本文整理了Java中org.springframework.security.crypto.bcrypt.BCrypt
类的一些代码示例,展示了BCrypt
类的具体用法。这些代码示例主要来源于Github
/Stackoverflow
/Maven
等平台,是从一些精选项目中提取出来的代码,具有较强的参考意义,能在一定程度帮忙到你。BCrypt
类的具体详情如下:
包路径:org.springframework.security.crypto.bcrypt.BCrypt
类名称:BCrypt
[英]BCrypt implements OpenBSD-style Blowfish password hashing using the scheme described in "A Future-Adaptable Password Scheme" by Niels Provos and David Mazieres.
This password hashing system tries to thwart off-line password cracking using a computationally-intensive hashing algorithm, based on Bruce Schneier's Blowfish cipher. The work factor of the algorithm is parameterised, so it can be increased as computers get faster.
Usage is really simple. To hash a password for the first time, call the hashpw method with a random salt, like this:
String pw_hash = BCrypt.hashpw(plain_password, BCrypt.gensalt());
To check whether a plaintext password matches one that has been hashed previously, use the checkpw method:
if (BCrypt.checkpw(candidate_password, stored_hash)) System.out.println("It matches"); else System.out.println("It does not match");
The gensalt() method takes an optional parameter (log_rounds) that determines the computational complexity of the hashing:
String strong_salt = BCrypt.gensalt(10) String stronger_salt = BCrypt.gensalt(12)
The amount of work increases exponentially (2**log_rounds), so each increment is twice as much work. The default log_rounds is 10, and the valid range is 4 to 31.
[中]
代码示例来源:origin: org.springframework.security/spring-security-core
public String encode(CharSequence rawPassword) {
String salt;
if (strength > 0) {
if (random != null) {
salt = BCrypt.gensalt(strength, random);
}
else {
salt = BCrypt.gensalt(strength);
}
}
else {
salt = BCrypt.gensalt();
}
return BCrypt.hashpw(rawPassword.toString(), salt);
}
代码示例来源:origin: spring-projects/spring-security
/**
* Test for correct hashing of non-US-ASCII passwords
*/
@Test
public void testInternationalChars() {
print("BCrypt.hashpw w/ international chars: ");
String pw1 = "ππππππππ";
String pw2 = "????????";
String h1 = BCrypt.hashpw(pw1, BCrypt.gensalt());
assertThat(BCrypt.checkpw(pw2, h1)).isFalse();
print(".");
String h2 = BCrypt.hashpw(pw2, BCrypt.gensalt());
assertThat(BCrypt.checkpw(pw1, h2)).isFalse();
print(".");
println("");
}
代码示例来源:origin: spring-projects/spring-security
saltb = decode_base64(real_salt, BCRYPT_SALT_LEN);
B = new BCrypt();
hashed = B.crypt_raw(passwordb, saltb, rounds, minor == 'x', minor == 'a' ? 0x10000 : 0);
rs.append(rounds);
rs.append("$");
encode_base64(saltb, saltb.length, rs);
encode_base64(hashed, bf_crypt_ciphertext.length * 4 - 1, rs);
return rs.toString();
代码示例来源:origin: spring-projects/spring-security
/**
* Check that a plaintext password matches a previously hashed
* one
* @param plaintext the plaintext password to verify
* @param hashed the previously-hashed password
* @return true if the passwords match, false otherwise
*/
public static boolean checkpw(String plaintext, String hashed) {
return equalsNoEarlyReturn(hashed, hashpw(plaintext, hashed));
}
代码示例来源:origin: org.springframework.security/spring-security-core
byte ret[];
long rounds = roundsForLogRounds(log_rounds);
init_key();
ekskey(salt, password);
for (long i = 0; i < rounds; i++) {
key(password);
key(salt);
encipher(cdata, j << 1);
代码示例来源:origin: spring-projects/spring-security
/**
* Generate a salt for use with the BCrypt.hashpw() method,
* selecting a reasonable default for the number of hashing
* rounds to apply
* @return an encoded salt value
*/
public static String gensalt() {
return gensalt(GENSALT_DEFAULT_LOG2_ROUNDS);
}
代码示例来源:origin: spring-projects/spring-security
public boolean matches(CharSequence rawPassword, String encodedPassword) {
if (encodedPassword == null || encodedPassword.length() == 0) {
logger.warn("Empty encoded password");
return false;
}
if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
logger.warn("Encoded password does not look like BCrypt");
return false;
}
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
代码示例来源:origin: spring-projects/spring-security
/**
* Hash a password using the OpenBSD bcrypt scheme
* @param password the password to hash
* @param salt the salt to hash with (perhaps generated
* using BCrypt.gensalt)
* @return the hashed password
*/
public static String hashpw(String password, String salt) {
byte passwordb[];
try {
passwordb = password.getBytes("UTF-8");
} catch (UnsupportedEncodingException uee) {
throw new AssertionError("UTF-8 is not supported");
}
return hashpw(passwordb, salt);
}
代码示例来源:origin: org.springframework.security/spring-security-core
/**
* Generate a salt for use with the BCrypt.hashpw() method
* @param log_rounds the log2 of the number of rounds of hashing to apply - the work
* factor therefore increases as 2**log_rounds. Minimum 4, maximum 31.
