Repository: incubator-brooklyn Updated Branches: refs/heads/master 284b763d2 -> 5ceb8aadb
Tweak PasswordHasher.sha256() to avoid potentially misleading use of ByteBuffer.array(). Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/7fc2a076 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/7fc2a076 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/7fc2a076 Branch: refs/heads/master Commit: 7fc2a076346bf3ef06c97e04647de2663daaf6b6 Parents: 284b763 Author: Alasdair Hodge <[email protected]> Authored: Thu Jun 11 13:03:53 2015 +0100 Committer: Alasdair Hodge <[email protected]> Committed: Thu Jun 11 13:43:05 2015 +0100 ---------------------------------------------------------------------- .../src/main/java/brooklyn/rest/security/PasswordHasher.java | 5 +++-- .../test/java/brooklyn/rest/security/PasswordHasherTest.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/7fc2a076/usage/rest-server/src/main/java/brooklyn/rest/security/PasswordHasher.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/main/java/brooklyn/rest/security/PasswordHasher.java b/usage/rest-server/src/main/java/brooklyn/rest/security/PasswordHasher.java index 2085379..262920c 100644 --- a/usage/rest-server/src/main/java/brooklyn/rest/security/PasswordHasher.java +++ b/usage/rest-server/src/main/java/brooklyn/rest/security/PasswordHasher.java @@ -24,8 +24,9 @@ import com.google.common.hash.Hashing; public class PasswordHasher { public static String sha256(String salt, String password) { - byte[] salted = Charsets.UTF_8.encode((salt == null ? "" : salt) + password).array(); - HashCode hash = Hashing.sha256().hashBytes(salted); + if (salt == null) salt = ""; + byte[] bytes = (salt + password).getBytes(Charsets.UTF_8); + HashCode hash = Hashing.sha256().hashBytes(bytes); return hash.toString(); } } http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/7fc2a076/usage/rest-server/src/test/java/brooklyn/rest/security/PasswordHasherTest.java ---------------------------------------------------------------------- diff --git a/usage/rest-server/src/test/java/brooklyn/rest/security/PasswordHasherTest.java b/usage/rest-server/src/test/java/brooklyn/rest/security/PasswordHasherTest.java index bbe19b1..745f71d 100644 --- a/usage/rest-server/src/test/java/brooklyn/rest/security/PasswordHasherTest.java +++ b/usage/rest-server/src/test/java/brooklyn/rest/security/PasswordHasherTest.java @@ -26,6 +26,6 @@ public class PasswordHasherTest { @Test public void testHashSha256() throws Exception { - assertEquals(PasswordHasher.sha256("mysalt", "mypassword"), "e1c2390613b1beff83420c15d6ceca3b2e77e66e3f4be4e45186032120a30f22"); + assertEquals(PasswordHasher.sha256("mysalt", "mypassword"), "d02878b06efa88579cd84d9e50b211c0a7caa92cf243bad1622c66081f7e2692"); } }
