Skip to content

Commit

Permalink
Allow to check bcrypt $2b$ passwords
Browse files Browse the repository at this point in the history
  • Loading branch information
@yurem
yurem committed Jun 20, 2018
1 parent b96d1e2 commit f7c6020
Show file tree
Hide file tree
Showing 3 changed files with 188 additions and 58 deletions.
3 changes: 3 additions & 0 deletions oxPersist/src/main/java/org/gluu/persist/operation/auth/PasswordEncryptionHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ public static byte[] createStoragePassword(byte[] credentials, PasswordEncryptio
break;

case HASH_METHOD_CRYPT_BCRYPT:
case HASH_METHOD_CRYPT_BCRYPT_B:
salt = StringHelper.getBytesUtf8(BCrypt.genSalt());
break;

Expand Down Expand Up @@ -274,6 +275,7 @@ private static byte[] encryptPassword(byte[] credentials, PasswordEncryptionMeth
return StringHelper.getBytesUtf8(crypted2);

case HASH_METHOD_CRYPT_BCRYPT:
case HASH_METHOD_CRYPT_BCRYPT_B:
String crypted3 = BCrypt.hashPw(StringHelper.utf8ToString(credentials), StringHelper.utf8ToString(salt));
return StringHelper.getBytesUtf8(crypted3.substring(crypted3.length() - 31));

Expand Down Expand Up @@ -364,6 +366,7 @@ public static PasswordDetails splitCredentials(byte[] credentials) {
return new PasswordDetails(algorithm, salt, password);

case HASH_METHOD_CRYPT_BCRYPT:
case HASH_METHOD_CRYPT_BCRYPT_B:
salt = Arrays.copyOfRange(credentials, algoLength, credentials.length - 31);
password = Arrays.copyOfRange(credentials, credentials.length - 31, credentials.length);

Expand Down
7 changes: 7 additions & 0 deletions oxPersist/src/main/java/org/gluu/persist/operation/auth/PasswordEncryptionMethod.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,9 @@ public enum PasswordEncryptionMethod {
/** The BCrypt encryption method */
HASH_METHOD_CRYPT_BCRYPT("CRYPT-BCRYPT", "BCRYPT", "crypt", "$2a$", 31),

/** The BCrypt encryption method */
HASH_METHOD_CRYPT_BCRYPT_B("CRYPT-BCRYPT", "BCRYPT", "bcrypt", "$2b$", 31),

/** The PBKDF2-based encryption method */
HASH_METHOD_PKCS5S2("PKCS5S2", "PBKDF2WithHmacSHA1", "PKCS5S2", 32);

Expand Down Expand Up @@ -143,6 +146,10 @@ public static PasswordEncryptionMethod getMethod(String algorithm) {
return HASH_METHOD_CRYPT_BCRYPT;
}

if (matches(algorithm, HASH_METHOD_CRYPT_BCRYPT_B)) {
return HASH_METHOD_CRYPT_BCRYPT_B;
}

if (matches(algorithm, HASH_METHOD_SHA256)) {
return HASH_METHOD_SHA256;
}
Expand Down
Loading

0 comments on commit f7c6020

Please sign in to comment.