* @param random an instance of SecureRandom to use
* @return an encoded salt value
*/
public static String gensalt(int log_rounds, SecureRandom random) {
if (log_rounds < MIN_LOG_ROUNDS || log_rounds > MAX_LOG_ROUNDS) {
throw new IllegalArgumentException("Bad number of rounds");
}
StringBuilder rs = new StringBuilder();
byte rnd[] = new byte[BCRYPT_SALT_LEN];
random.nextBytes(rnd);
rs.append("$2a$");
if (log_rounds < 10) {
rs.append("0");
}
rs.append(log_rounds);
rs.append("$");
encode_base64(rnd, rnd.length, rs);
return rs.toString();
}
代码示例来源:origin: spring-projects/spring-security
@Test(expected = IllegalArgumentException.class)
public void decodingMustRequestMoreThanZeroBytes() {
BCrypt.decode_base64("", 0);
}
代码示例来源:origin: spring-projects/spring-security
c1 = char64(s.charAt(off++));
c2 = char64(s.charAt(off++));
if (c1 == -1 || c2 == -1)
break;
if (++olen >= maxolen || off >= slen)
break;
c3 = char64(s.charAt(off++));
if (c3 == -1)
break;
if (++olen >= maxolen || off >= slen)
break;
c4 = char64(s.charAt(off++));
o = (byte) ((c3 & 0x03) << 6);
o |= c4;
代码示例来源:origin: spring-projects/spring-security
@Test
public void equalsOnStringsIsCorrect() {
assertThat(BCrypt.equalsNoEarlyReturn("", "")).isTrue();
assertThat(BCrypt.equalsNoEarlyReturn("test", "test")).isTrue();
assertThat(BCrypt.equalsNoEarlyReturn("test", "")).isFalse();
assertThat(BCrypt.equalsNoEarlyReturn("", "test")).isFalse();
assertThat(BCrypt.equalsNoEarlyReturn("test", "pass")).isFalse();
}
}
代码示例来源:origin: com.centit.framework/framework-core
public static String createPassword(String password, String salt, int logRounds) {
try {
BCrypt b = new BCrypt();
Method method = BCrypt.class.getDeclaredMethod("crypt_raw", byte[].class,byte[].class,int.class);
method.setAccessible(true); //没有设置就会报错
byte[] pb = (byte[]) method.invoke(b,password.getBytes(), salt.getBytes(), logRounds );
return new String(Hex.encodeHex(pb));
} catch (NoSuchMethodException | IllegalAccessException | InvocationTargetException e) {
return Md5Encoder.encodePasswordAsJasigCas(password, salt, logRounds);
}
}
/* BCrypt.crypt_raw 是私有方法,如果这个方法右边可以用下面 抠出来的代码代替
代码示例来源:origin: spring-projects/spring-security
throw new IllegalArgumentException ("Bad salt length");
init_key();
ekskey(salt, password, sign_ext_bug, safety);
for (i = 0; i < rounds; i++) {
key(password, sign_ext_bug, safety);
key(salt, false, safety);
encipher(cdata, j << 1);
代码示例来源:origin: spring-projects/spring-security
/**
* Generate a salt for use with the BCrypt.hashpw() method
* @param log_rounds the log2 of the number of rounds of
* hashing to apply - the work factor therefore increases as
* 2**log_rounds.
* @param random an instance of SecureRandom to use
* @return an encoded salt value
* @exception IllegalArgumentException if log_rounds is invalid
*/
public static String gensalt(int log_rounds, SecureRandom random)
throws IllegalArgumentException {
return gensalt("$2a", log_rounds, random);
}
代码示例来源:origin: org.springframework.security/spring-security-core
public boolean matches(CharSequence rawPassword, String encodedPassword) {
if (encodedPassword == null || encodedPassword.length() == 0) {
logger.warn("Empty encoded password");
return false;
}
if (!BCRYPT_PATTERN.matcher(encodedPassword).matches()) {
logger.warn("Encoded password does not look like BCrypt");
return false;
}
return BCrypt.checkpw(rawPassword.toString(), encodedPassword);
}
}
代码示例来源:origin: org.springframework.security/spring-security-core
/**
* Check that a plaintext password matches a previously hashed one
* @param plaintext the plaintext password to verify
* @param hashed the previously-hashed password
* @return true if the passwords match, false otherwise
*/
public static boolean checkpw(String plaintext, String hashed) {
return equalsNoEarlyReturn(hashed, hashpw(plaintext, hashed));
}
代码示例来源:origin: spring-projects/spring-security
@Test
public void hashpwWorksWithOldRevision() {
assertThat(BCrypt.hashpw("password", "$2$05$......................")).isEqualTo(
"$2$05$......................bvpG2UfzdyW/S0ny/4YyEZrmczoJfVm");
}
代码示例来源:origin: spring-projects/spring-security
rs.append(log_rounds);
rs.append("$");
encode_base64(rnd, rnd.length, rs);
return rs.toString();
代码示例来源:origin: spring-projects/spring-security
@Test
public void decodingOnlyProvidesAvailableBytes() {
assertThat(BCrypt.decode_base64("", 1)).isEmpty();
assertThat(BCrypt.decode_base64("......", 3)).hasSize(3);
assertThat(BCrypt.decode_base64("......", 4)).hasSize(4);
assertThat(BCrypt.decode_base64("......", 5)).hasSize(4);
}
内容来源于网络,如有侵权,请联系作者删除!