clboettcher/HeimdallPasswordEncoder.java

## HeimdallPasswordEncoder.java
/**
 * The MIT License (MIT)
 * Copyright (c) 2016 Claudius Boettcher
 * <p>
 * Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
 * associated documentation files (the "Software"), to deal in the Software without restriction,
 * including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
 * and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
 * subject to the following conditions:
 * <p>
 * The above copyright notice and this permission notice shall be included in all copies or substantial
 * portions of the Software.
 * <p>
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
 * LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
 * EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
 * IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
 * USE OR OTHER DEALINGS IN THE SOFTWARE.
 */
package com.github.clboettcher.gist.security;

import de.qaware.heimdall.Password;
import de.qaware.heimdall.PasswordException;
import de.qaware.heimdall.SecureCharArray;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.crypto.password.PasswordEncoder;

/**
 * Implementation of spring security's {@link org.springframework.security.crypto.password.PasswordEncoder}
 * with heimdall's password hasher/verifyer {@link de.qaware.heimdall.Password} in default configuration.
 *
 * @see <a href="https://github.com/qaware/heimdall">https://github.com/qaware/heimdall</a>
 */
public class HeimdallPasswordEncoder implements PasswordEncoder {

    private static final Logger LOGGER = LoggerFactory.getLogger(HeimdallPasswordEncoder.class);
    private Password password;

    public HeimdallPasswordEncoder(Password password) {
        this.password = password;
    }

    @Override
    public String encode(CharSequence rawPassword) {
        try (SecureCharArray clearText = new SecureCharArray(rawPassword.toString().toCharArray())) {
            return password.hash(clearText);
        } catch (PasswordException e) {
            throw new RuntimeException("Password hashing failed", e);
        }
    }

    @Override
    public boolean matches(CharSequence rawPassword, String encodedPassword) {
        if (encodedPassword == null || encodedPassword.length() == 0) {
            LOGGER.warn("Empty encoded password");
            return false;
        }

        try (SecureCharArray clearText = new SecureCharArray(rawPassword.toString().toCharArray())) {
            return password.verify(clearText, encodedPassword);
        } catch (PasswordException e) {
            throw new RuntimeException("Password processing failed", e);
        }
    }
}
	/**
	* The MIT License (MIT)
	* Copyright (c) 2016 Claudius Boettcher
	* <p>
	* Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
	* associated documentation files (the "Software"), to deal in the Software without restriction,
	* including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
	* and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
	* subject to the following conditions:
	* <p>
	* The above copyright notice and this permission notice shall be included in all copies or substantial
	* portions of the Software.
	* <p>
	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
	* LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO
	* EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
	* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
	* USE OR OTHER DEALINGS IN THE SOFTWARE.
	*/
	package com.github.clboettcher.gist.security;

	import de.qaware.heimdall.Password;
	import de.qaware.heimdall.PasswordException;
	import de.qaware.heimdall.SecureCharArray;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;
	import org.springframework.security.crypto.password.PasswordEncoder;

	/**
	* Implementation of spring security's {@link org.springframework.security.crypto.password.PasswordEncoder}
	* with heimdall's password hasher/verifyer {@link de.qaware.heimdall.Password} in default configuration.
	*
	* @see <a href="https://github.com/qaware/heimdall">https://github.com/qaware/heimdall</a>
	*/
	public class HeimdallPasswordEncoder implements PasswordEncoder {

	private static final Logger LOGGER = LoggerFactory.getLogger(HeimdallPasswordEncoder.class);
	private Password password;

	public HeimdallPasswordEncoder(Password password) {
	this.password = password;
	}

	@Override
	public String encode(CharSequence rawPassword) {
	try (SecureCharArray clearText = new SecureCharArray(rawPassword.toString().toCharArray())) {
	return password.hash(clearText);
	} catch (PasswordException e) {
	throw new RuntimeException("Password hashing failed", e);
	}
	}

	@Override
	public boolean matches(CharSequence rawPassword, String encodedPassword) {
	if (encodedPassword == null \|\| encodedPassword.length() == 0) {
	LOGGER.warn("Empty encoded password");
	return false;
	}

	try (SecureCharArray clearText = new SecureCharArray(rawPassword.toString().toCharArray())) {
	return password.verify(clearText, encodedPassword);
	} catch (PasswordException e) {
	throw new RuntimeException("Password processing failed", e);
	}
	}
	}