Search in sources :

Example 1 with Sha1Hash

use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.

the class HashedCredentialsMatcherTest method testBackwardsCompatibleUnsaltedAuthenticationInfo.

/**
 * Test backwards compatibility of unsalted credentials before
 * <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
 */
@Test
public void testBackwardsCompatibleUnsaltedAuthenticationInfo() {
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
    // simulate an account with SHA-1 hashed password (no salt)
    final String username = "username";
    final String password = "password";
    final Object hashedPassword = new Sha1Hash(password).getBytes();
    AuthenticationInfo account = new AuthenticationInfo() {

        public PrincipalCollection getPrincipals() {
            return new SimplePrincipalCollection(username, "realmName");
        }

        public Object getCredentials() {
            return hashedPassword;
        }
    };
    // simulate a username/password (plaintext) token created in response to a login attempt:
    AuthenticationToken token = new UsernamePasswordToken("username", "password");
    // verify the hashed token matches what is in the account:
    assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Sha1Hash(org.apache.shiro.crypto.hash.Sha1Hash) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 2 with Sha1Hash

use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.

the class HashedCredentialsMatcherTest method testSaltedAuthenticationInfo.

/**
 * Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it
 * should be.  See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a>
 */
@Test
public void testSaltedAuthenticationInfo() {
    // use SHA-1 hashing in this test:
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
    // simulate a user account with a SHA-1 hashed and salted password:
    ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
    Object hashedPassword = new Sha1Hash("password", salt);
    SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");
    // simulate a username/password (plaintext) token created in response to a login attempt:
    AuthenticationToken token = new UsernamePasswordToken("username", "password");
    // verify the hashed token matches what is in the account:
    assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) SecureRandomNumberGenerator(org.apache.shiro.crypto.SecureRandomNumberGenerator) Sha1Hash(org.apache.shiro.crypto.hash.Sha1Hash) ByteSource(org.apache.shiro.util.ByteSource) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Example 3 with Sha1Hash

use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.

the class HashedCredentialsMatcherTest method testBackwardsCompatibleSaltedAuthenticationInfo.

/**
 * Test backwards compatibility of salted credentials before
 * <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
 */
@Test
public void testBackwardsCompatibleSaltedAuthenticationInfo() {
    HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
    // enable this for Shiro 1.0 backwards compatibility:
    matcher.setHashSalted(true);
    // simulate an account with SHA-1 hashed password, using the username as the salt
    // (BAD IDEA, but backwards-compatible):
    final String username = "username";
    final String password = "password";
    final Object hashedPassword = new Sha1Hash(password, username).getBytes();
    AuthenticationInfo account = new AuthenticationInfo() {

        public PrincipalCollection getPrincipals() {
            return new SimplePrincipalCollection(username, "realmName");
        }

        public Object getCredentials() {
            return hashedPassword;
        }
    };
    // simulate a username/password (plaintext) token created in response to a login attempt:
    AuthenticationToken token = new UsernamePasswordToken("username", "password");
    // verify the hashed token matches what is in the account:
    assertTrue(matcher.doCredentialsMatch(token, account));
}
Also used : AuthenticationToken(org.apache.shiro.authc.AuthenticationToken) Sha1Hash(org.apache.shiro.crypto.hash.Sha1Hash) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) SimpleAuthenticationInfo(org.apache.shiro.authc.SimpleAuthenticationInfo) UsernamePasswordToken(org.apache.shiro.authc.UsernamePasswordToken) Test(org.junit.Test)

Aggregations

AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)3 SimpleAuthenticationInfo (org.apache.shiro.authc.SimpleAuthenticationInfo)3 UsernamePasswordToken (org.apache.shiro.authc.UsernamePasswordToken)3 Sha1Hash (org.apache.shiro.crypto.hash.Sha1Hash)3 Test (org.junit.Test)3 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2 SecureRandomNumberGenerator (org.apache.shiro.crypto.SecureRandomNumberGenerator)1 ByteSource (org.apache.shiro.util.ByteSource)1