "ILoveJava";
|
||||
|
||||
String md5Hex = DigestUtils.md5Hex(password).toUpperCase();
|
||||
|
||||
assertThat(md5Hex.equals(hash)).isTrue();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenFile_whenChecksumUsingGuava_thenVerifying() throws IOException {
|
||||
String filename = "src/test/resources/test_md5.txt";
|
||||
String checksum = "5EB63BBBE01EEED093CB22BB8F5ACDC3";
|
||||
|
||||
HashCode hash = com.google.common.io.Files.hash(new File(filename), Hashing.md5());
|
||||
String myChecksum = hash.toString().toUpperCase();
|
||||
|
||||
assertThat(myChecksum.equals(checksum)).isTrue();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,41 +0,0 @@
|
|||
package com.baeldung.passwordhashing;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
|
||||
public class PBKDF2HasherUnitTest {
|
||||
|
||||
private PBKDF2Hasher mPBKDF2Hasher;
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
mPBKDF2Hasher = new PBKDF2Hasher();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenCorrectMessageAndHash_whenAuthenticated_checkAuthenticationSucceeds() throws Exception {
|
||||
String message1 = "password123";
|
||||
|
||||
String hash1 = mPBKDF2Hasher.hash(message1.toCharArray());
|
||||
|
||||
assertTrue(mPBKDF2Hasher.checkPassword(message1.toCharArray(), hash1));
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenWrongMessage_whenAuthenticated_checkAuthenticationFails() throws Exception {
|
||||
String message1 = "password123";
|
||||
|
||||
String hash1 = mPBKDF2Hasher.hash(message1.toCharArray());
|
||||
|
||||
String wrongPasswordAttempt = "IamWrong";
|
||||
|
||||
assertFalse(mPBKDF2Hasher.checkPassword(wrongPasswordAttempt.toCharArray(), hash1));
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,70 +0,0 @@
|
|||
package com.baeldung.passwordhashing;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
|
||||
import java.security.SecureRandom;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
|
||||
/**
|
||||
* Created by PhysicsSam on 06-Sep-18.
|
||||
*/
|
||||
public class SHA512HasherUnitTest {
|
||||
|
||||
private SHA512Hasher hasher;
|
||||
private SecureRandom secureRandom;
|
||||
|
||||
@Before
|
||||
public void setUp() throws Exception {
|
||||
hasher = new SHA512Hasher();
|
||||
secureRandom = new SecureRandom();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenSamePasswordAndSalt_whenHashed_checkResultingHashesAreEqual() throws Exception {
|
||||
|
||||
byte[] salt = new byte[16];
|
||||
secureRandom.nextBytes(salt);
|
||||
|
||||
String hash1 = hasher.hash("password", salt);
|
||||
String hash2 = hasher.hash("password", salt);
|
||||
|
||||
assertEquals(hash1, hash2);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenSamePasswordAndDifferentSalt_whenHashed_checkResultingHashesNotEqual() throws Exception {
|
||||
|
||||
byte[] salt = new byte[16];
|
||||
secureRandom.nextBytes(salt);
|
||||
String hash1 = hasher.hash("password", salt);
|
||||
//generate a second salt
|
||||
byte[] secondSalt = new byte[16];
|
||||
String hash2 = hasher.hash("password", secondSalt);
|
||||
|
||||
assertNotEquals(hash1, hash2);
|
||||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPredefinedHash_whenCorrectAttemptGiven_checkAuthenticationSucceeds() throws Exception {
|
||||
byte[] salt = new byte[16];
|
||||
secureRandom.nextBytes(salt);
|
||||
|
||||
String originalHash = hasher.hash("password123", salt);
|
||||
|
||||
assertTrue(hasher.checkPassword(originalHash, "password123", salt));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void givenPredefinedHash_whenIncorrectAttemptGiven_checkAuthenticationFails() throws Exception {
|
||||
byte[] salt = new byte[16];
|
||||
secureRandom.nextBytes(salt);
|
||||
|
||||
String originalHash = hasher.hash("password123", salt);
|
||||
|
||||
assertFalse(hasher.checkPassword(originalHash, "password124", salt));
|
||||
}
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
hello world
|
||||
Loading…
Reference in New Issue