use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.
the class HashedCredentialsMatcherTest method testBackwardsCompatibleUnsaltedAuthenticationInfo.
/**
* Test backwards compatibility of unsalted credentials before
* <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
*/
@Test
public void testBackwardsCompatibleUnsaltedAuthenticationInfo() {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
// simulate an account with SHA-1 hashed password (no salt)
final String username = "username";
final String password = "password";
final Object hashedPassword = new Sha1Hash(password).getBytes();
AuthenticationInfo account = new AuthenticationInfo() {
public PrincipalCollection getPrincipals() {
return new SimplePrincipalCollection(username, "realmName");
}
public Object getCredentials() {
return hashedPassword;
}
};
// simulate a username/password (plaintext) token created in response to a login attempt:
AuthenticationToken token = new UsernamePasswordToken("username", "password");
// verify the hashed token matches what is in the account:
assertTrue(matcher.doCredentialsMatch(token, account));
}
use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.
the class HashedCredentialsMatcherTest method testSaltedAuthenticationInfo.
/**
* Test new Shiro 1.1 functionality, where the salt is obtained from the stored account information, as it
* should be. See <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a>
*/
@Test
public void testSaltedAuthenticationInfo() {
// use SHA-1 hashing in this test:
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
// simulate a user account with a SHA-1 hashed and salted password:
ByteSource salt = new SecureRandomNumberGenerator().nextBytes();
Object hashedPassword = new Sha1Hash("password", salt);
SimpleAuthenticationInfo account = new SimpleAuthenticationInfo("username", hashedPassword, salt, "realmName");
// simulate a username/password (plaintext) token created in response to a login attempt:
AuthenticationToken token = new UsernamePasswordToken("username", "password");
// verify the hashed token matches what is in the account:
assertTrue(matcher.doCredentialsMatch(token, account));
}
use of org.apache.shiro.crypto.hash.Sha1Hash in project shiro by apache.
the class HashedCredentialsMatcherTest method testBackwardsCompatibleSaltedAuthenticationInfo.
/**
* Test backwards compatibility of salted credentials before
* <a href="https://issues.apache.org/jira/browse/SHIRO-186">SHIRO-186</a> edits.
*/
@Test
public void testBackwardsCompatibleSaltedAuthenticationInfo() {
HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(Sha1Hash.ALGORITHM_NAME);
// enable this for Shiro 1.0 backwards compatibility:
matcher.setHashSalted(true);
// simulate an account with SHA-1 hashed password, using the username as the salt
// (BAD IDEA, but backwards-compatible):
final String username = "username";
final String password = "password";
final Object hashedPassword = new Sha1Hash(password, username).getBytes();
AuthenticationInfo account = new AuthenticationInfo() {
public PrincipalCollection getPrincipals() {
return new SimplePrincipalCollection(username, "realmName");
}
public Object getCredentials() {
return hashedPassword;
}
};
// simulate a username/password (plaintext) token created in response to a login attempt:
AuthenticationToken token = new UsernamePasswordToken("username", "password");
// verify the hashed token matches what is in the account:
assertTrue(matcher.doCredentialsMatch(token, account));
}
Aggregations