Examples of org.jasypt.util.password.StrongPasswordEncryptor

• org.jasypt.util.password.StrongPasswordEncryptor

  Utility class for easily performing high-strength password digesting and checking.

  This class internally holds a {@link StandardStringDigester} configured this way:

  • Algorithm: SHA-256.
  • Salt size: 16 bytes.
  • Iterations: 100000.

  The required steps to use it are:

  1. Create an instance (using new).
  2. Perform the desired {@link #encryptPassword(String)} or {@link #checkPassword(String,String)} operations.

  This class is thread-safe

  @since 1.2 (class existed in org.jasypt.util package since 1.1) @author Daniel Fernández

  public Optional<User> getByCredentials(String username, String passwordDigest) {
    List<User> users = hibernateTemplate.find("from User u where u.username = ? ", username);

    if (isNotFound(users)) return Optional.absent();

    StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();

    // Check the password against all matching Users
    for (User user : users) {
      if (passwordEncryptor.checkPassword(passwordDigest, user.getPasswordDigest())) {
        return Optional.of(initialized(user));
      }
    }

    // Must have failed to be here

   * @throws java.lang.Exception
   */
  @Test
  public void testPasswordEncryptionUsingStrongEncryptor() throws Exception {
    // Declare a strong encryptor
    StrongPasswordEncryptor pe = new StrongPasswordEncryptor();
    // "Encrypt password", is not an real encryption because "Encryptor"
    // generate a digest. by default the SHA-256 algorithm is used
    String encryptedPassword = pe.encryptPassword(TEXT_TO_ENCRYPT);
    System.out.printf("testPasswordEncryptionUsingStrongEncryptor : '%s' become '%s'\n", TEXT_TO_ENCRYPT, encryptedPassword);
    // Valid "encrypted" password
    Assert.assertTrue(pe.checkPassword(TEXT_TO_ENCRYPT, encryptedPassword));
  }

     */
    @Test
    public void testCheck()
    {
        JasyptDigester digester = new JasyptDigester();
        digester.setPasswordEncryptor(new StrongPasswordEncryptor());
        String clearText = "1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890";
        System.out.println("clearText="+clearText);
        System.out.println("clearText.length="+clearText.length());
        String password1 = digester.digest(clearText);
        System.out.println("password1="+password1);

     * For quick testing only.
     *
     * @param args command line arguments.
     */
    public static void main(final String[] args) {
        final StrongPasswordEncryptor bpe = new StrongPasswordEncryptor();

        logger.debug(bpe.encryptPassword("cry30"));
        final String passw1 = "cry3011111111111111111111111111111111111111111111111111111111"; // NOPMD by r39 on 3/30/11 1:29 PM
        final String passw2 = "cry301"; // NOPMD by r39 on 3/30/11 1:28 PM

        final String encrypted1 = bpe.encryptPassword(passw1);
        final String encrypted2 = bpe.encryptPassword(passw2);

        logger.debug(bpe.checkPassword(passw1, encrypted1));
        logger.debug(bpe.checkPassword(passw1, encrypted2));
        logger.debug(bpe.checkPassword(passw2, encrypted1));
        logger.debug(bpe.checkPassword(passw2, encrypted2));

        logger.debug(encrypted1.length());
        logger.debug(encrypted2.length());

    }

   */
  private boolean isPasswordValid(String password) {
    String encryptedPassword = adminPasswordStore.getPassword();

    if (encryptedPassword != null) {
      StrongPasswordEncryptor encryptor = new StrongPasswordEncryptor();
      return encryptor.checkPassword(password, encryptedPassword);
    } else {
      if ("admin".equals(password)) {
        return true;
      }
    }

  private AdminPasswordStore adminPasswordStore;

  public void changePassword(Request request, Response response) throws JSONException {
    JSONObject jsonPassword = new JSONObject( request.getBody().asString() );

    StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
    String newPassword = passwordEncryptor.encryptPassword( jsonPassword.getString("password") );

    adminPasswordStore.setPassword( newPassword );
  }

  private boolean isPasswordValid(String password) {
    String encryptedPassword = adminPasswordStore.getPassword();

    if (encryptedPassword != null) {
      StrongPasswordEncryptor encryptor = new StrongPasswordEncryptor();
      return encryptor.checkPassword(password, encryptedPassword);
    } else {
      if ("admin".equals(password)) {
        return true;
      }
    }

     * Encrypt the password.
     * @param password password
     * @return password encrypt
     */
    public static final String encryptPassworD(final String password) {
        final StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
        return passwordEncryptor.encryptPassword(password);
    }

     * @param inputPassword input password
     * @param encryptedPassword encrypted password
     * @return if correct true and if not false
     */
    public static final Boolean checkPassword(final String inputPassword, final String encryptedPassword ){
        final StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
        if (passwordEncryptor.checkPassword(inputPassword, encryptedPassword)) {
            // correct
            return true;
          } else {
            // bad password
            return false;

     * Ecrypt Password with Jasypt.
     * @param password password
     * @return
     */
    private String encodingPassword(final String password){
        final StrongPasswordEncryptor passwordEncryptor = new StrongPasswordEncryptor();
        return  passwordEncryptor.encryptPassword(password);
    }