|
19 | 19 | import java.security.MessageDigest; |
20 | 20 | import java.security.SecureRandom; |
21 | 21 | import java.util.Arrays; |
| 22 | +import java.util.Random; |
22 | 23 | import java.util.concurrent.ThreadLocalRandom; |
23 | 24 | import java.util.regex.Matcher; |
24 | 25 | import java.util.regex.Pattern; |
@@ -77,6 +78,23 @@ public static String apr1Crypt(final byte[] keyBytes) { |
77 | 78 | return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8)); |
78 | 79 | } |
79 | 80 |
|
| 81 | + /** |
| 82 | + * See {@link #apr1Crypt(byte[], String)} for details. |
| 83 | + * <p> |
| 84 | + * A salt is generated for you using the user provided {@link Random}. |
| 85 | + * </p> |
| 86 | + * |
| 87 | + * @param keyBytes plaintext string to hash. |
| 88 | + * @param random an arbitrary {@link Random} for the user's reason. |
| 89 | + * @param random the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom} |
| 90 | + * or {@link ThreadLocalRandom}. |
| 91 | + * @throws IllegalArgumentException when a {@link java.security.NoSuchAlgorithmException} is caught. * |
| 92 | + * @see #apr1Crypt(byte[], String) |
| 93 | + */ |
| 94 | + public static String apr1Crypt(final byte[] keyBytes, final Random random) { |
| 95 | + return apr1Crypt(keyBytes, APR1_PREFIX + B64.getRandomSalt(8, random)); |
| 96 | + } |
| 97 | + |
80 | 98 | /** |
81 | 99 | * See {@link #apr1Crypt(String, String)} for details. |
82 | 100 | * <p> |
@@ -164,6 +182,28 @@ public static String md5Crypt(final byte[] keyBytes) { |
164 | 182 | return md5Crypt(keyBytes, MD5_PREFIX + B64.getRandomSalt(8)); |
165 | 183 | } |
166 | 184 |
|
| 185 | + /** |
| 186 | + * Generates a libc6 crypt() compatible "$1$" hash value. |
| 187 | + * <p> |
| 188 | + * See {@link #md5Crypt(byte[], String)} for details. |
| 189 | + *</p> |
| 190 | + * <p> |
| 191 | + * A salt is generated for you using the instance of {@link Random} you supply. |
| 192 | + * </p> |
| 193 | + * @param keyBytes |
| 194 | + * plaintext string to hash. |
| 195 | + * @param random |
| 196 | + * the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom} |
| 197 | + * or {@link ThreadLocalRandom}. |
| 198 | + * @return the hash value |
| 199 | + * @throws IllegalArgumentException |
| 200 | + * when a {@link java.security.NoSuchAlgorithmException} is caught. |
| 201 | + * @see #md5Crypt(byte[], String) |
| 202 | + */ |
| 203 | + public static String md5Crypt(final byte[] keyBytes, final Random random) { |
| 204 | + return md5Crypt(keyBytes, MD5_PREFIX + B64.getRandomSalt(8, random)); |
| 205 | + } |
| 206 | + |
167 | 207 | /** |
168 | 208 | * Generates a libc crypt() compatible "$1$" MD5 based hash value. |
169 | 209 | * <p> |
@@ -207,12 +247,39 @@ public static String md5Crypt(final byte[] keyBytes, final String salt) { |
207 | 247 | * when a {@link java.security.NoSuchAlgorithmException} is caught. |
208 | 248 | */ |
209 | 249 | public static String md5Crypt(final byte[] keyBytes, final String salt, final String prefix) { |
| 250 | + return md5Crypt(keyBytes, salt, prefix, new SecureRandom()); |
| 251 | + } |
| 252 | + |
| 253 | + /** |
| 254 | + * Generates a libc6 crypt() "$1$" or Apache htpasswd "$apr1$" hash value. |
| 255 | + * <p> |
| 256 | + * See {@link Crypt#crypt(String, String)} or {@link #apr1Crypt(String, String)} for details. |
| 257 | + * </p> |
| 258 | + * |
| 259 | + * @param keyBytes |
| 260 | + * plaintext string to hash. |
| 261 | + * @param salt |
| 262 | + * real salt value without prefix or "rounds=". The salt may be null, in which case a salt is generated for |
| 263 | + * you using {@link ThreadLocalRandom}; for more secure salts consider using {@link SecureRandom} to |
| 264 | + * generate your own salts. |
| 265 | + * @param prefix |
| 266 | + * salt prefix |
| 267 | + * @param random |
| 268 | + * the instance of {@link Random} to use for generating the salt. Consider using {@link SecureRandom} |
| 269 | + * or {@link ThreadLocalRandom}. |
| 270 | + * @return the hash value |
| 271 | + * @throws IllegalArgumentException |
| 272 | + * if the salt does not match the allowed pattern |
| 273 | + * @throws IllegalArgumentException |
| 274 | + * when a {@link java.security.NoSuchAlgorithmException} is caught. |
| 275 | + */ |
| 276 | + public static String md5Crypt(final byte[] keyBytes, final String salt, final String prefix, final Random random) { |
210 | 277 | final int keyLen = keyBytes.length; |
211 | 278 |
|
212 | 279 | // Extract the real salt from the given string which can be a complete hash string. |
213 | 280 | String saltString; |
214 | 281 | if (salt == null) { |
215 | | - saltString = B64.getRandomSalt(8); |
| 282 | + saltString = B64.getRandomSalt(8, random); |
216 | 283 | } else { |
217 | 284 | final Pattern p = Pattern.compile("^" + prefix.replace("$", "\\$") + "([\\.\\/a-zA-Z0-9]{1,8}).*"); |
218 | 285 | final Matcher m = p.matcher(salt); |
|
0 commit comments