boolean isPasswordMatched(Person person, String password) throws Exception {
log.log(loggingPriority, "evaluating password match for " + person.getUserId());
String storedPassword = person.getPassword();
if (storedPassword == null) {
throw new AuthenticationException("null password in database for " + person.getUserId());
}
byte[] storedPasswordBytesWithSalt = Base64.decode(storedPassword.getBytes());
if (storedPasswordBytesWithSalt.length < 12) {
throw new AuthenticationException("invalid password data for " + person.getUserId());
}
byte[] salt = new byte[12];
System.arraycopy(storedPasswordBytesWithSalt, 0, salt, 0, 12);
MessageDigest md = MessageDigest.getInstance("MD5");