use of org.apache.shiro.crypto.hash.HashRequest in project cas by apereo.
the class QueryAndEncodeDatabaseAuthenticationHandler method digestEncodedPassword.
/**
* Digest encoded password.
*
* @param encodedPassword the encoded password
* @param values the values retrieved from database
* @return the digested password
*/
protected String digestEncodedPassword(final String encodedPassword, final Map<String, Object> values) {
final ConfigurableHashService hashService = new DefaultHashService();
if (StringUtils.isNotBlank(this.staticSalt)) {
hashService.setPrivateSalt(ByteSource.Util.bytes(this.staticSalt));
}
hashService.setHashAlgorithmName(this.algorithmName);
Long numOfIterations = this.numberOfIterations;
if (values.containsKey(this.numberOfIterationsFieldName)) {
final String longAsStr = values.get(this.numberOfIterationsFieldName).toString();
numOfIterations = Long.valueOf(longAsStr);
}
hashService.setHashIterations(numOfIterations.intValue());
if (!values.containsKey(this.saltFieldName)) {
throw new RuntimeException("Specified field name for salt does not exist in the results");
}
final String dynaSalt = values.get(this.saltFieldName).toString();
final HashRequest request = new HashRequest.Builder().setSalt(dynaSalt).setSource(encodedPassword).build();
return hashService.computeHash(request).toHex();
}
Aggregations