GitHub-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge branch '7.0.x' 

Closes gh-18595
pull/18612/head
Robert Winch 2 months ago
parent
0a182f1f20 6dd6e8ebb1
commit
ea8bd1a01d
No known key found for this signature in database
2 changed files with 2 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java
  2. 8
      web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java

8
web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiPasswordChecker.java
Unescape View File

@ -52,20 +52,14 @@ public final class HaveIBeenPwnedRestApiPasswordChecker implements CompromisedPa
private final Log logger = LogFactory.getLog(getClass()); private final Log logger = LogFactory.getLog(getClass());
private final MessageDigest sha1Digest;
private RestClient restClient = RestClient.builder().baseUrl(API_URL).build(); private RestClient restClient = RestClient.builder().baseUrl(API_URL).build();
public HaveIBeenPwnedRestApiPasswordChecker() {
this.sha1Digest = getSha1Digest();
}
@Override @Override
public CompromisedPasswordDecision check(@Nullable String password) { public CompromisedPasswordDecision check(@Nullable String password) {
if (password == null) { if (password == null) {
return new CompromisedPasswordDecision(false); return new CompromisedPasswordDecision(false);
} }
byte[] hash = this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8)); byte[] hash = getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8));
String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT); String encoded = new String(Hex.encode(hash)).toUpperCase(Locale.ROOT);
String prefix = encoded.substring(0, PREFIX_LENGTH); String prefix = encoded.substring(0, PREFIX_LENGTH);
String suffix = encoded.substring(PREFIX_LENGTH); String suffix = encoded.substring(PREFIX_LENGTH);

8
web/src/main/java/org/springframework/security/web/authentication/password/HaveIBeenPwnedRestApiReactivePasswordChecker.java
Unescape View File

@ -55,12 +55,6 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
private WebClient webClient = WebClient.builder().baseUrl(API_URL).build(); private WebClient webClient = WebClient.builder().baseUrl(API_URL).build();
private final MessageDigest sha1Digest;
public HaveIBeenPwnedRestApiReactivePasswordChecker() {
this.sha1Digest = getSha1Digest();
}
@Override @Override
public Mono<CompromisedPasswordDecision> check(@Nullable String password) { public Mono<CompromisedPasswordDecision> check(@Nullable String password) {
return getHash(password).map((hash) -> new String(Hex.encode(hash))) return getHash(password).map((hash) -> new String(Hex.encode(hash)))
@ -98,7 +92,7 @@ public class HaveIBeenPwnedRestApiReactivePasswordChecker implements ReactiveCom
private Mono<byte[]> getHash(@Nullable String rawPassword) { private Mono<byte[]> getHash(@Nullable String rawPassword) {
return Mono.justOrEmpty(rawPassword) return Mono.justOrEmpty(rawPassword)
.map((password) -> this.sha1Digest.digest(password.getBytes(StandardCharsets.UTF_8))) .map((password) -> getSha1Digest().digest(password.getBytes(StandardCharsets.UTF_8)))
.subscribeOn(Schedulers.boundedElastic()) .subscribeOn(Schedulers.boundedElastic())
.publishOn(Schedulers.parallel()); .publishOn(Schedulers.parallel());
} }

Write Preview
Loading…
Cancel
Save