From ed6a7f7730c87e28fee074842dfe86a99a410818 Mon Sep 17 00:00:00 2001 From: Joe Grandja Date: Wed, 12 Oct 2022 02:26:39 -0400 Subject: [PATCH] Remove deprecated constructors in PasswordEncoders Closes gh-11985 --- .../crypto/argon2/Argon2PasswordEncoder.java | 10 ---- .../password/Pbkdf2PasswordEncoder.java | 52 ------------------- .../crypto/scrypt/SCryptPasswordEncoder.java | 10 ---- .../argon2/Argon2PasswordEncoderTests.java | 2 +- .../password/Pbkdf2PasswordEncoderTests.java | 6 +-- 5 files changed, 4 insertions(+), 76 deletions(-) diff --git a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java index e7248776a5..78759f8539 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoder.java @@ -68,16 +68,6 @@ public class Argon2PasswordEncoder implements PasswordEncoder { private final BytesKeyGenerator saltGenerator; - /** - * Constructs an Argon2 password encoder with a salt length of 16 bytes, a hash length - * of 32 bytes, parallelism of 1, memory cost of 1 << 12 and 3 iterations. - * @deprecated Use {@link #defaultsForSpringSecurity_v5_2()} instead - */ - @Deprecated - public Argon2PasswordEncoder() { - this(16, 32, 1, 1 << 12, 3); - } - /** * Constructs an Argon2 password encoder with the provided parameters. * @param saltLength the salt length (in bytes) diff --git a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java index f26e74b1ba..cecebea0bf 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoder.java @@ -85,58 +85,6 @@ public class Pbkdf2PasswordEncoder implements PasswordEncoder { private boolean encodeHashAsBase64; - /** - * Constructs a PBKDF2 password encoder with no additional secret value. There will be - * a salt length of 8 bytes, 185,000 iterations, SHA-1 algorithm and a hash length of - * 256 bits. The default is based upon aiming for .5 seconds to validate the password - * when this class was added. Users should tune password verification to their own - * systems. - * @deprecated Use {@link #defaultsForSpringSecurity_v5_5()} instead - */ - @Deprecated - public Pbkdf2PasswordEncoder() { - this(""); - } - - /** - * Constructs a PBKDF2 password encoder with a secret value which is also included in - * the password hash. There will be a salt length of 8 bytes, 185,000 iterations, - * SHA-1 algorithm and a hash length of 256 bits. - * @param secret the secret key used in the encoding process (should not be shared) - * @deprecated Use {@link #Pbkdf2PasswordEncoder(CharSequence, int, int, int)} instead - */ - @Deprecated - public Pbkdf2PasswordEncoder(CharSequence secret) { - this(secret, 8); - } - - /** - * Constructs a PBKDF2 password encoder with a secret value as well as salt length. - * There will be 185,000 iterations, SHA-1 algorithm and a hash length of 256 bits. - * @param secret the secret - * @param saltLength the salt length (in bytes) - * @since 5.5 - * @deprecated Use {@link #Pbkdf2PasswordEncoder(CharSequence, int, int, int)} instead - */ - @Deprecated - public Pbkdf2PasswordEncoder(CharSequence secret, int saltLength) { - this(secret, saltLength, 185000, 256); - } - - /** - * Constructs a PBKDF2 password encoder with a secret value as well as iterations and - * hash width. The salt length will be 8 bytes. - * @param secret the secret - * @param iterations the number of iterations. Users should aim for taking about .5 - * seconds on their own system. - * @param hashWidth the size of the hash (in bits) - * @deprecated Use {@link #Pbkdf2PasswordEncoder(CharSequence, int, int, int)} instead - */ - @Deprecated - public Pbkdf2PasswordEncoder(CharSequence secret, int iterations, int hashWidth) { - this(secret, 8, iterations, hashWidth); - } - /** * Constructs a PBKDF2 password encoder with a secret value as well as salt length, * iterations and hash width. diff --git a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java index 43ec6e3d1a..2922a8b9d5 100644 --- a/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java +++ b/crypto/src/main/java/org/springframework/security/crypto/scrypt/SCryptPasswordEncoder.java @@ -80,16 +80,6 @@ public class SCryptPasswordEncoder implements PasswordEncoder { private final BytesKeyGenerator saltGenerator; - /** - * Constructs a SCrypt password encoder with cpu cost of 16,384, memory cost of 8, - * parallelization of 1, a key length of 32 and a salt length of 64 bytes. - * @deprecated Use {@link #defaultsForSpringSecurity_v4_1()} instead - */ - @Deprecated - public SCryptPasswordEncoder() { - this(16384, 8, 1, 32, 64); - } - /** * Constructs a SCrypt password encoder with the provided parameters. * @param cpuCost cpu cost of the algorithm (as defined in scrypt this is N). must be diff --git a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java index 9fb2a7412e..ea0053be3c 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/argon2/Argon2PasswordEncoderTests.java @@ -89,7 +89,7 @@ public class Argon2PasswordEncoderTests { @Test public void matchesWhenGeneratedWithDifferentEncoderThenTrue() { Argon2PasswordEncoder oldEncoder = new Argon2PasswordEncoder(20, 64, 4, 256, 4); - Argon2PasswordEncoder newEncoder = new Argon2PasswordEncoder(); + Argon2PasswordEncoder newEncoder = Argon2PasswordEncoder.defaultsForSpringSecurity_v5_2(); String password = "secret"; String oldEncodedPassword = oldEncoder.encode(password); assertThat(newEncoder.matches(password, oldEncodedPassword)).isTrue(); diff --git a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java index 7a693d2fce..487d312e85 100644 --- a/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java +++ b/crypto/src/test/java/org/springframework/security/crypto/password/Pbkdf2PasswordEncoderTests.java @@ -28,9 +28,9 @@ import static org.assertj.core.api.Assertions.assertThatNoException; public class Pbkdf2PasswordEncoderTests { - private Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("secret"); + private Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("secret", 8, 185000, 256); - private Pbkdf2PasswordEncoder encoderSalt16 = new Pbkdf2PasswordEncoder("", 16); + private Pbkdf2PasswordEncoder encoderSalt16 = new Pbkdf2PasswordEncoder("", 16, 185000, 256); private Pbkdf2PasswordEncoder[] encoders = new Pbkdf2PasswordEncoder[] { this.encoder, this.encoderSalt16 }; @@ -221,7 +221,7 @@ public class Pbkdf2PasswordEncoderTests { long avg = 0; while (avg < HALF_SECOND) { iterations += 10000; - Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", iterations, 256); + Pbkdf2PasswordEncoder encoder = new Pbkdf2PasswordEncoder("", 8, iterations, 256); String encoded = encoder.encode("password"); System.out.println("Trying " + iterations); long start = System.currentTimeMillis();